Posts

PCLOB: The Essential Oversight Link Designed to Be Inadequate

Last year, there were a couple of measures that purported to respond to the problems with the Carter Page FISA application but which would not have helped him at all. In February, House Judiciary Committee rolled out a bill to replace the now-lapsed Section 215 of FISA that included a Privacy and Civil Liberties Oversight Board review of the impact that tradition FISA had on First Amendment Activities.

SEC. 303. REPORT ON USE OF FISA AUTHORITIES REGARDING PROTECTED ACTIVITIES AND PROTECTED CLASSES.

(a) REPORT.—Not later than one year after the date of the enactment of this Act, the Privacy and Civil Liberties Oversight Board shall make publicly available, to the extent practicable, a report on—

(1) the extent to which the activities and protected classes described in subsection (b) are used to support targeting decisions in the use of authorities pursuant to the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.); and

(2) the impact of the use of such authorities on such activities and protected classes.

As I noted at the time, because PCLOB’s mandate is limited to counterterrorism, it would not be able to look at counterintelligence targeting. This is not the first time that PCLOB’s mandate made its work less useful than it could be. Because its Section 702 report was necessarily limited to the counterterrorism uses of the law, PCLOB’s report did not address problems with the cybersecurity and counterproliferation uses of Section 702, both of which have far more unexpected impact on US person’s privacy than the counterterrorism use.

Then, in May, PCLOB’s Chair, Adam Klein, announced PCLOB was going to review traditional FISAs.

Adam I. Klein, the chairman of the privacy board, said that the issues Horowitz surfaced were precisely those that the board was established to examine.

“This is at the heartland of our jurisdiction,” said Klein, a lawyer and prominent researcher of FISA and other national security laws. “The IG found systemic compliance problems. At a minimum, we have a duty to inform ourselves.”

I again noted that PCLOB’s mandate would limit the value of such a review, and indeed, would prevent PCLOB from even reviewing the precipitating application, Page’s counterintelligence application.

Last week, Klein released the results of that review, billed and released not as a PCLOB report, but as a Chairperson’s White Paper (Klein has said he’d step down once Joe Biden replaced him). He makes clear,

I provide several observations and recommendations based on this review. These views are provided in my individual capacity as Chairman and should not be attributed to the Board as a whole or to other members of the Board.

Its recommendations are not obviously supported by the described scope of the review. His White Paper generally argues for more efficiency, a recommendation that conflicts with virtually all other conclusions that came out of the Carter Page review (though some of his recommendations to achieve efficiency, such as making the authorization period for non-US person FISA applications one year, make sense). He makes two recommendations (that the Woods file not require repeated documentation for repeated facts and that DOJ distinguish between information known at the time and information learned subsequent to an initial application) that would undercut some of the results of the DOJ IG Report on Carter Page.

Klein’s White Paper does recommend that a summary memo submitted with the application which highlights novel privacy, legal, or technological issues. If the FBI Director or his delegate were required to sign off on that summary as well as the current certification (that doesn’t address the probable cause content of the application in the least), it might provide a level of accountability that (Congress doesn’t yet understand) FISA currently lacks. Other than that, Klein’s White Paper reads as much like a valedictory trying to guide future PCLOB plans as it does a report to improve FISA. Almost two pages of the 26-page report constitutes a recommendation to reauthorize Section 215 of FISA.

But, as predicted, the review did not consider anything remotely pertinent to what happened to Carter Page.

To conduct its review of applications themselves, PCLOB asked for and received the subset of the 29 FISA files that DOJ IG is conducting a review of that pertain to counterterrorism as well as the backup exchange between FBI and DOJ regarding those applications. That included:

  • 19 total applications (out of 29 reviewed by DOJ IG)
  • All counterterrorism targets
  • Most located in United States at time of targeting

These details help us understand the two reports DOJ IG wrote about the full set of 29 files, which I wrote about here. Of the 29, ten must be counterintelligence files like Carter Page’s.

Because PCLOB did not review the counterintelligence applications, it only reviewed one of the two for which DOJ IG found a material error.  The second was a CI application that showed a worse error rate than the Carter Page file (which was measured using a different methodology than the Carter Page one).

It also didn’t review any Sensitive Investigative Matters — applications which, like Carter Page’s, involve someone who is a political, journalistic, or religious figure whose targeting should get extra scrutiny. That seems to suggest that DOJ IG did not include any counterterrorism applications targeting SIMs in its review (it would seem SIMs would be more likely to be targeted on the counterintelligence side, but we know of religious and political figures targeted under counterterrorism FISA applications). These would be the applications that pose the greatest privacy and civil liberties concern.

In lieu of that, FBI Office of General Counsel provided PCLOB with,

The number of “sensitive investigative matters” pertaining to U.S. persons in which FBI sought a FISA probable cause order in each year between 2015 and 2019, a summary of each matter (including the type of investigation and the features resulting in its classification as a “sensitive investigative matter”), and whether each request was granted.

That’s presumably how PCLOB learned that there aren’t all that many SIMs targeted under FISA.

[I]nformation received by the Board indicates that relatively few FISA applications are obtained each year in SIMs.

Still, this is the core of what you’d need to review to serve the function of PCLOB. Klein even appears not to have reviewed Page’s significantly declassified public applications, which would have been simple to do, would have provided him something to compare the counterterrorism applications he reviewed with, but which would have been outside the scope of PCLOB’s mandate.

This matters because PCLOB has been reasonably effective. Indeed, in a book published in April in recognition of the 50th Anniversary of the Pentagon Papers, Lisa Monaco (in a contribution submitted before she became Deputy Attorney General) pointed to PCLOB’s contributions after the Snowden releases as an important way forward to balance security and secrecy in the age of mass leaks. Monaco even recommended that PCLOB consult with the Director of National Intelligence prior to the implementation of certain policies. (Director of National Intelligence Avril Haines also contributed a chapter to the book, which was far more intriguing that Monaco’s.)

