Mike Flynn’s Flip: You Don’t Need Your Cooperator to Testify If the Conspiracy Was All Conducted over Email

Perhaps the most remarkable language in the Bijan Kian indictment appears in both the conspiracy 18 USC 371 and the 18 USC 951 foreign agent counts. In both, the indictment alleges that Kian (referred to by his legal name Rafiekian here) and Kamil Ekim Alptekin both acted, themselves, and caused others to act as unregistered foreign agents.

To knowingly act and cause others to act in the United States as an agent of a foreign government without prior notification to the Attorney General, in violation of 18 U.S.C. § 951;

[snip]

From approximately July 2016 through approximately March 2017, in the Eastern District of Virginia and elsewhere, the defendants, BIJAN RAFIEKIAN, a/k/a “Bijan Kian” and KAMIL EK.IM ALPTEKIN, knowingly acted and caused others to act in the United States as an agent of a foreign government, that is, the Government of Turkey, without prior notification to the Attorney General, as required by law. [my emphasis]

While not explicitly stated, the reference to Mike Flynn throughout the indictment as Person A — the only unindicted co-conspirator so identified — makes it clear that the government believes that’s what Flynn was doing, acting as an agent of Turkey. And the timeline for the conspiracy goes up to March 2017.

One of Trump’s top foreign policy advisors and, for almost a month, his National Security Advisor, was an agent of Turkey.

That fact, and the indictment as a whole, raises further questions about why Flynn got off so easy: a false statements charge for which he’ll do no time, unlike the 15 years his business partner is facing (though he won’t get that). And that outcome has raised still other questions about how Flynn could be useful to prosecutors, having admitted he’s a liar, yet having escaped all consequences for his actions. How can Flynn testify, commentators wonder, given that he was not charged for his role in the conspiracy?

Aside from quipping “flip early and often,” I think the Kian indictment provides clues — clues that I’ve long suspected have parallels in the Mueller investigation.

The indictment focuses just on the op-ed purportedly authored by Flynn that appeared in The Hill on election day, though we know Flynn’s company did more than that for Turkey. By focusing on the op-ed, DOJ can trace what happened with language Kian used to describe Fethullah Gulen. It was used in early August, before the conspirators started hiding the role of Turkey in the project.

On or about August 4, 2016, RAFIEKIAN sent an email with the subject “Truth” to ALPTEKIN and Person A stressing the need to begin work on the Truth Campaign. Referring to Iran’s Ayatollah Khomeini, RAFIEKIAN said:

Let me give you a real life experience: 1978: A soft spoken cleric sitting under an apple tree in Neauphle-le-Chateau in France looked so harmless. Spoke of equality and spirituality, declared that if he were to gain power, he would go to a religious shrine and will not get into politics and governance. Sound familiar? Well, the world neglected to take the layers off the ink blot in 1978. One year later, from the place under the apple tree, The soft spoken spiritual man led the Islamic Revolution in Iran ….

The indictment then shows how the apple language appears in talking points for a key September meeting with Turkish officials.

On or about September 18, 2016, in preparation for the meeting with the Turkish officials, RAFIEKIAN sent ALPTEKIN a document entitled “Background and Talking Points,” which contained approximately twenty talking points for the meeting, all of which concerned the Turkish citizen, the Turkish citizen’s movement, or the Turkish citizen’s charter schools in the United States.

RAFIEKIAN’s “Background and Talking Points” contained the same “apple tree” comparison of Khomeini and the Turkish citizen that RAFIEKIAN had used in his email to ALPTEKIN (paragraph 13) when the project was still called the “Truth campaign” and in the “playbook” (paragraph 23) when RAFIEKIAN referred to the Turkish citizen as “X.”

And then the same language shows up in both a draft of the op-ed Kian wrote for Flynn to slap his name onto, and in the op-ed as it appeared in The Hill.

The apple language serves as the marker showing the continuity between the project originally explicitly backed by Turkey, at the time ironically named “Truth,” and the project after it got renamed “Confidence” as part of an effort to hide Turkey’s role by using Alptekin’s company as a cut-out.

And virtually every step of that process was conducted over email or other communication methods that the FBI could easily collect.

Flynn’s genius co-conspirators — at least in this particular foreign agent conspiracy — even sent emails that noted that they were hiding details in other written documents.

ALPTEK.IN further told RAFIEK.IAN, ”Needles [sic] to tell you but he asked me not to read in anyone else for the time being and keep this confidential.”

[snip]

RAFIEKIAN promised to send ALPTEKIN a contract, but noted that it “will not entail operational details for obvious reasons.”

DEAR FBI, they might as well have written, LOOK HERE FOR THE SEKRITZ.

At least as laid out, virtually all the evidence needed to convict the co-conspirators is written down. As noted, much of this was in emails (the word appears 33 times in the indictment). There were two conversations via Skype, a Section 702 provider, as well as one text sent via Skype. Flynn sent one text memorializing a meeting with Alptekin referencing one of the Turkish Ministers who were their real clients. There were multiple financial wires.

The only overt acts described in the indictment that could not have been captured by the FBI or collected after the fact were one meeting, some lobbying activities, and some weekly phone calls.

On or about the evening of September 19, 2016, Person A, RAFIEKIAN, ALPTEKIN, and other members of the project met in New York City with Turkish Minister #1 and Turkish Minister #2. The conversation centered on the Turkish citizen and the Turkish government’s efforts to convince the U.S. government to extradite the Turkish citizen to Turkey.

[snip]

In or about September and October 2016, RAFIEK.IAN and others involved in the project visited with and lobbied a member of Congress, a Congressional staffer, and a state government official in an attempt to depict the Turkish citizen as a threat who should be returned to Turkey and to persuade them to hold Congressional hearings concerning the Turkish citizen.

[snip]

On approximately a weekly basis during the project, RAFIEKIAN, Person A, and other Company A team members had telephone conference calls with ALPTEKIN to update ALPTEKIN on the progress of the project. [my emphasis]

All of those, however, also included other team members, members who didn’t lie to the government and aren’t being charged as co-conspirators.

That leaves one other key piece of evidence the government might have needed help to collect: communications with the lawyers who filed the false FARA filings.

