The Yahoos in Brazil Identified in Sergey Cherkasov’s Complaint

/1 Comment/in , , /by

There’s a detail in Greg Miller’s profile of Sergey Cherkasov, the Russian accused of posing under an assumed Brazilian identity and using a SAIS degree to get an internship at the ICC, that confirms something I’ve long assumed: the US has had a hand in the recent roll-up of Russian spies, mostly in Europe.

He was due to start a six-month internship there last year — just as the court began investigating Russian war crimes in Ukraine — only to be turned away by Dutch authorities acting on information relayed by the FBI, according to Western security officials.

[snip]

His arrest last April came at the outset of an ongoing roll-up of Russian intelligence networks across Europe, a crackdown launched after Russia’s invasion of Ukraine that officials say has inflicted greater damage on Kremlin spy agencies than any other effort since the end of the Cold War.

The FBI and CIA have played extensive behind-the-scenes roles in this wave of arrests and expulsions, according to Western officials.

As Miller describes, the Dutch realized that Russians stationed in the Hague were preparing to welcome a new agent, but by then, the US already had an incredibly detailed dossier on him.

On March 31, as he boarded a flight to Amsterdam, neither Cherkasov nor his GRU handlers seemed aware of the net closing in on him. By then, the Dutch intelligence service had picked up its own signals that the Russian Embassy in The Hague was making preparations for the arrival of an important new illegal, according to a Western security official.

Authorities in the Netherlands then received a dossier from the FBI with so much detail about Cherkasov’s identity and GRU affiliation that they concluded the bureau and the CIA had been secretly monitoring Cherkasov for months if not years, according to a Western official familiar with the matter.

Until DOJ charged him last week, this had been largely a European story, with Dutch intelligence crowing about their success at foiling his plans and Bellingcat serially unpacking his public life (though CNN published this story at the time). Significantly, the Dutch published his legend and an explanation of how it might be used, with translations into Dutch and English from the original Portuguese.

As noted below, the US would later source its own possession of the legend to devices seized from Cherkasov on arrest in Brazil.

However, as Brazil gets closer to extraditing Cherkasov back to Russia on a trumped up narcotics trafficking charge, the US stepped in to make their own claim with the criminal charges: multiple counts of fraud, as well as acting as an unregistered foreign power. It’s not yet clear how Brazil will respond to the competing charges. Contrary to some reporting on the charges, DOJ has not yet indicted the case. The complaint has not yet been docketed.

Which is why I wanted to look at the sourcing for the complaint.

Many of the sources in the complaint come via way of Brazil, temporally after the Dutch deported him and the Brazilians arrested him, and so long past the time the US shared “a dossier” from the FBI reflecting months if not years of review. Brazil-sourced evidence includes:

  • A picture taken on Cherkasov’s 2011 immigration into Brazil
  • His Brazilian birth certificate
  • The details behind Brazil’s identity theft charges
  • Items collected — as if for the first time — from devices Cherkasov had with him when he arrived in Brazil, including:
    • The hard drive
    • Thumb drive 1
    • Thumb drive 2
    • Thumb drive 3, including:
      • March 2022 emails of unknown provider with details about a dead drop
      • Details about his dead drop site
      • March 2022 emails about paying for false Portuguese citizenship
      • March 2022 mails about establishing a meeting place
    • Samsung Galaxy Note phone
      • His mother’s Kaliningrad contact
      • 90 contacts with someone whose Telegram account and VKontakte account lead to a 2011 picture of Cherkasov in military uniform and a 2008 picture with friends
      • Contacts from one of those friends to a posted picture in military uniform (a picture also shown in the original Bellingcat profile)
  • Devices collected from the dead drop shared by Brazilian authorities
  • Correspondence between Brazil and Russia about Cherkasov
  • Audio messages between Cherkasov and his fiancée from immediately after his arrest in the Netherlands
  • Post-arrest communications between Cherkasov and his one-time fiancée, at least some of which were photographs of hand-written notes
  • Validation of Cherkasov’s ID in certain photos from FBI agents who met him in 2022 (though these meetings are not explicitly described to have taken place in Brazil)
  • A Bellingcat story debunking the Russian narcotics charges against Cherkasov

The focus on the phone, especially, cites evidence that would be fairly easily collected via other sources, but attributes that evidence to analysis the FBI did only downstream from the Brazilian arrest, and with the assent of Brazil. The complaint doesn’t explain whether these devices were encrypted or even what messaging applications were used, at least on the thumb drives including communications with his handlers. But there’s at least some reason to believe Brazil let FBI take the lead on exploiting those devices.

To be sure, there are items that the US could have collected in the US, whether before or after Cherkasov flew to the Hague, such as an Uber receipt timed to his travel to the dead drop in Brazil and IP addresses tied to US-based cloud providers like Yahoo and Google. Just once does the complaint reference using legal process — a 2017 video from a Moscow airport restaurant, obtained using legal process, reflecting Cherkasov saying goodbye to his mother — though it doesn’t describe what kind (it sounds like it could be iCloud content).

Still, the emphasis on material obtained with subpoenas and investigative steps done while Cherkasov has been in Brazilian custody — whether or not that was the first that FBI obtained such evidence — is one reason I’m interested in the outliers.

This is a document that could form basis to extradite Cherkasov to the US — it seems more than sufficient to make that case. But it’s also a document that might reflect on the kinds of investigations that have contributed to efforts to roll up spies outside of the US.

First, there are details about communications that Cherkasov had, while studying at Trinity College in Ireland and so not a US person at all — via known Section 702 participant, Yahoo!!! — with a tour agent who wrote recommendations for Cherkasov then later worked in Russia’s Consul General and, apparently, the General Consul himself.

CHERKASOV used the Yahoo 1 Account on multiple occasions to contact individual “C2” who was communicating with CHERKASOV from Brazil. C2 communicated with CHERKASOV on numerous matters, including financial matters, between at least July 22, 2016, and December 27, 2019. According to a translation of C2’s curriculum vitae, C2 worked in Brazil at “The General Consulate of the Russian Federation,” for “General Consul [M.G.]”

[snip]

35. Other emails show C2 took direction from another person, M.G., about financial payments that C2 sent to CHERKASOV. In correspondence between C2 and M.G., C2 refers to M.G. as “Mikhail” and the email address is identified in C2’s contacts as “MikhailRussia.” For example, on or about November 30, 2016, C2 forwarded M.G. correspondence from CHERKASOV that indicated another payment to CHERKASOV was imminent. M.G. responded by sending an email to C2 instructing C2 to make a payment to CHERKASOV: “Friend; thank you very much. Let’s do another one on the 14th of December.” According to further correspondence, CHERKASOV was able to receive the original transaction intended via MoneyGram. However, after corresponding to CHERKASOV that C2 would attempt to make transactions via Western Union the following day, financial records indicate C2 attempted to make two separate transactions via Western Union shortly after on December 16 and 18, 2016, for $842.65 and $867.55, respectively, but the funds were never transferred to CHERKASOV. CHERKASOV corresponded on December 19, 2016, that Western Union would not work properly and moving forward, the transactions should be made via Moneygram. C2 corresponded back to CHERKASOV on December 20, 2016, that C2 had sent €750 again via Moneygram to CHERKASOV.

36. C2 also stated in other emails that C2 previously owned a travel agency in Brazil, and that the Russian Federation was one of C2’s best clients. C2 later moved to the Russian Consulate after C2 closed the travel agency.

37. On or about March 8, 2017, C2 wrote a letter of recommendation for CHERKASOV for a university located in Canada. In the letter, C2 indicated FERREIRA worked as a travel consultant for C2 from May 2014 until March 2017, and as a senior event manager in

It’s possible that something Cherkasov did while at SAIS triggered a larger investigation that worked its way back to two likely Russian spies in Brazil. It’s also possible that the investigation started from known subjects in Brazil and thereby discovered Cherkasov.

But one thing these two references do — aside from identify the travel agent later made part of the official Russian delegation, aside from making Cherkasov’s tie to Russian government officials necessary for the 18 USC 951 charge — is put both Brazil and Russia on notice that the US is aware of these two suspected intelligence officers who were or are in Brazil.

Both C2 and the Consult General would have been legal targets for the entirety of the period in question and (as noted) Cherkasov was while he was in both Ireland or Brazil.

Another of the relatively few pieces of evidence unmoored from the Brazil arrest pertains to collection Cherksov shared after taking a SAIS trip to Israel. The details around the reporting — the single use email directing Cherkasov to fly to the Philippines to meet — definitely give the story spy drama.

Just as interesting, however, are the descriptions of the identifiable US (and Israeli) subjects targeted by Cherksov’s collection.

45. On or about January 16, 2020, CHERKASOV, using his D.C.-based phone number, texted with M.S. at a Philippines-based number for M.S. the following:

CHERKASOV: Hey [M],7 I arrived…Where do you want to meet?

[M.S.]: Grab a taxi and ask to drive via skyway.

CHERKASOV: On my way. Will be there in approx. 15 min.

[M.S.]: Ok. Here

CHERKASOV: I can’t find it

[M.S.]: Names?

CHERKASOV: Yea, I’ll text you then when I’m in the airport.

CHERKASOV: Texting you the names.

CHERKASOV: Sent you a list there. Now whom we met.

CHERKASOV: All people from the Jerusalem Embassy, literally every single one, even LGBTQ advisor. [N.G.]8 – security expert, local. I think he is a spook. [?.L.]9 kingmaker’ – [Israeli political] party leader

CHERKASOV: The previous list didn’t sent [sic], I’ll retype it.

CHERKASOV: Can I send it to you email?

CHERKASOV: This SMS shit kills me

[M.S.]: Sure.

46. On or about January 17, 2020, CHERKASOV sent M.S. an email with a screen shot of names, mostly U.S. persons (“USP”), stating the following: Just a list of interesting people that I was talking to you about Experts side: [USP 1]10– DoS, middle Eastern direction advisor the president admin, former [University 1] student.

[USP 2]11– FDD, military security adviros [sic] to the Congress Committee on Intelligence, [USP 3]’s12 assistant. [“TT1”] 13 group: [USP 4]14– [USP 5]15 chair, came only for a day though, [USP 6]16– main guy to call shots, Israeli expert came with small team of his own. [University 1, University 2] student leader: [USP 7]17– Anapolis [sic] Naval Academy Cyber Sec instructor

While just one of the people involved in Cherkasov’s targeting — his SAIS professor, Eugene Finkel — has explicitly spoken out about being duped by Cherkasov, virtually all of these people (and a bunch more described later in the complaint) are likely to be able to identify themselves.

There are a few I suspect I recognize and, if I’m right, they’ve been apologists for Trump’s propaganda about Russia.

Notably, this messaging involved a US-based phone, one not obviously included among the devices seized from Cherkasov when he returned to Brazil. The FBI Agent who wrote the affidavit couldn’t have obtained the messaging in real time — he or she has only worked at the FBI since 2021, and the messaging dates to early 2020. But the affidavit does reference “surveillance that I have conducted.”

In general, the FBI is revealing almost nothing obtained via sensitive sources and methods — that’s one reason the reliance on evidence obtained via Brazil is of interest to me. Given how the US has allowed European countries to take credit for these stings, I find it interesting that the US almost creates the misimpression that it only discovered Cherkasov — that it accessed his legend that the Dutch had upon his arrest — when he arrived in Brazil.

But in just a few spots, the affidavit gives a glimpse of what else the US Intelligence Community might know.

The US has not really taken much credit for helping a bunch of European countries roll up Russian spies (though they’re likely reminding them of the role Section 702 plays in the process). But this document, seemingly released because they had reason to exert legal pressure with a country that is fairly close to Russia, likely serves multiple purposes. While it doesn’t give away a lot, it does hint at far more.

Tucker’s Putin Envy

/110 Comments/in , , /by

There was a part of the Global Threats Report presented to both the Senate and House Intelligence Committees last week that deserves more attention. In the middle of the section on Russia’s influence operations, the report predicted that Russia will “try to strengthen ties to U.S. persons in the media and politics in hopes of developing vectors for future influence operations.”

It is the judgment of the intelligence community, per the report, that Russia is trying to cultivate “US persons in the media and politics” as part of its foundation for future influence operations.

Russia presents one of the most serious foreign influence threats to the United States, because it uses its intelligence services, proxies, and wide-ranging influence tools to try to divide Western alliances and increase its sway around the world, while attempting to undermine U.S. global standing, sow discord inside the United States, and influence U.S. voters and decisionmaking. Moscow probably will build on these approaches to try to undermine the United States as opportunities arise. Russia and its influence actors are adept at capitalizing on current events in the United States to push Moscow-friendly positions to Western audiences. Russian officials, including Putin himself, and influence actors routinely inject themselves into contentious U.S. issues, even if that causes the Kremlin to take a public stand on U.S. domestic political matters.