Another would be to institute a practice of DNI consultation with the PCLOB before the adoption of certain collection programs. The PCLOB served an important function after disclosures precisely because it is charged with considering privacy and civil liberties implications as well as the national security implications of counter-terrorism programs.82 It could be a valuable addition to the consideration and review of some intelligence programs for a standing body with the infrastructure to handle classified information to work with privacy officers in each agency to assess privacy concerns and conduct privacy impact assessments that are reported to the DNI.

But as noted above, even PCLOB’s Section 702 review suffered because it couldn’t look at several of the applications of 702, applications implicated by the Snowden releases.

Last year, I was told that efforts to expand the jurisdiction of PCLOB would be a poison pill to any bill to which they were attached. I can only assume that means the Executive doesn’t want to expose to scrutiny they kinds of practices that were central to the Carter Page application.

But if Lisa Monaco believes PCLOB has a role to play in balancing national security and secrecy, she should ensure its mandate is sufficiently broad to do that job.

Avril Haines Committed to Reviewing Past Redactions of Intelligence on Russia’s Support for Trump

In the wake of the confirmation that Konstantin Kilimnik did, in fact, share campaign data with Russian Intelligence, some people are asking whether Trump withheld information confirming that fact from Mueller or SSCI.

There are other possible explanations. After all, DOJ stated publicly in 2019 they were still working on decrypting communications involving Manafort and Kilimnik. There are likely new sources of information that have become available to the government.

It’s also certain that the government did share some information with SSCI that was not publicly released in its report last year. Indeed, we’re still waiting on information in the SSCI Report that probably will be made public.

Ron Wyden complained about the overclassification of the report when it came out, and — in his typical fashion — provided bread crumbs of what we might learn with further declassification.

(U) The report includes new revelations directly related to the Trump campaign’s cooperation with Russian efforts to get Donald Trump elected. Yet significant information remains redacted. One example among many is the report’s findings with regard to the relationship between Trump campaign manager Paul Manafort and Russian intelligence officer Konstantin Kilimnik.

(U) The report includes significant information demonstrating that Paul Manafort’s support for Russia and pro-Russian factions in Ukraine was deeper than previously known. The report also details extremely troubling information about the extent and nature of Manafort’s connection with Kilimnik and Manafort’s passage of campaign polling data to Kilimnik. Most troubling of all are indications that Kilimnik, and Manafort himself, were connected to Russia’s hack-and-leak operations.

(U) Unfortunately, significant aspects of this story remain hidden from the American public. Information related to Manafort’s interactions with Kilimnik, particularly in April 2016, are the subject of extensive redactions. Evidence connecting Kilimnik to the GRU’s hack-and-leak operations are likewise redacted, as are indications of Manafort’s own connections to those operations. There are redactions to important new information with regard to Manafort’s meeting in Madrid with a representative of Oleg Deripaska. The report also includes extensive information on Deripaska, a proxy for Russian intelligence and an associate of Manafort. Unfortunately, much of that information is redacted as well.

(U) The report is of urgent concern to the American people, in part due to its relevance to the 2020 election and Russia’s ongoing influence activities. The public version of the report details how Kilimnik disseminated propaganda claiming Ukrainian interference in the 2016 election, beginning even before that election and continuing into late 2019. [one sentence redacted] And the report includes information on the role of other Russian government proxies and personas in spreading false narratives about Ukrainian interference in the U.S. election. This propaganda, pushed by a Russian intelligence officer and other Russian proxies, was the basis on which Donald Trump sought to extort the current government of Ukraine into providing assistance to his reelection efforts and was at the center of Trump’s impeachment and Senate trial. That is one of the reasons why the extensive redactions in this section of the report are so deeply problematic. Only when the American people are informed about the role of an adversary in concocting and disseminating disinformation can they make democratic choices free of foreign interference.

Redactions suggest there was more to an April exchange of information between Kilimnik and Manafort involving Oleg Deripaska than has been made public, describing something else that happened almost simultaneously with that exchange. SSCI learned about that even without obtaining information from Manafort’s email server, which Kilimnik was using long after he stopped working for Manafort and which they subpoenaed unsuccessfully, but Mueller did obtain it.

There’s also a very long redacted passage in the more general Additional Views from Democrats on the committee that laid out the significance of the SSCI findings for the 2020 election (ostensibly what yesterday’s sanctions addressed).

Also in typical Wyden fashion, he already took steps to liberate such information as could be released. In his Questions for the Record for both Avril Haines and William Burns, Wyden asked that this information be declassified. He also asked that more information behind Treasury’s sanctions imposed on Andrii Derkach last September be declassified. Haines committed to ordering a new declassification review of both.

QUESTION 150: If confirmed, will you review the Committee’s Report on Russian Active Measures Campaigns and Interference in the 2016 U.S. Election, in particular Volume 5, for additional declassification?

Yes, if confirmed, I will order a review of the Committee’s report to determine whether additional declassification is possible consistent with the need to protect national security.

QUESTION 151: If confirmed, will you review intelligence related to foreign interference in the 2020 U.S. election, including with regard to Russian agents referenced in the Treasury Department’s September 10, 2020, sanctions announcement, for additional declassification and public release?

Yes, if confirmed I will order a review of these materials to determine whether additional declassification is possible consistent with the need to protect national security.

So we should be getting a newly declassified version of the SSCI Report that will reveal what the Trump Administration did share, but buried under redactions.

Which will also reveal what Trump knew about Manafort’s affirmative ties to Russian intelligence when he pardoned Manafort to pay off Manafort’s silence about all that during the Mueller investigation.

News from the Election Front: Russia Attacked Joe Biden Through “Prominent US Individuals, Some of Whom Were Close to Former President Trump”

Back in 2018, President Trump signed an Executive Order 13848, designed to stave off a law mandating sanctions in the event of election interference. The order nevertheless required reporting on election interference and provided the White House discretion to impose sanctions in the event of interference. Yesterday, the Director of Homeland Security and Director of National Intelligence released the reports mandated by an Executive Order, describing the known efforts to interfere in last year’s election.

