From Failed Whistleblower to Journalistic Source: Natalie Sours Edwards Mounts a Credible Public Interest Defense

Natalie Sours Edwards, one of the sources for a series of BuzzFeed stories on Treasury and a larger, global series on Suspicious Activity Reports, submitted her sentencing memorandum last night. It is probably the most convincing example of a whistleblower-turned-leaker telling her story to explain why she did what she did. And while she was charged under a different statute than the Espionage Act — there’s a specific law prohibiting the leaking of SARs — it is a laudable effort to make a public interest defense.

She spends much of her submission (as most do) describing her background — her Native American upbringing, the series of jobs she had after obtaining a PhD in national security decision-making, first at ATF, then at CIA, and then at Treasury’s FinCEN. Not long after she moved to Treasury, she grew concerned about a number of things she was seeing: She believed Treasury was making some organizational changes without first getting congressional approval.

By April of 2016, TFI was considering a proposal to move several employees from FinCEN to OIA. May Sours Edwards and other members of FinCEN’s upper management questioned the legality of the proposed realignment. In an email to John Farley, Acting Director of Executive Office for Asset Forfeiture (TEOAF), Dr. Edwards raised concerns about whether the transfers would be consistent with Congressional appropriations and whether OIA was moving forward in spite of a direction from the Senate Select Committee on Intelligence not to proceed until the Committee had reviewed the plans for the reallocation of funds.

She was concerned — as was the Privacy and Civil Liberties Oversight Board — that Treasury had never instituted guidelines protecting Americans’ privacy when accessing records under 12333. (I had written about this problem before this period.)

Did OIA, as a member of the intelligence community, have the authority to collect and retain data domestically. Under Executive Order 12333 (“E.O. 12333”) IC entities, which OIA is, are permitted to collect information on “United States persons” only if the organization has promulgated guidelines for doing so and had them reviewed and approved by the Attorney General.11 Dr. Edwards questioned whether OIA had signed guidelines. Counsel for OIA hostilely, in Dr. Edwards’ estimation, disagreed with her interpretation of EO 12333. She believed he deliberately denigrated her during the meeting in front of the other participants in an attempt to bully her into agreeing with his position. She did not acquiesce.

11Executive Order 12333 provides in pertinent part as follows. “2:3 Collection of Information. Agencies within the Intelligence Community are authorized to collect, retain or disseminate information concerning United States persons only in accordance with procedures established by the head of the agency concerned and approved by the Attorney General, consistent with the authorities provided in Part 1 of this Order.”

After she had shared these concerns with Congress, she believed that Jacob Lew had knowingly lied to Congress about whether there were whistleblowers at Treasury.

On September 22, 2016, Treasury Secretary Jacob Lew testified before the House Financial Services Committee. https://www.c-span.org/video/?415661- 1/secretary-jack-lew-testifies-financial-stability-report&start=9046. Representative Fitzpatrick specifically asked him whether the proposed realignment was consistent with the existing budget, the issue Dr. Edwards had been raising. He also the Secretary whether there were any whistleblowers at Treasury. Representatives Jeb Hensarling and Sean Duffy later sent a follow-up congressional letter to Secretary Lew, expressing concern that the proposed “changes may violate appropriations requirements, civil service rules, and constraints on gathering and use of financial intelligence data.” They also noted that it was “troubling that Treasury is moving forward with the proposed reallocation with the intention to complete the process before a new Administration takes over in January 2017 and despite bipartisan requests to process at a more deliberate pace.” Id.

Something else of significance happened during the hearing. In response to a question from Representative Fitzpatrick, Secretary Lew stated that he was unaware of any whistleblowers in the Treasury Department. Dr. Edwards was taken aback and concerned. She was a whistleblower, a fact well known to Treasury OIG.

In the wake of that hearing, she believed that her clearance was pulled, briefly, as retaliation.

On September 27, 2016, a week after the contentious OIA-FinCEN meeting, someone at OIA ordered that Dr. Edward’s SCI (Sensitive Compartmentalized Information) clearance and her access to the SCIF (Sensitive Compartmentalized Information Facility) be revoked. Dr. Edwards questioned the basis for the action. Her clearance was reinstated the following day. Email of September 28, 2016, from May Edwards to Elizabeth Ortiz, attached hereto as Exhibit XX

She submitted two whistleblower complaints — to Treasury IG and to OSC. The latter found that she had engaged in protected activity (meaning that she had been a whistleblower), but ruled against her claims of retaliation on narrow grounds.

By letter dated May 21, 2018, OSC informed Dr. Edwards that they were closing her file. OSC concluded that Dr. Edwards’ reports to her “leadership, OIG, Congress and OSC all likely constitute ‘protected activity’ or whistleblowing under the law.” May 21, 2018, letter from OSC to Dr. Edwards, attached hereto as Exhibit HHH at 4. Further, Dr. Edwards could establish that her “management knew about [her] whistleblowing regarding, at a minimum, the issues [she] raised directly to them.” However, OSC made several findings that it concluded were fatal to Dr. Edwards’ claim that she had been retaliated against as a whistleblower. OSC could not find that there was a substantial likelihood that Treasury Secretary Lew knew of Dr. Edwards’ allegations when he testified before Congress that there were no whistleblowers in Treasury. Id. at 3. The email that outlined OMB’s direction to Treasury on communicating with Congress about the FinCEN/TSI realignment was not improper because it appeared to be directing Treasury officials not to discuss the issue in their official capacities as opposed to directing them in their individual capacities on their rights to report suspected wrongdoing to Congress

A Treasury IG Report ruled against her based on an alternative explanation provided for why the PKI of FinCEN employees had been pulled.

While finding that the problem with the IC PKI certificates was solely the result of inadvertence, the author of the audit did note that “the present working relationship between OIA and FinCEN related to the IC PKI process is strained.” Id. at 3. The two Treasury components had a “fundamental disagreement” about FinCEN’s need for access to the IC PKIs and more broadly about FinCEN’s autonomy.

She even explains how — after she started working with Jason Leopold — Ron Wyden complained that FinCEN was withholding information on Russian interference and its ties with Donald Trump.

In addition to her concern about OIA’s handling of realignment and the PKIs issue, Dr. Edwards grew to question whether FinCEN was providing complete information in response to Congressional requests for information. She was not alone in that belief. On May 10, 2017, Senator Ron Wyden made a floor statement placing a hold on the nomination of Sigal Mandelker for the position of Under Secretary of TFI. His office issued a statement explaining the Senator’s reasoning:

Senator Ron Wyden, D-Ore., today placed a hold on the nomination of Sigal Mandelker to be Under Secretary of the Treasury for Terrorism and Financial Intelligence. Wyden said he will maintain that hold until the Treasury Department provides the Senate Intelligence Committee and Senate Finance Committee information and documents related to Russia and its financial dealings with President Trump and his associates.

On Tuesday, May 9, Senate Intelligence Committee Vice Chairman Mark Warner announced that the Committee had made a request to the Treasury Department’s Financial Crimes Enforcement Network (FinCEN). https://www.wyden.senate.gov/news/press-releases/wyden-announces-hold-ontreasury-nominee-until-administration-produces-documents-on-russian-dealingswith-trump-associates. On September 22, 2017, Senator Wyden put a hold on another Treasury Assistant Secretary nominee, Isabelle Patelunas, again because of Treasury’s “refusal to provide documents related to Russia.” https:// www.wyden.senate.gov/news/press-releases/wyden-announces-hold-ontreasury-nominee-over-agencys-refusal-to-provide-documents-related-to-russia.

It’s in that context that — she described — she started working with Leopold to get Congress to return its attention to misconduct at Treasury.

When Congress’ attention to the issues May believed vitally affected the security of this country flagged, she began communicating with Jason Leopold, a reporter with the online publication BuzzFeed News. He told her that he shared her concern for national security. He assured her that the only way to revive Congressional interest was through media attention. He promised to – and did – introduce her to additional Congressional staffers. At his encouragement, she provided him with Suspicious Activity Reports (“SARs”) and other internal Treasury Department documents. He wrote articles that disclosed that information. She was arrested. He was not.

[snip]

Although Congress by then had done little to curb Treasury’s behavior, Dr. Edwards continued to believe that the only way to ensure that those responsible for the improper behavior were held accountable was through Congress. Leopold encouraged this belief: By writing articles, he could get the proper attention for the issues she believed were of vital importance to national security. This was a theme he returned to more than once when he sought information from Dr. Edwards: He could use what she gave him to write stories that would force Congress to investigate her allegations. (September 27, 2017: “We do need to keep momentum going so this story is crucial.” October 16, 2017: “We are going for the next story – keep momentum going with 12333.” January 11, 2018: “Listen, I am going to make a case that we need to leak something and report it. I am going to reach out to some of your colleagues. But this is getting ridiculous and I need to get their attention…By their attention I mean Congress).

Importantly, given the way she was charged (with a conspiracy to leak these SARs, with Leopold identified as a co-conspirator would be) she describes how hard Leopold worked to champion her efforts in Congress.

Throughout 2017 and 2018, Leopold told Dr. Edwards in their WhatsApp conversations that he was committed to her cause of uncovering and remedying corruption in the Treasury Department. He told her at times that he was acting on behalf of Congressional staff members in seeking information from her. He sought to arrange meetings for Dr. Edwards with members of Congress or their staff. Such meetings did take place. Leopold attended meetings with Dr. Edwards. Staffers encouraged Dr. Edwards to provide information they sought about the inner workings of the Treasury Department, including whether the requirements of the Bank Secrecy Act were being enforced by financial institutions as required to assist U.S. government agencies.

Remember: Before the global SARs reporting effort came out, Treasury issued a statement that can only be viewed as an attempt at prior restraint, a threat against Leopold.

Edwards’ sentencing memorandum says that the Probation office recommended two years of probation.

Dr. Sours Edwards faces no mandatory minimum term of incarceration. As discussed above, the relevant range under the United States Sentencing Guidelines, both as stipulated in the plea agreement and as determined by United States Probation, is zero to six months. PSR at ¶4, p. 28. Probation has recommended that the Court sentence Dr. Sours Edwards to a two-year term of Probation.

It is unclear whether this will work — whether Edwards will get probation. It is equally unclear whether Leopold’s laudable efforts to double down on his reporting, to raise global attention to the issue, will bring about reform at banks or in the US.

But this is what every other leaker I’ve covered has tried to do, far less persuasively: an attempt to make a public interest defense for leaking to a journalist.