  • Moscow views U.S. elections as opportunities for malign influence as part of its larger foreign policy strategy. Moscow has conducted influence operations against U.S. elections for decades, including as recently as the U.S. midterm elections in 2022. It will try to strengthen ties to U.S. persons in the media and politics in hopes of developing vectors for future influence operations.
  • Russia’s influence actors have adapted their efforts to increasingly hide their hand, laundering their preferred messaging through a vast ecosystem of Russian proxy websites, individuals, and organizations that appear to be independent news sources. Moscow seeds original stories or amplifies preexisting popular or divisive discourse using a network of state media, proxy, and social media influence actors and then intensifies that content to further penetrate the Western information environment. These activities can include disseminating false content and amplifying information perceived as beneficial to Russian influence efforts or conspiracy theories. [italicized bold original, underline my emphasis]

This is not new news. Obviously Russia has been cultivating both journalists and politicians in recent years, often by inviting them for big shindigs in Russia, after which, over the course of years, they come to spout more and more Russian propaganda uncritically.

It’s is noteworthy that the IC stuck this detail amid discussions about election interference and Ukraine mobilization, because Russia has had renewed success of late getting entertainers and politicians to magnify inflammatory and often false claims about Ukraine.

The judgement came out the same week that Tucker Carlson (whose Ukraine invasion anniversary special was breathtaking even by his standards of propaganda) provided more details of the time, in summer 2021, he was informed that the NSA had discovered his back channel contacts to Putin.

The story starts when Tucker squeals that he’s envious of the podcasters because they got to go to Russia, but he might be arrested if he went. Throughout the show, his interviewers operate on the assumption that Russia is the threat to Tucker, but he suggests State or FBI is.

Tucker: Now I’m envious.

[snip]

Full Send: But everyone told us not to go obviously, but. We knew we were with good people. So after that, it was all good, but.

Tucker: Oh, I want to go. I’ve never been there!

Full Send: You feel it though, it is real scary. There’s like military checkpoints.

Tucker: Oh yeah!

Full Send: It’s … it’s serious shit.

Full Send 2: Would you have gone with him or no?

Tucker: I can’t go to Russia. I honestly think I would be arrested.

Full Send: Yeah, they get you.

Tucker: Which is outrageous because, I’m a journalist, and I’ve been all over the world. I feel like I’ve been everywhere except Russia. And Russia is a combatant in a war that’s changing the world, and like I should go see it. And I was planning it and then I got stopped by the US government from doing it.

Full Send: Oh, you were gonna go? What were going to do?

Tucker: Interview Putin. Why wouldn’t I?

Full Send: You had it set up? Damn!

Tucker: I was working on it and then they broke into my text messages — the NSA broke into my Signal account, which I didn’t know they could do —

Full Send: Oh so Signal’s not even safe!

Tucker: Signal is not safe. It’s not safe. Signal’s not safe.

Full Send: I know people think WhatsApp’s safe.

Tucker: WhatsApp?!?! WhatsApp is not — you know what’s safe? And ask any mafia Don. Park your car in front of the liquor store. Leave your phone in the vehicle, in your Caprice Classic, and walk out behind the liquor store, in the vacant lot back there with the WINOs, to talk to the person you want to talk to.

Full Send 2: How many times have you done that?

Tucker: Zero. Cause I’m like lazy. I’m like whoa! And I’m — actually I always say to myself, I’m not hiding anything. I don’t have a secret life. I’m pretty upfront. And some people like it and some people don’t. Of course, but, I’m not hiding anything. But I was definitely hiding my plan to go interview Putin, just because it’s an interview. It’s no one’s business.

Full Send 2: So how did that happen? How do you know the NSA broke into your Signal?

Tucker: Because they admitted it.

Full Send: Really?

Tucker: Oh yeah!

Full Send: Can you tell us about it? Like how did you find out?

Tucker: I got a call from somebody in Washington who’s — who would know. Just trust me. So I went up there for another reason. But this person said, you know, you going to come to Washington anytime soon? This was a year and a half ago, and I was like, yeah, actually I’m going to be up in a week. He’s like, meet me Sunday morning. So weird. Like, who does that? Just text me, you know what I mean? Just text me. No. So I go and this person’s like — and this is someone who would know — Um, are you planning a trip to go see Putin? This was the summer before the war started. I was like, how would you know that? I haven’t told anybody that, I mean, anybody. Not my brother, not my wife, nobody. Just because, you know, it’s one of a million things you’re working on, but that was one of them. I want to go interview Putin. Why wouldn’t I want to go interview Putin?

Full Send 2: Of course.

Tucker: I want to interview Xi, I want to interview everybody. Right? That’s kind of my job.

Full Send: We want to get Kim Jong Un on here one day.

Tucker: Of course! Of course! We met him.

Full Send: You did? We gotta talk about that. Holy shit.

Tucker: Yup. Super interesting. But anyway, um, how would you know that? Because NSA pulled your texts with this other person you were texting. How did you know that? And so I immediately, I was intimidated, I’m embarrassed to admit, but I was, I was completely freaked out by it. I called a US Senator, who I know — not that well, but it seems like a trustworthy person, and I told him the story, I just want to tell you this, and then I went on TV on Monday and I’m like this happened. And so they had — Congress asked NSA and NSA’s like, yes we did this, but for good reason. What would be a good reason to read my — you know, what? But the head of NSA, it’s fine, cause everyone’s in on it, Republicans and Democrats are all in on it. And by it I mean the assumption that there’s no privacy whatsoever, that they have a right to know everything you’re saying and thinking,

Full Send: That shit’s scary.

Tucker: And that’s just not a right as far as I’m concerned. By the way, if you have no privacy you have no freedom. [my emphasis]

Parts of Tucker’s commentary provides more detail on the incident than previous reporting did, which I covered here and here. As Jonathan Swan reported, the IC collected communications showing a back channel effort to set up a meeting with Putin.

Tucker Carlson was talking to U.S.-based Kremlin intermediaries about setting up an interview with Vladimir Putin shortly before the Fox News host accused the National Security Agency of spying on him, sources familiar with the conversations tell Axios.

[snip]

The intrigue: Two sources familiar with Carlson’s communications said his two Kremlin intermediaries live in the United States, but the sources could not confirm whether both are American citizens or whether both were on U.S. soil at the time they communicated with Carlson.

  • This is relevant because if one of them was a foreign national and on foreign soil during the communications, the U.S. government wouldn’t necessarily have had to seek approval to monitor their communications.

On Maria Bartiromo’s show in 2021, Tucker pointed to what was undoubtedly reporting done in the wake of his initial story — quite likely Swan’s own story (indeed, Tucker could well be one of Swan’s two sources) — and claimed it was proof the NSA was leaking information about him.

In the Bartiromo appearance, Tucker spoke in terms of a single email arranging an imminent trip to Russia.

In last week’s podcast, in addition to reiterating that Tucker is not trying to hide anything but oh yeah he was trying to hide his back channel to Putin, even from his spouse, Tucker adds two details: After he learned about it, he reached out to a (male) Senator to look into it, and the communications obtained include Signal texts, not just a single email.

In the past, I had suggested that Tucker’s tipster might be a member of Congress — a Gang of Eight member like Devin Nunes or Kevin McCarthy — or someone close to them (like Kash Patel). The fact that Tucker called a Senator in response (then Chair of the Senate Intelligence Committee Marco Rubio would make sense given the details he provides), and not someone he was closer to like Nunes, makes it more likely his initial tipster had a tie to the House. The focus on the Senate response may suggest this came up again in the Global Threats hearing, during the closed session.

The detail that, per Tucker, in addition to the email he sent about arranging a then-imminent trip to Russia, they also got Signal texts is more interesting, but it doesn’t mean he was the target or that they broke into his phone.

It does suggest that there could have been two different tracks going on: the discussion, over email, about a trip to Russia, one his producer knew about, and another more sensitive discussion going on via Signal.

We do know, however, that Tucker hasn’t hidden past interview preparation. Indeed, his outreach to Viktor Orbán was quite overt and gleeful. So his explanations about why he would want to hide preparation for a Putin interview don’t hold up.

Remember: When Tucker sent his now former investigative producer to try to FOIA this information from NSA (via a FOIA that was guaranteed to fail), he asked for 30 months of data, going back to January 1, 2019. That’s more than a single email to set up a meeting with Putin.

Rather than taking this as a tip that the back channels via which he was (at least) trying to set up a meeting with Putin are considered — even by Republican Senators — legitimate intelligence targets, possibly Russian spies, Tucker has instead spun up conspiracy theories. And that has, in turn, led him to suggest he faces a bigger threat from the US State Department than he would from Russian military checkpoints.

Update: On Twitter, MD suggested that Rand Paul may have been the Senator Tucker approached, given that he wrote a letter to General Nakasone. It’s an interesting possibility, especially given Russia’s cultivation of Rand and his father as well as the suggestion that whatever Senator he approached was ultimately satisfied with the explanation.

The Michael Flynn Complaint For Damages Against The US

/104 Comments/in , , , /by

As commenter David F. Snyder noted yesterday, yes Michael Flynn has filed a complaint for $50,000,000 damages against the US Government for all the perceived wrongs and grievances that he, his unhinged lawyers like Sidney Powell, and rabid MAGA Republicans have been carping about forever. A thread on this started out in Marcy’s “JUDGE UNSEALS DETAILS ON COOPERATING WITNESS IN DOUGLASS MACKEY CASE”, but I am going to bring it here so as to not pollute that post and give people a place to discuss Flynn.

I took a look at the docket for the fledgling case. It is filed in the Middle District of Florida, where Flynn resides. That is the only discernible nexus to MDFL as pretty much all facts, actors and witnesses would be in or about the DC District. Here is the docket entry for the complaint, which was actually filed on March 3, 2023:

NEW CASE ASSIGNED to Judge Mary S. Scriven and Magistrate Judge Christopher P. Tuite. New case number: 8:23-cv-0485-MSS-CPT. (SJB)

The complaint itself is attached to this Rolling Stone article by a detestable SCRIBD (seriously, nobody should ever convey documents by SCRIBD). It is 50 pages long, and I am not wasting my PACER account on it.

Marcy, in the earlier thread, said:

Not only does it not have legs, but if it survives the summary judgment stage (which is unlikely) it may catastrophically backfire on him.

I think that is right, but the case may not ever get that far. It may not even make it to a summary judgment motion, as it may well not make it past a 12b6 motion, which would be the initial attack by the government.

Couple of notes, the complaint alleges compliance with the FTCA (Federal Tort Claims Act), but claims the government never responded. Scriven is a Bush Jr. appointee and Tuite a Trump appointee to the magistrate bench. Sid Powell is noticeably absent from noticed attorneys, but Shawn Flynn, son of Michael’s brother, Gen. Charles Flynn, is listed. That could be interesting if Charles is to be a fact/damages witness, which would kind of be expected.

Very hard to see this matter gaining any real traction given all the facts and rulings against Flynn in the underlying criminal case in front of (now senior status) Judge Emmet Sullivan of DC District.

DOJ Rethinks — but in a Few Areas, Expands — Access to Media Content

/6 Comments/in , , , /by

In a story on the new media guidelines DOJ rolled out yesterday, Charlie Savage reveals what representatives of the press think they got in the new guidelines, in addition to a formal codification of broader restrictions on the use of legal process to find real journalists’ sources:

Those conversations led to several adjustments about potentially critical issues, like how “news gathering” is defined. According to participants, the Justice Department originally intended to define it in a way that was limited to the passive receipt of government secrets. But the final version now covers the act of pursuing information.

The language in question appears to cover things like encrypted dropboxes, something that journalists liked to compare (inaptly) to the charge against Julian Assange of attempting to hack a password for Chelsea Manning. Thus far, multiple criminal prosecutions show that dropboxes have not thwarted DOJ from prosecuting those who submitted documents into them.

Journalism includes reporting on classified information

A more important change is that the guidelines explicitly include reporting on classified information in its definition of newsgathering.

Newsgathering includes the mere receipt, possession, or publication by a member of the news media of government information, including classified information, as well as establishing a means of receiving such information, including from an anonymous or confidential source.

Savage describes that “is also said to have removed espionage from a list of criminal activities that are excluded from protected news gathering.” I’m not sure that’s right: 18 USC 793 and 798 were (along with Child Sexual Abuse Materials) included in the exceptions to 42 USC 2000aa, which I think is unchanged by this regulation.

