Adam Schiff Archives - Page 9 of 12

Posts

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Jack Goldsmith and Susan Hennessey Run Cover for Those Giving Jeff Sessions Unreviewable Authority to Criminalize Dissent

January 18, 2018/34 Comments/in FISA /by emptywheel

I’m used to Susan Hennessey partnering with Ben Wittes to write apologies for NSA and FBI that ignore known facts. I’m a bit surprised that Jack Goldsmith did so in this defense of Democrats — like Adam Schiff and Nancy Pelosi and nineteen Democratic Senators — who have voted to give Jeff Sessions unreviewable authority to criminalize dissent using certain privacy tools.

NSA did not fix “abouts” problems before the issues became public

There are numerous problems with this post. The one that irks me the most, however, is the claim that the “system itself” identified and addressed problems with “abouts” collection before they became public.

We acknowledge that the program has raised hard legal questions as well as difficult compliance issues, primarily involving “abouts” collection. But these problems were identified by the system itself, long before the issues became public, and the practices were fixed or terminated.

This claim, one I’ve corrected Hennessey for on numerous occasions on Twitter, is false, and should be retracted.

I say that with great confidence, because I wrote about the problems on August 11, 2016, well before NSA failed to disclose the full extent of the problems in an October 4, 2016 hearing, which led the worst FISC judge ever, Rosemary Collyer, to complain about NSA’s institutional “lack of candor.”

At the October 26, 2016 hearing, the Court ascribed the government’s failure to disclose those IG and OCO reviews at the October 4, 2016 hearing to an institutional “lack of candor” on NSA’s part and emphasized that “this is a very serious Fourth Amendment issue.”

As a reminder, the problem (the FISC has) with “abouts” collection is not so much that it collected entirely domestic communications — that’s the complaint of the rest of us. It’s that NSA never ever complied with John Bates’ 2011 requirement that NSA not conduct back door searches on upstream collection, because it might result in searches of those entirely domestic communications. In my August 2016 post, I noted that reviewers kept discovering that NSA continued to do back door searches on upstream data in violation of that prohibition, and kept refusing to implement technical fixes to avoid them.

I also raised concerns about the oversight of 704/705(b), which is how the NSA first realized how badly non-compliant their upstream searches were, on May 13, 2016, That’s about when NSA first reported to DOJ “in May and June 2016” that “approximately eighty-five percent of” queries using a tool the NSA employs with 704/705b queries “were not compliant with the applicable minimization procedures.”

I’ll grant that I’m remarkably attentive to documents that get declassified years after the fact. But I’m nevertheless “the public.” If I’m identifying these problems — and NSA’s refusal to make the technical fixes to avoid them — before they get fully briefed to DOJ or FISC, then it is absolutely false to claim that “the system” fixed or terminated the problem long before they became public.

Again, Lawfare should issue a retraction for that claim.

Update, January 19: On Twitter yesterday, Hennessey claimed I misread this quote, and that her proof that the system works was that the NSA had gotten away with ignoring Bates’ orders for five years, but finally shut it down before the public learned that NSA had been ignoring FISC’s orders.

This is still factually false — as I responded to her, the NSA was still identifying problems for eight months after I wrote about the problems, even assuming it had found all of them by April 2017, which was the last declassified reporting on it. But her explanation actually makes the comment downright damning for the NSA. It suggests a lawyer who was at NSA during the period it was not in compliance believes that getting away with violating the Fourth Amendment for five years, but fixing it before documents released on a three year delay (and only because of Snowden) is a sign of a law-abiding agency.

A portrait of a guy who doesn’t know key details as a rigorous overseer

The fact that I was harping on the “abouts” problems before any overseers of the program managed to fully investigate and fix them by itself disproves the claims that Hennessey and Goldsmith make in their hagiography of Adam Schiff.

He is the ranking Democrat on the House intelligence committee and one of the most knowledgeable and informed members of Congress on intelligence matters. Schiff has not hesitated to be critical of intelligence community practices when he sees fit. He has watched the 702 program up close over many years in classified settings in his oversight role. He knows well its virtues and its warts. We suppose it is possible that Schiff would vote to give the president, whose integrity he so obviously worries about, vast powers to spy on Americans in an abusive way. Given everything Schiff has publicly said and done over the last year, however, a much more plausible inference is that he knows not only how valuable the 702 program is but also how law-constrained and carefully controlled and monitored it is.

Plus, I’m not sure why they think that Schiff’s attempt to fix the Section 215 phone dragnet only after Edward Snowden made it public proves that Schiff “never hesitated to be critical of intelligence community practices.” On the contrary, it proves that he did hesitate to do so before excessive programs became public.

The distinction is utterly critical given something I’ve pointed out about this bill. The bill itself is an admission that the intelligence community is out of control, and that congressional overseers can’t get information they need to adequately oversee the program without demanding it in legislation. That’s because it requires the IC to provide information on two practices that Congress cannot be deemed competent to legislate on without having answers about first.

For example, the bill requires an IG Report on how FBI queries raw data.

(b) MATTERS INCLUDED.—The report under subsection (a) shall include, at a minimum, an assessment of the following:

(1) The interpretations by the Federal Bureau of Investigation and the National Security Division of the Department of Justice, respectively, relating to the querying procedures adopted under subsection (f) of section 702 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1881a(f)), as added by section 101.

[snip]

(6) The scope of access by the criminal division of the Federal Bureau of Investigation to information obtained pursuant to the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.), including with respect to information acquired under subsection (a) of such section 702 based on queries conducted by the criminal division.

(7) The frequency and nature of the reviews conducted by the National Security Division of the Department of Justice and the Office of the Director of National Intelligence relating to the compliance by the Federal Bureau of Investigation with such querying procedures.

I have explained (and I know Hennessey regards this as a problem too) that since 2012, FBI has devolved its access to raw 702 data to field offices. The FBI already conducted far, far less oversight of the back door searches it conducts than NSA does. But because the DOJ/DNI 702 review teams visit only a fraction of the FBI field offices with each review, and because FBI’s querying system doesn’t collect enough information to do oversight remotely, it is possible that the offices that are least familiar with 702 requirements are — for the smaller number of 702 queries they conduct — getting the least oversight.

You can’t pass a bill that effectively blesses FBI’s use of back door searches on Americans about whom it has no evidence of any wrongdoing, while admitting you don’t know how FBI conducts those back door searches, and make any claim to conduct adequate oversight. Rather, the bill permits FBI to continue practices it has stubbornly refused to brief Congress on, rather than demanding that FBI brief Congress first, so Congress can impose any restrictions that might be necessary to adequately protect Americans.

The bill also requires a briefing within six months to explain how DOJ complies with FISA’s legally mandated notice requirements (because notice under 702 is treated as notice under 106(c), this covers 702 surveillance as well).

Not later than 180 days after the date of the enactment of this Act, the Attorney General, in consultation with the Director of National Intelligence, shall provide to the Committee on the Judiciary and the Permanent Select Committee on Intelligence of the House of Representatives and the Committee on the Judiciary and the Select 10 Committee on Intelligence of the Senate a briefing with respect to how the Department of Justice interprets the requirements under sections 106(c), 305(d), and 405(c) of the Foreign Intelligence Surveillance Act of 1978 (50 14 U.S.C. 1806(c), 1825(d), and 1845(c)) to notify an aggrieved person under such sections of the use of information obtained or derived from electronic surveillance, physical search, or the use of a pen register or trap and trace device. The briefing shall focus on how the Department interprets the phrase ‘‘obtained or derived from’’ in such sections.

The public treatment of DOJ’s serial, obvious failures to give notice to defendants is a nifty trick. When DOJ fails to give notice, it clearly violates the law, but notice is not included in minimization procedure review, so therefore is not reviewed by the FISC. When surveillance boosters like Hennessey and Goldsmith say there have never been any willful violations of the law, they manage to ignore the notice violations that have allowed some pretty problematic practices to avoid judicial oversight only because by breaking the law DOJ ensures no court will find them to be breaking the law.

Catch 22: Heads legal violations never get reviewed by a court, tails surveillance boosters can claim the surveillance has a clean bill of health.

Again, this is a known, egregious problem with the implementation of 702.

But rather than do the obvious thing as part of what this post dubs “robust democratic deliberation,” which is to demand answers about how notice is (not) given and require DOJ to fix it as part of the bill, the bill instead simply requires DOJ to provide the information that Congress needs to do basic oversight six months after reauthorization, which effectively punts fixing the problem six years down the road.

How many Chinese-American scientists will be improperly prosecuted because FBI is technically inane in those 6 years, because a bunch of California legislators like Nancy Pelosi, Adam Schiff, and Dianne Feinstein chose to punt on basic oversight?

The most egregious example of this, however, involves the government’s obstinate refusal to explain how many US persons are affected by 702. This bill also did not incorporate an HJC proposal requiring a count of how many Americans got referred for criminal prosecution off of 702 collection.

Letting Jeff Sessions criminalize dissent

That refusal — the refusal to even legislatively require the government to report on the impact of 702 surveillance on Americans, via incidental collection and/or criminal referral — brings us to the problem with this bill that opponents are all raising, but about which Hennessey and Goldsmith are inexcusably silent: the codification of giving Jeff Sessions unreviewable authority to determine what counts as a “criminal proceeding [that] affects, involves, or is related to the national security of the United States.”

Here’s how Hennessey and Goldsmith describe the impact of this program on Americans.

As Lawfare readers know, Section 702 authorizes the intelligence community to target the communications of non-U.S. persons located outside the United States for foreign intelligence purposes. It does not permit the intelligence community to target a U.S. person anywhere in the world. But it does permit incidental collection on U.S. persons, subject to strict rules about minimization and use.

