Charlie Savage’s Obfuscations in the Service of Claiming Julian Assange Is a Journalist

/21 Comments/in , , , /by

Everyone is fighting for press freedoms again, and therefore lots of people are misrepresenting the facts about Julian Assange’s prosecution in purported defense of press freedom again.

These are the paragraphs with which UK Judge Vanessa Baraitser distinguished what Julian Assange is accused of from what “ordinary investigative journalists” entitled to protection in the UK or European Union do.

99. As part of his assistance to Ms. Manning, [Assange] agreed to use the rainbow tools, which he had for the purpose of cracking Microsoft password hashes, to decipher an alphanumeric code she had given him. The code was to an encrypted password hash stored on a Department of Defence computer connected to the SIPRNet. It is alleged that had they succeeded, Ms. Manning might have been able to log on to computers connected to the network under a username that did not belong to her. This is the conduct which most obviously demonstrates Mr. Assange’s complicity in Ms. Manning’s theft of the information, and separates his activity from that of the ordinary investigative journalist.

100. At the same time as these communications, it is alleged, he was encouraging others to hack into computers to obtain information. This activity does not form part of the “Manning” allegations but it took place at exactly the same time and supports the case that Mr. Assange was engaged in a wider scheme, to work with computer hackers and whistle blowers to obtain information for Wikileaks. Ms. Manning was aware of his work with these hacking groups as Mr. Assange messaged her several times about it. For example, it is alleged that, on 5 March 2010 Mr. Assange told Ms. Manning that he had received stolen banking documents from a source (Teenager); on 10 March 2010, Mr. Assange told Ms. Manning that he had given an “intel source” a “list of things we wanted” and the source had provided four months of recordings of all phones in the Parliament of the government of NATO country-1; and, on 17 March 2010, Mr. Assange told Ms. Manning that he used the unauthorised access given to him by a source, to access a government website of NATO country-1 used to track police vehicles. His agreement with Ms. Manning, to decipher the alphanumeric code she gave him, took place on 8 March 2010, in the midst of his efforts to obtain, and to recruit others to obtain, information through computer hacking.

101. Mr. Assange, it is alleged, had been engaged in recruiting others to obtain information for him for some time. For example, in August 2009 he spoke to an audience of hackers at a “Hacking at Random” conference and told them that unless they were a serving member of the US military they would have no legal liability for stealing classified information and giving it to Wikileaks. At the same conference he told the audience that there was a small vulnerability within the US Congress document distribution system stating, “this is what any one of you would find if you were actually looking”. In October 2009 also to an audience of hackers at the “Hack in the Box Security Conference” he told the audience, “I was a famous teenage hacker in Australia, and I’ve been reading generals’ emails since I was 17” and referred to the Wikileaks list of “flags” that it wanted captured. After Ms. Manning made her disclosures to him he continued to encourage people to take information. For example, in December 2013 he attended a Chaos computer club conference and told the audience to join the CIA in order to steal information stating “I’m not saying don’t join the CIA; no, go and join the CIA. Go in there, go into the ballpark and get the ball and bring it out”.

Assange is not an “ordinary investigative journalist,” according to the judge who ruled that his extradition would not violate journalistic protections, because he allegedly:

  • Tried to help Manning hack a password
  • Solicited hacks of Iceland
  • Identified a vulnerability in a US server and encouraged people to use it
  • In a speech invoking WikiLeaks’ role in helping Edward Snowden to flee to what ended up being Russia, allegedly encouraged people to join the CIA with the express intent of stealing files from it

A key point for Baraitser is this was all happening at the same time, Assange was allegedly soliciting hacks in Iceland even as he attempted to help Manning crack a password, and Manning knew about the other hacking.

Charlie Savage mentions none of this in a story explaining that Julian Assange’s extradition and prosecution, “raised the specter of prosecuting reporters.” He doesn’t even mention the second superseding indictment at all, the one that lays out (among other things) the allegation that Assange entered in a conspiracy to hack Stratfor, a hack that at least six people on both sides of the Atlantic already did time for.

But the specter of prosecuting reporters returned in 2019, when the department under Attorney General William P. Barr expanded a hacking conspiracy indictment of Julian Assange, the WikiLeaks founder, to treat his journalistic-style acts of soliciting and publishing classified information as crimes.

From there, Charlie tells a narrative that WikiLeaks has been pushing as part of Assange’s extradition defense, a claim that because DOJ Public Affairs head Matthew Miller said, in November 2013, that DOJ could not distinguish Julian Assange from what the NYT does, that means that the Obama Administration continued to face that challenge for the remaining three years of the Obama Administration, long after Miller left, and right through the time WikiLeaks played a key role in a Russian intelligence-led attack on American democracy. As Charlie presents it — citing no sources or public records, and I asked him if he was relying on any and he didn’t respond — the decision to prosecute Julian Assange arose not so much from a subsequent investigation that came to distinguish Assange’s actions from those of journalists, but instead because the Trump Administration “was undeterred” about the prospect of damaging “mainstream news outlets.”

Obama-era officials had weighed charging Mr. Assange for publishing leaked military and diplomatic files, but worried about establishing a precedent that could damage mainstream news outlets that sometimes publish government secrets, like The Times. The Trump administration, however, was undeterred by that prospect.

For now, the First Amendment issues are on hold as Mr. Assange fights extradition from Britain. Soon after the Biden administration took office, the Justice Department pressed forward with that extradition effort in British court, leaving the charges in place.

But that was before Mr. Garland was sworn in — and before the latest uproar about the escalating aggression of the Justice Department’s leak investigation tactics prompted him to focus on drafting a new approach that, he testified, will be “the most protective of journalists’ ability to do their jobs in history.”

It’s Trump’s doing, not the result of further investigation, Charlie reports, as news.

The WikiLeaks narrative that Charlie repeats unquestioningly is inconsistent with an April 2017 report — one Assange’s journalism professor expert witness claims to have been unable to find with the magic of Google — that what came to distinguish Assange from other journalists was his role in helping Edward Snowden.

The US view of WikiLeaks and Assange began to change after investigators found what they believe was proof that WikiLeaks played an active role in helping Edward Snowden, a former NSA analyst, disclose a massive cache of classified documents.

We now know, four years later, that not just DOJ but even “mainstream news outlets” considered what WikiLeaks did to help Snowden something other than journalism.

Bart Gellman’s book (which was published before the most recent superseding indictment) not only lays out how WaPo’s lawyers told Gellman that he and Laura Poitras could not safely, under the law, play the role (which is referenced in the superseding indictment against Assange that Charlie doesn’t mention) that WikiLeaks would end up playing, helping Snowden get asylum in what ended up be an adversarial nation. Gellman even cites communications he and Poitras sent to Snowden in real time explaining that taking steps to help Snowden get asylum in what might be, and as it happens turned out to be, a hostile country was not journalism.

We had lawyered up and it showed. “You were clear with me and I want to be equally clear with you,” I wrote. “There are a number of unwarranted assumptions in your email. My intentions and objectives are purely journalistic, and I will not tie them or time them to any other goal.” I was working hard and intended to publish, but “I cannot give you the bottom line you want.”

Poitras wrote to him separately.

There have been several developments since Monday (e.g., your decision to leave the country, your choice of location, possible intentions re asylum), that have come as a surprise and make [it] necessary to be clear. As B explained, our intentions and objectives are journalistic. I believe you know my interest and commitment to this subject. B’s work on the topic speaks for itself. I cannot travel to interview you in person. However, I do have questions if you are still willing to answer them. [my emphasis]

In other words, WaPo’s own lawyers made it clear that helping an intelligence source obtain asylum in another country is not journalism and might, instead, be viewed by the US government as abetting espionage.

Given Charlie’s focus on the transition from the Trump to Biden Administration, there’s something else glaringly absent from his story: the official record on the government response to WikiLeaks’ role in the 2016 election attack. Admittedly, great swaths of that discussion remain redacted (which suggests there’s stuff we may not know), but the Senate Intelligence Committee’s report the Obama Administration’s response to the 2016 Russian interference campaign discussed how part of that process involved “develop[ing] a complete understanding of WikiLeaks.”

The executive branch struggled to develop a complete understanding of WikiLeaks. Some officials viewed WikiLeaks as a legitimate news outlet, while others viewed WikiLeaks as a hostile organization acting intentionally and deliberately to undermine U.S. or allies’ interests.

In other words, in 2016 — three years after the Miller quote that WikiLeaks has trained obedient journalists to parrot unquestioningly — the government came to some new “complete” understanding of WikiLeaks. One of the most important players in this process was then White House Homeland Security Advisor, Lisa Monaco. Her interview with the committee is cited repeatedly in the unredacted passages of the report.

Admittedly, Monaco’s views on how or whether her own understanding of WikiLeaks changed as part of that process do not appear in the report. The SSCI report redacts what those Obama officials came to understand about WikiLeaks in the waning days of the Obama Administration. But, in a story presented as “news,” it seems important to consider how that process might influence Monaco’s understanding of the case against Assange, given that one of the last things she did when last in government was struggle to respond to an attack on American democracy in part because the government treated WikiLeaks as a journalistic outlet for far too long during the attack. Whatever she believes, Monaco knows far more than Matthew Miller, or us, for that matter. We might not agree with her thus far non-public understanding of WikiLeaks, but even the four year old understanding of WikiLeaks she brought to her position as Deputy Attorney General surely will have a bigger influence on DOJ’s decisions about Assange going forward than what the Public Affairs guy said eight years ago.

It’s not that I disagree that some of the charges against Assange — particularly for publishing the names of US and Coalition informants — present a dangerous precedent. They do, and those risks are important to talk about, accurately and honestly. On that note, though, it’s again worthwhile to see how Baraitser distinguishes Assange (note, the circumstances of the release of the informant names is the area where Assange presented the most evidence to challenge the government’s evidence).

The defence submits that, by disclosing Ms. Manning’s materials, Mr. Assange was acting within the parameters of responsible journalism. The difficulty with this argument is that it vests in Mr. Assange the right to make the decision to sacrifice the safety of these few individuals, knowing nothing of their circumstances or the dangers they faced, in the name of free speech. In the modern digital age, vast amounts of information can be indiscriminately disclosed to a global audience, almost instantly, by anyone with access to a computer and an internet connection. Unlike the traditional press, those who choose to use the internet to disclose sensitive information in this way are not bound by a professional code or ethical journalistic duty or practice. Those who post information on the internet have no obligation to act responsibly or to exercise judgment in their decisions. In the modern era, where “dumps” of vast amounts of data onto the internet can be carried out by almost anyone, it is difficult to see how a concept of “responsible journalism” can sensibly be applied.

[snip]

Free speech does not comprise a ‘trump card’ even where matters of serious public concern are disclosed (see Stoll above), and it does not provide an unfettered right for some, like Mr. Assange, to decide the fate of others, on the basis of their partially informed assessment of the risks.

[snip]

The New York Times published the following condemnation on 25 July 2012:

“The Times and the other news organizations agreed at the outset that we would not disclose —either in our articles or any of our online supplementary material — anything that was likely to put lives at risk or jeopardize military or antiterrorist operations. We have, for example, withheld any names of operatives in the field and informants cited in the reports. We have avoided anything that might compromise American or allied intelligence-gathering methods such as communications intercepts. We have not linked to the archives of raw material. At the request of the White House, The Times also urged WikiLeaks to withhold any harmful material from its Web site.”