What has been removed from the prior version (in addition to the inclusion of classified information in the definition of newsgathering) is an exception permitting the use of legal process in investigations of classified leaks. This language has been removed.

In investigations or prosecutions of unauthorized disclosures of national defense information or of classified information, where the Director of National Intelligence, after consultation with the relevant Department or agency head(s), certifies to the Attorney General the significance of the harm raised by the unauthorized disclosure and that the information disclosed was properly classified and reaffirms the intelligence community’s continued support for the investigation or prosecution, the Attorney General may authorize members of the Department, in such investigations, to issue subpoenas to members of the news media.

In other words, it wasn’t that there was an exception for the Espionage Act. Rather, there was language permitting searches in leak investigations that might be (and frequently have been in recent years) charged under the Espionage Act. That exception has been removed, and reporting on classified information has been explicitly included in the definition of newsgathering.

As we’ll see below, the regulation still authorizes searches in cases of suspected agents of a foreign power.

Expanded protection and a prohibition with exceptions instead of permission for exceptions

As Savage notes, however, the topline change is both a restructuring in the ways that a journalist’s sources might be accessed and the types of legal process covered. Whereas previously, the language on accessing source information included a presumption of access with a bunch of limits on use, as laid out in the prior regulation

The Department views the use of certain law enforcement tools, including subpoenas, court orders issued pursuant to 18 U.S.C. 2703(d) or 3123, and search warrants to seek information from, or records of, non-consenting members of the news media as extraordinary measures, not standard investigatory practices. In particular, subpoenas or court orders issued pursuant to 18 U.S.C. 2703(d) or 3123 may be used, after authorization by the Attorney General, or by another senior official in accordance with the exceptions set forth in paragraph (c)(3) of this section, only to obtain information from, or records of, members of the news media when the information sought is essential to a successful investigation, prosecution, or litigation; after all reasonable alternative attempts have been made to obtain the information from alternative sources; and after negotiations with the affected member of the news media have been pursued and appropriate notice to the affected member of the news media has been provided, unless the Attorney General determines that, for compelling reasons, such negotiations or notice would pose a clear and substantial threat to the integrity of the investigation, risk grave harm to national security, or present an imminent risk of death or serious bodily harm. [my emphasis]

The new regulation outright prohibits compulsory legal process except in certain exceptions.

(c) Compulsory legal process for the purpose of obtaining information from or records of a member of the news media acting within the scope ofnewsgathering. Compulsory legal process for the purpose of obtaining information from or records of a member of the news media acting within the scope of newsgathering is prohibited except under the circumstances set forth in paragraphs (c)(l) through (3).

In other words, these regulations importantly flip the presumption from one that permits the access of journalist records in certain situations to one that prohibits it except according to an enumerated exception.

And this revised regulation has broader language prohibiting the use of legal process. It now includes interception orders (like that used against NBC journalists who were sourced by Henry Kyle Frese), MLAT orders (like the Mexican one that targeted Zach Whittaker in 2020), and orders served on obscure third party providers of enterprise email hosting (like orders used against the WaPo and NYT in recent years).

“Compulsory legal process” consists of subpoenas, search warrants, court orders issued pursuant to 18 U.S.C. 2703(d) and 3123, interception orders issued pursuant to 18 U.S.C. 2518, civil investigative demands, and mutual legal assistance treaty requests-regardless of whether issued to members of the news media directly, to their publishers or employers, or to others, including third-party service providers of any of the forgoing, for the purpose of obtaining information from or records of members of the news media, and regardless of whether the compulsory legal process seeks testimony, physical or electronic documents, telephone toll or other communications records, metadata, or digital content.

In other words, the revision closes loopholes used under the Trump Administration.

What journalism isn’t

More generally, DOJ has reconceptualized the regulation though the use of exceptions.

Some of these are exceptions that permit the compelled process of a journalist, the most interesting new one of which entails evidentiary authentication with DAAG authorization.

(1) To authenticate for evidentiary purposes information or records that have already been published, in which case the authorization of a Deputy Assistant Attorney General for the Criminal Division is required;

This may be a response to the need to get journalists to validate videos they took on January 6.

DOJ has slightly reworked an existing section that at least used to be tailored to the definition covered by FISA (and FISA surveillance of journalists is in no way excluded from these regulations). It still includes the same language excepting an agent of a foreign power or someone who aids or abets one.

A foreign power or agent of a foreign power, as those terms are defined in section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801);

In at least one of the reworked categories, the regulations represent an (entirely reasonable) expansion. The regulation includes this definition of terrorist activity — adding 18 USC 2339B, C, and D — which not only aren’t tied to State’s Foreign Terrorist Organization designations, but also includes (with C) funding for what could be domestic terrorism.

Committing or attempting to commit the crimes of providing material support or resources to terrorists or designated foreign terrorist organizations, providing or collecting funds to finance acts of terrorism, or receiving military-type training from a foreign terrorist organization, as those offenses are defined in 18 U.S.C. 2339A, 2339B, 2339C, and 2339D; or

Seamus Hughes pointed me to this case in which three white supremacists were prosecuted under 18 USC 2339A as an example of how this might apply to domestic terrorists. The new regulations add a review by the National Security Division head on these categories, but since John Demers approved the data collection on real journalists under the Trump Administration, that’s unlikely to be a very useful protection.

Another new exception — this time not associated with newsgathering — is for an investigation targeting a journalist’s non-journalist housemate or similar who is the subject of an investigation.

To obtain information or records of a non-member of the news media, when the nonmember is the subject or target of an investigation and the information or records are in a physical space, device, or account shared with a member of the news media;

But the biggest change is that, in addition to that tweaked list of national security exceptions, DOJ added a bunch of more common crimes that journalism doesn’t include:

(B) Except as provided in paragraph (b)(2)(ii)(A) of this section, newsgathering does not include criminal acts committed in the course of obtaining information or using information, such as: breaking and entering; theft; unlawfully accessing a computer or computer system; unlawful surveillance or wiretapping; bribery; extortion; fraud; insider trading; or aiding or abetting or conspiring to engage in such criminal activities, with the requisite criminal intent.

The distinctions are not entirely clearcut though. Of most concern, what distinguishes a journalist reporting on tech vulnerabilities and a hacker is that “requisite criminal intent,” and one often determines that by accessing content.

Incorporation of cases against recent not-journalism cases

Importantly, however, these crimes include a number of the cases that got journalists all hot and bothered but which, under the new rules, are very clearcut (Savage’s professed uncertainty about Project Veritas notwithstanding).

DOJ’s approach to Julian Assange didn’t begin change until he helped Edward Snowden flee to Russia and Assange wasn’t charged — initially, with attempting to help Chelsea Manning crack a password, itself included in one of the distinguishing crimes — until after he had aided and abetted Russia in a hack-and-leak campaign, one of the national security exceptions. The Espionage charges against Assange were filed after Russia attempted to exfiltrate Assange at the end of 2017. Any superseding indictment of Assange in the future would likely include an extortion claim and an aid-and-abet claim of Josh Schulte’s hacking of the CIA, for which Assange clearly expressed the criminal intent.

With regards to Project Veritas, the very first subpoena targeting their office manager (one obtained while Bill Barr was still Attorney General) listed 18 USC 873, blackmail — a kind of extortion — among the crimes under investigation, and their own defenses raised the possibility of extortion. Plus, Robert Kurlander’s statement of offense described trying to raise the price Project Veritas would pay for Ashley Biden’s diary because it was “literally a stolen diary.” So these new guidelines, applied retroactively, make the Project Veritas search an obvious exception.

The distinction between certain crimes and journalism would encompass three other, still undisclosed investigations into journalists last year described in DOJ’s report on legal process. The first was into insider trading:

In connection with an investigation of securities fraud and wire fraud relating to insider trading activities, a Deputy Assistant Attorney General authorized a U.S. Attorney’s Office to apply for a warrant to search the person, personal effects, and cellular telephones of a member of the news media who was the subject of the insider trading investigation. Investigators had established probable cause that the member of the news media had participated in the insider trading activities with three coconspirators and was in communication with the primary target of the investigation, a former U.S. Congressperson; and that the information seized pursuant to the search warrant would lead to further evidence. Investigators had pursued multiple avenues to obtain the evidence, without success, and had exhausted all investigative leads. The Department’s News Media Policy generally requires that the Attorney General must approve any application to search the communications records of a member of the news media, see 28 C.F.R. § 50.10(d)(1), but here, because the suspected criminal conduct was wholly outside the scope of the member of the news media’s newsgathering activities, a Deputy Assistant Attorney General for the Criminal Division authorized the search warrant applications pursuant to the “suspect exception” of the Privacy Protection Act (PPA), see 28 C.F.R. § 50.10(d)(4).

The second was into fraud and money laundering.

In connection with a fraud and money laundering investigation involving employees of a news media entity, a Deputy Assistant Attorney General authorized a U.S. Attorney’s Office to search stored electronic content of email accounts maintained by a member of the news media and its affiliate entity; and to issue a subpoena to a thirdparty service provider for information relating to accounts maintained by a member of the news media. The Department’s News Media Policy generally requires that the Attorney General must approve any application to search the communications records of a member of the news media, see 28 C.F.R. § 50.10(d)(1), but here, because the suspected criminal conduct was wholly outside the scope of the entities’ and employees’ newsgathering activities, a Deputy Assistant Attorney General for the Criminal Division authorized the search warrant applications pursuant to the “suspect exception” of the PPA, see 28 C.F.R. § 50.10(d)(4).

A third investigation last year into stalking that included the use of spyware and hacking.

In connection with an investigation of a member of the news media for stalking offenses, a Deputy Assistant Attorney General authorized a U.S. Attorney’s Office to apply for a warrant to search the email account of the member of the news media. Investigators had established probable cause that the member of the news media had engaged in harassment and stalking of multiple people, including through the installation and use of spyware and the hacking of social media accounts, as well as employing several means to damage the reputations of the parties the member of the news media was harassing and stalking. The U.S. Attorney’s Office established evidence that the information seized pursuant to the search warrant would lead to evidence regarding the member of the news media’s criminal conduct, which was wholly outside the scope of his newsgathering activities. The Department’s News Media Policy generally requires that the Attorney General must approve any application to search the communications records of a member of the news media, see 28 C.F.R. § 50.10(d)(1), but here, a Deputy Assistant Attorney General for the Criminal Division authorized the search warrant application pursuant to the “suspect exception” of the PPA, see 28 C.F.R. § 50.10(d)(4).

In other words, DOJ has used the lessons from the Trump DOJ’s hunt for journalistic sources, Julian Assange, Project Veritas, and three other undisclosed investigations (and who knows? Perhaps also to media outlets run by Neo-Nazis to help fundraise) to change how they conceive of journalism. All of those are reasonable exceptions from journalism.

There are a bunch of potential loopholes. If DOJ wants a journalist’s content, there are a great many ways they can still get it and because those exceptions would permit sustained secrecy about the searches might never be disclosed.

But these regulations, at a minimum, have established that reporting on classified information is part of journalism and have eliminated a lot of the loopholes to surveillance used to target journalists during the Trump Administration.

Yes, Trump Was Making Notes on Classified Documents

/116 Comments/in , , /by

When the Trump search warrant was initially unsealed, many commentators focused on the description of documents bearing Trump’s notes.

From May 16-18, 2022, FBI agents conducted a preliminary review of the FIFTEEN BOXES provided to NARA and identified documents with classification markings in fourteen of the FIFTEEN BOXES. A preliminary triage of the documents with classification markings revealed the following approximate numbers: 184 unique documents bearing classification markings, including 67 documents marked as CONFIDENTIAL, 92 documents marked as SECRET, and 25 documents marked as TOP SECRET. Further, the FBI agents observed markings reflecting the following compartments/dissemination controls: HCS, FISA, ORCON, NOFORN, and SI. Based on my training and experience, I know that documents classified at these levels typically contain NDI. Several of the documents also contained what appears to be FPOTUS ‘s handwritten notes. [my emphasis]

At the time, I thought that was an overreading of the passage. After all, that paragraph is a description of the contents of fifteen boxes, of which just 184 documents have classification markings. Given the context, I believed it was possible this described other documents in the boxes, hand-written documents that also might also contain classified information. Trump’s notes from calls with foreign leaders, for example, might include classified information or be otherwise particularly sensitive.

But one of the newly unsealed passages from the affidavit released yesterday describes Trump’s handwritten notes on the documents on June 3, as well. (As noted, this passage also revealed that at least one of the documents bore a FISA marking, as the first did.)