“A Digital Pearl Harbor:” The Ways in Which the Vault 7 Leak Could Have Compromised US and British Assets’ Identities

The Julian Assange extradition defense yesterday started presenting evidence that Assange suffers from conditions — Aspergers, depression, and suicidal tendencies — that would make US prisons particularly lethal. It’s the defense that Lauri Love used to avoid extradition, and is Assange’s most likely chance of success. And given our inhumane prisons, it’s a perfectly fair defense against his extradition.

Before that, though, the most interesting evidence submitted by Assange’s team pertained to the three charges that he identified the identities of US and Coalition (and so, British) informants in the Afghan, Iraq, and Cablegate releases. For each of those releases, Assange’s team presented evidence that someone else — Cryptome, in one case, some Guardian journalists in another — released the informants’ identities first. At one point, the lawyer for the US seemed to suggest that Assange had made such disclosures more readily available after the identities had already been published. But Assange can only be extradited for charges that are illegal in the UK as well, and while the UK’s Official Secrets Act explicitly prohibits the publication of covert identities, it does not prohibit republication of names.

In other words, it’s the one evidentiary question where I think WikiLeaks might have the better case (the government has yet to present its own counter-evidence, and Assange has to prove that the charges are baseless to prevent the extradition, so it’s a high hurdle).

The question is particularly interesting for several reasons. Publishing the names of informants is the one charge specifically tied to publication, rather than conspiring to get Chelsea Manning to leak, making it dangerous for journalism in a different way than most of the other charges (save the CFAA charge).

But also because — in a Mike Pompeo screed that many WikiLeaks witnesses have cited completely out of context, in which the then-CIA Director named WikiLeaks a non-state hostile intelligence agency — he accused WikiLeaks of being like Philip Agee, a disillusioned CIA officer who went on to leak the identities of numerous CIA officers who was credibly accused of working with Cuban and Russian intelligence services.

So I thought I’d start today by telling you a story about a bright, well-educated young man. He was described as industrious, intelligent, and likeable, if inclined towards a little impulsiveness and impatience. At some point, he became disillusioned with intelligence work, and angry at his government. He left the government and decided to devote himself to what he regarded as public advocacy: exposing the intelligence officers and operations that he had sworn to keep secret. He appealed to agency employees to send him leads, tips, suggestions. He wrote in a widely-circulated bulletin quote “We are particularly anxious to receive – and anonymously, if you desire – copies of U.S. diplomatic lists and U.S. embassy staff,” end of quote.

That man was Philip Agee, one of the founding members of the magazine CounterSpy, which in its first issue, in 1973, called for the exposure of the CIA undercover operatives overseas. In its September 1974 issue, CounterSpy publicly identified Richard Welch as the CIA station chief in Athens. Later, Richard’s home address and phone number were outed in the press, in Greece. In December 1975, Richard and his wife were returning home from a Christmas party in Athens. When he got out of his car to open the gate in front of his house, Richard Welch was assassinated by a Greek terrorist cell.

At the time of his death, Richard was the highest-ranking CIA officer killed in the line of duty. He had led a rich and honorable life – one that is celebrated with a star on the agency’s memorial wall. He’s buried at Arlington National Cemetery, and has remained dearly remembered by his family and colleagues.

Meanwhile, Philip Agee propped up his dwindling celebrity with an occasional stunt, including a Playboy interview. He eventually settled down as the privileged guest of an authoritarian regime – one that would have put him in front of a firing squad without a second thought had he betrayed its secrets instead of ours.

Today, there are still plenty of Philip Agees in the world, and the harm they inflict on U.S. institutions and personnel is just as serious today as it was back then. They don’t come from the intelligence community, they don’t all share the same background, or use precisely the same tactics as Agee, but they are soulmates. Like him, they choose to see themselves under a romantic light as heroes above the law, saviors of our free and open society. They cling to this fiction even though their disclosures often inflict irreparable harm on both individuals and democratic governments, pleasing despots along the way.

The one thing they don’t share with Agee is the need for a publisher. All they require now is a smartphone and internet access. In today’s digital environment, they can disseminate stolen U.S. secrets instantly around the globe to terrorists, dictators, hackers and anyone else seeking to do us harm.

The reference to Richard Welch is inaccurate (in the same way the claim that WikiLeaks is responsible for release of these informants’ identities could be too). Much of the rest of what Pompeo said was tone-deaf, at best. And that Pompeo — who months earlier had been celebrating WikiLeaks’ cooperation with Russia in interfering in the 2016 election — said this is the kind of breathtaking hypocrisy he specializes in.

Still, I want to revisit Pompeo’s insinuation, made weeks after the release of the Vault 7 files, that Julian Assange is like Philip Agee. The comment struck me at the time, particularly given that the only thing he mentioned to back the claim — also floated during the Chelsea Manning trial — was that WikiLeaks’ releases had helped al-Qaeda.

And as for Assange, his actions have attracted a devoted following among some of our most determined enemies. Following the recent WikiLeaks disclosure, an al-Qaida in the Arabian Peninsula member posted a comment online thanking WikiLeaks for providing a means to fight America in a way that AQAP had not previously envisioned. AQAP represents one of the most serious threats to our country and around the world today. It’s a group that is devoted not only to bringing down civil passenger planes but our way of life as well. That Assange is the darling of these terrorists is nothing short of reprehensible. Have no doubt that the disclosures in recent years caused harm, great harm, to our nation’s national security, and they will continue to do so for the long term.

They also threaten the trust we’ve developed with our foreign partners when that trust is crucial currency among allies. They risk damaging morale for the good officers at the intelligence community and who take the high road every day. And I can’t stress enough how these disclosures have severely hindered our ability to keep you all safe.

But given what we’ve learned about the Vault 7 release since, I’d like to consider the multiple ways via which the Vault 7 identities could have — and did, in some cases — identify sensitive identities. Pompeo’s a flaming douchebag, and the CIA’s complaint about being targeted like it targets others is unsympathetic, but understanding Pompeo’s analogy to Agee provides some insight into why DOJ charged WikiLeaks in 2017 when it hadn’t in 2013.

Vault 7, justifiably or not, may have changed how the government treated WikiLeaks’ facilitation of the exposure of US intelligence assets.

Before I start, let me emphasize the Vault 7 leak is not charged in the superseding indictment against Assange, and Assange’s treatment of Vault 7 may be radically different than his earlier genuine attempts to at least forestall or delegate the publication of US informant identities. Even if DOJ’s understanding of WikiLeaks’ facilitation of the exposure of US intelligence assets may have changed with the Vault 7 release, DOJ understanding may not be correct. Nor do I think this changes the risk to journalism of the current charges, as charged.

But it may provide insight into why the government did charge those counts, and what a superseding indictment integrating the Vault 7 leak might look like.

First, although WikiLeaks made a big show of redacting the identities of the coders who developed the CIA’s hacking tools (as they did with the 2010 and 2011 releases), some were left unredacted in the content of the release. That may be unintentional. But the first FBI affidavit against accused Vault 7 leaker Joshua Schulte noted that the pseudonyms of the two other SysAdmins who had access to the files were left unredacted in the first release, something that suggests more intentional disclosure, one that would presumably require the involvement of Schulte or someone else who knew these identities.

i. Names used by the other two CIA Group Systems Administrators were, in fact, published in the publicly released Classified Information.

ii. SCHULTE’s name, on the other hand, was not apparently published in the Classified Inforamtion.

iii. Thus, SCHULTE was the only one of the three Systems Administrators with access to the Classified Information on the Back-Up Server who was not publicly identified via WikiLeaks’s publication of the Classified Information.

A subsequent WikiLeaks release (after the FBI had already made it clear he was a, if not the, suspect) would include Schulte’s username, but I believe that is distinguishable from the release of the other men’s cover names.

Schulte would later threaten to leak more details (including, presumably, either his cover or his real name) on one of those same guys, someone he was particularly angry at, from jail, including the intriguing hint that he had been exposed in the Ashley Madison hack.

 

At trial, Schulte’s lawyer explained that the leaking he attempted or threatened from jail reflected the anger built up over almost a year of incarceration, but there’s at least some reason to believe that the initial Vault 7 release intentionally exposed the identities of CIA employees whom Schulte had personal gripes with, or at the very least he hoped would be blamed other than him.

Then there’s the damage done to ongoing operations. At trial, one after another CIA witness described the damage the Vault 7 leak had done. While the testimony was typically vague, it was also more stark in terms of scale than what you generally find in CIA trials.

After describing the leak the “equivalent of a digital Pearl Harbor,” for example, Sean Roche, who was the Deputy Director for Digital Innovation at the time of the leak, testified how on the day of the first release, the CIA had to shut down “the vast, vast majority” of operations that used the CIA tools (at a time, of course, when the CIA was actively trying to understand how Russia had attacked the US the prior year), and then CIA had to reach out to those affected.

It was the equivalent of a digital Pearl Harbor.

Q. What do you mean by that?

A. Our capabilities were revealed, and hence, we were not able to operate and our — the capabilities we had been developing for years that were now described in public were decimated. Our operations were immediately at risk, and we began terminating operations; that is, operations that were enabled with tools that were now described and out there and capabilities that were described, information about operations where we’re providing streams of information. It immediately undermined the relationships we had with other parts of the government as well as with vital foreign partners, who had often put themselves at risk to assist the agency. And it put our officers and our facilities, both domestically and overseas, at risk.

Q. Just staying at a very general level, what steps did you take in the immediate aftermath of those disclosures to address those concerns?

A. A task force was formed. Because operations were involved we had to get a team together that did nothing but focus on three things, in this priority order. In an emergency, and that’s what we had, it was operate, navigate, communicate, in that order. So the first job was to assess the risk posture for all of these operations across the world and figure out how to mitigate that risk, and most often, the vast, vast majority we had to back out of those operations, shut them down and create a situation where the agency’s activities would not be revealed, because we are a clandestine agency.

The next part of that was to navigate across all the people affected. It was not just the CIA. There were equities for other government agencies. There were, of course, equities at places and bases across the world, where we had relationships with foreign partners. People heeded immediately, were calling and asking what do I do, what do I say?

And the third part of that was to communicate, which was — in the course of looking at this as a what systemic issues led to the ability to have our information out there — was to document that and write a report that would serve as a lessons learned with the idea of preventing it from ever happening again. [my emphasis]

Notably, given that Assange could be vulnerable to Official Secrets Act charges in the UK if this leak affected any British intelligence officers or assets, Roche mentioned “foreign partners” twice in just this short passage. You don’t get very far down the list of CIA’s foreign partners before you’ve damaged MI6 assets.

