The Intelligence Community’s Swiss Cheese Preemptive 702 Unmasking Reports: Now with Twice the Holes!

/11 Comments/in , /by

Because a white man still liked by some members of Congress had FISA-collected conversations leaked to the press, Republicans who used to applaud surveillance started to show some more concerns about it this year. That has been making reauthorization of Section 702 unexpectedly challenging. Both the HJC and SJC bills reauthorizing the law include new reporting requirements, which include mandates to provide real numbers for how many Americans get unmasked in FISA reports. There’s no such requirement on the SSCI bill.

Instead, explicitly in response to concerns raised in SSCI’s June 7 hearing on 702 reauthorization (even though the concern was also raised earlier in HJC and SJC hearings), I Con the Record has released an ODNI report on disseminations under FISA, a report it bills as “document[ing] the rigorous and multi-layered framework that safeguards the privacy of U.S. person information in FISA disseminations.”

The report largely restates language that is available in the law or declassified targeting and minimization procedures, though there are a few tidbits worth noting. Nevertheless, the report falls far short of what the SJC and HJC bills lay out, which is a specific count and explanation of the unmasking that happens (though NSA, in carrying out a review of a month’s worth of serialized reports, examining out their treatment of masking, does model what HJC and SJC would request).

The report consists of the DNI report with separate agency reports. I’ll deal with the latter first, then return to the DNI report.

NSA

The NSA report starts by narrowing the scope of the dissemination it will cover significantly in two ways.

This report examines the procedures and practices used by the National Security Agency (NSA) to protect U.S. person information when producing and disseminating serialized intelligence reports derived from signals intelligence (SIGINT) acquired pursuant to Title I and Section 702 of the Foreign Intelligence Surveillance Act of 1978, as amended (FISA). 1

1This report is limited to an examination of the procedures and practices used to protect FISA-acquired U.S. person information disseminated in serialized intelligence reports. This report does not examine other means of dissemination. For purposes of this report, the term “dissemination” should be interpreted as a reference to serialized intelligence reporting, unless otherwise indicated.

First, it treats just Title I and Section 702. That leaves out at least two other known collection techniques of content (to say nothing of metadata) under FISA: Title III (FBI probably does almost all of this, though it might be accomplished via hacking) and Section 704/705b targeting Americans overseas (which has been a significant problem of late).

More importantly, by limiting the scope to serialized reports, NSA’s privacy officer completely ignores the two most problematic means of disseminating US person data: by collecting it off Tor and other location obscured nodes and then deeming it evidence of a crime that can be disseminated in raw form to FBI, and by handing raw data to the FBI (and, to a lesser extent, CIA and NCTC).

As the report turns to whether NSA’s procedures meet Fair Information Practice Principles, then, the exclusion of these four categories of data permit the report to make claims that would be unsustainable if those data practices were included in the scope of the report.

The principle of Data Minimization states that organizations should only collect PII that is directly relevant and necessary to accomplish the specified purpose. The steps taken from the outset of the SIGINT production process to determine what U.S. person information can and should be disseminated directly demonstrate how this principle is met, as do NSA’s procedures and documentation requirements for the proactive and post-publication release of U.S. identities in disseminated SIGINT.

The principle of Use Limitation provides that organizations should use PII solely for the purposes specified in the notice. In other words, the sharing of PII should be for a purpose compatible with the purpose for which it was collected. NSA’s SIGINT production process directly reflects this principle.

[snip]

The principle of Accountability and Auditing states that organization should be accountable for complying with these principles, providing training to all employees and contractors who use personally identifiable information, auditing the actual use of personally identifiable information to demonstrate compliance with these principles and all applicable privacy protections.

For example, the collection of US person data off a Tor node is not relevant to the specified purpose (nor are the criminal categories under which NSA will pass on data). That’s true, too, of Use Limitation: the government is collecting domestic child porn information in the name of foreign intelligence, and the government is doing back door searches of raw 702 data for any matter of purpose. Finally, we know that the government has had auditing problems, particularly with 704/705b. Is that why they didn’t include it in the review, because they knew it would fail the auditing requirement?

CIA

CIA’s report is not as problematic as NSA’s one, but it does have some interesting tidbits. For example, because it mostly disseminates US person information for what it calls tactical purposes and to a limited audience, it rarely masks US person identities.

More specifically, unlike general “strategic” information regarding broad foreign intelligence threats, CIA’s disseminations of information concerning U.S. persons were “tactical” insofar as they were very often in response to requests from another U.S. intelligence agency for counterterrorism information regarding a specific individual, or in relation to a specific national security threat actor or potential or actual victim of a national security threat.

Relatedly, because these disseminations were generally for narrow purposes and sent to a limited number of recipients, the replacement of a U.S. person identity with a generic term (e.g., “named U.S. person,” sometimes colloquially referred to as “masking”) was rare, due to the need to retain the U.S. person identity in order to understand the foreign intelligence information by this limited audience.

CIA, like NSA, has its own unique definition of “dissemination:” That which gets shared outside the agency.

Information shared outside of CIA is considered a dissemination, and is required to occur in accordance with approved authorities, policies, and procedures.

Much later, dissemination is described as retaining information outside of an access-controlled system, which suggests fairly broad access to the databases that include such information.

Prior to dissemination of any information identifying, or even concerning, a U.S. person, the minimization procedures require that CIA make a determination that the information concerning the U.S. person may be retained outside of access-controlled systems accessible only to CIA personnel with specialized FISA training to review unevaluated information. I

Whereas NSA focused very little attention on its targeting process (which allows it to collect entirely domestic communications), CIA outsources much of its responsibility for limiting intake to FBI and NSA (note, unlike NSA, it includes Title III collection in its report, but also doesn’t treat 704/705b). For example, it focuses on the admittedly close FISA scrutiny FBI applications undergo for traditional FISA targeting, but then acknowledges that it can get “unevaluated” (that is, raw) information in some cases.

If requested by FBI in certain cases, unevaluated information acquired by FBI can be shared with CIA.

Likewise, the CIA notes that it can nominate targets to NSA, but falls back on NSA’s targeting process to claim this is not a bulk collection program (one of CIA’s greatest uses of this data is in metadata analysis).

CIA may nominate targets to NSA for Section 702 collection, but the ultimate decision to target a non-U.S. person reasonably believed to be located outside the United States rests with NSA.

[snip]

Section 702 is not a bulk collection program; NSA makes an individualized decision with respect to each non-U.S. person target.

Thus, the failure of the NSA report to talk about other collection methods (in CIA’s case, of incidental US person data in raw data) ports the same failure onto CIA’s report.

NCTC

NCTC’s report is perhaps the most amusing of all. It provides the history of how it was permitted to obtain raw Title I and Title III data in 2012 and 702 data in 2017 (like everyone else, it is silent on 704/705b data, though we know from this year’s 702 authorization they get that too), then says its use and dissemination of 702 data is too new to have been reviewed much.

Because NCTC just recently (in April 2017) obtained FISC authority to receive unminimized Section 702-acquired counterterrorism information, only a small number of oversight reviews have occurred. CLPT is directly involved in such reviews, including reviews of disseminations.

In other words, it is utterly silent about its dissemination of Title I and Title III data compliance. It is likewise silent on a dissemination that is probably unique to NCTC: the addition of US person names to watchlists based off raw database analysis. The dissemination of US person names in this way aren’t serialized reports, but they have a direct impact on the lives of Americans.

FBI

It’s hard to make sense of the FBI document because it lacks logical organization and includes a number of typos. More importantly, over and over it either materially misrepresents the truth (particularly in FBI’s access to entirely domestic communications collected under 702) or simply blows off requirements (most notably with its insistence that back door searches are important, without making any attempt to assess the privacy impact of them).

Bizarrely, the FBI treats just Title I and 702 in its report, even though it would be in charge of Title III collection in the US, and 705b collection would be tied to traditional FISA authorities.

Like CIA, FBI’s relies on NSA’s role in targeting, without admitting that NSA can collect on selectors that it knows to also be used by US persons, and can disseminate the US person data to FBI in case of a crime. Indeed, FBI specifically neglects to mention the 2014 exception whereby NSA doesn’t have to detask from a facility once it discovers US persons are using it as well as the foreign targets.

Targets under Section 702 collection who are subsequently found to be U.S. persons, or non-U.S. persons located in the U.S., must be detasked immediately

The end result if materially false, and false in a way that would involve dissemination of US person data (though not in a serialized report) from NSA to FBI.

The FBI report also pretends that a nomination would pertain primarily to an email address, rather than (for example) and IP address, in spite of later quoting from minimization procedures that reveal it is far broader than that: “electronic communication accounts/addresses/identifiers.”

After talking about its rules on dissemination, the FBI quickly turns to federated database “checks.”

Among other things, since 9/11, the FBI has dedicated considerable time, effort, and money to develop and operate a federated database environment for its agents and analysts to review information across multiple datasets to establish links between individuals and entities who may be associated with national security and/or criminal investigations. This allows FBI personnel to connect dots among various sources of information in support of the FBI’s investigations, including accessing data collected pursuant to FISA in a manner that is consistent with the statute and applicable FISA court orders. The FBI has done this by developing a carefully overseen system that enables its personnel to conduct database checks that look for meaningful connections in its data in a way that protects privacy and guards civil liberties. Maintaining the capability to conduct federated database checks is critical to the FBI’s success in achieving its mission.

But it doesn’t distinguish the legal difference between dissemination and checks. Far more importantly, it doesn’t talk about the privacy impact of these “checks,” a tacit admission that FBI doesn’t even feel the need to try to justify this from a privacy perspective.

Unlike NSA, FBI talks about the so-called prohibition on reverse targeting.

Reverse targeting is specifically prohibited under Section 702.31 “Reverse targeting” is defined as targeting a non-U.S. person who is reasonably believed to be located outside of the U.S. with the true purpose of acquiring communications of either (1) a U.S. person or (2) any individual reasonably believed to be located inside of the U.S. with whom the non-U.S. person is in contact.32

Yet we know from Ron Wyden that this prohibition actually permits FBI to nominate a foreigner even if a purpose of that targeting is to get to the Americans communications.