A preliminary review of the documents contained in the Redweld envelope produced pursuant to the grand jury subpoena revealed the following approximate numbers: 38 unique documents bearing classification markings, including 5 documents marked as CONFIDENTIAL, 16 documents marked as SECRET, and 17 documents marked as TOP SECRET. Further, the FBI agents observed markings reflecting the following caveats/compartments, among others: HCS, SI, and FISA. [redacted] Multiple documents also contained what appears to be FPOTUS’s handwritten notes. [my emphasis]

In this case, there cannot be any doubt: the notes are on documents bearing classification marks. That’s because the only things Evan Corcoran handed over on June 3 were documents bearing classified markings.

In fact, of all the sets of documents turned over or seized, that set includes the highest concentration of Top Secret documents. Almost half those documents turned over were marked Top Secret.

(This table includes the contents of the leatherbound box in the total of classified documents seized on August 8, but also breaks it out, which shows the leatherbound box stored the second highest concentration of Top Secret documents.)

So, yeah, at least some of these documents — multiple, not just several — reflect Trump writing on classified documents.

We don’t yet know what that means. Nor is it clear when he wrote those notes. In fact, FBI might be able to use those notes to prove that Trump has gone back and referred to (and written on) these documents since he left the White House, after such time as the current President decided that the former President no longer had a need to know America’s most sensitive secrets.

The confirmation that Trump took notes on documents bearing classification markings is important background to Trump’s attempt to claim that documents marked classified might be his own personal documents, as he made hints of doing in these passages of his response to the government’s motion for a stay.

Yet, the Government apparently contends that President Trump, who had full authority to declassify documents, “willfully” retained classified information in violation of the law. See 18 U.S.C. § 793(e); [ECF No. 69 at 9].7

7 Of course, classified or declassified, the documents remain either Presidential records or personal records under the PRA.

[snip]

To the extent President Trump may have categorized certain of the seized materials as personal during his presidency, any disagreement as to that categorization is to be resolved under the PRA and cannot possibly form the basis for any criminal prosecution. [my emphasis]

That is, in an attempt to forestall an Espionage Act prosecution (the only time Trump has named the statute), he seems to be entertaining a claim that he first declassified these documents and then, by dint of writing on them, made them his own personal property.

Such an argument raises the stakes on the timing of his notes. If he only wrote on these documents after he left the White House, they would have been declassified government (often, Agency) documents on January 20, 2021, not personal documents. But if he wrote on these as President, then his notations would have been made, “in the course of conducting activities which relate to or have an effect upon the carrying out of the constitutional, statutory, or other official or ceremonial duties of the President,” clearly making them Presidential Records under the Act. Either way, the documents belong in government custody.

The government scoffed at the possibility that Trump could have made classified documents personal records (it does not raise his notes on them).

Plaintiff’s suggestion that he “may have categorized certain of the seized materials as personal [records] during his presidency” pursuant to the PRA, D.E. 84 at 15, if true, would only supply another reason that he cannot assert executive privilege with regard to those records. If Plaintiff truly means to suggest that, while President, he chose to categorize records with markings such as “SECRET” and “TOP SECRET” as his personal records for purposes of the PRA, then he cannot assert that the very same records are protected by executive privilege—i.e., that they are “Presidential communications” made in furtherance of the “performance of his official duties.” Nixon v. GSA, 433 U.S. at 447, 456; see 44 U.S.C. § 2201(3) (defining “personal records” as records “of a purely private or nonpublic character which do not relate to or have an effect upon the carrying out of the constitutional, statutory, or other official or ceremonial duties of the President”). In any event, whether Plaintiff declared documents with classification markings to be his “personal” records for purposes of the PRA has no bearing on the government’s compelling need to review them, both for national security purposes and as part of its investigation into the potentially unlawful retention of national defense information.2

2 Plaintiff’s characterization of the discretion the PRA provides the President to categorize records as “Presidential” or “personal,” D.E. 84 at 14-15 (citing Judicial Watch v. National Archives and Records Administration, 845 F. Supp. 2d 288 (D.D.C. 2012)), is thus irrelevant here. In any event, the district court decision on which Plaintiff relies did not concern classified records and does not support his assertion that a court must accept a former President’s claim that records that indisputably qualify as Presidential records under the PRA are instead personal records. Instead, the court in Judicial Watch concluded that it could not compel the National Archives and Records Administration to revisit a President’s decision about such a categorization. 845 F. Supp. 2d at 300-301. More fundamentally, the district court’s analysis in Judicial Watch has no bearing on the application of criminal law regarding unauthorized retention of national defense information, unauthorized removal of government documents, or obstruction of justice. 18 U.S.C. §§ 793, 2071, 1519.

If Trump claims to have made these classified documents his own personal documents while President (by writing on them), it would more clearly amount to theft, because otherwise any notes he wrote would be part of his official business, as noted above. But that’s currently what Trump is offering up as his defense.

Because he is suggesting that classified documents were declassified and made personal, the notes make it more likely that Trump used America’s secrets for his own private gain either during or after he left the Presidency. In fact, that appears to be the argument he’s offering in his defense!

Update: Tried to clarify my logic in the final two paragraphs per observations from Ariel817.

Go to emptywheel resource page on Trump Espionage Investigation.

Did Kash Patel Already Confess to Illegally Disseminating Carter Page FISA Information?

/100 Comments/in , , , /by

I’m pretty proud of how closely my two posts (first, second) predicted what the likely and known contents of the Trump affidavit would be. I pretty accurately described the structure, the contents, and many of the known details of what we’ve seen of the application so far.

That’s especially true of the statutory section. I not only predicted that — “Particularly given the novel legal issues implicating a search of the former President” — there would be a substantial statutory background section, but that, “If there’s a version of this statutory language, it may be among the things DOJ would acquiesce to releasing.”

Which they did.

And, to a significant extent, I predicted what would be in that statutory section. Here is that section of my post, with the paragraphs of the Trump affidavit where that language appears in bold and linked.

Everything I expected to be in there, was in there. The details I didn’t anticipate, though, are pretty noteworthy.

That’s particularly true of the section describing special designations. These designations all stem from what the FBI found in the 15 boxes Trump returned in January.

From May 16-18, 2022, FBI agents conducted a preliminary review of the FIFTEEN BOXES provided to NARA and identified documents with classification markings in fourteen of the FIFTEEN BOXES. A preliminary triage of the documents with classification markings revealed the following approximate numbers: 184 unique documents bearing classification markings, including 67 documents marked as CONFIDENTIAL, 92 documents marked as SECRET, and 25 documents marked as TOP SECRET. Further, the FBI agents observed markings reflecting the following compartments/dissemination controls: HCS, FISA, ORCON, NOFORN, and SI. Based on my training and experience, I know that documents classified at these levels typically contain NDI. Several of the documents also contained what appears to be FPOTUS ‘s handwritten notes.

If the FBI found a document of a particular type in May, it included that designation in this statutory section.

The Atomic Energy Act was not included, which means (as some knowledgable people predicted in advance), if Trump had nuke documents, they’re not about our nukes, they’re about someone else’s. Trump’s affidavit also includes a description of HCS and SI, Human and Signals Intelligence, designations which have appropriately sobered the response of at least some Republicans, because they mean Trump could get someone killed.

The mention of ORCON — Originator Controlled material — would mostly matter if the FBI found that one of NSA documents that Mike Ellis was sharing with unauthorized people and places during the period Trump was packing up were among the things in the boxes. Those documents were both described as relating to (a or some), “controlled, compartmented NSA program,” in the Inspector General Report on Ellis and the designation ORCON would matter more if documents were retained after the Originator made a sustained effort to get them back, as NSA did in this case.

It’s the mention of FISA, though, that I should have anticipated, and which could present heightened legal problems for Trump — and Kash Patel, and others.

14. Foreign Intelligence Surveillance Act, or “FISA,” is a dissemination control designed to protect intelligence information derived from the collection of information authorized under the Foreign Intelligence Surveillance Act by the Foreign Intelligence Surveillance Court, or “FISC.”

That’s because both Kash and John Solomon have been attempting to create an alibi for information that may include the final Carter Page application. And, as that preliminary review determined, there was at least one FISA document in the boxes returned in January.

On top of any violations of the Espionage Act, if Trump took a copy of that with him after he was fired, it might constitute unlawful dissemination under FISA.

Between them, Kash and Solomon — whom Trump made his representatives to NARA on June 19 — have described that materials relating to the Russian investigation were among those NARA found in the returned boxes and that they might include a Carter Page FISA warrant (which I assume must mean the application).

There’s the May 5 column in which Kash claimed that everything that had been returned in the 15 boxes had been declassified.

“Trump declassified whole sets of materials in anticipation of leaving government that he thought the American public should have the right to read themselves,” Patel told Breitbart News in a phone interview.

“The White House counsel failed to generate the paperwork to change the classification markings, but that doesn’t mean the information wasn’t declassified,” Patel said. “I was there with President Trump when he said ‘We are declassifying this information.’”

In that column, Kash exhibited knowledge that the materials included documents from “Russiagate” [sic] and Impeachment 1.0.

“It’s information that Trump felt spoke to matters regarding everything from Russiagate to the Ukraine impeachment fiasco to major national security matters of great public importance — anything the president felt the American people had a right to know is in there and more.”

That’s the column cited in the Trump affidavit — though there’s at least one sentence of that paragraph that remains redacted.

I am aware of an article published in Breitbart on May 5, 2022, available at https://www.breitbart.com/politicsi2022i05/05/documents-mar-a-lago-marked-classified-wereah-eadv-declassifi.ed-kash-patel-savs/, which states that Kash Patel, who is described as a former top FPOTUS administration official, characterized as ”misleading” reports in other news organizations that NARA had found classified materials among records that FPOTUS provided to NARA from Mar-a-Lago. Patel alleged that such reports were misleading because FPOTUS had declassified the materials at issue. [redacted]

Kash has issued a statement complaining, even though he had no complaint when information about Michael Isikoff was unsealed in the Carter Page FISA application for a similar published statement.

More interesting still, on July 20, John Solomon (who did a podcast on January 14, 2021 bragging of detailed knowledge of what Russian investigation materials would be released in the coming days) described having newly obtained a January 20, 2021 Mark Meadows memo to DOJ instructing them to declassify documents from the Russian investigation.

Even though the Meadows memo cites from Trump’s own January 19, 2021 order stating that the declassification, “does not extend to materials that must be protected from disclosure pursuant to orders of the Foreign Intelligence Surveillance Court,” Solomon described that the declassified information did include both transcripts of “intercepts made by the FBI of Trump aides,” (which may have included the intercepts of Mike Flynn obtained by targeting Sergey Kislyak which, because the intercepts took place in the US, may have been conducted under FISA) and “a declassified copy of the final FISA warrant approved by an intelligence court.”

The declassified documents included transcripts of intercepts made by the FBI of Trump aides, a declassified copy of the final FISA warrant approved by an intelligence court, and the tasking orders and debriefings of the two main confidential human sources, Christopher Steele and Stefan Halper, the bureau used to investigate whether Trump had colluded with Russia to steal the 2016 election.

In the end, multiple investigations found there was no such collusion and that the FBI violated rules and misled the FISA court in an effort to keep the probe going.

The documents that Trump declassified never saw the light of day, even though they were lawfully declassified by Trump and the DOJ was instructed by the president though Meadows to expeditiously release them after redacting private information as necessary. [my emphasis]

Curiously, the PDF of the Mark Meadows memo Solomon linked (my link) — which includes a staple mark and other oddities for an original document preserved by NARA — shows a September 27, 2021 creation date, with a modification date just days after Trump designated Solomon as his representative at NARA. (h/t @z3dster for the observation)

Back to Solomon’s implication that the documents in question — documents that Kash had suggested were among those boxed and sent back to NARA — included the final Carter Page warrant.

If the former President’s stash included an unredacted copy of the final FISA application targeting Carter Page, it could mean additional trouble for him and anyone else involved.

Even a Kislyak intercept would, because it would impact Mike Flynn’s privacy.

Similarly, even if, after three years of effort led largely by Kash Patel, an Inspector General hadn’t deemed the Carter Page FISA applications problematic, Trump took the Carter Page warrant application home after he left office, it would be an egregious violation of FISA’s minimization procedures, which strictly limit how such material can be disseminated. A disgruntled former government’s employee’s desire to spread propaganda about his tenure is not among the approved dissemination purposes.

But Carter Page, almost uniquely of any American surveilled under FISA, has special protections against such things happening.

