Government Aims to Protect Other Ongoing Investigations in MalwareTech Case

In its request for a protection order governing discovery materials turned over to the defense in the Marcus Hutchins/MalwareTech case, the government provided this explanation of things it needed to keep secret.

The discovery in this matter may include information related to other ongoing investigations, malware, and investigative techniques employed by the United States during its investigation of Mr. Hutchins and others.

The government will always aim to protect investigative techniques — though in an international case investigating hackers, those techniques might well be rather interesting. Of particular interest, the government wants to hide techniques it may have used against Hutchins … and against others.

The government’s claim it needs to hide information on malware will disadvantage researchers who are analyzing the Kronos malware in an attempt to understand whether any code Hutchins created could be deemed to be original and necessary to the tool. For example, Polish researcher hasherezade showed that the hooking code Hutchins complained had been misappropriated from him in 2015, when the government claims he was helping his co-defendant revise Kronos, was not actually original to him.

The interesting thing about this part of Kronos is its similarity with a hooking engine described by MalwareTech on his blog in January 2015. Later, he complained in his tweet, that cybercriminals stolen and adopted his code. Looking at the hooking engine of Kronos we can see a big overlap, that made us suspect that this part of Kronos could be indeed based on his ideas. However, it turned out that this technique was described much earlier (i.e. here//thanks to  @xorsthings for the link ), and both authors learned it from other sources rather than inventing it.

Hasherezade may well have proven a key part of the government’s argument wrong here. Or she may be missing some other piece of code the government claims comes from Hutchins. By hiding any discussions about what code the government is actually looking at, though, it prevents the security community from definitely undermining the claims of the government, at least before trial.

Finally, there’s the reference to other, ongoing investigations.

One investigation of interest might be the Kelihos botnet. In the April complaint against Pyotr Levashov, the government claimed that the Kelihos botnet had infected victims with Kronos malware.

In addition to using Kelihos to distribute spam, the Defendant also profits by using Kelihos to directly install malware on victim computers. During FBI testing, Kelihos was observed installing ransomware onto a test machine, as well as “Vawtrak” banking Trojan (used to steal login credentials used at financial institutions), and a malicious Word document designed to infect the computer with the Kronos banking Trojan.

Unlike known uses of Kronos by itself, Kelihos is something that has victimized people in the United States; the government has indicted and is trying to extradite Pyotr Levashov in that case. So that may be one investigation the government is trying to protect.

It’s also possible that, in an effort to pressure Hutchins to take a plea deal, the government is investigating allegations he engaged in other criminal activity, activity that would more directly implicate him in criminal hacking. There’s little (aside from statutes of limitation) to prevent the government from doing that, and their decision to newly declare the case complex may suggest they’re threatening more damaging superseding indictments against Hutchins, if they can substantiate those allegations, to pressure him to take a plea deal.

Finally, there’s WannaCry. As I noted, while the government lifted some of the more onerous bail conditions on Hutchins, they added the restriction that he not touch the WannaCry sinkhole he set up in May. The reference to ongoing investigations may suggest the government will be discussing aspects of that investigation with Hutchins’ defense team, but wants to hide those details from the public.

Update: I’ve corrected the language regarding Kelihos to note that this doesn’t involve shared code. h/t ee for finding the reference.

Share this entry

Rohrabacher Can’t Remember Talking Assange Pardon with Trump But Is Sure Trump Wants Mind-Boggling Info from Julian Assange

In this post, I noted that Dana Rohrabacher might try to broker a deal between Assange and President Trump trading information on WikiLeaks’ DNC email source for — it appears — a pardon. As I noted, the meeting was first reported — at 8:02 PM —- by the Daily Caller.

At 12:22 AM ET, Julian Assange tweeted that “I do not speak to the public through third parties. Only unmediated statements coming directly from me can be considered authoritative.”

This morning, Rohrabacher issued a statement (posted in my last post) that ends with a promise he will share information already in hand with the President.

The congressman plans to divulge more of what he found directly to President Trump.

The Daily Caller has written a new story, based on an interview with Rohrabacher. In it Rohrabacher first claimed that “he can’t remember” if he has spoken to anyone in the White House about a pardon for Assange.

A pardon of Assange would have to come directly from President Donald Trump, and Rohrabacher told TheDC, “I can’t remember if I have spoken to anybody in the White House about this.”

Apparently Rohrabacher has so many conversations with the White House that he can’t remember them all.

He goes on to suggest he hasn’t gotten the information he (in his statement) promised to divulge to Trump.

The congressman has yet to receive the information that has been promised to him by Assange, but he said he is confident he will receive it.

But — Rohrabacher is sure — the information his office thought he had this morning but which he doesn’t have any more is sure to  be mind-boggling.

“If I had to bet on it, I would bet that we are going to get the information that will be mind-boggling and of major historical significance,” Rohrabacher said. He said if it is significant enough, he will bring it directly to Trump.

After which Rohrabacher, who can’t remember whether he has talked to anyone at the White House about this — much less the President!!! — asserts that “there has already been some indication that the president will be very anxious to hear what I have to say.”

“And there has already been some indication that the president will be very anxious to hear what I have to say if that is the determination that I make,” Rohrabacher added.

Call me crazy, but I think Assange demanded the Daily Caller back off their prior reporting [see update], perhaps to get reassurances from Trump he’ll get a pardon before he (through his proxy Rohrabacher) actually hands over the information. I don’t blame Assange for that — as I noted earlier, he’s only got one shot to produce his case, and if it is easily debunked, both he and Trump will be screwed.

Assange sure seems pretty uncertain about this information that Rohrabacher — who may or may not have already received it — is sure will be mind-boggling.

Update: Here is Assange’s statement about the visit, which makes no mention of disclosing his source.

WikiLeaks’ publisher Julian Assange and his lawyer Jennifer Robinson met with U.S. Congressman Dana Rohrabacher yesterday at the Congressman’s request. Mr. Assange explained how the ongoing proceedings against WikiLeaks over its publications on war, diplomacy and rendition violate the First Amendment rights of WikiLeaks and its readers. The grand jury proceedings against Mr. Assange and his staff started in July 2010 and have been repeatedly condemned by press freedom groups, the ACLU, Human Rights Watch and the United Nations. The proceedings are the largest ever conducted against a publisher and are widely viewed by legal scholars to be unconstitutional. The alleged source of the publications was granted clemency by President Obama in January. However the grand jury proceedings against the publisher continue and have expanded under the Trump administration. Mr. Assange faces potential life imprisonment. Now at seven years, the grand jury is one of the longest and most expensive in US history.

Mr. Assange does not speak through third parties. Only statements issued directly by him or his lawyers can be considered authoritative.

It also claims that Rohrabacher requested the visit, not vice versa.

Update: Curiously, Don Jr, who we know is happy to take meetings with just about anyone if they can produce information that damages dad’s enemies, just followed Assange on Twitter.

Update: The Daily Caller insists that Assange didn’t get them to back off any reporting, and instead explains that the contradictions between their Wednesday story and their Thursday one (and in Rohrabacher’s statements) derive instead from the poor wording of the statement from Rohrbacher’s office. My apologies for the insinuations that their failure to point out these multiple contradictions doesn’t just stem from bad reporting.