FBI talks about its new Title I minimization procedures, without mentioning that requirements on access controls and auditing arose in response to violations of such things.

The SMPs require, for example, FISA-acquired information to be kept under appropriately secure conditions that limit access to only those people who require access to perform their official duties or assist in a lawful and authorized governmental function.37 The SMP also impose an auditing requirement for the FBI to “maintain accurate records of all persons who have accessed FISA-acquired information in electronic and data storage systems and audit its access records regularly to ensure that FISA-acquired information is only accessed by authorized individuals.”38

And nowhere does FBI talk about the dissemination of US person data to ad hoc databases.

Remarkably, unlike NSA, FBI didn’t actually appear to review its dissemination practices (at least there’s no described methodology as such). Instead, it reviews its dissemination policy.

The instant privacy review found that the FBI’s SMP and Section 702 MP, which are subject to judicial review, protect the privacy rights of U.S. persons by limiting the acquisition, retention, and dissemination of their non-publicly available information without their consent. In addition, both sets of minimization procedures require that FISA-acquired information only be used for lawful purposes.42

Then it engages in a cursory few line review of whether it complies with FIPP. Whereas NSA assessed compliance with “Transparency, Use Limitation, Data Minimization, Security, Quality and Integrity, Accountability, and Auditing (but found Purpose specification not considered directly relevant), FBI at first assessed only Purpose specification. After noting that such a privacy review is not required in any case because FBI’s systems have been deemed a national security system, it then asserts that “DOJ and FBI conducted a review for internal purposes to ensure that all relevant privacy issues are addressed. These reviews ensure that U.S. person information is protected from potential misuse and/or improper dissemination.”

Later, it uses the affirmative permission to share data with other state and local law enforcement and foreign countries as a privacy limit, finding that it fulfills data minimization and transparency (and purpose, again).

Like the SMP for Title I of FISA, the Section 702 MP permits the FBI to disseminate Section 702-acquired U.S. person information that reasonably appears to be foreign intelligence information or is necessary to understand foreign intelligence information or assess its importance to federal, state, local, and tribal officials and agencies with responsibilities relating to national security that require access to intelligence information.50 The FBI is also permitted to disseminate U.S. person information that reasonably appears to be evidence of a crime to law enforcement authorities.51 In addition, the Section 702 MP provides guidelines that must be met before dissemination of U.S. person information to foreign governments is allowed.52 The dissemination of Section 702 information to a foreign government requires legal review by the NSCLB attorney assigned to the case.53 In light of the above judicially-reviewed minimization procedures for the dissemination of FISA acquired information, the FBI’s current implementation satisfies the data minimization and transparency FIPPs.

With respect to dissemination, FBI focuses on finished intelligence reports, not investigative files, where most data (including data affecting Mike Flynn) would be broadly accessed. Then, far later, it says this review found no violations, “in finished intelligence.”

Finally, the instant review found no indication of noncompliance with the required authorities governing dissemination of U.S. person information in finished intelligence.

At this point, the report appears to be a flashing siren of all the things it either clearly didn’t investigate or wouldn’t describe. Which worries me.

It then turns FBI’s failures to give notice that data derives from FISA as a privacy benefit, rather than a violation of the laws mandating disclosure.

While the redaction of U.S. person information may commonly be referred to as “masking,” the FBI does not generally use that term.

In addition, disseminations or disclosures of FISA-acquired information must be accompanied by a caveat. All caveats must contain, at a minimum, a warning that the information may not be used in a legal proceeding without the advanced authorization of the FBI or Attorney General.48 This helps ensure the information is properly protected.

And in the four paragraphs FBI dedicates to public transparency, it not only doesn’t admit that it has been exempted from most reporting on 702 use, but it doesn’t once mention mandated notice to defendants, which it has only complied with around 8 times.

There are many ways FBI could have handled this report to avoid making it look like a guilty omission that, while its finished intelligence reports aren’t a big US person data dissemination problem, virtually every other way it touches 702 data is. But it didn’t try any of those. Instead, it just engaged in omission after omission.

DNI

My unease over the giant holes in the FBI report carry over to a one detail in the DNI report. It’s only there that the government admits something that Semiannual 702 reports have admitted since FBI dispersed targeting to field offices. While the 702 reviews review pretty much everything NSA does and many things CIA does, the reviews don’t review all FBI disseminations, and they only include in their sample disseminations affirmatively identified as US person information.

As it pertains to reviewing dissemination of Section 702 information, ODNI and DOJ’s National Security Division (NSD) review many of the agencies’ disseminations as part of the oversight reviews to assess compliance with each agency’s respective minimization procedures and with statutory requirements.25 NSD and ODNI examine the disseminations to assess whether any information contained therein that appears to be of or concerning U.S. persons meets the applicable dissemination standard found in the agency’s minimization procedures; whether other aspects of the dissemination requirements (to include limitations on the dissemination of attorney-client communications and the requirement of a FISA warning statement as required by 50 U.S.C. § 1806(b)) have been met; and whether the information disseminated is indicative of reverse targeting of U.S. persons or persons located in the United States.

25For example, as it pertains to NSA, NSD currently reviews all of the serialized reports (with ODNI reviewing a sample) that NSA has disseminated and identified as containing Section 702-acquired U.S. person information. For CIA and NCTC, NSD currently reviews all dissemination (with ODNI reviewing a sample) of information acquired under Section 702 that the agency identified as potentially containing U.S. person information. For FBI, both NSD and ODNI currently review a sample of disseminations of information acquired under Section 702 that FBI identifies as potentially containing U.S. person information.

This is one of a number of reasons why FBI only identified one criminal 702 query last year — only after that one query was selected as part of the review, and only after some haranguing, was it identified as an entirely criminal query.

The DNI report makes one more incorrect claim — that all incidents of non-compliance have been remediated.

Disseminating FISA information in a manner that violates the minimization procedures would, therefore, be a violation of the statute, as would use or disclosure of the information for unlawful purposes. As noted above, identified incidents of non-compliance with the minimization procedures, to include improper disseminations, are reported to the FISC and to the congressional intelligence committees and those incidents are remediated.

That was true before this year, I guess. But Rosemary Collyer, in a deviation from past practice of requiring the government to destroy data collected without authorization, did not require NSA to destroy the poison fruit of unauthorized 704b and other back door queries (though perhaps DNI believes their claim is true given the way everyone has avoided talking about the more troubled collection techniques).

The DNI report ends with a boast about what it calls “transparency.”

These reviews also illustrate the importance of transparency. Historically, many of the documents establishing this framework were classified and not available to the public. In recent years, much progress has been made in releasing information from these documents, and providing context and explanations to make them more readily understandable. We trust that these reviews are a further step in enhancing public understanding of these key authorities. It is important to continue with transparency efforts like these on issues of public concern, such as the protection of U.S. person information in FISA disseminations.

It is true that these reports rely on a great deal of declassified information. But that does not amount to “transparency,” unless you’re defining that to mean something that hides the truth with a bunch of off-topic mumbo jumbo.

This report appears to be an attempt to stave off real reporting requirements for unmasked information — an attempt to placate the Republicans who are rightly troubled that the contents of FISA intercepts in which Mike Flynn was incidentally collected.

But no person concerned about the impact on US persons of FISA should find these reports reassuring. On the contrary, the way in which, agency after agency, the most important questions were dodged should raise real alarms, particularly with respect to FBI.

Share this entry

As We Face Our Current Emergency Let’s Not Forget How (and Who) Our Last One Contributed to This One

/31 Comments/in , , /by

All over Twitter yesterday, people introduced this Michael Hayden tweet decrying Trump’s “assault on truth, a free press or the first amendment” by emphasizing that he served as CIA and NSA Director.

They seem to forget that, in the name of supporting expansive executive authority, Hayden lied to Congress, targeted Thomas Drake for his unclassified communications with the press about Hayden’s support for profiteering contractors, and attacked journalists who have covered the Snowden leaks.

Also on Twitter, Ben Wittes wrote a long thread, advocating that “Americans do not need to be actively contesting right now across traditional left-right divisions” so long as “Americans of good faith collectively band together to face a national emergency.”

In a thread that singles out the First Amendment (though not, predictably, the Fourth), Wittes imagines two main entities that might conduct investigations into Trump: law enforcement and “men and women of the bureaucracy who are courageous enough to come forward and assist,” though he follows quickly with a generalized profession that this non-partisan truce he has unilaterally declared also involves supporting the spooks.

Having declared a truce on “important foreign policy questions,” he then emphasizes we have to keep our promises abroad.

And also we have to keep promises about rights.

The two, together, have set off a debate about what our national emergency really is — where Trump came from.

Remarkably, I’ve seen few pointing back to this remarkable Adam Serwer piece on the whiteness that got Trump elected. As he lays out, Trump got elected because white voters cared more about restoring “traditional” race, sex, and class roles than about all the horrible things Trump espoused.

Trump’s great political insight was that Obama’s time in office inflicted a profound psychological wound upon many white Americans, one that he could remedy by adopting the false narrative that placed the first black president outside the bounds of American citizenship. He intuited that Obama’s presence in the White House decreased the value of what W. E. B. Du Bois described as the “psychological wage” of whiteness across all classes of white Americans, and that the path to their hearts lay in invoking a bygone past when this affront had not taken place, and could not take place.

That the legacy of the first black president could be erased by a birther, that the woman who could have been the first female president was foiled by a man who confessed to sexual assault on tape—these were not drawbacks to Trump’s candidacy, but central to understanding how he would wield power, and on whose behalf.

Americans act with the understanding that Trump’s nationalism promises to restore traditional boundaries of race, gender, and sexuality. The nature of that same nationalism is to deny its essence, the better to salve the conscience and spare the soul.

Serwer’s piece is absolutely required reading.

But his exposition largely focuses on the domestic aspect of white supremacy. This paragraph is one of the few that focuses on the last emergency people like Wittes and Hayden screamed un-self critically about, the never-ending war on terror.