That’s because in the wake of the IG Report on Carter Page, and in the wake of Bill Barr’s DOJ withdrawing its claim of probable cause for the last two Page warrants, James Boasberg required the government to ensure that materials for which there might not have been probable cause were no longer disseminated. In issuing that order, Boasberg cited 50 USC 1809(a)(2), the part of FISA that makes it a crime, punishable by a five year sentence, to disseminate improperly collected material from a targeted person. As a result, in June 2020, Boasberg issued an order sequestering the material collected from the Carter Page FISA except for five designated purposes.

Indulging the former President’s tantrum is not one of those five purposes.

And Trump and Kash, especially, have reason to know about this sequester. That’s because in October 2020 — at a time when Kash was still babysitting John Ratcliffe at DNI — DOJ violated the sequester by sharing information on Page with the Jeffrey Jensen and John Durham inquiries. As far as we know, that violation of the sequester order didn’t result in surveillance records on Carter Page being stored in a poorly secured storage closet in a resort hotel, but it still involved a hearing before the FISC and a public scolding.

If there’s an unredacted copy of the Page application, it would mean sections like this and this would be unsealed. There’s even a description of the emails that Page sent to the campaign bragging about his access to top Russian officials that, because of how it came to be in the application, would be subject to Boasberg’s sequestration order. There might even be contacts that Page had with Steve Bannon, whose privacy would also be implicated. Disseminating any of that stuff in unredacted form is, by itself, a crime, one the FISC has warned Trump and Kash’s bosses about repeatedly.

In his January 2021 podcast, Solomon claimed that the material Trump wanted to release would prove he was spied on. To show that from materials relating to Carter Page would require sharing information specifically covered by the sequestration order. Shipping that from the White House to Mar-a-Lago would be a crime. Sharing it from there would definitely be a crime. And any authorization would have to involve the FISA Court. No President — not Trump and not Biden — can lawfully ignore that order.

Since at least May, both Kash and Solomon seem frantic to help Trump develop a cover story. And their frantic efforts seem to explicitly include materials pertaining to Carter Page.

And that’s why the confirmation that Trump had FISA materials in his stolen boxes could present additional headaches for the former President and his flunkies.

On CIPA and Sequestration: Durham’s Discovery Deadends

/18 Comments/in , , , /by

In this post, I laid out the range of highly classified or other potentially unavailable information that Igor Danchenko will be able to make a credible claim to need to defend himself against charges he knowingly lied to the FBI.

That list includes:

  • Details about a Section 702 directive targeting Danchenko’s friend, Olga Galkina
  • Extensive details about Sergei Millian’s Twitter account, including proof that Millian was always the person running it
  • Details of the counterintelligence investigation into Millian
  • Materials relating to Millian’s cultivation, in the same weeks as a contested phone call between Danchenko and Millian, of George Papadopoulos
  • Evidence about whether Oleg Deripaska was Christopher Steele’s client for a project targeting Paul Manafort before the DNC one
  • All known details of Deripaska’s role in injecting disinformation into the dossier, up through current day
  • Details of all communications between Deripaska and Millian
  • Details of the counterintelligence investigation into Carter Page
  • Both the FISA applications targeting Page and the underlying discussions about them
  • FISA-obtained collection that is helpful and material to Danchenko’s defense, including all substantive collection incriminating Page obtained before Danchenko’s January interviews, and all intelligence relating to the specific alleged lies in the indictment
  • Materials relating to FBI’s attempt to corroborate the dossier, including materials from Page’s FISA collection that either corroborated or undermined it

As I noted, I know of no prior case where a defendant has had notice of two separate FISA orders as well as a sensitive ongoing counterintelligence investigation and a credible claim to need that information to mount a defense. Durham has committed to potentially impossible discovery obligations, all to prosecute five (or maybe two) lies that aren’t even alleged to have willingly obstructed an investigation. For reasons I lay out below, Durham may not, legally, be able to do that.

To be quite clear: that Danchenko can make a credible claim to need this stuff doesn’t mean he’ll get it, much less be permitted to present it at trial. But, particularly given that the two FISA orders and the counterintelligence investigations have all been acknowledged, DOJ can’t simply pretend they don’t have the evidence. For perhaps the first time ever, DOJ doesn’t get to decide whether to rely on FISA information at trial, because the indictment was written to give the defense good cause to demand it.

Still, much of this stuff will be dealt with via the Classified Information Proecdures Act, CIPA. CIPA is a process that purports to give the government a way to try prosecutions involving classified information, balancing discovery obligations to a defendant with the government’s need to protect classified information. (Here’s another description of how it works.)

Effectively, Danchenko will come up with a list similar to the one above of classified information he believes exists that he needs to have to mount a defense. The government will likewise identify classified information that it believes Danchenko is entitled to under discovery rules. And then the judge — Anthony Trenga, in this case — decides what is material and helpful to Danchenko’s defense. Then the government has the ability to “substitute” language for anything too classified to publicly release, some of it before ever sharing with the defendant, the rest after a hearing including the defense attorneys about what an adequate substitution is.

Here’s a fragment of an exhibit from the Joshua Schulte case that shows the end product of the CIPA process: The CIA was able to replace the name of a vendor the CIA used (presumably as a cover) with the generic word, “vendor,” thereby preventing others from definitively attributing the cover with the CIA. It replaced the description of those who would use the hacking tool with “operators.” Elsewhere, the same exhibit replaced the name of one of Schulte’s colleagues. It redacted several other words entirely.

Here are some more exhibits — CIA Reports submitted at the Jeffrey Sterling trial — that show the outcome of the CIPA process.

On top of the fact that CIPA adds a way for the government to impose new roadblocks on discovery (and discovery only begins after a defendants’ attorneys are cleared), it can end up postponing the time when the defendant actually gets the evidence he will use at trial. So it generally sucks for defendants.

But the process is also onerous for the prosecutor. Basically, the prosecutor has to work with classification authorities from the agency or agencies that own particular classified information and cajole them to release enough information to get past the CIPA review. In my earlier post, I described that Patrick Fitzgerald had to do this with the Presidential Daily Briefs, and it took him several attempts before he had declassified enough information to satisfy Judge Reggie Walton that it provided Scooter Libby with the means to make his defense. If the agency involved in the CIPA process hasn’t totally bought off on the importance of the prosecution, they’re going to make the process harder. Often, the incentive for agencies to cooperate stems from the fact that the defendant is accused of leaking secrets that the agency in question wants to avenge.

Because the process is so onerous, DOJ works especially hard to get defendants to plead before the CIPA process, and often because the defendant is facing the kind of stiff sentence that comes with Espionage charges, CIPA makes it more likely they’ll plead short of trial.

Those two details already make Danchenko’s trial different from most CIPA cases. That’s true, first of all, because Danchenko never had any agency secrets, and prosecutors will be forced to persuade multiple agencies (at least the FBI and NSA, and possibly CIA and Treasury) to give a Russian national secrets even though his prosecution will set no example against leaking for the agencies. Indeed, the example Danchenko will be setting, instead, is that the FBI doesn’t honor its commitments to keep informant identities safe. Additionally, there’s little reason for Danchenko to plead guilty, as the punishment on five 18 USC 1001 charges would not be much different than one charge (remember, Kevin Clinesmith got probation for his 18 USC 1001 conviction), and Danchenko would still face deportation after he served any sentence, where he’s likely to face far greater retaliation than anything US prisons would pose. That will influence the CIPA process, too, as a successful prosecution would likely result in the Russian government coercing access to whatever secrets that intelligence agencies disclose to Danchenko during the prosecution.

CIPA always skews incentives, but this case skews incentives differently than other CIPA cases.

Add in that Judge Trenga, the judge in this case, has been pondering CIPA issues of late in the case of Bijan Kian, Mike Flynn’s former partner, who was prosecuted on Foreign Agent charges. Trenga was long unhappy with the way DOJ charged Kian’s case, and grew increasingly perturbed with DOJ’s attempts to salvage the case after Flynn reneged on his cooperation agreement. Trenga overturned the jury’s guilty verdict, but was subsequently reversed on that decision by the Fourth Circuit. Since then, Kian has been demanding two things: more access to classified materials underlying evidence he was given pursuant to the CIPA process right before trial showing previously undisclosed contacts between Flynn and Ekim Alptekin not involving Kian, and a new trial, partly based on late and inadequate disclosure of that CIPA information.

Following a series of ex parte hearings regarding classified evidence pursuant to the Confidential Information Procedures Act (“CIPA”), the government, on the eve of trial, handed Rafiekian a one-sentence summary, later introduced as Defendant’s Exhibit 66 (“DX66”), informing Rafiekian that the government was aware of classified evidence relating to interactions between Flynn and Alptekin that did not “refer[] to” Rafiekian. DX66.1 Following receipt of DX66, Rafiekian immediately sought access to the underlying information pursuant to CIPA because “[i]t goes right to the question of what happened and what he knew and what statements were made and who was making them,” and “[i]f Mr. Rafiekian is convicted without his counsel having access to this exculpatory evidence, we believe it will go right to the heart of his due process and confrontation rights.” Hr’g Tr. 31 (Jul. 12, 2019), ECF No. 309. The Court took the request under advisement, noting that it “underst[ood] the defense’s concern and w[ould] continue to consider whether additional disclosure of information” would be necessary as the case developed. Id. at 32. At trial, the government used DX66 in its rebuttal argument in closing to show that Rafiekian participated in the alleged conspiracy—“even though the information in that exhibit related solely to Flynn and explicitly excluded Rafiekian.” Rafiekian, 2019 WL 4647254, at *17.

1 DX66 provides in full: The United States is in possession of multiple, independent pieces of information relating to the Turkish government’s efforts to influence United States policy on Turkey and Fethullah Gulen, including information relating to communications, interactions, and a relationship between Ekim Alptekin and Michael Flynn, and Ekim Alptekin’s engagement of Michael Flynn because of Michael Flynn’s relationship with an ongoing presidential campaign, without any reference to the defendant or FIG.

With regards to the first request, Trenga has ruled that Kian can’t have the underlying classified information, because (under CIPA’s guidelines) the judge determined that, “the summary set forth in DX Exhibit 66 provides the Defendant with substantially the same ability to make his defense as would disclosure of the specific classified information.” But his decision on the second issue is still pending and Trenga seems quite open to Kian’s request for a new trial. So Danchenko and Durham begin this CIPA process years into Trenga’s consideration about how CIPA affects due process in the Kian case. I don’t otherwise expect Trenga to be all that sympathetic to Danchenko, but if Trenga grants Kian a new trial because of the way prosecutors gained an unfair advantage with the CIPA process (by delaying disclosure of a key fact), it will be a precedent for and hang over the CIPA process in the Danchenko case.

Then there are unique challenges Durham will face even finding everything he has to provide Danchenko under Brady. In the Michael Sussmann case, I’ve seen reason to believe Durham doesn’t understand the full scope of where he needs to look to find evidence relevant to that case. But given the centrality of investigative decisions in the Danchenko case — and so the Mueller investigation — to Durham’s materiality claims, Durham will need to make sure he finds everything pertaining to Millian, Papadopoulos, and Kiliminik and Deripaska arising out of the Mueller case. In the case of Steve Calk, that turned out to be more difficult than prosecutors initially imagined.

But all of these things — the multiple sensitive investigations relevant to Danchenko’s defense, normal CIPA difficulties, unique CIPA difficulties, and the challenges of understanding the full scope of the Mueller investigation — exist on top of another potential problem: DOJ doesn’t control access to some of the most important evidence in this case.

As I noted in my earlier post, there are multiple things FBI obtained by targeting Carter Page that Danchenko will be able to demand to defend himself against Durham’s materiality claims. For example, FBI obtained information under FISA that seems to undercut Page’s claims that he didn’t meet with Igor Diveykin, a claim Danchenko sourced to Olga Galkina, who is central to Durham’s materiality claims.

If this information really does show that Page was lying about his activities in Russia, it would provide proof that after the initial FISA order, FBI had independent reason to target Page.

Similarly, FBI believed that Page’s explanation for how he destroyed the phone he was using in Fall 2016 was an excuse made up after he knew he was being investigated; that belief seems to be based, in part, on information obtained under FISA.

The FBI’s suspicions about that broken phone seem to be related to their interest in collecting on an encrypted messaging app Page used, one of the two reasons why FBI sought reauthorization to target Page in June 2017. Danchenko will need this information to prove that the June 2017 reauthorization was driven entirely by a desire to get certain financial and encrypted communication evidence, and so could not have been affected by Danchenko’s May and June 2017 interviews.