This is a distinctly European decision. That’s true because in Europe, unlike the US, such protections are tied to being a journalist. Plus Baraitser argued that under EU law, Assange’s release violated privacy protections that simply don’t exist in the US. Mind you, it’s one thing to say the NYT won’t publish details that might endanger military operations and another thing to say such revelations shouldn’t be protected by the First Amendment. Even if WikiLeaks is a “hostile organization acting intentionally and deliberately to undermine U.S. or allies’ interests,” (as SSCI described), that should not, itself, surpass the First Amendment consideration.

But it underscores the point. There are First Amendment problems with the publication charges and, to a lesser extent, the other Manning-focused ones. But Assange actually wouldn’t be the first person extradited from the UK significantly for publication activities, the same thing happened to Minh Quang Pham for the few months he spent as AQAP’s graphic designer. That precedent has not only gone virtually unnoticed, but did little to harm the press freedom of others in the US. Not only are the First Amendment risks of Assange’s prosecution not tied to whether or not Assange is a journalist, but the effort to reinvent both the history of his prosecution and what he is accused of to turn him into a journalist has led a bunch of journalists and press freedom advocates to violate the principles that are supposed to distinguish journalism.

Share this entry

Joshua Schulte Attempts to Hack the Court System

/24 Comments/in /by

Joshua Schulte attempted to complete a hack of the court system yesterday.

I don’t mean that Schulte used computer code to bring down the court systems. His laptop doesn’t connect to the Internet, and so he does not have those tools available. Rather, over the 3.5 years he has been in jail, he has tested the system, figured out which messages can be used to distract adversaries, and which messages have an effect that will lead the system to perform in unexpected ways. He identified vulnerabilities and opportunities — SDNY arrogance, the pandemic and related court delays, Louis DeJoy’s postal system, and even the SAMs imposed on him — and attempted to exploit them.

As a reminder, a jury hung on the most serious charges against Schulte in March 2020. Afterwards, the government moved to retry Schulte quickly, but his defense attorneys said they needed more time, in part because their expert, Steve Bellovin, was for health reasons unwilling to serve as an expert during COVID. Last November, Judge Paul Crotty scheduled a trial to start June 7, 2021, which would have been a week ago Monday. In March, Schulte’s superb attorney, Sabrina Shroff, moved to delay the trial once more, to October, still citing Bellovin’s withdrawal.

Meanwhile, starting in January, Schulte started submitting pro se filings, some filed through Shroff, and some sent directly. The government responded to a motion for habeas corpus (basically, to point out he needs to file suit against the Warden of MCC, not the prosecution), but did not respond to his motion to suppress evidence seized from the MCC jail. When Schulte filed to request direct access to Lexus Nexis, the government responded, in part, by asking Judge Crotty to force Schulte to decide whether he was representing himself, pro se, or, if not, then to solely allow Shroff and her team to make filings on his behalf.

The defendant’s request appears to be an attempt to further his pattern of engaging in inappropriate, quasi-pro se litigation. The Court should not consider the defendant’s instant letter for that reason. “A defendant has a right either to counsel or to proceed pro se, but has no right to ‘hybrid’ representation, in which he is represented by counsel from time to time, but may slip into pro se mode for selected presentations.” United States v. Rivernider, 828 F.3d 91, 108 (2d Cir. 2016). Although the Court has “discretion to hear from a represented defendant personally,” id. at 108 n.5, “the interests of justice will only rarely be served by a defendant’s supplementation of the legal services provided by his . . . counsel,” United States v. Swinton, 400 F. Supp. 805, 806 (S.D.N.Y. 1975). To the extent the defendant has any colorable claims for relief, his attorneys can present them to the Court, and the Court should reject the defendant’s attempts to “slip into pro se mode,” Rivernider, 828 F.3d at 108, whenever it suits him. See, e.g., United States v. Crumble, No. 18 Cr. 32 (ARR), 2018 WL 3112041, at *4 (E.D.N.Y. June 25, 2018) (“As Markus has not elected to represent himself, he does not have a right to make a motion on his own behalf, nor does he have a right to insist that the district court hear his applications. While I have previously exercised my discretion to entertain Markus’s pro se submissions, I will do so no longer. If Markus wishes to file any further motions, he is directed to ask his trial counsel—or appellate counsel— to adopt this motion. I trust that assigned counsel will file any motions that they do not view as frivolous on Markus’s behalf. Any pro se motions made by Markus, however, will be summarily denied.” (cleaned up)).

In any event, even if the Court considers the defendant’s submission, it is without merit. As his letter acknowledges, he has access to legal databases (a fact confirmed by the volume of his recent pro se filings), but additionally he demands special access to “filings, briefs, modern search, and the ability to print.” The defendant’s claims about the purported deficiencies of the databases to which he does in fact have access do not support such demands or establish a basis for relief. “[A]n inmate cannot establish relevant actual injury simply by establishing that his prison’s law library or legal assistance program is subpar in some theoretical sense.” Lewis v. Casey, 518 U.S. 343, 351 (1996). The defendant identifies no reason he should be afforded special access beyond that which the facility provides in the normal course, and at bottom, he is represented by counsel who have the ability to make well-researched and thoroughly prepared legal claims on his behalf.

Crotty denied Schulte’s request for Lexus Nexis, but didn’t address the pro se request.

Meanwhile, two of the three prosecutors on the team, Matthew LaRoche and Sidhardha Kamaraju, withdrew from the case, both because they’ve left government. LaRoche was involved in a prosecution that collapsed because the government committed a Brady violation, but Kamaraju was not. Kamaraju, however, probably has the most computer expertise of the original three.

Yesterday there was a remarkable status hearing. Crotty started by asking the remaining prosecutor, David Denton, when replacement prosecutors will file an appearance. Imminently, Denton said, though it sounded like he didn’t believe that.

Crotty asked whether Shroff has found an expert. Curiously, she explained that Bellovin still can’t do it, even with the waning risk of COVID, because of his schedule at Columbia University. Crotty noted that it is her responsibility to find an expert (she had said in a November status conference that it would amount to ineffective assistance not to have one).

But the real stunner came at the end, when Shroff said that Schulte wanted her to tell the court that he had told the government back in November that he was proceeding pro se. Denton responded that this was the first he had heard of such a thing, and Shroff responded that he was incorrect; Schulte had informed the government in November.

The hearing ended with a commitment to brief whether Schulte can proceed pro se.

It is almost without exception an insanely bad idea for a defendant to represent themselves, and this is probably not that exception. Still, there are advantages that Schulte would get by representing himself. He’s brilliant, and clearly has been studying the law in the 3.5 years he has been in prison (though he has made multiple errors of process and judgment in his own filings). He has repeatedly raised the Sixth Amendment problems with Special Administrative Measures, notably describing how delays in receiving his mail make it impossible for him to respond to legal developments in timely fashion. So I imagine he’d prepare a Sixth Amendment challenge to everything going forward. He’d be able to demand access to the image of the server he is alleged to have hacked himself. By proceeding pro se, Schulte could continue to post inflammatory claims to the docket for sympathetic readers to magnify, as happened with a filing he submitted earlier this year. And after the government has made clear it will reverse its disastrous strategy from the first trial of making the trial all about Schulte’s conflicts with the CIA, by questioning witnesses himself, Schulte would be able to make personality conflicts central again, even against the government’s wishes. Plus, by not replacing Bellovin, Schulte would serve as expert himself. In that role, Schulte would present the false counter story he has been telling since he was jailed, but in a way that the government couldn’t cross-examine him. So it would probably be insanely detrimental, but less so than for most defendants that try it. It certainly would provide a way to mount the defense that Schulte clearly wants to pursue.

But I think that’s just Schulte’s fall-back plan.

I think his current plan is to argue that, because anything his attorneys did in his name after he purportedly informed prosecutors he was proceeding pro se would be a legal nullity, then two things have happened since that allegedly occurred that will permit him to demand immediate release. First, if his attorneys’ agreements to exclude time from the Speedy Trial clock were not valid, then it would mean the government has run out of time to prosecute Schulte. Additionally, if a request that Shroff made in March to reschedule the trial was not valid, then the trial would have still been scheduled for last week. I suspect Schulte will try to argue that the government forgot to hold their trial and so must be released.

Mind you, there’s no evidence in the docket that Schulte informed prosecutors, much less the court, that he was proceeding pro se. There’s a filing he made in April 2020 that claimed he had no lawyers and made requests as if he was proceeding pro se, one that everyone ignored. But according to Shroff, that’s not the notice; the notice took place in November. Still, given how Schulte has carefully tested how the mail system works with SAMs and COVID, I don’t rule out him sending a letter directly to prosecutors.

The other problem with his claim to be proceeding pro se is that in a May filing, Schulte referred to the October trial (meaning, he recognizes the validity of both that request and Shroff’s exclusion of time under the Speedy Trial Act) and complained that his attorney-client mail was being opened. If he were proceeding pro se without Crotty formally appointing Shroff as standby counsel, their communications would have no privilege. So he has said two things in a pro se filing that are inconsistent with really proceeding pro se.

Certainly, Shroff has said things — in multiple venues — that indicate she believed she remained Schulte’s lawyer.

Given that Schulte claims everything his legal team has done since November was done without his sanction, though, the government would seem to have cause to ask Crotty to assign entirely different lawyers to serve as Schulte’s stand-by counsel, if indeed he does proceed pro se going forward. Which would make his plan for the actual trial, if it ever happens, untenable.

To be sure, I’m not saying this is going to work. But the government — what’s left of the prosecution team, anyway — had better understand that Schulte has been treating the court system with the same adversarial approach as he allegedly did the CIA’s servers. Schulte is claiming to have entered a command into his prosecution back in November that hacked the system, effectively changed the effect of everything that has happened since. Just trusting that such a possibility cannot happen under the legal system is probably a bad idea given where the CIA’s trust that Schulte wouldn’t hack the system turned out.

Update: Via InnerCity Press, there’s the transcript of the hearing.

April 12, 2020: Schulte claims he has no attorneys, claims only a few months remain on Speedy Trial

May 31, 2020: Shroff asks for a week extension to respond to government scheduling motion

June 8, 2020: Schroff requests a status conference for August or September 2020, acting as if Schulte’s request did not exist

June 15, 2020: Shroff initiates White Plains grand jury challenge

June 19, 2020: SDNY extends Speedy Trial to July 1, 2020

July 16, 2020: Shroff informs Judge Crotty Schulte will not reply to Rule 29 motion

July 27, 2020: Shroff asks for extension on grand jury challenge

July 28, 2020: Shroff asks for ESXi server (basically a repeat of Schulte’s April request)

July 30, 2020: Shroff asks for two week delay on status hearing citing (in part) Steve Bellovin’s withdrawal

August 14, 2020: Shroff asks for two week extension on reply to request for ESXi server

September 15, 2020: Shroff reply on ESXi laptop

September 16, 2020: SDNY proposes schedule, with January 2021 trial date

September 21, 2020: SDNY responds to Bellovin submission of ex parte declaration

October 14, 2020: SDNY asks for 30 day exclusion

October 30, 2020: Shroff requests Schulte appear remotely

November 4, 2020: Status conference, trial set for June 7, 2021, with time excluded; Shroff maintains it would be ineffective counsel to go to trial without expert

THE COURT: Are you entitled to an expert?

MS. SHROFF: In a case like this, yes. I’m quite certain I’m entitled to an expert. I think it would be clear error and ineffective assistance of counsel to try this case without an expert, without a doubt.