From approximately January 2017 through approximately March 2017, outside attorneys for Company A gathered information to determine whether Company A or any of its employees had an obligation to register under FARA based upon Company A’s work on “Operation Confidence.” During this process, RAFIEK.IAN and ALPTEKIN knowingly provided false information to Company A’s attorneys in an effort to hide from the attorneys – and ultimately from the FARA Unit – the involvement of Turkish government officials in the project.

While Mueller was able to get a crime-fraud exception to get communications from the lawyer who did Paul Manafort’s false FARA filings, once Flynn flipped he could have voluntarily waived privilege to make those documents available to the government. Indeed, I wonder if that’s what’s hidden in a key redaction in Flynn’s cooperation addendum.

In other words, there is a non-liar witness (or document) for every overt act in this indictment. They don’t need Flynn to sit on the witness stand and describe the conspiracy, as laid out. They can just have his service providers provide authentication of all the communications and have his former colleagues testify, along with his lawyers, now freed of any privilege obligation.

Critically, for a national security investigation like this one (and, I assume, for the Russian one as well), I’m sure Flynn described at more length everything else that went on. But the government doesn’t need that information to prosecute these crimes (except insofar as his cooperation would have made it very easy to get warrants for the information Flynn didn’t hand over himself — and his own sentencing memo makes it clear he did hand over much of it). It needs that information for counterintelligence purposes.

And that’s why they were able to move towards sentencing without his testimony in court: because he may not need to give testimony in court. The government has secured other, more reliable witnesses for that testimony.

As I said, I’ve long suspected this was true of Flynn’s cooperation on the Mueller investigation, as well. When the government, in describing his cooperation, said his decision to flip “likely affected the decisions of related firsthand witnesses to be forthcoming with the SCO and cooperate” (which is followed by the last, entirely redacted, sentence in the memo), they are probably describing how by pleading guilty to lying himself, he led to their ability to get better, more reliable witnesses for much of the relevant testimony.

Update: Took out a reference to NSA; Alptekin may be a green card holder; if he is, he couldn’t be a legal 702 target.

DOJ Unveils Indictment against Mike Flynn’s Business Partner on Eve of His Sentencing

In its brief arguing that Mike Flynn’s lies were significant and willful on Friday, the government reminded that Flynn lied not just about discussing sanctions with Sergei Kislyak, but also about his FARA registration.

Moreover, as the defendant has admitted, weeks after the January 24 interview, he made materially false statements in filings he provided to another branch of the Department of Justice pursuant to the Foreign Agents Registration Act (“FARA”). See Statement of Offense at ¶ 5, United States v. Flynn, No. 17-cr-232 (D.D.C. Dec. 1, 2017) (Doc. 4). The defendant made those false statements while represented by counsel and after receiving an explicit warning that providing false information was a federal offense. See, e.g., FARA Registration No. 6406, Flynn Intel Group (March 7, 2017), available at https://efile.fara.gov/docs/6406-Registration-Statement-20170307-1.pdf. The defendant was equally responsible for telling the truth to both Department of Justice entities, and under both circumstances he chose to make false statements.

It just unveiled the indictment (which was actually filed on December 12) that probably came of his substantial cooperation in a separate criminal investigation, against his business partner Bijan Kian. Kian got charged — along with Kamil Emil Alptekin — not just with FARA violations but with 18 USC 951, serving as an agent of a foreign government.

I’ll comment more on the substance of the indictment in a follow-up post. But I’m as interested in the timing, for two reasons.

First, in a comment in the addendum describing Flynn’s cooperation, the government had said,

While this addendum seeks to provide a comprehensive description of the benefit the government has thus far obtained from the defendant’s substantial assistance, some of that benefit may not be fully realized at this time because the investigations in which he has provided assistance are ongoing.

I took that to be a comment about indictments. Some districts premise a 5K letter like Flynn received on providing enough testimony to indictment someone else. The government was just a week short of indicting Kian when they submitted that filing.

The unsealing of this indictment (Kian’s arraignment was actually scheduled on the 14th) comes even as Turkey is claiming that Trump told Erdogan at the G-20 that his Administration is working on extraditing Gulen, the topic on which Kian was secretly acting in Turkey’s interest.

In an interview at the Doha Forum on Sunday, Cavusoglu asserted that US President Donald Trump told Turkish President Recep Tayyip Erdogan at the G20 summit in Argentina this month that the US was “working on” the extradition of [Fethullah] Gulen.

The exiled cleric, 77, has been living in a gated compound in eastern Pennsylvania after leaving Turkey in 1999. Erdogan has held Gulen responsible for the deadly attempted coup against him in 2016 — a charge Gulen has denied.

However, there’s no sign from Washington that the US is moving towards extraditing Gulen. Last month, the State Department said the US had received multiple requests from the Turkish government and continued to evaluate materials presented.

Cavusoglu also claimed the FBI had evidence that Gulen’s organization, known as FETO, “had been violating US laws, including tax fraud, visa fraud and also some other illegal activities.”

The circumstances of Trump’s meeting with Erdogan got some attention, as the White House canceled a formal meeting with the Turkish president, but did have a less formal, 50 minute meeting.  This indictment will presumably make it harder for Trump to fulfill that promise, if indeed he made it.

In any case, by unsealing this indictment today, it will make it a lot harder for Flynn’s lawyers to argue in his sentencing hearing tomorrow that his lies weren’t serious. By flipping, Flynn avoided being charged as a Foreign Agent.

The Geography of Maria Butina’s Cooperation

The government had another embarrassing docket fail Friday, like the cut-and-paste release that disclosed charges filed in EDVA against Julian Assange.

Yesterday, a motion for permission to transport Maria Butina was briefly published to the docket, then withdrawn, but not before reporters who get automatic docket updates got copies. And the details in the filing suggest that Butina’s cooperation may be more limited than Mueller watchers would like.

The docket fail may stem from complaints that the judge in Butina’s case, Tanya Chutkan, made back on December 6, about how many details of Butina’s imminent plea deal attorneys were trying to keep sealed.

THE COURT: Why? Why is the fact that — you know, Mr. Driscoll, I have to tell you, I’m a little perplexed. In this case, you’ve filed several motions for transportation of your client to the U.S. Attorney’s Office, and you asked that that information be placed under seal; and that was certainly appropriate, and the government joined in that request. And I placed those requests under seal because the possibility of a defendant’s cooperation is always something that is very sensitive.

