April 10, 2021 / by 

 

Daniel Hale, Citizenfive

Jeremy Scahill: So if I have a confidential source who’s giving me information as a whistleblower and he works within the US government and he’s concerned about what he perceives as violations of the Constitution, and he gets in touch with me…

Bill Binney: From there on they would nail him and start watching everything he did, and if he started passing data, I’m sure they’d take him off the street. I mean, the way you have to do it is like Deep Throat did in the Nixon years — meet in the basement of a parking garage. Physically.

— Citizenfour

Last week, drone whistleblower Daniel Hale pled guilty. In pleading guilty, Hale admitted that he was the source behind The Intercept‘s Drone Papers package of stories that provided new details about the drone program as operated under President Obama. He also may have made clear that Laura Poitras’ film, Citizenfour, isn’t so much about Snowden, as it has always been described, but about Hale.

Hale pled guilty to one of five counts against him, Count 2 of the superseding indictment, 18 USC §793(e), for retaining and transmitting National Defense Information to Jeremy Scahill (Scahill was referred to as “the Reporter” in charging documents).

Before Hale pled guilty, the government released a list of exhibits it planned to use at trial. The exhibit list not only shows the government would have introduced a picture of Hale meeting publicly with Scahill at an event for the latter’s Dirty Wars, texts Hale sent to his friend Megan describing meeting Scahill, emails between Scahill and Hale sent months before they moved their communication to Jabber (those all were mentioned in the Indictment), but it included texts Hale and Scahill exchanged between January 24 and March 7, 2014, continuing after Hale had started the process of printing off documents at the contractor where he worked which he would ultimately send to Scahill. (The exhibit list doesn’t describe via what means they sent these texts and there are no correlating Verizon records prepared as exhibits covering that period, meaning they may not be telephony texts but instead could be the Jabber chats mentioned in the indictment, or maybe Signal texts). The government also would have introduced up to seven types of proof that Hale had printed each of the documents he was charged with, and badge records showing he was in his office and logged onto the relevant work computer each time those documents were printed out.

The government would also have submitted, for each of the agencies where Hale ever held clearance — NSA, DOD, a JSOC Task Force, NGA, and Air Force — a certification that the agency had no evidence that Hale had made any whistleblower complaints.

Unless those 2014 texts were from Jabber, there’s nothing in the exhibit list that obviously shows that the government was intending to introduce proof of three Jabber chats the government reconstructed that Hale had with Scahill, though those were mentioned in the indictment.

At the change of plea hearing last Thursday, the government refused to dismiss the four other counts against Hale, which Hale’s attorney, Todd Richman, said raised concerns that the government might revert to those charges if Judge Liam O’Grady didn’t sentence Hale harshly enough. O’Grady (who seemed as concerned about the possibility Hale might harm himself between now and the July 13 sentencing as anything else) as much as said that, if the government tried that, it would still amount to the same sentence, signaling he would have sentenced Hale with a concurrent sentence for all counts, had he gone to trial.

The plea agreement has not been released yet, but pleading guilty days before the trial was to start will give Hale a slight reduction in his sentence, but he’s still facing a draconian sentence for revealing details about the drone program.

That said, given what EDVA prosecutors — including Hale prosecutor Gordon Kromberg, who is the lead prosecutor on the Assange case — did to Chelsea Manning and Jeremy Hammond, I worry they might try something similar with Hale. From the start, the government has been interested in Hale for how he fit in the series of document leaks that started with Chelsea Manning and continued through Vault 7. That came up in mostly sealed filings submitted early in Hale’s prosecution.

[T]he FBI repeatedly characterized its investigation in this case as an attempt to identify leakers who had been “inspired” by a specific individual – one whose activity was designed to criticize the government by shedding light on perceived illegalities on the part of the Intelligence Community.

And the government intended to submit exchanges between Hale and Scahill about Snowden and Chelsea Manning at trial.

There are two things that appear in the Statement of Facts Hale pled guilty to that don’t appear in the indictment.

First, the biographical language that explains how Hale enlisted in the Air Force, quit in May 2013, and only then got a job at a defense contractor where he had access to the files he ultimately leaked, is slightly different and generally abbreviated (leaving out, for example, that Hale was assigned to the NSA from 2011 to 2013, overlapping with Snowden). However, the Statement of Facts adds the detail that, “In July 2009, while the United States was actively engaged in two wars,” Hale first enlisted. It’s as if to suggest that Hale knew he would end up killing people when he signed up to join the Air Force.

Of more interest, the Statement of Facts includes an admission that Hale authored an anonymous document that prosecutors had planned to use at trial.

Mr. Hale authored an essay, attributed to “Anonymous,” that became a chapter in a book published by the Reporter’s online news outlet (defined as Book 2 in the Superseding Indictment).

It’s a chapter in The Assassination Complex, a free-standing publication based on the documents Hale released.

The government first requested to use this document at trial in a sealed motion, accompanied by 6 exhibits, submitted on September 16, 2019 as part of the first wave of motions. But the judge didn’t resolve that request until November 17, 2020, a month after a hearing on that and other requests. In his order, O’Grady permitted the government to enter the chapter into evidence, but reminded them the jury gets to decide whether they believe the evidence is authentic or not.

The Court hereby ORDERS that the Government’s Motion to Admit an Anonymous Writing as an Admission of the Defendant (dkt. 54) is GRANTED, as the Court stated in the October 13 hearing; the government will be permitted to present the book chapter attributed to an anonymous author. Federal Rule of Evidence 901(a) requires the proponent of a piece of evidence to authenticate it before it can be admitted. United States v. Smith, 918 F.2d 1501,1510 (11th Cir. 1990). The Court’s role in determining whether evidence is authentic is limited to that of a gatekeeper in assessing whether the proponent has offered a satisfactory foundation.” United States v. Vidacak, 553, F.3rd 344, 349 (4th Cir. 2009). The court finds that the government has laid satisfactory foundation for the purpose of admitting the evidence at trial. It now falls to the jury to determine whether the evidence is indeed what the government says it is: an anonymous writing that was written by Defendant admitting to the conduct of which he is accused.

At trial, it seems, the government would have treated this chapter as a confession. There are three exhibits in their trial exhibit list — stills and video of an Obama event in June 2008 — that suggest they planned to authenticate it, in part, by pointing to the anonymous author’s admission that he shook then-Candidate Obama’s hand in 2008 and showing pictures of the exchange.

In 2008 I shook hands with Senator Obama when he came through my town on his way to the White House. After his inauguration he said, “Transparency and the rule of law will be the touchstones of this presidency.” I firmly believe those principles are crucial to an open society, which is why I was compelled to reveal this information. If this administration lacks the courage to uphold its promises to the people, then I and others like me will do so for them.

So after having made their case that this was Hale, they then would have asked the jury to consider it a confession that he was the leaker described throughout The Intercept‘s reporting on the drones.

But with Hale’s guilty plea, there’s no evidentiary value to this chapter anymore. (That is, unless the government wants to argue that the specific Tide Personal Numbers Hale listed in the chapter — TPN 1063599 for Osama bin Laden and TPN 26350617 for Abdul Rahman al-Awlaki — amount to new disclosures not included in the charged releases.) Hale has already admitted, under oath, to being the anonymous source referred to by journalists throughout the rest of the book.

What the admission that he was part of the book publication does do, however, is tie Hale far more closely with Snowden, who wrote a hubristic introduction for the book. In it, he tied his leaks with Manning’s and in turn his with Hale’s.

[U]nlike Dan Ellsberg, I didn’t have to wait forty years to witness other citizens breaking that silence with documents. Ellsberg gave the Pentagon Papers to the New York Times and other newspapers in 1971; Chelsea Manning provided the Iraq and Afghan War logs and the Cablegate materials to WikiLeaks in 2010. I came forward in 2013. Now here we are in 2015, and another person of courage and conscience has made available the set of extraordinary documents that are published here.

I noted, when Snowden called for Trump to pardon Hale along with The Intercept‘s other sources, Terry Albury and Reality Winner, he effectively put a target on Hale’s back, because it suggested those leaks all tied to him. All the more so, I now realize, given the way this Snowden essay suggests Hale’s leaks have some tie to him.

Snowden ended the introduction by suggesting there were far more people like Manning, himself, and Hale waiting to drop huge amounts of documents than there were the “insiders at the highest levels of government” guarding the monopoly on violence.

The individuals who make these disclosures feel so strongly about what they have seen that they’re willing to risk their lives and their freedom. They know that we, the people, are ultimately the strongest and most reliable check on the power of government. The insiders at the highest levels of government have extraordinary capability, extraordinary resources, tremendous access to influence, and a monopoly on violence, but in the final calculus there is but one figure that matters: the individual citizen.

And there are more of us than there are of them.

Yet the book suggests the links between Manning, Snowden, and Hale are merely inspirational.

Not so Citizenfour.

There’s a scene of the movie, quoted above, where Bill Binney warns Jeremy Scahill that if he wanted to publish documents from a source we now know to be Hale, with whom (trial exhibits would have shown) Scahill had already met in public, emailed, and texted during the period Hale was leaking, then (Binney instructed Scahill) he needed to do so by meeting in person, secretly.

It was probably too late for Hale by the time Binney gave Scahill this warning.

Then there’s the film’s widely discussed closing scene, showing a meeting where Glenn Greenwald flew to Moscow to update Snowden about “the new source” that has come to The Intercept. Apparently believing he’s using rockstar operational security, he’s writing down — on camera!!! — how The Intercept is communicating with this new source, bragging (still writing on camera about a source that had first reached out to Scahill via email and in person) that “they’re very careful.” One of the things he seems to write down is “Jabber,” chats from which the government obtained and might have released at Hale’s trial. In the scene, Greenwald continues to sketch out the contents of several of the documents — including one of the first ones to be published — that Hale just admitted he shared with The Intercept.

But in retrospect, the most important part of this sequence is where — against video footage showing Snowden and Lindsey in Moscow together — Poitras reads an email, dated April 2013 (a month before Hale quit the Air Force and NSA within days after Snowden fled to Hong Kong). She offers no explanation, not even naming the recipient of the email.

Let’s disassociate our metadata one last time, so we don’t have a clear record of your true name and our final communication chain. This is obviously not to say you can’t claim your involvement. But as every trick in the book is likely to be used in looking into this, I believe it’s better that that particular disclosure come on your own terms. Thank you again for all you’ve done. So sorry again for the multiple delays but we’ve been in unchartered territory with no model to benefit from. If all ends well, perhaps the demonstration that our methods worked will embolden more to come forward.

That email has received far less attention than Greenwald’s confident descriptions to Snowden of how someone inspired by his actions has come forward. But I remember when first viewing Citizenfour (which I watched long after it first came out), I had the feeling that Snowden was only feigning surprise when Greenwald told him of this new source and described the signals intercepts for the drone program going through Ramstein Air Base in Germany.

That is, that unexplained email may suggest that Hale met Snowden while both were at the NSA, and that days before the first Snowden releases, Hale quit, reached out to a close associate of Greenwald, then (months later) found a new job in the intelligence community where he could get files that would expose certain details of the drone program. The government had planned to introduce other movies at Hale’s trial. But Citizenfour was not on the exhibit list.

That’s a detail I hadn’t realized before: Hale reached out to Scahill, then quit the Air Force and NSA, and only then got a new job that gave him access to files he ended up leaking.

I have no idea what the government intends to do, now that it has Hale admitting that he participated in this book in which Snowden promised a legion of similar leakers. I have always been concerned the government would go after Scahill. But now I think this is about Snowden.

Since last year, the government has explicitly argued that WikiLeaks considered its help to Snowden as part of a recruiting effort for further leakers (a detail of Julian Assange’s most recent superseding indictment that literally every one of Snowden’s closest associates has studiously avoided mentioning). They’re not making that up. It’s something Snowden admitted in his own book, and Bart Gellman described that Snowden was thinking the same as he leaked to Gellman. As noted, the government appears to have made a similar argument in sealed filings with Hale.

But one thing they seem to have demanded before they let Hale plead out before trial was a further admission, one that makes the Snowden tie more explicit.

Update: Corrected that that TPN is for Awlaki’s son, not for Awlaki himself.


DOJ Arresting Their Way to Clarity on Joe Biggs’ Two Breaches of the Capitol

The Proud Boys Leadership conspiracy indictment describes that Joe Biggs breached the Capitol twice.

He entered first on the west side through a door opened after Dominic Pezzola broke through an adjacent window with a riot shield.

At 2:14 p.m., BIGGS entered the Capitol building through a door on the northwest side. The door was opened after a Proud Boys member, Dominic Pezzola, charged elsewhere, used a riot shield at 2:13 p.m. to break window allowed rioters to enter the building and force open an adjacent door from the inside. BIGGS and Proud Boys members Gilbert Garcia, William Pepe, and Joshua Pruitt, each of whom are charged elsewhere, entered the same door within two minutes of its opening. At 2:19 p.m., a member of the Boots on the Ground channel posted, “We just stormed the capitol.”

Then, Biggs left the building, walked around it, took a selfie from the east side, then forced his way in the east side and headed from there to the Senate.

BIGGS subsequently exited the Capitol, and BIGGS and several Proud Boys posed for a picture at the top of the steps on the east side of the Capitol.

Thirty minutes after first entering the Capitol on the west side, BIGGS and two other members of the Proud boys, among others, forcibly re-entered the Capitol through the Columbus Doors on the east side of the Capitol, pushing past at least one law enforcement officer and entering the Capitol directly in front of a group of individuals affiliated with the Oath Keepers. [my emphasis]

Understanding Biggs’ actions — including whether they were coordinated with the Oath Keepers who entered at virtually the same time as him (including fellow Floridian Kelly Meggs, who had just “organized an alliance” with the Proud Boys in December) — is crucial to understanding the insurrection as a whole.