Update: Washington Times has more, which not only underscores how newsworthy are Daily Caller’s contradictions, but also confirms that Rohrabacher is now talking a back and forth process.

“I will have discussions with President Trump before going public, and that should happen hopefully within two weeks of now, by the end of the month,” he said. “In the end, the American people are going to know more than what they know now, and it will be with more certainty.”

Rohrabacher declined to say if he was given a physical set of files by Assange to support a counter-narrative on how WikiLeaks acquired emails damaging to Hillary Clinton’s candidacy. U.S. spy agencies say Russia hacked those emails and gave them to WikiLeaks.

“I told you, I’m not going to go into details on that,” said the Orange County conservative about whether he was given physical files. At one point, however, Rohrabacher implied he had not been given documents.

“We did not go into detail [about how WikiLeaks acquired Democratic emails], but that will obviously be something that will be provided in greater detail shortly,” he said.

“This is not a one step process, it’s a two-step or three step-process. There are some things we just have to go to the president with and see what he says, and then see how we can actually work its way so the American people know the truth,” he said.

Update, 8/19: In an article revealing that Charles Johnson has refused to cooperate with the Senate Intelligence Committee’s request for information on how he helped now-deceased rat-fucker Peter Smith attempt to find hacked files from Hillary’s server, Michael Isikoff provides his own version of the Rohrabacher/Assange deal. His version lacks the contradictions of the right wing press. It explains that Assange would basically trade “irrefutable” evidence he didn’t get the DNC emails from Russia (which is different than proving they didn’t come from Russia) in exchange for a pre-emptive pardon.

Johnson said he and Rohrabacher came back from their meeting with a specific proposal that the congressman intends to present to President Trump soon: Grant a preemptive pardon to Assange (who has been under Justice Department investigation for years, although he has never been charged) and the WikiLeaks founder would, in exchange, turn over “irrefutable” evidence that he didn’t get the Democratic National Committee emails from Russia, but from another source.

“Assange wants to have a deal with the president,” Johnson said. “He believes he should be pardoned in the same way that Chelsea Manning was pardoned.” Once Assange turns his evidence over, showing the Russians were not the source of the DNC emails, then the “president could put the kibosh” on the whole Russia investigation being conducted by special counsel Robert Mueller.

Johnson declined to say what Assange’s supposed evidence actually is (though he did say it did not include any documents). But he insisted he has spoken to unidentified figures in the White House who have told him the president wants to hear the proposal. “I know the president is interested in this,” he said. “There will be a meeting between Rep. Rohrabacher and President Trump.”

A spokesman for Rohrabacher confirmed that Johnson had arranged the meeting between the congressman and Assange. “My understanding is that there is not yet a concrete proposal, but that Dana does believe that if Assange does turn over the proof he’s promised, then he deserves a pardon,” the spokesman said.

There’s a lot that’s batshit about these claims, not least the suggestion that Chelsea Manning got a full pardon, rather than a commutation after 7 years of imprisonment and abusive treatment by the federal government.

But it’s also hard to imagine how, having laid out this deal in such stark terms, Robert Mueller won’t begin to show some interest in it.

Share this entry

Lawfare Disappears Democratic Support for Centrist Failures to Claim a “Sea-Change” because of Russia

In a piece that calls Max Blumenthal — author of three books of original journalism — an “activist,” Lawfare’s Quinta Jurecic attempts to lay out how the left has split on its response to Russia’s interference in last year’s election. She does a fine job avoiding generalizations about the current stance of the various parts of the left she portrays. But she creates a fantasy past, in which even the center-left has been distrustful of the intelligence community, to suggest the center-left’s embrace of the Russia investigation represents a “sea-change” in its comfort with the spooks.

The story of the American left under Trump, as in the larger story, is one of bifurcation and polarization. It’s a story of a profound emerging divide over the role of patriotism and the intelligence community in the left’s political life. To put the matter simply, some on the left are actively revisiting their long-held distrust of the security organs of the American state; and some are rebelling against that rapprochement.

[snip]

But these arguments have taken place against the backdrop of a much greater and more visible embrace of the investigation on the part of the center-left—and a concurrent embrace by many center-left commentators of actively patriotic vocabulary that is traditionally the province of the right, along with a skepticism about Russia that has not been in fashion in Democratic circles since the Scoop Jackson wing of the party bolted. As Trump has attacked and belittled the intelligence community’s assessment of Russian election interference, the center-left has embraced not only the report but also the intelligence community itself.

[snip]

Political leaders of the center-left always had a quiet peace with the national security apparatus. But the peace was a quiet one, generally speaking, one without overly demonstrative displays of affection or support.

[snip]

[B]roadly speaking, the center-left these days sounds a lot like the mainstream right of the last few decades before Trump came along: hawkish towards Russia and enthusiastic about the U.S.  intelligence apparatus as one of the country’s key lines of defense. And the mainstream right sounds a lot like the center-left on the subject—which is to say very quiet.

This new posture for the center-left, to some degree anyway, has politicians speaking the language of the intelligence world: the language of active patriotism.

Perhaps Jurecic has been asleep since 9/11, and has overlooked how aggressively supportive centrist Democrats have been of the National Security establishment? There’s no sea-change on the center left — none. What she actually presents evidence for is a sea-change on the right, with increased skepticism from some of those (like Devin Nunes) who have been the intelligence community’s biggest cheerleaders in the past.

To create this fantasy past, the foreign policy history Jurecic focuses on is that of the Cold War (a history that stops short of NATO expansion), not more recent history in which members of the center-left voted for a disastrous Iraq War (which Russia opposed), misrepresented (to both Russia and the left) the regime change goals of the Libya intervention, and applauded the CIA effort to back (al Qaeda allied) rebels to carry out regime change in Syria. To say nothing of the center-left’s failure to hold banks accountable for crashing the world economy. The only place those policies show up is in Jurecic’s explanation why “younger” people are more isolationist than their elders.

There’s another stream of thought too, from voices who tend to be younger and more focused on left-wing domestic policy, rather than Cold War-inflected foreign policy—people whose formative political experience dates to the Iraq War, rather than anything to do with the Soviet Union. This stream tends toward isolationism.

It’s not just that the Iraq War and the Wall Street crash, not the Cold War, provided the formative moment for these young people (though many of Jurecic’s claims about the young are immediately supported by descriptions of Glenn Greenwald or other old farts). It’s that these were disastrous policies. And through all of them, the center-left that Jurecic portrays as distrusting the IC were instead enabling and often — certainly for the entire Obama Administration — directing them.

Jurecic’s fantasy of past skepticism about the IC relies on the Democrats’ changing views towards Jim Comey, particularly the treatment of him (and to a lesser degree Robert Mueller) as messiahs.

As Americans gathered to watch James Comey testify before the Senate Intelligence Committee, a meme emerged on certain corners of the left-leaning internet: people had a crush on the former FBI director. It was his patriotism, his scrupulousness, his integrity that did it. “Get you a man who loves you like [C]omey loves the FBI,” wrote one commenter. “Is COMEY … attractive?” asked another. Declared one: “Comey should be the next Bachelor.”

The trend may have started with Comey, but it hasn’t ended with him. Earlier this month, Vogue reported that special counsel Robert Mueller, too, has been transformed into an unlikely object of adoration.