In the meantime, more than a decade of war nationalism directed at jihadist groups has shaped Republican attitudes toward Muslims—from seeing them as potential Republican voters in the late 1990s to viewing them as internal enemies currently. War nationalism always turns itself inward, but in the past, wars ended. Anti-Irish violence fell following the service of Irish American soldiers in the Civil War; Germans were integrated back into the body politic after World War II; and the Italians, Jews, and eastern Europeans who were targeted by the early 20th century’s great immigration scare would find themselves part of a state-sponsored project of assimilation by the war’s end. But the War on Terror is without end, and so that national consolidation has never occurred. Again, Trump is a manifestation of this trend rather than its impetus, a manifestation that began to rise not long after Obama’s candidacy.

And there’s no mention of white supremacy’s foreign counterpart, American exceptionalism, which has long led (white male) Americans to believe America had somehow earned its wealth and prestige without, at the same time, hurting the well-being of others around the world, one which has made Trump’s instinct to demand capitulation from other countries so popular.

Both are, after all, about assuming the capitulation of brown people is the natural order we deserve, whether in our neighborhoods or on the other side of the world.

I raise all this because, in addition to the whiteness problem Serwer lays out, I do think the exceptionalism and expansive executive power that Hayden and Wittes have championed are part of what created this emergency as well. Those who created and sustained that last emergency — those who insisted we needed exceptional measures the last time, exceptional measures that gave Trump far more tools with which to violate norms and persecute enemies — want us to divorce this emergency from their own actions that contributed to it and may make it harder to recover from.

By all means, those who newly admit problems with expansive executive power are welcome to join those of us who’ve long been fighting it. But I’m not sure why everyone wants them to take the lead.

Share this entry

On Giving Thanks in Complicated World

/1 Comment/in /by

This statement is a seed, it’s written to be read aloud at gatherings, but not as-is. Take this, and make it your own, and share with those whom you love and are grateful for.

A harvest scene from Canyonlands NP

My promise for this day is to be thankful. But gratitude is complicated. There’s always the lacuna in thanks, the thing you’re thankful not to be. Whatever or whomever is in that lacuna now, thanking them has a tinge of mean-spirited triumph to it. The thief doesn’t thank the bank teller, the mugger doesn’t thank their victim, not without irony, and not without taking that little bit more: the victim’s agency, and the acknowledgement of the reality that the victim didn’t want this.

So no, I’m not going to say I’m thankful to the natives who lost their land to my ancestors, or even the ancestors who had their land stolen. I’m not thankful for the slave labor that built my state and connected it to my country. I’m not thankful for the wars fought in my name, the ecologies eliminated, the things destroyed in history to bring me here, to this day.

I’m also not going to say thank you to the people who labor right now for next to nothing to pick my coffee and my chocolate, or the children who make my clothes, or the people who poison their own bodies and our world to bring me my technology. To all of those people, and to the harmed earth, I am going to say: I am sorry for, and ashamed of, how we’ve set up this world. And I promise to keep trying to make it better. I promise to not settle for partial and incomplete answers, even while knowing I can never fully get there. I’m willing to make this a life of effort, and I’m willing to give up things, but often I don’t know how to do that in a way that makes the lives of others better, and I can’t promise I’ll ever succeed. So no, I cannot find my gratitude in gifts I received through force. I’m stuck. I must find it elsewhere. And I know that in this whole world I will find nothing to be grateful for that isn’t tinged with sadness, and so my gratitude must also be tinged with sadness. But I believe embracing that complexity makes gratitude more real, not less.

So, what am I thankful for? I am thankful, first and foremost, to be part of the human race; to be part of a species that perceives its home in the great context of the cosmos, and cares for it, and for each other. I am moved beyond words to be part of a community that seeks to improve this world. I am grateful to be part of a tradition of love for humanity that goes back millennia, and slowly, never fast enough, but never still, makes us better.

I am grateful to the people who have told me a rich history of the world. I am grateful to the willing and determined sacrifices that have made for me the infrastructure to hear their voices. To the people who taught me how to listen: my parents, my friends, my neighbors; to the people who wrote the books I found, I say thank you so much. I am so thankful both to the people who told me that we invented great things, and the people who told me we committed great crimes. I am grateful, beyond telling, for the people who have forgiven me and loved me despite the crimes, both great and small, of myself and my ancestors. I am grateful to find in myself the capacity to forgive those who hurt me and mine, as well. I am grateful to see healing in the world.

This is a gratitude that comes with a mission and a velocity of its own, a gratitude with an appetite. It seeks more to be thankful for, compels us to more love and more work for next year and the year after. It is a gratitude that is sad and joyful, complicated, deep, and striving, all at once.

I am thankful for the ways we make each other whole again. And I am thankful for a future that is better than the past.

I am also thankful to Emptywheel for giving me a place publish my grateful thoughts,
to my patrons for helping me have a voice and a more stable life, 
and, most of all, to you.

Share this entry

Kaspersky’s Carrot-and-Stick TAO Compromise Incident Report

/32 Comments/in , /by

Last week, Kaspersky released its investigation into the reported collection of NSA hacking tools off an employee’s computer. Kim Zetter did an excellent story on it, so read that for analysis of what the report said.

The short version, though, is that Kaspersky identified a computer in the Baltimore, MD area that was sending a whole slew of alerts in response to a silent signature for Equation Group software from September to November 2014 — a year earlier than the leaked reports about the incident claimed the compromise had happened. Kaspersky pulled in an archive including those signatures as well as some associated files in the normal course of collecting analysis (and, according to Zetter, did not pull other archives of malware also associated with the machine). Kaspersky IDed it as irregular, and — so they’re claiming — the analyst who found it told Eugene Kaspersky (referred to throughout in the third person “CEO” here), who told told the analyst to destroy the source code and related documents immediately. The report claims Kaspersky subsequently instituted a policy mandating such destruction going forward.

As Zetter notes, the timing of events gets awfully murky about when the file got destroyed and the new destruction policy was instituted.

The company didn’t respond to questions about when precisely it instituted this policy, nor did it provide a written copy of the distributed policy before publication of this article.

Meanwhile, during the same period this machine was sending out all the Equation Group alerts, someone hacked it.

It appears the system was actually compromised by a malicious actor on October 4, 2014 at 23:38 local time,

The report explains this compromise at length, providing (in addition to the precise time), the C&C server URL, a list of 121 other virus signatures found on the machine during the period the Equation Group signatures were alerting. It also links to Kaspersky’s analysis of the backdoor in question, which was developed by Russian criminal hackers.

“It looks like a huge disaster the way it happened with running all this malware on his machine. It’s almost unbelievable,” [Zetter quotes Kaspersky’s director of the company’s Global Research and Analysis Team Costin Raiu].

Thus far, consider what this report does: it makes it clear that Kaspersky has far more detail about the compromise than the anonymous sources leaking to the press are willing to share (all the time with Eugene Kaspersky inviting them to provide more details). It elaborates on the story it had already shared about who the likely culprit was to have stolen and used the files. And it suggests (though I’m not sure I believe it), that it’s entirely the fault of the hacker who turned off Kaspersky’s AV in order to run a pirated copy of Windows Office.

That’s the carrot. Here, Kaspersky is saying, we’ve figured out who stole those files your idiot developer loaded onto his malware-riddled computer. Go get them. Free incident response, three years after the fact!

But it’s the stick I’m just as interested in.

First, as part of its explanation of the process Kaspersky used to hone in on the incident, the report includes a list of hits and false positives on NSA signatures just from September 2014 — effectively providing a list of (dated) malware signatures. While the report notes many of these alerts are false positives, Kaspersky is nevertheless saying, here’s a list of all the victims of your spying we identified for just one month out of the 40 months we just analyzed. Presumably, the hits after September 2014 would have come to include far more true victims.

Then, the report provides a list of all the Equation Group signatures found on the TAO engineers’ computer, providing a snapshot of what one person might work on, a snapshot that would provide useful for those trying to understand NSA’s work patterns.

Even while it provides lists of signatures that will provide others some insight into NSA activity, the report makes a grand show of concern for privacy, redacting the name of the archive as [undisclosed] and including a discussion about how it could have — but chose not to — include the complete file paths of the archive.

Looking at this metadata during current investigation we were tempted to include the full list of detected files and file paths into current report, however, according to our ethical standards, as well as internal policies, we cannot violate our users’ privacy. This was a hard decision, but should we make an exception once, even for the sake of protecting our own company’s reputation, that would be a step on the route of giving up privacy and freedom of all people who rely on our products. Unless we receive a legitimate request originating from the owner of that system or a higher legal authority, we cannot release such information.

Mind you, FSB is the “higher legal authority” in Russia for such things.

Then, in the guise of claiming how little information Kaspersky has on the individual behind all this, the report makes it clear it retains his IP, from which they could reconstitute his identity.

Q3 – Who was this person?

A3 – Because our software anonymizes certain aspects of users’ information, we are unable to pinpoint specifically who the user was. Even if we could, disclosing such information is against our policies and ethical standards. What we can determine is that the user was originating from an IP address that is supposedly assigned to a Verizon FiOS address pool for the Baltimore, MD and surrounding area.

In short, along with providing a detailed description of what likely happened — the hacker got pwned by someone else — Kaspersky lays out all the information on NSA’s hacking activities that it could, if it so chose, make public: who NSA hacked when, who the developer in question is, and more details on how the NSA develops its tools.

But (in the interest of privacy, you understand?) Kaspersky’s not going to do that unless some higher authority forces it to.

Of course, Kaspersky’s collection of all that data on NSA’s hacking is undoubtedly one of the reasons the NSA would prefer it not exist.

A carrot, and a stick.

At the end of her piece, Zetter quotes Rob Joyce laying out the more modest attack on Kaspersky (this stuff shouldn’t be run on sensitive government computers, which it shouldn’t), even while admitting that other AV products have the same privileged access to collect such information on users.

Asked about Kaspersky’s discovery of multiple malware samples on the NSA worker’s home computer, Rob Joyce, the Trump administration’s top cybersecurity adviser who was head of the NSA’s elite hacking division when the TAO worker took the NSA files home and put them on his work computer, declined to respond to Kaspersky’s findings but reiterated the government’s contention that Kaspersky software should be banned from government computers.