Information obtained from targeting Page under FISA will similarly be central to Danchenko’s defense against Durham’s claims that his alleged lies prevented FBI from vetting the dossier. That’s because the spreadsheet that FBI used to vet the dossier repeatedly relied on FISA-collected information to confirm or rebut the dossier. Some of that pertains to whether Page met with Igor Diveykin, an allegation Danchenko sourced to Olga Galkina, making it central to his defense in this case.

Other FISA-collected material was used to vet the Sergei Millian claim, which Durham charged in four of five counts.

Some of this may not be exculpatory (though some of it clearly would be). But it is still central to the case against Danchenko.

The thing is, Durham may not be legally able to use this information in Danchenko’s prosecution, and even if he is, it will further complicate the CIPA process.

Back on January 7, 2020, James Boasberg — acting in his role as the then-presiding FISA Judge — ordered that the FBI adopt limits on the use of any information obtained via the four Carter Page FISA orders. Such orders are one of the only tools that the FISA Court has to prohibit the use of information that the Executive collects but later determines did not comply with FISA (the government only retracted the probable cause claims for the third and fourth FISA orders targeting Page, but agreed to sequester all of it). A subsequent government filing belatedly obtaining permission to use material obtained via those FISA orders in conjunction with Carter Page’s lawsuit laid out the terms of that sequester. It revealed that, according to a June 25, 2020 FISA order, the government can only legally use material obtained under those FISA orders for the following purposes:

  1. Certain identified ongoing third-party litigation pursuant to the Freedom of Information Act (FOIA)
  2. Ongoing and anticipated FOIA and civil litigation with Page
  3. FBI review of the conduct of its personnel involved in the Page investigation
  4. DOJ OIG monitoring of the implementation of one of the recommendations stemming from the OIG Report
  5. The review of the conduct of Government personnel in the Page and broader Crossfire Hurricane investigations [my emphasis]

On November 23, 2020, Boasberg issued a follow-up order in response to learning, on October 21, 2020, that DOJ had already shared sequestered FISA information with the US Attorney for Eastern Missouri (the Jeffrey Jensen review), the US Attorney for DC (possibly, though not certainly, the Durham case), and the Senate Judiciary Committee (FISC may have learned of the latter release when the vetting spreadsheet was publicly released days before DOJ informed FISC of that fact). Effectively, Bill Barr’s DOJ had confessed to the FISA Court that it had violated FISA by disseminating FISA-collected information later deemed to lack probable cause without first getting FISC approval. Boasberg ordered DOJ to “dispossess” the MOE USAO and DC USAO of the sequestered information and further ordered that those US Attorneys, “shall not access materials returned to the FBI … without the prior approval of the Court.”

There’s no evidence that Durham obtained approval to access this information (though DOJ applications to FISC often don’t get declassified, so it’s not clear it would show up in the docket). And when I asked DOJ whether Durham had obtained prior approval to access this sequestered information even for his own review, much less for use in a prosecution, I got no response. While accessing the sequestered material for review of the conduct of Government personnel is among those permitted by the original order (bolded above), using it to review the conduct of non-governmental sources like Danchenko was not, to say nothing of prosecuting such non-governmental sources. To get approval to use sequestered information in the Danchenko case, Durham would have to convince FISC to let Durham share such information with a foreign national whose prosecution would lead to his deportation to Russia. And if he shared the information without FISC approval, then Durham himself would be violating FISA.

To be sure, it would be the most unbelievable kind of malpractice to charge the Danchenko case without, first, ascertaining how Durham was going to get this sequestered information. I’d be shocked if Durham hadn’t gotten approval first. But then, I was shocked that when Durham charged Kevin Clinesmith, he didn’t know what crimes FBI investigated Page for. I am shocked that Durham used Sergei Millian’s Twitter feed to substantiate a factual claim that Millian didn’t speak with Danchenko. So who knows? Maybe Durham has not yet read this evidence, to say nothing of ensuring he can share it with a Russian national in discovery. It would shock me, but I’m growing used to being shocked by Durham’s recklessness.

In any case, depending on what the FISC has decided about disseminating — and making public — this sequestered information, it will, at the very least, create additional challenges for Durham. Durham couldn’t just assert that DOJ IG had determined that the this information was not incriminating to Page and therefore not helpful to Danchenko to avoid sharing the sequestered FISA information. Under CIPA, Judge Trenga would need to review the information himself and assess whether information obtained under Page’s FISA was material and helpful to Danchenko’s defense. If he decided that Danchenko was entitled to it in his defense, then Durham might have to fight not just with FBI and NSA to determine an adequate substitution for that information, but also FISC itself.

CIPA assumes that the Executive owns the classification decisions regarding any information to be presented at trial, and therefore the Executive gets to balance the value of the prosecution against the damage declassifying the information would do. Here, as with Fitzgerald, a Special Counsel will be making those decisions, setting up a potential conflict with all the agencies that may object. But here, FISC has far more interest in the FISA information than it would if (say) it were just approving the use of FISA-obtained material to prosecute the person targeted by that FISA.

Again, John Durham is going to have to declassify a whole bunch of sensitive information, including information sequestered to protect Carter Page, to give it to a foreign national who never had those secrets such that, if Durham succeeds at trial, it may lead inevitably to Russia obtaining that sensitive information. All that for five shoddily-charged false statements charges. This is the kind of challenge that a prosecutor exercising discretion would not take on.

But Durham doesn’t seem to care that he’s going to damage all the people he imagines are victims as well as national security by bringing this case to trial.

Danchenko posts

The Igor Danchenko Indictment: Structure

John Durham May Have Made Igor Danchenko “Aggrieved” Under FISA

“Yes and No:” John Durham Confuses Networking with Intelligence Collection

Daisy-Chain: The FBI Appears to Have Asked Danchenko Whether Dolan Was a Source for Steele, Not Danchenko

Source 6A: John Durham’s Twitter Charges

John Durham: Destroying the Purported Victims to Save Them

John Durham’s Cut-and-Paste Failures — and Other Indices of Unreliability

Aleksej Gubarev Drops Lawsuit after DOJ Confirms Steele Dossier Report Naming Gubarev’s Company Came from His Employee

In Story Purporting to “Reckon” with Steele’s Baseless Insinuations, CNN Spreads Durham’s Unsubstantiated Insinuations

On CIPA and Sequestration: Durham’s Discovery Deadends

The Disinformation that Got Told: Michael Cohen Was, in Fact, Hiding Secret Communications with the Kremlin

John Durham May Have Made Igor Danchenko “Aggrieved” Under FISA

/23 Comments/in , , , /by

Amidst a bunch of inaccurate quotations and insinuations, John Durham presented evidence in the Igor Danchenko indictment that Olga Galkina was (at least in part) seeking access when she claimed, in 2016, to be a fan of Hillary Clinton. And in the process, Durham may have created some significant discovery and FISA challenges for himself.

Olga Galkina, a friend of Igor Danchenko’s whom he said was the source for a key claim about Carter Page and all the discredited Michael Cohen claims, described herself this way in a declaration submitted in Alfa Bank’s lawsuit against Fusion GPS:

My name is Olga Aleksandrovna Galkina. I am a Russian citizen. I graduated with a law degree from Perm State University in 2002 and with a philology degree from Peoples’ Friendship University of Russia in 2004. In addition to Russian, I speak English and Bulgarian, and have basic knowledge of Georgian and Spanish.

My background is in journalism and public relations. I now work as a communications advisor. Previously, I held a number of positions in public relations and government, including head of the Governor’s Press Service in the Saratov Region (2005–2006); deputy head of the city administration in Saratov (2006–2007); and public relations advisor at Servers.com, a part of the XBT Holding group of companies that includes Webzilla (2015–2016).

[snip]

Igor Danchenko and I have been friends since our teen years in Perm, Russia. Through the years, Mr. Danchenko and I have communicated in person, over the phone, and through electronic messengers. I never gave my permission to Mr Danchenko to publish (or disclose to a third party) any part of our private discussions or private communications.

Mr. Danchenko and I met once in 2016. In connection with my job at Servers.com, I traveled to the United States in the spring of 2016 to participate in the Game Developers Conference event and investigate the prospects of running a public relations campaign for the company in the United States. I asked Mr. Danchenko to assist those efforts, and he introduced me to a third party, Charles Dolan, whom he thought could help. Mr. Danchenko and I did not discuss anything related to the Dossier or its contents during this meeting.

Note that this entire declaration is designed as a non-denial denial. The denial that she discussed the dossier in spring 2016, before the dossier project began, is in no way a denial that she discussed stuff — with Danchenko or Dolan — that ended up in the dossier, nor does she deny being the source of anything but the Alfa Bank allegations elsewhere in the declaration.

Durham describes Galkina this way.

At all times relevant to this Indictment, DANCHENKO maintained communications with a Russian national (“Russian Sub-Source-I”) based in a foreign country (“Country-1”) who, according to DANCHENKO, acted as one of DANCHENKO’s primary sources of information for allegations contained in the Company Reports. DANCHENKO and [Galkina] had initially met as children in Russia, and remained friends thereafter.

In or about early 2016, Russian Sub-Source-I began working at a business based in Country-1 (“Business-1”) that was owned by a Russian national and would later appear in the Company Reports. [Galkina] conducted public relations and communications work for Business-1

Business-1 would be XBT Holdings, which appeared in the last dossier report.

The Danchenko indictment barely mentions the long ties between him and Galkina, and doesn’t explain that she was the alleged source for the Cohen allegations (or even the claim that Danchenko named her as the source for a meeting Page had in Moscow, something utterly central to Durham’s project). Instead, it focuses on the fact that, after Danchenko himself met PR Executive Charles Dolan (through Fiona Hill) in February 2016, the next month, Danchenko introduced Dolan to Galkina for obvious business reasons, and then they all continued to communicate, both with Danchenko included and without him.

In or about March 2016, and prior to the June 2016 Planning Trip, DANCHENKO learned from Russian Sub-Source-I that Business-I was interested in retaining a U.S.-based public relations firm to assist with Business-1 ‘sentry into the U.S. market. DANCHENKO brokered a meeting between PR Executive-I and Russian Sub-Source-I to discuss a potential business relationship. Thereafter, PR Firm-I and Business-I entered a contractual relationship.

In or around the same time period, DANCHENKO, PR Executive-I, and Russian Sub-Source-I communicated about, among other things, the business relationship between Business-I and PR Firm-I. [my emphasis]

Thus far, this is garden variety networking, plopped into an indictment for reasons that do not directly relate to the crimes alleged.

The indictment then turns to laying out that, in conversations not including Danchenko, Dolan and Galkina spoke of their mutual enthusiasm for Hillary Clinton. Except the second paragraph Durham uses to substantiate “their [shared] support for Hillary Clinton” has nothing to do with Hillary Clinton, but in fact shows that Galkina was using Dolan’s ties to senior Russian officials for her own career advantage.

41. During the same time period, [Galkina] and [Dolan] communicated regularly via social media, telephone, and other means. In these communications and others, [Galkina] and [Dolan] discussed their political views and their support for Hillary Clinton.

[snip]

b. Additionally, on or about July 13, 2016, [Galkina] sent a message to a Russia-based associate and stated that [Dolan] had written a letter to Russian Press Secretary-I in support of [Galkina]’s candidacy for a position in the Russian Presidential Administration.

This is important, presumably, because it shows Dolan had better access to some figures in the dossier than Galkina did, but it has nothing to do with Hillary Clinton. It does, however, show that Galkina used her relationship with Dolan for access, even in Russia. And Durham is likely to argue that she used that access to obtain information that she then shared with Danchenko, which ended up in the dossier.

But it’s also important because, in the later communications quoted, Durham shows that Galkina was leveraging her relationship with Dolan — and bragging about it to an associate — in hopes of access under a Hillary presidency.

d. In or about August 2016, [Galkina] sent a message to a Russia-based associate describing [Dolan] as an “advisor” to Hillary Clinton. [Galkina] further commented regarding what might happen if Clinton were to win the election, stating in Russian, “[W]hen [[Dolan] and others] take me off to the State Department [to handle] issues of the former USSR, then we’ll see who is looking good and who is not.”

e. In or about September 2016, [Galkina] made a similar comment in a message to the same associate, stating in Russian that [Dolan] would “take me to the State Department if Hillary wins.”

f. On or about November 7, 2016 (the day before the 2016 U.S. Presidential election), Russian Sub-Source-I emailed [Dolan] in English and stated, in part: [] I am preparing you some information on former USSR/UIC countries, Igor [DANCHENKO] possibly told you about that. …. Tomorrow your country is having a great day, so, as a big Hillary fan, I wish her and all her supporters to have a Victory day. Hope, that someday her book will have one more autograph on it) Thank you for your help and support, Best regards, [First Name of Russian Sub-Source-I] [my emphasis]

All this Hillary support — shared with Dolan, but not (at least in this indictment) with Danchenko — does matter to Durham’s project. The allegations Danchenko attributed to Galkina were the most damning in the dossier, including the post-election (purportedly free) report that Michael Cohen had actually paid for Russian hackers. If she genuinely supported Hillary, it’s possible she knowingly fed Danchenko bullshit in hopes of helping Hillary’s chances.