Of course, shutting down ongoing operations would not have been enough to protect CIA’s assets. It took just 40 days for Symantec and Kaspersky to publicly identify the tools described in the Vault 7 releases as those found targeting their clients. If the CIA (or its foreign partners) had used human assets to introduce malware into target computers, as a number of these tools required, then those assets might be easily identifiable to the organizations affected.

Part of that same leak Schulte attempted from jail explains how this might work. He described how a tool from a particular vendor (which he would have named) was actually “Bartender,” by name presumably a watering hole attack, which had been released in Vault 7.

Had he succeeded in tweeting this out, Schulte would have identified either a cover organization or one in which CIA had recruited assets which was loading malware onto target computers while also loading some kind of vendor software.

I’m not defending CIA’s use of such assets to provide a side-helping of malware when targeted organizations install real software, though all major state-actors do this. But what Schulte (without any known active involvement of WikiLeaks, though he did continue to communicate with WikiLeaks, at least indirectly, while in jail) was allegedly attempting to do was burn either a cover organization or CIA assets, who would have been immediate targets if not exfiltrated. And it provides a good example of what could have happened over and over again on March 7, 2017, when these files were first released.

But there’s one other, possibly even more significant risk.

WikiLeaks has, in the past, preferentially withheld or shared files with Russia and other countries. Most obviously, at least one file hacked as part of the Syria Files which was damning to Russia never got published, and Emma Best claimed recently there were far more. The risk that something like that would have happened in this case is quite real. That’s because the files were leaked at a time when WikiLeaks was actively involved in another Russian operation. There was a ten month delay between the time the files were allegedly shared (in early May 2016) and the time WikiLeaks published them on March 7, 2017. The government has never made any public claim about how they got shared with WikiLeaks. Details of contacts between Guccifer 2.0 and WikiLeaks demonstrate that it would have been impossible to send the volume of data involved in this hack directly to WikiLeaks’ public facing submission system in the time which Schulte did so, and several people familiar with the submission system at the time of that hack have suggested it served more as cover than a functional system. That suggests that Schulte either would have had to have prior contact with WikiLeaks to arrange an alternate upload process, or shared them with WikiLeaks via some third party (notably, Schulte bragged in jail that compressing data to do this efficiently was one of his specialties at CIA).

At trial, even though the government in no way focused on this evidence themselves, there was (inconsistent) evidence that Schulte planned to involve Russia in his efforts to take revenge on the CIA. I’ve heard a related allegation independently.

Remember, too, that WikiLeaks has never published the vast majority of the code for these tools, even though Schulte did leak it, which would make it still easier to identify anyone who had used these tools.

So imagine what might have happened had Russia gotten advance notice (either via WikiLeaks, a WikiLeaks associate, or Schulte himself) of these tools? Russia would have had months — starting well before US intelligence had begun to understand the full extent of the election year operation — to identify any of the CIA tools used against it. To be clear, what follows is speculative (though I’m providing it, in part, because I’m trying to summarize the Vault 7 information so people who are experts on other parts of the Russian treason case can test the theory). But if it had, the aftermath might have looked something like Russia’s prosecution of several FSB officers for treason starting in December 2016. And the response — if CIA recognized that its assets had already been compromised by the Vault 7 release — might look something like the Yahoo indictment charging one of the same FSB officers rolled out, with great fanfare, on March 15, just over a week after the Vault 7 release (DOJ obtained the indictment on February 28, after the CIA knew that WikiLeaks had the release coming and months after the treason arrest, but a week before the actual release). That is, Russia might move to prosecute months before the CIA got specific notice, using the years-old complaints of Pavel Vrublevsky to hide the real reason for the prosecution, and the US might move to disclaim any tie to the FSB officers by criminally prosecuting them and identifying many of the foreign targets they had used Yahoo infrastructure to spy on. Speaking just hypothetically, then, that’s the kind of damage we’d expect if any country — and Russia has been raised here explicitly — got advance access to the CIA tools before the CIA did its damage mitigation starting on March 7, 2017.

This scenario (again, it is speculative at this point) is Spy versus Spy stuff, the kind of thing that state intelligence agencies pull off against each other all the time. But it’s not journalism.

And even the stuff that would have happened after the public release of the CIA files would not just have exposed CIA collection points, but also, probably, some of the human beings who activated those collection points.

WikiLeaks would have you believe that nothing that happened after 2013 could change DOJ’s understanding of those earlier exposures of US (and British) assets.

But the very same Mike Pompeo speech that they’ve all been citing explained precisely what changed.

Wherein WikiLeaks Brags about Entertaining a Pardon Dangle from a Suspected Russian Asset and a White Supremacist

Yesterday, Julian Assange’s lawyer Jennifer Robinson had a statement (which has not been released) read at his extradition hearing describing that she witnessed a meeting between Assange and Dana Rohrabacher on August 15, 2017 (Neo-Nazi Chuck Johnson was also present), where the Congressman said he had a win-win deal to offer: Trump would pardon Julian Assange if Assange would say that the source of the stolen DNC emails was not Russia.

Robinson stated that Assange did not disclose the source. Based on reports, though, she did not appear to deny that Assange had claimed his source was not Russia, which is what Rohrabacher reported at the time.

A lawyer representing the United States did not contest Robinson’s report, agreeing that the offer occurred. But representatives from the US did state that Trump had not agreed to it (which, without access to the exact statement, could mean any thing, but Trump certainly hasn’t pardoned Assange, yet).

Amid a laudable parade of arguments at Assange’s extradition hearing about the Espionage Act and discussions of all the important disclosures associated with the 2010 WikiLeaks releases for which Julian Assange is fighting extradition — including testimony read from German torture victim Khaled al-Masri, one of the first times he has had his say in public — including this statement was a cynical, and I would argue, damning, ploy.

In spite of the frenzy from the US press about the statement, the claim is not new. It was reported immediately by the Daily Caller (I covered that report here). Then Assange tweeted and then released on Facebook a statement asserting that reports from others should not be deemed authoritative. “Only unmediated statements coming directly from me can be considered authoritative.” Rohrabacher issued a statement, in which he promised to divulge what Assange stated to Trump.

Neither explicitly admitted what was obvious, that it was a pardon quid pro quo.

In a follow-up interview with the Daily Caller, Rohrabacher claimed not to remember whether he spoke to anyone at the White House about the meeting. Then, in a follow-up interview with Sean Hannity, Rohrabacher said, “It is my understanding from other parties who are trying to arrange the rendezvous that a rendezvous with myself and the President is being arranged for me to give him the firsthand information from him.” Earlier this year (when WikiLeaks announced that Robinson was going to resuscitate this story), Kim Dot Com released texts describing how he had pushed Trump’s best friend (whom he claimed not to identify) to accept the deal.

Those texts identified the best friend as Sean Hannity, the same guy who hosted Rohrabacher to explain that, “other parties [were] trying to arrange the rendezvous that a rendezvous with myself and the President is being arranged for me to give him the firsthand information from him.”

Ultimately, Chief of Staff John Kelly refused to let the President meet with Rohrabacher, just like he refused other agents of disinformation about the Russian hack to meet with him in the same period.

Mr. Rohrabacher confirmed he spoke to Mr. Kelly this week but declined to discuss the content of their conversation. “I can’t confirm or deny anything about a private conversation at that level,” he said in a brief interview. He declined to elaborate further.

A Trump administration official confirmed Friday that Mr. Rohrabacher spoke to Mr. Kelly about the plan involving Mr. Assange. Mr. Kelly told the congressman that the proposal “was best directed to the intelligence community,” the official said. Mr. Kelly didn’t make the president aware of Mr. Rohrabacher’s message, and Mr. Trump doesn’t know the details of the proposed deal, the official said.

In the call with Mr. Kelly, Mr. Rohrabacher pushed for a meeting between Mr. Assange and a representative of Mr. Trump, preferably someone with direct communication with the president.

On its face, the pardon dangle story proves only that Julian Assange was willing to meet with someone widely presumed to be Russian asset, Dana Rohrabacher, and a far right white nationalist to help float false claims about Russia’s role in getting Trump elected. It also proves that, at the time (when Trump was desperately trying to shut down the investigation into his coordination with Russia in the 2016 election and one after another were giving false prepared statements denying such coordination), the President had a Chief of Staff with the ability to look out after his legal interests.

And while I doubt lawyers for the US will go there, in context, the fact that WikiLeaks’ defense team presented just one of the at least four pardon dangles — including one for which the import of Russian disinformation is more obvious than others — is a testament to the degree to which the true story of those pardon discussions would make WikiLeaks’ compromise by Russia clear.

Here are the known discussions of pardons since WikiLeaks released emails in such a way as to optimize their benefit to getting authoritarian torture fan Donald Trump elected.

  • Starting at least by November 16 (and probably earlier) and lasting at least through January 11, 2018, Roger Stone tried to broker a pardon; according to sworn testimony by Randy Credico, Margaret Kunstler was involved in this effort (and threatening to expose whatever role Kunstler had in the process is one of the ways Stone used to discourage Credico’s testimony).
  • Starting at least by January 12 and continuing until at least March 28, 2017, Adam Waldman — the lawyer that Assange shared with Oleg Deripaska, whom the SSCI Report shows had a central role in the 2016 operation — tried to negotiate a deal via which Assange would provide limited information to mitigate the harm of the Vault 7 leak and DOJ (or if that failed, SSCI) would give him immunity, effectively a pardon. Given WikiLeaks’ history of sharing raw documents with Russia and others, the entrée would have come long after WikiLeaks had had the opportunity to broker the files, which would have helped Russia not only identify CIA’s hacks of Russian computers, but also NOCs working for CIA. (I’ve started to wonder whether the Russian treason case from late 2016 has a tie.) John Solomon — who has spread Deripaska’s propaganda before — even blamed Jim Comey for the compromise that resulted. In short, the offer was far too late to be meaningful, but it was an effort to give Assange impunity for burning the CIA to the ground.
  • From August to October 2017, Rohrabacher pursued his pardon for disinformation deal.
  • Last week, in the guise of defending journalism, Glenn Greenwald went on Tucker Carlson’s show (where a number of people have successfully lobbied for a pardon) and pitched pardons for both Assange and Ed Snowden not, as he claimed, out of any defense of journalism or whistleblowers — both things that Trump affirmatively reviles — but instead because it’s a great way to stick it to the Obama Deep State.

So one pardon pitch immediately after Assange worked with Russia to get Trump elected, another one brokered by Oleg Deripaska’s lawyer, a third pitched by a Congressman widely believed to be a Russian asset, and finally Glenn’s pitch for a pardon as a great way to do damage to the intelligence community.