November 16, 2020: Shroff-submitted motion to dismiss on White Plains grand jury

November 19, 2020: Shroff submits request for VTC meeting with Schulte’s family

January 1, 2021: Schulte motion to suppress MCC evidence (docketed February 24)

January 7, 2021: Shroff requests 2 week extension on White Plains grand jury reply

January 19, 2021: Shroff files Schulte pro se motion for writ of habeas corpus regarding SAMs, dated December 25, 2020

January 22, 2021: Shroff requests two week extension on January 21 deadline for reply on White Plains grand jury reply

January 22, 2021: Shroff requests funds for new laptop for Schulte

January 27, 2021: Civil Division AUSA asks Crotty to dismiss motion for writ so it can be refiled naming Warden as defendant

February 22, 2021: Shroff submits reply on White Plains grand jury challenge

February 24, 2021: Schulte files motion to reconsider decision on habeas (docketed March 4)

March 19, 2021: Schulte calls on Crotty to decide his motion to suppress on the merits, given government non-response (docketed April 5)

March 22, 2021: Shroff moves, with consent of Schulte, to reschedule trial to last quarter of 2021

March 24, 2021: Crotty denies motion to dismiss; Crotty reschedules trial for October 25, excludes time

April 12, 2021: Schulte asks for Lexus Nexis (docketed April 29)

May 5, 2021: Schulte complains about mail delays (docketed May 19); among other things it reflects an October trial date and references attorney-client mail

May 7, 2021: Matthew LaRoche withdraws

May 11, 2021: SDNY submits opposition to Lexus Nexis request, including request for order that Schulte not submit pro se

June 3, 2021: Sidhardha Kamaraju withdraws

June 7, 2021: Date of trial scheduled in November 2020

June 15, 2021: Status hearing at which Schulte claims to have been representing himself pro se since November

Share this entry

Carter Page Believed James Wolfe Was Ellen Nakashima’s Source Disclosing His FISA Application Less than a Month After the Story

/15 Comments/in , /by

According to the Statement of Offense to which James Wolfe — the former Senate Intelligence Committee security official convicted of lying about his contacts with journalists — allocuted, Carter Page suspected Wolfe was the source for Ellen Nakashima’s story revealing Page had been targeted with a FISA order. When the former Trump campaign staffer wrote Nakashima to complain about the story less than four weeks after Washington Post published it, Page BCCed Wolfe. [Nakashima is Reporter #1 and Ali Watkins is Reporter #2.]

On May 8, 2017, MALE-1 emailed REPORTER #1 complaining about REPORTER #1’s reporting of him (MALE-1). According to the metadata recovered during the search of Wolfe’s email, Wolfe was blind-copied on that email by MALE-1.

That unexplained detail is important — albeit mystifying — background to two recent stories on leak investigations.

First, as reported last month, Nakashima was one of three journalists whose call records DOJ obtained last year.

The Trump Justice Department secretly obtained Washington Post journalists’ phone records and tried to obtain their email records over reporting they did in the early months of the Trump administration on Russia’s role in the 2016 election, according to government letters and officials.

In three separate letters dated May 3 and addressed to Post reporters Ellen Nakashima and Greg Miller, and former Post reporter Adam Entous, the Justice Department wrote they were “hereby notified that pursuant to legal process the United States Department of Justice received toll records associated with the following telephone numbers for the period from April 15, 2017 to July 31, 2017.” The letters listed work, home or cellphone numbers covering that three-and-a-half-month period.

The scope of the records obtained on the WaPo journalists last year started four days after the Page story, so while some May 11, 2017 emails between Nakashima and Wolfe would have been included in what got seized last year, any contacts prior to the FISA story would not have. And the public details on the prosecution of Wolfe show no sign that Nakashima’s records were obtained in that investigation (those of Ali Watkins, whom Wolfe was in a relationship, however, were). Indeed, the sentencing memo went out of its way to note that DOJ had not obtained deleted Signal texts from any journalists. “The government did not recover or otherwise obtain from any reporters’ communications devices or related records the content of any of these communications.”

That said, Nakashima’s reporting was targeted in two different leak investigations, covering sequential periods, three years apart.

It’s not clear how quickly the Page investigation focused on Wolfe. But it may have outside help. A CBP Agent unconnected to the FBI investigation grilled Watkins on her ties with Wolfe in June 2017.

The Sentencing Memorandum on Wolfe suggests the FBI came to focus on him — and excused their focus — after having learned of his affair with Watkins. They informed Richard Burr and Mark Warner, and obtained the first of several warrants to access his phone.

At the time the classified national security information about the FISA surveillance was published in the national media, defendant James A. Wolfe was the Director of Security for the SSCI. He was charged with safeguarding information furnished to the SSCI from throughout the United States Intelligence Community (“USIC”) to facilitate the SSCI’s critical oversight function. During the course of the investigation, the FBI learned that Wolfe had been involved in the logistical process for transporting the FISA materials from the Department of Justice for review at the SSCI. The FBI also discovered that Wolfe had been involved in a relationship with a reporter (referred to as REPORTER #2 in the Indictment and herein) that began as early as 2013, when REPORTER #2, then a college intern, published a series of articles containing highly sensitive U.S. government information. Between 2014 and 2017, Wolfe and REPORTER #2 exchanged tens of thousands of telephone calls and electronic messages. Also during this period, REPORTER #2 published dozens of news articles on national security matters that contained sensitive information related to the SSCI.

Upon realizing that Wolfe was engaged in conduct that appeared to the FBI to compromise his ability to fulfill his duties with respect to the handling of Executive Branch classified national security information as SSCI’s Director of Security, the FBI faced a dilemma. The FBI needed to conduct further investigation to determine whether Wolfe had disseminated classified information that had been entrusted to him over the past three decades in his role as SSCI Director of Security. To do that, the FBI would need more time to continue their investigation covertly. Typically, upon learning that an Executive Branch employee and Top Secret clearance holder had potentially been compromised in place – such as by engaging in a clandestine affair with a national security reporter – the FBI would routinely provide a “duty-to-warn” notification to the relevant USIC equity holder in order to allow the intelligence agencies to take mitigation measures to protect their national security equities. Here, given the sensitive separation of powers issue and the fact that the FISA was an FBI classified equity, the FBI determined that it would first conduct substantial additional investigation and monitoring of Wolfe’s activities. The FBI’s executive leadership also took the extraordinary mitigating step of limiting its initial notification of investigative findings to the ranking U.S. Senators who occupy the Chair and Vice Chair of the SSCI.2

The FBI obtained court authority to conduct a delayed-notice search warrant pursuant to 18 U.S.C. § 3103a(b), which allowed the FBI to image Wolfe’s smartphone in October 2017. This was conducted while Wolfe was in a meeting with the FBI in his role as SSCI Director of Security, ostensibly to discuss the FBI’s leak investigation of the classified FISA material that had been shared with the SSCI. That search uncovered additional evidence of Wolfe’s communications with REPORTER #2, but it did not yet reveal his encrypted communications with other reporters.

This process — as described by Jocelyn Ballantine and Tejpal Chawla, prosecutors involved in some of the other controversial subpoenas disclosed in the last month — is a useful lesson of how the government proceeded in a case that likely overlapped with the investigation into HPSCI that ended up seizing Swalwell and Schiff’s records. Given that Swalwell was targeted by a Chinese spy, it also suggests one excuse they may have used to obtain the records: by claiming it was a potential compromise.

Still, by the time FBI first informed Wolfe of the investigation, in October 2017, they had obtained his cell phone content showing that he was chatting up other journalists, in addition to Watkins — and indeed, he continued to share information on Page. By the time the FBI got Wolfe to perjure himself on a questionnaire about contacts with journalists in December 2017, they had presumably already searched Watkins’ emails going back years. Wolfe was removed from his position and stripped of clearance, making his indictment six months later only a matter of time.

All that said, the government never proved that Wolfe was the source for Nakashima. And Ballantine’s subpoena for HPSCI contacts, weeks later after FBI searched Wolfe’s phone, may have reflected a renewed attempt to pin the leak on someone, anyone (though it’s not clear whether investigators looked further than Congress, or even to Paul Ryan, who has been suspected of tipping Page off.

If the James Wolfe investigation reflects how they might have approached the HPSCI side, there’s one other alarming detail of this: The FBI alerted someone in Congress of the search, the Chair and Ranking Member of the Committee. But in HPSCI’s case, Schiff was the Ranking Member. Meaning it’s possible that, by targeting on Schiff, FBI gave itself a way to consult only with the Republican Chair of the Committee.

James Wolfe (and the investigation of Natalie Sours Edwards, who was sentenced to six months in prison last week) are an important lesson in leak investigations that serves as important background for Joe Biden’s promise that reporters won’t be targeted anymore. The way you conduct a leak investigation in this day and age is to seize the source’s phone, in part because that’s the only way to obtain Signal texts.

Timeline

March 2017: Exec Branch provides SSCI “the Classified Document,” which includes both Secret and Top Secret information, with details pertaining to Page classified as Secret.

March 2, 2017: James Comey briefs HPSCI on counterintelligence investigations, with a briefing to SSCI at almost the same time.

March 17, 2017: 82 text messages between Wolfe and Watkins.

April 3, 2017: Watkins confirms that Carter Page is Male-1.

April 11, 2017: WaPo reports FBI obtained FISA order on Carter Page.

June 2017: End date of five communications with Reporter #1 via Wolfe’s SSCI email.

June 2017: Using pretext of serving as a source, CBP agent Jeffrey Rambo grills Watkins about her travel with Wolfe.

October 2017: Wolfe offers up to be anonymous source for Reporter #4 on Signal.

October 16, 2017: Wolfe Signals Reporter #3 about Page’s subpoena.

October 17, 2017: NBC reports Carter Page subpoena.

October 24, 2017: Wolfe informs Reporter #3 of timing of Page’s testimony.

October 30, 2017: FBI informs James Wolfe of investigation.

November 15, 2017: 90 days before DOJ informs Ali Watkins they’ve seized her call records.

December 14, 2017: FBI approaches Watkins about Wolfe.

Prior to December 15, 2017 interview: Wolfe writes text message to Watkins about his support for her career.

December 15, 2017: FBI interviews Wolfe.

January 11, 2018: Second interview with Wolfe, after which FBI executes a Rule 41 warrant on his phone, discovering deleted Signal texts with other journalists.

February 6, 2018: Subpoena targeting Adam Schiff and others.

February 13, 2018: DOJ informs Watkins they’ve seized her call records.

June 6, 2018: Senate votes to make official records available to DOJ.

That the Chairman and Vice Chairman of the Senate Select Committee on Intelligence, acting jointly, are authorized to provide to the United States Department of Justice copies of Committee records sought in connection with a pending investigation arising out of allegations of the unauthorized disclosure of information, except concerning matters for which a privilege should be asserted.

June 7, 2018: Grand jury indicts Wolfe.

June 7, 2018: Richard Burr and Mark Warner release a statement:

We are troubled to hear of the charges filed against a former member of the Committee staff. While the charges do not appear to include anything related to the mishandling of classified information, the Committee takes this matter extremely seriously. We were made aware of the investigation late last year, and have fully cooperated with the Federal Bureau of Investigation and the Department of Justice since then. Working through Senate Legal Counsel, and as noted in a Senate Resolution, the Committee has made certain official records available to the Justice Department.

June 13, 2018: Wolfe arraigned in DC. His lawyers move to prohibit claims he leaked classified information.