Their silence about how the bill doesn’t deal with back door searches is problematic enough.

But they predictably, but problematically, make no mention of the way the bill codifies the use of 702 in domestic law enforcement under the Tor/VPN exception.

As I have laid out, in 2014 FISC created an exception to the rule that NSA must detask from a facility as soon as they learn that Americans are also using that facility. That exception applies to Tor and (though I understand this part even less) VPN servers — basically the kinds of privacy tools that criminals, spies, journalists, and dissidents might use to hide their online activities. NSA has to sort through what they collect on the back end, but along the way, they get to decide to keep any entirely domestic traffic they find has significant foreign intelligence purpose or is evidence of a crime, among other reasons. The bill even codifies 8 enumerated crimes under which they can keep such data. Some of those crimes — child porn and murder — make sense, but others — like transnational crime (including local drug dealers selling imported drugs) and CFAA (with its well-known propensity for abuse) pose more potential for abuse.

But it’s the unreviewable authority for Jeff Sessions bit that is the real problem.

We know, for example, that painting Black Lives Matter as a national security threat is key to the Trump-Sessions effort to criminalize race. We also know that Trump has accused his opponents of treason, all for making critical comments about Trump.

This bill gives Sessions unreviewable authority to decide that a BLM protest organized using or whistleblowing relying on Tor, discovered by collection done in the name of hunting Russian spies, can be referred for prosecution. The fact that the underlying data predicating any prosecution was obtained without a warrant under 702 would — in part because this bill doesn’t add teeth to FISA notice — ensure that courts would never learn the genesis of the prosecution. Even if a court somehow managed to do so, however, it could never deem the domestic surveillance unlawful because the bill gives Jeff Sessions the unreviewable authority to treat dissent as a national security threat.

This is such an obviously bad idea, and it is being supported by people who talk incessantly about the threat that Trump and Sessions present. Yet, rather than addressing the issue head on (which I doubt Hennessey could legally do in any case), they simply remain silent about what is the biggest complaint from privacy activists, that this gives a racist, vindictive Attorney General far more authority than he should have, and does so without fixing the inadequate protections for criminal defendants along the way.

I mean, I get that surveillance boosters who recognize the threat Trump and Sessions pose want to absolve themselves for giving Trump tools that can so obviously be abused.

But this attempt does so precisely by dodging the most obvious reasons for which boosters should be held to account.

Update: Changed post to note that just Trump has accused FBI Agents of treason, not Sessions, and not (yet) journalists.

Update: Here’s the roll call of the 65-34 vote passage of the bill. Democrats who voted in favor are:

Carper
Casey
Cortez Masto
Donnelly
Duckworth
Feinstein
Hassan
Heitkamp
Jones
Klobuchar
Manchin
McCaskill
Nelson
Peters
Reed
Schumer
Shaheen
Stabenow
Warner
Whitehouse

The 702 Capitulations: a Real Measure of the “Deep State”

January 16, 2018/26 Comments/in FISA /by emptywheel

There were two details of the Section 702 reauthorization in the House that deserve more attention, as the Senate prepares for a cloture vote today at 5:30.

First, in the Rules Committee hearing for the bill, Ranking House Judiciary Committee member Jerry Nadler revealed that the FBI stopped engaging with his staffers when the two sides reached a point on negotiations over the bill beyond which they refused to budge.

Effectively, FBI just used the dual HJC/House Intelligence jurisdiction over FISA to avoid engaging in the legislative process, to avoid making any concessions to representatives supposedly overseeing this program.

As a result, the final bill included only a sham warrant requirement — one that will give criminal suspects more protection against warrantless search than it gives people against whom the FBI has no suspicion — and provided an easy way for the NSA to turn “about” collection (which has been the source of repeated NSA violations of FISA over the years) back on.

Then there was the effort Nancy Pelosi made to use the President’s reactive FISA tweet to impose a few more limits on the warrant requirement. In a filibustering speech, she suggested that Trump’s tweet claiming his had been surveilled and abused under the law (in reality, Title I warrants were used during the campaign, but Section 702 has likely been part of the investigation as well) necessitated a motion to recommit instructing HPSCI to boost the protections for Americans.

Pelosi had to have know the motion would fail (it did, with just six of the most libertarian Republicans joining Democrats in support). She counts votes better than anyone.

What the vote was really about was an effort not to fix the real problems with the bill. Nor was it a meaningful effort to add anything but illusory protections to the bill. It was an effort to make a vote in support of the bill more politically palatable. Pelosi (and Adam Schiff, who worked closely with Pelosi on this front) appears to have known that there will be political costs for supporting this bill, perhaps especially in San Francisco where one-fifth of Pelosi’s constituents are Chinese-American, one of the groups most disproportionately affected by the spying program.

She knew she was going to have to vote for the bill, political cost and all, and was trying to use Trump’s tweet to minimize the costs of doing so.

These two events, in my opinion, show how dysfunctional legislation affecting the “Deep State,” the entrenched national security bureaucracy, is. There is a clear political recognition among the Democratic leaders cooperating in passing the bill that the bill goes too far. Probably, they worry about what will happen when we learn how Jeff Sessions will use the unreviewable authority to deem either warrantless back door searches for Americans’ names or retention of Tor and VPN domestic collection a “national security” issue to target Democratic constituencies.

But that recognition was not enough to muster the political will to oppose the bill.

Heads the “Deep State” wins, tails democratic oversight fails.

What HPSCI Wants to Protect in 702: Back Doors, the Tor Exception, and a Dysfunctional FISC

January 10, 2018/5 Comments/in FISA /by emptywheel

The House is revving up to vote on 702 reauthorization, offering either the shitty bill drafted by Devin Nunes, Adam Schiff, and Devin Nunes or the Amash amendment (which is the Wyden-Paul USA Rights bill). As I noted in a piece at The New Republic,

Congress is, in an apparently serious attempt at surveillance reform, about to make it easier for the FBI to spy on those whom it has zero evidence of wrongdoing than those whom it has probable cause to suspect of illegal behavior. This bill would protect a very small subset of suspected criminals—perhaps just one a year, based on reporting from 2016. But it would do nothing to prevent the FBI from reading the communications of any innocent American who is named in a tip.

HPSCI has come out with a one pager making shite up about USA Rights. And I’m interested in three things HPSCI prioritizes:

Ensuring that NSA can order companies to bypass encryption
Sustaining the Tor domestic spying exception
Coddling the dysfunction of the FISA Court

Ensuring that NSA can order companies to bypass encryption

The HPSCI flyer complains that USA Rights,

Significantly limit[s] the Government’s ability to obtain Section 702 information on foreign terrorists by unnecessarily restricting when the Government may ask for technical assistance from electronic communication service providers;

At issue is language in USA Rights that limits government requests for technical assistance to things that are necessary, narrowly tailored, and would not pose an undue burden.

(B) LIMITATIONS.—The Attorney General or the Director of National Intelligence may not request assistance from an electronic communication service provider under subparagraph (A) without demonstrating, to the satisfaction of the Court, that the assistance sought—

(i) is necessary;

(ii) is narrowly tailored to the surveillance at issue; and

(iii) would not pose an undue burden on the electronic communication service provider or its customers who are not an intended target of the surveillance.

It is clear this is Wyden’s effort to prohibit the government from using individual directives (which are not reviewed by the FISA Court) to back door or circumvent a company’s encryption. While the government says it has not yet asked the FISC to force companies to do this (which is different from saying they haven’t asked and gotten companies to willingly do so), it has dodged whether it has asked companies to circumvent their own encryption.

So basically, one of the big things HPSCI thinks is wrong with USA Rights is that it won’t let NSA back door your phone.

Sustaining the Tor domestic spying exception

The HPSCI flyer claims that USA Rights,

Mandat[es] a flat prohibition on the use of Section 702 information in prosecuting dangerous criminals, including murderers and child abusers;

That flips reality on its head. What HPSCI is trying to protect, here, is its carve-out permitting the use of 702 information for anything that,

“Affects, involves, or is related to” the national security of the United States (which will include proceedings used to flip informants on top of whatever terrorism, proliferation, or espionage and hacking crimes that would more directly fall under national security) or involves,

Death

Kidnapping

Serious bodily injury

Specified offense against a minor

Incapacitation or destruction of critical infrastructure (critical infrastructure can include even campgrounds!)

Cybersecurity, including violations of CFAA

Transnational crime, including transnational narcotics trafficking

Human trafficking (which, especially dissociated from transnational crime, is often used as a ploy to prosecute prostitution; the government also includes assisting undocumented migration to be human trafficking)

[snip]

Importantly, the bill does not permit judicial review on whether the determination that something “affects, involves, or is related to” national security. Meaning Attorney General Jeff Sessions could decide tomorrow that it can collect the Tor traffic of BLM or BDS activists, and no judge can rule that’s an inappropriate use of a foreign intelligence program.

As I have noted, the carve out, taken in conjunction with the 2014 exception letting the NSA collect on location obscuring servers (like VPNs and Tor) used by Americans, effectively makes 702 a domestic spying bill (on top of permitting its use for anything else Jeff Sessions claims is related to national security).

In other words, HPSCI doesn’t so much want 702 to spy on the terrorists, spies, and proliferators included in USA Rights: it wants to spy domestically.