“Kaspersky as an entity is a rootkit you run on a computer,” he told Motherboard, using the technical term for stealth and persistent malware that has privileged access to all files on a machine.

He acknowledged that software made by other antivirus companies has the same potential for misuse Kaspersky has but said, Kaspersky is “a Russian company subjected to FSB control and law, and the US government is not comfortable accepting that risk on our networks.”

We shall see if this report serves to halt all the (inaccurate at least with respect to timing, if this report is to be believed) leaks to the press or even the other attacks on Kaspersky.

All that said, there are two parts of this story that still don’t make sense.

First, I share Zetter’s apparent skepticism about the timing of the decision to destroy the source code, which the report describes this way:

Upon further inquiring about this event and missing files, it was later discovered that at the direction of the CEO, the archive file, named “[undisclosed].7z” was removed from storage. Based on description from the analyst working on that archive, it contained a collection of executable modules, four documents bearing classification markings, and other files related to the same project. The reason we deleted those files and will delete similar ones in the future is two-fold; We don’t need anything other than malware binaries to improve protection of our customers and secondly, because of concerns regarding the handling of potential classified materials. Assuming that the markings were real, such information cannot and will not [note this typo] consumed even to produce detection signatures based on descriptions.

This concern was later translated into a policy for all malware analysts which are required to delete any potential classified materials that have been accidentally collected during anti-malware research or received from a third party. Again to restate: to the best of our knowledge, it appears the archive files and documents were removed from our storage, and only individual executable files (malware) that were already detected by our signatures were left in storage.

The key sentence — “it was later discovered … the archive file … was removed” — is a master use of the passive voice. And unlike all the other things for which the report offers affirmative data, the data offered here is the absence of data. “It appears” that the archive is no longer in storage, without any details about when it got removed. The report is also silent about whether any of these events — the removal and claimed destruction and the institution of a new policy to destroy such things going forward — were a response to the Duqu 2 hack discovering such files, as well as the one silent signature integrating the word “secret” described elsewhere in the report, on Kaspersky’s servers.

Then there’s the implausibility of an NSA developer 1) running Kaspersky then 2) turning it off 3) to load a bunch of malware onto his computer in the guise of loading a pirated copy of Office 4) only to have a bunch of other malware infect the computer in the same window of time, finally 5) turning the Kaspersky back on to discover what happened after the fact.

Really? I mean, maybe this guy is that dumb, or maybe there’s another explanation for these forensic details.

In any case, the entire report is a cheeky chess move. I eagerly wait to see if the US’ anonymous leakers respond.

 

Share this entry

How FBI Could Use Reverse Targeting to Use Section 702 against Keith Gartenlaub

/2 Comments/in , /by

Some weeks ago, in a post named, “Evidence the US Government Used Section 702 against Keith Gartenlaub[‘s Parents-in-Law],” I laid out the evidence that Section 702 was used against Keith Gartelaub. As I showed,

  • A warrant in his case seemed to parallel construct Yahoo and Google content, often a sign the government is trying to introduce a second source for PRISM content
  • In spite of reference to Skype metadata, nothing in the court case ever seemed to reflect the content from those calls, in spite of the fact they’d be readily collectible
  • After approving the sharing of FISA information with the National Center for Missing and Exploited Children for traditional FISA data, the government approved such sharing for 702 data the day before they arrested Gartenlaub

But there was just one problem with that argument — one made clear in the title of the post. Ultimately, the government is only supposed to be allowed to target foreigners like Gartenlaub’s “well connected” Chinese parents-in-law, not Gartenlaub. Yet by all appearances, the investigation started with Gartenlaub, basically by deciding that allegations of Boeing theft must mean there was a Boeing theft at Gartenlaub’s location and then, very quickly, settling on Gartenlaub as the likely culprit.

Around January 28, 2013: Agent Wesley Harris reads article that leads him to start searching for Chinese spies at Boeing

February 7, 8, and 22, 2013: Harris interviews Gartenlaub

June 18, 2013: Agent Harris obtains search warrant for Gartenlaub and his wife, Tess Yi’s, Google and Yahoo accounts

So if Agent Harris did obtain 702 data between February, when he first showed interest in Gartenlaub, and June, when he appeared to be parallel constructing Google and Yahoo content, it would have been for the purpose of obtaining information on Gartenlaub, already a focus of the investigation.

That would pretty clearly be reverse targeting (unless, for some reason, the FBI already had a big stash of his in-laws’ communications in their 702 collection, in which it’d come up in a back door search).

In other words, while there’s a good deal of circumstantial evidence that the government used 702 to spy on his conversations with his in-laws, that shouldn’t be allowed under a common sense definition of what reverse targeting does.

Except, as Senator Wyden’s 702 reform and the SSCI bill report make clear, that kind of reverse targeting actually is permitted by current practice.

In his comments to the SSCI bill report, for example, Wyden explained,

The bill does not include a meaningful prohibition on reverse targeting, which would require a warrant when a significant purpose of targeting a foreigner is actually to collect the communications of the American communicant. The current standard permits the government to conduct unlimited warrantless searches on Americans, disseminate the results of those searches, and use that information against those Americans, so long as it has any justification at all for targeting the foreigner.

His own bill would insert language prohibiting the targeting someone outside the US if a significant purpose is to get the communications of someone inside the US. If it was, the bill would require the government to get a Title I (traditional) order. [Bolded language is new.]

(d) Targeting procedures
(1) Requirement to adopt–The Attorney General, in consultation with the Director of National Intelligence, shall adopt targeting procedures that are reasonably designed to—
(A) ensure — 

(aa) that any acquisition authorized under subsection (a) is limited to targeting persons reasonably believed to be located outside the United States; and
(bb) that an application is filed under title I, if otherwise required, when a significant purpose of an acquisition authorized under subsection (a) is to acquire the communications of a particular, known person reasonably believed to be located in the United States; 

And a SSCI Wyden amendment modified by Angus King would prohibit the targeting of someone overseas if a purpose of the targeting was to collect on someone in the US.

By a vote of four ayes to eleven noes, the Committee rejected an amendment by Senator Wyden, as modified by Senator King, which would have revised the standard on current reverse targeting prohibitions to replace ‘‘the’’ with ‘‘a,’’ such that the statute would state ‘‘If a purpose of such acquisition is to target a particular known person.’’ The votes in person or by proxy were as follows: Chairman Burr—no; Senator Risch—no; Senator Rubio—no; Senator Collins—no; Senator Blunt—no; Senator Lankford—no; Senator Cotton—no; Senator Cornyn—no; Vice Chairman Warner—no; Senator Feinstein—no; Senator Wyden—aye; Senator Heinrich— aye; Senator King—aye; Senator Manchin—no; and Senator Harris—aye.

 

Clearly, the current prohibition on reverse targeting actually would nevertheless permit the government to obtain Gartenlaub’s in-laws communications to find out what they talk about in order to assess whether he might be plotting to steal IP from Boeing with them. And even though we still only have circumstantial evidence this is what happened, if it did, it would show the problem with reverse targeting: because Gartenlaub had Chinese in-laws, it (may have) made it far easier to obtain potentially damning information using 702 than it would be for any of his colleagues who didn’t have such ties with anyone of interest in China.

Effectively (again, if Gartenlaub was indeed reverse targeted), it would mean the government could obtain communications without any suspicion from which they could look for evidence of probable cause that he (or his wife) was an agent of a foreign power.

Ultimately, after both a criminal warrant and a FISA warrant claiming they had probable cause Gartenlaub was spying for China, after reading his emails for months, searching his home, and searching multiple devices, the government never found evidence to support that claim. But they did find old child porn (though no forensic evidence showing he had accessed that porn). It appears likely that they would never have found it if he hadn’t had the bad luck of marrying a well-connected Chinese-American.

Share this entry

Today in the Ben Wittes (And Friends) Utter Lack of Self-Awareness File: Family and Friends Edition

/10 Comments/in , , /by

This morning, Ben Wittes called Ashley Feinberg’s discovery of the Twitter account that Jim Comey had himself disclosed the existence of publicly, “a creepy stalking effort.”

Shortly thereafter he went on to backtrack a bit, calling Feinberg’s work “very impressive,” but then pitching his privacy concern as pertaining to Comey’s adult-aged son.

Later in the day he defended against claims he was “being mean” to her by pointing to the time she used his name to get Comey to click on a test phish.

Then Matt Tait weighed in, reaffirming that tracking Comey down through his adult-aged son was very stalkery.

Ultimately, though, they (and Susan Hennessey) end up asking what the news value of Feinberg identifying Comey’s Twitter account was.

Let’s review, shall we? We’re talking about whether it is acceptable for a journalist to use public means (facilitated by a loophole in Instagram), hopping through a public figure’s 22-year old son, to find the public figure’s Twitter account, which he revealed in a televised appearance.

And not just any public figure. This is Jim Comey, the man who, in 2004, declined to reauthorize a bulk Internet metadata dragnet (Comey showed no such compunction about reauthorizing a phone metadata dragnet), only to run to the FISA Court and tell Colleen Collar-Kotelly that she had no discretion but to approve it.

And thus was born the legal codification of the definition of “relevant to” that holds that the metadata of all Americans can be considered “relevant to” FBI’s standing terrorism investigations, the definition that, two years later, would be used to justify collection aspiring to obtain the metadata of all phone calls placed in this country. Not just those who talk to terrorists, but those who talk to the people who talk to them and the people who talk to those who talk to those who talk to them. Including their children.

The Internet dragnet (and the upstream collection that replaced it) collects things like what people get tagged or favorited in Instagram and Twitter accounts — precisely the kind of metadata that led Feinberg to identify Comey’s account.

But that’s not all that’s “relevant to” whether there is any news value to using publicly available metadata to identify a Twitter account that Comey himself revealed.

In 2014, when Jim Comey headed the FBI, DOJ’s Inspector General argued for at least the second time (with the first including practices that occurred while Comey was DAG) that FBI should not be obtaining all records associated with the Friends and Family account of a target.