That’s particularly true given that Biggs re-entered the Capitol and headed to the Senate, where Mike Pence had only recently been evacuated. That’s also true given how Biggs’ actions coincide so neatly with those of the Oath Keepers.

At the moment Pezzola breaks the Capitol window with a shield, Person Ten contacts Joshua James (from Alabama but seemingly affiliated with the Florida Oath Keepers). At the moment Biggs enters the Capitol, someone on the Oath Keepers’ Signal channel informed the list that “The[y] have taken ground at the capital [sic]. We need to regroup any members who are not on mission.” This is a quicker response than the Proud Boys Boots on the Ground channel itself had to the initial breach.

And that’s what happened. Both the Oath Keepers and the Proud Boys regrouped and opened a new front on the assault on the Capitol.

Rhodes called Kelly Meggs. Person Ten called James. Then Rhodes had overlapping phone calls with Person Ten and Meggs. Around that time, The Stack started making their way to an entry of the Capitol on the other side of the building from where they were. And James and Minuta hopped in some golf carts and rushed to the Capitol (I’m not sure from where). During the period when The Stack, commanded by Kelly Meggs, was making their way to the Capitol and Biggs was walking around rather than through it, Roberto Minuta arrived and started harassing the cops guarding the door through which Biggs and The Stack would shortly enter, perhaps ensuring that the cops remained at their post rather than reinforcing the east side.

I had speculated here that Proud Boys in the initial breach — most notably former Army Captain Gabriel Garcia — were live streaming with the intent of providing tactical information to people located remotely who were performing a command and control function.

If you were following Garcia’s livestreams in real time — even from a remote location — you would have visibility on what was going on inside almost immediately after the first group of the Proud Boys breached the Capitol.

In a later livestream, Garcia narrated what happened in the minutes after the Proud Boys had breached the Capitol.

GARCIA states, “We just went ahead and stormed the Capitol. It’s about to get ugly.” Around him, a large crowd chants, “Our house!”

Then, as a standoff with some cops ensued, Garcia filmed himself describing, tactically, what was happening, and also making suggestions to escalate violence that were heeded by those around him.

At minute 1:34, a man tries to run through the line of USCP officers. The officers respond with force, which prompts GARCIA to shout, “You fucking traitors! You fucking traitors! Fuck you!” As the USCP officers try to maintain positive control of the man that just rushed the police line, GARCIA yells, “grab him!” seemingly instructing the individuals around him to retrieve the man from USCP officers. GARCIA is holding a large American flag, which he drops into the skirmish in an apparent attempt to assist the individuals who are struggling with the USCP officers.

USCP officers maintain control of the line, holding out their arms to keep the crowd from advancing. At least one USCP officer deploys an asp. GARCIA turns the camera on himself and offers tactical observations regarding the standoff. [my emphasis]

Garcia’s livestream was such that you would obtain crowd size estimates from it, as well as specific names of officers on the front line, as well as instructions to “keep ’em coming,” seemingly asking for more bodies for this confrontation.

At minute 3:26, GARCIA, who is still in extremely close proximity to the USCP officer line again yells, “Fucking traitors!” He then joins the crowd chanting “Our house!” At minute 3:38, GARCIA states, “You ain’t stopping a million of us.” He then turns the camera to the crowd behind him and says, “Keep ‘em coming. Keep ‘em coming. Storm this shit.” GARCIA chants with the crowd, “USA!”

Soon after, GARCIA stops chanting and begins speaking off camera with someone near him. At minute 4:28, GARCIA says, “do you want water?” Though unclear, GARCIA seems to be asking the person with whom he is speaking. GARCIA is so close to an officer that, as the camera shifts, the only images captured are those of the officer’s chest and badge. [my emphasis]

Remarkably, Garcia filmed himself successfully ordering the rioters to hold the line — which they do — and then filmed them charging the police.

GARCIA yells, “Back up! Hold the line!” Shortly thereafter, the crowd begins advancing, breaching the USCP officer line. GARCIA says, “Stop pushing.” The last moments captured in the video are of the crowd rushing the USCP officers.

A filing arguing for detention for Ethan Nordean confirms that Proud Boys located offsite were monitoring the livestream and providing instructions.

When the Defendant, his co-Defendants, and the Proud Boys under the Defendant’s command did, in fact, storm the Capitol grounds, messages on Telegram immediately reflected the event. PERSON-2 announced, “Storming the capital building right now!!” and then “Get there.” [Un-indicted co-conspirator-1] immediately followed by posting the message, “Storming the capital building right now!!” four consecutive times.6 These messages reflect that the men involved in the planning understood that the plan included storming the Capitol grounds. This shared understanding of the plan is further reflected in co-Defendant Biggs’ real-time descriptions that “we’ve just taken the Capitol” and “we just stormed the fucking Capitol.”

6 UCC-1 and PERSON-2 are not believed to have been present on the Capitol grounds, but rather indicated that they were monitoring events remotely using livestreams and other methods.*

So at least on the Proud Boys side, there was this kind of command and control.

And the government has been arresting their way to some clarity on this point.

Sometime before March 1, the government got access to both the leadership Telegram channel the Proud Boys used to coordinate the insurrection and the “Boots on the Ground” channel, meaning they’ve got monikers for around 35 active Proud Boy participants in the insurrection who have not yet been arrested. In the weeks since the Biggs and Nordean conspiracy indictment disclosed that the government had these chats, the government has arrested several people with ties to one or another of these men (though without saying whether they identified them from the Boots on the Ground channel or whether they arrested them at this time for investigative reasons).

Two of these men just happen to be two of Joe Biggs’ co-travelers the day of the insurrection, Paul Rae and Arthur Jackman, both also from Florida. The complaints for both are very similar, possibly written by the same FBI agent. Both complaints go through the greatest hits of the Proud Boy actions that day, listing all the conspiracies already charged. While the affidavits include the testimony of acquaintances of both men (in Jackman’s case, obtained after a January 19 interview with Jackman himself, meaning that testimony couldn’t be the lead via which they IDed him), the affidavits also focus on their entries with Joe Biggs, with Rae entering the west Capitol door right next to Biggs.

And Jackman walking up steps with his hand on Biggs’ shoulder.

Each affidavit includes the photo obtained from warrants served on Biggs showing the selfie mentioned in the Leader indictment (bolded above).

In Rae’s affidavit, they’ve redacted out all but his face and Biggs’.

They use the same approach in Jackman’s affidavit, redacting the others (including Rae, who had already been arrested).

If I were one of the two other guys in this picture, I’d be arranging legal representation right now.

The affidavits show both men entering the Capitol on the east side, along with Biggs. As he did on the west side, Rae walked in beside Biggs (you can see Jackman just ahead of Rae in this picture).

And as he did elsewhere in the Capitol, Jackman walked with his hand on Biggs’ shoulder.

Jackman’s affidavit shows him in the Senate (where we know Biggs also went).

The government arrested Rae on March 24. They arrested Jackman on March 30. Again, I’d be pretty nervous if I were one of the other two guys.

Because if the government can show that this second breach by Biggs was coordinated with the Oath Keepers, with The Stack led by the guy who arranged an alliance in December, Kelly Meggs, it will make these five separate conspiracies mighty cozy (in any case, the government is already starting to refer to the multiple Proud Boys conspiracies as one).

There’s at least one other action on which both militias may have coordinated: aborted efforts to launch a second wave after 4PM, something that Rudy Giuliani seems to have had insight into.

But for now, the government seems pretty focused on arresting their way to clarity about why Joe Biggs breached the Capitol, then walked outside and around it, and then breached it again.


* I had suggested in this post that UCC-1 might be Nicholas Ochs. But that’s not possible, because the government knows he was onsite. Moreover, the government is now treating defendants in one of the Proud Boys conspiracy indictments (most notably Dominic Pezzola) as co-conspirators with those charged in other conspiracy indictments (including Nordean), so Ochs would be an indicted co-conspirator. Another — far more intriguing possibility — is that it is James Sullivan (who might have a leadership role in Utah’s Proud Boys), who was in contact with Rudy Giuliani about the insurrection, and who inexplicably hasn’t been arrested. Certainly, Rudy seems to have had the information available on those chats in real time.


The State of the Five Now-Intersecting January 6 Militia Conspiracies

Paragraph 64 of a new conspiracy indictment including Proud Boys Ethan Nordean, Joe Biggs, and the newly arrested Proud Boys Zachary Rehl and Charles Donohoe includes a seemingly gratuitous reference to the Oath Keepers. The paragraph describes how Biggs, after having entered the Capitol once already from the northwest side, then moved to the opposite side of the building and forced his way in on the east side. He did so right in front of a group of Oath Keepers.

Thirty minutes after first entering the Capitol on the west side, BIGGS and two other members of the Proud boys, among others, forcibly re-entered the Capitol through the Columbus Doors on the east side of the Capitol, pushing past at least one law enforcement officer and entering the Capitol directly in front of a group of individuals affiliated with the Oath Keepers.

This would have been around 2:44 PM. The Oath Keeper “stack” went in the east side of the Capitol at around 2:40.

That reference, along with the common use of the Zello application, brings two parallel conspiracies laid out over a month ago closer together, arguably intersecting. As of right now, DOJ has charged 25 people in five different conspiracy indictments, four of which share precisely the same goal: to stop, delay, and hinder Congress’s certification of the Electoral College vote, with many similar means and methods. Three conspiracy indictments also share roughly the same goal of obstructing law enforcement. Those indictments are:

Here’s what a simplified version of the five different conspiracies looks like:

This is not the end of it: there are three Oath Keepers not included in that conspiracy, and a random bunch of Proud Boys who might eventually be included, as well as anyone else who coordinated this effort [wink]. But these conspiracy indictments will remain separate only for prosecutorial ease. They are, for all intents and purposes, now-intersecting conspiracies.

Update: Last night, NYT’s visual team released new videos showing that the Oath Keepers Stack was involved in forcing entry into the East entrance of the Capitol. These videos depict what happened moments after Biggs reentered the Capitol, as described above.

Update: To see how the other pieces of any coordinated action fit, I will list the other Oath Keepers and Proud Boys that have played a part in this operation.

Oath Keepers

Stewart Rhodes: The Oath Keeper President. He is not charged, but implicated in the existing Oath Keepers indictment and the Minuta complaint.

Roberto Minuta: Minuta was arrested on March 8. An SDNY Magistrate judge released him on bail (he almost put up silver bars for his security, but ended up coming up with the money itself), ignoring the government request he stay the order. Minuta’s arrest affidavit–which was written 12 days before James’ but executed roughly the same day–focuses primarily on Minuta’s harassment of cops. It doesn’t mention, as James’ affidavit does, Minuta’s role in providing security, including for Roger Stone. Minuta also deleted his Facebook account on January 13, for which he was charged with obstruction.

Joshua James: James was arrested on March 9 and held without bail (in part because of a past arrest associated with claiming to be a military police officer in 2011). His arrest affidavit makes it clear he was a close contact with Minuta as well as Kelly Meggs. The affidavit repeatedly describes James offering security to VIPs we know to include Roger Stone. According to public reporting, James received payment for his “security” services on January 6, which Stone was publicly fundraising for in advance (then denied spending).

Jon Ryan Schaffer: The front man for the heavy metal band Iced Earth and an Oath Keeper lifetime member, Schaffer was arrested for spraying some police with bear spray. But two months after his arrest and detention, he has not been (publicly) indicted and only arrived in DC on March 17. The government has not publicly responded to his motion to dismiss his case on Speedy Trial grounds. All of which suggests there’s something more there that we can’t see.

Person Four: The James affidavit refers to Minuta as “Person Five.” It uses that number, it says, because “Persons Two [Caldwell’s spouse], Three [the NC-based Oath Keeper who might serve as a Quick Reaction Force], and Four are not included in this affidavit, but are already-numbered individuals associated with United States v. Thomas Caldwell, et al, Case No. 21-cr-28 (APM). To maintain consistent nomenclature, the referenced individual here will be defined as ‘Person Five.’” I haven’t been able to find the reference to Person Four (though it might be Watkins’ partner, references to whom are inconsistent).

Three more Stack participants and four others who operated with Minuta and James on January 6: This image, from James’ complaint, identifies three other Stack members (the second, third, and last yellow arrow) and four others who interacted with James and Minuta during the day on January 6.

Proud Boys

Enrique Tarrio: Tarrio is the head of the Proud Boys, but got arrested as he entered DC on January 4 on charges relating to vandalizing a Black church in December, onto which possession charges were added. He is referred to in all the Proud Boy conspiracies, repeatedly in the Leader one (because they scrambled to figure out what to do after his arrest). While it’s unlikely he was on the Telegram channels used to organize the insurrection, he was in touch with members via other, thus far unidentified channels.

Joshua Pruitt: Pruitt was arrested for a curfew violation on the night of the insurrection. He told the FBI he hadn’t engaged in any unlawful activity and was just trying to deescalate the situation. But he was indicted on his own weeks later for obstructing the vote count and interfering with cops, and abetting the destruction of property, along with trespassing. The Nordean conspiracy indictment notes that he went in the West entrance shortly after Dominic Pezzola breached it (suggesting the government may now know he was part of a cell with Pezzola). Pruitt is being prosecuted by the same prosecutor as on most Proud Boy cases, Christopher Berridge, and before the same judge, Timothy Kelly.

Gabriel Garcia: Garcia, a former Army Captain, appears to have originally been identified by the Facebook order showing who livestreamed from the Capitol. It’s possible his livestreams were intended to serve as live reporting for those coordinating outside (he catches the names of cops, the size of the crowd, and instructs, “keep ’em coming.” He incites a big push through a line of cops. Later, he calls for “Nancy” to “come out and play” and calls to “Free Enrique” [Tarrio]. He was charged by complaint on January 16 and by indictment on February 16 with obstruction and resisting cops during civil disorder. The Nordean conspiracy indictment notes he went in the West entrance shortly after Pezzola breached it.