Not only did Russia figure in all of those pardon dangles, but each was pitched not as a way to honor Assange’s debt to journalism, but instead to serve Russia’s purposes. And for some reason WikiLeaks thinks that raising just one of these — while remaining silent about perhaps the most damning pardon dangle — helps prove its case that Julian Assange is a journalist and not the Russian spy the prosecutors in this case claim to believe he is.

Snowden

Snowden Lies about Outreach about a Pardon and Puts a Target on Daniel Everette Hale’s Back

I’m going to make three observations about this Edward Snowden interview, to mark it.

The interview was filmed live, Friday night US time, September 11, as the other clip indicates.

In it, Snowden repeatedly and categorically denied any outreach to the US government for a pardon.

Williams: Have you had any contact with the Administration. Did you initiate any? Have they initiated any? Have you sought a pardon from the United States?

Snowden: I have not. And this is something people have actually forgotten. There was a pardon campaign back during the Obama Administration. But I at no point actually asked for pardon myself. It was tremendously gratifying to have this level of support. But as I said, my condition for return is simply a fair trial. Now we didn’t see the Obama Administration talking about a pardon in this way and I think Trump has commented again since then that he thought treatment was very unfair, or could be. And there’s been a lot of speculation that’s come from this. But there’s been no contact. I was as surprised as anyone else to see this. But it’s very interesting to see this President thinking pardoning what a lot of people would consider [laughs] one of the big names in this new war on whistleblowers. And that’s something that we should all support seeing come to an end.

Williams: So no representative for you has done any outreach. No representative for you or you yourself has heard anything from the White House, the Administration, any government types?

Snowden: No. By hook or by crook, there’s been nothing. No contact, anything like that. I think [laughs] if that were happening, it would be certainly news that we would hear through other channels.

Williams: Let’s use plain English. The price for pardons appears to be lavish praise for this President after the fact. Is that something you’re willing to do?

Snowden: Certainly not. I don’t think a pardon is — or should be — conditioned on anything. When you look at the pardon power, it’s constitutionally derived. It’s Article II Section 2. A pardon is not a contract. A pardon is not something that you accept or reject. And it certainly shouldn’t be used as a political tool. And this is why, while I haven’t asked for pardon from the President, I will ask for A Pardon for others. When I mentioned the war on whistleblowers, this is an ongoing and continuing thing. The reason pardon is even being considered, even being debated, the fact that comments from the Attorney General are even hitting the news are because everyone who has followed these cases know, being charged under the Espionage Act as a whistleblower means no fair trial is permitted. And there are people in the United States today, serving time in prison for doing the right thing. And this is why we should see Donald Trump — or any President — end the war on whistleblowers. He should pardon Reality Winner for trying to expose election interference. He should pardon Daniel Hale for revealing abuses in the drone program. Or Terry Albury for trying to expose systemic racism within the FBI. And these are all people who are deserving of pardon. But this, when we look at pardon, pardon is intended to ameliorate unfairness, to fix fundamental flaws in our system of laws or the way they’re being applied. And there’s nowhere this is more clear right now than in the prosecution of whistleblowers under the Espionage Act.

It is, of course, a blatant lie that there has been no outreach.

Just hours earlier (I think about three?), Glenn Greenwald went onto Tucker Carlson’s show — a show that has repeatedly served as a platform for people to pitch pardons — and argued that Trump should pardon Snowden and Julian Assange. Though Glenn had promised he would be talking about journalism, he instead pitched the pardon as a good way for Trump to stick it to the Deep State. Glenn’s pitch was not only premeditated (it had been rescheduled days earlier), but it was delivered to fit Tucker’s 3 minute time slot.

So Glenn lied about defending journalism (rather than just damaging the Deep State), and Snowden lied about there being no outreach. Snowden also, in the other clip, lied about Putin taking no interest in him.

There was one truth told. When Snowden said, “if that [outreach about a pardon] were happening, it would be certainly news that we would hear through other channels,” he was effectively telling the truth. This was news on another channel: Glenn Greenwald, appearing on Fox News, just hours earlier, pitched Trump on a pardon.

Snowden, in turn, suggested that Trump was thinking of ending the “war on whistleblowers” and — at a time when Trump is ending the careers of people who make legal whistleblowing claims upholding democracy, with glee — claimed that there is no place where unfairness is more clear than the prosecution of whistleblowers under the Espionage Act.

I’ll spot Snowden that one for his own self-interest.

Then Snowden calls for a pardon for three others he suggests are serving time in prison. Reality Winner and Terry Albury are serving time. But Daniel Hale is not. He’s out on bail awaiting trial. In other words, Snowden is actually just calling to pardon everyone who leaked to The Intercept.

In fact, unless Trump decides to pardon Hale, who doesn’t have anyone lobbying him on Tucker Carlson’s show, Snowden just made Hale’s life worse.

That’s because the government believes that Hale was “inspired” by Snowden.

Moreover, as argued in more detail in Defendant’s Reply in support of his Motion to Dismiss for Selective or Vindictive Prosecution (filed provisionally as classified), it appears that arbitrary enforcement – one of the risks of a vague criminal prohibition – is exactly what occurred here. Specifically, the FBI repeatedly characterized its investigation in this case as an attempt to identify leakers who had been “inspired” by a specific individual – one whose activity was designed to criticize the government by shedding light on perceived illegalities on the part of the Intelligence Community. In approximately the same timeframe, other leakers reportedly divulged classified information to make the government look good – by, for example, unlawfully divulging classified information about the search for Osama Bin Laden to the makers of the film Zero Dark Thirty, resulting in two separate Inspector General investigations.3 Yet the investigation in this case was not described as a search for leakers generally, or as a search for leakers who tried to glorify the work of the Intelligence Community. Rather, it was described as a search for those who disclosed classified information because they had been “inspired” to divulge improprieties in the intelligence community.

That is, Snowden — who with WikiLeaks’ Sarah Harrison made sure to avoid capture so he could be an inspiration to others to follow — effectively just confirmed what the government has only alleged, and in secret, that there is a tie between him and Hale. In so doing, he has also confirmed an allegation in the superseding Assange indictment.

Between them, Snowden and Glenn are feigning that Trump would pardon anyone out of any concern for journalism or whistleblowing. Both claims are utterly absurd.

And in so doing, they’re going to make sure that any pardon Snowden gets is not because Trump cares about journalism or even wants to rein in spying (he has done the opposite, on both counts), but is done exclusively in the name of damaging the Deep State.

Treasury Threatens to Prosecute Reporters Trying to Reveal What Rod Rosenstein and Richard Burr Would Not

WikiLeaks supporters like to claim the May 2019 superseding indictment against Assange uniquely threatens journalism by treating routine journalistic activities — such as requesting sensitive information — as part of a conspiracy to leak.* That’s not entirely true.

As I’ve noted, well before Assange’s superseding indictment, in October 2018, DOJ charged Natalie Sours Edwards — one of several presumed sources for a series of BuzzFeed stories on Suspicious Activities Reports pertaining to those investigated for their ties to Russia — in such a way to treat Jason Leopold as a co-conspirator. Both the complaint justifying her arrest and the indictment include a conspiracy charge that describes how Edwards (and another unindicted co-conspirator) worked with Reporter-1, including one request pertaining to Prevezon captured on Signal.

c. As noted above, the October 2018 Article regarded, among other things, Prevezon and the Investment Company. As recently as September 2018, EDWARDS and Reporter-1 engaged in the following conversation, via the Encrypted Application, in relevant part:

EDWARDS: I am not getting any hits on [the CEO of the Investment Company] do you have any idea what the association is if I had more information i could search in different areas

Reporter-1: If not on his name it would be [the Investment Company]. That’s the only other one [The CEO] is associated with Prevezon Well not associated His company is [the Investment Company]

On January 13, Edwards pled guilty to one charge, the conspiracy one, though without any sign of cooperation.

In fact, Edwards is not the only case charged like this. While he was charged after Assange’s superseding indictment, Henry Frese, a DIA analyst who leaked reports on China to some NBC reporters, was not just charged in a similar conspiracy charge, but was wiretapped to collect evidence implicating the reporters. Because he cooperated, there’s little to prevent Trump’s DOJ from charging the journalists after the election except Trump’s well-established support for an adversarial press.

The way in which DOJ charged Edwards has become newly critical given an announcement Treasury made yesterday, in the wake of reports about how Donald Trump was never investigated for his financial vulnerability to Russia. The unit of Treasury that collects and analyzes Suspicious Activity Reports released a statement threatening “various media outlets” who were planning to publish stories on SARs.

The Financial Crimes Enforcement Network (FinCEN) is aware that various media outlets intend to publish a series of articles based on unlawfully disclosed Suspicious Activity Reports (SARs), as well as other sensitive government documents, from several years ago.  As FinCEN has stated previously, the unauthorized disclosure of SARs is a crime that can impact the national security of the United States, compromise law enforcement investigations, and threaten the safety and security of the institutions and individuals who file such reports.  FinCEN has referred this matter to the U.S. Department of Justice and the U.S. Department of the Treasury’s Office of Inspector General.

BuzzFeed has always treated their source for the Treasury story as a whistleblower, reporting not just a dispute over access to reports for intelligence reports, but also on the damning Russian information that got ignored.

As Edwards has moved closer to sentencing, she developed irreconcilable differences with her original attorneys over what she called a coerced guilty plea. And documents filed in the case provide some explanation why.

While the substance of her appeal is not entirely clear, it’s clear that she claimed legal access to certain documents — presumably SARs — as a whistleblower.

In the appellants “official capacity” as a government employee from 2015-Jan 2020 and as a whistleblower from 2015 to current, the specific documents were used during the Congressional Request Inquires & Letters from 2015-2018, the Office of Special Counsel’s investigations from 2017-2020 and the appellants legal access to the exculpatory material from 2018 to current per 31 C.F.R. § 103 “official disclosures responsive to a request from an appropriate Congressional committee or subcommittees; and prosecutorial disclosures mandated by statute or the Constitution, in connection with the statement of a government witness to be called at trial, the impeachment of a government witness, or as material exculpatory of a criminal defendant.1

As a government employee I could disclose any information in a SAR (including information in supporting documentation) to anyone, up to and including the person who is the subject of the SAR, so long as the disclosure was “necessary to fulfill the official duties of such officer or employee”2 which I did as a whistleblower and as an employee; however, once I medically resigned, 31 C.F.R. § 103 provided the legal exculpatory material as a whistleblower, administrative appellate and criminal defendant to disclose the information in court proceedings. Furthermore, the appellant was adhering to the courts upholding that disclosures must be specific and detailed, not vague allegations of wrongdoing regarding broad or imprecise matters. Linder v. Department of Justice, 122 M.S.P.R. 14, 14 (2014); Keefer v. Department of Agriculture, 82 M.S.P.R. 687, 10 (1999); Padilla v. Department of the Air Force, 55 M.S.P.R. 540, 543– 44 (1992).