Share this entry

The [Thus Far] Missing Seth DuCharme Emails Pertaining to Rudy Giuliani’s Russian Disinformation

/24 Comments/in , , /by

As I’ve been harping of late, Billy Barr and Jeffrey Rosen went to great lengths to protect Rudy Giuliani’s efforts to obtain and disseminate what the Intelligence Community already knew was Russian-backed disinformation laundered through Andrii Derkach. That effort included the following:

  • For whatever reason, not warning Rudy that the Intelligence Community knew Russia was targeting him for an information operation before he traveled to his December 2019 meeting with Derkach
  • Prohibiting SDNY from expanding its existing investigation into Rudy’s foreign influence peddling to include his efforts with Derkach by making EDNY a gate-keeper for any such decisions
  • Asking Pittsburgh USA Attorney Scott Brady to accept the information that the IC already knew was Russian disinformation from Rudy
  • Doing nothing while Rudy continued to share information the IC already knew was Russian disinformation during an election
  • After belatedly opening an investigation into the Derkach effort that the IC had known was Russian disinformation for a year, opening it at EDNY and scoping it to ensure that Rudy’s own actions would not be a subject of the investigation

As a result of this remarkable effort, led by the Attorney General and Deputy Attorney General, to protect Russian disinformation, DOJ willingly ingested a bunch of Russian disinformation and used it to conduct an investigation into the son of the President’s opponent.

Last year, when it was disclosed that Barr had directed Brady to willingly accept this Russian disinformation, American Oversight FOIAed and then sued for the paper trail of the effort, submitted as four separate FOIAs:

  1. [To OIP and USAPAW] “Brady Order and Written Approval” — which specifically asked for “two readily-identifiable, specific documents” — described as:
    • The written approval of the Attorney General or Deputy Attorney General authorizing U.S. Attorney for the Western District of Pennsylvania (USAPAW) to create and/or administer a process for receiving purported investigatory information from Rudy Giuliani concerning matters that relate to former Vice President Biden
    • A copy of the Attorney General’s order directing USAPAW to conduct an evaluation, review, probe, assessment, “intake process,” preliminary investigation
  2. [To OIP and USAPAW] “Giuliani Directives, Guidance, & Communications,” described as:
    • All directives or guidance provided to USAPAW regarding an evaluation, review, probe, assessment, “intake process,” preliminary investigation, or other investigation of any information received from Rudy Giuliani, including information that may concern former Vice President Biden
    • All records reflecting communications between (1) the Office of the Attorney General or the Office of the Deputy Attorney General and (2) USAPAW regarding an evaluation, review, probe, assessment, preliminary investigation, or other investigation of any information received from Rudy Giuliani
    • All records reflecting communications within the OAG or the ODAG regarding any evaluation, review, probe, assessment, “intake process,” preliminary investigation, or other investigation of any information received from Rudy Giuliani, including information which may concern former Vice President Biden
  3. [To USAPAW] “Brady-Giuliani Communications,”described as all records reflecting communications between (1) USAPAW in the course of any evaluation, review, probe, assessment, “intake process,” preliminary investigation, or other investigation of any information received from Rudy Giuliani and (2) Rudy Giuliani, or any of Mr. Giuliani’s personal assistants or others communicating on his behalf, including but not limited to Jo Ann Zafonte, Christianne Allen, or Beau Wagner
  4.  [To USAPAW] “Brady-White House Communications,” described as any communications between (1) USAPAW in the course of any evaluation, review, probe, assessment, “intake process,” preliminary investigation, or other investigation of any information received from Rudy Giuliani and (2) anyone at the White House Office

Before American Oversight filed the lawsuit, the Trump Admin did two things that will have an effect on what we’re seeing. First, DOJ combined requests one and two above; as we’ll see, that had the effect of hiding that Barr didn’t put anything in writing. In addition, USAPAW told American Oversight that they were going to refer the request for such an order to Main Justice for referral.

While the lawsuit was filed under the Trump Administration, the substantive response to it started in February. The FOIA is a way to understand more about this effort — both how willing Barr’s DOJ was to put this scheme in writing, as well as the volume of paper trail that it generated.

The first status report, submitted on February 22, revealed the following based on an initial search:

  1. “Brady Order and Written Approval” and “Giuliani Directives, Guidance, & Communications” (aggregated) at Main DOJ: 8,851 items
  2. “Giuliani Directives, Guidance, & Communications” and “Brady-Giuliani Communications” at USAPAW: 1,400 pages
  3. “Brady-White House Communications:” none

The second status report, submitted on April 1, reported that of the initial search, the following was deemed potentially responsive:

  1. “Brady Order and Written Approval” and “Giuliani Directives, Guidance, & Communications” (aggregated) at Main DOJ: 30 pages referred
  2. “Giuliani Directives, Guidance, & Communications” and “Brady-Giuliani Communications” at USAPAW, of 272 pages reviewed so far:
    • 3 pages released in full
    • 189 pages referred to other agencies for consultation
    • 83 duplicates or non-responsive

Here is the USAPAW production.

The third status report, submitted on May 3, reported the following:

  1. “Brady Order and Written Approval” and “Giuliani Directives, Guidance, & Communications” (aggregated) at Main DOJ:
    • 18 pages released in partly redacted form
    • 4 pages withheld entirely under b5 deliberative exemption
    • 6 pages awaiting a response from some other component
  2. “Giuliani Directives, Guidance, & Communications” and “Brady-Giuliani Communications” at USAPAW, of 263 pages reviewed this month:
    • 5 pages released, 3 of which include b6, b7A and b7C redactions
    • 14 pages referred to another component
    • 244 pages non-responsive or duplicates

Here is the USAPAW production and here is the Main DOJ production.

Here’s what has currently been provided to American Oversight (go here for live links).

Note, this may be clarified in upcoming dumps, but for now, there appears to be something very irregular with the OIP response. At first, DOJ said there were up to 8,851 items that were responsive to American Oversight’s request. But with the next status report, DOJ said there were just 30 pages. The most recent release claimed to account for 28 of those 30 pages.

In the second joint status report, OIP stated that it had completed its search and its initial responsiveness and deduplication review of potentially responsive documents and identified approximately 30 pages of material likely responsive to Plaintiff’s request. See ECF No.7, ¶ 2. OIP further stated that it had sent these records out for consultation pursuant to the Department’s regulations, 28 C.F.R. § 16.4(d), and expected to be able to provide its first response to Plaintiff on or around April 29, 2021. Id. On April 29, 2021, OIP made its first interim response. It released 18 pages in part with portions redacted pursuant to Exemptions 5 and/or 6 and withheld four pages in full pursuant to Exemption 5. OIP is awaiting responses from other components on the remaining six pages.

The math looks like this:

18 pages released

4 pages withheld under b5 exemption*

6 pages referred to another component

Total: 28 pages

Remaining: 2 pages

That’s a problem because there are at least two pages of emails that were part of the USAPAW response that must have had a counterpart at DOJ, as well as one missing from both (though USAPAW has 1000 pages to release):

  • A January 3, 2020 email from Seth DuCharme to Scott Brady asking, “Scott do you have time for a quick call today in re a possible discreet assignment from OAG and ODAG?” (Brady’s response, which includes DuCharme’s original, is included in both, but the copy released by OIP was printed out from Brady’s account, not DuCharme’s).
  • A February 11, 2020 email from Brady to DuCharme, asking “Seth, do you have a few minutes to catch up today?” The email should exist in both accounts, and should be included in both OIP and USAPAW’s response.
  • A March 5, 2020 email from Brady to DuCharme, asking “Seth: do you have 5 minutes to talk today?”

Brady resigned effective February 26 and DuCharme resigned effective March 19. At the time he resigned, DuCharme was supervising an investigation into this Derkach stuff, one that excluded Rudy as a subject.

I assume this will become more clear with further releases (indeed, American Oversight may have the next installment already). Perhaps there’s a sound explanation. But thus far, it looks like only the Brady side of exchanges between him and DuCharme have been provided in response.

* The response letter to Jerry Nadler was two pages long, and the draft was sent twice (or there were two drafts), so those probably account for the 4 pages withheld on b5 exemptions.

Share this entry

OpSec Confusion on the Oath Keeper Conspiracy

/36 Comments/in , /by

I write a lot about the comms the Oath Keepers used to plan insurrection. There was the post about how they figured out, too late, not to plan an insurrection on Facebook; of the five counts of obstruction on the Oath Keeper indictment released Sunday, two pertain to Facebook. Then there was the post where I cataloged how many social media platforms were described in the last iteration of the indictment against them.

  • leadership list on Signal they appear to have obtained from either Watkins and/or Kelly Meggs
  • Open channels on Zello, possibly separate ones for each large event
  • Telephony chats and texts, including during January 6
  • MeWe accounts
  • Way too much blabbing on Facebook, followed by a foolish belief they could delete such content
  • Parler for further blabbing
  • Stripe for payment processing (possibly for dues)
  • GoToMeeting for operational planning

The remaining three obstruction charges pertain to this social media activity, one — for Joshua James — specifically describing his attempt to delete and burn the “[S]ignal comms about the op.”

Add hand-written ProtonMail attachments to the toolchest

It turns out I should have included ProtonMail in that list, because both the addresses to which Laura Steele sent her vetting application to join the Oath Keepers on January 3 were ProtonMail addresses, but the government only laid that out in their unsuccessful bid to keep her detained, in an attempt to use its encryption to ascribe to her that operational security.

On the evening of January 3, 2021, Defendant Steele emailed a membership application and vetting form to the Oath Keepers of Florida.4 She copied Defendant Young on the email, and wrote: “My brother, Graydon Young told me to submit my application this route to expedite the process.” Under the section for “CPT Skill Sets (Community Preparedness Team) Experience or Interests,” she checked “Security.” Under “Skillsets,” she wrote: “I have 13 years of experience in Law Enforcement in North Carolina. I served as a K-9 Officer and a SWAT team member. I currently work Private Armed Security for [company name redacted]. I am licensed PPS through the North Carolina Private Protective Services.”

Within 10 minutes, Defendant Steele sent another email, this one directly to Defendant Kelly Meggs’s email account at Proton Mail, again copying Defendant Young. She again attached her application and vetting form, and wrote: “My brother, Graydon Young told me to send the application to you so I can be verified for the Events this coming Tuesday and Wednesday.”

The following day (January 4), Defendant Steele sent the same materials to yet another Oath Keepers email address at Proton Mail. On her email, she copied co-defendants Kelly Meggs and Graydon Young.

4 The email recipient was actually a Florida Oath Keepers account at “protonmail.com.” Proton Mail is housed overseas (in Switzerland) and offers end-to-end encryption. “Even the company hosting your emails has no way of reading them, so you can rest assured that they can’t be read by third parties either.” Mindaugas Jancis, ProtonMail review: have we found the most secure email provider in 2021?, CyberNews, Mar. 4, 2021, at https://cybernews.com/secure-email-providers/protonmail-review.

But Proton is not going to help if one side of a communication is on Gmail or some other email service on which FBI can serve a subpoena. Which may explain how the government obtained this email from the newly indicted Joseph Hackett in the latest superseding.

41. On December 19, 2020, HACKETT sent an email to YOUNG with a subject line “test.” The body of the email stated: “I believe we only need to do this when important info is at hand like locations, identities, Ops planning.” The email had a photo attached; the photo showed cursive handwriting on a lined notepad that stated: “Secure Comms Test. Good talk tonight guys! Rally Point in Northern Port Charlotte at Grays if transportation is possible. All proton mails. 7 May consider [a rally point] that won’t burn anyone. Comms – work in progress. Messages in cursive to eliminate digital reads. Plans for recruitment and meetings.”

7 Based on the investigation, “proton mails” appears to refer to the company “ProtonMail,” which offers encrypted email services.