Trump’s Intelligence Community Debunks Trump

Though Trump failed to comply publicly in 2019, his own EO mandates deadlines for — first — the DNI report assessing a broader range of possible election interference and then, 45 days later, the DHS/DOJ report describing interference with election infrastructure or influence operations.

(a) Not later than 45 days after the conclusion of a United States election, the Director of National Intelligence, in consultation with the heads of any other appropriate executive departments and agencies (agencies), shall conduct an assessment of any information indicating that a foreign government, or any person acting as an agent of or on behalf of a foreign government, has acted with the intent or purpose of interfering in that election. The assessment shall identify, to the maximum extent ascertainable, the nature of any foreign interference and any methods employed to execute it, the persons involved, and the foreign government or governments that authorized, directed, sponsored, or supported it. The Director of National Intelligence shall deliver this assessment and appropriate supporting information to the President, the Secretary of State, the Secretary of the Treasury, the Secretary of Defense, the Attorney General, and the Secretary of Homeland Security.

(b) Within 45 days of receiving the assessment and information described in section 1(a) of this order, the Attorney General and the Secretary of Homeland Security, in consultation with the heads of any other appropriate agencies and, as appropriate, State and local officials, shall deliver to the President, the Secretary of State, the Secretary of the Treasury, and the Secretary of Defense a report evaluating, with respect to the United States election that is the subject of the assessment described in section 1(a):

(i) the extent to which any foreign interference that targeted election infrastructure materially affected the security or integrity of that infrastructure, the tabulation of votes, or the timely transmission of election results; and

(ii) if any foreign interference involved activities targeting the infrastructure of, or pertaining to, a political organization, campaign, or candidate, the extent to which such activities materially affected the security or integrity of that infrastructure, including by unauthorized access to, disclosure or threatened disclosure of, or alteration or falsification of, information or data.

These deadlines should have been, for the DNI Report, December 18, and for the DHS/DOJ report, February 1.

The declassified DNI report released yesterday was finished and distributed, in classified form, on January 7.

The document is a declassified version of a classified report that the IC provided to the President, senior Executive Branch officials, and Congressional leadership and intelligence oversight committees on January 7, 2021.

It was based off intelligence available as of December 31.

The DHS report was completed in February.

Which is to say that these reports were done substantially under the Trump Administration.

DHS Debunks the Kraken

The DHS report, based off the classified report completed in February, finds that while Russian and Iran breached some election infrastructure, they did not manage to change any votes. It also finds that those two countries plus China managed to compromise party or campaign infrastructure, with unknown goals, but that none of the countries that accessed information that could have been used in influence operations used the information.

The most important result, however, was that after checking via multiple different measures, the government found no evidence that dead Hugo Chavez or anyone else that Sidney Powell invoked in service of the Big Lie succeeded in changing any votes.

We are aware of multiple public claims that one or more foreign governments—including Venezuela, Cuba, or China—owned, directed, or controlled election infrastructure used in the 2020 federal elections; implemented a scheme to manipulate election infrastructure; or tallied, changed, or otherwise manipulated vote counts. Following the election, the Department of Justice, including the FBI, and the Department of Homeland Security, including CISA, investigated the public claims and determined that they are not credible.

We have no evidence—not through intelligence collection on the foreign actors themselves, not through physical security and cybersecurity monitoring of voting systems across the country, not through post-election audits, and not through any other means—that a foreign government or other actors compromised election infrastructure to manipulate election results.

DNI (Mostly) Debunks the DNI

Last summer, the Director of National Intelligence John Ratcliffe responded to Democratic concerns about Russia interfering in the election again by stating that China was too. This report largely debunks that claim.

We assess that China did not deploy interference efforts and considered but did not deploy influence efforts intended to change the outcome of the US presidential election. We have high confidence in this judgment. China sought stability in its relationship with the United States and did not view either election outcome as being advantageous enough for China to risk blowback if caught. Beijing probably believed that its traditional influence tools, primarily targeted economic measures and lobbying key individuals and interest groups, would be sufficient to achieve its goal of shaping US policy regardless of who won the election. We did not identify China attempting to interfere with election infrastructure or provide funding to any candidates or parties.

  • The IC assesses that Chinese state media criticism of the Trump administration’s policies related to China and its response to the COVID-19 pandemic remained consistent in the lead-up to the election and was aimed at shaping perceptions of US policies and bolstering China’s global position rather than to affect the 2020 US election. The coverage of the US election, in particular, was limited compared to other topics measured in total volume of content.
  • China has long sought to influence US politics by shaping political and social environments to press US officials to support China’s positions and perspectives. We did not, however, see these capabilities deployed for the purpose of shaping the electoral outcome. [Bold original]

The report describes that the National Intelligence Officer for Cyber had moderate confidence that China was trying to help Joe Biden win.

Minority View The National Intelligence Officer for Cyber assesses that China took at least some steps to undermine former President Trump’s reelection chances, primarily through social media and official public statements and media. The NIO agrees with the IC’s view that Beijing was primarily focused on countering anti-China policies, but assesses that some of Beijing’s influence efforts were intended to at least indirectly affect US candidates, political processes, and voter preferences, meeting the definition for election influence used in this report. The NIO agrees that we have no information suggesting China tried to interfere with election processes. The NIO has moderate confidence in these judgments.

This view differs from the IC assessment because it gives more weight to indications that Beijing preferred former President Trump’s defeat and the election of a more predictable member of the establishment instead, and that Beijing implemented some-and later increased-its election influence efforts, especially over the summer of 2020. The NIO assesses these indications are more persuasive than other information indicating that China decided not to intervene. The NIO further assesses that Beijing calibrated its influence efforts to avoid blowback.

That said, the day after this report was initially disseminated in classified form on January 7, Ratcliffe made clear that the Ombud believed this was a politicized view, and that more than just the Cyber NIO agreed (though didn’t mention that the Ombud believed Russian intelligence had been politicized even worse).

President Trump’s political appointees clashed with career intelligence analysts over the extent to which Russia and China interfered or sought to interfere in the 2020 election, with each side accusing the other of politicization, according to a report by an intelligence community ombudsman.