After she tried to use the documents in her appeal of a whistleblower complaint, the Treasury Department Inspector General shared them with the prosecutors in her case, who in turn cited them in her presentencing report.

The agency has argued throughout the appellant no longer is an employee of the agency, the pro se appellant agrees. The agency Inspector General should not have been notified of the administrative proceedings of the court because the appellant is not an employee of the agency. There is no statue or policy that gives the agency the right to notify the agency IG of the “procedural motion” prior “to notify the other party”. Regulation 5 C.F.R. § 1201.55(a) does not state “notify Inspector General” rather it does state “to notify the other party”. The pro se appellant argues notifying the Inspector General prior to “the other party” is a violation of the pro se appellants fifth amendment.

[snip]

[T]he agency/agency IG notified the appellants criminal prosecutors of the disclosures in the IRA case. As explained above, the disclosures are permissible per 31 C.F.R. § 103. Due to the agency/agency IG notification to the government prosecutors, the prosecution requested increased sentencing in the sentencing report for the appellant/defendant thus violating the defendants fifth amendment in the criminal proceeding.

Edwards further claimed that the government withheld her original complaint to coerce her to plead guilty.

The Federal Judge found merit and significant concerns in the “letter and substantial documentation” the whistleblower defendant/appellant provided to the court concerning violation of fifth amendment, conflict of interests pertaining to the prosecution/counsel, coercion of the plea deal, criminal referral submitted against agency IG, the letter defendant sent to Attorney General Sessions and Special Counsel Mueller, etc., all elements withheld from the Federal court by both the prosecution and defense counsel.

Edwards has been assigned a new attorney (who may have convinced her not to submit this complaint as part of sentencing), and her sentencing has been pushed out to October.

There’s no way to assess the validity of her complaint or even her representation of what happened with the judge in her case, Gregory Woods. What her complaint shows, however, is that there’s a packet of information she sent to Mueller and Sessions (possibly implicating and/or also sent to Congress), summarizing some reports she believes got ignored.

If those reports show what Rod Rosenstein and Richard Burr worked so hard not to investigate, it might explain why Treasury is threatening legal consequences for reporting on them. And given how DOJ already structured this prosecution, they might well be threatening to treat reporting on the President’s vulnerabilities as a conspiracy to leak SARs protected by statute.


*WikiLeaks supporters also cite the risk of Assange being subjected to US Espionage Act prosecution. While that risk is real, in his case, the most dangerous charges (for leaking the names of US and Coalition informants) would likely be far easier to prosecute under the UK’s Official Secrets Act, which still could happen if he’s not extradited. The actions described in his indictment are arguably more explicitly criminalized in the UK than the US, even if their sentences are not as draconian.

“These Actions Have Targeted Not Only against Russia, But Also Against the President Elect”

Given the news that Donald Trump is considering pardoning Edward Snowden, there has been a lot of discussion about why Trump would do this.

It’s actually not a deviation from past actions. Just seven days after the election, Trump’s rat-fucker started working on a pardon for Julian Assange, something that Trump offered a very circumscribed answer to Mueller about. He continued to entertain such proposals, and even ordered then CIA Director Mike Pompeo to consider a theory purporting to undermine the Russian attribution of the hack, one understood to be tied to an Assange pardon.

And on March 15, 2017, Trump shared information with Tucker Carlson that would have tipped off Joshua Schulte that the FBI considered him the culprit behind the Vault 7 leaks. While Trump shared that information hours before the FBI searched Schulte’s residence and seized his passports (including a diplomatic passport he never returned to CIA), there’s no evidence that information was made public before the FBI confronted Schulte that night. Had it, though, Trump’s comments might have led Schulte to accelerate a trip to Mexico he already had scheduled. John Solomon would even go on to blame Jim Comey for not pardoning Assange in advance of the Vault 7 releases.

So Trump has repeatedly undermined the prosecution of people who released large amounts of intelligence community secrets. Snowden would just be part of a pattern.

There’s some complaint that Trump opponents — including Adam Schiff — have suggested Trump would do this (dramatically altering his prior stance) because of Putin.

In fact, Russia has deliberately encouraged Trump to believe Russia and Trump were on the same side, opposed to the US intelligence community, since weeks before he was even inaugurated.

When, on December 31, 2016, Sergey Kislyak called Mike Flynn to tell him that his intervention to undermine sanctions on Russia for interfering in the 2016 election had succeeded in persuading Putin to take no action, Kislyak told Flynn that Russia considered the sanctions — for a hostile attack on this country!!! — to be an attack targeting not just Russia, but Trump himself.

KISLYAK: Uh, you know I have a small message to pass to you from Moscow and uh, probably you have heard about the decision taken by Moscow about action and counter-action.

FLYNN: yeah, yeah well I appreciate it, you know, on our phone call the other day, you know, I, I, appreciate the steps that uh your president has taken. I think that it is was wise.

KISLYAK: I, I just wanted to tell you that our conversation was also taken into account in Moscow and …

FLYNN: Good

KISLYAK: Your proposal that we need to act with cold heads~ uh, is exactly what is uh, invested in the decision.

FLYNN: Good

KISLYAK: And I just wanted to tell you that we found that these actions have targeted not only against Russia, but also against the president elect.

FLYNN: yeah, yeah.

“Yeah, yeah,” Trump’s weak-kneed National Security Advisor with 30 years intelligence experience said in reply.

We don’t need to speculate about whether Russia has encouraged Trump to view Russia as an ally against a hostile American Intelligence Community. We have proof. And even Mike Flynn, with a victim complex only a fraction as Yuge as Trump’s own, simply nodded along.

I mean, if Trump does pardon Snowden, by all means he should accept it — it likely would save his life.

But if you believe Trump is considering this out of any belief in whistleblowing or transparency — or even opposition to the surveillance that has ratcheted up and gotten less accountable under his Administration — you’re simply deceiving yourself.

And, yes, there is concrete evidence that Russia has cultivated Trump’s antagonism against the IC — well before Trump’s own actions led the FBI investigate him personally — so much that he might pardon Snowden to harm them.

“ur submission form is too fucking slow, spent the whole day uploading 1 gb.”

As I noted, one of the Roger Stone-related warrant applications released last week includes more details on the communications between the Guccifer 2.0 persona and WikiLeaks leading up to the DNC release. Emma Best examines the filing from a perspective of how someone, purportedly with no prior relationship to WikiLeaks, would go about transferring even a marginally significant submission to WikiLeaks. Almost a month of back-and-forth transpires between the first contact with Guccifer 2.0 and the successful transfer of the DNC files.

A key exchange, however, happened on July 6, 2016. After Guccifer 2.0 inquires whether WikiLeaks received some documents Guccifer 2.0 sent, the persona gets cranky because it took so long to upload a 1 GB file to WikiLeaks submission system. [I’m using Best’s conversion of this filing into a nifty transcription.]

Guccifer 2.0: “fuck, [I] sent 4 docs on brexit on jun 29, an archive in gpg[.] ur submission form is too fucking slow, [I] spent the whole day uploading 1 gb”

WikiLeaks: “We can arrange servers l00x as fast. The speed restrictions are to anonymise the path. Just ask for custom fast upload point in an email.”

Guccifer 2.0: “will u be able to check ur email?”

WikiLeaks: “We’re best with very large data sets. e.g. 200gb. these prove themselves since they’re too big to fake”

Almost two weeks into this exchange, WikiLeaks says they can arrange for a custom server to transfer larger data sets — of around 200 GB.

These exchanges should, to a significant extent, be considered theater. Both sides of this conversation knew that the FBI would be watching all DMs between WikiLeaks and the Guccifer 2.0 persona. So it can’t be taken as a definitive indication of how any files get sent.

Still, it shows how WikiLeaks would respond, using the public communication accounts, to a request to submit data in July 2016.

That’s significant because it shows how things might have proceeded, two months earlier, when Joshua Schulte allegedly sent 1TB of data to WikiLeaks on May 1, 2016.

While the prosecution in Schulte’s case provided forensic evidence to explain when he stole the CIA files and sent them to WikiLeaks, key gaps remain (perhaps most notably, how he got the files out of his building, though that may be because of certain classification decisions). And because Schulte used Tails and wiped his devices afterwards, there’s no record of him actually sending the files.

Here’s how prosecutor Matthew Laroche described that process in his closing arguments.

Just as a general matter, you know this information was transmitted to WikiLeaks because they posted it on the internet. They obviously got it, and the question is when did he send it?

And that’s answered by what he did on the 30th and May 1. Let’s look at the evening of the 30th.

At 6:47 p.m., he is searching for Google history and Google view browsing history. He is concerned about what he’s been searching for. On the evening, that night, he is searching for digital disk-wipe utility on several occasions, and at 10:52 p.m., he visits a website Kill Your Data Dead With These Tips and Tools. The defendant is interested in finding out how to securely delete information that might connect him to the leak, anything that he might’ve brought home with the leak on it, anything that he might’ve used to transfer it.

And at 10:55 p.m., he runs a similar search for SSD wipe utility. And you’ll remember all those hard drives that were recovered from his home. He was wondering how to wipe them to make sure that there was no evidence of his activities.

Now, overnight, he continues working.

At 12:19 a.m., the defendant mounted his D drive onto his virtual machine, the same D drive that had those encrypted files, data2.bkp through data6.bkp. They’re in his D drive. He mounts his D drive.

Then, overnight, he is constantly looking at his computer. On at least four occasions, he is unlocking his virtual machine in the middle of the night: 1:57 a.m.; 2:34 a.m.; 2:56 a.m.; 3:18 a.m. He is doing that because he is transferring data and he wants to make sure it’s happened correctly. And you know that is the case because of the Google searches he runs at of the end the night and the early morning.

At 3:18 a.m., just after he unlocks his screen saver, the defendant searches for How Long Does It Take to Calculate MD5?

Remember, calculating an MD5 is a way to confirm that what you transferred from one place to another is the same, that it went correctly, that there were no errors. You calculate an MD5 to confirm that what you transferred transferred correctly, and that’s what he’s looking for at 3:18 a.m.