I’ve not seen anything that suggests the government has obtained Proton Mails from the Oath Keepers conducted entirely on the platform; that may have to wait until someone involved decides to cooperate. But I’m not sure how writing the most sensitive messages on what sounds like dead tree paper before sending it adds to the security.

DOJ’s selective understanding of encryption

One of the more aggravating pieces of confusion in the new indictment, however, comes not from the alleged conspirators but from the government.

The last item in a list of Manner and Means employed in the conspiracy is the use of “secure and encrypted communications.”

Using secure and encrypted communications applications like Signal3 and Zello4 to develop plans and later communicate during the January 6 operation.

The first overt act describes Stewart Rhodes laying out what I am calling the “Antifa foil” on a GoToMeeting meeting.

At a GoToMeeting5 held on November 9, 2020, PERSON ONE told those attending the meeting, “We’re going to defend the president, the duly elected president, and we call on him to do what needs to be done to save our country. Because if you don’t guys, you’re going to be in a bloody, bloody civil war, and a bloody – you can call it an insurrection or you can call it a war or fight.”

As a result, the following footnotes appear on the bottom of the same page.

3 Signal is an encrypted messaging service.

4 Zello is an application that emulates push-to-talk walkie-talkies over cellular telephone networks. Zello can be used on electronic communication devices, like cellular telephones and two-way radios.

5 GoToMeeting is an online meeting site that allows users to host conference calls and video conferences via the Internet in real time.

Start with Zello: It can be secure. But it wasn’t, as used by the Oath Keepers, the day of the insurrection, because it was an open channel. Indeed, the reason we know about it is because journalist Micah Loewinger was following along in real time. Plus, anything saved onto a phone will be accessible once the phone is compromised, just like Signal will. (From the discovery letters shared with the Oath Keepers — the most recent of which is over a month old — the government appears to have initially relied on WNYC’s published versions of the Zello chats. But this superseding indictment includes time stamps from Watkins’ Zello exchanges, which suggests they’ve obtained a more reliable copy since then.

Signal, DOJ says, is encrypted. I have no problem with that. But they started compromising the Signal chats as soon as they exploited Jessica Watkins’ phone. And the latest indictment seems to rely on the exploitation from another of the more involved participants — it’s where the new details on the Quick Reaction Force come from (here’s my rough capture of the communications we’ve seen referenced to date).

What I find annoying is that, after treating Signal and Zello as super spooky applications, DOJ then treats GoToMeeting like a normal tool, just “an online meeting site that allows users to host conference calls and video conferences via the Internet in real time.”

But it is also end-to-end encrypted and has a number of other security features that are necessary for its use by mainstream businesses and health care providers. That said, it is centralized and probably responds eagerly to legal process, which is the distinction DOJ really intends by this. That is, it’s not encryption that makes the use of these apps a useful marker of a conspiracy, it’s decentralized security, security that the Oath Keepers didn’t use with Zello the day of the insurrection. Plus, for a conspiracy indictment, as opposed to other criminal charges, the use of G2M suggests a bureaucratization that should be more useful to prove the case.

In any case, with this fourth indictment, DOJ added content from G2M that was probably meant to be secure: Stewart Rhodes’ “Antifa foil” comments. An initial production of G2M had been provided to defendants by April 9, with a second attempt on April 23. So it may be that it has taken some time to reconstruct whatever full production they might receive from the various Oath Keeper accounts.

The money is the metadata

That said, it is amusing seeing the conspirators try to add a layer of security to the already secure ProtonMail while they’re laying a trail of travel plans that knots them all up into a network. Here are just some of the fleshed out details from the indictment:

79. On January 4, 2021, HARRELSON and DOLAN departed Florida together in a vehicle rented by DOLAN and traveled to the Washington, D.C., metropolitan area.

[snip]

82. On January 4, 2021, PERSON TEN checked into the Hilton Garden Inn in Vienna, Virginia. The room was reserved and paid for using a credit card in PERSON ONE’s name.

[snip]

85. On January 5, 2021, PERSON ONE and MINUTA separately traveled to the Washington, D.C., metropolitan area and checked into the Hilton Garden Inn in Vienna, Virginia.

[snip]

90. KELLY MEGGS paid for two rooms, each for two people, at the Comfort Inn Ballston from January 5-6, 2021. The rooms were reserved under the name of PERSON THREE.

90. KELLY MEGGS paid for two rooms, each for two people, at the Comfort Inn Ballston from January 5-6, 2021. The rooms were reserved under the name of PERSON THREE.

91. KELLY MEGGS also booked two rooms at the Hilton Garden Inn in Washington, D.C., from January 5-7, 2021. KELLY MEGGS paid for both of the rooms, using two different credit cards.

[snip]

93. HACKETT paid for a room at the Hilton Garden Inn in Washington, D.C., from January 5-7, 2021. The room was booked in the name of PERSON SIXTEEN.

[snip]

95. MINUTA, using his personal email address and his personal home address, reserved three rooms at the Mayflower Hotel in Washington, D.C., under the names of MINUTA, JAMES, and PERSON TWENTY. A debit card associated with PERSON FIFTEEN was used to pay for the room reserved under MINUTA’s name. A credit card associated with JAMES was used to pay for the room reserved under JAMES’s name.

Kelly Meggs, by paying for what appears to be the QRF room and another for Person 3 to tend the weapons, would tie the Floridians staying in the DC Hilton Garden with a group coming from at least three states at the Ballston Comfort Inn (and that’s before you consider the surveillance footage that shows others dropping off weapons). Minuta, by reserving three rooms at the Mayflower, would tie Joshua James, Person Twenty, and Person Fifteen to the group, including Minuta, staying at the Vienna Hilton Garden, which includes Rhodes and Person Ten. And there’s at least one known payment — from some unidentified person to James’ wife — that doesn’t show up here.

Post 9/11, it’s hard to hide hotel travel, especially retroactively, after engaging in a terrorist attack, but it doesn’t help that the Oath Keepers didn’t compartment their network at all. So all the encrypted messaging and meeting apps in the world could not hide that this was a network that spanned (thus far, but I’m holding out hope they’ll roll out the first Mississippi defendants any day!) at least seven states.

Update: I’ve taken out a reference to the Ohioans walking Isaacs back to a hotel in DC. They did separate early but it was not to take him back. Thanks to Benny Bryant for the correction.

Share this entry

Latex Gloves Hiding Evidence of Conspiracies: On the Unknown Adequacy of the January 6 Investigation

/27 Comments/in , /by

Since I’ve acquired new readers with my January 6 coverage and since the financial stress of COVID is abating for many, it seems like a good time to remind people this is not a hobby: it is my day job, and I’d be grateful if you support my work.

Update, 6/2: As this post lays out, Hodgkins’ plea was indeed just a garden variety plea. During the hearing he explained the latex gloves. He carries a First Aid kit around all the time and saw Joshua Black’s plastic bullet wound (though he didn’t know Black and didn’t name him in the hearing) and put gloves on in preparation to provide medical assistance. After Black declined his help, he took the latex gloves off.

On Wednesday, June 2, insurrectionist Paul Allard Hodgkins will plead guilty, becoming just the second of around 450 defendants to publicly plead guilty (particularly given the number of people involved, there may be — and I suspect there are — secret cooperation pleas we don’t know about).

NOTICE OF HEARING as to PAUL ALLARD HODGKINS: A Plea Agreement Hearing is set for 6/2/2021, at 11:00 AM, by video, before Judge Randolph D. Moss. The parties shall use the same link for connecting to the hearing.(kt)

This could be the first of what will be a sea of plea deals, people accepting some lesser prison time while avoiding trial by pleading out. But there’s one detail that suggests it could be more, that suggests Hodgkins might have knowledge that would be sufficiently valuable that the government would give him a cooperation deal, rather than just a plea to limit his prison time.

Hodgkins is one of the people who made it to the Senate floor and started rifling through papers there, which by itself has been a locus of recent investigative interest. But he is an utterly generic rioter, wearing a Trump shirt and carrying a Trump flag. According to an uncontested claim in his arrest affidavit, he told the FBI he traveled to the insurrection from Florida alone, by bus. Because the only challenge he made to his release conditions — to his curfew — was oral, and because the prosecutor in his case hasn’t publicly filed any notice of discovery (which would disclose other kinds of evidence against him), there’s nothing more in his docket to explain who he is or what else he did that day, if anything.

But one thing sticks out about him: before he started rifling through papers in the Senate, he put on latex gloves.

It’s not surprising he had gloves. During the pandemic, after all, latex gloves have been readily available, and I’ve wandered around with gloves in my jacket pocket for weeks. But he did show the operational security to put them on, when all around him people were just digging in either bare-handed or wearing the winter or work gloves they had on because it was a pretty cold day.

There’s just one other instance I know of where someone at the insurrection showed that kind of operational security (though there is one person identified by online researchers by the blue latex gloves he wore while playing a clear organizational role outside the Capitol). When one of the guys that Riley June Williams was with started to steal Nancy Pelosi’s laptop, Williams admonished him, “dude, put on gloves” and threw black gloves (which may or may not be latex) onto the table for him to use.

There’s no reason to believe there’s a tie (as it happens, Williams had a status hearing last week where her conditions were loosened so she can look for work). There is a cybersecurity prosecutor, Mona Sedky, who is common to both cases, which sometimes indicates a tie, but she is also on cases against defendants who have no imaginable tie to Williams. But Hodgkins exhibited the kind of operational security that, otherwise, only other people who seemed to be operating from some kind of plan exhibited.

My point is not that there’s a tie, but that we don’t know whether there’s something more interesting about Hodgkins, and we might not even learn whether there is on Wednesday, in significant part because if there is one, prosecutors may not want to share that information publicly.

And I think, particularly in the wake of Republicans’ successful filibuster of a January 6 Commission and discussions of whether there will be any real accountability, that’s a useful illustration about the limits of our ability to measure the efficacy of the investigation right now. Paul Hodgkins could be (and probably is) just some Trump supporter who hopped on a bus, or his latex gloves could be the fingerprint of a connection to more organized forces.

With that said, I’d like to talk about what we can say about the investigation so far, and where it might go.

Last week, when I read this problematic and in several areas factually erroneous attempt to describe the attack in military terms, I realized that readers new to my work may not understand what I do.

I cover a range of things, but when I cover a legal case, I cover the legal case as a means to understand what prosecutors are seeing. That’s different than describing the alleged crime itself; particularly given the flood of defendants, I’m not, for example, reading through scraped social media accounts from before the attack to understand what was planned in the semi-open in advance. But reading the filings closely is one way to understand where the criminal investigation might go and the chances it will be successfully prosecuted and if so how broadly the prosecution will reach.

I’m not a lawyer, though I’ve got a pretty decent understanding of the law, especially the national security crimes I’ve covered for 17 years. But my background in corporate documentation consulting and comparative literature (plus the fact that I don’t have an editor demanding a certain genre of writing) means I approach legal cases differently than most other journalists. For the purposes of this post, for example, my academic expertise in narrative theory makes me attuned to how prosecutors are withholding information and focalizing their approach to preserve investigative equities (or, at times, hide real flaws in their cases). Prosecutors are just a special kind of story-teller, and like novelists and directors they package up their stories for specific effects, though criminal law, the genre dictated by court filings, and prohibitions on making accusations outside of criminal charges impose constraints on how they tell their stories.