Coddling the dysfunction of the FISA Court

Finally, the HPSCI flyer complains that USA Freedom,

Subvert[s] the authority and expediency of the Foreign Intelligence Surveillance Court by requiring an amicus review during every Section 702 authorization; and

This is a complaint about a number of common sense measures that make the FISA Court more credible, most notably requiring each 702 authorization to include an amicus review. The bill also includes measures to make the amicus review more robust, like enough advance involvement to be useful.

For a body of Congress to guard “the authority and expediency” of the FISC — especially in the wake of last year’s debacle of a ruling from Rosemary Collyer, who stubbornly refused to follow the law and either appoint an amicus or explain why she chose not to do so, is an outright abdication of congressional authority.

The FISC just defied Congressional intent as reflected in USA Freedom Act. USA Rights would make it harder for the FISC to continue to do so. And HPSCI’s response to that is to whimper that Congress is “subverting the authority” of another branch by demanding that it follow the law?

Update: DemandProgress did a fact check of this flyer that’s quite good.

“The Goals That Are Being Scored” … the Carter Page Saga

November 7, 2017/54 Comments/in 2016 Presidential Election, emptywheel, Mueller Probe /by emptywheel

In the middle of the Carter Page testimony to the House Intelligence Committee last week, Adam Schiff tried to get him to answer whether he spoke about buying a stake of Rosneft during his July 2016 trip to Moscow — a key claim from the Steele dossier. Page professed that it might be possible, but he couldn’t remember such a discussion because he was watching Ronaldo on TV at the time.

He may have briefly mentioned it when we were looking up from this Portugal — Ronaldo, whoever the — you know, the goals that are being scored. That may have come up. But I have no definitive recollection of that.

Page comes off, often, as someone utterly clueless about how both the Trump campaign officials and the Russians trying to use him were doing so.

It depends on the definition of meet

That said, the most interesting bits involve the things Page tried to hide or obfuscate, such as his claim he never met Trump even after having been in a lot of meetings with him.

Mr. Rooney: Did you ever meet Mr. Trump?

Mr. Page: I have never met him in my life. I’ve been in a lot of meetings with him, and I’ve learned a lot from him, but never actually met him face-to-face.

He does the same with Arkadiy Dvorkovich, Russia’s Deputy Prime Minister, when Adam Schiff tries to point out that meeting him in July 2016 would amount to meeting a senior official.

Mr. Schiff: And you don’t consider him to be a high-up official or someone in an official capacity?

Mr. Page: I — nothing I — it was — again, I did not meet with him. I greeted him briefly as he was walking off the stage after his speech.

Page even compares these two instances of not-meetings later in his testimony.

[I]t goes back to the point I mentioned with listening to speeches, listening to particularly Arkadiy Dvorkovich’s speech, right. Again, great insights just like I learned great insights — even though I’ve met — I’ve never met Donald J. Trump in my life, I’ve learned a lot from him.

Ultimately, even Trey Gowdy finds this obfuscation around the word “meet” to be too much.

Mr. Gowdy: All right. I’ve written down four different words. I didn’t think I’d ever be going through this with anyone, but we’ve got to, I guess. You seem to draw a distinction between a meeting, a greeting, a conversation, and you hearing a speech.

JD Gordon’s central role

I pointed out last week how JD Gordon was playing the press in the wake of the Papadopoulos plea agreement being unsealed. Page’s testimony may explain why: because Gordon was the key person coordinating Page’s activities.

Page at first tries to hide this, before he admits that JD Gordon was his supervisor on the campaign.

And J.D. Gordon was brought in, and he was sort of the de facto organizers [sic] for our group, although not — there was no official command structure, because, again, it was an informal quasi think tank, if you will.

Page later describes Gordon as the most formal of the foreign policy group.

[T]he thing with J.D. is that — again, we’re an informal group, right. He was probably the most formal. I believe he may have even had — if I’m not mistaken, he may have had a Trump campaign email address. I had spoken with him on that — a few occasions that are — you know, we’d get together for a dinner. I may have sent an email or two to him on that. And again, he never definitively answered one way or another.

And Page seems to have treated his conversations with Gordon with some sensitivity (though there’s any number of reasons why this might be true, including that they were running a cutthroat political campaign). Eric Swalwell walks Page through an email in which he warned Gordon, in advance of a call, that he’d be in the “Third World” Laguardia Sky Club so could only listen, not speak.

Mr. Swalwell: In a May 24th, 2016, email to J.D. Gordon, Bates stamped [redacted], you wrote: “FYI: At the Newark Sky Club, Delta has a private room when you can have a confidential conversation, but, unfortunately, no such luck at Third World LaGuardia. So I’ll mostly be on receive mode, since there are a significant number of people in the lounge.”

Later in testimony, Schiff describes an email Page sent two days later, telling Gordon, “I’m planning to speak alongside the chairman and CEO of Sberbank as we’ll both be giving commencement addresses as Mosscow’s New economic School on July 8” (in fact the meeting never happened; though that may be because Dvorkovich replaced him).

Perhaps most damning of all, when Page “mentioned to [Jeff Sessions] in passing” (yet another exchange that shows Sessions perjured himself before the Senate) that he was about to go to Moscow, Gordon and Papadopoulos were present as well.

Mr. Schiff: Let me take you back to what we were discussing before our break, the meeting you had at the Republican National Headquarters I think is the building you’re referring to, if I understand correctly. What was the nature of the discussions at that meeting with Mr. Sessions, then-Senator Sessions — was J.D. Gordon present?

Mr. Page: I believe he was.

Mr. Schiff: And George Papadopoulos you believe was there?

Mr. Page: I believe, yes, to the best of my recollection.

This puts some of the key players together, discussing how Page’s trip to Moscow might benefit the campaign.

Finally, in spite of his efforts to downplay his exchange with Dvokovich, Page’s letter to Gordon boasting about it was a key focus.

Mr. Schiff: And in that [email], Dr. Page, didn’t you state, on Thursday and Friday, July 7 and 8, 2016: “Campaign Adviser Carter Page” — you’re referring to yourself in the third person — “presented before gatherings at the New Economic Schoo, NES, in Moscow, including their 2006 [sic] commencement ceremony. Russian Deputy Prime Minister and NES Board Member Arkadiy Dvorkovich also spoke before the event. In a private conversation, Dvorkovich expressed strong support for Mr. Trump and a desire to work toward devising better solutions in response to the vast range of current international problems”?

The others

While less substantive than the focus on JD Gordon, it’s clear Democratic members were interested in the roles of others: Corey Lewandowski, who “hired” Page and okayed his trip to Russia, Hope Hicks, who was in the loop, Sam Clovis, who made him sign an NDA and had another meeting with him before he left for Russia, and Michael Cohen, who kept the NDA (and in fact didn’t provide Page his promised copy). Schiff also got the list of those responsible for changing the platform (which I think is overblown) into the record: in addition to Gordon, Joseph Schmitz, Bert Mizusawa, Chuck Kubic, Walid Phares, and Tera Dahl.

But the most interesting exchange came right at the end, when Schiff walked Page through a list of people he might have interacted when. When he asked about Eric Trump, Page admitted to sending his resignation to the son.

Mr. Schiff: Eric Trump.

Mr. Page: I — when I sent in my letter of — saying that I am taking a leave of absence from the campaign, I sent an email to him and a bunch of other individuals. So that was on — late Sunday night, after I sent the letter to James Comey. I sent a copy of that to them.

Mr. Schiff: So you sent a letter to Eric Trump, but you have had no other interaction with him apart from that?

Mr. Page: No. No.

Mueller probably interviewed Page during the Papadopoulos lag

Finally, there is perhaps the most important detail. Page admits he has spoken with the FBI this year 4-5 times (he appears to have been represented by a lawyer earlier this year, but he’s now draining his savings and representing himself). When asked if he has met with Mueller’s investigators, he notes what I did: his October 10 letter sort of pleading the Fifth was addressed, first and foremost, to Robert Mueller, which would put his testimony between the time George Papadopoulos pled guilty to false statements and the time it was unsealed — the time when Mueller was locking in the testimony of everyone implicated by Papadopoulos’ cooperation.

As I noted the other day, in the affidavit the FBI wrote explaining why they wanted to seal any notice of Papadopoulos’ plea deal, they described their plans to get the testimony of the people who had knowledge between Russians and the campaign.

The investigation is ongoing and includes pursuing leads from information provided by and related to the defendant regarding communications he had, inter alia, with certain other individuals associated with the campaign. The government will very shortly seek, among other investigative steps, to interview certain individuals who may have knowledge of contacts between Russian nationals (or Russia-connected foreign nationals) and the campaign, including the contacts between the defendant and foreign nationals set forth in the Statement of Offense incorporated into the defendants plea agreement.

All the people interviewed in what I’ll call the Papadopoulos lag — the time between when he pled guilty and the time they unsealed his plea — likely operated with the false confidence that the Mueller team would not know of conversations among campaign staffers. It appears that Page (like Sam Clovis, and, probably,JD Gordon) was interviewed in that period.

Can Congress — or Robert Mueller — Order Facebook to Direct Its Machine Learning?

September 19, 2017/7 Comments/in Blogs Internet and New Media, Cybersecurity, emptywheel, EO 12333, Mueller Probe /by emptywheel

The other day I pointed out that two articles (WSJ, CNN) — both of which infer that Robert Mueller obtained a probable cause search warrant on Facebook based off an interpretation that under Facebook’s privacy policy a warrant would be required — actually ignored two other possibilities. Without something stronger than inference, then, these articles do not prove Mueller got a search warrant (particularly given that both miss the logical step of proving that the things Facebook shared with Mueller count as content and not business records).

In response to that and to this column arguing that Facebook should provide more information, some of the smartest surveillance lawyers in the country discussed what kind of legal process would be required, but were unable to come to any conclusions.

