Posts

The Scope of the Special Counsel Appointment Is Totally Inadequate

Rod Rosenstein just appointed former FBI Director (and, before that, US Attorney) Robert Mueller as Special Counsel to take over the investigation into Trump and his associates.

I’m agnostic about the selection of Mueller. He has the benefit of credibility among FBI Agents, so will be able to make up for some of what was lost with Jim Comey’s firing. He will be regarded by those who care about such things as non-partisan. With Jim Comey, Mueller stood up to Dick Cheney on Stellar Wind in 2004 (though I think in reality his willingness to withstand Cheney’s demands has been overstated).

But Mueller has helped cover up certain things in the past, most notably with the Amerithrax investigation.

My bigger concern is with the scope, which I believe to be totally inadequate.

Here’s how the order describes the scope:

(b) The Special Counsel is authorized to conduct the investigation confirmed by then-FBI Director James 8. Comey in testimony before the House Permanent Select Committee on Intelligence on March 20, 2017, including:

(i) any links and/or coordination between the Russian government and individuals associated with the campaign of President Donald Trump; and

(ii) any matters that arose or may arise directly from the investigation; and

(iii) any other matters within the scope of 28 C.F.R. § 600.4(a).

As I read this, it covers just the investigation into ties between the Russian government and people associated with Trump’s campaign. Presumably, that includes Mike Flynn, Paul Manafort, and Carter Page, among others.

But there are other aspects of the great swamp that is the Trump and Russia orbit that might not be included here. For example, would Manafort’s corrupt deals with Ukrainian oligarchs be included? Would Flynn’s discussions with Turkish officials, or Rudy Giuliani’s attempt to excuse Turkey’s violation of Iran sanctions? Would the garden variety money laundering on behalf of non-governmental Russian mobbed up businessmen be included, something that might affect Manafort, Jared Kushner, or Trump himself?

And remember there are at least two other aspects of the Russian hacking investigation. Back in February, Reuters reported that San Francisco’s office was investigating Guccifer 2.0 and Pittsburgh was investigating the actual hackers.  Somewhere (San Francisco would be the most logical spot), they’re presumably investigating whoever it is that has been dumping NSA’s hacking tools everywhere. I’ve learned that that geography has either changed, or there are other aspects tied to those issues in other corners of the country.

Plus, there’s the Wikileaks investigation in EDVA, the same district where the Mueller-led investigation might reside, but a distinct investigation.

Any one of those investigations might present strings that can be pulled, any one of which might lead to the unraveling of the central question: did Trump’s associates coordinate with the Russian government to become President. Unless Mueller can serve to protect those other corners of the investigation from Trump’s tampering, it would be easy to shut down any of them as they become productive.

Yet, as far as I understand the scope of this, Mueller will only oversee the central question, leaving those disparate ends susceptible to Trump’s tampering.

Update: In its statement on the appointment, ACLU raises concerns about whether this would include the investigation into Trump’s attempt to obstruct this investigation.

Update: WaPo’s Philip Rucker reminds that Mueller is law firm partners with Jamie Gorelick, who has been representing both Ivanka and Kushner in this issue.

Update: Mueller is quitting WilmberHale to take this gig. He’s also taking two WilmerHale former FBI people with him. Still, that’s a close tie to the lawyer of someone representing key subjects of this investigation.

Update: One addition to the ACLU concern about investigating the Comey firing. In the most directly relevant precedent, the Plame investigation, when Pat Fitzgerald expanded his investigation from the leak of Plame’s identity to the obstruction of the investigation, he asked for approval to do so from the Acting Attorney General overseeing the investigation — in that case, Jim Comey.

The Acting Attorney General in this case is Rod Rosenstein. So if Mueller were as diligent as Fitzgerald was, he would have to ask the guy who provided the fig leaf for Comey’s firing to approve the expansion of the investigation to cover his own fig leaf.

Update: Petey noted to me that Jeff Sessions’ narrow recusal may limit how broadly Rosenstein’s order may be drawn. It’s a really interesting observation. Here’s what I said about Sessions’ recusal (which is very similar to what I tried to address in this post).