One of the tools prosecutors use, both in a legal sense and a story-telling one, is conspiracy. The problematic military analysis, linked above, totally misunderstood that part of my work (as have certain Russian denialists looking for a way to attack that doesn’t involve grappling with evidence): when I map out the conspiracies we’re seeing in January 6, I’m not talking about the overarching conspiracy that made it successful, how the entire event was planned. Rather, I’m observing where prosecutors have chosen to use that tool — by charging four separate conspiracies against Proud Boys that prosecutors are sloppily treating as one, and charging (as of yesterday) sixteen members of the Oath Keepers in a single conspiracy — and where they haven’t, yet — for a set of guys who played key roles in breaching the East door and the Senate chamber who armed themselves and traveled together. As that set of guys shows, prosecutors aren’t limited to using conspiracy with organized militias, and I expect we’ll begin to see some other conspiracies charged against other networks of insurrectionists. It’s virtually certain, for example, that we’ll see some conspiracies charged against activists who first organized together in local Trump protests; I expect we’ll see conspiracies charged against other pre-existing networks (like America First or QAnon or even anti-vaxers who used those pre-existing networks to pre-plan their role in the insurrection).

Conspiracies are useful tools for prosecutors for several purposes. For example, a conspiracy charge can change what you need to prove: that the conspiracy was entered into and steps taken, some criminal, to achieve the conspiracy, rather than the underlying crime. It can used to coerce cooperation from co-conspirators and enter evidence at trial in easier fashion. And it’s the best way to hold organizers accountable for the crimes they recruit others to commit.

If Trump, or even his flunkies, are going to be held accountable for January 6, it will almost certainly be through conspiracy charges built up backwards from the activities at the Capitol. I am agnostic on whether they will be, but it’s not as far a reach as some might think. This handy guide to conspiracy law that Elizabeth de la Vega laid out during the Mueller investigation provides a sense of why that is.

Conspiracy Law – Eight Things You Need to Know.

One: Co-conspirators don’t have to explicitly agree to conspire & there doesn’t need to be a written agreement; in fact, they almost never explicitly agree to conspire & it would be nuts to have a written agreement!

Two: Conspiracies can have more than one object- i.e. conspiracy to defraud U.S. and to obstruct justice. The object is the goal. Members could have completely different reasons (motives) for wanting to achieve that goal.

Three: All co-conspirators have to agree on at least one object of the conspiracy.

Four: Co-conspirators can use multiple means to carry out the conspiracy, i.e., releasing stolen emails, collaborating on fraudulent social media ops, laundering campaign contributions.

Five: Co-conspirators don’t have to know precisely what the others are doing, and, in large conspiracies, they rarely do.

Six: Once someone is found to have knowingly joined a conspiracy, he/she is responsible for all acts of other co-conspirators.

Seven: Statements of any co-conspirator made to further the conspiracy may be introduced into evidence against any other co-conspirator.

Eight: Overt Acts taken in furtherance of a conspiracy need not be illegal. A POTUS’ public statement that “Russia is a hoax,” e.g., might not be illegal (or even make any sense), but it could be an overt act in furtherance of a conspiracy to obstruct justice.

We know that Trump and his flunkies shared the goal of the conspiracies that have already been charged: to prevent the certification of the vote. Trump (and some of his flunkies) played a key role in one of the manner and means charged in most of the conspiracies: To use social media to recruit as many people as possible to get to DC. Arguably, Mike Flynn played another role, in setting the expectation of insurrection.

What’s currently missing is proof (in court filings, as opposed to the public record) that people conspiring directly with Trump were also conspiring directly with those who stormed the Capitol. But we know the White House had contact with some of the conspirators. We know that organizers like Ali Alexander and Alex Jones likewise had ties to both conspirators and Trump’s flunkies (an Alex Jones producer has already been arrested). We know that Flynn had other ties to QAnon (which is why I’ll be interested if the government ever claims QAnon had some more focused direction with respect to January 6). Most of all, Roger Stone has abundant ties with people already charged in the militia conspiracies, and was at the same location as some of the Oath Keepers before they raced to the Capitol in golf carts to join the mob. If Trump or his flunkies are held accountable, I suspect it will go through conspiracies hatched in Florida, and the overlap right now between the Oath Keeper and Proud Boys conspiracies are in Floridians Kelly Meggs and Joe Biggs. But if they are held accountable, it will take time. It’s hard to remember given the daily flow of new defendants, but complex conspiracies don’t get charged in four months, and it will take some interim arrests and a number of cooperating witnesses to get to the top levels of the January 6 conspirators, if it ever happens.

This post, which is meant to be read in tandem with this one, assesses developments in the last week or so in the Oath Keepers conspiracy case.

Share this entry

The Rudy Giuliani Warrants Likely Go Up To the Andrii Derkach Meeting

/in , , , /by

For a variety of reasons, I’d like to look at the probable scope of the Rudy Giuliani warrants. I believe the warrant obtained on April 21 probably goes up to, but not far beyond, the meeting Rudy had with Andrii Derkach on December 5, 2019.

This post is based in part on what Rudy Giuliani, Victoria Toensing, and Lev Parnas have telegraphed about these warrants. None of these people are reliable, but Rudy and Toensing, at least, are clearly trying to share information with potential co-conspirators and therefore would want to be accurate. And whether or not the redaction fail in Parnas’ letter was intentional, I believe Parnas was trying to maximize the discomfort that these warrants might pose to powerful people (Parnas knows the targets and dates of the warrants, but it’s not clear whether he knows the date ranges). The post also includes claims from the government response to Parnas’ request for access to the Rudy and Toensing content; the government is reliable but still obviously hiding stuff.

Per Parnas, he knows of three warrants targeting Rudy:

  • A November 4, 2019 warrant targeting Rudy’s iCloud and email accounts
  • An April 13, 2021 warrant obtaining historical and prospective cell site information from Rudy (and Toensing)
  • An April 21, 2021 warrant targeting what ended up being 18 devices from Rudy

Here’s what these letters claim about the warrants:

  • The November 4, 2019 warrant “commences when Mayor Giuliani began to represent Donald Trump”
  • The start date of the November 4, 2019 warrant was “the commencement of Giuliani’s representation of former President Donald Trump”
  • Rudy believes the iCloud warrant obtained “communications with, and on behalf of, the sitting President, containing material relating to the impending impeachment”
  • The date range for the April 21, 2021 warrant began “three months later than the iCloud account”
  • The end date for the April 21, 2021 warrant went “56 days” later than the iCloud warrant
  • The warrant required Apple turn over “subscriber and payment information, device information and settings, transactional records, address book information, call history and voicemails, text message content, email content, photos and videos, documents, search and web histories, third-party application data, location date and iOS device backups” (this is boilerplate, but most people don’t understand how comprehensive a cloud warrant, to Apple or Google, can be)
  • The government showed probable cause that the iCloud account included evidence of “22 USC §§612 and 618 [FARA], 18 USC §951 [Foreign Agent], 18 USC §2 [Abetting], and 18 USC §371 [Conspiracy to defraud the US]”
  • Two days after the warrants targeting Rudy and Toensing, SDNY obtained a warrant targeting Yuri Lutsenko; later warrants targeted two other Ukrainians, Roman Nasirov and Alexander Levin
  • The treatment of information pertaining to someone Toensing represents (possibly, but not definitely, Dmitro Firtash) was more limited in her later warrant
  • Parnas believes that some of the information (though he doesn’t specify whether from the November 2019 or the April 2021 search) would include information “that may have been deleted”
  • Parnas believes that the warrants obtained “the communications immediately following the defendants’ arrest” on October 10, 2019
  • The 2019 returns do not contain any evidence relating to Parnas’ campaign finance charges and no non-duplicative statements from Parnas about Fraud Guarantee

Particularly given the way DOJ removed Parnas and Igor Fruman’s influence peddling for Yuri Lutsenko in their September 17, 2020 superseding indictment, it is virtually certain that this investigation involves, at a minimum, the ultimately successful Lutsenko-backed efforts to get Marie Yovanovitch fired in 2019.

This JustSecurity timeline is enormously helpful for reviewing the entanglements between Parnas and Fruman with Lutsenko (as well as the other events that SDNY is likely interested in). Rudy formally became Trump’s lawyer in April 2018, though there were discussions about him (and Toensing and her spouse Joe DiGenova) joining the team in March 2018, after John Dowd quit. Parnas and Fruman made their first pitch to Trump to fire Yovanovitch on April 30, 2018. In May and June, Parnas and Fruman heavily lobbied Pete Sessions to help get Yovanovitch fired. Then in August 2018, Fraud Guarantee hired Rudy. That puts the likely start dates of Rudy’s warrants sometime between March 20 and April 17, 2018 (for the iCloud warrant), and between mid-June and July or August 2018 (for the device warrant).

Depending on how narrowly the investigation is scoped on Yovanovitch, there are three likely end dates for the iCloud warrant: sometime between April 25 and May 6, 2019, when the effort to fire Yovanovitch succeeded, on October 10, when Parnas and Fruman are arrested, or on November 4, or whatever “present” day Apple complied with the warrant (the gag was issued days later so there may have been a delay in obtaining that approval).

I think one of the later dates is far more likely. That’s because Rudy continued to chase the same effort in Ukraine after Yovanovitch was fired. Plus, the most likely explanation for how SDNY was able to get warrants and a non-disclosure order for the November 2019 warrants against Rudy and Toensing is that they had proof, obtained on October 21, 2019, that Parnas had unsuccessfully attempted to delete information from his own iCloud account. And Rudy, who knows the date ranges of the warrant, claims that it obtained information, “containing material relating to the impending impeachment,” which, if true, would entirely rule out a May 6 end date.

Parnas believes the first warrant extended beyond his October 10 arrest. But it’s not entirely clear whether he knows the date range of the warrants. The government response explained they gave him material from him they had been withholding under a non-disclosure order relating to the investigation in which Rudy is a subject (that is, the Lutsenko campaign) on January 28. But in response to Parnas’ request for materials “immediately following” his arrest, the government got coy about whether they exist in the November 2019 returns (the only ones they have reviewed yet).

For similar reasons, the request for communications by Giuliani and Toensing “immediately following the defendants’ arrests” and “subsequent to” Parnas’s provision of information to the House Intelligence Committee are not subject to disclosure. (Def. Letter at 3.) Not only do these communications have nothing to do with the Government’s case-in-chief, but even if Parnas was entitled to discovery relating to his selective prosecution claim—and he plainly is not—these communications would not even be relevant to such a defense because, to the extent they exist, they post-date the defendants’ arrest.

Besides, there’s a more logical reason to expect that the November 2019 warrants ended on the day of Parnas’ arrest, October 10: because that’s consistent with SDNY’s investigation being limited to its original scope and the entirety of the investigation into Andrii Derkach being at EDNY, as NYT reported is the case.

On December 3, 2019, Rudy met in Budapest with Lutsenko. On December 4, he flew to Kyiv to meet with Derkach, the meeting that begins the relationship that EDNY has ownership of.

A 56-day extension on an end date in response to a November 4 warrant would be December 31, a logical end date for a warrant, but one that would encompass the aftermath of the Derkach meeting scoped to EDNY. Whereas a 56-day extension to an October 10 end date would take you to December 5: through the Derkach meeting associated with the Lutsenko one, but not any further.

That would also be inclusive of communications relating to the pending impeachment (which Rudy says would have been included in the iCloud return), but would be more protective of Rudy’s conversations with Trump as impeachment drew nearer.