Last night, WaPo published a story that made it clear Congress wanted far more than WSJ and CNN had suggested (which largely fell under the category of business records and the ads posted to targets, the latter of which Congress had been able to see but not keep). What Congress is really after is details about the machine learning Facebook used to identify the malicious activity identified in April and the ads described in its most recent report, to test whether Facebook’s study was thorough enough.

A 13-page “white paper” that Facebook published in April drew from this fuller internal report but left out critical details about how the Russian operation worked and how Facebook discovered it, according to people briefed on its contents.

Investigators believe the company has not fully examined all potential ways that Russians could have manipulated Facebook’s sprawling social media platform.

[snip]

Congressional investigators are questioning whether the Facebook review that yielded those findings was sufficiently thorough.

They said some of the ad purchases that Facebook has unearthed so far had obvious Russian fingerprints, including Russian addresses and payments made in rubles, the Russian currency.

Investigators are pushing Facebook to use its powerful data-crunching ability to track relationships among accounts and ad purchases that may not be as obvious, with the goal of potentially detecting subtle patterns of behavior and content shared by several Facebook users or advertisers.

Such connections — if they exist and can be discovered — might make clear the nature and reach of the Russian propaganda campaign and whether there was collusion between foreign and domestic political actors. Investigators also are pushing for fuller answers from Google and Twitter, both of which may have been targets of Russian propaganda efforts during the 2016 campaign, according to several independent researchers and Hill investigators.

“The internal analysis Facebook has done [on Russian ads] has been very helpful, but we need to know if it’s complete,” Schiff said. “I don’t think Facebook fully knows the answer yet.”

[snip]

In the white paper, Facebook noted new techniques the company had adopted to trace propaganda and disinformation.

Facebook said it was using a data-mining technique known as machine learning to detect patterns of suspicious behavior. The company said its systems could detect “repeated posting of the same content” or huge spikes in the volume of content created as signals of attempts to manipulate the platform.

The push to do more — led largely by Adam Schiff and Mark Warner (both of whom have gotten ahead of the evidence at times in their respective studies) — is totally understandable. We need to know how malicious foreign actors manipulate the social media headquartered in Schiff’s home state to sway elections. That’s presumably why Facebook voluntarily conducted the study of ads in response to cajoling from Warner.

But the demands they’re making are also fairly breathtaking. They’re demanding that Facebook use its own intelligence resources to respond to the questions posed by Congress. They’re also demanding that Facebook reveal those resources to the public.

Now, I’d be surprised (pleasantly) if either Schiff or Warner made such detailed demands of the NSA. Hell, Congress can’t even get NSA to count how many Americans are swept up under Section 702, and that takes far less bulk analysis than Facebook appears to have conducted. And Schiff and Warner surely would never demand that NSA reveal the extent of machine learning techniques that it uses on bulk data, even though that, too, has implications for privacy and democracy (America’s and other countries’). And yet they’re asking Facebook to do just that.

And consider how two laws might offer guidelines, but (in my opinion) fall far short of authorizing such a request.

There’s Section 702, which permits the government to oblige providers to provide certain data on foreign intelligence targets. Section 702’s minimization procedures even permit Congress to obtain data collected by the NSA for their oversight purposes.

Certainly, the Russian (and now Macedonian and Belarus) troll farms Congress wants investigated fall squarely under the definition of permissible targets under the Foreign Government certificate. But there’s no public record of NSA making a request as breathtaking as this one, that Facebook (or any other provider) use its own intelligence resources to answer questions the government wants answered. While the NSA does draw from far more data than most people understand (including, probably, providers’ own algorithms about individually targeted accounts), the most sweeping request we know of involves Yahoo scanning all its email servers for a signature.

Then there’s CISA, which permits providers to voluntarily share cyber threat indicators with the federal government, using these definitions:

(A) IN GENERAL.—Except as provided in subparagraph (B), the term “cybersecurity threat” means an action, not protected by the First Amendment to the Constitution of the United States, on or through an information system that may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system.

(B) EXCLUSION.—The term “cybersecurity threat” does not include any action that solely involves a violation of a consumer term of service or a consumer licensing agreement.

(6) CYBER THREAT INDICATOR.—The term “cyber threat indicator” means information that is necessary to describe or identify—

(A) malicious reconnaissance, including anomalous patterns of communications that appear to be transmitted for the purpose of gathering technical information related to a cybersecurity threat or security vulnerability;

(B) a method of defeating a security control or exploitation of a security vulnerability;

(C) a security vulnerability, including anomalous activity that appears to indicate the existence of a security vulnerability;

(D) a method of causing a user with legitimate access to an information system or information that is stored on, processed by, or transiting an information system to unwittingly enable the defeat of a security control or exploitation of a security vulnerability;

(E) malicious cyber command and control;

(F) the actual or potential harm caused by an incident, including a description of the information exfiltrated as a result of a particular cybersecurity threat;

(G) any other attribute of a cybersecurity threat, if disclosure of such attribute is not otherwise prohibited by law; or

(H) any combination thereof.

Since January, discussions of Russian tampering have certainly collapsed Russia’s efforts on social media with their various hacks. Certainly, Russian abuse of social media has been treated as exploiting a vulnerability. But none of this language defining a cyber threat indicator envisions the malicious use of legitimate ad systems.

Plus, CISA is entirely voluntary. While Facebook thus far has seemed willing to be cajoled into doing these studies, that willingness might change quickly if they had to expose their sources and methods, just as NSA clams up every time you ask about their sources and methods.

Moreover, unlike the sharing provisions in 702 minimization procedures, I’m aware of no language in CISA that permits sharing of this information with Congress.

Mind you, part of the problem may be that we’ve got global companies that have sources and methods that are as sophisticated as those of most nation-states. And, inadequate as they are, Facebook is hypothetically subject to more controls than nation-state intelligence agencies because of Europe’s data privacy laws.

All that said, let’s be aware of what Schiff and Warner are asking for, however justified it may be from a investigative standpoint. They’re asking for things from Facebook that they, NSA’s overseers, have been unable to ask from NSA.

If we’re going to demand transparency on sources and methods, perhaps we should demand it all around?

Trump’s Lawyer: I Did Not Go to Prague I Did Not Go to Prague I Did Not Go to Prague I Did Not Go to Prague

August 31, 2017/27 Comments/in 2016 Presidential Election, Mueller Probe, Russian hacks /by emptywheel

Four days ago, Michael Cohen (or the Trump Organization) pre-empted revelations that would leak as soon as he turned over a third tranche of documents to the House Intelligence Committee by revealing a seemingly damning detail from it: along with Trump’s associate Felix Sater, Cohen was pursuing a Trump Tower deal in Moscow well after Trump’s campaign was in full swing. Sure enough, more damning information was still to come: Sater somehow imagined the deal — whatever it was — would get Trump elected. Then still more damning information: in January 2016, Cohen reached out to trusted Putin aide Dmitry Peskov to push for help on the deal. That’s when Cohen began to not recall precisely what happened, and also ignore questions about why he hadn’t told Trump about this call, unlike the other actions he took on this deal.

Again, these events were connected to Cohen’s delivery of a tranche of documents on August 28 to HPSCI.

Today, the letter Cohen sent to HPSCI on August 14 after reviewing and delivering two previous tranches of documents got liberated (this copy by the Daily Beast, but multiple outlets got copies). So the letter, which includes four pages plus backup rebutting the allegations made about Cohen in the Steele dossier, reflects the understanding Cohen’s lawyers had two weeks before they delivered emails showing Cohen was contacting Putin’s trusted aide in support of a deal that Sater believed would get Trump election.

Before I look at the letter, let me reiterate what I have suggested elsewhere (I plan to return to these shortly). There are real, unanswered questions about the provenance of the document as leaked by BuzzFeed. Some of the circumstances surrounding its production — most notably its funders and their claimed goals, and Steele’s production of a final report, based off voluntarily provided information, for free — raise real questions about parts of the dossier. I think it quite likely some parts of the dossier, especially the last, most inflammatory report (which accuses Cohen of attending a meeting where payments from Trump to the hackers that targeted the Democrats were discussed), were disinformation fed by the Russians. I believe the Intelligence Community is almost certainly lying about what they knew about the dossier. I believe the Russians know precisely how the dossier got constructed (remember, a suspected source for it died in mysterious circumstances in December), and they expect the exposure of those details will discredit it.

So while I think there are truths in the dossier, I do think its current form includes rumor and even affirmative disinformation meant to discredit it.

With that said — and remembering all the time that shortly after this letter got written, documents were disclosed showing Cohen was involved in brokering a deal that Sater thought might get Trump elected — here’s my analysis of the document.

The entire letter is pitched around the claim that HPSCI “included Mr. Cohen in its inquiry based solely upon certain sensational allegations contained” in the Steele dossier. “Absent those allegations,” the letter continues, “Mr. Cohen would not be involved in your investigation.” The idea — presented two weeks before disclosure of emails showing Cohen brokering a deal with Russians in early 2016 — is if Cohen can discredit the dossier, then he will have shown that there is no reason to investigate him or his role brokering deals with the Russians. Even the denial of any documents of interest is limited to the dossier: “We have not uncovered a single document that would in any way corroborate the Dossier’s allegations regarding Mr. Cohen, nor do we believe that any such document exists.”