The point of these outbursts of affection—whatever level of queasiness or amusement they might inspire—is not actually that anyone finds the former FBI director or the special counsel attractive. In the odd parlance of the internet, this kind of language is a way to express intense emotional involvement with an issue. Half-jokingly and with some degree of self-awareness, the many people who profess their admiration are projecting their swirling anxiety and anticipation over the Russia investigation and the fate of the Trump presidency onto Mueller and Comey.

Not only does Jurecic ignore the wild swing Democrats exhibited about Comey, whom many blamed for Hillary’s loss (something both I and, later, Lawfare predicted). But she makes no mention of what happened in 2013 with Jim Comey’s confirmation process, in which a man who signed off on torture and legitimized an illegal dragnet by strong-arming the FISA Court was pushed through by Democrats with one after another fawning statement of admiration, where the only procedural or voting opposition came from Republicans.

You don’t approve Comey with no probing questions about his hawkish past if you’re at all embarrassed about your support for the IC. Yet that’s what the allegedly skeptical Democratic party did.

There’s a reason all this matters, especially given the way Jurecic wields the concept of patriotism in her invention of a sea-change in center-left support for spooks.

I’m on the more progressive (“hard”) left that Jurecic generally portrays as opposing the Russia investigation. Yet I may have written more, myself, than all of Lawfare about it. I think it is real and important. I support the investigations into Russian interference and Trump’s tolerance for it.

But I also think that as part of that review, the center-left — and institutions of centrist policy, starting with Brookings — need to reflect on how their own epic policy failures have discredited centrist ideology and created an opportunity that both Donald Trump and Vladimir Putin found all too easy to exploit.

Trump succeeded, in part, because he deceitfully promised to reinvest in the crumbling US interior, rather than overseas. Putin has attracted support in a Europe still paying for the German banks’ follies, a Europe struggling to accommodate refugees escaping a destabilized Middle East. That doesn’t make either of them positive forces. Rather, it makes them opportunists capitalizing on the failures of centrist hegemony. But until the center is either replaced or offers policies that haven’t already failed, Trump and Putin will continue to exploit those failures.

I consider myself a patriot. But true patriotism — as opposed to the messianism she celebrates as patriotism on the center-left — requires honest criticism of America’s disastrous economic and foreign policy failures. Messianism, by contrast, is a position of impotence, where necessary work is supplanted by hope that a strong man will rescue us all.

Ben Wittes and Lawfare generally are right that caricatures of them as handmaidens of the Deep State are too simple. But Jurecic’s analysis is associated with a think tank paid for by funders that include entities that have backed disastrous destabilizing policies in the Middle East — like Qatar, UAE, Haim Saban — as well as those who profit from them — like Northrop Grumman  It was paid for by the banks that centrists didn’t hold accountable for the crash, including JP Morgan and Citi. It was paid for by big oil, including Exxon. It was even paid for by Dianne Feinstein, the Democrat who presided over the solicitous Comey confirmation process Jurecic completely disappeared from her narrative of Democrats embracing Comey.

That a Brookings-affiliated analyst has just invented a fantasy past skepticism for spooks on the center-left — the center-left that has championed failed policies — even as she deems the tribalism she portrays as “patriotism” is itself part of the problem. It dodges the work of true patriotism: ensuring America is strong enough to offer the rest of the world something positive to support, rather than something that demagogues like Trump and Putin can effectively consolidate power over.

Share this entry

Three Times Donald Trump Treated Vehicular Manslaughter as Terrorism

Donald Trump gave the weakest statement on Charlottesville today, even going so far as calling on Americans to “cherish our history,” in response to a Nazi mob responding to the removal of Confederate symbols.

[W]e’re closely following the terrible events unfolding in Charlottesville, Virginia.  We condemn in the strongest possible terms this egregious display of hatred, bigotry and violence, on many sides.  On many sides.  It’s been going on for a long time in our country.  Not Donald Trump, not Barack Obama.  This has been going on for a long, long time.

It has no place in America.  What is vital now is a swift restoration of law and order and the protection of innocent lives.  No citizen should ever fear for their safety and security in our society, and no child should ever be afraid to go outside and play, or be with their parents, and have a good time.

[snip]

I want to salute the great work of the state and local police in Virginia — incredible people — law enforcement, incredible people — and also the National Guard.  They’ve really been working smart and working hard.  They’ve been doing a terrific job.  The federal authorities are also providing tremendous support to the governor.  He thanked me for that.  And we are here to provide whatever other assistance is needed.  We are ready, willing, and able.

Above all else, we must remember this truth:  No matter our color, creed, religion or political party, we are all Americans first.  We love our country.  We love our God.  We love our flag.  We’re proud of our country.  We’re proud of who we are.  So we want to get the situation straightened out in Charlottesville, and we want to study it.  And we want to see what we’re doing wrong as a country, where things like this can happen.

My administration is restoring the sacred bonds of loyalty between this nation and its citizens, but our citizens must also restore the bonds of trust and loyalty between one another.  We must love each other, respect each other, and cherish our history and our future together.  So important.  We have to respect each other.  Ideally, we have to love each other. [my emphasis]

In spite of the attack on counter-protestors — a tactic borrowed from ISIS terrorists in Europe — Trump didn’t label this terrorism or even call out the white supremacist violence.

Which is curious, because on at least three occasions he treated vehicular manslaughter as terrorism. He did it with Nice.

He accused London Mayor Sadiq Khan of blowing off the London Bridge terrorist attack.

And he demanded the “civilized world” change its thinking in response, in part, to the Berlin truck attack.

I guess Trump has lost his interest in civilization now?

Share this entry
[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The 702 Compliance Reporting

This will be a very weedy post on two quarterly reports on 702 compliance released to ACLU under FOIA: March 2014, March 2015; the March reports both cover the December 1 through February 28 period. ACLU obtained them not by FOIAing quarterly compliance reporting directly. Rather, ACLU asked for all the documents referred in this Summary of Notable Section 702 Requirements, which they had received earlier. But the released copies are entirely useless in elucidating the Notable Requirements. The 2015 report, for example, was provided in part to explain how NSA assesses whether a selector will provide foreign intelligence information, but the section of the report that details with it (item 28 on page 46) has been withheld entirely (see break between PDF 8 and 9). In addition, there must be at least one more citation to it that is redacted in the Notable Requirements document. The reference(s) to the 2014 report are entirely redacted.

There are a few places such redacted references to the two reports might be: There’s a missing citation in Pre- and Post-Tasking Due Diligence (the redaction at the bottom of 2). There may be a citation missing in the continued assessment section at the bottom of page 4. There’s definitely one missing in the Obligation to Review section (page 5). There’s likely to be one in the long redacted passage on page 6 pertaining to resolving post-tasking problems as quickly as possible. And the sole footnote (see page 11) in the Summary has a reference, which is likely one on FBI techniques to analyze Section 702 information the government identified as being withheld in its entirety.

So the Compliance reports don’t help us — at all — to understand the requirements the government places on itself with respect to 702.