Share this entry

Lev Parnas Failed to Delete His iCloud Content Just before DOJ Got a Secret Warrant for Rudy Giuliani’s iCloud Content

/9 Comments/in , , , /by

The government has known that Lev Parnas attempted to delete some or all of his iCloud content since shortly after October 21, 2019 — 2 weeks before it obtained covert warrants for Rudy Giuliani and Victoria Toensing’s iCloud accounts.

On January 17, 2020 (note the date on the letter has the wrong year) — the same day Jeffrey Rosen issued a memo prohibiting any DOJ personnel from expanding the scope of any investigation involving Ukraine without his and Richard Donoghue’s approval — Parnas asked to modify his protective order so he could share materials seized from his iCloud on that October date with the House Intelligence Committee for their impeachment investigation.

In a memo objecting to that request, the government noted that Parnas was perfectly free to download his own iCloud and share it with HPSCI — and asserted he had already done so.

Additionally, to the extent Parnas seeks to produce his own texts, emails, photographs or other materials, he should have access to the content stored on his iCloud account through other means: he can simply download his own iCloud account and produce it to HPSCI (and in fact, it appears he has already done so)

Parnas needed to ask the government, however, because he had deleted some of the material after the government had already obtained a preservation order for his account, meaning the government had the content but Parnas no longer did.

The materials at issue include records that, as far as the Government knows, were never in Parnas’s possession. For instance, the data produced by Apple includes deleted records (which may only exist because of the Government’s preservation requests), account usage records, and other information to which a subscriber would not necessarily have access.

The government asked for Parnas to identify the previously deleted chats he wanted to share with Congress so his co-defendants could raise privilege concerns.

To the extent that Parnas has deleted materials from his iCloud account, the Government is willing to work with counsel to ensure that Parnas can produce his own materials that are responsive to the Congressional request to HPSCI. To that end, the Government respectfully submits that Parnas’s counsel should identify for the Government any specific chats, emails, photographs, or other content Parnas is unable to access from his iCloud currently, but which exist within the discovery that has been produced to him and in his view are responsive to the Congressional subpoena. Requiring Parnas to specifically identify these materials would also permit his co-defendants to raise any concerns with respect to their privilege or privacy interests prior to the materials’ release.

“Tell us which of these texts you attempted to delete you think are the most incriminating to Rudy,” they effectively invited Parnas to explain back in early 2020, as the filter team would have just started wading through Rudy’s already seized iCloud content.

Parnas’ failed attempt to delete sensitive content that would be pertinent to the impeachment inquiry puts Rudy’s wails of outrage that the government successfully persuaded Judge Paul Oetken that if they didn’t obtain this content covertly, it might get deleted in a very different light.

In addition, in the original warrant for the iCloud account, there is a nondisclosure order based upon an allegation made to the issuing Court, that if Giuliani were informed of the existence of the warrant, he might destroy evidence or intimidate witnesses. Such an allegation, on its face, strains credulity. It is not only false, but extremely damaging to Giuliani’s reputation.

Indeed, DOJ may well have been seeking information that Parnas had successfully deleted elsewhere. Parnas seems to think that’s what happened. In his request to get access to the stuff seized from Rudy’s phone, he states that the newly disclosed materials “likely” include communications involving him “that may have been deleted.”

The seized evidence will also likely contain a number and variety of communications between Giuliani and Toensing and Parnas that are directly discoverable under Fed. R. Crim. P. 16, evidence of any conversations between Giuliani, Toensing, and others, including Parnas, that may have been deleted, communications between Giuliani, Toensing and others about the defendants and how to address their prior relationships, the arrests, and the unfolding investigation, communications between Giuliani and Toensing and others with potential Government witnesses, including communications about the defendants, the offenses charged, and the witnesses’ potential disclosures and characterizations of alleged fraud-loss computations.

Meanwhile, the government made an interesting observation in their original request for a Special Master.

Based on the Government’s investigation to date, given the overlap in date range and because certain materials, including certain emails and text messages, were backed up to the iCloud accounts that were searched pursuant to these prior warrants, the Government expects that some, but not all, of the materials present on the electronic devices seized pursuant to the Warrants could be duplicative of the materials seized and reviewed pursuant to the prior warrants.

After admitting the government expects significant overlap between what they got in 2019 and what they got in April because “certain materials” were backed up to the cloud, the government notes that “not all” of what they expect to be on the devices will be duplicative. Some of the new material will pertain to a slightly different date range on the searches. But another cause would be if Rudy and Toensing deleted stuff that could be obtained from their phone.

The investigative team has gotten deep enough in the iCloud material seized in 2019 to identify files that they know existed but were deleted from the iCloud backup, which might be recoverable from a device.

Rudy, in a “doth protest too much” theme in his letter insists he didn’t delete anything but if he did he wasn’t under subpoena anyway.

Despite these two warnings that the SDNY was seeking permission to apply for a search warrant for his electronic devices and because he had no guilty conscience, Giuliani took no steps to destroy evidence or wipe the electronic devices clean. Since Giuliani was not under subpoena, he had no legal obligation to preserve that evidence, but he did so because he is an innocent man who did nothing wrong.

[snip]

Again, all of this took place without Mayor Giuliani or his counsel having any idea that a year and a half prior, the Giuliani iCloud was the subject of a warrant. Giuliani and his counsel were both aware, because of the prominent leaks to the media, of the failed attempts in November of 2020 and again in January of 2021, to gain the required Justice Department permission to search a lawyer’s office and residence. If Giuliani was inclined, there was ample notice and time to destroy evidence.

Aside from mentioning the basis for the covert warrants, Toensing didn’t address whether any data got destroyed.

Whatever exigent circumstances the Government asserted to instead justify covert and overt search warrants in this instance were satisfied when the information was secured and preserved. The information should now be returned to Ms. Toensing and her counsel for a privilege and responsiveness review under the supervision of a Special Master. Moreover, the Government should disclose what seized information it has already reviewed and whether and what information it has provided to the case team.

She just wants everything back so she can restart the process, along with some kind of indication of what the government has already seen.

Rudy, similarly, wants to know what the government knows.

Lastly, Giuliani is entitled to the production of Apple’s entire search warrant return production, as well as the material previously deemed non-privileged and responsive and relevant to the 2019 Search Warrant by the “filter” team.

But Judge Paul Oetken, who found cause for the non-disclosure order back in 2019, was thoroughly unimpressed with all these claims about whether things might have been deleted. As he noted, the search is done.

Moreover, the review of the 2019 warrant returns is now largely complete. And any pre-indictment suppression motion would be premature at this juncture.

Rudy and Toensing can complain if they get charged.

Share this entry

In [Legal] Defense of the Nazi

/6 Comments/in , /by

The biggest known investigative fuck-up in the January 6 investigation thus far was when the FBI raided the home of Marilyn and Paul Hueper believing that Marilyn was a woman that the FBI suspects, based off surveillance video, may have been part of stealing Nancy Pelosi’s laptop. The Hueper’s claims about their actions on January 6 don’t seem to be entirely forthright, but Marilyn has made a solid case that the FBI mistook her for the woman in question.

I think the FBI did have probable cause for that search, but I also think the FBI did not use available tools — most notably the Google and GeoFence warrants they’ve used in many other cases — that should have been able to exclude Marilyn as the suspect.

I think it likely that DOJ has made an error, of another sort, with Nazi sympathizer Timothy Hale-Cusanelli, detaining him for four months based off a mistaken belief he played a more important role in January 6 violence than he did.

Hale-Cusanelli was arrested on January 15, three days after a co-worker of his, who was already an NCIS informant, alerted the FBI that Hale-Cusanelli took part in the riots and had, in the past, espoused fairly extreme white supremacist views. On January 14, the informant recorded Hale-Cusanelli describing giving hand signals to the mob and taking a flag that Hale-Cusanelli described as a “murder weapon” to destroy.

Hale-Cusanelli’s arrest warrant, which charged him with the misdemeanor trespassing charges everyone gets charged with along with a civil disorder charge, included no video from the day of the attack. When the government indicted him, they added obstruction charges and abetting.

When the FBI arrested Hale-Cusanelli, he admitted in an interview that he gave hand and voice signals — which could be no more than waving people forward — to encourage others to “advance” past cops. But the government’s primary basis to keep him jailed, when they first succeeded in doing so back in January, seems to have been that, once you cut him off from the military network he worked in as a Navy contractor, he was bound to turn to war.

Releasing Defendant from custody will only reinforce his belief that his cause is just. Given his impending debarment from Naval Weapons Station Earle, and his potential Administrative Separation from the U.S. Army Reserve, Defendant’s release will likely leave him with nowhere to go and nothing to do except pursue his fantasy of participating in a civil war. If nothing else, the events of January 6, 2021, have exposed the size and determination of right-wing fringe groups in the United States, and their willingness to place themselves and others in danger to further their political ideology. Releasing Defendant to rejoin their fold and plan their next attack poses a potentially catastrophic risk of danger to the community.

When they made a more substantive (and successful) argument he should remain detained, they focused on two things: his choice of a third party guardian was also an extremist who had helped him try to game reporting from the Navy on his extremism, and his extremism itself, including that he groomed to look like Hitler.

They also argued that Hale-Cusanelli poses a threat to the informant who IDed him.

Hale-Cusanelli is appealing his detention. But both he and his attorney, Jonathan Zucker, are getting fed up. Last week, Zucker submitted a motion asking to be replaced, but also claiming that he has received nothing in discovery about what Hale-Cusanelli did at the Capitol.

The parties were last before the court on May 12, 2021. At that time the defense expressed concern to the court regarding the paucity of discovery in this case. To date the prosecution has disclosed the defendant’s custodial interview, a surreptitiously recorded conversation between the defendant and a cooperating witness who was wearing a recording device provided by law enforcement, two portions of text messages between the defendant and two other civilians. The prosecution has provided nothing else, particularly no evidence regarding what defendant did on January 6 either outside or inside the Capitol. Nor any other evidence regarding the defendant’s activity in relation to the charged offenses. 1

1 Defendant advises that other defendants have disclosed to him that other defendants indicated they received discovery of recordings from inside the Capitol where defendant has been seen peacefully walking in the hallways.

Yesterday, the government responded. AUSA Kathryn Fifield claimed that most of what Zucker had said was not accurate.

The bulk of Defendant’s representations to the Court regarding discovery—both in terms of what they have received and government’s response to their requests—are not accurate. To date, the government has provided the most substantial portions of the government’s evidence. That includes the CHS recordings in which Defendant makes substantial admissions regarding his criminal conduct on January 6, Defendant’s custodial interview in which Defendant makes substantial admissions regarding his criminal conduct on January 6, and a partial extraction of Defendant’s cellular phone. The partial extraction includes the extraction report and the native files, including chats, videos, and photos. Defense counsel has confirmed with the undersigned that they have access to these materials on USAfx. Further, the government separately provided Capitol CCTV video capturing Defendant inside the Capitol building on January 6 and reports of interviews conducted by NCIS. Defense counsel confirmed receipt of these materials with prior government counsel. Thus, Defendant is already in possession of the evidence most relevant to detention proceedings and to Defendant’s conduct on January 6, and has been in receipt of these materials since before the last status hearing on May 12, 2021.

She described how, because of the technical issues that occur every time the government shares large volume electronic files with defense attorneys, Zucker still doesn’t have the full content of Hale-Cusanelli’s phone.

But the accompanying discovery summary in fact seems to confirm what Zucker has said: he has received no or next to no surveillance video of his client in the Capitol, and what he has gotten appears to pertain primarily to a different person he represents (Zucker also represents Jerod Wade Hughes and Thomas Webster, and did represent Dominic Pezzola for a period).