But those Cohen allegations were also the earliest claims debunked in the dossier. By January 12, 2017 (so, importantly, weeks before Danchenko’s first FBI interview and before Galkina tasked Danchenko with a collection request in the wake of the dossier’s release), the FBI had obtained information marking the Cohen allegations as likely disinformation.

A January 12, 2017, report relayed information from [redacted] outlining an inaccuracy in a limited subset of Steele’s reporting about the activities of Michael Cohen. The [redacted] stated that it did not have high confidence in this subset of Steele’s reporting and assessed that the referenced subset was part of a Russian disinformation campaign to denigrate U.S. foreign relations. A second report from the same [redacted] five days later stated that a person named in the limited subset of Steele’s reporting had denied representations in the reporting and the [redacted] assessed that the person’s denials were truthful.

This report should have led the FBI to treat any allegation sourced to Galkina, including the damning Carter Page one, with caution. All the more so after Danchenko told them (as he did in his January interviews) that Galkina recognized Cohen’s name almost immediately when he asked her for information about Trump’s associates.

[Danchenko] began his explanation of the Prague and Michael Cohen-related reports by stating that Christopher Steele had given him 4-5 names to research for the election-related tasking. He could only remember three of the names: Carter Page, Paul Manafort and Michael Cohen. When he talked to [Galkina] in the fall of 2016 — he believes it was a phone call — he rattled off these names and, out of them, he was surprised to hear that [she] immediately [later [Danchenko] softened this to “almost immediately”] recognized Cohen’s name.

But her emails boasting that Dolan would get her access to State in a Hillary Administration are naked influence-peddling, whether for banal careerist reasons or for more malign purposes of access. They are what you’d expect from anyone with growing ties to a well-connected person, regardless of political leanings.

And we already knew — and the FBI knew — that Galkina had sent communications indicating strong support for Hillary (whether good faith or feigned for access purposes). That was revealed in a footnote to the DOJ IG Report declassified in response to Chuck Grassley and Ron Johnson demands in April 2020. That footnote strongly suggests that FBI learned it from obtaining Galkina’s communications under FISA Section 702 (the footnote only makes sense if they had 702 collection on Galkina and only Galkina), and they learned it by “early June 2017.”

FBI documents reflect that another of Steele’s sub-sources who reviewed the election reporting told the FBI in August 2017 that whatever information in the Steele reports that was attributable to him/her had been “exaggerated” and that he/she did not recognize anything as originating specifically from him/her. 347

347 The FBI [received information in early June 2017 which revealed that, among other things, there were [redacted]] personal and business ties between the sub-source and Steele’s Primary Sub-source; contacts between the sub-source and an individual in the Russian Presidential Administration in June/July 2016; [redacted] and the sub‐source voicing strong support for candidate Clinton in the 2016 U.S. elections. The Supervisory Intel Analyst told us that the FBI did not have Section 702 coverage on any other Steele sub‐source. [my emphasis]

Galkina is the one Danchenko sub-source that the FBI interviewed directly. The business ties between her and Danchenko reflect loans back and forth. The contacts reflected here with someone in the Presidential Administration in June/July may reflect Dolan’s recommendation of Galkina for a job. The second redaction here may even include a reference to Dolan.

There are a whole slew of implications from this detail, if it indeed reflects that FBI obtained Galkina’s communications using Section 702, which by description included the communications with Dolan about Hillary and would have included any US-cloud based communications she had Danchenko as well.

The first implication is that, in relying on communications involving Danchenko, Galkina, and Dolan (bold and underlined above), Durham may have made Danchenko an “aggrieved person” under FISA.

The term “aggrieved” under FISA is a technical legal one, and one that the US government makes great efforts to obscure. But anyone whose communications “were subject to electronic surveillance,” is aggrieved.

“Aggrieved person” means a person who is the target of an electronic surveillance or any other person whose communications or activities were subject to electronic surveillance.

And FISA mandates that the government provide FISA notice to someone if they intend to use evidence obtained or derived from electronic surveillance “in any trial, hearing, or other proceeding in or before any court.”

Whenever the Government intends to enter into evidence or otherwise use or disclose in any trial, hearing, or other proceeding in or before any court, department, officer, agency, regulatory body, or other authority of the United States, against an aggrieved person, any information obtained or derived from an electronic surveillance of that aggrieved person pursuant to the authority of this subchapter, the Government shall, prior to the trial, hearing, or other proceeding or at a reasonable time prior to an effort to so disclose or so use that information or submit it in evidence, notify the aggrieved person and the court or other authority in which the information is to be disclosed or used that the Government intends to so disclose or so use such information.

While the government treats information obtained from the cloud as a physical search, after the Snowden releases, DOJ started notifying some defendants of 702 surveillance and in 2018 (before Durham was appointed), Congress mandated that information obtained under FISA 702 be treated as electronic surveillance for FISA’s notice provision.

Information acquired from an acquisition conducted under section 1881b of this title shall be deemed to be information acquired from an electronic surveillance pursuant to subchapter I for purposes of section 1806 of this title.

In 2018, Congress has also imposed restrictions on the searches of 702 data for criminal prosecution, restrictions that the FBI famously blew off under Bill Barr.

Also in 2018, Congress demanded that the government keep better records of how US person names get unmasked in FISA surveillance.

To be very clear: this doesn’t help Danchenko all that much. The government’s precedents seem to say that notice provisions only trigger in an actual trial, so including reference to communications that would have first been obtained under 702 in an indictment probably wouldn’t normally trigger the notice requirement. If Durham restricted himself to using only those communications involving Galkina and Dolan but not Danchenko at trial, it would not render Danchenko “aggrieved,” because a person is only aggrieved if his own communications are used, not if communications of two associates he introduced are used to prosecute him.

Moreover, as anyone not named Carter Page would discover, FISA’s due process protections are basically useless. If DOJ determined that Danchenko was, indeed, aggrieved, he’d get notice and a judge would review how Galkina got targeted and almost immediately determine that Galkina was lawfully targeted under 702 (she was) and FBI was not primarily trying to get Danchenko’s communications with her (they weren’t), and that would be that.

Plus, DOJ has developed a number of ways to launder 702 information, such as getting the same information first obtained with a 702 directive with a warrant, and then claiming, implausibly, that the criminal process was not “derived from” the FISA process. Durham might even try to claim he didn’t discover this information via FISA, he obtained it via completely independent parallel means. In any case, DOJ has well-developed ways of parallel constructing information collected via sensitive means to hide its sourcing.

Still, Danchenko might have cause to question whether Durham complied with search requirements and whether the FBI properly documented any searches of Galkina’s communications used in a non-national security investigation, but even there, the original investigation implicating Galkina was undeniably a national security one, investigating whether Carter Page was a foreign agent, and so that original search would not require documentation (and preceded the rigorous application of that requirement in any case).

The point of all this is not that this helps Danchenko, at all, from a due process standpoint. But in the same way that Carter Page used his status as the first person to learn he was targeted under FISA without being prosecuted to cause a great deal of trouble, Danchenko might be able to use his status as someone whose prosecution appears to tie directly to 702 searches years ago to cause a great deal of trouble. Because DOJ has already declassified material that ties these communications to 702 collection, Danchenko may be able to demand transparency about FISA procedures that no one before him has ever been able to, and that may complicate prosecution of him.

And, at the very least, Danchenko will be able to demand discovery on the circumstances of this collection when otherwise, DOJ would be able to hide it under FISA disclosure protections. Normally, if DOJ did not rely on these communications, they would not have to inform Danchenko about them at all. But given that DOJ has already acknowledged them and seemingly identified them as Section 702 collection, DOJ will be forced to acknowledge that by early June 2017, they had these communications.

The fact that DOJ obtained information showing the ties between Dolan and Galkina in “early June” may go a long way (along with demonstrating Durham’s inaccurate citation) to disproving the alleged lie charged in Count One of this indictment. It certainly undermines Durham’s claims that the lie was material. It further will make it easy to suggest that this prosecution arises out of political animus (though that is always of limited use at trial).

In substantiating the case that Carter Page was wrongly aggrieved under FISA thanks to rumors passed along by Igor Danchenko, Durham appears to have similarly made Danchenko aggrieved himself. And that may help him defend himself in ways that would not otherwise be available.

Related documents

Danchenko posts

The Igor Danchenko Indictment: Structure

John Durham May Have Made Igor Danchenko “Aggrieved” Under FISA

“Yes and No:” John Durham Confuses Networking with Intelligence Collection

Daisy-Chain: The FBI Appears to Have Asked Danchenko Whether Dolan Was a Source for Steele, Not Danchenko

Source 6A: John Durham’s Twitter Charges

John Durham: Destroying the Purported Victims to Save Them

John Durham’s Cut-and-Paste Failures — and Other Indices of Unreliability

Aleksej Gubarev Drops Lawsuit after DOJ Confirms Steele Dossier Report Naming Gubarev’s Company Came from His Employee

In Story Purporting to “Reckon” with Steele’s Baseless Insinuations, CNN Spreads Durham’s Unsubstantiated Insinuations

On CIPA and Sequestration: Durham’s Discovery Deadends

The Disinformation that Got Told: Michael Cohen Was, in Fact, Hiding Secret Communications with the Kremlin

The Two New Material Errors Are the News from the IG Report on Woods File Errors

/7 Comments/in , , /by

Footnote 14 in a DOJ Inspector General Report summarizing the problems with the FBI’s compliance with the Woods requirement released last week claims to lay out why reviewing Woods file compliance is a good measure of FISA.

14 The OIG’s December 2019 FISA Report demonstrates the significant problems that can result from a lack of compliance with the Woods Procedures. For example, one of the Woods Procedures-based failures detailed in our December 2019 report concerned the failure to seek and document the handling agent’s approval of the source characterization statement for Christopher Steele in the FISA applications, which we found overstated Steele’s bona fides and gave the misimpression that Steele’s past reporting to the FBI had been deemed sufficiently reliable by prosecutors to use in court and that more of his information had been corroborated than was actually the case. As detailed in our December 2019 report, the handling agent told us that had he been shown the source characterization statement, as required by the Woods Procedures, he would not have approved it. Given the importance of a source characterization statement to the FISC’s determination of a source’s reliability, the failure to comply with the Woods Procedures was a significant error on the part of the FBI case agents involved and their supervisors. Moreover, this issue compounded other serious problems with the subsequent FISA renewal applications, such as the FBI’s continued reliance on Steele’s information despite the fact that the Primary Sub-source, during his FBI interviews, had contradicted Steele’s reporting on several critical issues.

The footnote badly overstates its claim.

In a post laying out how the Woods file errors in Carter Page’s applications weren’t the real indicators of a problem, I noted that Steele’s FBI handler, Mike Gaeta, had explained why he treated Steele’s reporting as reliable, even though Steele had never testified in any trials, the measure FBI normally uses to measure the reliability of a source.

[DOJ IG identified two claims unsupported by the Woods file stating] that Christopher Steele’s reporting had been corroborated, something the DOJ IG Report lays out at length was not true in the terms FBI normally measured. Except, even there, Steele handler Mike Gaeta’s sworn testimony actually said it had been. He described jumping when Steele told him he had information because he was a professional,

And at that time there were a number of instances when his information had borne out, had been corroborated by other sources.

He also provided a perfectly reasonable explanation for why Steele’s reporting was not corroborated in the way DOJ IG measured it in the report: because you could never put Steele on a stand, so his testimony would never be used to prosecute people.

From a criminal perspective and a criminal investigative kind of framework, you know, Christopher Steele and [redacted] were never individuals who were going to be on a witness stand.

In other words, while it appears that DOJ cleaned up many of the errors identified by DOJ IG by finding the documentation to back it over the course of months, the public record makes it clear that Crossfire Hurricane would have been able to clear up even more of the Page Woods file.

Per the IG Report, Gaeta would not have approved the source statement in the Carter Page application as written. But Gaeta is on the record explaining what measure he used to assess a source who would never be asked to testify but whose reporting had nevertheless “borne out.” And Gaeta, per his Congressional testimony, believed Steele’s reporting was worth immediate attention.