There are two areas of concern regarding Trump’s ties that would not definitively be included in this recusal: Trump’s long-term ties to mobbed up businessmen with ties to Russia (a matter not known to be under investigation but which could raise concerns about compromise of Trump going forward), and discussions about policy that may involve quid pro quos (such as the unproven allegation, made in the Trump dossier, that Carter Page might take 19% in Rosneft in exchange for ending sanctions against Russia), that didn’t involve a pay-off in terms of the hacking. There are further allegations of Trump involvement in the hacking (a weak one against Paul Manafort and a much stronger one against Michael Cohen, both in the dossier), but that’s in no way the only concern raised about Trump’s ties with Russians.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

CIA or NSA Warrantlessly Accessed the Content of More than 300 US Persons (Probably More than 1,300) Who Aren’t Terror Suspects

Because Circa did a really sloppy report on the I Con the Record Transparency Report and Rand Paul quoted, there is a great deal of confusion about what back door searches are.

With the help of the NSA, the FBI collects information via traditional FISA orders. They got 1,559 of them last year, of which 1,477 were targeted at someone in the United States, and of which 336 were targeted at American citizens or permanent residents. All that data goes into a cloud server at the FBI and a separate one at NSA.

In addition, NSA collects information targeted at people overseas under Section 702. FBI can also ask NSA to collect on people they’ve come across in their investigations. Altogether, NSA collected on over 106,000 individual targets last year, via both upstream collection and by asking American providers (Google, Facebook, Yahoo, and the like) for any data they’ve got on those 106,000 targets. They’ll get both sides of targets’ conversations, stored documents and photos, calendar information, and other information.

After NSA gets that information, it will share the parts of that are most relevant to the CIA and the FBI’s missions with them, in raw form. At the FBI, that data is stuck on the same cloud server as the domestic-focused FISA data is in. It is understood that FBI receives any terrorism, counterproliferation, or spying data that has a domestic component (such as Russian spies or ISIS recruiters trying to recruit Americans).

All three agencies — NSA, CIA, and FBI — can then search their own collections of FISA information using the identifier of a US person (a citizen or permanent resident). At NSA and CIA, the analyst has to have a foreign intelligence purpose, such as they think Russians are trying to recruit Mike Flynn. At FBI, an agent has to be looking for criminal information, national security information, or even doing an assessment (such as to figure out whether Carter Page would make a good informant on what the Trump campaign is doing). FBI does so many of these searches they can’t count them.

If there are conversations involving these people in the relevant databases, it appears to the analyst or agent in unmasked form. Yes, if CIA and NSA want to write reports to the White House about what they found, then the name might be masked (but in the vast majority of reports based off 702 reports involving US persons — perhaps 74% — the US person identities eventually get unmasked), but the FBI may dump that data into investigative files.

To understand how and who this might impact in the United States, take this comment from Jim Comey the other day. When asked how many active terrorist investigations the FBI has, he said there were 1,000 investigations where the target was known to be talking to terrorist overseas, and 1,000 where the target embraced radicalism all by him or herself, without talking to an ISIS or any other overseas recruiter.

COMEY: Yes I do. If — we have about 1,000 home grown violent extremist investigations and we probably have another 1,000 or so that are — I should define my terms. Home grown violent extremists, we mean somebody — we have no indication that they’re in touch with any terrorists.

TILLIS: Any foreign touch. Right.

COMEY: Yes. Then we have another big group of people that we’re looking at who we see some contact with foreign terrorists. So you take that 2,000 plus cases, about 300 of them are people who came to the United States as refugees.

Let’s take the higher number, and say there are 2,000 people in the US the intelligence community thinks might be terrorists or susceptible to being convinced to become one.

Now let’s look at the back door search numbers. The NSA used the identifiers (say, their cell phone identifier or their email) of US persons and searched the metadata from their stash of 702 data 30,355 times last year. (The CIA and FBI refuse to count how many metadata searches they did.) That means that NSA tried to do a network analysis on over 28,000 Americans and permanent residents who are not the subject of investigations by the FBI for being terrorists.