Christopher Worrell: The government originally charged Worrell, a committed Proud Boy who traveled to DC in vans of Proud Boys paid for by someone else and wore comms equipment, with trespass crimes on March 10. Among his criminal background, he pretended to be a cop to intimidate a woman. He lied in his first interview with the FBI, hiding that he sprayed pepper spray on some police who were the last line of defense on the West side of the Capitol. According to a witness who knows him, he also directed other likely Proud Boys. After first being released, he was subsequently detained and is awaiting indictment on what the government suggests are likely to be assault charges.

Robert Gieswein: Ethan Nordean spoke to Giswein shortly before he and Pezzola launched the attack on the Capitol suggesting that Gieswein, who had known ties to the 3% movement, was coordinating with the Proud Boys that day. Over the course of breaking into the Capitol, he allegedly assaulted 3 cops with a bat or pepper spray, and broke a window to break in. He was first charged on January 16, indicted on January 27. His docket shows none of the normal proceedings, such as a protective order, but his magistrate’s docket shows two sealed documents placed there in recent weeks.

Ryan Samsel: There’s no indication I know of that ties Samsel to the Proud Boys. But he marched with them and initiated the assault on the West side of the Capitol with Dominic Pezzola and William Pepe. He was charged with assault and obstruction on January 29 and arrested on February 3. In his case, he allegedly did so by assaulting a cop at the first line of barriers, knocking her out. He and the government are in talks for a guilty plea.

Ryan Bennett: Bennett was IDed off his own Facebook livestreaming, while wearing a Proud Boys hat, of the event, including his direct witness to the shooting of Ashli Bennett, with his voice yelling “Break it down!” in the background. He was arrested on January 26 and charged in a still-sealed March 17 indictment over which James Boasberg will preside.

Bryan Betancur: Betancur was busted by his Maryland Probation Officer, to whom he had lied about distributing Bibles to get permission to go to DC. He wore a Proud Boys shirt to the insurrection and is a known white supremacist who espouses violence. He was charged with misdemeanor trespass charges. His defense attorney is already discussing a guilty plea.

Daniel Goodwyn: Goodwyn’s online identity is closely associated with the Proud Boys. He was identified via an interview he did with Baked Alaska during the insurrection and texts sent to an associate; he was arrested on January 29. He was originally charged with trespass, with obstruction added in his indictment on February 24. Charles Berridge was originally the prosecutor on this case but has been replaced on it.

Christopher Kelly: Kelly revealed on Facebook before he headed to DC that he would be going with, “ex NYPD and some proud boys.” While inside, he bragged that they had “stopped the hearing, they are all headed to the basement.” He was originally charged with trespass and obstruction on January 20; he has yet to be (publicly) indicted yet. He has the same defense attorney, Edward McMahon, as Nicholas Ochs.

Around 40 other people who used the Proud Boys “Boots on the Ground” Telegram channel: As I noted here, the government must have at least monikers for — and likely email and/or device identifiers — for around 40 people who used the organizing channel set up less than a day before the operation. It will be interesting to see if they attempt to track all of them down.

Rolling Updates:

Marc Bru, a Proud Boy with ties to Nordean, was charged on March 9.

Paul Rae, a Proud Boy from Florida who trailed Biggs both times he entered the Capitol.

Arthur Jackman: a Proud Boy from Florida who trailed Biggs both times he entered the Capitol, including into the Senate.

 


News from the Election Front: Russia Attacked Joe Biden Through “Prominent US Individuals, Some of Whom Were Close to Former President Trump”

Back in 2018, President Trump signed an Executive Order 13848, designed to stave off a law mandating sanctions in the event of election interference. The order nevertheless required reporting on election interference and provided the White House discretion to impose sanctions in the event of interference. Yesterday, the Director of Homeland Security and Director of National Intelligence released the reports mandated by an Executive Order, describing the known efforts to interfere in last year’s election.

Trump’s Intelligence Community Debunks Trump

Though Trump failed to comply publicly in 2019, his own EO mandates deadlines for — first — the DNI report assessing a broader range of possible election interference and then, 45 days later, the DHS/DOJ report describing interference with election infrastructure or influence operations.

(a) Not later than 45 days after the conclusion of a United States election, the Director of National Intelligence, in consultation with the heads of any other appropriate executive departments and agencies (agencies), shall conduct an assessment of any information indicating that a foreign government, or any person acting as an agent of or on behalf of a foreign government, has acted with the intent or purpose of interfering in that election. The assessment shall identify, to the maximum extent ascertainable, the nature of any foreign interference and any methods employed to execute it, the persons involved, and the foreign government or governments that authorized, directed, sponsored, or supported it. The Director of National Intelligence shall deliver this assessment and appropriate supporting information to the President, the Secretary of State, the Secretary of the Treasury, the Secretary of Defense, the Attorney General, and the Secretary of Homeland Security.

(b) Within 45 days of receiving the assessment and information described in section 1(a) of this order, the Attorney General and the Secretary of Homeland Security, in consultation with the heads of any other appropriate agencies and, as appropriate, State and local officials, shall deliver to the President, the Secretary of State, the Secretary of the Treasury, and the Secretary of Defense a report evaluating, with respect to the United States election that is the subject of the assessment described in section 1(a):

(i) the extent to which any foreign interference that targeted election infrastructure materially affected the security or integrity of that infrastructure, the tabulation of votes, or the timely transmission of election results; and

(ii) if any foreign interference involved activities targeting the infrastructure of, or pertaining to, a political organization, campaign, or candidate, the extent to which such activities materially affected the security or integrity of that infrastructure, including by unauthorized access to, disclosure or threatened disclosure of, or alteration or falsification of, information or data.

These deadlines should have been, for the DNI Report, December 18, and for the DHS/DOJ report, February 1.

The declassified DNI report released yesterday was finished and distributed, in classified form, on January 7.

The document is a declassified version of a classified report that the IC provided to the President, senior Executive Branch officials, and Congressional leadership and intelligence oversight committees on January 7, 2021.

It was based off intelligence available as of December 31.

The DHS report was completed in February.

Which is to say that these reports were done substantially under the Trump Administration.

DHS Debunks the Kraken

The DHS report, based off the classified report completed in February, finds that while Russian and Iran breached some election infrastructure, they did not manage to change any votes. It also finds that those two countries plus China managed to compromise party or campaign infrastructure, with unknown goals, but that none of the countries that accessed information that could have been used in influence operations used the information.

The most important result, however, was that after checking via multiple different measures, the government found no evidence that dead Hugo Chavez or anyone else that Sidney Powell invoked in service of the Big Lie succeeded in changing any votes.

We are aware of multiple public claims that one or more foreign governments—including Venezuela, Cuba, or China—owned, directed, or controlled election infrastructure used in the 2020 federal elections; implemented a scheme to manipulate election infrastructure; or tallied, changed, or otherwise manipulated vote counts. Following the election, the Department of Justice, including the FBI, and the Department of Homeland Security, including CISA, investigated the public claims and determined that they are not credible.

We have no evidence—not through intelligence collection on the foreign actors themselves, not through physical security and cybersecurity monitoring of voting systems across the country, not through post-election audits, and not through any other means—that a foreign government or other actors compromised election infrastructure to manipulate election results.

DNI (Mostly) Debunks the DNI

Last summer, the Director of National Intelligence John Ratcliffe responded to Democratic concerns about Russia interfering in the election again by stating that China was too. This report largely debunks that claim.

We assess that China did not deploy interference efforts and considered but did not deploy influence efforts intended to change the outcome of the US presidential election. We have high confidence in this judgment. China sought stability in its relationship with the United States and did not view either election outcome as being advantageous enough for China to risk blowback if caught. Beijing probably believed that its traditional influence tools, primarily targeted economic measures and lobbying key individuals and interest groups, would be sufficient to achieve its goal of shaping US policy regardless of who won the election. We did not identify China attempting to interfere with election infrastructure or provide funding to any candidates or parties.

  • The IC assesses that Chinese state media criticism of the Trump administration’s policies related to China and its response to the COVID-19 pandemic remained consistent in the lead-up to the election and was aimed at shaping perceptions of US policies and bolstering China’s global position rather than to affect the 2020 US election. The coverage of the US election, in particular, was limited compared to other topics measured in total volume of content.
  • China has long sought to influence US politics by shaping political and social environments to press US officials to support China’s positions and perspectives. We did not, however, see these capabilities deployed for the purpose of shaping the electoral outcome. [Bold original]

The report describes that the National Intelligence Officer for Cyber had moderate confidence that China was trying to help Joe Biden win.

Minority View The National Intelligence Officer for Cyber assesses that China took at least some steps to undermine former President Trump’s reelection chances, primarily through social media and official public statements and media. The NIO agrees with the IC’s view that Beijing was primarily focused on countering anti-China policies, but assesses that some of Beijing’s influence efforts were intended to at least indirectly affect US candidates, political processes, and voter preferences, meeting the definition for election influence used in this report. The NIO agrees that we have no information suggesting China tried to interfere with election processes. The NIO has moderate confidence in these judgments.

This view differs from the IC assessment because it gives more weight to indications that Beijing preferred former President Trump’s defeat and the election of a more predictable member of the establishment instead, and that Beijing implemented some-and later increased-its election influence efforts, especially over the summer of 2020. The NIO assesses these indications are more persuasive than other information indicating that China decided not to intervene. The NIO further assesses that Beijing calibrated its influence efforts to avoid blowback.

That said, the day after this report was initially disseminated in classified form on January 7, Ratcliffe made clear that the Ombud believed this was a politicized view, and that more than just the Cyber NIO agreed (though didn’t mention that the Ombud believed Russian intelligence had been politicized even worse).

President Trump’s political appointees clashed with career intelligence analysts over the extent to which Russia and China interfered or sought to interfere in the 2020 election, with each side accusing the other of politicization, according to a report by an intelligence community ombudsman.

The findings by Barry A. Zulauf, the “analytic ombudsman” for the Office of the Director of National Intelligence (ODNI), describe an intelligence community afflicted by a “widespread perception in the workforce about politicization” of analysis on the topic of foreign election influence — one that he says threatens the legitimacy of the agencies’ work.

[snip]

Citing Zulauf’s report, Director of National Intelligence John Ratcliffe, chosen for the position by Trump last year, charged Thursday that career analysts in a recently completed classified assessment failed to capture the full scope of Chinese government influence on the election — a charge that some current and former officials say illustrates the issue of politicization, because it downplays the much larger role of Russia.

As late as October, then, another Intelligence Officer had some confidence that what this report deems China’s regular influence-peddling had an electoral component, but (as Ratcliffe complained in January) it did not show up in this report, which was entirely produced after the Ombud weighed in.

The IC Now Associates Konstantin Kilimnik with FSB, not GRU

The long section on Russia’s efforts to influence the election get pretty damned close to saying that the events surrounding Trump’s first impeachment and even the Hunter Biden laptop were Russian backed (which is consistent with intelligence warnings that were broadly shared). It might as well have named Rudy Giuliani (among others).

We assess that President Putin and the Russian state authorized and conducted influence operations against the 2020 US presidential election aimed at denigrating President Biden and the Democratic Party, supporting former President Trump, undermining public confidence in the electoral process, and exacerbating sociopolitical divisions in the US. Unlike in 2016, we did not see persistent Russian cyber efforts to gain access to election infrastructure. We have high confidence in these judgments because a range of Russian state and proxy actors who all serve the Kremlin’s interests worked to affect US public perceptions. We also have high confidence because of the consistency of themes in Russia’s influence efforts across the various influence actors and throughout the campaign, as well as in Russian leaders’ assessments of the candidates. A key element of Moscow’s strategy this election cycle was its use of people linked to Russian intelligence to launder influence narratives–including misleading or unsubstantiated allegations against President Biden–through US media organizations, US officials, and prominent US individuals, some of whom were close to former President Trump and his administration.

[snip]

Derkach, Kilimnik, and their associates sought to use prominent US persons and media conduits to launder their narratives to US officials and audiences. These Russian proxies met with and provided materials to Trump administration-linked US persons to advocate for formal investigations; hired a US firm to petition US officials; and attempted to make contact with several senior US officials. They also made contact with established US media figures and helped produce a documentary that aired on a US television network in late January 2020. [Bold original, italics added]

The report likens what Russian entities were doing post-election with what Russia had planned in 2016.

Even after the election, Russian online influence actors continued to promote narratives questioning the election results and disparaging President Biden and the Democratic Party. These efforts parallel plans Moscow had in place in 2016 to discredit a potential incoming Clinton administration, but which it scrapped after former President Trump’s victory.

Perhaps the most interesting detail — on top of revealing that Paul Manafort’s former employee remained involved in all this — is that this report suggests Kilimnik has ties to FSB, not GRU (though the report describes GRU’s efforts as well).

A network of Ukraine-linked individuals–including Russian influence agent Konstantin Kilimnik–who were also connected to the Russian Federal Security Service (FSB) took steps throughout the election cycle to damage US ties to Ukraine, denigrate President Biden and his candidacy, and benefit former President Trump’s prospects for reelection.

The most recent public reporting on Kilimnik was the SSCI Report. And that suggested that Kilimnik (along with at least one other Oleg Deripaska deputy) was linked to GRU. Indeed, Kilimnik has been described as a former GRU officer. This suggests he may have ties, as well or more recently, to FSB, which would have interesting implications for the 2016 operation.