Then at 3:21 a.m., the defendant visits a website, How Can I verify That a 1TB File — one terabyte file — transferred correctly?

That description is based off this forensic testimony from Michael Berger.

Prosecutors described this as happening overnight. Overnight transmission of a 1TB file using WikiLeaks’ public submission site would be utterly impossible given the state of it at the time and the volume of data Schulte was transferring, and probably impossible regardless of how much time someone spent. Overnight transmission of 1TB of data using Tails, even to a dedicated server, would be difficult enough. Best describes that, “1 TB over Tor in one night is unlikely.”

The government timeline does have Schulte in possession of the data earlier than that, potentially giving him a week to transfer the data, with this process describing just the end of the process.

Still, the way this would happen, normally, would be for WikiLeaks to set up a dedicated server to accept the files. And that would take prior communication. Such communication likely would have happened over Jabber, not Twitter (Schulte’s opsec was piss poor in many ways but he did use Jabber).

Such a prior conversation is entirely consistent with testimony provided elsewhere, where prosecutors focused on the website’s alternative submission process.

But the seeming necessity for prior communication before this transfer happened suggests Schulte’s alleged theft and transfer of the files might not have been as reactive a decision as portrayed in his prosecution.

It would take premeditation to send WikiLeaks a 1TB file, whatever the timing. Prosecutors may know that, and have an explanation for when such prior communications happened, but they’re withholding those details for any of a number of reasons. Or it may be a big hole in this story. Schulte insists he didn’t do it and a jury failed to convict.

One way or another, however, the state of the WikiLeaks’ submission system as it existed in 2016 presents a big gap in prosecutors’ current story.

Update: Two important details for those trying to figure out how long this transfer would really take. First, Schulte ran a commercial server specifically focused on video streaming at the time, so his upload speeds would not limit the transfer time at all. Second, Schulte at least claimed that hiding data for exfiltration was his speciality. That by itself wouldn’t help him send stuff to WikiLeaks, at least not without prior contact. But it does mean that the means by which he transferred this file relied on tools he has developed at CIA.

When Julian Assange Testified before a Nation-State Investigation of a Suspected Spy…

Back on December 20, 2019, Julian Assange testified in a nation-state’s investigation of someone suspected of spying for another nation-state. He testified pursuant to international legal process that got challenged on jurisdictional grounds, but ultimately upheld. While El País provided a report of his testimony, the testimony itself was not open to the press.

As he testified, Chelsea Manning and Jeremy Hammond sat in jail in Alexandria, VA, being held in contempt for refusing to testify, under a grant of immunity, in their own nation-state’s investigation of someone suspected of working with the intelligence services of another nation-state. Related charges are being challenged on jurisdictional issues. Manning, at least, claims she won’t testify because any hearing — like the one Assange testified in — would not be public. Tomorrow, prosecutors in EDVA will bring Manning before the grand jury again, in a third attempt to get her to testify before a hearing on Friday over her motion to be released based on an assertion the coercion of contempt will never bring her to testify.

This is just one irony about the way WikiLeaks supporters are treating the investigation of David Morales, the owner of a security contractor that provided the security for Ecuador’s embassy until 2018. Morales is accused of spying for the CIA — that is, spying for a third country’s intelligence service.

There are some problems or obvious alternative explanations for the accusations against Morales, but even assuming the allegations are true, there is little that separates what Morales would have done from what Assange did on at least one occasion: work as a willing participant in a third country’s intelligence service operation compromising the privacy of private citizens. Indeed, there are allegations of Russian involvement in two other WikiLeaks-related publications: there were Russians active in Stratfor hack chat rooms, and Joshua Schulte allegedly expressed an interest in Russian help (though the allegations are contradictory and post-date the initial leak to WikiLeaks, which I’ll return to).

You might argue that Morales’ surveillance of Assange — on whoever’s authority — constituted a far more serious privacy violation than those WikiLeaks has committed by publishing the private emails of John Podesta and the private information of Turkish, Saudi, and third party citizens. That might be true in first instance, but since some of the people exposed by WikiLeaks’ publications live in authoritarian countries, the secondary effects of WikiLeaks’ publication of details about private individuals might not be.

(I have heard, directly and indirectly, multiple consistent allegations about WikiLeaks itself engaging in practices that constitute privacy violations of the sort implicated by the surveillance of Assange, but it would take a law enforcement investigation to substantiate such claims, most of the affected parties would never want to involve law enforcement, and some investigations would be barred by privilege protections.)

Ultimately, though, Spain’s investigation into UC Global is the same thing the US investigation into WikiLeaks is: a properly predicated nation-state investigation into someone suspected of engaging in espionage-related activities with a foreign intelligence service. There are legitimate reasons why those who respect privacy might support both investigations.

WikiLeaks supporters might argue that it’s different because it’s the United States. That’s a perfectly justifiable stance, but if it’s the basis of supporting one investigation and another, should be admitted explicitly. WikiLeaks supporters might argue it’s different because Assange is the alleged victim, but that doesn’t change that there are victims (and not just spy agencies) that the US is trying to protect with its investigation.

Manning and Hammond say they are refusing to testify because they object to American grand jury practices. That amounts to civil disobedience, which is certainly their prerogative. They are paying a steep price for that civil disobedience (as both already paid with their decisions not to cooperate after pleading guilty). But when WikiLeaks supporters complain about the treatment Manning is suffering for her stance, they might think about the fact that — when it came to testifying in an equivalent inquiry — Julian Assange had none of the objections to testifying.

The Inconsistencies of the UC Global Julian Assange Spying Story

Tomorrow, the first of two extradition hearings for Julian Assange starts. In addition to the least damning of several pardon discussions that happened with Assange, the hearing will include discussion of allegations that Assange was spied on in the Embassy, the most recent incarnation of which appeared in the Australian press today. In addition, NYT covered the story here, some key El País stories are here, and Andrew Müller-Maguhn did a presentation on it at CCC.

The story goes that a Spanish company employed to ensure security in the Ecuadorian Embassy, UC Global, significantly ratcheted up the level of video and audio surveillance of Assange in 2017. Additionally, Spain is investigating whether the head of that company, David Morales, shared that surveillance — possibly in real time — with the United States, allegedly directly with the CIA.

I’d like to point to some inconsistencies in the stories. I’m not defending the levels of surveillance of Assange — but neither would I defend the gross abuses of privacy WikiLeaks has committed against private citizens in the US, Turkey, Saudi Arabia, and other countries. Nor am I contesting that the surveillance took place. I’m even willing to stipulate that the surveillance got shared with the US (though no story on this topic convincingly substantiates this, and some of the public bases for the claim CIA was the recipient are flimsy).

What legal regime has jurisdiction

One interesting question about all this pertains to the legal regime. This is surveillance conducted by a Spanish company with US business locations on Ecuadorian territory being raised in a post-Brexit British legal proceeding regarding extradition to the US. The surveillance of the embassy is Ecuador’s concern — and whatever you think of Rafael Correa’s Bolivarist politics, he embraced really intrusive surveillance. The sharing of data from the EU to the US — whether directly from the UK or via Spain — might come under GDPR or Privacy Shield protection, except EU law excepts out national security from these laws, which would apply here. And because UC Global does and did business in the US (it even had a location in New Mexico in 2016), it might be subject to subpoena or other legal process to conduct surveillance.

As it pertains to the question of extradition, as I understand it, the law in the UK has to do with proportionality, and as we’ll see, what we’re really talking about is surveillance of Assange during a period of investigation of one of the worst breaches of any Five Eyes intelligence agencies in history, Vault 7 (not the 2016 publications), and the surveillance ratcheted up during a period when WikiLeaks was still publishing those files. Which likely means the UK is going to be very permissive in how it weighs the question of this surveillance, because this was about an investigation into someone who helped burned a Five Eyes spying partner to the ground.

The escalation of surveillance happened after Vault 7 started

Virtually all of these stories obscure the timing, as illustrated by this AMM slide.

A key part of the story suggests that because UC Global owner Morales got a contract with Sheldon Adelson in 2015, under the Obama Adminsitration, that somehow proves CIA involvement, and some of the reports on this make it clear that UC Global was working for Adelson, which negates the entirety of his role. Sillier still, that Morales traveled to Chicago is no indication of a tie to CIA.

Once you’ve dismissed that, then it’s clear the escalation didn’t start in earnest until June and July 2017.

In his talk, AMM mentions that the US was unhappy about certain “publications,” plural, without describing them. There’s good reason to be silent about it — the same silence that WikiLeaks supporters like to enforce elsewhere. WikiLeaks was not only publishing CIA’s hacking tools with thin — and inaccurate — claims to justify doing so in the guise of journalism, but WikiLeaks was and is sitting on CIA’s actual hacking tools.

At the time, WikiLeaks was in ongoing communications with accused Vault 7 leaker Joshua Schulte (communication it continued at least as long as June 2018, when WikiLeaks posted the blogs Schulte published from jail, but probably even after that). The targeting of Schulte, himself, might explain some of this surveillance. And Morales’ presence in Alexandria (which AMM misstates as Arlington) is utterly consistent with someone subject to US subpoena appearing before a grand jury in EDVA; surveillance records are considered business records in the US subject to subpoena.

Certainly, questions about what WikiLeaks was doing with the still unpublished hacking tools might have elicited the surveillance. And in the months before the surveillance actually ratcheted up in December 2017 (which is when the surveillance in question really began), Schulte was doing some things on Tor that may have included reactionary communications with WikiLeaks.

Even AMM’s presentation, however, confirms that before December 2017 — that is, before the US finally detained Schulte and charged Assange — much of Assange’s private space was not covered by the surveillance. That actually dramatically contradicts claims about surveillance of Assange made in the past.

From there, all the stories make much about the events of December 21 and 22, 2017 (indeed, AMM presents the planned Ecuadorian-Russian exfiltration on those dates as a potential US kidnapping).

But here, too, the timing is obscured. The Australian piece, for example, suggests the surveillance put in place in anticipation of these events was a response to it.

“It got to the point where, during a visit to Mr Assange, the head of Ecuador’s intelligence service [Rommy Vallejo, on December 21, 2017] was also spied on,” Martinez added.

“In the meeting between Mr Vallejo and Mr Assange the possible release [from the embassy] of Mr Assange in a few days later was discussed.”

Within hours of that secret meeting, which was known to only a few people, the US Ambassador to Ecuador complained to Ecuadorian authorities, and the next day the US issued an international arrest warrant for Assange, Martinez said.

“That leads us to believe that the conversation was urgently sent to the US authorities and that they urgently issued the international arrest warrant the next day,” he said.

