If you didn’t catch the Senate Intelligence Committee hearing on Russian influence on 2016 U.S. election on live stream, you should try to catch a replay online. I missed the first panel but caught the second when University of Michigan Prof. J. Alex Halderman began his testimony with his opening statement.

The same Halderman who questioned the 2016 election could have been hacked based on his expertise.

The same Halderman who hacked a voting machine to play Pac Man.

When asked if it was possible Russia could change votes, Halderman told the SIC that he and a team of students demonstrated they were able to hack DC’s voting system, change votes, and do so undetected in under 48 hours. Conveniently, Fox News interviewed Halderman last September; Halderman explained the DC hack demonstration at that time (see embedded video); the interview fit well with Trump’s months-long narrative that the election was ‘rigged’.

If you aren’t at least mildly panicked after watching the second panel’s testimony and reading Halderman’s statement, you’re asleep or dead, or you just plain don’t care about the U.S.’ democratic system.

Contrast and compare this Senate hearing to the House Intelligence Committee’s hearing with former DHS Secretary Jeh Johnson as a witness. Johnson sent out numerous messages last year expressing his concerns about election integrity, but after listening to the second Senate panel, Johnson should have been hair-on-fire (it’s figure of speech, go with it). But the Obama administration erred out of some twisted sense of heightened sensibility about appropriateness (which would have been better suited to its policies on drone use and domestic surveillance). The excess of caution feels more like foot dragging when viewed through the lens of time and Johnson’s testimony.

Early in the hearing, Johnson as well as DHS witnesses Jeanette Manfra and Samuel Liles said there was no evidence votes were changed. It’s important to note, though, that Johnson later clarifies in a round about way there was no way to be certain of hacking at that time (about 1:36:00-1:41:00 in hearing). I find it incredibly annoying Johnson didn’t simply defer to information security experts about the possibility there may never be evidence even if there were hacks; it’s simply not within in his skill set or experience then or now to say with absolute certainty based on forensic audit there was no evidence of votes changed. Gathering that evidence never happened because federal and state laws do not provide adequately for standardized full forensic audits before, during, or after an election.

Halderman’s SIC testimony today, in contrast, makes it clear our election system was highly vulnerable in many different ways last November.

Based on the additional testimony of a representative of National Association of State Election Directors, the President-Elect of National Association of Secretaries of State (NASS) & Secretary of State, Executive Director of Illinois State Board of Elections Illinois — whose combined testimony revealed lapses in communication between federal, state, and local government combined with gaps in information security education — the election system remains as vulnerable today as it was last autumn.

Nothing in either of these two hearings changed the fact we’ve been penetrated somewhere between 21 and 39 times. Was it good for you?

The Oversight Committee had a hearing on WannaCry last week. I won’t have time to watch the hearing for a few days, but I did read the testimony with some alarm. That’s because two of the four witnesses appear to have misstated one detail about the attack.

First, Symantec CTO Hugh Thompson suggested that the spread of the ransomware was due to Microsoft not releasing a patch for XP when it had released EternalBlue patches for other systems in March.

WannaCry spread to unpatched computers. Microsoft released a patch for the SMB vulnerability for Windows 7 and newer operating systems in March, but unpatched systems and systems running XP or older operating systems were unprotected. After the WannaCry outbreak began, Microsoft released a patch for XP and earlier platforms. Four days after the initial outbreak these patches were widely applied and new infections slowed to a trickle.

The implication here is that the ransomware primarily affected XP, and only because there hadn’t been a patch available.

Retired General Touhill suggested this outdated system was actually Windows 95 — and claimed that Microsoft had released that patch in March, along with the supported system patches.

Systems using unpatched versions of the Windows 95 operating system have been highlighted as exemplar victims of the Wannacry attack. Microsoft who, after a long and very public notification process, discontinued support to the Windows 95 operating system in 2014, about 19 years after its initial release. However, in light of the warnings and their own research, in March of this year Microsoft issued a rare emergency patch to Windows 95, nearly three years after they had discontinued support of the software. Despite these extraordinary actions, many organizations still did not heed the warnings and properly patch and configure their systems. As a result, they fell victim to Wannacry.