 


FBI and DHS Aren’t Using the Free Expertise on Right Wing Terrorism While Looking to Pay for It

There was a remarkable moment in the Homeland Security/Rules hearing on January 6 the other day. Krysten Sinema asked whether FBI knew of the conversations on social media where people were openly planning for insurrection. FBI’s Assistant Director for Counterterrorism, Jill Sanborn, explained they did not know of them because the Bureau couldn’t collect on the social media of Americans without a predicated investigation.

Krysten Sinema: Was the FBI aware of these specific conversations on social media?

Jill Sanborn: To my knowledge, no ma’am, and I’ll just sort of articulate why that is. So under our authorities, because, being mindful of the First Amendment and our dual-hatted mission to uphold the Constitution, we cannot collect First Amendment protected activities without, sort of the next step, which is the intent, and so we’d have to have an already-predicated investigation that allowed us access to those comms and/or a lead or a tip or a report from a community citizen or a fellow law enforcement partner for us to gather that information.

Sinema: So the FBI does not monitor publicly-available social media conversations?

Sanborn: Correct, ma’am, it’s not within our authorities.

For what it’s worth, Sanborn’s first comment was about collecting on social media. Sinema then treated that as a limitation on monitoring it (and Sanborn didn’t correct her). Still, Sanborn explained away FBI’s failure to see the insurrection many of the rest of us were seeing develop in real time by saying that discovering it would have required tracking Americans’ protected speech.

A more revealing moment came elsewhere, when Sanborn revealed that just one person who has been arrested in the wake of the attack had already been under investigation. That means, in spite of the Proud Boys’ threat, with Roger Stone, against Amy Berman Jackson two years ago, the FBI didn’t have an enterprise investigation into them (or the Oath Keepers or a range of other extremist organizations involved in the attack). So, because the FBI was not investigating the Proud Boys, the Proud Boys were able to plan an insurrection in plain sight.

That has changed, of course.

Later in the hearing, Mark Warner — citing all the FBI’s warnings in recent years about what a lethal threat white supremacist terrorism is — asked both Sanborn and the woman currently running DHS’ Office of Intelligence and Analysis, Melissa Smislova, what they’re doing to improve things and whether they’re using any of the open source experts out there.

Sanborn talked about working with “partners” (which I took to mean social media companies) and Fusion centers. Smislova revealed that DHS is looking to contract with experts on the topic, rather than read what those experts produce on a regular basis.

Mark Warner: I appreciate Ms. Sanborn’s appropriate response that they not arbitrarily collect off of American citizens if there’s not some nexus, but I do think it’s important, I think others have mentioned this that Domestic Violent Extremists didn’t start with January 6. They didn’t start with Donald Trump. They’re not going to end with January 6. They’re not going to end with Donald Trump. In my state we saw, a few year’s back, the Unite the Right rally at Charlottesville where many of these same groups and affiliations came together in another violent effort where one protestor was killed, we unfortunately lost a couple members of our State Police. Director Wray has repeatedly said in testimony before the Intelligence Committee, the Worldwide Threat Assessment, that Domestic Violent Extremists are a major national security threat to this country. I personally believe that that message was downplayed during the previous Administration because they didn’t want to hear it. I want to start with Ms. Smislova and Assistant Director Sanborn — Director Sanborn it’s great to see you again — is that, recognizing the constraints that are placed upon you in terms of collections, and also acknowledging that this threat has been around for some time. The FBI in particular has acknowledged that it is an extraordinary major severe threat, what have you both been able to do in engaging in open source intelligence and independent research communities to better identify these DVEs. I know in the run-up to the January 6 insurrection there was research done by Harvard’s John Donovan and Elon University’s Megan Squire as well as other researchers that pointed to the fact that these DVEs and affiliated groups, oftentimes groups that are working in conjunction with groups in Europe, were planning this effort. So how are you both, DHS and FBI, utilizing these independent researchers, these open source activities, and making sure we’ve got a better handle on it, recognizing your appropriate constraints on what you can do directly?

Melissa Smislova: Yes, Senator, thank you for the question. We just last week met as, as inside I&A, to discuss contracting with some of those experts outside. We are aware that we need to invest more in our understanding of Domestic Terror, we understand as well that it will require a different approach than a traditional Intelligence Community approach, we must use different sources to understand this threat, we are looking to get outside experts, invest more in-house, we are secondly looking at how to better understand the social media world, so we can better focus on where we might find specific and insightful information about what the adversary is thinking about. We are additionally looking to partner more with our state and local colleagues who we know have a different perspective on this threat and have more information, in some cases, than we do, and we are also, again, partnering more across the department and with our federal partners, increasing our relationships with FBI.

Warner: Ms. Sanborn?

Jill Sanborn: Thank you Senator, nice to see you again as well. I’d sort of say what we’re trying to do, and I’ll put it in three buckets, really, for you. Increasing our private sector is 100%, I have a section just inside my division that does nothing but partner engagement. We have found that the better we educate them on the threat we’re facing and painting a picture for them of what those threats we are, they’re better able to pay attention and collect and refer information to us and that is helpful and that’s when we talk about the fact that 50% of our tips and leads to our cases, or predication for our cases come from that relationship and that education. We’re also, same as my colleague said, using the state and local partners, so we leverage the Fusion centers a lot and their ability and their expertise — and the Orange County Fusion Center is a great example of leading, sort of, the analytics of social media and leveraging their expertise to predicate cases and they were actually behind the predication of the case, The Base, that we disrupted. And then last, I’d say, challenging ourselves for better collection inside, right, trying to point our sources and our collection to be in the right places to collect the intelligence that we need and that is what led to the Norfolk SIR, that is us pointing our collection in a space that gathered that information.

Warner: I have to tell you, respectfully, I’m pretty disappointed with both of your answers. This is not a new threat, we’ve seen since 2016 election how foreign adversaries manipulate social media, hear repeatedly from DHS and FBI that we’re going to get better at collecting. We saw the Unite the Right rally in Charlottesville. We heard people say we’re gonna get better at collecting information and better partnering, neither one of your referenced — there’s literally a host of experts at academia, at organizations like Graphika, and others that are monitoring the DVEs and their activities, oftentimes in their connections to anti-government groups in Europe, again, oftentimes amplified by nations like Russia, and I guess we’re always going to get ready and we’re somehow surprised when we see the kind of chaos that took place on January 6th.

Mark Warner proceeded to chew out both FBI and DHS’s witnesses given that, even after he raised open source expertise available, neither mentioned relying on it.

I hope Warner is paying attention to Huffington Post’s recent reporting. On February 26, relying on the work of some anti-fascist researchers, HuffPo identified Danny Rodriguez as the likely culprit behind the tasing of DC cop Michael Fanone, which led him to suffer a mild heart attack. HuffPo also reported that the FBI had gotten tips IDing Rodriguez in January, but had done nothing to call those who submitted the tips until HuffPo called the Bureau for comment.

The man in the red “MAKE AMERICA GREAT AGAIN” hat seemed to think he was untouchable. He joined the mob as they yelled “HEAVE! HO!” and tried to force their way through a police line into the Capitol building. Once inside, he used a pole to ram against a window, trying to shatter it and bring more people into the Capitol. In the most disturbing footage of all, he was caught on camera appearing to shock D.C. Metropolitan Police Officer Mike Fanone with a stun gun. As rioters push Fanone down the stairs and away from other cops, video shows the man in the red cap pressing a small black device against the officer’s neck. Fanone instantly drops to the ground, swallowed by the mob.

[snip]

His assailant in the red MAGA hat, who has been at large since the insurrection, is 38-year-old Daniel Joseph Rodriguez from Fontana, California, HuffPost can confirm.

Rodriguez, who goes by “Danny” and “DJ,” is well known among Trump supporters in the Los Angeles area as a superfan of the former president. Multiple news outlets have featured him in their coverage of the local pro-Trump movement in recent years, in articles that included his name and photo. He regularly attended the weekly Trump rallies in Beverly Hills last year. He was recognizable there by his dark-rimmed glasses and the many distinctive pins on his hat, which has a big GOP elephant symbol on the brim.

[snip]

Two separate anti-fascist activists ― as well as a third witness who supported Trump and called himself a former friend of Rodriguez ― reviewed footage of the man at the Capitol and told HuffPost they recognized Rodriguez from the California rallies.

The FBI received tips about Rodriguez last month, including one from a man he assaulted on video at a Los Angeles-area rally. But it wasn’t until hours after a HuffPost inquiry to the bureau for this story that the tipster heard from an FBI special agent with questions specifically about a man named “Danny Rodriguez.”

Then, yesterday, HuffPo revealed another case where a researcher sent in a tip only to have no visible response from the FBI. Shortly after January 20, SeditionHunter “Amy” identified Robert Scott Palmer as the guy in an American flag jacket who sprayed a fire extinguisher at cops.

With bright red and white stripes across his body and stars down his sleeves, the man in the American flag jacket and “FLORIDA FOR TRUMP” hat wielded a fire extinguisher while charging the U.S. Capitol on the afternoon of Jan. 6. He shoved his way through the crowd of rioters to the police line, then sprayed officers at close range before chucking the emptied canister at them. By nightfall he himself had been lightly harmed, apparently by a police crowd control munition. He held up his shirt to show off his bruised gut during an interview with a female journalist filming him live as cops pushed the mob back from Capitol grounds. Then he looked straight into her livestreaming device and identified himself as Robert Palmer from Clearwater, Florida.

[snip]

Palmer is now publicly on the FBI’s radar, though not by name. Three photos of him are featured on the bureau’s Capitol violence page, where he’s listed only as “#246 – AFO [Assault on Federal Officer].” But the images didn’t appear there until nearly a month after Amy had already tipped off the FBI about his identity.

#FloridaFlagJacket was used as a hashtag on Twitter less than a week after the Capitol attack, when Trump was still in office. Amy sent in a tip naming Palmer not long after President Joe Biden was inaugurated. His photos were finally added to the FBI database in late February.

It’s not just online researchers whose tips the FBI isn’t moving on quickly. On January 11, someone who knew Peter Schwartz as a felon who had gotten released from prison due to COVID, alerted the FBI that Schwartz had skipped out on his halfway house to attend the rally (the tipster was friends with Schwartz but Schwartz owed him money). The FBI subsequently identified Schwartz as the person who maced some cops.

On January 11, 2021, the FBI National Threat Operations Center (NTOC) received a tip from an individual (hereinafter W-1) who is personally acquainted with SCHWARTZ. In the tip, W-1 reported that “Pete SCHWARTZ” was involved in the Capitol riots. W-1 stated SCHWARTZ is a felon and was released from prison due to COVID-19. W-1 also stated that SCHWARTZ is employed as a traveling welder. According to W-1, SCHWARTZ was supposed to be at a rehabilitation facility in Owensboro, Kentucky on January 6, 2021. However, W-1 saw a picture of SCHWARTZ on the Capitol Building steps that appeared to have been taken on January 6, 2021. As part of the tip, W-1 also provided the Facebook URL for what he claimed was SCHWARTZ’s Facebook page. W-1 did not provide any other photographs, however. Due to the volume of tips provided to the FBI since January 6, 2021 – which stands at over 150,000 as of January 26, 2021 – the FBI was not able to immediately contact W-1 regarding the information that W-1 provided and did not immediately link SCHWARTZ to the individual who repeatedly maced officers at the Capitol.

Schwartz wasn’t arrested until February 4.

Still, that’s less time than these other tips.

The FBI, perhaps justifiably given the flood of data they’re dealing with, seems to value tips from suspects’ direct associates rather than online tipsters. The vast majority of tips they have acted on do come from people who know a suspect directly, often their family or friends or high school classmates.

But many of these researchers have been doing what FBI claims it cannot do (or could not before an insurrection gave them the predicated investigation permitting them to do so): connect the dots from public social media.

Instead, DHS is looking to pay people for the assistance people are trying to give the FBI for free.


Chain of Command: The AWOL Descriptions of the Commander in Chief’s Role in the National Guard Non-Response on January 6

The only formal explanation Trump has offered to describe his role in deploying the National Guard in response to the attack on the Capitol on January 6 came in his impeachment defense. As part of that defense, Bruce Castor pointed to things he claimed happened before Trump’s speech ended. In Castor’s inaccurate portrayal of the timeline, he suggested that the first action Acting Secretary of Defense Christopher Miller took was when, at 1:05 (which Castor said was 11:05), Miller “received open source reports of demonstrator movements to the U.S. Capitol.” He continued to claim that,

At 1:09 PM, US Capitol Police Chief’s Steven Sund called the House and Senate Sergeants at Arms, telling them he wanted an emergency declared and he wanted the National Guard called. The point: given the timeline of events, the criminals at the Capitol were not there to even hear the President’s words. They were more than a mile away engaged in a preplanned assault on this very building.

Admittedly, this was probably no more than an incompetent parroting of the existing timeline released by DOD. It’s possible that Trump’s lawyers didn’t ask him what happened inside the White House that day, because if they did, it would not help their case.

Still: Trump’s own defense claimed that the first that Acting Secretary Miller did in the matter was at 1[1]:05 on January 6.

That’s mighty interesting because there have been two claims that Trump proactively offered up National Guard troops for January 6 in the days beforehand. The first came in a Vanity Fair piece written by a journalist that Trump’s DOD flunkies permitted to embed with them (he requested to do so before the insurrection, but didn’t start his embed until January 12, meaning the claims reported in this article were retrospective). That piece claimed that, the night before the attack, Trump told DOD they would need 10,000 people.

The president, Miller recalled, asked how many troops the Pentagon planned to turn out the following day. “We’re like, ‘We’re going to provide any National Guard support that the District requests,’” Miller responded. “And [Trump] goes, ‘You’re going to need 10,000 people.’ No, I’m not talking bullshit. He said that. And we’re like, ‘Maybe. But you know, someone’s going to have to ask for it.’” At that point Miller remembered the president telling him, “‘You do what you need to do. You do what you need to do.’ He said, ‘You’re going to need 10,000.’ That’s what he said. Swear to God.”