The findings by Barry A. Zulauf, the “analytic ombudsman” for the Office of the Director of National Intelligence (ODNI), describe an intelligence community afflicted by a “widespread perception in the workforce about politicization” of analysis on the topic of foreign election influence — one that he says threatens the legitimacy of the agencies’ work.

[snip]

Citing Zulauf’s report, Director of National Intelligence John Ratcliffe, chosen for the position by Trump last year, charged Thursday that career analysts in a recently completed classified assessment failed to capture the full scope of Chinese government influence on the election — a charge that some current and former officials say illustrates the issue of politicization, because it downplays the much larger role of Russia.

As late as October, then, another Intelligence Officer had some confidence that what this report deems China’s regular influence-peddling had an electoral component, but (as Ratcliffe complained in January) it did not show up in this report, which was entirely produced after the Ombud weighed in.

The IC Now Associates Konstantin Kilimnik with FSB, not GRU

The long section on Russia’s efforts to influence the election get pretty damned close to saying that the events surrounding Trump’s first impeachment and even the Hunter Biden laptop were Russian backed (which is consistent with intelligence warnings that were broadly shared). It might as well have named Rudy Giuliani (among others).

We assess that President Putin and the Russian state authorized and conducted influence operations against the 2020 US presidential election aimed at denigrating President Biden and the Democratic Party, supporting former President Trump, undermining public confidence in the electoral process, and exacerbating sociopolitical divisions in the US. Unlike in 2016, we did not see persistent Russian cyber efforts to gain access to election infrastructure. We have high confidence in these judgments because a range of Russian state and proxy actors who all serve the Kremlin’s interests worked to affect US public perceptions. We also have high confidence because of the consistency of themes in Russia’s influence efforts across the various influence actors and throughout the campaign, as well as in Russian leaders’ assessments of the candidates. A key element of Moscow’s strategy this election cycle was its use of people linked to Russian intelligence to launder influence narratives–including misleading or unsubstantiated allegations against President Biden–through US media organizations, US officials, and prominent US individuals, some of whom were close to former President Trump and his administration.

[snip]

Derkach, Kilimnik, and their associates sought to use prominent US persons and media conduits to launder their narratives to US officials and audiences. These Russian proxies met with and provided materials to Trump administration-linked US persons to advocate for formal investigations; hired a US firm to petition US officials; and attempted to make contact with several senior US officials. They also made contact with established US media figures and helped produce a documentary that aired on a US television network in late January 2020. [Bold original, italics added]

The report likens what Russian entities were doing post-election with what Russia had planned in 2016.

Even after the election, Russian online influence actors continued to promote narratives questioning the election results and disparaging President Biden and the Democratic Party. These efforts parallel plans Moscow had in place in 2016 to discredit a potential incoming Clinton administration, but which it scrapped after former President Trump’s victory.

Perhaps the most interesting detail — on top of revealing that Paul Manafort’s former employee remained involved in all this — is that this report suggests Kilimnik has ties to FSB, not GRU (though the report describes GRU’s efforts as well).

A network of Ukraine-linked individuals–including Russian influence agent Konstantin Kilimnik–who were also connected to the Russian Federal Security Service (FSB) took steps throughout the election cycle to damage US ties to Ukraine, denigrate President Biden and his candidacy, and benefit former President Trump’s prospects for reelection.

The most recent public reporting on Kilimnik was the SSCI Report. And that suggested that Kilimnik (along with at least one other Oleg Deripaska deputy) was linked to GRU. Indeed, Kilimnik has been described as a former GRU officer. This suggests he may have ties, as well or more recently, to FSB, which would have interesting implications for the 2016 operation.

 

The Most Counterproductive Letter in Defense of Julian Assange

How seriously do you think the Joe Biden Administration is going to take a letter that,

  • Implicitly treats helping Edward Snowden flee Hong Kong to Russia (one of the overt acts Julian Assange is currently charged with) as a journalistic activity
  • Was written by an organization on the board of which Edward Snowden serves, without any disclosure of the relationship (or that another Freedom of the Press Foundation board member, Laura Poitras, decided in real time that such activities weren’t journalism, thereby eliminating the New York Times problem the letter claims still exists)
  • Treats the Julian Assange extradition request as a Trump Administration decision at a time when Biden is trying to emphasize that DOJ represents the country, not one president
  • Ties the Assange prosecution to Trump’s other politicization of DOJ when the evidence shows the opposite happened, that Trump abused power to attempt to protect Assange (in her ruling, Judge Baraitser also noted that Trump in no way treated WikiLeaks like he treated journalistic outlets)
  • Relies on dated 2013 reporting about the sum total of WikiLeaks’ actions targeting the US, ignoring much of the public record since, not to mention the grave damage incurred by a release — Vault 7 — that had almost no news value, which was allegedly leaked while Acting Deputy Attorney General John Carlin (who will probably field this letter) was in charge of DOJ’s National Security Division
  • Exhibits zero familiarity with the 54-page report — citing testimony from Biden Administration members Avril Haines, Lisa Monaco, Susan Rice, Tony Blinken, Samantha Power, Denis McDonough, and John Kerry — that concluded one reason the Obama Administration didn’t respond in more timely fashion to Russia’s attack on the 2016 election was because of a delayed understanding of how WikiLeaks had been “coopted” by Russia:

Despite Moscow’s history of leaking politically damaging information, and the increasingly significant publication of illicitly obtained information by coopted third parties, such as WikiLeaks, which historically had published information harmful to the United States, previous use of weaponized information alone was not sufficient for the administration to take immediate action on the DNC breach. The administration was not fully engaged until some key intelligence insights were provided by the IC, which shifted how the administration viewed the issue.

[snip]

The executive branch struggled to develop a complete understanding of WikiLeaks. Some officials viewed WikiLeaks as a legitimate news outlet, while others viewed WikiLeaks as a hostile organization acting intentionally and deliberately to undermine U.S. or allies’ interests.

The letter claims to want to protect a “robust” press. But this letter fails to meet journalistic standards of transparency or accuracy.