In fact, XP (to say nothing of Windows 95) was not the problem. Windows 7 was. Kaspersky Lab (which Congress has spent time of late demonizing as potential Russian spies) first pointed this out on May 19.

Chief among the revelations: more than 97 percent of infections hit computers running Windows 7, according to attacks seen by antivirus provider Kaspersky Lab. By contrast, infected Windows XP machines were practically non-existent, and those XP PCs that were compromised were likely manually infected by their owners for testing purposes. That’s according to Costin Raiu, director of Kaspersky Lab’s Global Research and Analysis Team, who spoke to Ars.

While the estimates are based only on computers that run Kaspersky software, as opposed to all computers on the Internet, there’s little question Windows 7 was overwhelmingly affected by WCry, which is also known as “WannaCry” and “WannaCrypt.” Security ratings firm BitSight found that 67 percent of infections hit Windows 7, Reuters reported.

The figures challenge the widely repeated perception that the outbreak was largely the result of end users who continued to deploy Windows XP, a Windows version Microsoft decommissioned three years ago. In fact, researchers now say, XP was largely untouched by last week’s worm because PCs crashed before WCry could take hold. Instead, it now appears, the leading contributor to the virally spreading infection were Windows 7 machines that hadn’t installed a critical security patch Microsoft issued in March

Days later Sophos confirmed that analysis.

Though the lack of patching and exposure of port 445 were easily identified problems, the reasons why Windows 7 was an easier target than XP remain somewhat clouded.

During testing, SophosLabs found that XP wasn’t the effective conduit for infection via the EternalBlue SMB exploit that many thought it was, while Windows 7 was easily infected. The research showed that WannaCry ransomware can affect XP computers – but not via the SMB worm mechanism, which was the major propagation vector for WannaCry.

[snip]

Various security companies arrived at a similar conclusion, putting the infection rate among Windows 7 computers at between 65% and 95%. SophosLabs puts that number even higher: our analysis of endpoint data for the three days that followed the outbreak shows that Windows 7 accounted for nearly 98% of infected computers.

It’s still a question of whether a victim patched their computer or not, but Microsoft did make a patch available for Windows 7 along with other supported systems. Though, as Sophos notes, unless users were paying extra for support, they might not have noticed the patch was there.

Microsoft had addressed the issue in its MS17-010 bulletin in March, but companies using older, no-longer-supported versions of the operating system wouldn’t have seen it unless they were signed up for custom support, ie Microsoft’s special extended – and paid-for – support.

That suggests one problem with the patching wasn’t the timeliness, but the secrecy. But, Congress might not learn that detail given the testimony they got last week.

Three days after the attack started, Homeland Security Czar Tom Bossert was still claiming WannaCry was spread via phishing. Now Congress is getting other debunked reporting.

We might respond better to these threats if the government was getting information that was at least as accurate as that information available to lowly hippie bloggers.

Yesterday, former Homeland Security Secretary Jeh Johnson spent 90 minutes meeting with the Senate Intelligence Committee’s Russian investigators.

Today, Bloomberg reports that Russian probes of election-related targets was far more extensive than previously reported, reaching into 39 states. It relies on three unnamed sources for the story, either including, or in addition to, at least one former senior US official.

In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said.

[snip]

Another former senior U.S. official, who asked for anonymity to discuss the classified U.S. probe into pre-election hacking, said a more likely explanation is that several months of hacking failed to give the attackers the access they needed to master America’s disparate voting systems spread across more than 7,000 local jurisdictions.

[snip]

One former senior U.S. official expressed concern that the Russians now have three years to build on their knowledge of U.S. voting systems before the next presidential election, and there is every reason to believe they will use what they have learned in future attacks. [my emphasis]

The report also uses the document allegedly leaked by Reality Winner as corroboration and confirmation of one of the companies targeted, rather curiously included as a parenthetical comment.

(An NSA document reportedly leaked by Reality Winner, the 25-year-old government contract worker arrested last week, identifies the Florida contractor as VR Systems, which makes an electronic voter identification system used by poll workers.)

The Bloomberg story is critically important, as it should provide pressure on the Republicans for real protections for voting systems, even if they’ll probably ignore that pressure. It provides far more details than the Winner document did. That said, much of this information might come out formally in Jeh Johnson testimony before the House Intelligence Committee.