But they do show us, in more granular detail than show up in the Semiannual reports (this one includes the March 2014 period and this one includes the March 2015 period), the kinds of things that show up in the compliance reviews. The compliance reporting in both is generally organized in to the same sections (see page 29):

  • Tasking Issues
  • Detasking Issues
  • Notification Delays
  • Documentation Issues
  • Overcollection
  • Minimization
  • Other

And — as the Semiannual Report makes clear — we’re just seeing a fraction of the granular descriptions in the quarterly reports, because we’re not seeing the tasking, detasking, notification, or documentation issues. That means the unredacted content in the released reports represents less than 20% of the total number of compliance incidents for these two quarters.

Though we may be able to use the reports in conjunction to identify how many selectors, on average, are tasked at any given time. If the 25 minimization issues cited in the March 2015 report are representative (meaning there’d be 50 for the entire six month period), then there’d be roughly 338 incidents across all topics for the six month period (it’s not entirely clear how they deal with overlap). Given a compliance rate of .35% per average facilities tasked, this means roughly 96,571 facilities tasked at any given time, thought that may be low given the vastly different lead times on these reports (meaning in the interim year, the government might ID many more compliance issues that get reported primarily in the Semiannual report). There were 94,368 targets across the whole year in FY 2015 (which covers this entire period because the Fiscal Year begins in October). What that suggests is that for some targets, you’ll have more than one facility tasked at any given time, but unless there’s a lot of turnover in a given year (meaning that most targets are only tasked for some weeks or months), not that many.

Which leaves us with what the reports do show us: the other (largely dissemination) and minimization (largely overly broad queries and US person queries) compliance errors, errors which I’ve roughly tallied in this document.

Dissemination

Between the two quarterly reports, there are 13 incidences of what I’m lumping under improper dissemination (the report treats database dissemination differently from disseminating unmasked USP identities). Most of these are fairly non-descript, true error. In three cases, analysts at other agencies alerted the NSA that they had not masked a US person identity.

The exceptions are 2015-19 and -20, which are almost entirely redacted but pretty clearly deal with NSA sharing raw data with FBI and/or CIA improperly.

I find the second one — which includes no unredacted discussion of emergency detasking or other mitigation — to be the more alarming of the two. But in general, the possibility that NSA might mistakenly send FBI (especially) the wrong data is troubling because once things get to FBI they get far less direct scrutiny (both in terms of compliance reviews and in terms of auditing) than NSA gets. Sending the collection on an entire selector over to another agency is far more intrusive than sending over one unmasked name (though it’s not clear this raw data belonged to a US person). Plus, once things get to FBI they can start having repercussions.

Overbroad Queries

The overbroad queries are interesting not so much because they affect US persons directly (though they do in perhaps two cases), but for what they say about the querying process. Here’s what the 2015 Semiannual Report says about overbroad queries, which it acknowledges is a problem even while attributing the problem to errors in constructing Boolean queries.

(U) NSA’s minimization procedures require queries of Section 702-acquired data to be designed in a manner “reasonably likely to return foreign intelligence information.” Approximately 29% of the minimization errors in this reporting period involved non-compliance with this rule regarding queries (54% in the last reporting period).56 As with prior Joint Assessments, this is the cause of most compliance incidents involving NSA’s minimization procedures. These types of errors are typically traceable to a typographical or comparable error in the construction for the query. For example, an overbroad query can be caused when an analyst mistakenly inserts an “or” instead of an “and” in constructing a Boolean query, and thereby potentially received overbroad results as a result of the query. No incidents of an analyst purposely running a query for nonforeign intelligence reasons against Section 702-acquired data were identified during the reporting period, nor did any of the overbroad queries identified involve the use of a United States person identifier as a query term.

That generally accords with the most common description of the compliance errors: an analyst constructs a query poorly, recognizes as soon as she gets the results (presumably resulting in far more returned records than expected), someone (the reports as often as not don’t tell us who) deletes them, and it gets reported. There are a few incidents where analysts run multiple such queries before discovering the problem — that seems like more of a concern, as fat-fingering a Boolean connector shouldn’t explain it. I’m interested in the errors (2015-7, -8, and -9) where the redaction seems to suggest either some other kind of query or some embarrassment about disclosing that top secret method, Boolean search; it’s possible this pertains to XKS searches, which can also involve scripts. One of these overboard queries was done by a linguist (which given the Reality Winner case is interesting). There are also discrepancies about whether the analyst themselves discovered the problem or an auditor, the latter of which happened at least five times (two incidences don’t describe who discovered them). Finally, there are interesting differences in the description of the coaching that happens after an issue. Sometimes none is described. Most often, the report describes the analyst getting a talking to. But in a number of cases, “personnel,” which might be plural, get coaching. I’m interested in when more than one person would get such coaching.

Finally, consider what it means that most of these violations seem to involved multiple authorities, including 702. That’s not at all surprising: you’d want to track a target across all the collection you had on the person. But that also includes upstream 702, which may be part of the problem upstream became such a problem.

US Person Queries

Finally, there are the queries using US person identifiers that, for some reason, were improper under the guidelines first approved in 2011. As I’ve noted, these have been a consistent problem since at least 2013. The Semiannual Report acknowledges this, or at least the problems with searching upstream 702 data, which was prohibited in the 2011 guidelines.

(U) Additionally, as noted in prior Joint assessments, the joint oversight team believes NSA should assess modifications to systems used to query raw Section 702-acquired data to require analysts to identify when they believe they are using a United States person identifier as a query term. Such an improvement, even if it cannot be adopted universally in all NSA systems, could help prevent compliance instances with respect to the use of United States person query terms.59 NSA plans to test and implement this recommendation during calendar year 2016. The new internal compliance control mechanism being developed for NSA data repositories containing unevaluated and unminimized Section 702 information will require analysts to document whether the query being executed against the database includes a known United States person identifier. Once the query is executed, the details concerning the query will be passed to NSA’s auditing system of record for post-query review and potential metrics compilation. As part of the testing, NSA will evaluate the accuracy of reporting this number in future Joint Assessments.60

As you review the violations discovered in 2014 and 2015, remember that (as noted in the 2017 702 authorization), these results were in a period where NSA was just discovering far more pervasive problems with US person searches. As it is, in each quarter here, there were 10 or 11 inappropriate US person searches. In 2014, a number of those (2,5, 8, 17) were searches of 702 data using identifiers associated with US persons already targeted under Title I, 704, or 705(b). Just one (5) of the 2015 violations was approved for individual targeting, and that appears to be one of the earlier violations in the quarter (note it must have occurred in December 2014). That’s interesting, because this undated guideline on USP queries of 702 collections says any US person approved for individualized targeting or RAS (under the old phone dragnet) could be backdoor searched. It seems likely, then, they changed the policy in 2015 (which is particularly alarming, given that they did so just as NSA was moving towards discovering how bad their upstream searches were. In other words, they seem to have made legal one of the practices that was coming up as a violation.

These violation descriptions are also interesting for the (often redacted) specificity about the kind of selector used, sometimes described as email, telephony (which could include messaging), and in others as “facilities” (which might include cookies or IPs). That’s an indication of the range of identifiers under which you can search 702 data, which is in turn (because 702 searches are all supposed to derive from PRISM collection) a testament to the kinds of things that get turned over in PRISM returns.