[T]he significance of the FBI’s request for “associated” records is that the FBI has sought and in some cases received not only the toll billing records and subscriber information of the specific telephone number identified in the NSL, but also the toll billing numbers that belong to the same account — such as numbers in a group or family plan account — without a separate determination and certification by the FBI that the additional records are relevant to an authorized international terrorism investigation. Yet before the FBI may specifically request in an NSL the records of a subject’s family member or partner, Section 2709 would require an authorized official to certify that such records are relevant to a national security investigation. (158)

That is, DOJ’s IG had to tell the FBI for the second time, when Comey was running it, that they shouldn’t be collecting the phone records of a target’s mom or (dependent aged) child or girlfriend because they were associated with accounts relevant to an investigation.

The FBI accepted DOJ IG’s recommendation to ensure that records “associated to” those “relevant to” investigations not be collected, but had only implemented it thus far on the non-automated side of NSL submissions by the time of the report.

Now that we’ve reviewed Jim Comey’s great tolerance for using three hop metadata records as an investigative technique (if not the more targeted collection of records “associated to” those “relevant to” investigations) as well as the mind-numbing definition of what constitutes “relevant to,” let’s return to the context of his discussions about social media. While the Twitter revelation served as evidence for a story that he’s non-partisan, the Instagram one he likes to tell serves to support his claim to care about privacy. Here’s the quote Feinberg included in her piece, but Comey has made this speechlet numerous times over the years.

I care deeply about privacy, treasure it. I have an Instagram account with nine followers. Nobody is getting in. They’re all immediate relatives and one daughter’s serious boyfriend. I let them in because they’re serious enough. I don’t want anybody looking at my photos. I treasure my privacy and security on the internet.

Nobody is getting into his Instagram account (with its loophole permitting people like Feinberg or FBI agents to get to his metadata), Comey said. With respect to content, that seems to be true.

Presumably, he also believed nobody was getting into his Twitter account that at that point just one person — the weak link, Ben Wittes — had followed.

He was wrong.

Jim Comey’s understanding of his own well guarded privacy was overblown, in part because of the inherent insecurity of the platforms he uses and in part because of the OpSec practices of his friend and his son’s friend. I don’t think Comey much cares — in his business, the likelihood that a dumb associate might thwart otherwise admirable operational security (especially on the part of a 22-year old) of a target is a blessing, not a curse.

But it is an awesome illustration of the power and danger of this metadata soup that, under Comey, the government got far more access to.

Now, in threads where I’ve made this argument, people have rightly pointed out that the power of the FBI (which gets far more metadata) and a reporter is somewhat different, as might be the necessity for avoiding any chains involving children. Though the frequency with which Trump and his associates’ own (admittedly older) spawn get included in stories of his corruption demonstrates how important such connections are, even for journalists.

But the contention that FBI’s contact chaining and a journalist’s contact chaining are that different is belied by Comey’s own reaction, his first tweet ever.

Not only did he say he wasn’t mad and compliment her work, but he posted the link to FBI jobs.

I’d say Jim Comey sees a similarity in what Feinberg did.

I’m all in favor of protecting the accounts of children from such contact chaining — and am really not a big fan of contact chaining, generally. But those who, like Comey and Wittes and Hennessey and Tait, have championed a system that endorses at least two hop chaining irrespective of who gets hopped, not to mention those who’ve tolerated the collection on family members in even more targeted surveillance, I’m not all that interested in complaints about the privacy of a 22-year old son.

Or rather, I point to it as yet another example of surveillance boosters not understanding what the policies they embrace actually look like in practice.

Which is precisely why this “doxing” was so newsworthy.

Update: For the benefit of Al, I’m including this link to Comey introducing his children (Brian was 19 at the time, his youngest was 13) at his FBI Director confirmation hearing in 2013; a screencap is above. It sounds like he did the same at his DAG hearing 10 years earlier.

So if you’ve got a concern about their safety you might want to talk to the Senate about the practice of featuring families during confirmation hearings.

Update: Here we are Monday and Gates and Manafort still haven’t found anything liquid to put up as bail. Not only that, but in a filing raising a potential conflict with one of Gates’ money laundering expert lawyers, prosecutors reveal Gates is trying to have his partner from a movie-related firm’s brother serve as surety while also doing so for the partner.

Marc Brown, the brother of defendant Steven Brown, was proposed by Gates as a potential surety despite the facts that they seemingly do not have a significant relationship, they have not had regular contact over the past ten years, and Marc Brown currently serves as a surety for his brother Steven in his ongoing criminal prosecution in New York. In an interview with the Special Counsel’s Office on November 16, Marc Brown listed as a reason for seeking to support Gates that they belonged to the same fraternity (although they did not attend the same college) and that, as such, he felt duty bound to help Gates. Of note, Marc Brown’s financial assets were significantly lower, almost by half, than previously represented by Gates.

Share this entry

Fifteen Years Fighting the War on Terror Would Have Inured Mike Flynn to Kidnapping

/20 Comments/in , , , , /by

As the Wall Street Journal reported this morning, in December 2016, Mike Flynn had a second meeting with representatives of Turkey to discuss a plan to help them kidnap Fethullah Gulen.

Federal Bureau of Investigation agents have asked at least four individuals about a meeting in mid-December at the ‘21’ Club in New York City, where Mr. Flynn and representatives of the Turkish government discussed removing Mr. Gulen, according to people with knowledge of the FBI’s inquiries. The discussions allegedly involved the possibility of transporting Mr. Gulen on a private jet to the Turkish prison island of Imrali, according to one of the people who has spoken to the FBI.

The report has led to some gleeful hand-wringing (and, as always, baby cannon eruptions) from interesting quarters.

For those of us who have opposed the US practice of extraordinary rendition, sure, the notion that Flynn would work with a foreign country to assist in the illegal kidnapping of someone that country considered a terrorist does seem outrageous. But for those who, not so long ago, worried that counterterrorism success might lead us to eschew things like extraordinary rendition, I’m not sure I understand the hand-wringing.

Yet the more effectively we conduct counterterrorism, the more plausible disbelief becomes and the more uncomfortable we grow with policies like noncriminal detention, aggressive interrogation, and extraordinary rendition. The more we convince ourselves that the Devil doesn’t really exist, the less willing we are to use those tools, and we begin reining them in or eschewing them entirely. And we let the Devil walk out of the room.

Especially not when you consider Mike Flynn’s service to the country. For fourteen years, Flynn played a key role in counterterrorism policy, serving in an intelligence role in Afghanistan when we were paying Pakistan bounties just to have enough Arabs to fill Gitmo, serving as Director of Intelligence for JSOC for some of the bloodiest years of the Iraq War, then serving in another intelligence role in Afghanistan during a period when the US was handing prisoners off to Afghanistan to be tortured.

That’s what two presidents, one a Nobel Prize winner, and another increasingly rehabilitated, asked Mike Flynn to do. And in that role, I have no doubt, he was privy to — if not directly in the chain of command — a whole lot of legally dubious kidnapping, including from countries with respectable institutions of law. (In related news, see this report on MI6 and CIA cooperation with Gaddafi, including kidnapping, after 9/11.)

So having spent 14 years kidnapping for the United States, why is it so odd that Flynn would consider it acceptable to help one of our allies in turn, to help them kidnap the kinds of clerics we ourselves have targeted as terrorists.

There is, of course, something different here: the suggestion that Flynn and his son might profit mightily off the arrangement, to the tune of $15 million.

Under the alleged proposal, Mr. Flynn and his son, Michael Flynn Jr., were to be paid as much as $15 million for delivering Fethullah Gulen to the Turkish government, according to people with knowledge of discussions Mr. Flynn had with Turkish representatives. President Recep Tayyip Erdogan, who has pressed the U.S. to extradite him, views the cleric as a political enemy.

But even the notion of bribery to facilitate human rights abuses is not something the US forgoes. One of the biggest disclosures from the SSCI Torture Report, for example, is how the Bush Administration worked to bribe other countries to let us build torture facilities in their countries.

The buddies of those now scolding such arrangements were part of that bribery operation.

The big question with Flynn is whether the similar bribe for this kidnapping operation would have been different from those under the table bribes we paid for our torture facilities. Did they go into the countries’ populace, or did they get pocketed by the national security officials doing the dirty deeds?

I actually don’t mean it to be a gotcha — though I would sure appreciate a little less hypocritical squeamishness from those who elsewhere view such irregular operations as the cost of keeping the country safe (as Erdogan claims to believe to be the case here).

Rather, I raise it to suggest that Mike Flynn knows where the bodies are buried every bit as much as David Petraeus did, when he was facing a criminal prosecution to which the best response was graymail. Flynn surely could demand records of any number of kidnapping operations the United States carried out, and he might well be able to point to bribes paid to make them happen, if Robert Mueller were to charge him for this stuff. It’s different, absolutely, that it happened on US soil. It may (or may not be) different that an individual decided to enrich himself for this stuff.

But this is the kind of thing — Mike Flynn knows well — that the US does do, and that certain hawks have in the past believed to be acceptable.

Share this entry

“The Goals That Are Being Scored” … the Carter Page Saga

/54 Comments/in , , /by

In the middle of the Carter Page testimony to the House Intelligence Committee last week, Adam Schiff tried to get him to answer whether he spoke about buying a stake of Rosneft during his July 2016 trip to Moscow — a key claim from the Steele dossier. Page professed that it might be possible, but he couldn’t remember such a discussion because he was watching Ronaldo on TV at the time.

He may have briefly mentioned it when we were looking up from this Portugal — Ronaldo, whoever the — you know, the goals that are being scored. That may have come up. But I have no definitive recollection of that.

Page comes off, often, as someone utterly clueless about how both the Trump campaign officials and the Russians trying to use him were doing so.

It depends on the definition of meet

That said, the most interesting bits involve the things Page tried to hide or obfuscate, such as his claim he never met Trump even after having been in a lot of meetings with him.

Mr. Rooney: Did you ever meet Mr. Trump?

Mr. Page: I have never met him in my life. I’ve been in a lot of meetings with him, and I’ve learned a lot from him, but never actually met him face-to-face.