With that, Cohen’s lawyers address the allegations in the dossier, one by one. As a result, the rebuttal reads kind of like this:

I Did Not Go to Prague I Did Not Go to Prague I Did Not Go to Prague I Did Not Go to Prague

Cohen literally denies that he ever traveled to Prague six times, as well as denying carefully worded, often quoted, versions of meeting with Russians in a European capital in 2016. Of course that formulation — He did not participate in meetings of any kind with Kremlin officials in Prague in August 2016 — stops well short of other potential ties to Russians. And two of his denials look very different given the emails disclosed two weeks later showing an attempt to broker a deal that Felix Sater thought might get Trump elected, including an email from him to one of the most trusted agents of the Kremlin.

Mr. Cohen is not aware of any “secret TRUMP campaign/Kremlin relationship.”

Mr. Cohen is not aware of any indirect communications between the “TRUMP team” and “trusted agents” of the Kremlin.

As I said above, I think it highly likely the dossier includes at least some disinformation seeded by the Russians. So the most charitable scenario of what went down is that the Russians, knowing Cohen had made half-hearted attempts to broker the Trump Tower deal Trump had wanted for years, planted his name hoping some kind of awkwardness like this would result.

If so, Mission accomplished!

All that said, the way in which Cohen has orchestrated this disclosure — up to and including his failures to recall and answer obvious questions — is either great lawyering and/or sign that this earlier deal making is a real problem.

It may be that HPSCI only investigated Cohen because he was badly implicated in the Steele dossier. But if so, it led to the disclosure of earlier deal-making, including an attempt to reach out to one of Putin’s most trusted associates, that will likely give HPSCI a whole new reason to investigate.

The Compartments in WaPo’s Russian Hack Magnum Opus

June 23, 2017/56 Comments/in 2016 Presidential Election, Russian hacks /by emptywheel

The WaPo has an 8300 word opus on the Obama Administration’s response to Russian tampering in the election. The article definitely covers new ground on the Obama effort to respond while avoiding making things worse, particularly with regards to imposing sanctions in December. It also largely lays out much of the coverage the three bylined journalists (Greg Miller, Ellen Nakashima, and Adam Entous) have broken before, with new details. The overall message of the article, which has a number of particular viewpoints and silences, is this: Moscow is getting away with their attack.

“[B]ecause of the divergent ways Obama and Trump have handled the matter, Moscow appears unlikely to face proportionate consequences.”

The Immaculate Interception: CIA’s scoop

WaPo starts its story about how Russia got away with its election op with an exchange designed to make the non-response to the attack seem all the more senseless. It provides a dramatic description of a detail these very same reporters broke on December 9: Putin, who was personally directing this effort, was trying to elect Trump.

Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.

Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladimir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.

[snip]

The material was so sensitive that CIA Director John Brennan kept it out of the President’s Daily Brief, concerned that even that restricted report’s distribution was too broad. The CIA package came with instructions that it be returned immediately after it was read.

[snip]

In early August, Brennan alerted senior White House officials to the Putin intelligence, making a call to deputy national security adviser Avril Haines and pulling national security adviser Susan Rice side after a meeting before briefing Obama along with Rice, Haines and McDonough in the Oval Office.

While the sharing of this information with just three aides adds to the drama, WaPo doesn’t consider something else about it. The inclusion of Rice and McDonough totally makes sense. But by including Avril Haines, Brennan was basically including his former Deputy Director who had moved onto the DNSA position, effectively putting two CIA people in a room with two White House people and the President. Significantly, Lisa Monaco — who had Brennan’s old job as White House Homeland Security Czar and who came from DOJ and FBI before that — was reportedly excluded from this initial briefing.

There are a number of other interesting details about all this. First, for thousands of wordspace, the WaPo presents this intelligence as irreproachable, even while providing this unconvincing explanation of why, if it is so secret and solid, the CIA was willing to let WaPo put it on its front page.

For spy agencies, gaining insights into the intentions of foreign leaders is among the highest priorities. But Putin is a remarkably elusive target. A former KGB officer, he takes extreme precautions to guard against surveillance, rarely communicating by phone or computer, always running sensitive state business from deep within the confines of the Kremlin.

The Washington Post is withholding some details of the intelligence at the request of the U.S. government.

If this intelligence is so sensitive, why is even the timing of its collection being revealed here, much less its access to Putin?

That seemingly contradictory action is all the more curious given that not all agencies were as impressed with this intelligence as CIA was. It’s not until much, much later in its report until WaPo explains what remains true as recently as Admiral Rogers’ latest Congressional testimony: the NSA wasn’t and isn’t as convinced by CIA’s super secret intelligence as CIA was.

Despite the intelligence the CIA had produced, other agencies were slower to endorse a conclusion that Putin was personally directing the operation and wanted to help Trump. “It was definitely compelling, but it was not definitive,” said one senior administration official. “We needed more.”

Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence.

By the time this detail is presented, the narrative is in place: Obama failed to respond adequately to the attack that CIA warned about back in August.

The depiction of this top-level compartment of just Brennan, Rice, McDonough, and Haines is interesting background, as well, for the depiction of the way McDonough undermined a State Department plan to institute a Special Commission before Donald Trump got started.

Supporters’ confidence was buoyed when McDonough signaled that he planned to “tabledrop” the proposal at the next NSC meeting, one that would be chaired by Obama. Kerry was overseas and participated by videoconference.

To some, the “tabledrop” term has a tactical connotation beyond the obvious. It is sometimes used as a means of securing approval of an idea by introducing it before opponents have a chance to form counterarguments.

“We thought this was a good sign,” a former State Department official said.

But as soon as McDonough introduced the proposal for a commission, he began criticizing it, arguing that it would be perceived as partisan and almost certainly blocked by Congress.

Obama then echoed McDonough’s critique, effectively killing any chance that a Russia commission would be formed.

Effectively, McDonough upended the table on those (which presumably includes the CIA) who wanted to preempt regular process.

Finally, even after these three WaPo journalists foreground their entire narrative with CIA’s super duper scoop (that NSA is still not 100% convinced is one), they don’t describe their own role in changing the tenor of the response on December 9 by reporting the first iteration of this story.

“By December, those of us working on this for a long time were demoralized,” said an administration official involved in the developing punitive options.

Then the tenor began to shift.

On Dec. 9, Obama ordered a comprehensive review by U.S. intelligence agencies of Russian interference in U.S. elections going back to 2008, with a plan to make some of the findings public.

The WaPo’s report of the CIA’s intelligence changed the tenor back in December, and this story about the absence of a response might change the tenor here.

Presenting the politics ahead of the intelligence

The WaPo’s foregrounding of Brennan’s August scoop is also important for the way they portray the parallel streams of the intelligence and political response. It portrays the Democrats’ political complaints about Republicans in this story, most notably the suggestion that Mitch McConnell refused to back a more public statement about the Russian operation when Democrats were pushing for one in September. That story, in part because of McConnell’s silence, has become accepted as true.

Except the WaPo’s own story provides ample evidence that the Democrats were trying to get ahead of the formal intelligence community with respect to attribution, both in the summer, when Clapper only alluded to Russian involvement.

Even after the late-July WikiLeaks dump, which came on the eve of the Democratic convention and led to the resignation of Rep. Debbie Wasserman Schultz (D-Fla.) as the DNC’s chairwoman, U.S. intelligence officials continued to express uncertainty about who was behind the hacks or why they were carried out.

At a public security conference in Aspen, Colo., in late July, Director of National Intelligence James R. Clapper Jr. noted that Russia had a long history of meddling in American elections but that U.S. spy agencies were not ready to “make the call on attribution” for what was happening in 2016.

And, more importantly, in the fall, when the public IC attribution came only after McConnell refused to join a more aggressive statement because the intelligence did not yet support it (WaPo makes no mention of it, but DHS’s public reporting from late September still attributed the the threat to election infrastructure to “cybercriminals and criminal hackers”).

Senate Majority Leader Mitch McConnell (R-Ky.) went further, officials said, voicing skepticism that the underlying intelligence truly supported the White House’s claims. Through a spokeswoman, McConnell declined to comment, citing the secrecy of that meeting.

Key Democrats were stunned by the GOP response and exasperated that the White House seemed willing to let Republican opposition block any pre-election move.

On Sept. 22, two California Democrats — Sen. Dianne Feinstein and Rep. Adam B. Schiff — did what they couldn’t get the White House to do. They issued a statement making clear that they had learned from intelligence briefings that Russia was directing a campaign to undermine the election, but they stopped short of saying to what end.

A week later, McConnell and other congressional leaders issued a cautious statement that encouraged state election officials to ensure their networks were “secure from attack.” The release made no mention of Russia and emphasized that the lawmakers “would oppose any effort by the federal government” to encroach on the states’ authorities.

When U.S. spy agencies reached unanimous agreement in late September that the interference was a Russian operation directed by Putin, Obama directed spy chiefs to prepare a public statement summarizing the intelligence in broad strokes.

I’m all in favor of beating up McConnell, but there is no reason to demand members of Congress precede the IC with formal attribution for something like this. So until October 7, McConnell had cover (if not justification) for refusing to back a stronger statement.

And while the report describes Brennan’s efforts to brief members of Congress (and the reported reluctance of Republicans to meet with him), it doesn’t answer what remains a critical and open question: whether Brennan’s briefing for Harry Reid was different — and more inflammatory — than his briefing for Republicans, and whether that was partly designed to get Reid to serve as a proxy attacker on Jim Comey and the FBI.

Brennan moved swiftly to schedule private briefings with congressional leaders. But getting appointments with certain Republicans proved difficult, officials said, and it was not until after Labor Day that Brennan had reached all members of the “Gang of Eight” — the majority and minority leaders of both houses and the chairmen and ranking Democrats on the Senate and House intelligence committees.