There’s a lot to be told about the events of December 21, which is the day Assange was actually charged. But events pertaining to Schulte preceded them. And Ecuador’s designation of Assange as a diplomat on December 19 — and the UK’s rejection of it — would have alerted the UK (and through them, the US) of the events two days before the meeting in question, without any surveillance.

Finally, as AMM notes, “PROM” took over surveillance after Ecuador made a security agreement with the US in April 2018. AMM suggests that that, for the first time, made such surveillance illegal. There’s no basis for that, particularly given that UC Global has a US component. Moreover, it was PROM, and not UC Global, that allegedly engaged in the corrupt sale of surveillance records, something that often gets lumped on UC Global.

In summary, say what you will about this surveillance, which clearly became oppressive in December 2017. Say what you will about whether obtaining all of CIA’s hacking tools and sitting on most of them is “journalism.” But if you’re going to talk about why surveillance ratcheted up, you do need to account for the fact that WikiLeaks was engaged in activities that resemble what CIA does, not what journalists do.

Assange has 1,000 lawyers

One of the key allegations is that this surveillance collected on conversations between Assange and his lawyers. The most recent Aussie version points to meetings with Geoffrey Robertson and Jennifer Robinson.

While this may be typical surveillance at a secure diplomatic property, what Robertson did not know was he and a handful of other lawyers, were allegedly being targeted in a remarkable and deeply illegal surveillance operation possibly run at the request of the US Government.

And recordings such as Robertson’s visit are at the heart of concerns about the surveillance: privileged legal conversations between lawyer and client in a diplomatic residence were recorded and, later, accessed from IP addresses in the United States and Ecuador.

Robertson was only one of at least three Australian lawyers and more than two dozen other legal advisers from around the world that were caught up in the surveillance operation.

Long-time WikiLeaks adviser Jennifer Robinson was one of the other Australian lawyers caught in the spying operation.

Jennifer Robinson is a pretty important lawyer for WikiLeaks, but even here she’s described as an “advisor.” And WikiLeaks has a long history of gaming legal representation, up to and including using it to obtain visibility about the defense of related persons.

Randy Credico even joked about how many people are claimed to be WikiLeaks lawyers at Roger Stone’s trial.

Q. Margaret Kunstler is one of WikiLeaks’s lawyers?

A. You’ll let — she’s going to have to describe her role as a — what her role is with WikiLeaks. You know, I don’t — he has — Julian Assange has about 1,000 lawyers. You know, Michael Ratner was one of his lawyers. Alan Dershowitz was one of his lawyers.

Q. Thank you.

A. There are a lot of lawyers. All right? But, that — you know, who’s a lawyer —

Robinson will present the Dana Rohrabacher story as a witness this week, so it’s worth attending to precisely what legal role these lawyers are playing.

Even if this surveillance was shared in real time with the United States, there are protocols in both the CIA and FBI about how to deal with it. The meetings were surveilled. That doesn’t mean the meetings with the lawyers actually representing him were viewed by American authorities.

Steve Bellovin Weighs in on the Schulte Mistrial Request

Steve Bellovin, who for the reasons I laid out in this post, has impeccable credibility, has now weighed in on accused Vault 7 leaker Joshua Schulte’s bid for a mistrial. Bellovin is Schulte’s technical expert, and lost a bid last August to get direct forensic access to the workstation and servers at issue in his case.

The current bid for a mistrial is based on two complaints: first, DOJ withheld notice that the CIA had put Schulte’s buddy, Michael, on paid administrative leave last August until the day Michael testified. In addition, Schulte argued they had gotten inadequate forensic discovery to challenge the government’s case.

Ultimately, I think this bid — even with Bellovin’s renewed request — will likely not work. With regards to the forensics demand, this is really a complaint about a decision Judge Paul Crotty made under the Classified Information Procedures Act last summer, which Schulte renewed based off unpersuasive claims about the scope of one of the testimony of one of the government’s expert witness, Patrick Leedom, at trial. Schulte certainly can and no doubt will appeal Crotty’s decision, but the government claimed in its response that the defense didn’t make the more tailored requests for information that were permitted under Crotty’s order.

While the defendant has maintained his stubborn insistence on full forensic images, he has failed to actually make use of the information the Government provided, such as the data on the Standalone, to explain why the discovery produced by the Government was inadequate, or to take the Court up on its repeated invitation to the defense to make more narrow requests. In United States v. Hill, the court did order the Government to produce two mirror images of hard drives containing child pornography to the defense. See 322 F. Supp. 2d 1081, 1091 (C.D. Cal. 2004). Hill, however, does not involve the requested disclosure of an unprecedented and staggering amount of classified information without a showing that the information would be both “relevant and helpful,” as required by CIPA.2

With regards to the late notice about Michael’s paid leave, I think (though am not certain) that this is actually a Jencks issue, and I think (though am not certain) the government did comply with the letter of the law even if withholding the report was dickish and unnecessary.

In his declaration, Bellovin makes a frivolous point about Michael as an excuse to complain about both issues raised in the mistrial motion: that there was a common password to Confluence that Michael could have used to access the backup files from which Schulte allegedly stole the files.

The government makes a number of specific assertions that are misleading or simply false. For example, the government states that certain FBI reports “make clear that Michael never had Atlassian administrator privileges and thus did not have the ability to access or copy the Altabackups (from which the Vault 7 information was stolen).” Gov’t Opp. at 8. As a simple factual matter, this statement is untrue. The possession of “Atlassian administrator privileges” had nothing to do with the ability to access or copy the Altabackup files. Rather, what was needed was log-in access, i.e., a working user name and password, to the Confluence Virtual Machine (or “VM”). Michael certainly had such log-in access. As shown in Leedom Slide 60 (GX 1207-10 and GX 1207-11), which is described as “April 16, 2016 Confluence Backup— password and shadow files,” a user name called “confluence” is listed (Slide 60, GX 1207-11, third line from the bottom). The password for this user name was listed on a web page that was accessible to all OSB members, including Michael, and was used for many other log-ins throughout the organization. See GX 1202-5 (listing one commonly used password as “123ABCdef.”). This password was valid both before and after April 16, 2016. So if Michael had simply typed that password into the Confluence VM on April 20, 2016, along with the user name “confluence,” he would have had access to the Altabackup files from which the Vault 7 information was allegedly taken.

Not only has the defense known this for over a year, I even pointed to the availability of root passwords days after the initial leak in March 2017. So nothing about the late notice on Michael prevented Schulte from arguing this from the start. Moreover, this is something the government already addressed in their response.

 Finally, the defense complains that he should have been able to examine the Confluence virtual machine to determine whether another user had “root” access, such as Michael. Again, the defendant’s argument fails. Initially, the defendant has been on notice since December 10, 2018 that Michael had “root” access to the ESXi Server, given that that fact was referenced in three different 302s produced to the defense at that time. Moreover, the defense has been provided with the available ESXi Server logs in discovery, such that he could have tried to determine whether any other user was logged in using the “root” password (there was not any such other user logged in during the reversion). Furthermore, to extent the defendant is complaining about the Confluence log files specifically, his assertion fails for two reasons. First, the Confluence log files of the activity on the Confluence virtual machine were deleted when the defendant reversed the reversion. Second, the Government produced to the defense the remaining Confluence application logs from April 7, 2016 through April 25, 2016 on June 14, 2019.

I remain sympathetic to Bellovin’s request in principle, but doubt that it will work legally in this instance. Plus, given Sabrina Shroff’s strategy on everything else, it seems they didn’t make the expanded requests earlier to leave open this opportunity to complain now.

What happens on appeal is a different issue though, one that goes to the heart of how CIPA gets applied in a computer hacking case like this. The government has, successfully, argued that the forensics of this case amount to classified information that must first qualify under the CIPA requirement that evidence is both relevant and helpful to the defense. I’m reasonably comfortable that the government has given Schulte enough forensics to test their theory of the case — that is, to test whether Schulte did revert backups on April 20, 2016 and access — and so presumably copy — the backup copy of the files published by WikiLeaks. But there are two questions they didn’t provide enough forensics to answer.

The first pertains to whether anyone else ever used the weak protections of these servers to do anything suspicious.

It’s clear that one prong of whatever defense Schulte will offer (and therefore what Bellovin will do in his testimony) is that CIA’s security was woefully inadequate, both in their physical space (Schulte was able to bring in thumb drives on at least two occasions and, the prosecution’s case suggests, even two hard drives) and digitally. Schulte’s lawyers have already brought out aspects of this on cross. What Bellovin won’t be able to do (aside from pointing to a time someone swapped the cables accessing the Internet, which resulted in a massive effort to clean up any data pollution of the CIA network) is point to any damage from real security incidents, aside from Schulte’s. And while that’s not necessary to rebut the government’s theory of the case, it is a part of arguing that Schulte was concerned about security himself (a claim that multiple witnesses have already credibly debunked) but also that the government was not making sufficient efforts to keep this National Defense Information secure, which is an element of the Espionage Act charges.

A far more interesting question pertains to the evidence against Schulte. Schulte is accused of stealing both the “Confluence” files — which are development notes — and “Stash” — which includes source code and user guides. The entirety of the Confluence files were posted on WikiLeaks on March 7, 2017, whereas a bunch of files from Stash were published, drip by drip, until November 2017.

The government has presented a compelling case that Schulte accessed a March 3, 2016 copy of Confluence and made a copy, based on existing logs of that back-up.

But it has not been able to do the same with Stash, I believe because the log files were deleted after the reversions that Schulte did on April 20, 2016, as elicited in cross-examination of “Dave,” the SysAdmin witness.

Q. That was confusing, you saying “yes,” me saying “okay.” Let’s talk about these missing Stash logs, okay? You said that you never would have in a security system or in a secure system lose logs, correct? A. Correct.

Q. And you were asked about missing logs, correct, missing logs from January 14 to April 21, correct? You remember that?

A. I’m sorry, I apologize, not really. But if it’s in the report, I may have talked about it.

Q. Let’s look at 3515-09. Page four. You were asked about missing logs from January 14 to April 21, 2016. Correct?

A. Is this — which exhibit is this? I apologize. I don’t have the right — do I have the right one?

The government has instead tracked file sizes and a copy date range to suggest that Schulte copied those files on that same date, here in testimony from expert witness Michael Berger.