I raise all this to note that the treatment of Bloomberg’s sources will be dramatically different than that of Winner. I’d bet there won’t even be a referral for this story, especially if it relies on (as is likely) information shared by people protected by the speech and debate clause and/or people who might have been original classification authorities (OCAs — the people who get to decide whether something is classified or not) for this information in the past.

Perhaps that is as it should be. Perhaps our democracy has unofficially agreed that OCAs and congressional staffers should serve as kind of a relief valve, the place where classified information may be leaked without criminal penalty. Perhaps we believe those kinds of people have a better read on whether the interests of leaking outweigh the sensitivity of an issue. Though obviously, when OCAs like David Petraeus become impossible to punish (or former SSCI staff director Bill Duhnke, who was the FBI’s primary suspect for the Merlin leak, but who was protected by the Senate’s refusal to cooperate), that creates a profoundly unequal system of justice. Reality Winner can be prosecuted even while people leaking similar — perhaps even more sensitive — information within weeks might not even be investigated.

To be clear, I don’t want Bloomberg’s sources to be investigated. But we need to acknowledge the double standards for leakers in this country.

Mr. EW doesn’t follow my work all that closely. He’s most apt to read something I wrote if it gets cited in TechDirt, a fact that occasionally makes me fantasize about getting Mike Masnick to publish secret messages about fixing leaky toilets or broken screen doors.

So I was pretty interested in Mr. EW’s take on the Reality Winner story. He believes, as many people do, that Winner was caught using the printer dot technology that Rob Graham laid out here.

I don’t doubt that the FBI or NSA used the printer dot technology to confirm that they had gotten the right person before they charged Winner. But it’s not mentioned at all in DOJ’s narrative of how they caught Winner (who, remember, pled not guilty even though she confessed to the FBI). They cite the following steps (search warrant affidavit, complaint affidavit):

1. May 30: The Intercept contacts NSA and provides a copy of the document. NSA confirms for itself that it is real and classified.
2. June 1: NSA makes a leak referral to the FBI.
3. Undated:
   1. NSA notes that the document has been folded, suggested it was printed off.
   2. NSA checks who has accessed and printed the document.
   3. NSA checks the work computers of the six people who have printed the document, including Winner.
   4. NSA finds a direct email, from March, from Winner’s work computer to The Intercept using her personal Gmail account pertaining to TI’s podcast.
4. June 1: For the second time, The Intercept contacts a contractor to validate the document (he or she had told them it was fake on May 24), telling the contractor that the NSA has confirmed its authenticity. The contractor provided a document number to The Intercept, and on the same day, the contractor informed the NSA about the May 24 and June 1 interactions, probably also passing on the detail that the document had been sent from Augusta, GA.
5. June 2: FBI verifies Winner’s residence for a search warrant.
6. June 3: FBI interviews Winner, who admits to “removing the classified intelligence reporting from her office space, retaining it, and mailing it from Augusta, Georgia.”

Winner was arrested on June 3; her arrest was unsealed on June 5, just after The Intercept published the document.

On June 5, Graham posted a piece explaining how the hidden dots on the hard copy of the document would have told NSA that the document had been printed out on May 9, making it even easier for the NSA to pinpoint who had printed out the document.

The document leaked by the Intercept was from a printer with model number 54, serial number 29535218. The document was printed on May 9, 2017 at 6:20. The NSA almost certainly has a record of who used the printer at that time.

As I explained to Mr. EW last night, nothing in the official record says the NSA used this hidden dot technology in its hunt for the leaker. I explained that while my friends started talking about the hidden dots almost immediately, there was nothing in the public record about it.

Clearly, the government didn’t exactly want that (and no doubt a number of other investigative methods, presumably including at a minimum checks on the non-government computer communications of the six people who printed out the document, and potentially also a check of postal records) detail to become public.

Yet, as a result of the reporting on this, people like Mr. EW not only know about the dot technology, but believe it was the key factor in identifying Winner. If they follow Rob Graham closely, they’ll also know that (in response to my question) another presumed leaker to The Intercept had managed to pass on a printed (and frankly far more important leaked) document — FBI’s Domestic Investigations and Operations Guide — without including the telltale dots (I told Mr. EW about the follow-up but he’s more likely to read it if TechDirt links so…) So they would have learned that the dots are an operational security issue, but there are as yet unknown ways to mitigate that problem.