Of the violations described, just one obviously pertains to the search on an identifier for which the authorization had expired. That’s interesting, because searches on expired warrants appeared far more frequently in past reports. Significantly, the IG Report reviewing compliance 704/705(b), which reviewed queries for two months that overlapped with the 2015 report at issue (January and February 2015; the compliance report included December 2014 whereas the IG Report included March 2015), did find persistent problems with expired authorizations, but in EO 12333 data (suggesting FISA queries might have fixed earlier such problems). But the discussion of these problems in Rosemary Collyer’s 702 reauthorization opinion shows that for one tool, 85% of 704/705(b) queries conducted from November 2015 through April 2016 — well after the later quarter covered here — were non-compliant. “Many of these non-compliant queries involved use of the same identifiers over different date ranges.” NSA was unable to segregate and destroy the improper queries. That’s perhaps unsurprising, because as late as April 2017, the NSA was still having difficulties identifying all the queries run against 702 data.

And in spite of the reports, from later 702 reporting that some of the 704/705(b) queries of 702 did not get included in auditing systems, a good number of these violations were not discovered by analysts (as often happened with improper queries) but by auditors, suggesting the violations may have had an impact on US persons.

All that said, there’s not all that much there there, aside from the sheer number (which the Semiannual report seems to think is just NSA’s serial refusal to fix the problem of default search settings). These two snap-shots of the 702 upstream query problem, capturing 702 collection in the period immediately before it started to blow up, are also an indication of how much ODNI/DOJ’s oversight of NSA (which is far more rigorous than the oversight than the same agencies give CIA and especially FBI) was missing.

Share this entry

The AlphaBay Jewish Community Center Bomb Threat of the Week Service

Back in April, the Department of Justice announced it had identified the perpetrator of at least some of the series of threats against targets that had terrified the Jewish community between January and March: Michael Ron David Kadar, an Israeli-American 18-year old, had allegedly placed at least 15 calls to different Jewish Community Centers and other targets this year. While it received less attention, DOJ also charged Kadar with swatting calls targeting secular schools in Georgia going back to August 2015.

The fact that Kadar, an Israeli Jew, was behind sowing terror throughout the Jewish community defied assumptions that the threats were motivated out of anti-Semitism. After all, why would a Jew seek to terrorize other Jews?

Except — as documents tweeted out by GWU’s Seamus Hughes yesterday make clear — the reality may be quite different.

Back in April, the FBI obtained a search warrant to search certain accounts on AlphaBay, the dark web marketplace taken down in July. It reveals that Israeli police seized a thumb drive in their search of Kadar’s room showing “THE ARCHIVE OF TARGETS.” Documents from the archive corresponded to the hoaxes launched against Jewish targets.

It then explains that an AlphaBay vendor working under the name Darknet_Legend — apparently run by Kadar — offered a “unique emailing service for all of you, I email bomb threats to schools on your request.” Emailed bomb threats cost $30 each, plus an extra $15 if you wanted to frame someone in particular for the hoax.

In June, a prosecutor asked the magistrate to unseal the earlier search warrant to facilitate the arrest of the person believed to have paid for at least one of the JCC bomb threats.

That ongoing investigation has identified a suspect believed to have ordered and paid for at least [sic] of the bomb threats made by Kadar. The FBI and local authorities in California intend to pursue criminal charges against the suspect. If they are successful in doing so, the local authorities may need this warrant and/or it may be producible in discovery.

On July 17, the magistrate unsealed that warrant.

While it’s not yet clear who the CA target was or what has happened to him or her since June, it appears that Kadar only carried out the threats, at $30 a pop, for someone else.

Share this entry

Robert Mueller’s Grand Jury and the Significance of Felix Sater

In response to Monday’s server hiccups and in anticipation that Mueller is nowhere near done, we expanded our server capacity overnight. If you think you’ll rely on emptywheel reporting on the Mueller probe, please consider a donation to support the site

The world is abuzz with the news that Robert Mueller has impaneled a DC-based grand jury that he used to subpoena information on the June 9, 2016 meeting between Don Jr., Paul Manafort, Jared Kushner, and some Russians promising dirt on Hillary Clinton. In reality, the Special Counsel had already been using a grand jury to get information on Mike Flynn and Paul Manafort and we should always have expected a dedicated grand jury.

Nevertheless, the move has convinced the chattering classes that this investigation is for real.

This comes as a surprise to people, apparently, after reports of Mueller’s 16th hire, illegal foreign bribery expert Greg Andres. It’s almost as if people haven’t been making sense of where Mueller is going from the scope of his hires, which include:

  1. Mob specialists: Andrew Weissman and Lisa Page are mob prosecutors.
  2. Fraud specialists: Weissman and Rush Atkinson are also fraud prosecutors.
  3. Corporate crime specialists: Weissman also led the Enron Task force. One of Dreeben’s key SCOTUS wins pertained to corporate crime. Jeannie Rhee has also worked on white collar defense.
  4. Public corruption specialists: Mueller hired someone with Watergate experience, James Quarles. And Andrew Goldstein got good press in SDNY for prosecuting corrupt politicians (even if Sheldon Silver’s prosecution has since been overturned).
  5. International experts: Zainab Ahmad, who worked terrorism cases in EDNY, which has some of the most expansive precedents for charging foreigners flown into JFK (including Russia’s darling Viktor Bout), knows how to bring foreigners to the US and successfully prosecute them in this country. Aaron Zelinsky has also worked in international law. Elizabeth Prelogar did a Fulbright in Russia and reportedly speaks it fluently. And, as noted, Andres has worked on foreign bribery.
  6. Cyber and spying lawyers: Brandon Van Grack is the guy who had been leading the investigation into Mike Flynn; he’s got a range of National Security experience. Aaron Zebley, Mueller’s former chief of staff at FBI, also has that kind of NSD experience.
  7. Appellate specialists: With Michael Dreeben, Mueller already has someone on the team who can win any appellate challenges; Adam Jed and Elizabeth Prelogar are also appellate specialists. Mueller’s hires also include former clerks for a number of SCOTUS justices, which always helps out if things get that far.

I lay this out there to suggest that in addition to hiring a bunch of super stars, Mueller also appears to have picked people for their expertise. Those picks reflect an already well-developed theory of the case, one formed long before he impaneled his own grand jury. And many of them boast expertise fairly distant from the question of foreign adversary’s hacking a political party’s server.

And I’d suggest there’s good reason for that.

Some of Mueller’s theory of the case undoubtedly comes from whatever evidence Jim Comey’s FBI and Van Grack’s grand jury had already collected, which at least publicly pertains to Mike Flynn’s disclosure problems, his comments to the Russians, and Paul Manafort’s money laundering. Some of it comes from stuff that was being investigated in NY.

But remember: Trump’s sordid ties to Russian mobsters (see categories 1, 2, 3, and 5) go back a long way. One of the best ways to understand what and how close some of those ties are is to look at the case of Felix Sater. Josh Marshall’s description here gets at a lot of the important bits.

Sater is a Russian emigrant who was jailed for assault in the mid-90s and then pulled together a major securities fraud scheme in which investors lost some $40 million. He clearly did something for the US government which the feds found highly valuable. It seems likely, though not certain, that it involved working with the CIA on something tied to the post-Soviet criminal underworld. Now Bayrock and Trump come into the mix.