Nor does this account explain another thing: why Brennan serially briefed the Gang of Eight, when past experience is to brief them in groups, if not all together.

In short, while the WaPo provides new details on the parallel intelligence and political tracks, it reinforces its own narrative while remaining silent on some details that are critical to that narrative.

The compartments

The foregrounding of CIA in all this also raises questions about a new and important detail about (what I assume to be the subsequently publicly revealed, though this is not made clear) Task Force investigating this operation: it lives at CIA, not FBI.

Brennan convened a secret task force at CIA headquarters composed of several dozen analysts and officers from the CIA, the NSA and the FBI.

The unit functioned as a sealed compartment, its work hidden from the rest of the intelligence community. Those brought in signed new non-disclosure agreements to be granted access to intelligence from all three participating agencies.

They worked exclusively for two groups of “customers,” officials said. The first was Obama and fewer than 14 senior officials in government. The second was a team of operations specialists at the CIA, NSA and FBI who took direction from the task force on where to aim their subsequent efforts to collect more intelligence on Russia.

Much later in the story, WaPo reveals how, in the wake of Obama calling for a report, analysts started looking back at their collected intelligence and learning new details.

Obama’s decision to order a comprehensive report on Moscow’s interference from U.S. spy agencies had prompted analysts to go back through their agencies’ files, scouring for previously overlooked clues.

The effort led to a flurry of new, disturbing reports — many of them presented in the President’s Daily Brief — about Russia’s subversion of the 2016 race. The emerging picture enabled policymakers to begin seeing the Russian campaign in broader terms, as a comprehensive plot sweeping in its scope.

It’s worth asking: did the close hold of the original Task Force, a hold that appears to have been set by Brennan, contribute to the belated discovery of these details revealing a broader campaign?

The surveillance driven sanctions

I’m most interested in the description of how the Obama Admin chose whom to impose sanctions on, though it includes this bizarre claim.

But the package of measures approved by Obama, and the process by which they were selected and implemented, were more complex than initially understood.

The expulsions and compound seizures were originally devised as ways to retaliate against Moscow not for election interference but for an escalating campaign of harassment of American diplomats and intelligence operatives. U.S. officials often endured hostile treatment, but the episodes had become increasingly menacing and violent.

Several of the details WaPo presents as misunderstood (including that the sanctions were retaliation for treatment of diplomats) were either explicit in the sanction package or easily gleaned at the time.

One of those easily gleaned details is that the sanctions on GRU and FSB were mostly symbolic. WaPo uses the symbolic nature of the attack on those who perpetrated the attack as a way to air complaints that these sanctions were not as onerous as those in response to Ukraine.

“I don’t think any of us thought of sanctions as being a primary way of expressing our disapproval” for the election interference, said a senior administration official involved in the decision. “Going after their intelligence services was not about economic impact. It was symbolic.”

More than any other measure, that decision has become a source of regret to senior administration officials directly involved in the Russia debate. The outcome has left the impression that Obama saw Russia’s military meddling in Ukraine as more deserving of severe punishment than its subversion of a U.S. presidential race.

“What is the greater threat to our system of government?” said a former high-ranking administration official, noting that Obama and his advisers knew from projections formulated by the Treasury Department that the impact of the election-related economic sanctions would be “minimal.”

Three things that might play into the mostly symbolic targeting of FSB, especially, are not mentioned. First, WaPo makes no mention of the suspected intelligence sources who’ve been killed since the election, most credibly Oleg Erovinkin, as well as a slew of other suspect and less obviously connected deaths. It doesn’t mention the four men Russia charged with treason in early December. And it doesn’t mention DOJ’s indictment of the Yahoo hackers, including one of the FSB officers, Dmitry Dokuchaev, that Russia charged with treason (not to mention the inclusion within the indictment of intercepts between FSB officers). There’s a lot more spy vs. spy activity going on here that likely relates far more to retaliation or limits on US ability to retaliate, all of which may be more important in the medium term than financial sanctions.

Given the Yahoo and other indictments working through San Francisco (including that of Yevgeniey Nikulin, who claims FBI offered him a plea deal involving admitting he hacked the DNC), I’m particularly interested in the shift in sanctions from NY to San Francisco, where Nikulin and Dokuchaev’s victims are located.

The FBI was also responsible for generating the list of Russian operatives working under diplomatic cover to expel, drawn from a roster the bureau maintains of suspected Russian intelligence agents in the United States.

[snip]

The roster of expelled spies included several operatives who were suspected of playing a role in Russia’s election interference from within the United States, officials said. They declined to elaborate.

More broadly, the list of 35 names focused heavily on Russians known to have technical skills. Their names and bios were laid out on a dossier delivered to senior White House officials and Cabinet secretaries, although the list was modified at the last minute to reduce the number of expulsions from Russia’s U.N. mission in New York and add more names from its facilities in Washington and San Francisco.

And the WaPo’s reports confirm what was also obvious: the two compounds got shut down (and were a priority) because of all the spying they were doing.

The FBI had long lobbied to close two Russian compounds in the United States — one in Maryland and another in New York — on the grounds that both were used for espionage and placed an enormous surveillance burden on the bureau.

[snip]

Rice pointed to the FBI’s McCabe and said: “You guys have been begging to do this for years. Now is your chance.”

The administration gave Russia 24 hours to evacuate the sites, and FBI agents watched as fleets of trucks loaded with cargo passed through the compounds’ gates.

Finally, given Congress’ bipartisan fearmongering about Kaspersky Lab, I’m most interested that at one point Treasury wanted to include them in sanctions.

Treasury Department officials devised plans that would hit entire sectors of Russia’s economy. One preliminary suggestion called for targeting technology companies including Kaspersky Lab, the Moscow-based cybersecurity firm. But skeptics worried that the harm could spill into Europe and pointed out that U.S. companies used Kaspersky systems and software.

In spite of all the fearmongering, no one has presented proof that Kaspersky is working for Russia (there are even things, which I won’t go in to for the moment, that suggest the opposite). But we’re moving close to de facto sanctions against Kaspersky anyway, even in spite of the fact (or perhaps because) they’re providing better intelligence on WannaCry than half the witnesses called as witnesses to Congress. But discrediting Kaspersky undercuts one of the only security firms in the world who, in addition to commenting on Russian hacking, will unpack America’s own hacking. You sanction Kaspersky, and you expand the asymmetry with which security firms selectively scrutinize just Russian hacking, rather than all nation-state hacking.

The looming cyberattack and the silence about Shadow Brokers

Which brings me to the last section of the article, where, over 8000 words in, the WaPo issues a threat against Russia in the form of a looming cyberattack Obama approved before he left.

WaPo’s early description of this suggests the attack was and is still in planning stages and relies on Donald Trump to execute.

Obama also approved a previously undisclosed covert measure that authorized planting cyber weapons in Russia’s infrastructure, the digital equivalent of bombs that could be detonated if the United States found itself in an escalating exchange with Moscow. The project, which Obama approved in a covert-action finding, was still in its planning stages when Obama left office. It would be up to President Trump to decide whether to use the capability.

But if readers make it all the way through the very long article, they’ll learn that’s not the case. The finding has already been signed, the implants are already being placed (implants which would most likely be discovered by Kaspersky), and for Trump to stop it, he would have to countermand Obama’s finding.

The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race.

Officials familiar with the measures said that there was concern among some in the administration that the damage caused by the implants could be difficult to contain.

As a result, the administration requested a legal review, which concluded that the devices could be controlled well enough that their deployment would be considered “proportional” in varying scenarios of Russian provocation, a requirement under international law.

The operation was described as long-term, taking months to position the implants and requiring maintenance thereafter. Under the rules of covert action, Obama’s signature was all that was necessary to set the operation in motion.

U.S. intelligence agencies do not need further approval from Trump, and officials said that he would have to issue a countermanding order to stop it. The officials said that they have seen no indication that Trump has done so.

Whatever else this article is designed to do, I think, it is designed to be a threat to Putin, from long gone Obama officials.

Given the discussion of a looming cyberattack on Russia, it’s all the more remarkable WaPo breathed not one word about Shadow Brokers, which is most likely to be a drawn out cyberattack by Russian affiliates on NSA. Even ignoring the Shadow Brokers’ derived global ransomware attack in WannaCry, Shadow Brokers has ratcheted up the severity of its releases, including doxing NSA’s spies and hacks of the global finance system, It has very explicitly fostered tensions between the NSA and private sector partners (as well as the reputational costs on those private sector partners). And it has threatened to leak still worse, including NSA exploits against current Microsoft products and details of NSA’s spying on hostile nuclear programs.

The WaPo is talking about a big cyberattack, but an entity that most likely has close ties to Russia has been conducting one, all in plain sight. I suggested back in December that Shadow Brokers was essentially holding NSA hostage in part as a way to constrain US intelligence retaliation against Russia. Given ensuing events, I’m more convinced that is, at least partly, true.

But in this grand narrative of CIA’s early warning and Obama’s inadequate response, details like that remain unsaid.

The Implications of the Competing Flynn-Billingslea Stories

May 6, 2017/4 Comments/in Russian hacks /by emptywheel

In advance of Sally Yates’ testimony Monday, the WaPo and AP have released stories on concerns about Mike Flynn’s ties with Russia during the transition period.

The stories themselves are interesting enough. But that and how they differ make them all the more interesting.