As I’ve stated several times, while the document Winner leaked to The Intercept provides new details about Russian attempts to hack the election, it simply adds to the widely known narrative already in the public (though the redacted details would no doubt be even more interesting). The secret dots though! — that was news to most people (including me).

Which secret do you think the government is most grumpy about having been made public?

Jim Comey made a comment in his testimony the other day I’ve not seen others mention. Mark Warner asked him to explain this comment on patronage from his written testimony.

The President began by asking me whether I wanted to stay on as FBI Director, which I found strange because he had already told me twice in earlier conversations that he hoped I would stay, and I had assured him that I intended to. He said that lots of people wanted my job and, given the abuse I had taken during the previous year, he would understand if I wanted to walk away.

My instincts told me that the one-on-one setting, and the pretense that this was our first discussion about my position, meant the dinner was, at least in part, an effort to have me ask for my job and create some sort of patronage relationship. That concerned me greatly, given the FBI’s traditionally independent status in the executive branch.

I replied that I loved my work and intended to stay and serve out my ten-year term as Director. And then, because the set-up made me uneasy, I added that I was not “reliable” in the way politicians use that word, but he could always count on me to tell him the truth. I added that I was not on anybody’s side politically and could not be counted on in the traditional political sense, a stance I said was in his best interest as the President. A few moments later, the President said, “I need loyalty, I expect loyalty.”

When Warner asked Comey to explain this comment at Thursday’s hearing, Comey explained he thought that Trump was belatedly trying to get something from Comey in exchange for letting him stay on his job.

WARNER: Let me move to the January 27th dinner, where you said “The president began by asking me whether I wanted to stay on as FBI director.”

He also indicated that “lots of people” again your words, “Wanted the job.” You go on to say the dinner itself was “Seemingly an effort to” to quote have you ask him for your job and create some “patronage” relationship. The president seems from my reading of your memo to be holding your job or your possibility of continuing your job over your head in a fairly direct way. What was your impression, and what did you mean by this notion of a patronage relationship?

COMEY: Well, my impression, and again it’s my impression, I could always be wrong but my common sense told me what was going on is, either he had concluded or someone had told him that you didn’t, you’ve already asked Comey to stay, and you didn’t get anything for it. And that the dinner was an effort to build a relationship, in fact, he asked specifically, of loyalty in the context of asking me to stay. As I said, what was odd about that is we’d already talked twice about it by that point and he said I very much hope you’ll stay. In fact, I just remembered sitting a third, when you’ve seen the. IC tour of me walking across the blue room, and what the president whispered in my ear was “I really look forward to working with you.” So after those encounters —

WARNER: That was a few days before your firing.

COMEY: On the Sunday after the inauguration. The next Friday I have dinner and the president begins by wanting to talk about my job and so I’m sitting there thinking wait a minute three times we’ve already, you’ve already asked me to stay or talked about me staying. My common sense, again I could be wrong but my common sense told me what’s going on here is, he’s looking to get something in exchange for granting my request to stay in the job. [my emphasis]

Comey explained that — after already having been assured three times that he would remain in his position — Trump raised the issue anew in a private dinner. Comey didn’t say this, but this happened the day after Sally Yates first told White House Counsel Don McGahn that Mike Flynn had misrepresented his comments to Sergey Kislyak. And in that dinner, Trump implied that if Comey wanted to stay in the job he’d been offered three times already, he had to give Trump loyalty.

What I’m especially interested in is what Comey believed elicited this: Comey figured that “either [Trump] had concluded or someone [else] had told [Trump] that you didn’t, you’ve already asked Comey to stay, and you didn’t get anything for it” which is what led Trump to invite Trump for dinner.

Given the timing, it would be interesting all by itself if Trump had decided on his own to get some kind of commitment from Comey in order to keep his job, because it would make it far more likely that McGahn told Trump about Yates’ concerns.

But Comey testified that he thought that perhaps someone else went to Trump and suggested he should go back to Comey and try to demand loyalty to keep his job.

Who?