He does the same with Arkadiy Dvorkovich, Russia’s Deputy Prime Minister, when Adam Schiff tries to point out that meeting him in July 2016 would amount to meeting a senior official.

Mr. Schiff: And you don’t consider him to be a high-up official or someone in an official capacity?

Mr. Page: I — nothing I — it was — again, I did not meet with him. I greeted him briefly as he was walking off the stage after his speech.

Page even compares these two instances of not-meetings later in his testimony.

[I]t goes back to the point I mentioned with listening to speeches, listening to particularly Arkadiy Dvorkovich’s speech, right. Again, great insights just like I learned great insights — even though I’ve met — I’ve never met Donald J. Trump in my life, I’ve learned a lot from him.

Ultimately, even Trey Gowdy finds this obfuscation around the word “meet” to be too much.

Mr. Gowdy: All right. I’ve written down four different words. I didn’t think I’d ever be going through this with anyone, but we’ve got to, I guess. You seem to draw a distinction between a meeting, a greeting, a conversation, and you hearing a speech.

JD Gordon’s central role

I pointed out last week how JD Gordon was playing the press in the wake of the Papadopoulos plea agreement being unsealed. Page’s testimony may explain why: because Gordon was the key person coordinating Page’s activities.

Page at first tries to hide this, before he admits that JD Gordon was his supervisor on the campaign.

And J.D. Gordon was brought in, and he was sort of the de facto organizers [sic] for our group, although not — there was no official command structure, because, again, it was an informal quasi think tank, if you will.

Page later describes Gordon as the most formal of the foreign policy group.

[T]he thing with J.D. is that — again, we’re an informal group, right. He was probably the most formal. I believe he may have even had — if I’m not mistaken, he may have had a Trump campaign email address. I had spoken with him on that — a few occasions that are — you know, we’d get together for a dinner. I may have sent an email or two to him on that. And again, he never definitively answered one way or another.

And Page seems to have treated his conversations with Gordon with some sensitivity (though there’s any number of reasons why this might be true, including that they were running a cutthroat political campaign). Eric Swalwell walks Page through an email in which he warned Gordon, in advance of a call, that he’d be in the “Third World” Laguardia Sky Club so could only listen, not speak.

Mr. Swalwell: In a May 24th, 2016, email to J.D. Gordon, Bates stamped [redacted], you wrote: “FYI: At the Newark Sky Club, Delta has a private room when you can have a confidential conversation, but, unfortunately, no such luck at Third World LaGuardia. So I’ll mostly be on receive mode, since there are a significant number of people in the lounge.”

Later in testimony, Schiff describes an email Page sent two days later, telling Gordon, “I’m planning to speak alongside the chairman and CEO of Sberbank as we’ll both be giving commencement addresses as Mosscow’s New economic School on July 8” (in fact the meeting never happened; though that may be because Dvorkovich replaced him).

Perhaps most damning of all, when Page “mentioned to [Jeff Sessions] in passing” (yet another exchange that shows Sessions perjured himself before the Senate) that he was about to go to Moscow, Gordon and Papadopoulos were present as well.

Mr. Schiff: Let me take you back to what we were discussing before our break, the meeting you had at the Republican National Headquarters I think is the building you’re referring to, if I understand correctly. What was the nature of the discussions at that meeting with Mr. Sessions, then-Senator Sessions — was J.D. Gordon present?

Mr. Page: I believe he was.

Mr. Schiff: And George Papadopoulos you believe was there?

Mr. Page: I believe, yes, to the best of my recollection.

This puts some of the key players together, discussing how Page’s trip to Moscow might benefit the campaign.

Finally, in spite of his efforts to downplay his exchange with Dvokovich, Page’s letter to Gordon boasting about it was a key focus.

Mr. Schiff: And in that [email], Dr. Page, didn’t you state, on Thursday and Friday, July 7 and 8, 2016: “Campaign Adviser Carter Page” — you’re referring to yourself in the third person — “presented before gatherings at the New Economic Schoo, NES, in Moscow, including their 2006 [sic] commencement ceremony. Russian Deputy Prime Minister and NES Board Member Arkadiy Dvorkovich also spoke before the event. In a private conversation, Dvorkovich expressed strong support for Mr. Trump and a desire to work toward devising better solutions in response to the vast range of current international problems”?

The others

While less substantive than the focus on JD Gordon, it’s clear Democratic members were interested in the roles of others: Corey Lewandowski, who “hired” Page and okayed his trip to Russia, Hope Hicks, who was in the loop, Sam Clovis, who made him sign an NDA and had another meeting with him before he left for Russia, and Michael Cohen, who kept the NDA (and in fact didn’t provide Page his promised copy). Schiff also got the list of those responsible for changing the platform (which I think is overblown) into the record: in addition to Gordon, Joseph Schmitz, Bert Mizusawa, Chuck Kubic, Walid Phares, and Tera Dahl.

But the most interesting exchange came right at the end, when Schiff walked Page through a list of people he might have interacted when. When he asked about Eric Trump, Page admitted to sending his resignation to the son.

Mr. Schiff: Eric Trump.

Mr. Page: I — when I sent in my letter of — saying that I am taking a leave of absence from the campaign, I sent an email to him and a bunch of other individuals. So that was on — late Sunday night, after I sent the letter to James Comey. I sent a copy of that to them.

Mr. Schiff: So you sent a letter to Eric Trump, but you have had no other interaction with him apart from that?

Mr. Page: No. No.

Mueller probably interviewed Page during the Papadopoulos lag

Finally, there is perhaps the most important detail. Page admits he has spoken with the FBI this year 4-5 times (he appears to have been represented by a lawyer earlier this year, but he’s now draining his savings and representing himself). When asked if he has met with Mueller’s investigators, he notes what I did: his October 10 letter sort of pleading the Fifth was addressed, first and foremost, to Robert Mueller, which would put his testimony between the time George Papadopoulos pled guilty to false statements and the time it was unsealed — the time when Mueller was locking in the testimony of everyone implicated by Papadopoulos’ cooperation.

As I noted the other day, in the affidavit the FBI wrote explaining why they wanted to seal any notice of Papadopoulos’ plea deal, they described their plans to get the testimony of the people who had knowledge between Russians and the campaign.

The investigation is ongoing and includes pursuing leads from information provided by and related to the defendant regarding communications he had, inter alia, with certain other individuals associated with the campaign. The government will very shortly seek, among other investigative steps, to interview certain individuals who may have knowledge of contacts between Russian nationals (or Russia-connected foreign nationals) and the campaign, including the contacts between the defendant and foreign nationals set forth in the Statement of Offense incorporated into the defendants plea agreement.

All the people interviewed in what I’ll call the Papadopoulos lag — the time between when he pled guilty and the time they unsealed his plea — likely operated with the false confidence that the Mueller team would not know of conversations among campaign staffers. It appears that Page (like Sam Clovis, and, probably,JD Gordon) was interviewed in that period.

Share this entry

Be Wary of Jumping on the Changing Veselnitskaya Claims

/33 Comments/in , , /by

Boy oh boy, Natalia Vesenitskaya continues to work the press.

Veselnitskaya reverses a previous claim that the June 9, 2016 meeting didn’t mention the election

Bloomberg has a story based on a two and a half hour interview — on an unspecified date — with the Russian lawyer who met with Don Jr, Jared Kushner, and Paul Manafort at Trump Tower on June 9, 2016. In it, she adds to the story she has told in the past to claim that Don Jr suggested the US might revisit the Magnitsky sanctions if his dad got elected.

A Russian lawyer who met with President Donald Trump’s oldest son last year says he indicated that a law targeting Russia could be re-examined if his father won the election and asked her for written evidence that illegal proceeds went to Hillary Clinton’s campaign.

The lawyer, Natalia Veselnitskaya, said in a two-and-a-half-hour interview in Moscow that she would tell these and other things to the Senate Judiciary Committee on condition that her answers be made public, something it hasn’t agreed to. She has received scores of questions from the committee, which is investigating possible collusion between Russia and the Trump campaign. Veselnitskaya said she’s also ready — if asked — to testify to Special Counsel Robert Mueller.

Here’s the line of the story that, if accurate, introduces a damning new aspect of the story.

“Looking ahead, if we come to power, we can return to this issue and think what to do about it,’’ Trump Jr. said of the 2012 law, she recalled. “I understand our side may have messed up, but it’ll take a long time to get to the bottom of it,” he added, according to her.

Perhaps my favorite detail of the story, however, is that she suggests Paul Manafort (the only one known to have taken contemporaneous notes from the meeting) appeared to have been asleep, leaving Don Jr as the only woke witness to what went down.

Kushner left after a few minutes and Manafort appeared to have fallen asleep. “The meeting was a failure; none of us understood what the point of it had been,’’ Veselnitskaya said, adding she had no further contacts with the Trump campaign.

As Bill Browder noted, this marks a change in her story, one which must be contextualized with recent events.

In the days immediately after the story broke, Veselnitskaya released a statement saying nothing about the presidential election came up.

Ms. Veselnitskaya said in a statement on Saturday that “nothing at all about the presidential campaign” was discussed at the Trump Tower meeting. She recalled that after about 10 minutes, either Mr. Kushner or Mr. Manafort left the room.

She said she had “never acted on behalf of the Russian government” and “never discussed any of these matters with any representative of the Russian government.”

Now, she’s claiming different. I’d suggest that this claim, like all that have gone before, should be treated really really skeptically — especially published in the wake of allegations that campaign officials would have walked into that meeting expecting “dirt” to mean emails, not to mention as Veselnitskaya makes another bid to come to the US and Trump prepares to meet directly with Putin.

Veselnitskaya makes this claim as she tries to come to the US and Agalarov attempts to shape the story

Here’s what the recent timeline looks like:

October 4: Burr was asked last month about Veselnitskaya, and suggested SSCI had already reached out.

Q: Is the Russian attorney going to come through, the Russian who met with Donald Trump Jr., she’s offered to come in open committee. Have you reached out to her? Is she one of the 25 on your list?