According to Sater’s Linkedin profile, Sater joined up with Bayrock in 1999 – in other words, shortly after he became involved with the FBI and CIA. (The Times article says he started up with Bayrock in 2003.) In a deposition, Trump said he first came into contact with Sater and Bayrock in the early 2000s. The Trump SoHo project was announced in 2006 and broke ground in November of that year. In other words, Sater’s involvement with Bayrock started soon after he started working with the FBI and (allegedly) the CIA. Almost the entire period of his work with Trump took place during this period when he was working for the federal government as at least an informant and had his eventual sentencing hanging over his head.

What about Salvatore Lauria, Sater’s accomplice in the securities swindle?

He went to work with Bayrock too and was also closely involved with managing and securing financing for the Trump SoHo project. The Timesarticle I mentioned in my earlier post on Trump SoHo contains this …

Mr. Lauria brokered a $50 million investment in Trump SoHo and three other Bayrock projects by an Icelandic firm preferred by wealthy Russians “in favor with” President Vladimir V. Putin, according to a lawsuit against Bayrock by one of its former executives. The Icelandic company, FL Group, was identified in a Bayrock investor presentation as a “strategic partner,” along with Alexander Mashkevich, a billionaire once charged in a corruption case involving fees paid by a Belgian company seeking business in Kazakhstan; that case was settled with no admission of guilt.

All sounds totally legit, doesn’t it?

But there’s more!, as they say.

Sater’s stint as a “Senior Advisor” to Donald Trump at the Trump Organization began in January of January 2010 and lasted roughly a year. What significance that has in all of this I’m not sure. But here’s the final morsel of information that’s worth knowing for this installment of the story.

How exactly did all of Sater’s secret work and the federal government’s efforts to keep his crimes secret come to light?

During the time Sater was working for Bayrock and Trump he organized what was supposed to be Trump Tower Ft Lauderdale. The project was announced in 2004. People paid in lots of money but the whole thing went bust and Trump finally pulled out of the deal in 2009. Lots of people who’d bought units in the building lost everything. And they sued.

In other words, an FBI (and, possibly, CIA) informant had links with two of Trump’s business with ties to the Russian mob for — effectively — the entire extended Mueller tenure at FBI.

This is a point one of the few other people with reservations about Mueller as Special Counsel made to me not long ago. The FBI — Mueller’s FBI — has known about the ties between Trump’s businesses and the Russian mob for well over a decade. The FBI — Mueller’s FBI — never referred those ties, that money laundering, for prosecution in that entire time, perhaps because of the difficulties of going after foreign corruption interlaced with US businesses.

Now, in a remarkably short timeframe, former mob prosecutor Robert Mueller has put together a dream team of prosecutors who have precisely the kind of expertise you might use to go after such ties.

Because now it matters. It matters that the President has all these obligations to the Russian mob going back over a decade, because he can’t seem to separate his own entanglements from the good of the country.

Yes, Robert Mueller convened a grand jury and he has used it to go after the records of a meeting set up by one of Trump’s key Russian allies, Aras Agalarov, and his campaign, the guy who, at the very end of Mueller’s tenure at FBI, helped Trump stage the Miss Universe pageant in Russia, an event that may have marked significant new levels of Trump exposure to Russian compromise. But Mueller was on the trail of Trump and his Russian crime ties long before that. (The person with Mueller reservations actually wondered whether Trump himself wasn’t cooperating with the FBI in this period.)

Folks have made much of this exchange in the NYT’s long interview with Trump.

SCHMIDT: Last thing, if Mueller was looking at your finances and your family finances, unrelated to Russia — is that a red line?

HABERMAN: Would that be a breach of what his actual charge is?

TRUMP: I would say yeah. I would say yes. By the way, I would say, I don’t — I don’t — I mean, it’s possible there’s a condo or something, so, you know, I sell a lot of condo units, and somebody from Russia buys a condo, who knows? I don’t make money from Russia. In fact, I put out a letter saying that I don’t make — from one of the most highly respected law firms, accounting firms. I don’t have buildings in Russia. They said I own buildings in Russia. I don’t. They said I made money from Russia. I don’t. It’s not my thing. I don’t, I don’t do that. Over the years, I’ve looked at maybe doing a deal in Russia, but I never did one. Other than I held the Miss Universe pageant there eight, nine years [crosstalk].

SCHMIDT: But if he was outside that lane, would that mean he’d have to go?

[crosstalk]

HABERMAN: Would you consider——

TRUMP: No, I think that’s a violation. Look, this is about Russia. So I think if he wants to go, my finances are extremely good, my company is an unbelievably successful company. And actually, when I do my filings, peoples say, “Man.” People have no idea how successful this is. It’s a great company. But I don’t even think about the company anymore. I think about this. ’Cause one thing, when you do this, companies seem very trivial. O.K.? I really mean that. They seem very trivial. But I have no income from Russia. I don’t do business with Russia. The gentleman that you mentioned, with his son, two nice people. But basically, they brought the Miss Universe pageant to Russia to open up, you know, one of their jobs. Perhaps the convention center where it was held. It was a nice evening, and I left. I left, you know, I left Moscow. It wasn’t Moscow, it was outside of Moscow.

Technically, Trump was only asked about whether he’d consider Mueller’s review of finances unrelated to Russia to be outside his lane. But Trump largely answered it about Russia, about business deals — the condos, the pageant — with Russia going back to the time Mueller’s FBI would have been working with Felix Sater to learn about the Russian mob.

Yeah. It’s no surprise Mueller has impaneled a grand jury.

Share this entry

The Leakers Get Craftier

Hey, are you all still here?

Thanks to everyone — especially Rayne — for watching after the likker cabinet while I was in Oz. It appears the Donald Administration has only gotten crazier since I was gone.

Last night, the WaPo published yet another big scoop show more lies about Russia. It reveals that President Trump personally dictated the response to the news that Don Jr, Paul Manafort, and Jared Kushner met with Natalia Veselnitskaya.

Flying home from Germany on July 8 aboard Air Force One, Trump personally dictated a statement in which Trump Jr. said that he and the Russian lawyer had “primarily discussed a program about the adoption of Russian children” when they met in June 2016, according to multiple people with knowledge of the deliberations. The statement, issued to the New York Times as it prepared an article, emphasized that the subject of the meeting was “not a campaign issue at the time.”

Two important details about this scoop: first, as Laura Rozen noted, Trump’s focus on adoption came after he chatted up Vladimir Putin at the spouse’s dinner for up to an hour at the G20 (remember how Trump gesticulated wildly to get Putin’s attention). Given that Trump claims they spoke about adoptions, it makes it more likely (as batshit as this is to contemplate!) Trump looped Putin in on how to respond.

Remember, too, that Rob Goldstone specifically envisioned involving Trump in this matter.

What do you think is the best way to handle this information and would you be able to speak to Emin about it directly?

I can also send this info to your father via Rhona, but it is ultra sensitive so wanted to send to you first.

At this point it’s probably safest to assume all the other claims about this — such as that there was no follow-up — will prove to be lies, too.

I wanted to point one more thing out, though.