Does Comey think Mike Flynn did this? Don McGahn (which would be downright shocking)? Or did he think that one of the two people who lingered at the next weird meeting alone with Trump — Attorney General Sessions or Son-in-Law-in-Chief Jared Kushner — made the suggestion?

He didn’t say. But I find the suggestion that Comey believes someone may have — at the same time as DOJ was telling the White House that Mike Flynn was in trouble — encouraged Trump to go make demands from Comey.

Back on June 1, I asked why Shadow Brokers had picked a new cryptocurrency to not make a profit with rather than Bitcoin. For its new leak of the month club, it started by asking for payment in Zcash, a currency with better privacy features. I speculated three possibilities:

First, currencies have been bouncing around in response to some of this stuff. So it’s possible this is an attempt to flood the market.

Certainly, too, the invocation of DARPA seems about increasing distrust, just as SB did in its efforts to increase the distrust between Microsoft and the government.

More interestingly, though, perhaps this is SB’s way of adding to the risk to NSA of any releases. While some people believe NSA has already disclosed all the vulnerabilities it believes SB to have (indeed, SB’s last post suggested as much as well), if there’s any doubt about that, by using a more secretive currency, it will add the risk to NSA of not knowing who has anything SB sells.

My first suggestion wasn’t very coherent: I meant it was possible SB’s backers were trying to drive up the value of one currency versus the other.

After I wrote that first post, SB decided to add Monero to its currencies of choice — though the way in which SB asked for payment here was even more fucked up than normal (if you’re assuming the goal is to actually obtain anonymous payment). As has been explained to me, the way SB asked for funds would leave the payment ID visible to the blockchain.

In any case, given that SB has now used three different currencies, all in ways that seem designed not to make any money, I find it very interesting that Vladimir Putin was sidling up to the founder of yet another cryptocurrency this week, talking about adopting it as a national model.

Putin met Ethereum founder Vitalik Buterin on the sidelines of the St. Petersburg Economic Forum last week and supported his plans to build contacts with local partners to implement blockchain technology in Russia, according to a statement on Kremlin’s website.

“The digital economy isn’t a separate industry, it’s essentially the foundation for creating brand new business models,” Putin said at the event, discussing means to boost growth long-term after Russia ended its worst recession in two decades.

Virtual currencies could help the economy by making transactions happen more quickly and safely online.

[snip]

Russia’s central bank has already deployed an Ethereum-based blockchain as a pilot project to process online payments and verify customer data with lenders including Sberbank PJSC, Deputy Governor Olga Skorobogatova said at the St. Petersburg event. She didn’t rule out using Ethereum technologies for the development of a national virtual currency for Russia down the road.

VEB, the bank that was cozying up to Jared Kushner, has also apparently integrated Ethereum into its business model.

Remember, too, SB hasn’t necessarily promised exploits. They’ve also suggested they might release more details on NSA’s hacking of SWIFT-related facilities, a financial regime that has been used to pressure Russia.

Along with all the other functions that SB seems to serve, is one of them about degrading potential competitor currencies?

As part of his testimony today, Jim Comey revealed he gave some or all of the nine memos he wrote documenting his interactions with President Trump to a friend, since confirmed to be Columbia Professor Dan Richman, who in turn shared one with the press.

COLLINS: Finally, did you show copies of your memos to anyone outside of the department of justice?

COMEY: Yes.

COLLINS: And to whom did you show copies?

COMEY: I asked — the president tweeted on Friday after I got fired that I better hope there’s not tapes. I woke up in the middle of the night on Monday night because it didn’t dawn on me originally, that there might be corroboration for our conversation. There might a tape. My judgement was, I need to get that out into the public square. I asked a friend of mine to share the content of the memo with a reporter. Didn’t do it myself for a variety of reasons. I asked him to because I thought that might prompt the appointment of a special counsel. I asked a close friend to do it.

COLLINS: Was that Mr. Wittes?

COMEY: No.

COLLINS: Who was it?

COMEY: A close friend who is a professor at Columbia law school.

The fact that Comey released the memo through Richman formed part of Trump lawyer Marc Kasowitz’s pushback after the hearing.

Of course, the Office of the President is entitled to expect loyalty from those who are serving in an administration, and, from before this President took office to this day, it is overwhelmingly clear that there have been and continue to be those in government who are actively attempting to undermine this administration with selective and illegal leaks of classified information and privileged communications. Mr. Comey has now admitted that he is one of the leakers.