Burr: How do you know we haven’t already [heard from] her?

October 9: A CNN story produced with involvement of Scott Balber, who is currently representing Aras and Amin Agalarov (who set up the June 9 meeting in the first place), but who has represented Trump in the past, attempts to rebut the public comments and presumed testimony of Rod Goldstone on two points. First, that the meeting was about dealing dirt, and second, that it was about anything but the Magnitsky sanctions.

The documents were provided by Scott Balber, who represents Aras and Emin Agalarov, the billionaire real estate developer and his pop star son who requested the June 2016 meeting.

Balber, who went to Moscow to obtain the documents from Veselnitskaya, said in an interview with CNN that the emails and talking points show she was focused on repealing the Magnitsky Act, not providing damaging information on Clinton.
The message was muddled, Balber said, when it was passed like a game of telephone from Veselnitskaya through the Agalarovs to Goldstone.

Balber also suggested that Goldstone “probably exaggerated and maybe willfully contorted the facts for the purpose of making the meeting interesting to the Trump people.”

Goldstone declined to comment for this story.

“The documents and what she told me are consistent with my client’s understanding of the purpose of the meeting which was from the beginning and at all times thereafter about her efforts to launch a legislative review of the Magnitsky Act,” Balber said.

October 18: Chuck Grassley sends a long list of questions to Veselnitskaya, demanding a response to schedule a transcribed, non-public interview, by October 20. Incidentally, I find this to be the most curious of the questions.

Did Mr. Goldstone or anyone else discuss a proposal regarding Vkontakte (VK) during the June 9, 2016 meeting?

October 19: In remarks in Sochi, amid a complaint about Magnitsky sanctions, Putin tells listeners to look at American sources for details of Ziff political contributions, closely mirroring the talking points now claimed to derived from Veselnitskaya.

What do I think about what you have just said, about Canada joining or wanting to join, or about somebody else wanting to do it? These are all some very unconstructive political games over things, which are in essence not what they look like, to be treated in such a way or to fuss about so much. What lies underneath these events? Underneath are the criminal activities of an entire gang led by one particular man, I believe Browder is his name, who lived in the Russian Federation for ten years as a tourist and conducted activities, which were on the verge of being illegal, by buying Russian company stock without any right to do so, not being a Russian resident, and by moving tens and hundreds of millions of dollars out of the country and hence avoiding any taxes not only here but in the United States as well.

According to open sources, I mean American open sources, please look up Ziff Brothers, the company Mr Browder was connected with, which has been sponsoring the Democratic Party and, substantially less, the Republican Party during recent years. I think the latest transfer, in the open sources I mean, was $1,200,000 for the Democratic Party. This is how they protect themselves.

In Russia, Mr Browder was sentenced in his absence to 9 years in prison for his scam. However, no one is working on it. Our prosecution has already turned to the appropriate US agencies such as the Department of Justice and the Office of the Attorney General for certain information so we can work together on this. However, there is simply no response. This is just used to blow up more anti-Russian hysteria. Nobody wants to look into the matter, into what is actually beneath it. At the bottom of it, as usual, is crime, deception and theft.

October 27: Stories that note Veselnitskaya crafted the talking points on Browder and Ziff, which were then picked up by Russia’s prosecutor general Yuri Chaika, are used to suggest that that means Veselnitskaya got the talking points she wrote from Chaika. In conjunction, several iterations of the talking points are released (but not the ones she originally wrote). Also, Balber again weighs in to distance Agalarov.

Donald Trump Jr. has dismissed Mr. Goldstone’s emails as “goosed-up.” Mr. Balber blamed miscommunication among those arranging the meeting. “Mr. Agalarov unequivocally, absolutely, never spoke to Mr. Chaika or his office about these issues,” he said.

October 30: George Papadopoulos plea makes it clear that that Papadopoulos originally lied to the FBI to hide two things: 1) attempts in the weeks and months after March 31, 2016 to set up meetings with Russians, and 2) knowledge that Russians had dirt on Hillary Clinton in the form of thousands of emails. On the same day, Paul Manafort is indicted, raising the possibility he’ll flip on Trump. Also on same day, government informs SDNY that Prevezon has not paid its fine from May settlement, and asks for the case to be reopened.

October 31: Quinn Emanuel, representing Prevezon, asks that Veselnitskaya be given immigration parole for hearing.

November 2: Government objects to Prevezon request for immigration parole for Vesenitskaya, reiterating in the process they had objected to her entry in 2016, but that she got immigration parole in any case, which she used to attend the June 9 meeting.

The Government, however, has previously refused to extend immigration parole to Katsyv and Veselnitskaya during time periods when they were not to be witnesses. In particular, in the spring of 2016, then-counsel for Prevezon asked the Government to consent to parole for Katsyv and Veselnitskaya to prepare for and attend oral arguments in the Second Circuit on Hermitage’s motion to disqualify Prevezon’s counsel. Because there was no testimony to be given at a Second Circuit oral argument, the Government refused to grant parole to Katsyv or Veselnitskaya for that period. See Ex. A (March 9, 2016 letter to John Moscow).1

Subsequently, according to public news reports, Veselnitskaya obtained a visa from the State Department allowing her to enter the United States to attend the oral argument on June 9, 2016, a day on which she also reportedly engaged in a meeting with representatives of the Trump presidential campaign. See Brook Singman, Mystery Solved? Timeline Shows How RussianLawyer Got into U.S. for Trump Jr. Meeting, Fox News (July 14, 2017), available at http://www.foxnews.com/politics/2017/07/14/mystery-solved-timeline-shows-how-russianlawyer-got-into-us-for-trump-jr-meeting.html. This Office had no involvement in the granting of that visa and has no knowledge of whether Veselnitskaya has attempted to obtain another such visa to enter the country for these proceedings.

[snip]

If a testimonial hearing is ultimately required, and if it features Veselnitskaya or Katsyv as witnesses, the Government can revisit its parole determination at that time.2

2 The Government may not, however, again admit Veselnitskaya into the country to assist in witness preparation if she is not herself a witness. Although the Government did so previously, Veselnitskaya’s reported meeting with presidential campaign officials in June of 2016 (of which this Office was not aware prior to its public reporting) or other factors may alter this assessment. In any event, it is premature to reach this issue where no testimonial hearing is currently scheduled, and none is likely ever to be scheduled.

November 3: Judge Pauley denies Prevezon’s bid for immigration parole for Veselnitskaya.

November 6: Bloomberg story for the first time says Don Jr said he might consider lifting Magnitsky sanctions. It also repeats Veselnitskaya’s promise to answer SJC questions if her answers can be made public.

Senator Chuck Grassley, an Iowa Republican who chairs the Senate Judiciary Committee, has sent her more than 90 questions concerning the meeting, asking whether she knows Putin, Manafort and Kushner, and requesting information about Russian hacking and interference, she said. “That I definitely don’t have!” the lawyer said. “I made up my mind a long time ago: My testimony must be honest, full and public.”

Taylor Foy, a Grassley spokesman, said, “We are encouraged that she is planning to cooperate and look forward to receiving the information.” He wouldn’t comment on whether the committee would comply with her request to make her answers public.

November 10-11: Trump and Putin will meet in Danang, Vietnam, purportedly to talk about North Korea.

This feels like a limited hangout

All of which is to say that the efforts of the last month feel like a limited hangout — an attempt to avoid potentially more damaging revelations with new admissions about Magnitsky. That’s not to say the Magnitsky discussion didn’t happen. It’s to say the potential admissions — down to Veselnitskaya’s claim that, “I definitely don’t have!” information on Russian hacking and interference — have gotten far more damaging since when, in July, she claimed the election didn’t come up.

At the very least, it seems the players — particularly the Trump sponsor Agalarovs  are concerned about what Rob Goldstone has had to say to whatever investigative body — and are now trying to cement a different more damning one, yet one that still stops short of what they might admit to.

In either case, another thing seems clear: Veselnitskaya attempted to come to the country, using the same method she did when she actually used her presence to pitch Don Jr. After that meeting was denied, Trump went from suggesting he might meet with Putin to confirming that he plans to.

Share this entry

Reasons Why Dems Have Been Fucking Stupid on the Steele Dossier: a Long Essay

/93 Comments/in , /by

Let me start this post by reposting in full my explanation of why Trump opponents are idiots for clinging to the Steele dossier, so I can add to that with an explanation of why the disclosure that Marc Elias paid for the dossier on behalf of Hillary and the DNC makes it far, far worse.

I have zero doubt that the Russians attempted to influence the election. I think it likely Robert Mueller will eventually show evidence that senior people in Trump’s camp attempted to and may have coordinated with people working for Russia, and people more tangential to the campaign sought out Russians for help. I think if the full story of the Russian involvement in the election comes out, it will be worse than what people currently imagine.

I also think Trump opponents have made a really grave error in investing so much in the Steele dossier. That’s true because, from the start, there were some real provenance questions about it, as leaked. Those questions have only grown, as I’ll explain below. The dossier was always way behind ongoing reporting on the hack-and-leak, meaning it is utterly useless for one of the most important parts of last year’s tampering. The dossier provides Trump officials a really easy way to rebut claims of involvement, even when (such as with Michael Cohen) there is ample other evidence to suggest inappropriate ties with Russia. Most importantly, the dossier is not needed for the most common reason people cling to it, to provide a framework to understand Trump’s compromise by Russia. By late January, WaPo’s reporting did a far better job of that, with the advantage that it generally proceeded from events with more public demonstrable proof. And (again, given the abundance of other evidence) there’s no reason to believe the Mueller investigation depends on it.

But because Trump opponents have clung to the damn dossier for months, like a baby’s blanket, hoping for a pee tape, it allows Trump, Republicans, and Russians to engage in lawfare and other means to discredit the dossier as if discrediting the dossier will make the pile of other incriminating evidence disappear.

So let’s see how the Marc Elias disclosure makes this far, far worse.

The WaPo reports that Elias’ firm, Perkins Coie, acting on behalf of both Hillary and the DNC, paid Fusion GPS. And they did so much earlier than previously reported, starting in April.