The WaPo story is notable for two reasons. First, it features an almost entirely new set of journalists from the three mainstays who’ve published the other big Russian scoops. Just as interesting — in the wake of the unceremonious firing of Reince Priebus and others — the story almost entirely hides the sources for the story. While the story quotes an anonymous Trump advisor and airs the complaint of Jared Kushner’s legal team, the story says nothing about who actually revealed this story. And the story is specifically framed in a way that tees it up for Robert Mueller to ask questions about Trump’s obstruction, personally.

Trump has serially fired his staffers because no one can get a handle on this Russian scandal. But with each firing, Trump also makes it likely new leaks with badly exacerbate the scandal.

 

Share this entry
[Photo: National Security Agency via Wikimedia]

If a Tech Amicus Falls in the Woods but Rosemary Collyer Ignores It, Would It Matter?

Six senators (Ron Wyden, Pat Leahy, Al Franken, Martin Heinrich, Richard Blumenthal, and Mike Lee) have just written presiding FISA Court judge Rosemary Collyer, urging her to add a tech amicus — or even better, a full time technical staffer — to the FISA Court.

The letter makes no mention of Collyer’s recent consideration of the 702 reauthorization certificates, nor even of any specific questions the tech amicus might consider.

That’s unfortunate. In my opinion, the letter entirely dodges the real underlying issue, at least as it pertains to Collyer, which is her unwillingness to adequately challenge or review Executive branch assertions.

In her opinion reauthorizing Section 702, Collyer apparently never once considered appointing an amicus, even a legal one (who, under the USA Freedom structure, could have suggested bringing in a technical expert). She refused to do so in a reconsideration process that — because of persistent problems arising from technical issues — stretched over seven months.

I argued then that that means Collyer broke the law, violating USA Freedom Act’s requirement that the FISC at least consider appointing an amicus on matters raising novel or significant issues and, if choosing not to do so, explain that decision.

In any case, this opinion makes clear that what should have happened, years ago, is a careful discussion of how packet sniffing works, and where a packet collected by a backbone provider stops being metadata and starts being content, and all the kinds of data NSA might want to and does collect via domestic packet sniffing. (They collect far more under EO 12333.) As mentioned, some of that discussion may have taken place in advance of the 2004 and 2010 opinions approving upstream collection of Internet metadata (though, again, I’m now convinced NSA was always lying about what it would take to process that data). But there’s no evidence the discussion has ever happened when discussing the collection of upstream content. As a result, judges are still using made up terms like MCTs, rather than adopting terms that have real technical meaning.

For that reason, it’s particularly troubling Collyer didn’t use — didn’t even consider using, according to the available documentation — an amicus. As Collyer herself notes, upstream surveillance “has represented more than its share of the challenges in implementing Section 702” (and, I’d add, Internet metadata collection).

At a minimum, when NSA was pitching fixes to this, she should have stopped and said, “this sounds like a significant decision” and brought in amicus Amy Jeffress or Marc Zwillinger to help her think through whether this solution really fixes the problem. Even better, she should have brought in a technical expert who, at a minimum, could have explained to her that SCTs pose as big a problem as MCTs; Steve Bellovin — one of the authors of this paper that explores the content versus metadata issue in depth — was already cleared to serve as the Privacy and Civil Liberties Oversight Board’s technical expert, so presumably could easily have been brought into consult here.

That didn’t happen. And while the decision whether or not to appoint an amicus is at the court’s discretion, Collyer is obligated to explain why she didn’t choose to appoint one for anything that presents a significant interpretation of the law.

A court established under subsection (a) or (b), consistent with the requirement of subsection (c) and any other statutory requirement that the court act expeditiously or within a stated time–

(A) shall appoint an individual who has been designated under paragraph (1) to serve as amicus curiae to assist such court in the consideration of any application for an order or review that, in the opinion of the court, presents a novel or significant interpretation of the law, unless the court issues a finding that such appointment is not appropriate;

For what it’s worth, my guess is that Collyer didn’t want to extend the 2015 certificates (as it was, she didn’t extend them as long as NSA had asked in January), so figured there wasn’t time. There are other aspects of this opinion that make it seem like she just gave up at the end. But that still doesn’t excuse her from explaining why she didn’t appoint one.

Instead, she wrote a shitty opinion that doesn’t appear to fully understand the issue and that defers, once again, the issue of what counts as content in a packet.

Without even considering an amicus, Collyer for the first time affirmatively approved the back door searches of content she knows will include entirely domestic communications, effectively affirmatively permitting the NSA to conduct warrantless searches of entirely domestic communications, and with those searches to use FISA for domestic surveillance. In approving those back door searches, Collyer did not conduct her own Fourth Amendment review of the practice.

Moreover, she adopted a claimed fix to a persistent problem — the collection of domestic communications via packet sniffing — without showing any inkling of testing whether the fix accomplished what it needed to. Significantly, in spite of 13 years of problems with packet sniffing collection under FISA, the court still has no public definition about where in a packet metadata ends and content begins, making her “abouts” fix — a fix that prohibits content sniffing without defining content — problematic at best.

I absolutely agree with these senators that the FISC should have its own technical experts.

But in Collyer’s case, the problem is larger than that. Collyer simply blew off USA Freedom Act’s obligation to consider an amicus entirely. Had she appointed Marc Zwillinger, I’m confident he would have raised concerns about the definition of content (as he did when he served as amicus on a PRTT application), whether or not he persuaded her to bring in a technical expert to further lay out the problems.

Collyer never availed herself of the expertise of Zwillinger or any other independent entity, though. And she did so in defiance of the intent of Congress, that she at least explain why she felt she didn’t need such outside expertise.

And she did so in an opinion that made it all too clear she really, really needed that help.

In my opinion, Collyer badly screwed up this year’s reauthorization certificates, kicking the problems created by upstream collection down the road, to remain a persistent FISA problem for years to come. But she did so by blowing off the clear requirement of law, not because she didn’t have technical expertise to rely on (though the technical expertise is probably necessary to finally resolve the issues raised by packet sniffing).

Yet no one but me — not even privacy advocates testifying before Congress — want to call her out for that.

Congress already told the FISA court they “shall” ask for help if they need it. Collyer demonstrably needed that help but refused to consider using it. That’s the real problem here.

I agree with these senators that FISC badly needs its own technical experts. But a technical amicus will do no good if, as Collyer did, a FISC judge fails to consult her amici.

Share this entry

Chris Wray’s DodgeBall and Trump’s Latest Threats

Though I lived-tweeted it, I never wrote up Christopher Wray’s confirmation hearing to become FBI Director. Given the implicit and explicit threats against prosecutorial independence Trump made in this interview, the Senate should hold off on Wray’s confirmation until it gets far more explicit answers to some key questions.

Trump assails judicial independence

The NYT interview is full of Trump’s attacks on prosecutorial independence.

It started when Trump suggested (perhaps at the prompting of Michael Schmidt) that Comey only briefed Trump on the Christopher Steele dossier so he could gain leverage over the President.

Later, Trump called Sessions’ recusal “unfair” to the President.

He then attacked Rod Rosenstein by suggesting the Deputy Attorney General (who, Ryan Reilly pointed out, is from Bethesda) must be a Democrat because he’s from Baltimore.

Note NYT goes off the record (note the dashed line) with Trump in his discussions about Rosenstein at least twice (including for his response to whether it was Sessions’ fault or Rosenstein’s that Mueller got appointed), and NYT’s reporters seemingly don’t think to point out to the President that he appeared to suggest he had no involvement in picking DOJ’s #2, which would seem to be crazy news if true.