Today, Mr. Comey admitted that he unilaterally and surreptitiously made unauthorized disclosures to the press of privileged communications with the President. The leaks of this privileged information began no later than March 2017 when friends of Mr. Comey have stated he disclosed to them the conversations he had with the President during their January 27, 2017 dinner and February 14, 2017 White House meeting. Today, Mr. Comey admitted that he leaked to his friends his purported memos of these privileged conversations, one of which he testified was classified. He also testified that immediately after he was terminated he authorized his friends to leak the contents of these memos to the press in order to “prompt the appointment of a special counsel.” Although Mr. Comey testified he only leaked the memos in response to a tweet, the public record reveals that the New York Times was quoting from these memos the day before the referenced tweet, which belies Mr. Comey’s excuse for this unauthorized disclosure of privileged information and appears to [sic] entirely retaliatory.

Kasowitz gets a lot wrong here. Comey said one memo was classified, but that’s the memo that memorialized the January 6 meeting, not the ones described here. And the NYT has already corrected the claim that the shared memos preceded the tweet.

And, as a number of people (including Steve Vladeck) have noted, even if this information were covered by executive privilege, even if that privilege weren’t waived with Trump’s tweet, it’s not a crime to leak privileged information.

Nevertheless, Kasowitz’ focus on purportedly privileged documents is all the more interesting given the pathetic conduct of Director of National Intelligence Dan Coats and NSA Director Mike Rogers at yesterday’s 702 hearing. After a great deal of obfuscation from both men about why they couldn’t answer questions about Trump’s request they intervene in the FBI’s Mike Flynn investigation, Angus King finally got Rogers to admit that he and Coats never got a conclusive answer about whether the White House was invoking privilege.

King: I think you testified, Admiral Rogers, that you did discuss today’s testimony with someone in the White House?

Rogers: I said I asked did the White House intend to invoke executive privilege with respect to interactions between myself and the President of the United States.

King: And what was the answer to that question?

Rogers: To be honest I didn’t get a definitive answer. Both myself and the DNI are still talking–

King: So then I’ll ask both of you the same question. Why are you not answering these questions? Is there an invocation by the President of the United States of executive privilege? Is there or not?

Rogers: Not that I’m aware of.

King: Then why are you not answering the question?

Rogers: Because I feel it is inappropriate, Senator.

King: What you feel isn’t relevant Admiral. What you feel isn’t the answer. The question is why are you not answering the questions. Is it an invocation of executive privilege? If there is, then let’s know about it, and if there isn’t answer the questions.

Rogers: I stand by the comments I’ve made. I’m not interested in repeating myself, Sir. And I don’t mean that in a contentious way.

King: Well I do mean it in a contentious way. I don’t understand why you’re not answering our questions. When you were confirmed before the Armed Services Committee you took an oath, do you solemnly swear to give the committee the truth, the full truth and nothing but the truth. You answered yes to that.

Rogers: I do. And I’ve also answered that those conversations were classified. It is not appropriate in an open forum to discuss those classified conversations.

King: What is classified about a conversation about whether or not you should intervene in the FBI investigation?

Rogers: Sir I stand by my previous comments.

King: Mr. Coats? Same series of questions. What’s the basis for your refusal to answer these questions today?

Coats: The basis is what I’ve previously explained, I do not believe it is appropriate for me to–

King: What’s the basis? I’m not satisfied with I do not believe it is appropriate or I do not feel I should answer. I want to understand a legal basis. You swore that oath to tell us the truth, the whole truth, and nothing but the truth, and today you are refusing to do so. What is the legal basis for your refusal to testify to this committee?

Coats: I’m not sure I have a legal basis.

In other words, these men admit they had no legal basis (they’re not classified, no matter what Rogers claimed) to dodge the Committee’s question. But nevertheless they’re invoking things like their feelings to avoid testifying.

Clearly, the White House is playing a game here, invoking loyalty rather than law to compel silence from its top officials.

Kasowitz’ claims are, on their face, bogus. But taken in conjunction with the dodges from Coats and Rogers, they’re all the more problematic.