Since Butina’s plea, those prior motions to transport her that Chutkan referenced in her complaint — one dated September 21 asking to move her for a September 26 interview but lasting through October 25, and one dated October 23 specifically authorizing transport on November 7 but lasting through December 6 — were unsealed. Presumably, that’s why Friday’s order got filed unsealed, as well.

The problem, per CNN’s report, is that the latest one reveals Butina may be transported to testify before a grand jury in DC.

Russian political conspirator Maria Butina is set to meet with federal prosecutors in Washington and Virginia over the next several weeks, according to a court filing that was posted and quickly removed from a federal docket Friday afternoon.

Butina pleaded guilty Thursday to one criminal count of acting as an illegal foreign agent in the United States.
US attorneys may want to interview Butina in their offices well into January, according to the filing. She may also be requested to appear at the grand jury in Washington, according to the filing, which is a request to a federal judge to allow the currently detained Russian to be transported by the FBI for cooperation interviews.

“The purpose of the transfer is to interview the Inmate concerning an ongoing federal investigation,” the filing says.

So in addition to providing details about Butina’s future travel (possibly even a date) that might pose a security risk or put her in physical danger, it includes grand jury information that is supposed to remain secret.

All the filings together, however, reveal something of more interest: Butina has been proffering information to the Feds, probably primarily against her boyfriend, Paul Erickson, since September 26.

She was submitting to interviews in this investigation at a time when Erickson was regularly visiting her in jail.

Despite the ongoing investigations and his reported ties to Butina’s activities, Erickson frequently visits her in jail, two individuals with knowledge of the meetings told The Daily Beast. Erickson apparently expressed frustration to friends over the fact that jail staff forced him to sign into the main visitor log, fearing the media would find out.

You know how everyone hopes that a cooperating witness might wear a wire? In Butina’s case that could, potentially, have happened during her meetings with Erickson (though in the context of a jail visit, would hardly be necessary to capture the couple’s conversations). The period of her cooperation also sort of matches the time when she got moved from protective custody into the general population in Alexandria (67 days after her arrest would be September 20); she was subsequently put back in solitary, possibly because (as was discussed at the December 6 hearing) she had been communicating with the outside world via other detainees and at least one journalist.

While those revelations are of interest, what’s equally notable is the geography described, at least in the public filings. As noted, CNN says she’s cooperating on a federal investigation, singular, which is what the past motions said as well. And the locales to which she can be transported in the public filings — an interview room attached to the Alexandria jail, the DC US Attorney’s office, and a DC grand jury — don’t include Robert Mueller’s office, which is a different location in DC. There may be some involvement of the EDVA US Attorney’s Office (which might bode ill for the NRA, which is headquartered in that district). But thus far, there’s no sign that she’s being transported to cooperate with Mueller’s office.

That’s consistent with her plea, which only describes cooperation with the DC US Attorney’s office.

The plea deal is in no way definitive — after all, Mike Flynn’s plea said he’d cooperate “with this Office,” meaning SCO, but he has recently told us about cooperating with “other components of the Government” and the addendum to the government’s sentencing memo seems to reflect at least one criminal investigation outside of Mueller’s mandate (which is widely believed to involve Turkey).

But Butina has already been in custody almost as long as she’s likely to be sentenced to, meaning to do much more would entail holding her in jail to get her to cooperate for no benefit, something her lawyers presumably would be unwilling to countenance. So it may well be that she has told investigators about her boss (who, of course, retired suddenly not long ago) and her boyfriend. She may well even had gotten Erickson to incriminate himself in a venue where prosecutors easily collected it.

There’s no evidence, however, that she’s cooperating with Mueller or expected to.

A Day after Maria Butina Argues Influence Operations Shouldn’t Be Charged as Spying, Plea Negotiations Start

As a number of people reported, on Friday, the government and Maria Butina got the court to delay her case by two weeks so they can try to resolve it, suggesting they’re in plea negotiations.

In support of this motion, the parties state that they continue to engage, as they did prior to yesterday’s defense filing, in negotiations regarding a potential resolution of this matter and that those negotiations would be potentially hindered by simultaneously engaging in motions practice. The parties further agree that to make the best and most efficient use of the Court’s time and resources to decide any motions in the event those negotiations are unsuccessful, it would be prudent to continue the upcoming hearing and its accompanying motions schedule for approximately two weeks.

As part of that delay, Butina withdrew a motion submitted on Thursday without prejudice (meaning she can resubmit it if plea talks fail). The motion asked the court to declare 18 USC 951 (which is what the US government charges foreign spies with) unconstitutional as applied to influence operations.

The motion lays out a bunch of hypothetical cases with vague parallels to Butina’s to lay out the danger of using 951 to prosecute those conducting influence operations. Some are farcical, in which a thoughtful grandmother takes on the role that Aleksandr Torshin does in Butina’s operation.

An unregistered, lonely grandson from an unpopular, provincial country accepts the advice of his grandmother about how to make friends. She thoughtfully directs him to go to prayer groups and same-interest meetups to meet people with common interests. He violates section 951 if the grandmother is a foreign official, even though the grandmother provided such direction while visiting the United States on holiday.

A non-hypothetical comparison, however, is more apt, arguing convincingly that an Israeli influence tour might be prosecuted if Israelis were treated with the suspicion Russians currently are.

Consider recent events regarding Israeli soldiers touring cities across the United States for the 11th Israeli Soldiers Tour to speak at venues, including college campuses, to raise awareness of the realities of their service.10 Sponsored by StandWithUs, an Israel advocacy group funded and supported by hasbara organizations and the Israeli government, these soldiers travel the United States to conduct influence operations intended to pacify U.S. views, change foreign policy, and put a human face on the Israeli military. Is there any doubt that such unregistered agents could be charged under the same interpretation of section 951 used against Maria– for operating in the United States as “agents” of Israel when directed to go to U.S. schools and then brief their IDF11 military commanders on their reception in the United States? Is there any doubt that they wouldn’t be? The point is not that such activities are improper. They are not. However, they are precisely the kind of educational exchanges and necessary uninhibited marketplace of ideas that are sought and encouraged when foreign students and visitors like Maria are admitted to U.S. universities.

The motion ultimately argues that before using 951 against an influence operation the statute should have the kind of limits that exist in the FARA statute.