Q. So what was your conclusion as to when the data, the range for the data?

A. For Stash we identified the range of data being from February 26, 2016, at 9:36 a.m., and March 4, 2016, at 9:45 a.m.

Q. Can you remind us, was there an identical hash for the marble file at March 1st?

A. Yes, there was.

Q. Was there a reason why you didn’t use March 1st here instead of February 26?

A. Yes.

Q. What’s that?

A. The reason is because that the files were identical, we didn’t want to assume that the data had to have come after March 1st. We took a more conservative approach and we slid our date back to being as possibly coming from after February 26 instead.

[snip]

Q. Let’s move on to the next. What does this reflect?

A. This reflects both the Stash and Confluence analysis. Looking at Stash, we can see that the data that was on WikiLeaks corresponds to the data from between February 26, at 9:36 a.m. and March 4, at 9:45 a.m. Looking at the Confluence data points, we’re able to get a smaller window that shows between March 2, 3:58 p.m. and March 3, at 6:47 a.m.

To some degree this doesn’t matter: leaking Confluence by itself would be a violation of the Espionage Act and so sufficient for guilty verdicts. But absent that evidence, the defense will be able to point to other questions about the Stash back-up made during the change in privileges on April 18, 2016, notably that the SysAdmin who changed privileges to the network on April 18, 2016, Dave, kept one copy on his desk and one copy on a hard drive he subsequently misplaced.

Q. You never told the FBI, did you, that you ever moved it to a locked compartment in your desk, correct?

A. Correct.

Q. And you also said that you actually couldn’t even recall if you had wiped the information about Stash off of that hard drive, correct?

A. Correct.

Q. And sitting here today, you have not a clue as to where that hard drive is, correct?

A. No, I don’t.

I don’t rule out Schulte using someone else’s privileges to delete the Stash logs (for example, he had and used the credentials of “Rufus,” a guy who was supposed to work in SysAdmin but moved on after a short period, in his April 20 hack). But the government hasn’t shown that, perhaps because doing so would implicate one of their key witnesses.

Given the cross of Patrick Leedom, I think it quite likely Schulte’s team knows what happened and plans to unveil it to maximal advantage during their defense.

Q. And according to you and the government, shortly afterward, during this reversion period, the theory is that he also accessed the Stash backup file, correct?

A. That would be correct.

Bellovin may have a very good idea of where such evidence would be — I’m particularly intrigued by this request, because the government doesn’t appear to understand why Bellovin asked for it — and may even know, via Schulte (who spent a lot of time on obfuscation) that it would look exculpatory (but that’s based on the government’s response, not any understanding of what this might show).

The defendant argues that he could not test the vulnerability of the “DS00 file system,” without access to the mirror image of the NetApp Server. The defendant does not explain why this forensic artifact would demonstrate any vulnerabilities or how any part of Mr. Leedom’s testimony-which did not reference the file system-implicated this assertion. Therefore, the defendant has not established that a mistrial is required based on this claim.

Then there’s a far more interesting question. As of the date of completion of a WikiLeaks Task Force Report on October 17, 2017, as brought in via the testimony of Sean Roche, the CIA had only moderate confidence that WikiLeaks hadn’t obtained the “gold repository” of finished exploits.

Q. Right. All you know is, in 2017, WikiLeaks published it, correct?

A. That’s correct.

Q. And did you by any chance learn that even after 2017 publication, the CIA still did not know whether or not WikiLeaks had the information from the gold repository?

MR. DENTON: Objection.

THE COURT: Overruled.

A. Could you repeat that, please, ma’am.

Q. Sure. Is it fair to say, sir, that the CIA slash you still don’t know if WikiLeaks has the gold repository?

THE COURT: Rebecca, could you read the question back, please. (The record was read)

A. I believe that represents the last conversation I had on what is called the gold repository.

Q. So I’m correct.

A. Yes.

Q. CIA still doesn’t know?

A. I don’t know that, ma’am. I don’t work there anymore.

Q. You know what the WikiLeaks task force report is?

A. Yes, I do.

Q. Could you pull that up for this gentleman, please. Are you happier with a paper copy or the screen?

A. We can do this.

Q. Could we just go to page 45. Could you just focus on the actual text. You see that line, “However we now assess with moderate confidence”?

A. Yes.

Q. Right. “Moderate confidence that WikiLeaks does not possess the gold folder,” correct?

A. Correct.

This is clearly testimony prosecutor David Denton did not want to come in.

That moderate confidence judgment appears to be based on Leedom’s analysis of what privileges Schulte himself had.

Q. You see there a folder at the bottom, “source code and binary gold copies”?

A. Yes.

Q. What are those?

A. These are the delivered completed tools from the work at EDG.

[snip]

Q: Would the defendant have been able to copy the gold source folders?

A: No, he would not have had access to it with his DevLAN account.

But given Schulte’s own behavior, it’s not clear this analysis can rule out the possibility Schulte took the gold repository.

One of the last events in Schulte’s never-ending escalation of grievances came when he sent an email on June 28, 2016 to Meroe Park, the CIA Executive Director (the #3 ranking official at CIA), Andrew Hallmen, who was then the Director of the Directorate of Digital Innovation (and just got ousted as Deputy Director of National Intelligence in the purge of ODNI last week), and Sean Roche, the Deputy Director of DDI. This came in the wake of Schulte first obtaining privileges to his old project, Brutal Kangaroo, and then booting all the other developers off it. In response to the email, as laid in Roche’s testimony, Roche first responded immediately via email and then had a meeting with Schulte on June 30, 2016. In the meeting with the senior most official Schulte met with, he insinuated he still might get his administrator privileges back.

Q. What did you mean when you say you asked him about permissions?

A. On the system that he was working on, an agency network, his — he had — his permissions had been changed, and when his management explained to him, he went back in and changed his permissions back to get access again, and they had issued a letter of warning to him explaining how serious that was and that that behavior is not acceptable.

Q. Why was that something you discussed with him?

A. Because of how serious the nature of that is. Activity on any system that holds agency data, agency tools, things that we call sources and methods, is — is — it is very, very important that we not have a doubt about what people have access to and maintain the integrity and the protection of that information.

Q. What did you discuss with him about his permission changes?

A. I said to him something to the effect of in the post-Edward Snowden era, you don’t do something like that. That’s going to draw attention that you certainly don’t want. It’s really serious, and you cannot be taking that kind of action.

Q. And how did he respond?

A. He talked a little bit about the project that he had been working on and some new work that he had been given, and he was not pleased with it. But at one point, he stopped and he looked at me and said, You know, I could get back on it if I wanted to, something to — that’s not — I won’t say that’s the exact quote, but it’s pretty darn close.

Q. Now, when he said that, did you understand him to be raising a security concern about the network?

A. No. What I, what I realized — it was a striking comment because, to me, it illustrated that after everything that had happened, all the warnings, all of this formal process, that he was determined to undermine the controls on the network.

Brutal Kangaroo is a USB-based tool to exfiltrate from air-gapped machines. Schulte unsuccessfully attempted to delete the copy of Brutal Kangaroo he had worked on at home on April 28, 2016. But he regained access at CIA in June. He also had worked on serious obfuscation tools.

Given the state of the CIA networks, it’s not impossible that Schulte made good on that threat using tools built by the CIA to make it difficult for the CIA to discover if it happened.

Not long after, in August 2016, according to warrant affidavits the substance of which have not yet been entered into evidence at the trial (they’re likely to come in early this week via an FBI Agent laying out the evidence of the rest of the charges, including obstruction and lies in FBI interviews as well as the MCC charges), Schulte started getting really interested in WikiLeaks and Shadow Brokers and Edward Snowden.

Schulte stuck around months after he allegedly first stole data from the CIA, and he threatened a very senior official that he might regain access that would allow him to do so again.

Having access to logs that might suggest that had or had not happened wouldn’t help Bellovin refute the case against him. But it might hide details of still worse compromise that the CIA would like to keep quiet.

I think Schulte can — and will attempt to, on appeal — argue that the forensics behind a hack are a different kind of classified evidence than intelligence itself (that is, information about what the intelligence community knows), both because it is neutral data about potential compromise and because you can’t just substitute a name like you can for other intelligence. In this case, it goes to the heart of a dispute about whether the CIA was really doing what it needed to do to keep these files safe. The evidence doesn’t suggest that Schulte gave a damn about all that; on the contrary, he clearly exploited it. But it’s evidence he can make a claim to need to rebut the Espionage Act charges against him.

But I also wonder whether the CIA refused to grant Bellovin access in this case (who, as I’ve noted, has been trusted by the government in other programmatic ways, including as the technical advisor to PCLOB) not because of any exculpatory evidence they were hiding, but because of inculpatory evidence.

Update: Yikes. The government submitted a scathing “correction” of Bellovin’s declaration.

The Bellovin Affidavit asserts that the log files from the ESXi server produced by the Government in discovery were “demonstrably damaged” as a “result of prior forensic examination.” However, on or about June 14, 2019, in response to the defense’s request, the Government produced unmodified copies in their original format of both log files and unallocated space from the ESXi server.

The Bellovin Affidavit also asserts that the Government only provided “heavily redacted” versions of the Confluence databases, and not “a full copy of the SQL file.” On or about November 5, 2019, the Government provided defense counsel and the defendant’s expert access to a standalone computer at the CCI Office containing, among other things, (1) complete, unredacted copies of the March 2 and 3, 2016 Confluence databases (i.e., a “full copy of the SQL file”) and all of the Confluence data points used by Michael Berger, one of the Government’s expert witnesses, to conduct his timing analysis; (2) complete, unredacted copies of the Stash repositories for the tools for which source code had been released by WikiLeaks; (3) complete, unredacted copies of all Stash documentation released by WikiLeaks; and (4) all commit logs for all projects released by WikiLeaks, redacting only usernames. The Government understands that Dr. Bellovin examined the standalone computer at the CCI Office in December 2019.

It also suggests that Bellovin’s assertion that the Confluence root password would give Michael access to the backups is wrong, but won’t explain why until Bellovin takes the stand.

Finally, the Government does not address Dr. Bellovin’s incorrect assertions regarding Michael’s access to the Altabackups in this letter. Should Dr. Bellovin testify, the Government will cross-examine him regarding, among others, those substantive matters (using information that has already been produced to the defense in discovery). The Government notes, however, that, to assert incorrectly that Michael had access to the Altabackups, Dr. Bellovin relies on information that has been available to him since well before trial, such as the screenshot taken by Michael on April 20, 2016, which was produced by the Government to the defense in December 2018, and data for the Confluence virtual machine, which was produced by the Government to the defense by July 2019, and not on any information disclosed by the Government regarding Michael’s administrative leave status during trial.

Schulte may be yanking Bellovin’s chain on this claim.

image_print