[snip]

“We had talked to [the president] in person the day before, on the phone the day before, and two days before that. We were given clear instructions. We had all our authorizations. We didn’t need to talk to the president. I was talking to [Trump’s chief of staff, Mark] Meadows, nonstop that day.”

[snip]

What did Miller think of the criticism that the Pentagon had dragged its feet in sending in the cavalry? He bristled. “Oh, that is complete horseshit. I gotta tell you, I cannot wait to go to the Hill and have those conversations with senators and representatives.”

[snip]

Miller and Patel both insisted, in separate conversations, that they neither tried nor needed to contact the president on January 6; they had already gotten approval to deploy forces. However, another senior defense official remembered things quite differently, “They couldn’t get through. They tried to call him”—meaning the president.

So according to Acting Secretary of Defense Christopher Miller, Trump had given him “clear instructions” to “do what you need to do,” and had warned him to have thousands of Guardsmen available. Miller said he was speaking non-stop to Mark Meadows, though an anonymous source stated that they tried but failed to get the President on the line.

Long after impeachment and even after his CPAC speech, Trump went to Fox to make the same claim that appeared in Vanity Fair.

Former President Trump told Fox News late Sunday that he expressed concern over the crowd size near the Capitol days before last month’s deadly riots and personally requested 10,000 National Guard troops be deployed in response.

Trump told “The Next Revolution With Steve Hilton” that his team alerted the Department of Defense days before the rally that crowds might be larger than anticipated and 10,000 national guardsmen should be ready to deploy. He said that — from what he understands — the warning was passed along to leaders at the Capitol, including House Speaker Nancy Pelosi — and he heard that the request was rejected because these leaders did not like the optics of 10,000 troops at the Capitol.

“So, you know, that was a big mistake,” he said.

Fox and other Trump mouthpieces have suggested that Nancy Pelosi rejected the Guard. That’s false. According to then Capitol Police Chief Steve Sund, House Sergeant at Arms Paul Irving did.

On Monday, January 4, I approached the two Sergeants at Arms to request the assistance of the National Guard, as I had no authority to do so without an Emergency Declaration by the Capitol Police Board (CPB). My regular interactions with the CPB, outside of our monthly meetings regarding law enforcement matters, were conducted with the House and Senate Sergeant at Arms, the two members of the CPB who have law enforcement experience. I first spoke with the House Sergeant at Arms to request the National Guard. Mr. Irving stated that he was concerned about the “optics” of having National Guard present and didn’t feel that the intelligence supported it. He referred me to the Senate Sergeant at Arms (who is currently the Chair of the CPB) to get his thoughts on the request. I then spoke to Mr. Stenger and again requested the National Guard. Instead of approving the use of the National Guard, however, Mr. Stenger suggested I ask them how quickly we could get support if needed and to “lean forward” in case we had to request assistance on January 6.

Notably, Sund’s request and Irving’s response occurred before the conversation between Miller and Trump purportedly took place the night before the attack (which was far too late to deploy 10,000 people in any case). Moreover, Pelosi, Zoe Lofgren, and Mark Warner, among others, raised concerns about staffing for the day, so it’s not like Democrats weren’t raising the alarm.

Still, over a month after making no such claim as part of his Impeachment defense, Trump and his flunkies want to claim that Trump was proactive about deploying 10,000 people to defend the Capitol against his most ardent supporters.

That’s interesting background to the testimony offered by Robert Salesses, the “Senior Official Performing the Duties of the Assistant Secretary for Homeland Defense and Global Security,” in a joint Rules/Homeland Committee hearing on January 6 yesterday. As several people noted during the hearing, for some reason DOD sent Salesses, who wasn’t involved in the key events on January 6, rather than people like General Walter Piatt or General [Mike’s brother] Charles Flynn — who were on a call with MPD Chief Robert Contee and Sund on January 6 and who have made disputed claims about what occurred, including that Piatt recommended against sending the Guard because of optics. Effectively, Salesses was repeating what others told him, offering no better (indeed, more dated) information than Vanity Fair was able to offer. Salesses apparently called General Piatt the day before and dutifully repeated Piatt’s claim that he did not use the word, “optics,” which DC National Guard Commander General William Walker had just testified did occur.

General Piatt told me yesterday, Senator, that he did not use the word, “optics.”

Salesses then gave more excuses, explaining,

Senator, in fairness to the committee, General Piatt is not a decision-maker. The only decision-makers on the Sixth of January were the Secretary of Defense and the Secretary of the Army Ryan McCarthy. It was a chain of command from the Secretary of Defense to Secretary McCarthy to General Walker. That was the chain of command.

General Walker, the Commander of the DC National Guard, responded by reiterating the response he had gotten from Piatt (and the brother of the guy who had incited many of the insurrectionists) implicitly correcting Salesses about chain of command. The Commander in Chief, of course, is in that chain of command.

Yes, Senator. So the chain of command is the President, the Secretary of Defense, the Secretary of the Army, [points to self] William Walker Commanding General District of Columbia National Guard.

After General Walker described more of the restrictions placed on him ahead of time, including the preapproval before moving a traffic control point from one block to another (which restriction, Walker said, he had never experienced in 19 years) and the issuance of riot gear, Salesses made more excuses (repeating his silence about the role of the President’s role in the chain of command). Remarkably, he described how Ryan McCarthy dithered from 3:04 until 4:10 because shots had been fired at the Capitol.

Salesses: Sir, Secretary Miller wanted to make the decisions on how the National Guard was going to be employed on that day. As you recall, Senator, the spring events, there was a number of things that happened during those events, that Secretary Miller as the Acting Secretary –

Rob Portman: Clearly he wanted to. The question is why? And how unusual. Don’t you think that’s unusual based on your experience at DOD?

Salesses: Senator, there was a lot of things that happened in the spring that the Department was criticized for — Sir, if I could. Civil Disturbance Operations? That authority rests with the Secretary of Defense. So if somebody’s gonna make a decision about employing military members against US citizens in a Civil Disturbance Operation —

Salesses: At 3:04, Secretary Miller made the decision to mobilize the entire National Guard. That meant that he was calling in all the National Guard members that were assigned to the DC National Guard. At 3:40–at 3:04 that decision was made. Between that period of time — between 3:04 and 4:10, basically, Secretary McCarthy had asked for — he wanted to understand, because of the dynamics on the Capitol lawn, with the explosives, obviously shots had been fired, he wanted to understand the employment of how the National Guard was going to be sent to the Capitol: what their missions were going to be, were they going to be clearing buildings, be doing perimeter security, how would they be equipped, he wanted to understand how they were going to be armed because, obviously, shots had been fired. He was asking a lot of questions to understand exactly how they were going to be employed here at the Capitol, and how many National Guard members needed to be deployed to the Capitol.

When asked whether restrictions placed on Walker hampered his defense, yes or no, Salesses again invoked the chain of command, again leaving out the Command-in-Chief.

Senator, General Walker, in fairness to him, can’t respond to a civil defense — a Civil Disturbance Operation without the authority of the Secretary of Defense.

Finally, Salesses explained a further 36-minute delay, from 4:32 until 5:08, when Walker was given approval to move, this way:

Salesses: In fairness to General Walker too, that’s when the Secretary of Defense made the decision, at 4:32. As General Walker has pointed out, cause I’ve seen all the timelines, he was not told that til 5:08.

Roy Blunt: How is that possible, Mr. Salazar [sic], do you think that the decision, in the moment we were in, was made at 4:32 and the person that had to be told wasn’t told for more than a half an hour after the decision.

Salesses: Senator, I think that’s an issue.

It’s not just that the people who were actually involved didn’t show up to explain all this to Congress. It’s not just that there were big gaps in the timeline, or gaps explained by dithering even after DOD learned about explosives and shots fired.

It’s that the guy sent to provide improbable answers seems to have removed the Commander-in-Chief, who was watching all this unfold on TV and now wants credit for proactively telling DOD they would need at least 10,000 people, from the chain of command he used to justify the delay.

That’s all the more striking given that — as Dana Milbank noted — the delay until Miller’s authorization (to say nothing of the 36-minute delay in informing Walker) also meant that DOD did not respond until after Trump had instructed his insurrection to go home.

Curiously, the Pentagon claims Miller’s authorization came at 4:32 — 15 minutes after Trump told his “very special” insurrectionists to “go home in peace.” Was Miller waiting for Trump’s blessing before defending the Capitol?

DOD’s selected witness yesterday said that General Walker couldn’t send the Guard to help protect the Capitol because of the chain of command. But the Commander-in-Chief seems to be AWOL from that chain of command.

Update: On Twitter AP observed that there is a discrepancy between Miller’s 10,000 person claim and Trump’s: Trump says it happened days before January 6, which would place it before Miller’s letter imposing new restrictions on the Guard.


Journalists May Be Most at Risk (as Described) from a Presumed January 6 GeoFence Warrant

On February 22, the Intercept had a thinly sourced story reporting (heavily relying on one “recently retired senior FBI official” whose motive and access weren’t explained and one other even less-defined source) on methods used in the January 6 investigation. It started by describing something unsurprising (some of which had been previously reported): that the FBI was using emergency legal authorities to conduct an investigation in the wake of an insurrection.

Using special emergency powers and other measures, the FBI has collected reams of private cellphone data and communications that go beyond the videos that rioters shared widely on social media, according to two sources with knowledge of the collection effort.

In the hours and days after the Capitol riot, the FBI relied in some cases on emergency orders that do not require court authorization in order to quickly secure actual communications from people who were identified at the crime scene. Investigators have also relied on data “dumps” from cellphone towers in the area to provide a map of who was there, allowing them to trace call records — but not content — from the phones.

From there, the story made conclusions that were not borne out by the evidence presented (which is not to say that such conclusions won’t one day be supported).

In particular, the story suggested that these investigative methods were used to investigate Congress, and likewise suggested that the involvement of Public Integrity prosecutors must mean members of Congress are already the focus of the investigation and further suggesting that the location data collection tied to the investigation of members of Congress.

The cellphone data includes many records from the members of Congress and staff members who were at the Capitol that day to certify President Joe Biden’s election victory.

[snip]

The Justice Department has publicly said that its task force includes senior public corruption officials. That involvement “indicates a focus on public officials, i.e. Capitol Police and members of Congress,” the retired FBI official said.

To make the insinuation, the story misstates the intent of a Sheldon Whitehouse statement aiming to use Congressional authorities to remove coup sympathizers from committees of jurisdiction (and ignores Whitehouse’s earlier statement that calls for the kind of data collection described in the story).

On January 11, Sen. Sheldon Whitehouse, D-R.I., released a statement warning against the Justice Department getting involved in the investigation of the attack, at least regarding members of Congress, asserting that the Senate should oversee the matter.

Thus far, the story seems tailor-made to get Congress — the Republican members of which are already trying to sabotage the investigation — to start tampering with it.

Far down in the story, it also describes the orders used with more specificity — but not yet enough specificity to substantiate the claims made earlier in it.

Federal authorities have used the emergency orders in combination with signed court orders under the so-called pen/trap exception to the Stored Communications Act to try to determine who was present at the time that the Capitol was breached, the source said. In some cases, the Justice Department has used these and other “hybrid” court orders to collect actual content from cellphones, like text messages and other communications, in building cases against the rioters.

At the time I suggested the story’s conclusions went well beyond the evidence included in it. I had several concerns about the story.

First, it didn’t address the granularity of location data collected, explaining whether the data collection focused just on the Capitol building or (as the story claimed) “in the area” generally. The Capitol is, according to multiple experts, incredibly wired up, meaning that one can obtain a great deal of data specific to the Capitol building itself. That matters here, because as soon as Trump insurrectionists entered the Capitol building, they committed the trespass crimes charged against virtually all the defendants. And the people legally in the Capitol that day were largely victims and/or law enforcement. It’s not an exaggeration to say that anyone collected off location collection narrowly targeted to the Capitol building itself is either a criminal, a witness, or a victim (and often some mix of the three).

If location collection was focused on the Capitol building itself (we don’t know whether it was or not, and the reports of collection aiming to the find the person who left pipe-bombs in the neighborhood on January 5 do pose real cause for concern), it mitigates some of the concerns normally raised by the use of IMSI-catchers at public events and protests, which is that such location collection would include a large number of people who were just engaging in protected speech, as many of the people outside the Capitol were. Similarly, unlike with most geofence warrants or tower dumps, which are used to find possible leads for a crime, here, FBI had an overwhelming list of suspects from its mass of tips and video evidence already: it wasn’t relying on location data to find suspects. Plus, with normal geofence warrants and tower dumps, the vast majority of the data obtained comes from uninvolved people, posing a risk that those unrelated people could become false positives who, as a result, would get investigated closely. Here, again, anyone collected from location data inside the Capitol was by definition associated with the crime, either as witness, victim, or perpetrator.

Finally, the story not only didn’t rely on, but showed little familiarity with the hundreds of arrest affidavits released so far, which provide some explanation (albeit undoubtedly parallel constructed) for how the FBI built cases against those hundreds of people.

Well before The Intercept article was written, there were a few interesting techniques revealed in the affidavits. Perhaps the most interesting (and not specifically covered in The Intercept article, unless as a hybrid order) described identifying Christopher Spencer from the livestreams on Facebook he posted from inside the Capitol.

The government received information as part of a search warrant return that Facebook UID 100047172724820 was livestreaming video in the Capitol during these events. The government also received subscriber information for Facebook UID 100047172724820 in response to legal process served on Facebook. Facebook UID 100047172724820 is registered to Chris Spencer (“SPENCER”). SPENCER provided subscriber information, including a date of birth; current city/state, and a phone number to Facebook to create the account.