The WaPo story makes the Trump White House — and very specifically Marshall Billingslea, whom Trump recently nominated to be Treasury’s terrorist finance Assistant Secretary — look the hero of a story about warnings Trump’s people gave Mike Flynn about Russia. In this version, after growing concerned that Flynn had showed more interest in meeting Sergey Kislyak than any of the other ambassadors who were pestering him for meetings, Billingslea intervened to obtain CIA’s profile of Kislyak in time for a November 28 meeting Flynn and (though this receives far less emphasis) Jared Kushner attended.

Billingslea warned Flynn that Kislyak was likely a target of U.S. surveillance and that his communications — whether with U.S. persons or superiors in Moscow — were undoubtedly being monitored by the FBI and National Security Agency, according to officials familiar with the exchange. Flynn, a retired Army lieutenant general who led the Defense Intelligence Agency, would presumably have been aware of such surveillance.

Billingslea then said that he would obtain a copy of the profile of Kislyak, officials said, a document that Billingslea urged Flynn to read if he were going to communicate with the Russian envoy. Flynn’s reaction was noncommittal, officials said, neither objecting to the feedback nor signaling agreement.

Shortly thereafter, during the week of Nov. 28, Billingslea and other transition officials met with lower-level Obama administration officials in the Situation Room at the White House.

At the end of the meeting, which covered a range of subjects, Billingslea asked for the CIA profile. “Can we get material on Kislyak?” one recalled Billingslea asking.

Days later, Flynn took part in a meeting with Kislyak at Trump Tower. White House spokeswoman Hope Hicks has confirmed that both Flynn and Jared Kushner, Trump’s adviser and son-in-law, took part in that session, which was not publicly disclosed at the time.

In that story of the Trump Administration’s effort to warn off someone who (unlike the barely mentioned Kushner) had spent a lifetime working with spies of spying, the CIA dossier, which reportedly doesn’t say Kislyak is a spy (though other outlets have claimed he is this year) gets placed in the transition SCIF.

The CIA bio on Kislyak was placed in a room in the Trump transition offices set up to handle classified material. Officials familiar with the document said that even if Flynn had read it, there was little in it that would have triggered alarms.

The file spanned three or four pages, describing Kislyak’s diplomatic career, extensive involvement in arms negotiations, and reputation as a determined proponent of Russian interests. It noted that he routinely reported information back to Moscow and that any information he gathered would be shared with Russia’s intelligence services. But the file did not say Kislyak was a spy.

Compare that key detail to something that appears in the AP version, which is told from the perspective of Obama officials. That story reveals that documents (they’re not described as the CIA dossier) were copied and removed from the SCIF.

After learning that highly sensitive documents from a secure room at the transition’s Washington headquarters were being copied and removed from the facility, Obama’s national security team decided to only allow the transition officials to view some information at the White House, including documents on the government’s contingency plans for crises.

In the AP story, Billingslea’s request was seen as a warning sign about Flynn’s preparation (who, again, had a lifetime of working with spies) to deal with America’s adversarial relationship with Russia.

In late November, a member of Donald Trump’s transition team approached national security officials in the Obama White House with a curious request: Could the incoming team get a copy of the classified CIA profile on Sergey Kislyak, Russia’s ambassador to the United States?

Marshall Billingslea, a former Pentagon and NATO official, wanted the information for his boss, Michael Flynn, who had been tapped by Trump to serve as White House national security adviser. Billingslea knew Flynn would be speaking to Kislyak, according to two former Obama administration officials, and seemed concerned Flynn did not fully understand he was dealing with a man rumored to have ties to Russian intelligence agencies.

To the Obama White House, Billingslea’s concerns were startling: a member of Trump’s own team suggesting the incoming Trump administration might be in over its head in dealing with an adversary.

But later in the AP story, it describes the Obama’s team’s concern that the Kislyak dossier was the only one requested.

Leading up to the revelation that Trump officials copied classified documents from the SCIF (which is how it ends), the AP first warns that some of this story will come out in Sally Yates’ testimony next Monday. It also reveals that the Obama Administration withheld information from Trump’s team, worried they’d share it with Russia.

In late December, as the White House prepared to levy sanctions and oust Russians living in the in the U.S. in retaliation for the hacks, Obama officials did not brief the Trump team on the decision until shortly before it was announced publicly. The timing was chosen in part because they feared the transition team might give Moscow lead time to clear information out of two compounds the U.S. was shuttering, one official said.

While it’s not inappropriate for someone in Flynn’s position to have contact with a diplomat, Obama officials said the frequency of his discussions raised enough red flags that aides discussed the possibility Trump was trying to establish a one-to-one line of communication — a so-called back channel — with Russian President Vladimir Putin. Obama aides say they never determined why Flynn was in close contact with the ambassador.

Viewed in comparison, the stories seem like competing efforts to get ahead of what both sides know will come out on Monday. The Trump team, knowing some of what Yates will say (in testimony they tried to prevent), is now making the remaining White House officials look good, and providing a somewhat plausible explanation for obtaining just the Kislyak dossier. But AP’s revelation that Trump’s people were copying documents from the SCIF that held the dossier raise questions about whether the reason it was obtained was to share the dossier. Neither story mentions what Adam Schiff has, which is that one really interesting detail will be the delay in ousting Flynn after Yates first told the White House of her concerns.

Both the stories leave out a detail the NYT previously reported that seems important, however: that Kislyak meeting, which the spook-savvy Flynn and the young Kushner attended, led to a second and a third, ultimately leading Kushner to meet the FSB-trained head of a sanctioned bank.

Until now, the White House had acknowledged only an early December meeting between Mr. Kislyak and Mr. Kushner, which occurred at Trump Tower and was also attended by Michael T. Flynn, who would briefly serve as the national security adviser.

Later that month, though, Mr. Kislyak requested a second meeting, which Mr. Kushner asked a deputy to attend in his stead, officials said. At Mr. Kislyak’s request, Mr. Kushner later met with Sergey N. Gorkov, the chief of Vnesheconombank, which drew sanctions from the Obama administration after President Vladimir V. Putin of Russia annexed Crimea and began meddling in Ukraine.

The subtext of taking the two Billingslea stories and the Sergey Gorkov one together is that Flynn — or even the President’s son-in-law — may have provided intelligence to the Russians, in events that led up to the closest thing we’ve seen to a possible quid pro quo.

In any case, the dossier seems either better suited to warning Kushner, not Flynn, of the dangers he was navigating, or a document that, if copied and handed to its subject, would be interesting though not devastating intelligence to share.

One final point: this story helps to explain why both the December 28 sanctions and the early January hack report were so awful; remember, too, when first announced, the press had the wrong location of the Long Island compound in question. At the time, I thought both were designed to be a document, any document, ones that didn’t reveal what the intelligence community actually knew (aside from the identities of the 35 expelled diplomats), particularly regarding who actually conducted the DNC hack. The AP story reveals Obama’s team was particularly worried Trump’s team would warn the Russians in time to dismantle some of the communications equipment at the two compounds. The crummy documents, plus the delay in informing Congress of the scope of the investigation until Flynn had been ousted, are both best explained by a concern that the National Security Advisor would share the information directly with Russia.

So will we learn that Flynn — or Kushner — did share such information?

Last Fall’s Efforts against Russia: Influence versus Tamper

April 7, 2017/16 Comments/in 2016 Presidential Election, Mueller Probe, Russian hacks /by emptywheel

NYT has a story — citing “former government officials” and eventually citing Harry Reid — that’s attracting a lot of attention. It explains the CIA had evidence in August that Russia was affirmatively trying to elect Trump, rather than just hurt Hillary.

In an Aug. 25 briefing for Harry Reid, then the top Democrat in the Senate, Mr. Brennan indicated that Russia’s hackings appeared aimed at helping Mr. Trump win the November election, according to two former officials with knowledge of the briefing.

The officials said Mr. Brennan also indicated that unnamed advisers to Mr. Trump might be working with the Russians to interfere in the election. The F.B.I. and two congressional committees are now investigating that claim, focusing on possible communications and financial dealings between Russian affiliates and a handful of former advisers to Mr. Trump. So far, no proof of collusion has emerged publicly.

[snip]

In the August briefing for Mr. Reid, the two former officials said, Mr. Brennan indicated that the C.I.A., focused on foreign intelligence, was limited in its legal ability to investigate possible connections to Mr. Trump. The officials said Mr. Brennan told Mr. Reid that the F.B.I., in charge of domestic intelligence, would have to lead the way.

Given Jim Comey’s description of the FBI assessment Russia wanted to elect Trump — which he described as an “enemy of my enemy” approach, rooting against the Pats at all times because he’s a Giants fan — and given the NSA’s continued moderate confidence in this claim, I don’t make too much of the CIA claim. Furthermore, given Roger Stone’s public exchanges with Guccifer 2 in the weeks leading up to this briefing (and CIA’s purported prohibition on involvement in domestic affairs), I also don’t put too much stock in CIA’s evidence of Russian coordination. In precisely this period, after all, Brennan continued to publicly brief that Putin was out of his depth, which seemed then and seems even more now to underestimate Putin’s ability to play the United States.

The line about Brennan saying FBI would have to investigate the ties between Trump and Putin also reminds me of the recent complaint, laundered through BBC’s Paul Wood, that FBI is fucking up the investigation and CIA should take the lead.

The rest of the article includes partisan details that have attracted a lot of attention but that — in light of this Lisa Monaco interview — seem to miss some distinction. The NYT describes a conflict between a bipartisan statement about the integrity of the election and a more assertive statement implicating Russia with influencing the outcome of the election.

In the briefings, the C.I.A. said there was intelligence indicating not only that the Russians were trying to get Mr. Trump elected but that they had gained computer access to multiple state and local election boards in the United States since 2014, officials said.