Between CIA and FBI combined, they did 5,288 queries on US persons last year. Back in 2013, the CIA did far more searches than the NSA (on 1,400 selectors as compared to NSA’s 198); we don’t know how the split works now. But assume that at least one agency is doing at least 2,644 searches. At the NSA, all 336 traditional FISA targets can be (and I assume are) tasked for back door searches; presumably a chunk of the 336 people targeted under are being investigated for terrorism, though that would also include people like (allegedly) Carter Page, people the FBI has gotten the FISA court to believe are agents of foreign powers). But even if we assume none of the people targeted under FISA are terrorists and all domestic terrorists are being back door searched at NSA, that leaves over 300 people (2,644 – 1,000 – 1,000 – 336) who are having their content accessed without a warrant by the NSA (to say nothing of the FBI, which does it so often it can’t count it). The number is probably higher, though, given that 1,000 of those terrorist suspects aren’t conversing with foreigners. The NSA (or CIA) is only going to access content if they know it exists from metadata, and Comey comment suggests there’s no metadata indicating such conversations. And at least some of those 336 targeted US persons are terror suspects.

Which means one agency — NSA or CIA — is likely accessing the raw content of 1,300 people who aren’t terrorist suspects.

That’s fine. There are other things they might be: suspected weapons proliferators, suspected Russian or Chinese spies, people the government is worried are being recruited by spies, suspected hackers, suspected leakers, Americans who’ve been kidnapped.

But the numbers make clear that the presumption that all of this spying is targeted at terrorists is simply wrong. There are at least 300 people — and probably more like 1,300 people — who even the NSA is accessing the content of without a warrant who are not terrorist suspects.

And the number at FBI is so high it can’t count it.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

How to Spy on Carter Page

I have no personal knowledge of the circumstances surrounding the alleged wiretapping of Carter Page, aside from what WaPo and NYT have reported. But, in part because the release of the new, annual FISC report has created a lot of confusion, I wanted to talk about the legal authorities that might have been involved, as a way of demonstrating (my understanding, anyway, of) how FISA works.

FISC did not (necessarily) reject more individual orders last year

First, let’s talk about what the FISC report is. It is a new report, mandated by the USA Freedom Act. As the report itself notes, because it is new (a report covering the period after passage of USAF), it can’t be compared with past years. More importantly, because the FISA Court uses a different (and generally more informative) reporting approach, you cannot — as both privacy groups and journalists erroneously have — compare these numbers with the DOJ report that has been submitted for years (or even the I Con the Record report that ODNI has released since the Snowden leaks); that’s effectively an apples to grapefruit comparison. Those reports should be out this week, which (unless the executive changes its reporting method) will tell us how last year compared with previous years.

But comparing last year’s report to the report from the post-USAF part of 2015 doesn’t sustain a claim that last year had record rejections. If we were to annualize last year’s report (covering June to December 2015) showing 5 rejected 1805/1824 orders (those are the individual orders often called “traditional FISA”) across roughly 7 months, it is actually more (.71 rejected orders a month or .58% of all individual content applications) than the 8 rejected 1805/1824 orders last year (.67 rejected orders a month or .53% of all individual content applications). In 2016, the FISC also rejected an 1861 order (better known as Section 215), but we shouldn’t make too much of that either given that that authority changed significantly near the end of 2015, plus we don’t have this counting methodology for previous years (as an example, 2009 almost surely would have at least one partial rejection of an entire bulk order, when Reggie Walton refused production of Sprint records in the summertime).

Which is a long-winded way of saying we should not assume that the number of traditional content order rejections reflects the reports that FBI applied for orders on four Trump associates but got rejected (or maybe only got one approved for Page). As far as we can tell from this report, 2016 had a similar number of what FISC qualifies as rejections as 2015.

The non-approval of Section 702 certificates has no bearing on any Russian-related spying, which means Page would be subject to back door searches

Nor should my observation — that the FISC did not approve any certifications for 1881a (better known as Section 702, which covers both upstream and PRISM) reflect on any Carter Page surveillance. Given past practice when issues delayed approvals of certifications, it is all but certain FISC just extended the existing certifications approved in 2015 until the matters that resulted in an at least 2 month delay were resolved.