Nevertheless, the following organizations signed onto such a (in my opinion) counterproductive letter:

  • Access Now
  • American Civil Liberties Union
  • Amnesty International – USA
  • Center for Constitutional Rights
  • Committee to Protect Journalists
  • Defending Rights and Dissent
  • Demand Progress
  • Electronic Frontier Foundation
  • Fight for the Future
  • First Amendment Coalition Free Press
  • Freedom of the Press Foundation
  • Human Rights Watch
  • Index on Censorship
  • Knight First Amendment Institute at Columbia University
  • National Coalition Against Censorship
  • Open The Government
  • Partnership for Civil Justice Fund
  • PEN America
  • Project on Government Oversight
  • Reporters Without Borders
  • Roots Action
  • The Press Freedom Defense Fund of First Look Institute
  • Whistleblower & Source ProtectionProgram (WHISPeR) at ExposeFacts

I have a great deal of respect for these organizations, have worked for several of them, and have received funding in the past from Freedom of the Press Foundation. I agree with the sentiment of the letter that some of the current charges against Assange pose a risk to journalism. I believe these organizations could have written an effective letter to Acting Attorney General Monty Wilkinson (or, more effectively and with better targeting, to Carlin).

Instead, they signed onto a letter that violates several of the principles of journalism they claim to want to defend.

The Compartments in WaPo’s Russian Hack Magnum Opus

The WaPo has an 8300 word opus on the Obama Administration’s response to Russian tampering in the election. The article definitely covers new ground on the Obama effort to respond while avoiding making things worse, particularly with regards to imposing sanctions in December. It also largely lays out much of the coverage the three bylined journalists (Greg Miller, Ellen Nakashima, and Adam Entous) have broken before, with new details. The overall message of the article, which has a number of particular viewpoints and silences, is this: Moscow is getting away with their attack.

“[B]ecause of the divergent ways Obama and Trump have handled the matter, Moscow appears unlikely to face proportionate consequences.”

The Immaculate Interception: CIA’s scoop

WaPo starts its story about how Russia got away with its election op with an exchange designed to make the non-response to the attack seem all the more senseless. It provides a dramatic description of a detail these very same reporters broke on December 9: Putin, who was personally directing this effort, was trying to elect Trump.

Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.

Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladi­mir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.

[snip]

The material was so sensitive that CIA Director John Brennan kept it out of the President’s Daily Brief, concerned that even that restricted report’s distribution was too broad. The CIA package came with instructions that it be returned immediately after it was read.

[snip]

In early August, Brennan alerted senior White House officials to the Putin intelligence, making a call to deputy national security adviser Avril Haines and pulling national security adviser Susan Rice side after a meeting before briefing Obama along with Rice, Haines and McDonough in the Oval Office.

While the sharing of this information with just three aides adds to the drama, WaPo doesn’t consider something else about it. The inclusion of Rice and McDonough totally makes sense. But by including Avril Haines, Brennan was basically including his former Deputy Director who had moved onto the DNSA position, effectively putting two CIA people in a room with two White House people and the President. Significantly, Lisa Monaco — who had Brennan’s old job as White House Homeland Security Czar and who came from DOJ and FBI before that — was reportedly excluded from this initial briefing.

There are a number of other interesting details about all this. First, for thousands of wordspace, the WaPo presents this intelligence as irreproachable, even while providing this unconvincing explanation of why, if it is so secret and solid, the CIA was willing to let WaPo put it on its front page.

For spy agencies, gaining insights into the intentions of foreign leaders is among the highest priorities. But Putin is a remarkably elusive target. A former KGB officer, he takes extreme precautions to guard against surveillance, rarely communicating by phone or computer, always running sensitive state business from deep within the confines of the Kremlin.

The Washington Post is withholding some details of the intelligence at the request of the U.S. government.

If this intelligence is so sensitive, why is even the timing of its collection being revealed here, much less its access to Putin?

That seemingly contradictory action is all the more curious given that not all agencies were as impressed with this intelligence as CIA was. It’s not until much, much later in its report until WaPo explains what remains true as recently as Admiral Rogers’ latest Congressional testimony: the NSA wasn’t and isn’t as convinced by CIA’s super secret intelligence as CIA was.

Despite the intelligence the CIA had produced, other agencies were slower to endorse a conclusion that Putin was personally directing the operation and wanted to help Trump. “It was definitely compelling, but it was not definitive,” said one senior administration official. “We needed more.”

Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence.

By the time this detail is presented, the narrative is in place: Obama failed to respond adequately to the attack that CIA warned about back in August.

The depiction of this top-level compartment of just Brennan, Rice, McDonough, and Haines is interesting background, as well, for the depiction of the way McDonough undermined a State Department plan to institute a Special Commission before Donald Trump got started.

Supporters’ confidence was buoyed when McDonough signaled that he planned to “tabledrop” the proposal at the next NSC meeting, one that would be chaired by Obama. Kerry was overseas and participated by videoconference.

To some, the “tabledrop” term has a tactical connotation beyond the obvious. It is sometimes used as a means of securing approval of an idea by introducing it before opponents have a chance to form counterarguments.

“We thought this was a good sign,” a former State Department official said.

But as soon as McDonough introduced the proposal for a commission, he began criticizing it, arguing that it would be perceived as partisan and almost certainly blocked by Congress.

Obama then echoed McDonough’s critique, effectively killing any chance that a Russia commission would be formed.

Effectively, McDonough upended the table on those (which presumably includes the CIA) who wanted to preempt regular process.

Finally, even after  these three WaPo journalists foreground their entire narrative with CIA’s super duper scoop (that NSA is still not 100% convinced is one), they don’t describe their own role in changing the tenor of the response on December 9 by reporting the first iteration of this story.

“By December, those of us working on this for a long time were demoralized,” said an administration official involved in the developing punitive options.

Then the tenor began to shift.

On Dec. 9, Obama ordered a comprehensive review by U.S. intelligence agencies of Russian interference in U.S. elections going back to 2008, with a plan to make some of the findings public.