To resolve the constitutional problem presented by the statute’s broad application, this court should—at least as to political activities—narrow the sweep of section 951 so that it aligns more closely with the constitutional safeguards recognized by Congress in the Foreign Agent Registration Act (known as “FARA”).

Worse, as for cases involving ‘political activities,’ it allows the government to pursue harsher penalties with additional restraints on individual liberty, compare 18 U.S.C. § 951 (10 years imprisonment) with 22 U.S.C. § 618 (5 years imprisonment), without enduring the additional cost of satisfying higher burdens of proof, see 22 U.S.C. §§ 611(o) and 618(a) (authorizing prosecution only for “willful” violations and specific kinds of “political activities”), thus circumventing the inherent check on government overreaching that the Fifth Amendment Due Process Clause was designed to instill. If left unchecked, federal investigators and prosecutors will have strong incentives to prosecute political activity cases under section 951 instead of FARA, so they can reap the law-enforcement benefits of section 951’s penalties without paying the price of higher burdens of proof.

To avoid that distortion, this court should consider the catch-all, sweeping application of section 951 when applied to political activities, in comparison with the statutory restraints of FARA as applied to the same, in assessing whether section 951 exposes Maria to the risk of arbitrary enforcement. Such an approach would provide an accurate answer to the doctrinal question at hand: whether section 951 is constitutionally deficient (and/or in need of a limiting construction) because it “confers on police a virtually unrestrained power to arrest and charge persons with a violation” thereby permitting “policemen, prosecutors, and juries to pursue their personal predilections.” Kolender, 461 U.S. at 358.

It’s a fair argument, at least in this case. Back in August, I did two posts pointing out there was little difference between what Paul Manafort was accused of in his DC case and Maria Butina was accused of.

It’s unclear whether the plea negotiations are a response to this motion or not. Some of the evidence against Butina described thus far suggests her operation has the approval of Putin himself (though the Israeli StandWithUs tour is the kind of thing Bibi Netanyahu likely loves). But other evidence — such as a claim she’s coordinating with FSB (which, after all, is the closest analogue to the FBI) appears sketchy. So while it’s possible that Butina is a privately funded spy running an influence operation on behalf of the Russian government, it’s also true that to prove that, the government may have to share more classified information than they care to. And while I’m skeptical the constitutional challenge to 951 would work (in part because courts are loathe to tamper with national security law, in part because the claim that Butina chose to come to the US as a student does seem to have been chosen with the influence operation in mind), the government probably wants to retain their ability to use it with clearcut spies engaging in influence operations.

So I could imagine the government might be willing to settle this with either a FARA plea (which would further reinforce the FARA regime Mueller has introduced) or a visa fraud charge, particularly if Butina were willing to implicate Paul Erickson and other Americans who had helped her efforts.

Reality Gets A Harsh Sentence

With Update Below!

As many of you may already know, this morning was the sentencing for Reality Winner. She was sentenced to 63 months of incarceration and three years of supervised release upon completion of her term. The supervised release term is rather standard. She will be housed at the Federal Medical Center, Carswell in Fort Worth, Texas. The stated reason was because she is bulimic, but it seems more like a nod to her, and her family, who requested a Texas posting so they would be near. There is no pecuniary fine. I have not seen the official sentencing order yet, but have little to no doubt she will be credited with the time served in pre-trial detention since her arrest on June 3, 2017; i.e. nearly 15 months. So, assuming that, she should be released in about 4 years.

Okay, that is the hard nuts and bolts of Ms. Winner’s sentencing. If you want some more background, please see our old friend Kevin Gosztola at Shadowproof, who has been covering all the Reality Winner court appearances.

All that said, let me address a couple of things. First, the sentence was not unexpected, indeed it was stipulated to in the plea agreement Ms. Winner both signed and allocuted to in open court. While the court technically “could” have deviated downward, there was little to no chance it would given the plea language. Anybody shocked by today’s sentencing has not been paying attention.

Secondly, the government did not “block” Winner’s defenses. I had a discussion on this point with a good friend, Will Bunch, who has admirably written extensively on, and in favor of, Reality. Sadly, the law here is what it is, and not what Will and I would like it to be. Winner’s attorneys filed every motion they could, both to try to win and to protect the record. But those motions were never going to work, they never do, and they did not here.

Jeffrey Sterling also tried all of that. It did not work then, for him, either. Sterling got 42 months in prison. It is hard to compare disparate cases, but in the long run, I personally have a hard time seeing why Reality Winner was worse or more damaging than Jeff Sterling, and yet she got 1.5 times as much incarceration as Sterling. Different DOJ’s, different times and the Trump Administration was already on the record as head hunting for leakers when Winner fell into their lap. So, I guess it is not shocking. They were looking to make an example and there she was.

Now to the after show doings. The United States Attorney for the Southern District of Florida, Bobby L. Christine (never trust a man with two first names), cravenly issued a pompous press release on the sentencing. This is just a taste of the Christine hyperbolic:

The document Winner compromised did, in fact, contain TOP SECRET information about the sources and methods used to acquire the intelligence described in the report. That means it revealed how U.S. Intelligence Agencies obtained information. U.S. Government subject matter experts have determined that Winner’s willful, purposeful disclosure caused exceptionally grave damage to U.S. national security. That harm included, but was not limited to, impairing the ability of the United States to acquire foreign intelligence information similar to the information the defendant disclosed. This was, by no means, a victimless crime.

What’s more, Winner’s exceptionally damaging disclosure was not a spontaneous, unplanned event, but was the calculated culmination of a series of acts. She researched whether it was possible to insert a thumb drive into a Top Secret computer without being detected, and then inserted a thumb drive, WHICH THE GOVERNMENT NEVER RECOVERED, into a Top Secret computer. She researched job opportunities that would provide her access to classified information. At the same time, she searched for information about anti-secrecy organizations, and she celebrated claimed compromises in U.S. classified information.

Note the Trump like raging capital letters? Ooof. It was an unnecessary and prickish public release by somebody that had won and driven the vanquished into the ground. And while Bobby L. Christine took all the glory, he did not do diddly squat himself, the matter was handled by a team of career AUSA’s that he did not even have the common courtesy to mention. Very Trump like.

Okay, so why did Ms. Winner end up here? There are a lot of reasons. First off, while Winner would have pretty clearly been discovered anyway, she disclosed her material to The Intercept, which was far from the only cause of her discovery, but did her no favors either. And the Government, especially the NSA, hates, with a capital H, The Intercept. But again, Reality’s discovery was inevitable even despite that, but it is a factor.