Moreover, the fact that the number of certificates (which is probably four) is redacted doesn’t mean anything either: it was redacted last year as well. That number would be interesting because it would permit us to track any expansions in the application of FISA 702 to new uses (perhaps to cover cybersecurity, or transnational crime, for example). But the number of certificates pertains to the number of people targeted only insofar as any additional certificates represent one more purpose to use Section 702 on.

In any case, Snowden documents, among other things, show that a “foreign government” certificate has long been among the existing certificates. So we should assume that the NSA has collected the conversations of known or suspected Russian spies located overseas conducted on PRISM providers; we should also assume that as a counterintelligence issue implicating domestic issues, these intercepts are routinely shared in raw form with FBI. Therefore, unless last year’s delay involved FBI’s back door searches, we should assume that when the FBI started focusing on Carter Page again last spring or summer, they would have routinely searched on his known email addresses and phone numbers in a federated search and found any PRISM communications collected. In the same back door search, they would have also found any conversations Page had with Russians targeted domestically, such as Sergey Kislyak.

The import of the breakdown between 1805 and 1824

Perhaps the most important granular detail in this report — one that has significant import for Carter Page — is the way the report breaks down authorizations for 1805 and 1824.

1805 covers electronic surveillance — so the intercept of data in motion. It might be used to collect phone calls and other telephony communication, as well as (perhaps?) email communication collected via upstream collection (that is, non-PRISM Internet communication that is not encrypted); it may well also cover prospective PRISM and other stored communication collection. 1824 covers “physical search,” which when it was instituted probably covered primarily the search of physical premises, like a house or storage unit. But it now also covers the search of stored communication, such as someone’s Gmail or Dropbox accounts. In addition, a physical search FISA order covers the search of hard drives on electronic devices.

As we can see for the first time with these reports, most individual orders cover both 1805 and 1824 (92% last year, 88% in 2015), but some will do just one or another. (I wonder if FBI sometimes gets one kind of order to acquire evidence to get the other kind?)

As filings in the Keith Gartenlaub case make clear, “physical search” conducted under a FISA order can be far more expansive than the already overly expansive searches of devices under a Title III warrant. Using a FISA 1824 order, FBI Agents snuck into Gartenlaub’s house and imaged the hard drives from a number of his devices, ostensibly looking for proof he was spying on Boeing for China. They found no evidence to support that. They did, however, find some 9-year old child pornography files, which the government then “refound” under a criminal search warrant and used to prosecute him. Among the things Gartenlaub is challenging on appeal is the breadth of that original FISA search.

Consider how this would work with Carter Page. The NYT story on the Page order makes it clear that FBI waited until Page had left the Trump campaign before it requested an order covering him.

The Foreign Intelligence Surveillance Court issued the warrant, the official said, after investigators determined that Mr. Page was no longer part of the Trump campaign, which began distancing itself from him in early August.

I suspect this is a very self-serving description on the part of FBI sources, particularly given reports that FISC refused orders on others. But regardless of whether FISC or the FBI was the entity showing discretion, let’s just assume that someone was distinguishing any communications Page may have had while he was formally tied to the campaign from those he had after — or before.

This is a critical distinction for stored communications because (as the Gartenlaub case makes clear) a search of a hard drive can provide evidence of completely unrelated crime that occurred nine years in the past; in Gartenlaub’s case, they reportedly used it to try to get him to spy on China and they likely would do the equivalent for Page if they found anything. For Page, a search of his devices or stored emails in September 2016 would include emails from during his service on Trump’s campaign, as well as emails between the time Page was interviewed by FBI on suspicion of being recruited by Victor Podobnyy and the time he started on the campaign, as well as communications going back well before that. So if FISC (or, more generously, the FBI) were trying to exclude materials from during the campaign, that might involve restrictions built into the request or the final order