[snip]

The government received three livestream videos from SPENCER’s Facebook UID 100047172724820 as part of a search warrant return. At different times during the videos, Spencer either used the rear facing camera to show himself talking, or turned the phone toward his face. Your affiant would note that the camera is capturing a reversed image of SPENCER in two of these sections of video as evidenced by the text on SPENCER’s hat. As such, reversed images are also provided below the original screenshot [my emphasis]

The first mention of the Facebook return appears before a paragraph describing an associate of Spencer’s who had seen the videos and recognized his wife, and the later paragraph describes the associate sharing a phone number for Spencer that the FBI seemed to have already received from Facebook. As written (and this structure is matched in the affidavit for Spencer’s wife, Jenny) the narrative may indicate that the FBI obtained the Facebook return before the tip and identified Spencer from the Facebook return even before receiving the tip. This is one of the strongest pieces of evidence that the FBI used data obtained from location-based collection in the Capitol from any social media source to identify an unknown subject. But, as described, it also has some protections built in. The data was obtained with a warrant, not PRTT or d-order. That means the FBI would have had to show probable cause to obtain the content (but, for the reasons I explained above, most people in the Capitol live-streaming were committing a crime). There’s also no indication here that this video was privately posted (though with a warrant the FBI would be able to obtain such videos).

All this is a read of what this paragraph might suggest about data collection. It doesn’t describe whether the data was obtained via a particularized warrant (targeting just Spencer), or whether the FBI asked Facebook to provide all live-streaming posted from within the Capitol during the insurrection (there are other early affidavits that targeted the content of Facebook via individualized warrants). In Spencer’s case, I suspect it’s the latter (there’s nothing that remarkable about Spencer’s video, except he was outside Speaker Pelosi’s office). Even so, for most people, posting from inside the Capitol during the insurrection would amount to probable cause the person was trespassing.

Even before The Intercept piece was posted I had also pointed to the affidavit for the Kansas cell of the Proud Boys. It uses location data to place one after another of the suspects “in or around” the Capitol during the insurrection: cell site data showed that the phones of Christopher Kuehne, Louis Colon, Felicia Konold were “in or around” the Capitol during the insurrection. That of Cory Konold, Felicia’s brother, was not shown to be, but,

Lawfully-obtained cell site records indicated that the FELICIA KONOLD cell called a number associated with CORY KONOLD while in or around the Capitol on January 6, 2021.

The most interesting detail in that affidavit pertained to William Chrestman. His phone wasn’t IDed off a cell site. Rather, it was IDed by connecting to Google services “in or around” the Capitol.

According to records produced by CHRESTMAN’s wireless cell phone provider in response to legal process, CHRESTMAN is listed as the owner of a cell phone number (“CHRESTMAN cell”). Lawfully-obtained Google records show that a Google account associated with the CHRESTMAN cell number was connected to Google services and was present in or around the U.S. Capitol on January 6, 2021.

A more recent document — the complaint against the southern Oath Keepers obtained on February 11 but unsealed long after that — describes the phones of those suspects in an area “includ[ing]” (but not necessarily limited to) the interior of the Capitol.

having utilized a cell site consistent with providing service to the geographic area that includes the interior of the United States Capitol building.

Unlike Spencer, the use of location data in the Proud Boys and Oath Keeper complaints seems to be used to establish probable cause. In both the militia group cases, the individuals appear to have been identified via different means (unsurprisingly, given their flamboyantly coordinated actions), with the location data being used in the affidavit to flesh out probable cause. (Undoubtedly, the FBI exploited this information far more thoroughly in an effort to map out other co-conspirators, but it is equally without doubt that the FBI had adequate probable cause to do so.)

The other day, DOJ unsealed an affidavit — that of Jeremy Groseclose — that provides more detail about the location collection at the Capitol. The FBI describes identifying Groseclose off of two tips, both on January 7, from people who had seen him post about being in the Capitol on Facebook (and in one case, remove his Facebook posts after he posted them).

Groseclose wore a gas mask for much of the time he was inside the Capitol (though wore the same clothes as he had outside), which undoubtedly made it more difficult to prove he was the person illegally inside the Capitol preventing cops from ousting the rioters.

The FBI affidavit describes times when Groseclose appears on security footage from inside the Capitol without the gas mask, but doesn’t include it. To substantiate his presence in the Capitol, the FBI included three paragraphs describing what must be a Google geofence warrant showing the device identifiers for everyone within a certain geographic area.

According to records obtained through a search warrant served on Google, a mobile device associated with [my redaction]@gmail.com was present at the U.S. Capitol on January 6, 2021. Google estimates device location using sources including GPS data and information about nearby Wi-Fi access points and Bluetooth beacons. This location data varies in its accuracy, depending on the source(s) of the data. As a result, Google assigns a “maps display radius” for each location data point. Thus, where Google estimates that its location data is accurate to within 10 meters, Google assigns a “maps display radius” of 10 meters to the location data point. Finally, Google reports that its “maps display radius” reflects the actual location of the covered device approximately 68% of the time. In this case, Google location data shows that a device associated with [my redaction]@gmail.com was within the U.S. Capitol at coordinates associated with the center of the Capitol Building, which I know includes the Rotunda, at 2:56 p.m. Google records show that the “maps display radius” for this location data was 34 meters.

Law enforcement officers, to the best of their ability, have compiled a list (the “Exclusion List”) of any Identification Numbers, related devices, and information related to individuals who were authorized to be inside the U.S. Capitol during the events of January 6, 2021, described above. Such authorized individuals include: Congressional Members and Staffers, responding law enforcement agents and officers, Secret Service Protectees, otherwise authorized governmental employees, and responding medical staff. The mobile device associated with [my redaction]@gmail.com is not on the Exclusion List. Accordingly, I believe that the individual possessing this device was not authorized to be within the U.S. Capitol Building on January 6, 2021. Furthermore, surveillance footage from the Rotunda, time-stamped within a minute of 2:56 p.m., shows GROSECLOSE, in his distinctive clothing, using his cell phone in an apparent attempt to take a picture.

Records provided by Google revealed that the mobile device associated with [my redaction]@gmail.com belonged to a Google account registered in the name of “Jeremy Groseclose.” The Google account also lists a recovery SMS phone number that matches [my redaction]. The recovery email address for this account appears to be in the name of GROSECLOSE’s significant other, with whom he has two children in common. Additionally, I have reviewed subscriber records from U.S. Cellular, related to the phone number [my redaction]. This number, along with another, are connected to an account in the name of GROSECLOSE’s significant other. The billing address for this account is [my redaction]. One of GROSECLOSE’s neighbors identified [my redaction] as GROSECLOSE’s address.

This seems to confirm that FBI obtained a geofence warrant from Google, but — at least as described — it was focused on those at the Capitol, perhaps focused on the Rotunda and anything 100 feet from it. This is the kind of granularity that will exclude most uninvolved people. They may have used it (or included it in the affidavit) because by wearing a gas mask, Groseclose made it difficult to show his face in the existing film of the attack.

The affidavit suggests that the Google geofence relied not just on GPS data of users’ phones, but also Wi-Fi access points (there’s another affidavit where the suspect’s phone triggered the Capitol Wi-Fi) and Bluetooth beacons. Again, given how wired the Capitol is, this would offer a granularity to the data that wouldn’t exist in most geofence warrants.

Finally, and most interestingly, this affidavit (obtained on the same day as the The Intercept story and so presumably after the Intercept called for comment) describes that the FBI has an “Exclusion List” of everyone who had a known legal right to be in the Capitol that day. That suggests that, after such time as the FBI completed this list, they could identify which of those present in the Capitol were probably there illegally.

There are concerns about FBI putting together a list like this. After all, Members of Congress might have good Separation of Power reasons to want to keep their personal phone numbers private. That said, there’s reason to believe that the FBI has used this method of separating out congressional identifiers and creating a white list in the past (including with the Section 215 phone dragnet), with congressional approval.

The concern arises in FBI’s definition of how it describes those legally present:

  • Members of Congress
  • Congressional staffers
  • Law enforcement responding to the insurrection (as distinct from law enforcement joining in it)
  • Secret Service Protectees (AKA, Mike Pence and his family)
  • Other government employees (like custodial staff)
  • Medical staff

Not on this list? Journalists, not even those journalists holding valid congressional credentials covering the vote certification.

Already, there have been several cases where suspects have claimed to be present as media, only to be charged both because of their comments while present and the fact that they don’t have congressional credentials. Three are:

  • Provocateur John Sullivan, who filmed the riot and sold the footage to multiple media outlets and “claimed to be an activist and journalist that filmed protests and riots, but admitted that he did not have any press credentials.”
  • Nick DeCarlo, who told the LA Times he and Nicholas Ochs were there as journalists but who FBI noted, “is not listed as a credentialed reporter with the House Periodical Press Gallery or the U.S. Senate Press Gallery, the organizations that credential Congressional correspondents.”
  • Brian McCreary, who on his own sent the video he took on his phone while inside the Capitol, but who later admitted to the FBI that entering the Capitol “might not have been legal” and also described admitting to cops present that he was not a member of the media.

If the FBI is going to use official credentials to distinguish journalists from trespassers, then it could also use those credentialing lists to white list journalists present at the Capitol. But to do that, the journalists in question would have to be willing to share identifying information for all the devices that were turned on at the Capitol, something they might have good reasons not to want to do.

Plus, I suspect there are a number of journalists without Congressional credentials who were covering the events outside the Capitol and, as the rally turned into a riot, entered the Capitol to cover it. Those journalists risked their lives and provided some of the most important early information about the riot and did so in ways that in no way glorified it. But in doing so, their devices may be in an FBI database relating to the attack.

There is clear evidence that the FBI obtained location data from the Capitol as part of its investigation, including Google and almost certainly Facebook. Thus far, the available evidence suggests that the ability to target that collection narrowly limits the typical concerns about tower dumps and geofence warrants (again, any similar data collection outside the Capitol in an effort to find the person who left the pipe bombs is another issue). Moreover, almost all those legal present in the Capitol appear to be whitelisted.

But not all. And the exception, journalists, include those who have the most at stake not having their devices identified and investigated by the FBI.

All that said, perhaps a similarly controversial question pertains to preservation orders. The Intercept describes a letter from Mark Warner calling on carriers to preserve data (and rightly questioning his legal authority to make such a request), then suggests the carriers have done so on their own.

Some of the telecommunications providers questioned whether Warner has the authority to make such a request, but a number of them appear to have been preserving data from the event anyway because of the large scale of violence, the source said.

The story doesn’t consider the — by far — most likely explanation, which is that FBI served very broad preservation orders on social media companies (though some key ones, such as Facebook, would keep data for a period even after insurrectionists attempted to delete it in the days after the attack as normal practice). In any case, broad preservation orders on social media companies would be solidly within existing precedent. But I suspect it may be one of the more interesting legal questions that will come out of this investigation.

Update March 7: Added McCreary.


Oath Keepers Learn the Hard Way: Don’t Plan an Insurrection on Facebook

“For every Oath Keeper you see, there are at least two you don’t see.” – email from Oath Keeper head Stewart Rhodes forwarded from Oath Keeper Graydon Young to his sister, Laura Steele, on January 4, 2021

I want to look at filings from the Oath Keepers investigation to show how FBI is juggling to move quickly enough to prevent obvious subjects from obstructing the investigation without tipping off others to the substance of the investigation. The filings confirm that the FBI will get sealed arrest warrants against subjects who are obviously obstructing the investigation, but may not use them right away, so as to obtain more evidence against them and their immediate co-conspirators. The filings also show how hard it is to delete evidence in an age of social media while conspiring with dozens of other co-conspirators.

The investigation from Watkins to Caldwell to the Parkers, Youngs, and Biggs

There’s a story about the Oath Keepers investigation that arises from the nature of the first publicly charged defendants. According to that story, the founder of an Ohio militia affiliated with the Oath Keepers, Jessica Watkins, boasted on Parler about “forcing entry into the Capitol” on the day of the attack. Videos of the Oath Keeper Stack showed up in videos posted within a day of the attack. Then, on January 13, the Ohio Capital Journal posted an interview with Watkins where she described it “the most beautiful thing” until she started hearing glass smashing — which she blamed on an Antifa false flag attack (a subsequent filing suggests Watkins wanted the Oath Keepers to get good press from the attack, threatening to sue some male journalist if he portrayed the Oath Keepers negatively).

That’s the evidence the FBI showed to obtain an arrest warrant on Watkins on January 16.

Meanwhile, as the investigation was closing in on Watkins, her recruit Donovan Crowl did an interview with the New Yorker for a story loaded with more images of coordinated movement from the Oath Keepers. Crowl offered similarly contradictory excuses for his action as Watkins.

On January 17, the FBI tried to conduct an interview with Watkins, only to be told by her partner, Montana Siniff, that she left Ohio on January 14 to stay with her friend and fellow Oath Keeper, “Commander Tom.”

At some point, the FBI obtained information from Facebook — they don’t explain when or on whom it was served, which I’ll return to. The return showed that Caldwell coordinated hotel reservations at the Comfort Inn/Ballston, not just with Watkins, but also others from North Carolina, as well as speaking with Crowl. This content may not have been obtained via Caldwell yet, because Caldwell’s private messages don’t show up in filings until January 19 (alternately they may have delayed that reveal until Caldwell was arrested).

But the FBI used that public Facebook information to obtain a warrant for Crowl on January 17. Watkins and Crowl turned themselves into Urbana, OH police that day, where the FBI took them into custody.

On January 13, the Guardian did a story on Watkins’ use of Zello.

“We are in the main dome right now,” said a female militia member, speaking on Zello, her voice competing with the cacophony of a clash with Capitol police. “We are rocking it. They’re throwing grenades, they’re frickin’ shooting people with paintballs, but we’re in here.”