Secondly, the Government has thought all along that she had more material than what The Intercept and Matt Cole received and published. In its sentencing memorandum, the government addressed other areas of concern as to Winner including: her insertion of flash drive into a TS/SCI NSA computer at Fort Meade; her Internet history (which other filings make clear included details on Anonymous, Vault 7, Hal Martin, Assange, and Snowden); her download of Tor; her seeking out employment at Pluribus; and her screenshots of secure drop information.

These bases were generally also why she was detained without bail. That does not make it right, and it is, and remains true, that there is far too much secrecy and cheap classification in the face of the American public’s interest. This is a textbook example of just that. But Reality Winner tried to be a whistleblower and fell into the lurch where there are no such protections for the acts she did. She paid an overly, and draconian, price for what she did because the Trump Administration needed a head on a pike. They got hers. And this morning’s sentencing was the ugly culmination of that.

UPDATE: alright, Trevor Timm at The Intercept, has posted an interesting coda to the Reality Winner goings on today.

WHEN THE INTERCEPT first published the top-secret document, reporters and editors went to the government — as they do every time The Intercept publishes classified documents — to hear the NSA’s views about any information that might truly harm national security. After listening to the agency’s arguments, and out of an abundance of caution, The Intercept redacted a few pieces of information from the document before publishing it.

A key phrase that the government wanted withheld was the specific name of the Russian unit identified in the document. The government was particularly insistent on that point. Since it wasn’t vital to the story that the unit’s name be revealed, nor was it clear — at least at the time — that revealing the unit’s name was in the public interest, The Intercept agreed to withhold it.

But in the indictment of alleged Russian military intelligence operatives that Mueller’s office released last month, the Justice Department revealed the same name: GRU unit 74455. (The unit is also known as the Main Center for Special Technology or GTsST.) The indictment went on to reveal information almost identical to that contained in the document Winner admits to disclosing:

In or around June 2016, KOVALEV and his co-conspirators researched domains used by U.S. state boards of elections, secretaries of state, and other election-related entities for website vulnerabilities. KOVALEV and his co-conspirators also searched for state political party email addresses, including filtered queries for email addresses listed on state Republican Party websites.

In or around July 2016, KOVALEV and his co-conspirators hacked the website of a state board of elections (“SBOE 1”) and stole information related to approximately 500,000 voters, including names, addresses, partial social security numbers, dates of birth, and driver’s license numbers

In or around August 2016, KOVALEV and his co-conspirators hacked into the computers of a U.S. vendor (“Vendor 1”) that supplied software used to verify voter registration information for the 2016 U.S. elections. KOVALEV and his co-conspirators used some of the same infrastructure to hack into Vendor 1 that they had used to hack into SBOE 1.

The Justice Department is trying to have it both ways: It’s OK for Mueller to publicly release this information in an attempt to prosecute alleged Russian hackers because it’s in the public interest. But at the exact same time, the government is also claiming that a document including very similar information causes grave harm to national security when disclosed to the public by someone else.

There is a lot more there at Trevor’s post. Without doubling the size of this post, I would like to second the expert opinions submitted by Bill Leonard that Trevor Timm describes and have been long a staple here. There literally is no greater expert on classification than Bill Leonard. That said, it is like the discussion in the main original post. The fight is against archaic, authoritarian and totalitarian laws and legal precedent. Until those are changed, there is reality, and then there is the regrettable case of Reality Winner.

Hybrid or Ambiguous, Asymmetric Warfare is Here to Stay

[As always, check the byline — this is Rayne with another minority report.]

After the hacking of the U.S. Office of Personnel Management, I wrote in early 2013 about asymmetric warfare. At the time I was puzzled by Americans’ surprise at such an extensive breach of a government asset by China.

We were warned in 1999 by the PRC in a white paper, Unrestricted Warfare, written by two Chinese military officers. They told us what they perceived about U.S.’ defense stance and where they were likely to press given their perception of our weaknesses and strengths.

Our own military processed this warning; it was incorporated into a number of military white papers. The U.S. intelligence community likewise digested the same white paper and military assessments of the same.

And yet the U.S. was not ready for an asymmetric attack.

More disturbingly, we were warned in 2013 — possibly earlier — that Russia was adopting asymmetric warfare. Valery Gerasimov, Chief of the General Staff of the Armed Forces of Russia, wrote a paper discussing the application of “hybrid warfare” or “ambiguous warfare,” partially exemplified in Russia’s 2014 annexation of Crimea.

Our Defense Department analyzed Gerasimov’s Doctrine, as it is now known. The CNA, a nonprofit research and analysis organization working for DOD, published a paper defining “ambiguous warfare” (pdf):

“Ambiguous warfare” is a term that has no proper definition and has been used within U.S. government circles since at least the 1980s. Generally speaking, the term applies in situations in which a state or non-state belligerent actor deploys troops and proxies in a deceptive and confusing manner—with the intent of achieving political and military effects while obscuring the belligerent’s direct participation. Russia’s actions in Crimea and Ukraine clearly align with this concept, though numerous participants pointed out that it is not a new concept for Russia.

CNA even applied a term used by the U.S. to describe Russia’s military action in Crimea — and yet the U.S. was not ready for an asymmetric attack.

The earlier paper PRC paper, Unrestricted Warfare, elaborated,

War in the age of technological integration and globalization has eliminated the right of weapons to label war and, with regard to the new starting point, has realigned the relationship of weapons to war, while the appearance of weapons of new concepts, and particularly new concepts of weapons, has gradually blurred the face of war. Does a single “hacker” attack count as a hostile act or not? Can using financial instruments to destroy a country’s economy be seen as a battle? Did CNN’s broadcast of an exposed corpse of a U.S. soldier in the streets of Mogadishu shake the determination of the Americans to act as the world’s policeman, thereby altering the world’s strategic situation? And should an assessment of wartime actions look at the means or the results? Obviously, proceeding with the traditional definition of war in mind, there is no longer any way to answer the above questions. When we suddenly realize that all these non-war actions may be the new factors constituting future warfare, we have to come up with a new name for this new form of war: Warfare which transcends all boundaries and limits, in short: unrestricted warfare.