Although the breached systems were not involved in actual vote-tallying operations, Obama administration officials proposed that the eight senior lawmakers write a letter to state election officials warning them of the possible threat posed by Russian hacking, officials said.

But Senator Mitch McConnell of Kentucky, the Republican majority leader, resisted, questioning the underpinnings of the intelligence, according to officials with knowledge of the discussions. Mr. McConnell ultimately agreed to a softer version of the letter, which did not mention the Russians but warned of unnamed “malefactors” who might seek to disrupt the elections through online intrusion. The letter, dated Sept. 28, was signed by Mr. McConnell, Mr. Reid, Speaker Paul D. Ryan and Representative Nancy Pelosi, the ranking Democrat.

On Sept. 22, two other members of the Gang of Eight — Senator Dianne Feinstein and Representative Adam B. Schiff, both of California and the ranking Democrats on the Senate and House intelligence committees — released their own statement about the Russian interference that did not mention Mr. Trump or his campaign by name.

Here’s the full statement from Feinstein and Schiff:

Based on briefings we have received, we have concluded that the Russian intelligence agencies are making a serious and concerted effort to influence the U.S. election.

At the least, this effort is intended to sow doubt about the security of our election and may well be intended to influence the outcomes of the election—we can see no other rationale for the behavior of the Russians.

We believe that orders for the Russian intelligence agencies to conduct such actions could come only from very senior levels of the Russian government.

We call on President Putin to immediately order a halt to this activity. Americans will not stand for any foreign government trying to influence our election. We hope all Americans will stand together and reject the Russian effort.

Note the difference in emphasis: the letter from Congressional leaders emphasizes voting apparatus. Also note (and I suspect this is far more important than any report has yet made out) the letter Mitch McConnell was willing to sign states clearly that voting systems are not being designated critical infrastructure (which Jeh Johnson tried to do in early January, to much resistance from the states).

We urge the states to take full advantage of the robust public and private sector resources available to them to ensure that their network is secure from attack. In addition, the Department of Homeland Security stands ready to provide cybersecurity assistance to those states that choose to request it. Such assistance does not entail federal regulation or binding federal directives of any kind, and we would oppose any effort by the federal government to exercise any degree of control over the states’ administration of elections by designating these systems as critical infrastructure.

In other words, the Democrats wanted this to be about Russian influence, whereas the government was primarily worried about Russia affecting the outcome of the election at the polls.

Here’s how Monaco described the effort, which she describes as largely successful.

[M]y own view on that is we did not want to do anything to do the Russians’ work for them by engaging in partisan discussion about this, which is why we were so intent upon getting bipartisan support, and ultimately, we did so from the House and Senate leadership, in trying to get the state and local governments to work with us to shore up their cybersecurity.

We made a specific effort to go to Congress, to say we want bipartisan support for state governments to take us up on our offer to shore up their cybersecurity in their election systems, because there was a tremendous amount of resistance. This is an election year, I think there was a view that we—if we came to state and municipal governments and said, “We want to help you shore up your cybersecurity for your election system,” they viewed it as a big federal takeover.

We really needed bipartisan support for the efforts we were making, largely out of the Department of Homeland Security. Ultimately, that turned out to be a smart way of doing business, and we ended up having 48 of 50 states take us up on our offer, but we needed bipartisan support to do it. Ultimately, that turned out to be a smart way of doing business, and we ended up having 48 of 50 states take us up on our offer, but we needed bipartisan support to do it.

For Monaco, the effort was entirely about convincing states to accept help from DHS to ensure the machines counting the vote would not be compromised in a way that would affect the vote, not about the theft of emails from the DNC.

Incidentally, one of the two states that refused DHS help was Georgia, which of course is conducting an election to replace Tom Price as we speak, and which accused DHS of trying to hack its systems in the weeks after the election.

Two more comments on this. First, Mitch McConnell appears to have been in the right on this. Public discussion of the probes at the time noted that such hacks had happened in the past and generally sought credentials, not voting information. DHS released a warning on the polling probes on September 20, a week before the Leaders’ statement was released, and it still discussed the probes in terms of stealing PII.

(U//FOUO) DHS has no indication that adversaries or criminals are planning cyber operations against US election infrastructure that would change the outcome of the coming US election. Multiple checks and redundancies in US election infrastructure—including diversity of systems, non-Internet connected voting machines, pre-election testing, and processes for media, campaign, and election officials to check, audit, and validate results—make it likely that cyber manipulation of US election systems intended to change the outcome of a national election would be detected.

(U//FOUO) We judge cybercriminals and criminal hackers are likely to continue to target personally identifiable information (PII), such as that available in voter registration databases. We have no indication, however, that criminals are planning theft of voter information to disrupt or alter US computer-enabled election infrastructure.

And the October 7 joint DHS/ODNI statement –released after the Leaders’ statement — still stopped short of blaming Russia for those probes.

Some states have also recently seen scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company. However, we are not now in a position to attribute this activity to the Russian Government.

In other words, McConnell’s resistance to blaming Russia in that September 28 letter was completely consistent with the public intelligence at the time.

Finally, now how the role of Richard Burr and Devin Nunes always gets glossed over in these descriptions? I get that people want to blame Mitch for refusing to take a tougher line. But what were Trump’s campaign surrogates doing at the time?

Why Susan Rice May Be a Shiny Object

April 4, 2017/30 Comments/in EO 12333, FISA, Russian hacks /by emptywheel

A bunch of Republican propagandists are outraged that the press isn’t showing more interest in PizzaGate Mike Cernovich’s “scoop” that the woman in charge of ensuring our national security under President Obama, then National Security Advisor Susan Rice, sought to fully understand the national security intercepts she was being shown.

There are two bases for their poutrage, which might have merit — but coming from such hacks, may not.

The first is the suggestion, based off Devin Nunes’ claim (and refuted by Adam Schiff) that Rice unmasked things she shouldn’t have. Thus far, the (probably illegally) leaked details — such as that family members, perhaps like Jared Kushner (who met with an FSB officer turned head of a sanctioned Russian bank used as cover for other spying operations), Sean Hannity (who met with an already-targeted Julian Assange at a time he was suspected of coordinating with Russians), and Erik Prince (who has literally built armies for foreign powers) got spied on — do nothing but undermine Nunes’ claims. All the claimed outrageous unmaskings actually seem quite justifiable, given the accepted purpose for FISA intercepts.

The other suggestion — and thus far, it is a suggestion, probably because (as I’ll show) it’s thus far logically devoid of evidence — is that because Rice asked to have the names of people unmasked, she must be the person who leaked the contents of the intercepts of Sergey Kislyak discussing sanctions with Mike Flynn. (Somehow, the propagandists always throw Ben Rhodes’ name in, though it’s not clear on what basis.)

Let me start by saying this. Let’s assume those intercepts remained classified when they were leaked. That’s almost certain, but Obama certainly did have the authority to declassify them, just as either George Bush or Dick Cheney allegedly used that authority to declassify Valerie Plame’s ID (as some of these same propagandists applauded back in the day). But assuming the intercepts did remain classified, I agree that it is a problem that they were leaked by nine different sources to the WaPo.

But just because Rice asked to unmask the identities of various Trump (and right wing media) figures doesn’t mean she and Ben Rhodes are the nine sources for the WaPo.

That’s because the information on Flynn may have existed in a number of other places.

Obviously, Rice could not have been the first person to read the Flynn-Kislyak intercepts. That’s because some analyst(s) would have had to read them and put them into a finished report (most, but not all, of Nunes’ blathering comments about these reports suggest they were finished intelligence). Assuming those analysts were at NSA (which is not at all certain) someone would have had to have approved the unmasking of Flynn’s name before Rice saw it.

In addition, it is possible — likely even, at least by January 2017, when we know people were asking why Russia didn’t respond more strongly to Obama’s hacking sanctions — that there were two other sets of people who had access to the raw intelligence on Flynn’s conversations with Kislyak: the CIA and, especially, the FBI, which would have been involved in any FISA-related collection. Both CIA and FBI can get raw data on topics they’re working on. Likely, in this case, the multi-agency task force was getting raw collection related to their Russian investigation.

And as I’ve explained, as soon as FBI developed a suspicion that either Kislyak was at the center of discussions on sanctions or that Flynn was an unregistered agent of multiple foreign powers, the Special Agents doing that investigation would routinely pull up everything in their databases on those people by name, which would result in raw Title I and 702 FISA collection (post January 3, it probably began to include raw EO 12333 data as well).

So already you’re up to about 15 to 20 people who would have access to the raw intercepts, and that’s before they brief their bosses, Congress (though the Devin Nunes and Adam Schiff briefing, at least, was delayed a bit), and DOJ, all the way up to Sally Yates, who wanted to warn the White House. Jim Comey has suggested it is likely that the nine sources behind the WaPo story were among these people briefed secondarily on the intercepts. And it’s worth noting that David Ignatius, who first broke the story of Flynn’s chats with Kislyak but was not credited on the nine source story, has known source relationships in other parts of the government than the National Security Advisor, though he also has ties to Rice.

All of which is to say that the question of who leaked the contents of Mike Flynn’s conversations with Sergey Kislyak is a very different question from whether Susan Rice’s requests to unmask Trump associates’ names were proper or not. It is possible that Rice leaked the intercepts without declassifying them first. But it’s also possible that any of tens of other people did, most of whom would have a completely independent channel for that information.

And the big vulnerability is not — no matter what Eli Lake wants to pretend — the unmasking of individual names by the National Security Advisor. Rather, it’s that groups of investigators can access the same intelligence in raw form without a warrant tied to the American person in question.