There was just one other Woods file error identified in the Carter Page IG Report that wasn’t proven elsewhere that can be publicly tested — a James Clapper claim that Russia had provided money (unproven) and disinformation (proven) to particular candidates. The majority of the problems in the Page report, however, weren’t related to a Woods violation, in large part because they were about critical information omitted from the applications, not included.

That is, the Woods file was pretty much useless for identifying the real errors in the Carter Page applications. That’s why I’m sympathetic with a comment that DOJ IG cited critically — DOJ IG judged that the comment “dismiss[ed …] the weaknesses we identified related to compliance with the Woods Procedures” — that the IG emphasis on Woods file compliance may distract from getting material facts correct.

While we all understand the extreme importance of presenting accurate facts to any court on material issues, there is a concern that we are allowing our efforts to be diverted from that very important goal and instead diverted to the creation of picture perfect Woods binders that literally support every granular fact in the application regardless of whether it is material to probable cause.

That’s why — as my previous post laid out at length — the DOJ IG audit is most useful for identifying problems in the claims FBI and DOJ made about the FISA process, as well as larger systematic problems identified. For example, DOJ IG scolded DOJ for releasing a statement boasting, in summer of 2020, of its accuracy, while downplaying the seriousness of the errors DOJ IG identified (something I noted in my earlier post).

On July 30, 2020, following the Department’s review of the remaining applications, the FBI issued a press statement that again referenced the FBI’s “dedicat[ion] to the continued, ongoing improvement of the FISA process to ensure all factual assertions contained in FISA applications are accurate and complete,” while highlighting that “DOJ and FBI discovered only two material errors [in the 29 FISA applications] but—most importantly—neither of these errors is assessed to have undermined or otherwise impacted the FISC’s probable cause determinations” (emphasis in original). The statement went on to state that “Within these thousands of facts, there were approximately 201 non-material errors found, across the 29 applications. These include minor typographical errors, such as misspelled words, and slight date inaccuracies.”28 However, the statement did not mention that the majority of the FISA application errors—124 of these 201—involved errors beyond minor typographical mistakes and date errors, including deviations from source documentation, misidentified sources of information, and unsupported facts.

The report provided examples of the kinds of errors that DOJ deemed fairly insignificant. My favorite — which DOJ considered non-material — is that a counterintelligence suspect had visited an entirely different continent than the country they were suspected of being an agent of, but FBI misreported that destination.

Example: The FISA application stated the target returned from a trip overseas from the specific country of counterintelligence threat concern, but the support in the Woods File stated that the target was returning from a country on a different continent.

In perhaps the most telling example, though, DOJ IG described how FBI blew off as “subjective” a FISA application assertion that DOJ IG identified as a “potential inaccuracy,” only to have NSD determine the inaccuracy was not only an error, but a material one requiring a report to FISC.

[T]here were 30 instances where FBI field personnel initially determined that the potential inaccuracy we identified was not an error, yet NSD OI ultimately determined it was an error, which was thereafter reported to the FISC. In one instance that was ultimately determined to be a material omission of fact by NSD OI, the FBI field office’s initial response dismissed our note and stated that the issue was “subjective” and “not material to probable cause.”

The IG Report identifies that, in addition to two publicly released letters to FISC (one, two) describing the errors DOJ identified based off DOJ IG’s preliminary review of 29 cases, there was a third, dated October 28, 2020, which DOJ NSD has not made public, revealing two additional material errors.

In three separate filings with the FISC on June 15, July 29, and October 28, 2020, the Department and FBI provided the results after their assessment of the CDC accuracy reviews of the 29 FISA applications that the OIG had reviewed and in which we had identified numerous potential errors. 12 In total, the Department notified the FISC about 209 instances of unsupported or inaccurate statements, as well as omissions of fact, that it had identified in 27 of the 29 FISA applications. The Department and FBI further informed the FISC that 2 of the 29 FISA applications reviewed did not contain any inaccurate statements.13 Of the total 209 errors reported to the FISC, 162 related to initial concerns identified in the OIG’s review. The additional errors reported were identified by the FBI in its subsequent CDC accuracy reviews in response to the FISC’s order.

[snip]

The Department and FBI determined that 4 of the 209 identified errors were material errors. FBI policy and the 2009 Accuracy Memorandum define material facts as “those facts that are relevant to the outcome of the probable cause determination” and states that NSD OI determines whether a misstatement or omission is capable of influencing the FISC’s probable cause determination. The Department further assessed that none of these 209 errors undermined or otherwise impacted the FISC’s probable cause determinations. The four reported material errors or omissions occurred in three different applications related to different targets. The material errors were:

  • Failing to include context to inform the reader of the application that certain remarks the target made about a particular organization were made, according to evidentiary support, to provoke a response from law enforcement personnel. Instead, the application simply stated that the target expressed support of the referenced organization.
  • Describing the target’s support for a specific group, where the evidence in the Woods File instead indicated the target supported a specific cause.
  • Describing that the target used a financial account as of a certain date. NSD OI stated that it was not evident from the supporting documentation how recently the government had confirmed the target’s use of the financial account, and certain evidence on the target’s use of the financial account was several years prior to the date included in the application.
  • Failing to include the required reliability statement for one of two CHSs referenced in the application.

It’s not just that FBI treated a comment made by someone trying to “provoke a response from law enforcement personnel” as sincere. It’s that having already reviewed all these errors and publicly boasted about how minimal they were (even while ignoring that none of the worst problems in the Carter Page applications were found using this methodology), DOJ somehow went back and discovered there were additional problems, one of which they had dismissed as “subjective.”

Don’t get me wrong. The headline findings — that FBI simply didn’t have Woods files for a number of applications — are concerning.

Out of the FBI’s stated universe of over 7,000 FISA applications for which Woods Files appeared to be required, we identified at least 179 instances (in addition to the 4 that the OIG previously identified) across 21 field offices where the respective field office reported the Woods File as missing or incomplete and requiring whole or partial reassembly.17

But they’re frankly not the real concern. The real concern is that the Woods file is not designed to fix the problems identified in the Carter Page applications (and this report doesn’t describe whether an effort to elicit information that might otherwise be omitted is working). And somewhere along the way, Billy Barr’s DOJ admitted to the FISC that their self-congratulatory press boasts turned out to be inaccurate without revealing that publicly.

Update, 11/14/21: I just realized that the Woods File violation pertaining to Clapper involved the FBI paraphrasing a Clapper interview otherwise quoted before and after the violative language.

CLAPPER: In the U.S., the United States. And of course there is a history there of — there is a tradition in Russia of interfering with the elections, their own and others’. So it shouldn’t come as a big shock to people. I think it’s more dramatic maybe because now they have the cyber tools that they can bring to bear in the same effort. This is still going on, but I will say that it’s probably not real, real clear whether there is influence in terms of outcome. What I worry about more, frankly, is just sowing seeds of doubt, where doubt is cast on the whole process. So what are we doing about it? Well, apart from what you talked about, certainly DHS, Secretary Jeh Johnson has been very active with state election officials, offering, you know, our services and best practices and that sort of thing to secure, where appropriate, particularly if there is any dependence on the Internet in the course of the conduct of an election in voter registration, databases or the actual conduct of the election. We have a strength here in that we don’t have a centralized electoral system. It’s very decentralized among the states and local officials, and that actually works our advantage to be really a real monumental undertaking to try to affect the election nationally. But again, I think probably the more likely — and I am just surmising here — the more likely objective to would be to try to just sow seeds of doubt about the efficacy and viability and the sanctity — if I could use that word — of the whole system. _________IGNATIUS: You mentioned that there had been past instances where Russia — in this case I assume the Soviet Union — had tried to interfere in our election process. I probably should know what those are but I don’t. What comes to mind in terms of the past history of this? _________CLAPPER: Well, where they have fed money to opposition candidates, or tried to feed disinformation. Again, the way it was done during the Cold War, which of course preceded what we now know as the cyber era. And of course the record is replete with cases of influencing elections in East Europe and that sort of thing by, by today’s standards, more primitive methods. They have a history of that

Tucker Carlson Burns FBI or NSA Intercepts Regarding His 30-Month Pursuit of Face-Time with Vladimir Putin

/27 Comments/in , , /by

Last week, I suggested that one possible explanation for Tucker Carlson’s claim to have been spied on by NSA is that he had a back channel with Russian operatives and was trying to get ahead of allegations that he was coordinating with Russian agents.

Particularly if the communications implicating Carlson were damning and potentially illegal, leaking them to him would be an easy way to flip the story, and accuse NSA of spying rather than Carlson of coordinating with Russian agents. Again, that’s all just a hypothetical that might explain Carlson’s claims.

Overnight, Jonathan Swan — who’s a political reporter, not a surveillance reporter — described that sources claimed authorities had obtained communications from Tucker Carlson’s efforts to get an interview with Vladimir Putin. Swan describes that Tucker had two intermediaries with Russia, but they live in the US. (I had hypothesized these might be Ukrainian sources, but Swan suggests they’re Russians.)

Two sources familiar with Carlson’s communications said his two Kremlin intermediaries live in the United States, but the sources could not confirm whether both are American citizens or whether both were on U.S. soil at the time they communicated with Carlson.

Swan doesn’t note that if the surveillance happened in the US, it would have formally been an FBI intercept, not an NSA one (just as the intercepts showing Mike Flynn’s secret back channel with Russia were collected by the FBI). But he does a good job of laying out the most likely ways this happened, which is that the NSA or FBI were surveilling the kind of people they’re supposed to surveil: Russian agents, whether overt or covert.

  • The first — and least likely — scenario is that the U.S. government submitted a request to the Foreign Intelligence Surveillance Court to monitor Carlson to protect national security.
  • A more plausible scenario is that one of the people Carlson was talking to as an intermediary to help him get the Putin interview was under surveillance as a foreign agent.
  • In that scenario, Carlson’s emails or text messages could have been incidentally collected as part of monitoring this person, but Carlson’s identity would have been masked in any intelligence reports.
  • In order to know that the texts and emails were Carlson’s, a U.S. government official would likely have to request his identity be unmasked, something that’s only permitted if the unmasking is necessary to understand the intelligence.

The import of the agency involved — FBI or NSA — is that “unmasking” works quite differently for the FBI, which has a duty to guard against spying in this country. FBI agents tracking a known Russian agent might review such communications to find out if a high profile US journalist was being recruited by a known Russia spy. And if this was the FBI, it might explain how it recently became known: because Merrick Garland’s DOJ is trying to disclose all the tracking of journalists that took place under the Trump Administration.

This entire faux scandal feels just like ones that Devin Nunes has twice sown, first when Republican members of Congress got picked up undermining US policy with Bibi Netanyahu, and then again when Trump’s Transition team set up a secret back channel meeting with UAE. Each time Nunes has done this, it was with the seeming intent of flipping the scandalous efforts of Republicans to undermine US policy.

That’s consistent with Tucker’s claim that his source is “in a position to know.”

The whistleblower, who’s in a position to know, repeated back to us information about a story we are working from that could have only come directly from my texts and emails. There’s no other possible source for that information, period. The NSA captured that information without our knowledge and did it for political reasons.

But it also means that, if true, then Tucker and his source — whom Tucker himself suggests had a need to know — just burned intercepts on legitimate surveillance targets from a hostile country.

Plus, there’s a far bigger problem with Tucker’s currently operative story. Jason Leopold liberated Tucker’s FOIA request to obtain what he claims would be proof of this spying. Whether intentionally or because of incompetence, the FOIA was written in such a way that it is guaranteed to fail to find anything, because it uses language that NSA would understand to mean communications targeting Tucker (and, specifically, communications obtained from physical possession of Tucker’s phone).

More interesting than the failure by design is the scope. Tucker believes these sensitive communications — ostensibly a recent effort to set up an interview with Vladimir Putin — extend from January 1, 2019 until June 28, 2021, the date he first revealed this.

That’s thirty months he has been working with Russian back channels, purportedly to set up a meeting with Putin.

That, by itself, may explain why the communications generated further attention (if indeed they did). Thirty months isn’t the pursuit of an interview, it’s a long term relationship. This would look like a recruitment effort, not journalism.

It also explains why, even though Tucker himself is the person who leaked these details (again, burning what by all accounts are legitimate intercept targets), he claims it was an effort to take him off the air. If the FBI believes that Tucker really was pursuing a long-term relationship with Russian agents, then even Fox News might rethink giving him a platform. But that wouldn’t be the content of the communications, per se, but the fact that they appear to have been going on for thirty months.

image_print