The WaPo’s report of the CIA’s intelligence changed the tenor back in December, and this story about the absence of a response might change the tenor here.

Presenting the politics ahead of the intelligence

The WaPo’s foregrounding of Brennan’s August scoop is also important for the way they portray the parallel streams of the intelligence and political response. It portrays the Democrats’ political complaints about Republicans in this story, most notably the suggestion that Mitch McConnell refused to back a more public statement about the Russian operation when Democrats were pushing for one in September. That story, in part because of McConnell’s silence, has become accepted as true.

Except the WaPo’s own story provides ample evidence that the Democrats were trying to get ahead of the formal intelligence community with respect to attribution, both in the summer, when Clapper only alluded to Russian involvement.

Even after the late-July WikiLeaks dump, which came on the eve of the Democratic convention and led to the resignation of Rep. Debbie Wasserman Schultz (D-Fla.) as the DNC’s chairwoman, U.S. intelligence officials continued to express uncertainty about who was behind the hacks or why they were carried out.

At a public security conference in Aspen, Colo., in late July, Director of National Intelligence James R. Clapper Jr. noted that Russia had a long history of meddling in American elections but that U.S. spy agencies were not ready to “make the call on attribution” for what was happening in 2016.

And, more importantly, in the fall, when the public IC attribution came only after McConnell refused to join a more aggressive statement because the intelligence did not yet support it (WaPo makes no mention of it, but DHS’s public reporting from late September still attributed the the threat to election infrastructure to “cybercriminals and criminal hackers”).

Senate Majority Leader Mitch McConnell (R-Ky.) went further, officials said, voicing skepticism that the underlying intelligence truly supported the White House’s claims. Through a spokeswoman, McConnell declined to comment, citing the secrecy of that meeting.

Key Democrats were stunned by the GOP response and exasperated that the White House seemed willing to let Republican opposition block any pre-election move.

On Sept. 22, two California Democrats — Sen. Dianne Feinstein and Rep. Adam B. Schiff — did what they couldn’t get the White House to do. They issued a statement making clear that they had learned from intelligence briefings that Russia was directing a campaign to undermine the election, but they stopped short of saying to what end.

A week later, McConnell and other congressional leaders issued a cautious statement that encouraged state election officials to ensure their networks were “secure from attack.” The release made no mention of Russia and emphasized that the lawmakers “would oppose any effort by the federal government” to encroach on the states’ authorities.

When U.S. spy agencies reached unanimous agreement in late September that the interference was a Russian operation directed by Putin, Obama directed spy chiefs to prepare a public statement summarizing the intelligence in broad strokes.

I’m all in favor of beating up McConnell, but there is no reason to demand members of Congress precede the IC with formal attribution for something like this. So until October 7, McConnell had cover (if not justification) for refusing to back a stronger statement.

And while the report describes Brennan’s efforts to brief members of Congress (and the reported reluctance of Republicans to meet with him), it doesn’t answer what remains a critical and open question: whether Brennan’s briefing for Harry Reid was different — and more inflammatory — than his briefing for Republicans, and whether that was partly designed to get Reid to serve as a proxy attacker on Jim Comey and the FBI.

Brennan moved swiftly to schedule private briefings with congressional leaders. But getting appointments with certain Republicans proved difficult, officials said, and it was not until after Labor Day that Brennan had reached all members of the “Gang of Eight” — the majority and minority leaders of both houses and the chairmen and ranking Democrats on the Senate and House intelligence committees.

Nor does this account explain another thing: why Brennan serially briefed the Gang of Eight, when past experience is to brief them in groups, if not all together.

In short, while the WaPo provides new details on the parallel intelligence and political tracks, it reinforces its own narrative while remaining silent on some details that are critical to that narrative.

The compartments

The foregrounding of CIA in all this also raises questions about a new and important detail about (what I assume to be the subsequently publicly revealed, though this is not made clear) Task Force investigating this operation: it lives at CIA, not FBI.

Brennan convened a secret task force at CIA headquarters composed of several dozen analysts and officers from the CIA, the NSA and the FBI.

The unit functioned as a sealed compartment, its work hidden from the rest of the intelligence community. Those brought in signed new non-disclosure agreements to be granted access to intelligence from all three participating agencies.

They worked exclusively for two groups of “customers,” officials said. The first was Obama and fewer than 14 senior officials in government. The second was a team of operations specialists at the CIA, NSA and FBI who took direction from the task force on where to aim their subsequent efforts to collect more intelligence on Russia.

Much later in the story, WaPo reveals how, in the wake of Obama calling for a report, analysts started looking back at their collected intelligence and learning new details.

Obama’s decision to order a comprehensive report on Moscow’s interference from U.S. spy agencies had prompted analysts to go back through their agencies’ files, scouring for previously overlooked clues.

The effort led to a flurry of new, disturbing reports — many of them presented in the President’s Daily Brief — about Russia’s subversion of the 2016 race. The emerging picture enabled policymakers to begin seeing the Russian campaign in broader terms, as a comprehensive plot sweeping in its scope.

It’s worth asking: did the close hold of the original Task Force, a hold that appears to have been set by Brennan, contribute to the belated discovery of these details revealing a broader campaign?

The surveillance driven sanctions

I’m most interested in the description of how the Obama Admin chose whom to impose sanctions on, though it includes this bizarre claim.

But the package of measures approved by Obama, and the process by which they were selected and implemented, were more complex than initially understood.

The expulsions and compound seizures were originally devised as ways to retaliate against Moscow not for election interference but for an escalating campaign of harassment of American diplomats and intelligence operatives. U.S. officials often endured hostile treatment, but the episodes had become increasingly menacing and violent.

Several of the details WaPo presents as misunderstood (including that the sanctions were retaliation for treatment of diplomats) were either explicit in the sanction package or easily gleaned at the time.

One of those easily gleaned details is that the sanctions on GRU and FSB were mostly symbolic. WaPo uses the symbolic nature of the attack on those who perpetrated the attack as a way to air complaints that these sanctions were not as onerous as those in response to Ukraine.