If this name becomes established, this kind of war means that all means will be in readiness, that information will be omnipresent, and the battlefield will be everywhere. It means that all weapons and technology can be superimposed at will, it means that all the boundaries lying between the two worlds of war and non-war, of military and non-military, will be totally destroyed, and it also means that many of the current principles of combat will be modified, and even that the rules of war may need to be rewritten.

In spite of this warning, the U.S. has not been adequately prepared for asymmetric warfare.

More importantly, the U.S. has not grasped what is meant that “all the boundaries lying between the worlds of war and non-war” no longer exist.

We are in a permanent state of non-war warfare.

And we were warned.

If the CNA’s paper is any indication, the U.S. has been blinded by the lens of traditional warfare. This is an unintended conclusion we can take away from this paper: we are smack in the middle of a debris field in which our entire democratic system has been rattled hard and our president and his dominant political party in thrall to at least one other country’s leader, without a single traditional combat weapon aimed and fired at our military. Yet the paper on “Russia’s ‘Ambiguous Warfare'” looked at the possible effect such war would have on traditional defense, making only the barest effort to include information warfare. The shoot-down over Ukraine of Malaysian Airline flight MH-17 carrying EU citizens offers an example — there is little mention in this paper of Russian and separatists’ efforts to mask the source of the shooting using information warfare, thereby managing to avoid an official invocation of NATO Article 5.

Perhaps the scale of our traditional defense spending and the commitment to sustaining this spending driven by both states’ economies and by corporatocracy locked us into an unwieldy and obstructive mindset unable to respond quickly to new threats. But PRC warned us in 1999 — we have no excuses save for a lack of imagination at national scale, combined with a detrimental perception of American exceptionalism.

If there is something we can still use in this permanent state of non-war warfare, it is one of the oldest lessons of warfare, transcending place, culture, and tradition:

All warfare is based on deception. … Keep him under strain and wear him down. When he is united, divide him. Attack where he is unprepared; sally out when he does not expect you. … 

— Sun Tzu, The Art of War

What were we not expecting? For what were we not prepared? What form may the next ambiguous attack assume, and are we ready to defend ourselves?

More importantly, what does an effective, ambiguous offense look like?

Why Call Alice Donovan a Troll?

The WaPo and CounterPunch have the story of Alice Donovan, a pseudonymous persona the FBI suspected (it’s not clear starting when) of being part of a Russian influence operation. The WaPo makes it clear sources told them about the investigation (though without clearly revealing when FBI identified Donovan or when they learned about the investigation) and leaked the report behind this story (or perhaps it is all one report).

The FBI was tracking Donovan as part of a months-long counterintelligence operation code-named “NorthernNight.” Internal bureau reports described her as a pseudonymous foot soldier in an army of Kremlin-led trolls seeking to undermine America’s democratic institutions.

[snip]

The events surrounding the FBI’s NorthernNight investigation follow a pattern that repeated for years as the Russian threat was building: U.S. intelligence and law enforcement agencies saw some warning signs of Russian meddling in Europe and later in the United States but never fully grasped the breadth of the Kremlin’s ambitions.

CP first learned about it when Adam Entous called about the leaked intelligence report on her.

We received a call on Thursday morning, November 30, from Adam Entous, a national security reporter at the Washington Post. Entous said that he had a weird question to ask about one of our contributors. What did we know about Alice Donovan? It was indeed an odd question. The name was only faintly familiar. Entous said that he was asking because he’d been leaked an FBI document alleging that “Alice Donovan” was a fictitious identity with some relationship to Russia. He described the FBI document as stating that “Donovan” began pitching stories to websites in early 2016. The document cites an article titled “Cyberwarfare: Challenge of Tomorrow.”

And CP reveals they first came to believe that Donovan was fake (and not just a serial plagiarist) when a NYT story listed Donovan’s account among those that Facebook had shut down as fake.

This long story focused on dozens of phony Facebook accounts which the Times claims pushed pro-Russian messages during the election. Buried in the 28th paragraph of the story was the name “Alice Donovan.” Donovan’s Facebook page, the Times said, “pointed to documents from Mr. Soros’s Open Society Foundations that she said showed its pro-American tilt and — in rather formal language for Facebook — describe eventual means and plans of supporting opposition movements, groups or individuals in various countries.’” According to the Times, Facebook had deactivated the Donovan account after it failed a verification protocol.

CP ends by noting that for the entirety of the period when FBI was investigating this pseudonymous persona, they never informed CP.

If the FBI was so worried about the risks posed by Alice Donovan’s false persona, they could have tipped off some of the media outlets she was corresponding with. But in this case they refrained for nearly two years. Perhaps they concluded that Donovan was the hapless and ineffectual persona she appears to be. More likely, they wanted to continue tracking her. But they couldn’t do that without also snooping on American journalists and that represents an icy intrusion on the First Amendment. For a free press to function, journalists need to be free to communicate with whomever they want, without fear that their exchanges are being monitored by federal agencies. A free press needs to be free to make mistakes and learn from them. We did.

It’s an interesting example — and given my prior focus on Facebook’s intelligence apparatus (one reiterated by the revelation that Facebook has been taking down NK infrastructure of its own accord) — one that raises questions about whether FBI identified this persona or FB did.

But I’m wondering why both WaPo and CP are calling the Donovan persona a troll. While it sounds like Donovan’s election related interventions were trollish about Hillary, some of what she published at CP and other outlets clearly supported Russian policy objectives (that CP might legitimately agree with) or — as CP notes — mirrored mainstream reporting on Clinton’s emails.

Donovan served not just to poison debate, as trolls do.

So I’m wondering why people are using that term. I’m wondering, in part, why we should distinguish Donovan’s authorship (or plagiarism) of articles from leaks from foreign intelligence services, which news articles have long relied on, whether Israeli, Saudi, or Russian sources (remember, for example, how presumed Yemeni or Saudi sources have repeatedly revealed details of US or UK double agents). A number of people in DC have laughed with me about the way that Rinat Akhmetshin — a central figure in the June 9, 2016 Trump Tower meeting and as such suspected of doing Russian intelligence bidding — has long regaled mainstream journalists as a source. And I’ve suggested that Scott Balber — and American lawyer working for a Russian oligarch — may be fostering a cover story for the same meeting.

So why is one kind of intelligence disinformation called journalism and another called trolling?