Finally, Trump suggested (as he has elsewhere) Acting FBI Director Andrew McCabe is pro-Clinton.

Having attacked all the people who are currently or who have led the investigation into him (elsewhere in the interview, though, Trump claims he’s not under investigation), Trump then suggested that FBI Directors report directly to the President. In that context, he mentioned there’ll soon be a new FBI Director.

In other words, this mostly softball interview (though Peter Baker made repeated efforts to get Trump to explain the emails setting up the June 9, 2016 meeting) served as a largely unfettered opportunity for Trump to take aim at every major DOJ official and at the concept of all prosecutorial independence. And in that same interview, he intimated that the reporting requirements with Christopher Wray — who got nominated, ostensibly, because Comey usurped the chain of command requiring him to report to Loretta Lynch — would amount to Wray reporting directly to Trump.

Rosenstein does what he says Comey should be fired for

Close to the same time this interview was being released, Fox News released an “exclusive” interview with Rod Rosenstein, one of two guys who acceded to the firing of Jim Comey ostensibly because the FBI Director made inappropriate comments about an investigation. In it, the guy overseeing Mueller’s investigation into (in part) whether Trump’s firing of Comey amounted to obstruction of justice, Rosenstein suggested Comey acted improperly in releasing the memos that led to Mueller’s appointment.

And he had tough words when asked about Comey’s recent admission that he used a friend at Columbia University to get a memo he penned on a discussion with Trump leaked to The New York Times.

“As a general proposition, you have to understand the Department of Justice. We take confidentiality seriously, so when we have memoranda about our ongoing matters, we have an obligation to keep that confidential,” Rosenstein said.

Asked if he would prohibit releasing memos on a discussion with the president, he said, “As a general position, I think it is quite clear. It’s what we were taught, all of us as prosecutors and agents.”

While Rosenstein went on to defend his appointment of Mueller (and DOJ’s reinstatement of asset forfeitures), he appears to have no clue that he undermined his act even as he defended it.

Christopher Wray’s dodge ball

Which brings me to Wray’s confirmation hearing.

In fact, there were some bright spots in Christopher Wray’s confirmation hearing, mostly in its last dregs. For example, Dick Durbin noted that DOJ used to investigate white collar crime, but then stopped. Wray suggested DOJ had lost its stomach for such things, hinting that he might “rectify” that.

Similarly, with the last questions of the hearing Mazie Hirono got the most important question about the process of Wray’s hiring answered, getting Wray to explain that only appropriate people (Trump, Don McGahn, Reince Priebus, Mike Pence) were in his two White House interviews.

But much of the rest of the hearing alternated between Wray’s obviously well-rehearsed promises he would never be pressured to shut down an investigation, alternating with a series of dodged questions. Those dodges included:

  • What he did with the 2003 torture memo (dodge 1)
  • Whether 702 should have more protections (dodge 2)
  • Why did Trump fire Comey (dodge 3)
  • To what extent the Fourth Amendment applies to undocumented people in the US (dodge 4)
  • What we should do about junk science (dodge 5)
  • Whether Don Jr should have taken a meeting with someone promising Russian government help to get Trump elected (dodge 6)
  • Whether Lindsey Graham had fairly summarized the lies Don Jr told about his June 9, 2016 meeting (dodge 7)
  • Can the President fire Robert Mueller (dodge 8)
  • Whether it was a good idea to form a joint cyber group with Russia (dodge 9)
  • The role of tech in terrorist recruitment (dodge 9 the second)
  • Whether FBI Agents had lost faith in Comey (dodge 10)
  • Who was in his White House interview — though this was nailed down in a Hirono follow up (dodge 11)

Now, don’t get me wrong, this kind of dodge ball is par for the course for executive branch nominees in this era of partisan bickering — it’s the safest way for someone who wants a job to avoid pissing anyone off.

But at this time of crisis, we can’t afford the same old dodge ball confirmation hearing.

Moreover, two of the these dodges are inexcusable, in my opinion. First, his non-responses on 702. That’s true, first of all, because if and when he is confirmed, he will have to jump into the reauthorization process right away, and those who want basic reforms let Wray off the hook on an issue they could have gotten commitments on. I also find it inexcusable because Wray plead ignorance about 702 even though he played a key role in (not) giving defendants discovery on Stellar Wind, and otherwise was read into Stellar Wind after 2004, meaning he knows generally how PRISM works. He’s not ignorant of PRISM, and given how much I know about 702, he shouldn’t be ignorant of that, either.

But the big one — the absolutely inexcusable non answer that would lead me to vote against him — is his claim not to know the law about whether the President can fire Robert Mueller himself.

Oh, sure, as FBI Director, Wray won’t be in the loop in any firing. But by not answering a question the answer to which most people watching the hearing had at least looked up, Wray avoided going on the record on an issue that could immediately put him at odds with Trump, the guy who thinks Wray should report directly to him.

Add to that the Committee’s failure to ask Wray two other questions I find pertinent (and his answers on David Passaro’s prosecution either revealed cynical deceit about his opposition to torture or lack of awareness of what really happened with that prosecution).

The first question Wray should have been asked (and I thought would have been by Al Franken, who instead asked no questions) is the circumstances surrounding Wray’s briefing of John Ashcroft about the CIA Leak investigation in 2003, including details on Ashcroft’s close associate Karl Rove’s role in exposing Valerie Plame’s identity.

Sure, at some level, Wray was just briefing his boss back in 2003 when he gave Ashcroft details he probably shouldn’t have. The fault was Ashcroft’s, not Wray’s. But being willing to give an inappropriate briefing in 2003 is a near parallel to where Comey found himself, being questioned directly by Trump on a matter which Trump shouldn’t have had access to. And asking Wray to explain his past actions is a far, far better indication of how he would act in the (near) future than his rehearsed assurances he can’t be pressured.

The other question I’d have loved Wray to get asked (though this is more obscure) is how, as Assistant Attorney General for the Criminal Division under Bush, he implemented the July 22, 2002 Jay Bybee memo permitting the sharing of grand jury information directly with the President and his top advisors without notifying the district court of that sharing. I’d have asked Wray this question because it was something he would have several years of direct involvement with (potentially even with the Plame investigation!), and it would serve as a very good stand-in for his willingness to give the White House an inappropriate glimpse into investigations implicating the White House.

There are plenty more questions (about torture and the Chiquita settlement, especially) I’d have liked Wray to answer.

But in spite of Wray’s many rehearsed assurances he won’t spike any investigation at the command of Donald Trump, he dodged (and was not asked) key questions that would have made him prove that with both explanations of his past actions and commitments about future actions.

Given Trump’s direct assault on prosecutorial independence, an assault he launched while clearly looking forward to having Wray in place instead of McCabe, the Senate should go back and get answers. Trump has suggested he thinks Wray will be different than Sessions, Rosenstein, Comey, and McCabe. And before confirming Wray, the Senate should find out whether Trump has a reason to believe that.

Update: I did not realize that between the time I started this while you were all asleep and the time I woke up in middle of the night Oz time SJC voted Wray out unanimously, which is a testament to the absolute dearth of oversight in the Senate.

Share this entry