“I don’t think any of us thought of sanctions as being a primary way of expressing our disapproval” for the election interference, said a senior administration official involved in the decision. “Going after their intelligence services was not about economic impact. It was symbolic.”

More than any other measure, that decision has become a source of regret to senior administration officials directly involved in the Russia debate. The outcome has left the impression that Obama saw Russia’s military meddling in Ukraine as more deserving of severe punishment than its subversion of a U.S. presidential race.

“What is the greater threat to our system of government?” said a former high-ranking administration official, noting that Obama and his advisers knew from projections formulated by the Treasury Department that the impact of the election-related economic sanctions would be “minimal.”

Three things that might play into the mostly symbolic targeting of FSB, especially, are not mentioned. First, WaPo makes no mention of the suspected intelligence sources who’ve been killed since the election, most credibly Oleg Erovinkin, as well as a slew of other suspect and less obviously connected deaths. It doesn’t mention the four men Russia charged with treason in early December. And it doesn’t mention DOJ’s indictment of the Yahoo hackers, including one of the FSB officers, Dmitry Dokuchaev, that Russia charged with treason (not to mention the inclusion within the indictment of intercepts between FSB officers). There’s a lot more spy vs. spy activity going on here that likely relates far more to retaliation or limits on US ability to retaliate, all of which may be more important in the medium term than financial sanctions.

Given the Yahoo and other indictments working through San Francisco (including that of Yevgeniey Nikulin, who claims FBI offered him a plea deal involving admitting he hacked the DNC), I’m particularly interested in the shift in sanctions from NY to San Francisco, where Nikulin and Dokuchaev’s victims are located.

The FBI was also responsible for generating the list of Russian operatives working under diplomatic cover to expel, drawn from a roster the bureau maintains of suspected Russian intelligence agents in the United States.

[snip]

The roster of expelled spies included several operatives who were suspected of playing a role in Russia’s election interference from within the United States, officials said. They declined to elaborate.

More broadly, the list of 35 names focused heavily on Russians known to have technical skills. Their names and bios were laid out on a dossier delivered to senior White House officials and Cabinet secretaries, although the list was modified at the last minute to reduce the number of expulsions from Russia’s U.N. mission in New York and add more names from its facilities in Washington and San Francisco.

And the WaPo’s reports confirm what was also obvious: the two compounds got shut down (and were a priority) because of all the spying they were doing.

The FBI had long lobbied to close two Russian compounds in the United States — one in Maryland and another in New York — on the grounds that both were used for espionage and placed an enormous surveillance burden on the bureau.

[snip]

Rice pointed to the FBI’s McCabe and said: “You guys have been begging to do this for years. Now is your chance.”

The administration gave Russia 24 hours to evacuate the sites, and FBI agents watched as fleets of trucks loaded with cargo passed through the compounds’ gates.

Finally, given Congress’ bipartisan fearmongering about Kaspersky Lab, I’m most interested that at one point Treasury wanted to include them in sanctions.

Treasury Department officials devised plans that would hit entire sectors of Russia’s economy. One preliminary suggestion called for targeting technology companies including Kaspersky Lab, the Moscow-based cybersecurity firm. But skeptics worried that the harm could spill into Europe and pointed out that U.S. companies used Kaspersky systems and software.

In spite of all the fearmongering, no one has presented proof that Kaspersky is working for Russia (there are even things, which I won’t go in to for the moment, that suggest the opposite). But we’re moving close to de facto sanctions against Kaspersky anyway, even in spite of the fact (or perhaps because) they’re providing better intelligence on WannaCry than half the witnesses called as witnesses to Congress. But discrediting Kaspersky undercuts one of the only security firms in the world who, in addition to commenting on Russian hacking, will unpack America’s own hacking. You sanction Kaspersky, and you expand the asymmetry with which security firms selectively scrutinize just Russian hacking, rather than all nation-state hacking.

The looming cyberattack and the silence about Shadow Brokers

Which brings me to the last section of the article, where, over 8000 words in, the WaPo issues a threat against Russia in the form of a looming cyberattack Obama approved before he left.

WaPo’s early description of this suggests the attack was and is still in planning stages and relies on Donald Trump to execute.

Obama also approved a previously undisclosed covert measure that authorized planting cyber weapons in Russia’s infrastructure, the digital equivalent of bombs that could be detonated if the United States found itself in an escalating exchange with Moscow. The project, which Obama approved in a covert-action finding, was still in its planning stages when Obama left office. It would be up to President Trump to decide whether to use the capability.

But if readers make it all the way through the very long article, they’ll learn that’s not the case. The finding has already been signed, the implants are already being placed (implants which would most likely be discovered by Kaspersky), and for Trump to stop it, he would have to countermand Obama’s finding.

The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race.

Officials familiar with the measures said that there was concern among some in the administration that the damage caused by the implants could be difficult to contain.

As a result, the administration requested a legal review, which concluded that the devices could be controlled well enough that their deployment would be considered “proportional” in varying scenarios of Russian provocation, a requirement under international law.

The operation was described as long-term, taking months to position the implants and requiring maintenance thereafter. Under the rules of covert action, Obama’s signature was all that was necessary to set the operation in motion.

U.S. intelligence agencies do not need further approval from Trump, and officials said that he would have to issue a countermanding order to stop it. The officials said that they have seen no indication that Trump has done so.

Whatever else this article is designed to do, I think, it is designed to be a threat to Putin, from long gone Obama officials.

Given the discussion of a looming cyberattack on Russia, it’s all the more remarkable WaPo breathed not one word about Shadow Brokers, which is most likely to be a drawn out cyberattack by Russian affiliates on NSA. Even ignoring the Shadow Brokers’ derived global ransomware attack in WannaCry, Shadow Brokers has ratcheted up the severity of its releases, including doxing NSA’s spies and hacks of the global finance system, It has very explicitly fostered tensions between the NSA and private sector partners (as well as the reputational costs on those private sector partners). And it has threatened to leak still worse, including NSA exploits against current Microsoft products and details of NSA’s spying on hostile nuclear programs.