10 Years of emptywheel: Key Non-Surveillance Posts 2008-2010

Happy Birthday to me! To us! To the emptywheel community!

On December 3, 2007, emptywheel first posted as a distinct website. That makes us, me, we, ten today.

To celebrate, over the next few days, the emptywheel team will be sharing some of our favorite work from the last decade. I’ll be doing probably 3 posts featuring some of my most important or — in my opinion — resilient non-surveillance posts, plus a separate post bringing together some of my most important surveillance work. I think everyone else is teeing up their favorites, too.

Putting together these posts has been a remarkable experience to see where we’ve been and the breadth of what we’ve covered, on top of mainstays like surveillance. I’m really proud of the work I’ve done, and proud of the community we’ve maintained over the years.

For years, we’ve done this content ad free, relying on donations and me doing freelance work for others to fund the stuff you read here. I would make far more if I worked for some free-standing outlet, but I wouldn’t be able to do the weedy, iterative work that I do here, which would amount to not being able to do my best work.

If you’ve found this work valuable — if you’d like to ensure it remains available for the next ten years — please consider supporting the site.

2008

We Are All Flint, MI Now

During the bailout, I did a post trying to imagine the worst that could happen if GM went bankrupt. One of my biggest worries — that China would start importing Buicks, making it far harder for US manufacturers to compete, has already happened.

This was, of course, before Republican mismanagement poisoned the entire city of Flint, MI. Perhaps the post is even more true now.

2009

Khalid Sheikh Mohammed Was Waterboarded 183 Times in One Month

While most of DC was busily engaged in both sides journalism on the impact of Obama’s decision to release the torture memos in 2009, I (and readers here!) was reading closely. Which is how I noted the reference to the 183 waterboards CIA administered to KSM in one month.

“Affordable” Health Care

Bill Supporters Still Can’t Say “Affordable”

In a series of posts at the end of 2009, I laid out how ObamaCare still required participants to spend too much of their income on health insurance and care, which would lead to lots of people to not use it. That has turned out to be one of the biggest problems with ObamaCare (and one of the reason it wasn’t all that popular until Trump tried to take it away). If Democrats ever wrest control from the Republicans again, this is a problem that still needs to be fixed.

2010

Abu Zubaydah’s Torturers Relied on July 13 Yoo Fax, not Bybee Memo

I found a lot of things (including Gul Rahman’s ID, but I waited on that to protect the identity of the CIA officer who oversaw his killing) in the Office of Professional Management report on John Yoo’s torture memos released in 201. One that remains important — and poorly understood — is that the first torture actually operated under authorization from a freelance fax from Yoo issued weeks before the famous August 1 Bybee memo, rather than the full OLC memo itself.

FDL Book Salon Welcomes Steven Rattner, Author of Overhaul

There were two or three of Bev’s badly missed book salons I hosted that I particularly enjoyed (Bob Woodward is another). But none was better than hosting Steven Rattner, for his very blinkered view of his own role in the auto bailout. The comment thread in it was epic, too, but sadly gone.

Hatfill and Wen Ho Lee and Plame and al-Awlaki and Assange

After a panel on the Scooter Libby case, I meditated on how those with the secrets increasingly use journalists as a stand in for due process. This is not a post I’ve returned to a lot, but particularly given everything that has transpired since, particularly given where Assange has gone since, it strikes a nerve.

Fifteen Years Fighting the War on Terror Would Have Inured Mike Flynn to Kidnapping

As the Wall Street Journal reported this morning, in December 2016, Mike Flynn had a second meeting with representatives of Turkey to discuss a plan to help them kidnap Fethullah Gulen.

Federal Bureau of Investigation agents have asked at least four individuals about a meeting in mid-December at the ‘21’ Club in New York City, where Mr. Flynn and representatives of the Turkish government discussed removing Mr. Gulen, according to people with knowledge of the FBI’s inquiries. The discussions allegedly involved the possibility of transporting Mr. Gulen on a private jet to the Turkish prison island of Imrali, according to one of the people who has spoken to the FBI.

The report has led to some gleeful hand-wringing (and, as always, baby cannon eruptions) from interesting quarters.

For those of us who have opposed the US practice of extraordinary rendition, sure, the notion that Flynn would work with a foreign country to assist in the illegal kidnapping of someone that country considered a terrorist does seem outrageous. But for those who, not so long ago, worried that counterterrorism success might lead us to eschew things like extraordinary rendition, I’m not sure I understand the hand-wringing.

Yet the more effectively we conduct counterterrorism, the more plausible disbelief becomes and the more uncomfortable we grow with policies like noncriminal detention, aggressive interrogation, and extraordinary rendition. The more we convince ourselves that the Devil doesn’t really exist, the less willing we are to use those tools, and we begin reining them in or eschewing them entirely. And we let the Devil walk out of the room.

Especially not when you consider Mike Flynn’s service to the country. For fourteen years, Flynn played a key role in counterterrorism policy, serving in an intelligence role in Afghanistan when we were paying Pakistan bounties just to have enough Arabs to fill Gitmo, serving as Director of Intelligence for JSOC for some of the bloodiest years of the Iraq War, then serving in another intelligence role in Afghanistan during a period when the US was handing prisoners off to Afghanistan to be tortured.

That’s what two presidents, one a Nobel Prize winner, and another increasingly rehabilitated, asked Mike Flynn to do. And in that role, I have no doubt, he was privy to — if not directly in the chain of command — a whole lot of legally dubious kidnapping, including from countries with respectable institutions of law. (In related news, see this report on MI6 and CIA cooperation with Gaddafi, including kidnapping, after 9/11.)

So having spent 14 years kidnapping for the United States, why is it so odd that Flynn would consider it acceptable to help one of our allies in turn, to help them kidnap the kinds of clerics we ourselves have targeted as terrorists.

There is, of course, something different here: the suggestion that Flynn and his son might profit mightily off the arrangement, to the tune of $15 million.

Under the alleged proposal, Mr. Flynn and his son, Michael Flynn Jr., were to be paid as much as $15 million for delivering Fethullah Gulen to the Turkish government, according to people with knowledge of discussions Mr. Flynn had with Turkish representatives. President Recep Tayyip Erdogan, who has pressed the U.S. to extradite him, views the cleric as a political enemy.