Video recording of custodial interview of Defendant Hale-Cusanelli produced via USAfx on February 22, 2021.

Bulk report of interviews conducted by NCIS produced via email on March 7, 2021.

Report of interview conducted by NCIS of Sergeant John Getz produced via email on March 8, 2021.

Partial extraction of Apple iPhone – includes Cellebrite Extraction Report (PDF 1209 pages) and native files most relevant to Defendant’s detention proceedings and conduct on January 6, 2021. Produced via USAfx on March 11, 2021.

Capitol Surveillance CCTV produced via USAfx in connection with another defendant represented by defense counsel on March 31, 2021. Upon information and belief, you confirmed receipt of this video with prior government counsel. Reproduced in the USAfx folder for this case on May 25, 2021. The Government has designated these files Highly Sensitive under the Protective Order issued in this case.

CHS video and audio recordings produced via USAfx on May 7, 2021. The Government has designated these files Sensitive under the Protective Order issued in this case. Cellebrite Extraction Report (PDF 63073 pgs): iPhone 6s (A1633), MSISDN 7328105132, ISMI 310120163205040. Produced via USAfx on May 7, 2021.

Full extraction of Defendant’s Apple iPhone produced on encrypted zip drive on or about April 28, 2021, on Blu Ray discs on or about April 28, 2021, and on defense counsel’s hard drive on or about May 25, 2021.

One of the main images in an earlier detention memo from inside the Capitol is indexed to Pezzola, so that may be the discovery in question.

This guy has absolutely loathsome views. But they are views protected by the First Amendment — and also views shared by a goodly percentage of the other January 6 defendants, many of them out on personal recognizance. The others who, like Hale-Cusanelli, were of particular concern to the government because they held clearance on January 6 also engaged in physical assault — and Freddie Klein was released even after that. As I noted, the government spent two months confirming details of active duty Marine, Major Christopher Warnagiris’ far more important conduct from the day before arresting him, and then let him out on personal recognizance.

While the government has provided evidence that he did intend to obstruct the vote count, nothing in his conduct from the day substantiates the civil disorder challenge. Yesterday, Fifield asked for two more months to find that evidence.

This seems like a mistake that the government is simply doubling down on. But if you haven’t found more compelling evidence after four months, what are the chances you will?

Share this entry

The Manafort Unsealing and Konstantin Kilimnik

/3 Comments/in , , /by

Earlier this week, the court unsealed the filings in Paul Manafort’s case pertaining to his breach determination. I’ve put most of the filings below.

Much of what has been unsealed is not new. Because Manafort’s attorneys failed to actually redact their first response, the five topics about which the government claimed he lied were clear from early on, which made sussing out the rest possible. As one example, here’s a post from close to the end of the process that laid out a lot of what we knew and did not know.

That said, in part because of some big gaps in the Manafort docket, and in part because of the government’s increasing outspokenness about Konstantin Kilimnik, I want to lay out what has been released in significant fashion and what hasn’t.

When the WaPo first asked for this material, the government said no because of “ongoing investigations” and the privacy of uncharged people. When the parties came up with proposed redactions in July 2020, per a subsequently filed ABJ order, the redactions served to hide grand jury information and uncharged individuals; that is, the ongoing investigations were done. Then the WaPo pointed out several things that might be grand jury information, but should be released anyway, including people who have since been charged, including Greg Craig and Roger Stone by name, and grand jury information made public by Mueller.

Petitioner recognizes that grand jury proceedings are confidential under Rule 6(e) but asserts that “at least some” of the grand jury material in this matter should be unsealed because it has become public. Supp. Mem. at 12–13 (noting particularly the inadvertent disclosure of allegations that the defendant transferred presidential campaign polling data to Konstantin Kilimnik in the summer of 2016); see also Reply at 11 (noting certain information was made public in the March 2019 report of Special Counsel Robert Mueller). Petitioner also asserts that some of the individuals whose names and information were sealed in the court documents because they were not charged with any crimes had since been indicted. See Reply at 1 & n.2 (noting the indictments of Roger Stone and Gregory Craig).

Upon consideration of the parties’ arguments, the joint submission of the government and defendant Manafort, the applicable law, and the privacy interests of individuals who have not been charged, the Court finds that some of the information sought by petitioner may be unsealed but that some must remain sealed to protect grand jury materials and the identities or identifying information of uncharged individuals.

That’s what should be unsealed: people who have not been charged or stuff that’s not grand jury information.

As you can see below, virtually the only area where significantly new information was provided pertained to Manafort’s relationship with Kilimnik, starting with the August 2, 2016 meeting and extending for two years. That makes the delay in release (which admittedly could be COVID related) of particular interest: in that time, FBI released a wanted poster for Kilimnik with a $250,000 reward, and then Treasury stated as fact, just weeks before this release, that Kilimnik had, indeed, shared polling data and campaign strategy with Russian intelligence officers. In addition, as shown below, there are big unexplained gaps in the numbering of the docket, suggesting sealed filings (I had thought it related to the forfeiture, and it still might, but most of that was moved to a different docket).

FBI Agent Jeffrey Weiland’s declaration (here’s the original), laying out the five matters about which Manafort lied, is the best way to track what kinds of things have been unsealed or not. Here are the five topics about which Manafort lied, with a summary of what got newly unsealed in each:

Payment to Wilmer Hale: Manafort engaged in some kind of dodgy accounting to get money to pay his lawyers, who represented Manafort until August 2017. The investigation into this allegation was unsealed (along with other investigations that had been dropped) by September 2020. About the only thing that is newly released in all this is that Wilmer Hale was the firm in question, which would seem to be either an uncharged corporate entity or grand jury information that got publicly released.

Manafort’s efforts to protect Konstantin Kilimnik in the witness tampering conspiracy: In 2018, Kilimnik and Manafort were charged for conspiring to hide aspects of their Hapsburg project by trying to coach witnesses. The names of those former Hapsburg project associates, Alan Friedman and Eckart Sager, were redacted in the original and remain redacted.

Interactions with Kilimnik: In addition to trying to downplay Kilimnik’s role in the witness tampering conspiracy, Manafort was not forthcoming about the August 2, 2016 meeting with Kilimnik (though by the end of the breach agreement, Manafort had proven that prosecutors had misunderstood what happened with a printout of polling data that day), and he blatantly lied about their ongoing meetings about a Ukraine “peace” deal. This is where the most new material was released.

Some of this was already released in the Mueller Report. But there are passages that include information beyond the Mueller Report, both in Rick Gates filings (which also were released to BuzzFeed), or — for example — in this passage from a Manafort filing.

The OSC contends that Mr. Manafort lied about his meeting with Mr. Kilimnik and [redacted: probably Georgiy Oganov] January 2017. (Doc. 464 at 14-15, ¶33-35). In particular, the OSC alleges that in one interview Mr. Manafort stated [redacted] did not present a plan for peace at the meeting or ask Mr. Manafort for anything and, subsequently, Mr. Manafort said that he discussed a peace plan during the meeting. Contrary to the OSC’s allegations, these statements are not inconsistent. First, during the interview, Mr. Manafort noted that while [redacted] did not present a peace plan or ask for anything, they did discuss Ukraine, in general, and Eastern Ukraine and Crimea, in particular.

Kilimnik has been charged. But not — as far as is public — for this stuff.

Another DOJ investigation: Little new is unredacted in a passage that describes the investigation in another district that Manafort first told a damning story to, and then reneged on that story: but what is unredacted is actually key. First, a footnote that must modify the overview section links to Michael Cohen’s Criminal Information. Given the timing, the issue in question is probably the effort to buy off Karen McDougal. Another filing describes that the information implicated Senior Administration Officials, which would seem to rule out Don Jr or Cohen himself, so must implicate Trump himself and, likely, Kushner. (I’ll return to this, because other discussions of this implicate a Roger Stone email to Manafort.)

Manafort’s Contact with the Administration: This section also remains largely the same with one big exception: it describes that some lobbying he was helping people do targeted Department of Labor and pertained to ERISA. That contact has nothing to do with Igor Fruman (with whom Manafort does have ties) and Lev Parnas, who were beginning to sidle up to Trump in this period. ABJ ruled that the government hadn’t proven their case on this point, and the ERISA focus sure helps make that case.

Documents

Exhibit 1. Government’s Submission in Support of its Breach Determination: 461 (675)

Exhibit 2. Defendant Paul J. Manafort Jr.’s Response to the Special Counsel’s Submission in Support of its Breach Determination: 470 (676)

Exhibit 3. Weiland Declaration in Support of the Government’s Breach Determination and Sentencing: 477 (677)

Exhibit 4. Defendant Paul J. Manafort, Jr.’s Reply to the Special Counsel’s Declaration and Exhibits in Support of its Breach Determination: 481 (678)

Exhibit 5. Transcript of Sealed Hearing Hld before Judge Amy Berman Jackson on 2/4/2019

Exhibit 6. Defendant Paul J. Manafort, Jr.’s Post Hearing Memorandum: 502 (679)

Exhibit 7. Government’s Supplement to the Record in Response to Defendant Manafort’s Post Hearing Memorandum: 507 (680)

Exhibit 8. Transcript of Sealed Hearing Held Before Judge Amy Berman Jackson on 2/13/2019

Exhibit 9. Government’s Sentencing Memorandum: 528 (681)

Exhibit 10. Government’s Supplemental Memorandum with Respect to the Court’s February 13, 2019 Ruling: 533/537 (682)

Exhibit 11. Defendant Paul J. Manafort’s Reply and Motion to Reconsider Based on the Special Counsel’s Supplemental Memorandum With Respect to the Court’s February 13, 2019 Ruling: 538 (683)

Exhibit 12. Minute Order on March 1, 2019

The Manafort docket is here and the docket for the WaPo effort that liberated the files is here.

Timeline

March 7, 2019: WaPo moves to release the documents

March 13, 2019: Manafort sentencing

March 19, 2019: Michael Dreeben, still on the Mueller team, moves for a short extension until the release of the Mueller Report

March 25, 2019: Post-sentencing DC USAO replaces Mueller team with Deborah Curtis, Zia Faruqui, Jonathan Kravis

March 27, 2019: DC USAO, having inherited the case, moves for another short extension

April 15, 2019: Jonathan Kravis opposes an immediate unsealed, in part on account of “ongoing investigations,” and asks for an abeyance until October 15, 2019

December 6, 2020: ABJ orders Manafort and the government to see whether documents can be unsealed

January 5, 2020: Kravis asks for a 60-day deadline to review the documents

February 11, 2020: In response to Barr’s interference in Stone case, Kravis and all other Stone prosecutors quit

March 3, 2020: Molly Gaston takes over and submits a joint motion for a further 60 day delay

April 28, 2020: Citing COVID, parties submit joint motion for further 30 day delay

June 2, 202: Parties submit joint motion for further 30 day delay

June 23, 2020: FBI releases Wanted poster for Konstantin Kilimnik offering $250,000 for his arrest

July 20, 2020: Parties submit sealed redactions, asking to keep “information from grand jury proceedings protected by Federal Rule of Criminal Procedure 6(e) or [that is] is necessary to protect the privacy interests of certain individuals” sealed

August 19, 2020: FBI releases second package of Kilimnik wanted materials

October 13, 2020: DC USAO replaces Zia Faruqui after he becomes a magistrate judge, with Arvind Lal

April 15, 2021: Treasury states as fact that Kilimnik shared polling data and campaign strategy with Russian intelligence

May 21, 2021: ABJ orders release, protecting only grand jury information and identities that have not been charged

Share this entry