The WaPo is talking about a big cyberattack, but an entity that most likely has close ties to Russia has been conducting one, all in plain sight. I suggested back in December that Shadow Brokers was essentially holding NSA hostage in part as a way to constrain US intelligence retaliation against Russia. Given ensuing events, I’m more convinced that is, at least partly, true.

But in this grand narrative of CIA’s early warning and Obama’s inadequate response, details like that remain unsaid.

Trump’s Muslim Ban Forces IC to Conduct Actual Assessment of Terror Threats

CNN reports that the Trump Administration has asked DHS and DOJ to come up with an intelligence report backing the selection of the seven Muslim banned countries. According to CNN, some of those working on the report feel they’re being asked to fit a report to a desired conclusion.

President Donald Trump has assigned the Department of Homeland Security, working with the Justice Department, to help build the legal case for its temporary travel ban on individuals from seven countries, a senior White House official tells CNN.

Other Trump administration sources tell CNN that this is an assignment that has caused concern among some administration intelligence officials, who see the White House charge as the politicization of intelligence — the notion of a conclusion in search of evidence to support it after being blocked by the courts. Still others in the intelligence community disagree with the conclusion and are finding their work disparaged by their own department.

This is another of those areas where I’m grateful for the incompetence of the Trump Administration. If it were me, I’d call the four Obama Administration officials who first named these seven countries a threat: former Deputy CIA Director Avril Haines, former Secretary of State John Kerry, former Homeland Security Czar Lisa Monaco, and former National Security Advisor Susan Rice. They’re already on a court declaration in this case, so even the ones who might have been able to dodge testifying normally, they wouldn’t be able to. Make them explain why Iran and Sudan are on this list. They would either have to admit the truth: that our notions of terrorism generally are utterly politicized, and that if we were to measure on actual threat, our close allies Saudi Arabia and Pakistan would lead the list. Or they’d have to invent something to justify their past politicized actions.

Instead, Trump is trying to politicize intelligence, which not only has elicited this backlash, but will never be able to accomplish its objective. Even after redefining terror attack down to include material support (something that is actually consistent with the last 15 years of FBI fluffing their terror prosecution numbers), it is still impossible to present Iran as a bigger terrorist threat than Saudi Arabia (plus, you’d have to acknowledge that the listing and delisting of MEK, which a number of Trump officials have supported for cash payments, is also totally politicized).

Hopefully, that will lead to a larger reassessment of how we think of terrorism, including the recognition that our allies are actually the problem, not our arch-enemy Iran. That’s obviously wildly optimistic. But it is the kind of possibility that Trump’s incompetence allows us to consider.

The Folks Who Picked the Stupid Seven Banned Countries Say the Muslim Ban Is Stupid

Buried in a declaration written by a bunch of former national security officials in the Washington v Trump suit opposing Trump’s Muslim ban is this passage:

Because various threat streams are constantly mutating, as government officials, we sought continually to improve that vetting, as was done in response to particular threats identified by U.S. intelligence in 2011 and 2015. Placing additional restrictions on individuals from certain countries in the visa waiver program –as has been done on occasion in the past – merely allows for more individualized vettings before individuals with particular passports are permitted to travel to the United States.

These officials, which include (among others) former Deputy CIA Director Avril Haines, former Secretary of State John Kerry, former Homeland Security Czar Lisa Monaco, and former National Security Advisor Susan Rice argue that the practice is to tweak immigration rules based on changing threat patterns rather than impose broad bans not driven by necessity and logic. They argue that additional restrictions imposed on certain immigrants in 2015 were “in response to particular threats identified by U.S. intelligence.”

That’s really interesting because the 2015 change they reference is the basis of the Trump list that excludes countries that are real threats and includes others (especially Iran) that are not. Here’s how CNN describes the genesis of the seven countries covered by Trump’s ban.

In December 2015, President Obama signed into law a measure placing limited restrictions on certain travelers who had visited Iran, Iraq, Sudan, or Syria on or after March 1, 2011. Two months later, the Obama administration added Libya, Somalia, and Yemen to the list, in what it called an effort to address “the growing threat from foreign terrorist fighters.

The restrictions specifically limited what is known as visa-waiver travel by those who had visited one of the seven countries within the specified time period. People who previously could have entered the United States without a visa were instead required to apply for one if they had traveled to one of the seven countries.

Under the law, dual citizens of visa-waiver countries and Iran, Iraq, Sudan, or Syria could no longer travel to the U.S. without a visa. Dual citizens of Libya, Somalia, and Yemen could, however, still use the visa-waiver program if they hadn’t traveled to any of the seven countries after March 2011.

Now, Haines, Kerry, Monaco, and Rice might be excused for opposing Trump’s ban on seven poorly picked countries that themselves had a hand in picking. After all, the changes derived from bills presented by Republicans, Candace Miller and Ron Johnson, which got passed as part of the Omnibus in 2015. Obama can’t be expected to veto the entire spending bill because some Republicans wanted to make life harder on some immigrants.

Except that, as far as I understand, the Obama Administration extended the restrictions from the original law, which pertained only to people from or who had traveled to Syria and Iraq, to Iran and Sudan. And then (as CNN notes) they extended it again to three other countries, Libya, Somalia, and Yemen (notably, all countries we destabilized).

So it’s partly the fault of Haines, Kerry, Monaco, and Rice that Iran, which hasn’t targeted the US in real terrorism for decades, is on the list. It’s partly the fault of Haines, Kerry, Monaco, and Rice that countries with actual ties to terrorists who have attacked inside the US — most notably Saudi Arabia and Pakistan — are not on the list.

I have no doubt that the argument presented in the declaration (which was also signed by a bunch of people who weren’t part of Obama’s second term national security team) is right: Trump’s Muslim ban is badly conceived and makes us less safe. But one reason they likely know that is because their own visa restrictions were badly conceived and did little to make us more safe.

Trump is pursuing a lot of stupid policies. But we should remain honest that they largely build on stupid policies of those who came before.

Update: Corrected that this is not an amicus, but a declaration submitted with state opposition.