Here’s another detail from Jim Comey’s testimony that deserves more attention. On February 14, the day that President Trump asked Comey to drop the investigation into Mike Flynn, Comey and his aides expected Jeff Sessions to recuse himself from the investigation.

We also concluded that, given that it was a one-on-one conversation, there was nothing available to corroborate my account. We concluded it made little sense to report it to Attorney General Sessions, who we expected would likely recuse himself from involvement in Russia-related investigations. (He did so two weeks later.) [my emphasis]

Obviously, Sessions should have recused in any case, since he was involved in the campaign. But Comey specifically framed this as “Russia-related investigations,” not Trump investigations generally. Comey doesn’t say why the top people at FBI believed he would recuse, but by this point, the FBI would have pulled all intercepts involving Sergey Kislyak, so would have discovered ones reflecting conversations with Sessions.

In any case, to have that belief, the FBI presumably had already talked to Sessions about his conflicts with the Russian investigation.

That’s consistent with something Sessions said in his recusal statement. He describes the recusal process as a several week series of meetings.

During the course of the last several weeks, I have met with the relevant senior career Department officials to discuss whether I should recuse myself from any matters arising from the campaigns for President of the United States.

Having concluded those meetings today, I have decided to recuse myself from any existing or future investigations of any matters related in any way to the campaigns for President of the United States.

Yet it took two more weeks (actually, 16 days) for Sessions to recuse, which suggests he didn’t do it just for the election-related reasons, and didn’t do it when FBI first talked to him about it. He only did it once the leaks about his ties to Kislyak came out.

Given Trump’s reported continued rage at Sessions for recusing — so much so he’s considering firing him (do it!!!) — I find that very significant. It makes it more likely that Sessions and Trump spoke about a potential recusal in the interim weeks, and more likely that Trump thought he had a plan in place to kill any investigation that Sessions recusal killed.

I’m still working my way through the Jim Comey testimony. But I’m frankly shocked by this detail: In Comey’s description of the February 14 Oval Office meeting — after which Trump addressed Comey privately about Mike Flynn’s recent firing — he includes this paragraph.

The President signaled the end of the briefing by thanking the group and
telling them all that he wanted to speak to me alone. I stayed in my chair. As the
participants started to leave the Oval Office, the Attorney General lingered by my
chair, but the President thanked him and said he wanted to speak only with me.
The last person to leave was Jared Kushner, who also stood by my chair and
exchanged pleasantries with me. The President then excused him, saying he
wanted to speak with me.

That is, right before Trump started buttering Comey up about the Mike Flynn investigation, both Jeff Sessions and Jared Kushner lurked around. Notably, Comey describes Kushner “exchang[ing] pleasantries” with Comey, perhaps trying to butter him up.

I’ve written before about the Comey-Kushner connection. Apparently I wasn’t the only one to note how creepy Kushner is.

In very close succession today, the Intercept published a story on Russia’s efforts to hack election-related officials and the government arrested the apparent source for that story, a woman named Reality Winner.

The story — which reports GRU attempted to phish some officials — is most interesting for the dates included in the leaked document accompanying the story. The document — dated May 5 but covering events from last fall — describes phishing attempts starting as early as a month before the election up to October 31 or November 1.

That latest date (on a report published six months later) is interesting because we know President Obama used the cyber “red phone” to contact Vladimir Putin on October 31, for the first time in his presidency, to complain about election-related hacking. The dates here at least suggest that there were no more phishing attempts initiated after that call.

Of course, now Russia knows more details about how granularly, and on what schedule, NSA might learn such details.

The other big part of this incident, however, is the revelation that contractors well outside the known entities (like Booz Allen Hamilton) have access to FISA information — as indicated by the classification stamp — and that even people without a need to know that information can access it.

This leak was discovered because another of Intercept’s sources alerted the NSA. But had that not happened (or had the Intercept not showed the NSA a folded document), then it’s not clear this would have been discovered.

I get why we need to disseminate such information widely. But even if this information merely reports on stuff that had already been reported (to the WaPo, long ago), it nevertheless is testament to the degree to which adding contractors adds the likelihood of leaks.

Or let’s put it this way: we’re sharing FISA information with contractors who don’t have a need to know. But we’re not sharing it with defendants whose freedom depends on contesting it. Maybe those priorities are screwy?