“God bless and godspeed. Keep going,” said a male voice from a quiet environment.

“Jess, do your shit,” said another. “This is what we fucking lived up for. Everything we fucking trained for.”

The frenzied exchange took place at 2.44pm in a public Zello channel called “STOP THE STEAL J6”, where Trump supporters at home and in Washington DC discussed the riot as it unfolded. Dynamic group conversations like this exemplify why Zello, a smartphone and PC app, has become popular among militias, which have long fetishized military-like communication on analog radio.

On January 19, the government obtained an amended conspiracy complaint against Watkins, Crowl, and Caldwell. It included the following new information:

  • Quotations from the Zello messaging
  • Facebook messaging from Caldwell pictured standing outside the riot calling everyone in Congress a traitor
  • Facebook messages showing planning between Watkins, Crowl, and Caldwell between December 24 and January 8
  • Instructions for making plastic explosives found at Watkins’ house

Of particular interest, the complaint included the first hint that the Oath Keepers had intelligence — shared using Facebook — about the movements of Members of Congress.

On January 6, 2021, while at the Capitol, CALDWELL received the following Facebook message: “All members are in the tunnels under capital seal them in . Turn on gas”. When CALDWELL posted a Facebook message that read, “Inside,” he received the following messages, among others: “Tom take that bitch over”; “Tom all legislators are down in the Tunnels 3floors down”; “Do like we had to do when I was in the core start tearing oit florrs go from top to bottom”; and “Go through back house chamber doors facing N left down hallway down steps.”

Having arrested the two Oath Keepers blabbing to the press and the guy they hid out with, there’s not much more overt sign of the investigation until February 11, when the government submitted filings supporting pre-trial detention for both Watkins and Caldwell.

Arrest affidavits submitted on February 11 and February 12 (but sealed until after February 16) also refer to Watkins’ cell phone returns, including address book information describing Bennie Parker as a recruit, texts between Watkins and Parker coordinating plans for the insurrection and reassuring him the FBI would not prosecute them after the insurrection, and a picture of his wife Sandi Parker. Watkins’ cell phone returns also show a contact for Kelly Meggs in Florida, which she associated in her address book with the Oath Keepers.

Those initially sealed arrest affidavits also rely on surveillance footage and financial records from the Comfort Inn where all the Ohioans  stayed. It shows the Ohioans together in the lobby. It reveals that Kelly Meggs paid for a room that night registered under another suspected Oath Keeper’s name (according to credit card records showing a $302 charge, Meggs apparently stayed at the Hilton Garden Inn the night of January 7). [Update: The indictment clarifies that Meggs paid for two rooms at the Comfort Inn and booked two at the Hilton, of which he paid for one. h/t bb]

The initial affidavit against Kelly and Connie Meggs and Graydon Young and Laura Steele also includes a picture taken — by some unidentified person — from the van from North Carolina.

The same affidavit includes testimony from a witness who interacted with the Oath Keepers on January 6 and was on a text message chain including Young and Steele, who was introduced to them as Gray and Laura and learned they had taken the Metro into DC. It relies on surveillance video from the Metro. It includes returns from Steele and Young’s Google accounts, including Steele’s application to join the Oath Keepers.

It includes location data showing Graydon Young’s phone traveling from Englewood, FL to Thomasville, NC to Springfield, VA, to DC, then back to Thomasville and ultimately, on January 8, back to Englewood. It includes his round trip flight records from Tampa to Greensboro, consistent with the movement of his phone. The affidavit also uses location data to place Steele and the Meggses in a “geographic area that includes the interior of the United States Capitol building.”

It includes subscriber records for Steele, Young, and Kelly Megg’s MeWe accounts, as well as subscriber records for Facebook accounts for everyone. Of particular note, the affidavit used to arrest Young and the others shows advanced legal process for Young, but mostly subscriber information for the others. They also use Young’s Google data to establish probable cause against the Meggs but do not, yet, use it against Young.

It’s likely in the five days between the affidavit and the arrest, more warrants were served for materials on the others.

There wasn’t much added in a February 25 memo supporting Watkins’ pretrial detention — except that aforementioned Watkins text with Stewart Rhodes complaining about media reports making the Oath Keepers look bad (which, because of the timing of the coverage, likely happened almost a week after the insurrection, or later).

If he has anything negative to say about us OATHKEEPERS, I’ll let you know so we can sue harder. Class action style. Oathkeepers are the shit. They rescued cops, WE saved lives and did all the right things. At the end of the day, this guy better not try us. A lawsuit could even put cash in OK coffers. He doesn’t know who he is playing with. I won’t tolerate a defamation of character, mine or the Patriots we served with in DC. Hooah?!

But in a hearing held February 26, prosecutors told Judge Amit Mehta something in an ex parte hearing to support their argument that there really was a Quick Reaction Force outside of DC on the day of the insurrection ready to bring weapons into the Oath Keepers already in DC, which is one of the reasons he denied Watkins’ motion for release.

The earlier investigation into Graydon Young

It took a while for DOJ to unseal all the filings from the other co-conspirators, particularly the long affidavit for the four southerners. But a docket unsealed last week tells another side of that story. On January 15, a tipster identified Graydon Young, one of the Floridians added to the Caldwell and Watkins conspiracy. Based off that tip, the FBI prepared and got authorization for an arrest warrant by January 18. But they didn’t use it, perhaps because FBI was chasing down two false positives based off pictures of Young, as described in the later affidavit (the first of which may have been based off facial recognition).

First, on or around January 14, 2021, after receiving an internet tip and viewing similar photographs and video of Young from the civil unrest on January 6, 2021, an FBI agent drafted an arrest warrant for an individual (Subject-1) other than Young, based on a review of Subject-1’s driver’s license photo and the fact that Subject-1 was affiliated with the Oath Keepers. An FBI agent in Kansas City, Missouri, who was familiar with Subject-1, then determined that Subject-1 was not the individual depicted in the photos at the U.S. Capitol on January 6, 2021. The government did not pursue charges against Subject-1. Second, on or around January 15, 2021, a concerned citizen provided the FBI with a tip that the photograph of Young in the Rotunda was a photograph of Subject-2, who was a co-worker of the concerned citizen in Illinois. On January 18, 2021, SA Wren spoke with the concerned citizen, who stated that Subject-2 had quit the job and moved to Colorado, and “seemed like the type” who would have gone to the Capitol. SA Wren reviewed Subject-2’s driver’s license photo and determined that Subject-2 is not the person depicted in the photographs of Young at the U.S. Capitol.

In other words, FBI was prepared to arrest Young by January 18, within a day of the initial Watkins arrest. But they did not. They kept that arrest warrant sealed while they obtained his location records, travel records (including evidence he drove home from North Carolina rather than flying, and had his sister’s car towed back to North Carolina afterwards), and subscriber information for other social media.

At some point (as noted), FBI obtained Young’s Google account. But on February 11, they used that “solely as evidence against Kelly Meggs. At this time, the government is not seeking to use this email against Young,” suggesting they still needed legal process to use it against him.

Don’t launch an insurrection with a still-active Facebook account

Given that the FBI was ready to arrest Graydon Young on January 18, it’s worth looking more closely at the Facebook evidence in this conspiracy.

The FBI learned on January 15 that Young was probably at the insurrection, had been tagged in planning for the event on January 4, and had attempted to delete his Facebook account on January 7 (it went into effect the next day). Young didn’t delete his related Instagram account until January 13.

At some point, the FBI also learned that Caldwell attempted to unsend messages on January 8, the same day Young shut down his Facebook account.

Nevertheless, Facebook still had Young’s data, including a post from January 6 boasting, “We stormed and got inside.”

The government also obtained highly damning Facebook content from much earlier, including a message he posted to a group, the “War of Northern Aggression,” on November 7. In it, he clearly acknowledges Joe Biden’s victory.

Will this group consider migration to MeWe and Parler? I think censorship is going to get worse with Biden win.

On November 9, he asked again to move from Facebook to MeWe and Parler.

On November 30, he pushed MeWe and Parler again.

I already have MeWe and Parler … waiting for this drama to end before I delete my FB account.

Hey Graydon?!?! The drama for you is just beginning.

Meanwhile, Caldwell didn’t succeed in deleting all his evidence either. As early as January 17, in Crowl’s affidavit, they had a message (it’s unclear whether it’s public or private)

Here is the direct number for Comfort Inn Ballston/Arlington 1-571-397-3955 I strongly recommend you guys get one or two rooms for a night or two. Arrive 5th, depart 7th will work. She says there are five of you including a husband and wife new recruits. This time of year especially you will need to be indoors to set up, etc. Really, press this home, just get somebody to put it on a credit card. Even if you tell the hotel its double occupancy, you can STILL get a couple of people on the floor with bedrolls and the hotel won’t know shit. Paul said he might be able to take one or two in his room as well. I spoke to the hotel last night (actually 2 a.m. this morning) and they still had rooms. This is a good location and would allow us to hunt at night if we wanted to. I don’t know if Stewie has even gotten out his call to arms but it’s a little friggin late. This is one we are doing on our own. We will link up with the north carolina [sic] crew.

The later affidavits include Caldwell Facebook messages sent in November predicting violence.

I am very worried about the future of our country. Once lawyers get involved all of us normal people get screwed. I believe we will have to get violent to stop this, especially the antifa maggots who are sure to come out en masse even if we get the Prez for 4 more years.

On January 6, Caldwell continued to use Facebook, receiving a message informing him,

All members are in the tunnels under capital seal them in. Turn on gas.

And,

Tom all legislators are down in the Tunnels 3floors down

Between Young and Caldwell, Facebook evidence shows that this operation clearly targeted legislators even after they knew Joe Biden had been elected. It turns out that neither of them successfully deleted this Facebook content before the drama really got started.

The delayed reveal

As noted, it took some time for the affidavit for the southern Oath Keepers to be unsealed. In the interim period, the FBI would have been able to investigate the Oath Keeper whose name was on the hotel room Young paid for, and all the other people on the bus on which Young and his sister were pictured. The FBI surely has reviewed any role the War of Norther Aggression Facebook group had in the insurrection. The accounts for which the FBI just had subscriber information on February 11 are probably now being fully exploited (including the WeMe accounts on which they may have been more open about their plotting).

There are still members of The Stack at large, the others on the bus, the group from Mississippi those who provided “security” for Trump’s closest associates. We don’t know where the next Oath Keepers to be arrested are. We do know where the FBI was, 17 days ago.

Timeline of Oath Keeper conspiracy

January 4: Young travels from Englewood, FL to Thomasville, NC. Young tagged in planning messaging for the attack.

January 5: Young travels from Thomasville to Springfield, VA, then heads to DC for the evening.

January 6: Young travels into DC, then back to Thomasville that night. Watkins posts to Parler and Caldwell posts to Facebook. Young posts, “we stormed and got inside” on Facebook.

January 7: Young deleted Facebook content going back to March 2019 (per Facebook record it goes into effect on January 8).

January 8: Caldwell unsends Facebook messages continuing evidence. Young returns to Englewood. Young writes an email saying that his “team leader” during the insurrection was “OK Gator 1” with Kelly Meggs’ phone number.

January 9: Watkins texts Bennie Parker telling him not to worry about the FBI investigating them.

January 11: Young has a vehicle registered to Steele’s address towed from a location near his home to Steele’s home in NC. Young deletes his Instagram account.

January 13: Watkins interview in Ohio Capital Journal. Guardian story on Watkins’ use of Zello. Young closes Instagram account.

January 14: Donovan Crowl story in New Yorker. Watkins and Crowl travel to Caldwell’s property in VA; he gives them OpSec tips for the drive. Bennie Parker texts Watkins asking if she put Sandi “out there” in the Capitol. FBI chases a false positive for Young on an Oath Keeper who lives in Kansas City, MO.

January 15: A tipster who has known Young for 35 years identified Young in an image published by NBC, informs the FBI that on January 4, other people had tagged Young in a discussion about traveling to DC. The tipster further revealed that on January 7, Young deleted his Facebook content going back to March 2019, then deleted the whole thing. FBI chases a false positive for Young to someone in CO.

January 16: Arrest warrant for Watkins.

January 17: Search of Watkins’ house discovers gear and other military items. Interview of her partner reveals she has left to stay with a friend, Commander Tom, and provides a phone registered to him at his VA property as the way to reach Watkins. Arrest warrant for Crowl. Search of a location where Crowl stays finds his tactical vest. Arrest warrant for Caldwell. Both Watkins and Crowl turn themselves in to the Urbana Police, where the FBI takes them into custody.

January 18: First arrest warrant for Graydon Young.

January 19: Caldwell, Crowl arrested by FBI, and Watkins arrested. Amended criminal complaint makes conspiracy charges against Watkins, Crowl, and Caldwell more formal. Search of Caldwell’s property finds Death List targeting election official from a different, a Gadsden flag signed by Crowl and Watkins, and a sales invoice for a weapon designed to look like a phone.

Janaury 21: Stewart Rhodes declares Biden’s “not a constitutional government.” Kelly Meggs closes his Facebook account.

January 27: Indictment for Watkins, Crowl, and Caldwell.

January 29: NYT does video analysis showing the movements of the Oath Keepers from the Ellipse to the Capitol.

February 11: Counterterrorism prosecutors Justin Sher and Alexandra Hughes join team. Motions for pre-trial detention for both Watkins and Caldwell. Sealed complaint filed against Kelly and Connie Meggs, Graydon Young, and Laura Steele.

February 12: Government moves for protective order against the original conspirators; Caldwell objects. Sealed complaint filed against Bennie and Sandi Parker.

February 16: Graydon Young arrested.

February 17: The Meggs and Laura Steele arrested.

February 18: The Parkers arrested.

February 23: Thomas Caldwell appeals detention.