Marc E. Elias, a lawyer representing the Clinton campaign and the DNC, retained Fusion GPS, a Washington firm, to conduct the research.

After that, Fusion GPS hired dossier author Christopher Steele, a former British intelligence officer with ties to the FBI and the U.S. intelligence community, according to those people, who spoke on the condition of anonymity.

Elias and his law firm, Perkins Coie, retained the company in April 2016 on behalf of the Clinton campaign and the DNC. Before that agreement, Fusion GPS’s research into Trump was funded by an unknown Republican client during the GOP primary.

Given the numbering of the dossier, the April date makes far better sense than the June date. In fact, on January 13, I said, “It must have started sometime in April.” Yay me — that’s the one piece of prescience I’ll write about here I’m happy about.

The news comes as Fusion has been digging itself deeper and deeper into a perjury hole in an effort to protect Elias and the Democrats, just as they would have had to release financial documents showing Perkins Coie’s involvement in any case (I’ll do a follow-up to show that Fusion seems to have been using a cute definition of “client” in its sworn legal declarations about the dossier).

Some of the details are included in a Tuesday letter sent by Perkins Coie to a lawyer representing Fusion GPS, telling the research firm that it was released from a ­client-confidentiality obligation. The letter was prompted by a legal fight over a subpoena for Fusion GPS’s bank records.

As the WaPo and an army of Dem flacks have noted since this story broke, it is totally normal to pay oppo research firms for dirt on opponents.

It is!!

Which ought to raise really big questions why Elias didn’t come forward before now to simply admit that Hillary and the Dems — rather than some unnamed big donor as has always been intimated — were doing what every campaign normally does.

And there are several likely reasons for that.

First, consider what position this puts the FBI in. Steele started sharing his information with the FBI during the summer, possibly before the FBI opened an investigation into Trump’s Russian ties (though the CIA claims to have had a report in June about such ties, so the investigation doesn’t derive exclusively from the dossier). It’s still unclear — not even given Steele’s legal statements on this fact — whether Steele shared the information on his own, or whether Fusion permitted him to share. It’s also not clear whether Steele disclosed to FBI who was paying for his work (or even if he actually knew). But it is qualitatively different for the FBI to accept and respond to information from a political party than it is to respond to information paid for by — say — a rich private person like George Soros. That is, admittedly, how the Whitewater investigation got started (so I can appreciate the irony), but it was wrong then and it’s wrong now.

Note, this detail also provides a much better explanation for why the FBI backed out of its planned relationship with Steele in October, one that matches my supposition. As soon as it became clear Elias was leaking the dossier all over as oppo research, the FBI realized how inappropriate it was to use the information themselves, no matter how credible Steele is. This also likely explains why FBI seeded a story with NYT, one Democrats have complained about incessantly since, reporting “none of the investigations so far have found any conclusive or direct link between Mr. Trump and the Russian government.” Ham-handed? Sure. But in the wake of Harry Reid and David Corn’s attempts to force FBI to reveal what Democratic oppo research had handed to FBI, the FBI needed to distance themselves from the oppo research, and make sure they didn’t become part of it. Particularly if Steele was not fully forthcoming about who was paying him, the FBI was fucked.

And consider what Hillary and the DNC did. Back when the June 9 Trump Tower meeting first broke, I warned Democrats who were screaming that this was proof of collusion to be very careful of how they defined it.

[T]hus far, it is not evidence of collusion, contrary to what a lot of people are saying.

That’s true, most obviously, because we only have the implicit offer of a quid pro quo: dirt on Hillary — the source of which is unknown — in exchange for sanctions relief. We don’t (yet) have evidence that Don Jr and his co-conspirators acted on that quid pro quo.

But it’s also true because if that’s the standard for collusion, then Hillary’s campaign is in trouble for doing the same.

Remember: A supporter of Hillary Clinton paid an opposition research firm, Fusion GPS, to hire a British spy who in turn paid money to Russians — including people even closer to the Kremlin than Veselnitskaya — for Russia-related dirt on Don Jr’s dad.

Yes, the Clinton campaign was full of adults, and so kept their Russian-paying oppo research far better removed from the key players on the campaign than Trump’s campaign, which was run by incompetents. But if obtaining dirt from Russians — even paying Russians to obtain dirt — is collusion, then a whole bunch of people colluded with Russians (and a bunch of other foreign entities, I’m sure), including whatever Republican originally paid Fusion for dirt on Trump.

Breaking: Our political process is sleazy as fuck (but then, so are most of our politicians).

I assumed at the time that Democrats were adults and provided Hillary some plausible deniability and distance from the payments to ex-spooks who in turn paid Russian spies.

Serves me right for underestimating, yet again, Hillary’s ability to score own goals, because Nope! They’re not that adult! And so while it pains me greatly to have to say this, the Dems who screamed “COLLUSION!!!!!!!!” after evidence of a meeting but not payment have earned this attack from Ari Fleischer, accusing them of colluding, because that’s the standard they adopted at the time.

Finally, there’s the most interesting thing implicated by the disclosure that Perkins Coie partner Marc Elias paid for the dossier.

As noted, the WaPo explains Elias started to do so in April, which makes far more sense given the numbering of the dossier. But Steele, we know, was brought in in June; his first report, about whether Russia had kompromat on Hillary, was June 20. That means Steele’s involvement, paid for by Perkins Coie, postdates the involvement of Perkins Coie partner (and former DOJ prosecutor who should have known better than to do this) Michael Sussman in the DNC’s response to learning they were hacked by Russia, starting around April 29.

“Not sure it is related to what the F.B.I. has been noticing,” said one internal D.N.C. email sent on April 29. “The D.N.C. may have been hacked in a serious way this week, with password theft, etc.”

No one knew just how bad the breach was — but it was clear that a lot more than a single filing cabinet worth of materials might have been taken. A secret committee was immediately created, including Ms. Dacey, Ms. Wasserman Schultz, Mr. Brown and Michael Sussmann, a former cybercrimes prosecutor at the Department of Justice who now works at Perkins Coie, the Washington law firm that handles D.N.C. political matters.

“Three most important questions,” Mr. Sussmann wrote to his clients the night the break-in was confirmed. “1) What data was accessed? 2) How was it done? 3) How do we stop it?”

It also means that Steele’s involvement — paid for by Perkins Coie — roughly coincides with the time Democrats and Perkins Coie partner Michael Sussman first sat down with the FBI and pushed the FBI to “tell the American public that” Russia had attacked the Democrats.

The D.N.C. executives and their lawyer had their first formal meeting with senior F.B.I. officials in mid-June, nine months after the bureau’s first call to the tech-support contractor. Among the early requests at that meeting, according to participants: that the federal government make a quick “attribution” formally blaming actors with ties to Russian government for the attack to make clear that it was not routine hacking but foreign espionage.

“You have a presidential election underway here and you know that the Russians have hacked into the D.N.C.,” Mr. Sussmann said, recalling the message to the F.B.I. “We need to tell the American public that. And soon.”

Shortly thereafter, Steele, paid for by Perkins Coie, started sharing reports with the FBI, with as yet unknown disclosure to them about who was paying his bills. Do you see why this is a problem yet?

Note, too, the irony. The DNC was unwilling to share their server directly with the FBI. But they were willing to launder their intelligence to it.

Not cool, Democrats. Also, not smart.

Now, add to this massive own goal the Democrats have scored on themselves. The second report in the released dossier, is dated July 26, released four days after WikiLeaks started releasing the DNC emails, making it clear the Democrats had a far bigger hack-and-leak problem on their hands than they had let on in a June 14 story to the WaPo. It is an incredibly back-assward report on Russian hacking that proved unaware of the most basic publicly known details about Russia’s hacking (the Democrats would have been better served reading this report that had been released ten months before, which is almost certainly what FBI was trying to point them to when they first warned of the hack in September). That is, in the wake of the DNC hack, the Democrats’ lawyer paid for private intelligence about Russian involvement with Trump, and they ended up paying someone whose sources (because Steele is a follow-the-money guy, not a follow-the-packets guy) consistently were months and months behind the public knowledge on the hack.

Yikes.

Finally, one more point. It has been clear for some time that Steele’s reports had some kind of feedback loop, responding to information the Democrats got. That was most obvious with respect to the September 14 Alfa Bank report, which was obviously written after first news of the Alfa Bank/Trump Tower story, which was pushed by Democratic partisans. Particularly given that we know the released report is a selective release of just some reports from the dossier, the inclusion of Alfa Bank in that release makes no sense. Even if reports about old corrupt ties between Alfa and Putin are true (as if Democratic politicians and corrupt American banks never have old ties), the inclusion of the Alfa report in the dossier on Trump made zero sense.

Which is why Alfa Bank decided — after consulting with big Republican lawyers like Viet Dinh and soon-to-be DOJ Criminal Division Chief Brian Benczkowski — to sue for defamation. Now I understand why (particularly given that Republicans seem to have known who paid for the dossier for some time). I’m not sure Alfa Bank executives pass the bar for defamation here (though the publication of a report that misspelled Alfa’s name is pretty damning), but the fact that Elias paid for this dossier on behalf of the Democrats is going to make that defamation case far more explosive (and I’ll be surprised if Elias doesn’t get added into the mix).

As I said when I began this: I have no doubt Russia tampered with the election, and if the full truth comes out I think it will be more damning than people now imagine.

But the Democrats have really really really fucked things up with their failures to maintain better ethical distance between the candidate and the dossier, and between the party and the FBI sharing. They’ve made things worse by waiting so long to reveal this, rather that pitching it as normal sleazy political oppo research a year ago.

The case of Russian preference for Trump is solid. The evidence his top aides were happy to serve as Russian agents is strong.

But rather than let FBI make the case for that, Democrats instead tried to make their own case, and they did in such a way as to make the very solid case against Trump dependent on their defense of the dosser, rather than on better backed claims released since then.

Boy it seems sadly familiar, Democrats committing own goals like this. And all that’s before where the lawfare on this dossier is going to go.

Update, 12/6/17: This, from April, is a really interesting claim by claim debunking of the dossier.

Share this entry