But even the notion of bribery to facilitate human rights abuses is not something the US forgoes. One of the biggest disclosures from the SSCI Torture Report, for example, is how the Bush Administration worked to bribe other countries to let us build torture facilities in their countries.

The buddies of those now scolding such arrangements were part of that bribery operation.

The big question with Flynn is whether the similar bribe for this kidnapping operation would have been different from those under the table bribes we paid for our torture facilities. Did they go into the countries’ populace, or did they get pocketed by the national security officials doing the dirty deeds?

I actually don’t mean it to be a gotcha — though I would sure appreciate a little less hypocritical squeamishness from those who elsewhere view such irregular operations as the cost of keeping the country safe (as Erdogan claims to believe to be the case here).

Rather, I raise it to suggest that Mike Flynn knows where the bodies are buried every bit as much as David Petraeus did, when he was facing a criminal prosecution to which the best response was graymail. Flynn surely could demand records of any number of kidnapping operations the United States carried out, and he might well be able to point to bribes paid to make them happen, if Robert Mueller were to charge him for this stuff. It’s different, absolutely, that it happened on US soil. It may (or may not be) different that an individual decided to enrich himself for this stuff.

But this is the kind of thing — Mike Flynn knows well — that the US does do, and that certain hawks have in the past believed to be acceptable.

On the DreamHost Warrant

You’ve probably already read about DOJ’s expansive request for information on the website Disrupt J20 via a warrant served on its host, DreamHost. The information the government has asked for would cover the browsing records of 1.3 million visitors to the Disrupt site. After DOJ served the warrant on July 14, DreamHost challenged it. On July 28, DOJ asked a court to force DreamHost to turn over the records. On Friday, DreamHost responded, laying out why they believed the request to be overly broad. DreamHost’s post on the challenge yesterday has generated a good deal of coverage.

Before I get to the breadth of the request, consider the background. The demand comes in the context of DOJ’s efforts to prosecute 200 people who participated in protests on inauguration day. While there was definitely violent destruction associated with the protests, there have been numerous reports of entirely peaceful protestors being included in the 200, including journalists.

The timing and the urgency with which DOJ is seeking the information (see the emails included in this filing) make me wonder whether this is a desperate attempt to sustain another overly broad effort, to prosecute both peaceful and violent protestors of the President. Is DOJ preparing to argue that people who accessed information via Disrupt J20, which it has associated with “a riot,” must themselves be rioters?

Note, too, that among the information DOJ will receive if this warrant is honored, is information posted on the site on how people charged might seek legal help, including emails pertaining to that section of the site. In other words, DOJ is seeking, in part, information on how people it has charged will respond to being charged (though I’m not claiming this amounts to attorney-client privilege).

It’s against that background that the breadth question gets interesting, in my opinion.

Orin Kerr argues that the warrant may not be problematic because the second step of the search would provide particularity — a focus on actual rioters — after DreamHost has turned over the information.

[I]t’s not obvious to me whether the warrant is problematic. Attachment B tells Dreamhost to turn over records to the government relating to “each account and identifier listed in Attachment A.” Notably, Attachment A doesn’t list any specific user accounts: It just lists the specific website. So the warrant seems to be telling Dreamhost to turn over pretty much everything it has on that website. I understand this to be Dreamhost’s objection. Dreamhost thinks the warrant should only require it to hand over specific records about specific users.

What makes this tricky, I think, is that Dreamhost is only involved in the initial search stage of a two-stage warrant. Computer warrants are ordinarily executed in two stages. First, the government gets access to all the electronic records. Next, the government searches through the records for the particularly described evidence. Courts have broadly allowed the government to follow this two-step procedure, in which they get all the stuff in the initial stage of electronic evidence warrants so that they can search it for the relevant evidence. Given that, Dreamhost’s objection is slightly off. As I read it, Dreamhost is essentially challenging the widely accepted two-stage warrant practice. Some federal magistrate judges in the “magistrate’s revolt” have made that argument, but they generally have been overruled at the district court level.

But DreamHost argues that the description of that second stage doesn’t provide particularity at all, not least because after laying out some seeming limiting language, the warrant then asks for “files, databases, and database records” — that is, everything.

The Search Warrant’s description of the things to be seized does not pass the particularity test. It defines what is to be seized in three ways. First, it is information that “constitutes fruits, evidence, and instrumentalities of violations of” the rioting statute “involving the individuals who participated, planed [sic], organized, or incited the January 20 riot.” Second, the information “relat[es] to the development, publishing, advertisement, access, use, administration or maintenance of” the website. Third, the information to be seized includes “files, databases, and database records.” Yet, describing the information to be seized as evidence of a crime “involving” unnamed participants in the crime does not provide any meaningful specificity. Compare Apple, 13 F. Supp. 3d at 161 (description of things to be seized identified the information as “involving any or all of the following: [individuals and entities . . .]”). Limiting the information seized to that “relating to” the “publishing” or “use” of the website also lacks the required specificity, since practically any conceivable information about a web site is related to its publishing or use. Similarly, even if the use of the term “including” after the preceding broad description imposed some limit on the information to be seized, which it does not, limiting the seizure to electronic “files, databases, and database records” is no limit at all. Finally, the lack of a date range alone fails the specificity test. See Microsoft, 212 F. Supp. 3d at 1036 (“In cases in which courts have either denied a search warrant for the entirety of an email account or suppressed evidence based on an overbroad search warrant, the warrants lacked particularity, for example, in identifying a specified date range . . . .”).

Paul Ohm raises a number of interesting points in this thread, ultimately arguing that the warrant should go to the site administrators, not to DreamHost.

This is less like a warrant to Gmail and more like one to Amazon Web Services. The warrant should go to the site admins, not @DreamHost

He also notes that the only reason the entire database for this period is intact is because the government got a preservation order using a 2703(f) preservation letter, which didn’t require any due process.

I want to add just one more point to this.

The breadth of this request is the kind of thing the government does in the national security context — they did with the phone and Internet dragnet, and probably intend to do more of if and when they get the right to obtain Electronic Communications Transaction Records via an NSL. The prosecutor, John Borchert, has prosecuted NSD cases in the past. As such, it’s worth asking whether DOJ is really treating this “riot” as a national security case, with even further chill on those who actually just protested (or in the case of journalists, reported on a protest). The debate on whether or not obtaining all the search records for a site is overbroad may well constrain what the government can do, in secret, in the name of national security.

image_print