February 26: Amit Mehta grants government motion to detain Jessica Watkins.

Update: I clarified that the email quoted at the top is from Stewart Rhodes, not Graydon Young.


Dominic Pezzola Guesses Wrong, Gets Labeled a Terrorist for His Troubles

As I’ve been following, the detention challenges for January 6 defendants have raised real questions about how the government and the courts will treat the event. The government and Jessica Watkins have provided additional briefing on whether her actions merit a rebuttable presumption of detention; they will revisit these issues today in a hearing before Judge Amit Mehta.

As I’ve noted, the Watkins case is close because the people with whom she conspired with did not, themselves, commit the acts of violence the government is using to argue for pre-trial detention.

Not so Dominic Pezzola, the Proud Boy who was the first to break a window to enter the Capitol. Earlier this week, he filed a motion to review bail arguing, in significant part, that the witness on whose testimony the government relied to establish intent of future violent crimes was the guy who recruited him into the Proud Boys, someone Pezzola claims bragged of macing a cop during the insurrection.

Pezzola guessed wrong about the witness, the government says. As far as the government knows, there was no tie between this witness and Pezzola prior to January 5 (which suggests this is someone Pezzola met the night before the attack).

The defendant speculates that W-1 is a “cooperating witness” with deeper ties to the Proud Boys than the defendant. The defense is incorrect. W-1 has not been charged with a crime in connection with the events of January 6, 2021, and the government is unaware of any affiliation between W-1 and the Proud Boys or any indication that W-1 knew the defendant prior to January 5, 2021.

But, having been given a chance to respond to Pezzola’s bid for release, the government has solidified the argument they’re making in other cases, in which they have less direct evidence than they have against Pezzola.

In Magistrate Robin Meriweather’s initial judgement denying Pezzola bail, she judged that no conditions of bail would eliminate the public safety risk posed by Pezzola. But she found that Pezzola had presented sufficient evidence to overcome a rebuttable presumption of detention, and specifically found that his family ties to Rochester, NY, made him less of a flight risk.

When Pezzola requested a review of Meriweather’s decision, he argued that Judge Timothy Kelly should accept Meriweather’s rulings in his favor, but revisit her judgment that he posed a threat to society.

That’s not how it works, noted prosecutor Eric Kennerson.

Although he acknowledges that this Court’s review is de novo, the defendant asks this Court not to reconsider certain findings made by the Magistrate Judge, including her finding that the presumption in favor of detention was rebutted and her decision not to address the government’s arguments regarding the defendant’s risk of flight. ECF No. 19 at 1-2. Because this Court’s review is de novo across the board, the government asks the Court to apply the statutory presumption of detention, which we submit has not been rebutted for the reasons stated below, and find by a preponderance of the evidence that the defendant is a serious risk of flight.

He used his response to a request a reconsideration of those earlier decisions relying, in part, on the indictment that was obtained on the same day he had submitted his earlier motion for detention, in which Kennerson noted that, “The government acknowledges that the defendant is not charged with these offenses at the time this memorandum is submitted,” presumably knowing that Pezzola would be charged with such crimes within hours.

Relying on the indictment, Kennerson argued that Pezzola committed two crimes — felony destruction of government property (for breaking the window of the Capitol) and robbery of US Government property (for stealing a cop’s riot shield, which he used to break the window) — that constitute crimes of violence bringing a presumption of detention, and then labeled the conduct a crime of terrorism.

Felony destruction of property, under the facts as laid out above, is a federal crime of terrorism. Title 18, U.S.C., Section 2332b(g)(5), defines “federal crime of terrorism” as an offense that “is calculated to influence or affect the conduct of government by intimidation or coercion, or to retaliate against government conduct” and is included in an enumerated list of statutes, which includes § 1361. See 18 U.S.C. §§ 2332b(g)(5)(A) & (B). The Grand Jury found probable cause in Count Seven of the Indictment to believe that the defendant intended to obstruct an official proceeding by committing, among other things, acts of civil disorder and breaking a window. The defendant has conceded that his conduct was calculated to influence or affect the conduct of government—specifically the certification of the Electoral College vote—and his actions show that he participated in doing so by intimidation and/or coercion. Moreover, because § 1361 is listed in § 2332b(g)(5)(B), there is a rebuttable presumption that no conditions or combination of conditions can assure community safety or the defendant’s appearance. See 18 U.S.C. § 3142(e)(3)(B).

Felony destruction of government property is also a crime of violence. For purposes of the bail statute, as relevant to these offenses, a crime of violence is defined as “an offense that has an element of the use, attempted use, or threatened use of physical force against the person or property of another,” if that crime is punishable by ten years or more in prison. See 18 U.S.C. § 3142(f)(1)(A) & 16. Section 1361 of Title 18 of the U.S. Code meets those requirements. It is punishable by ten years if the property damage was greater than $1,000, and its elements include the use of physical force against the property of another. See United States v. Khatallah, 316 F. Supp. 2d 207, 213 (D.D.C. 2018) (Cooper, J.) (holding that destruction of government property under a substantially similar statute, 18 U.S.C. § 1363, satisfies a substantially similar elements clause statute to qualify as a crime of violence).

Robbery of U.S. Government Property is also a crime of violence. See United States v. Alomante-Nunez, 963 F.3d 58, 67 (1st Cir. 2020), citing Stokeling v. United States 139 S. Ct. 544 (2019) (holding that common-law robbery meets the elements test of a different, but substantially similar statute, to qualify as a crime of violence). But see United States v. Bell, 158 F. Supp. 3d 906, 919 (N.D. Cal. 2016) (holding that § 2112 does not meet the elements test, although that opinion was issued prior to the Supreme Court’s decision in Stokeling).

Kennerson’s filing repeatedly tied the violence to the admitted ends of delaying the vote certification, relying among other things on a citation to Pezzola’s own filing.

The defendant concedes in his motion that smoked the victory cigar because “he considered the objective achieved, stopping the certification of the election pursuant to the instructions of the then President.” ECF No. 19 at 4.

[snip]

The defense’s admission that the defendant’s objective that day was to stop the certification of the Electoral College vote does not help his position. In essence, he took an active role at the front of a mob that displaced Congress, in an attempt to stop that body from certifying the result of a Presidential election. As Judge Lamberth recently found, “[s]uch conduct threatens the Republic itself.” See United States v. Munchel, et. al., No. 21-cr-118 (RCL), ECF No. 24 at 11. See also United States v. Meggs, No. 5:21-mj-1036-PRL (S.D. Fla.) (Lammens, M.J.), ECF No. 17, at 4 (“The [January 6] attack wasn’t just one on an entire branch of our government (including a member of the executive branch), but it was an attack on the very foundation of our democracy.”)

[snip]

The defendant’s actions show that as recently as a month and a half ago, he was willing to partake in and take advantage of violence to achieve his political ends. The Court can have no assurance that he will refrain from doing so again, despite his alleged disavowal of the Proud Boys since he has been detained.

The cases for detention against the January 6 defendants are all over the map, with more evidence of direct violence in some cases and more evidence of coordination with a terrorist group in others. As the government tries to detain members of the latter — including Watkins and her co-conspirator Thomas Caldwell — they have inched closer to using the terrorism label to describe what happened on the day.

In Pezzola’s case, they’re doing so with a defendant who actions played a singularly important role in the success of the insurrection, someone who directly engaged in violence, and someone who has already admitted that the goal was to intimidate Congress.

All these other cases will be influenced by (and in some cases, will build on) these earlier seminal cases. By asking for reconsideration of bail, Pezzola gave the government an opportunity to present the evidence they had not yet made public earlier in this prosecution.


The New Recruits on the Front Line on January 6

In addition to adding six more people to the Oath Keeper conspiracy indictment originally charged against Jessica Watkins, DOJ added some new overt acts. Among others, it added training.

Training and recruitment were always part of Watkins’ alleged actions:

On November 9,2020, WATKINS, the self-described “C.O. [Commanding Officer] of the Ohio State Regular Militia,” sent text messages to a number of individuals who had expressed interest in joining the Ohio State Regular Militia. In these messages, WATKINS mentioned, among other things, that the militia had a weekJong “Basic Training class coming up in the beginning of January,” and WATKINS told one recruit, “l need you fighting fit by innaugeration.” WATKINS told another individual, “It’s a military style basic, here in Ohio, with a Marine Drill Sergeant running it. An hour north of Columbus Ohio[.]”

On November 9,2020, WATKINS asked a recruit if he could “download an App called Zello” and stated, “We all use Zello though for operations.”

On November 17 , 2020, when a recruit asked WATKINS for her predictions for 2021 , WATKINS replied, among other statements:

I can’t predict. I don’t underestimate the resolve of the Deep State. Biden may still yet be our President. If he is, our way of life as we know it is over. Our Republic would be over. Then it is our duty as Americans to fight, kill and die for our rights.

and:

[I]f Biden get the steal, none of us have a chance in my mind. We already have our neck in the noose. They just haven’t kicked the chair yet.

The original indictment also described Donovan Crowl attending a training session in December.

On December 12-13,2020, CROWL attended a training camp in North Carolina.

The superseding indictment adds to these details. It includes descriptions of how 54-year old Graydon Young and his 52-year old sister Laura Steele joined the Oath Keepers.

31. On December 3, 2020, YOUNG emailed the Florida chapter of the Oath Keepers with a membership application and wrote, “looking to get involved in helping. . ..”

33. On December 19, 2020, YOUNG wrote to a Facebook group: “Please check out Oath Keepers as a means to get more involved. Recruiting is under way. DM me if you want more info.”

38. On December 26, 2020, YOUNG wrote an email to a Florida company that conducts training on firearms and combat. YOUNG wrote, in part, “l trained with you not long ago. Since then I have joined Oath Keepers. I recommended your training to the team. To that effect, four of us would like to train with you, specifically in your UTM rifle class.”

52. On January 3, 2021, STEELE emailed the Florida chapter of the Oath Keepers with a membership application and wrote, “My brother, Graydon Young told me to submit my application this route to expedite the process.” Later in the day, STEELE emailed KELLY MEGGS and wrote, “My brother, Graydon Young told me to send the application to you so I can be verified for the Events this coming Tuesday and Wednesday.” The following day, STEELE sent an email to an Oath Keepers address, copying both YOUNG and KELLY MEGGS, attaching her Florida Oath Keepers membership application and vetting form, and writing, “I was just requested to send my documents to this email.”

And the arrest affidavit for the Parkers describe them discussing joining Watkins’ militia because their own had largely dissolved.

On December 27, 2020, Bennie Parker texted Watkins, “I may have to see what it takes to join your militia, ours is about gone.” Also on December 27, 202, Bennie Parker texted Watkins, “Yes and you and Sandi and I are like minded you guy [sic] aren’t that far away . . . . “

Effectively, that means that the organized stack (also included as an overt act in the superseding indictment) included at least three people — Crowl, Steele, Young, and Sandi Parker — who had just joined either Watkins’ militia or the Oath Keepers generally (Bennie, who’s 70, is not known to have entered the Capitol).

For all that it attracted media attention for that organized stack, the Oath Keepers weren’t as instrumental to the launch of the coup attempt as the Proud Boys.

But there, too, the militia was relying on new recruits. Dominic Pezzola claims (not entirely convincingly) that the insurrection was just his second action with the Proud Boys (though his first was the December MAGA March, where he was in close proximity to Roger Stone’s Oath Keeper body guard Robert Minuta).

Of more interest are the details Felicia Konold shared about her experience leading the mob.

She did a Snapchat video gleefully describing how much power she had exercised.

I’m watching the new guys

Fuuuck

Dude, I can’t even put into words. I. I. Never.

I never could [unintelligible] have imagined having that much of an influence on the events that unfolded today.

[Laughs]

Dude, people were willing to follow. You fucking lead, and everyone had my back, due, everyone, fucking wall, legit, in the air, up against the fence, [unintelligible], three lines of police, fence, me, not even on the ground, my feet weren’t even on the ground, all my boys, behind me, holding me up in the air, pushing back.

[Laughs]

We fucking did it.

Her arrest affidavit also quotes her on saying she was, “recruited into a fucking chapter from Kansas City,” complete with a challenge coin. The government’s detention memo for William Chrestman describes that he, “readily recruited two individuals from Arizona [Felicia and her brother Cory] to join the group of Kansas City Proud Boys, who then participated in the crime spree on U.S. Capitol grounds.” (It’s likely the case against Chrestman relies on an FBI interview of Konold, which has not been publicly cited.)

And it didn’t stop there. Experts have talked, abstractly, about how January 6 served as a recruiting boon for right wing terrorists. That’s shown tangibly in a detail from Royce Lamberth’s opinion  Zip Tie Guy Eric Munchel granting the government’s motion for his detention. Even as images from Munchel’s antics in the Senate had attracted close focus and on the same day the government obtained a warrant for his arrest, Zip Tie Guy reached out — via Signal — to the Proud Boys in an effort to join up.

There is also no evidence that Munchel is a member of any violent groups, thought the government has presented evidence that Munchel was in contact with a member of the Proud Boys after January 6 and was interested in joining the group. See Signal Chat Tr. (Jan. 9-10, 2021).

On top of being an explicit attempt to prevent Joe Biden from assuming the presidency, January 6 was also a recruitment bonanza, providing both a goal in advance to work towards, but also a networking opportunity permitting in-person recruitment.

The insurrectionists breached the Capitol with flagpoles and bullhorns. And some of the key players leading that breach were recent recruits to the organized militia leading the way. Meanwhile, Stewart Rhodes, Joe Biggs, and Ethan Nordean were watching from relative safety.

Update: I’ve fixed the Stack numbers; I think Crowl may have been training rather than being trained at the came in North Carolina in December.

Copyright © 2021 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/emptywheel/