The report covering 2016 for the first time distinguishes between orders FISC modifies (FISC interprets this term more broadly than DOJ has in its reports) and orders FISC partly denies. FISC will modify an order to, among other things,

(1) impos[e] a new reporting requirement or modifying one proposed by the government;

(2)  chang[e] the description or specification of a targeted person, of a facility to be subjected to electronic surveillance or of property to be searched;

(3)  modify[] the minimization procedures proposed by the government; or

(4)  shorten[] the duration of some or all of the authorities requested

Using Page as an example, if the FISC were permitting FBI to obtain communications from before the time Page joined the campaign but not during it, it might modify an order to require additional minimization procedures to ensure that none of those campaign communications were viewed by the FBI.

The FISC report explains that the court will partly deny orders and “by approving some targets, some facilities, places, premises, property or specific selection terms, and/or some forms of collection, but not others.” Again, using Page as an example, if the court wanted to really protect the election related communications, it might permit a search of Page’s homes and offices under 1824, but not his hard drives, making any historic searches impossible.

There’s still no public explanation of how Section 704/Section 705b work, which would impact Page

Finally, the surveillance of Carter Page implicates an issue that has been widely discussed during and since passage of the FISA Amendments Act in 2008, but not in a way that fully supports a democratic debate: how NSA spies on Americans overseas.

Obviously, the FBI would want to spy on Page both while he was in the US, but especially when he was traveling abroad, most notably on his frequent trips to Russia.

The FISA Amendments Act for the first time required the NSA to obtain FISC approval before doing that. As I explain in this post, for years, public debate has claimed that was done under Section 703 (1881b in this report). But abundant evidence shows it is all done under 704 (1881c in this report). The biggest difference between the two, according to an internal NSA document, is the government doesn’t explain its methods in the latter case. With someone who would be spied on both in the US and overseas, that spying would be done under 705b (conducted under 1881d section b), which permits the AG to approve of spying overseas (effectively, 704 authority) for those already approved under a traditional order.

This matters in the context of spying on Carter Page for two reasons. First, as noted government doesn’t share details about how it spies overseas with the court. And some of the techniques we know NSA to use — such as XKeyscore searches drawing on bulk overseas collection — would seem to present additional privacy concerns on top of the domestic authorities. If the FBI (or more likely, the FISC) is going to try to bracket off any communications that occur during the period Page was associated with the campaign, that would have to be done for overseas surveillance as well, most critically, for Page’s July trip to Russia.

This report shows that 704, like the domestic authorities, also gets modified sometimes, so it may be that FISC did just that — permitted NSA to collect information covering that July meeting, but imposed some minimization procedures to protect the campaign.

But it’s unclear whether the court would have an opportunity to do so for 705b, which derives from Attorney General authorization, not court authorization. I assume that’s why 1881d was not included in this reporting requirement, but it seems adding 705b reporting to Title VII reauthorization this year would be a fairly minor change, but one that might reveal how often the government uses more powerful overseas spying techniques on Americans. It’s unclear to me, for example, whether any modifications or partial approvals the FISC made on a joint 1805/1824 order covering Page would translate into a 705b order, particularly if the modifications in question included additional reporting to the FISC.

Carter Page might one day be the first American to get review of his FISA dossier

All of which is why, no matter what you think of Carter Page’s alleged role in influencing the Trump campaign to favor Russia, I hope he one day gets to review his FISA dossier.

No criminal defendant has ever gotten a review of the FISA materials behind the spying, in spite of clear Congressional intent, when the law was passed in 1978, to allow that in certain cases. Because of the publicity surrounding this case, and the almost unprecedented leaking about FISA orders, Page stands a better chance than anyone else of getting such review (particularly if, as competing stories from CNN and Business Insider claim, the dossier formed a key, potentially uncorroborated part of the case against him). Whatever else happens with this case, I think Page should get that review.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Three Things: Day 6, Bombs Away, Get Carter 2

As long as my schedule permits I’ll continue to post Three Things each day at least through next Tuesday. Here we go…

Day 6: Countdown to Tax Day deadline continues
There’s a clear trend in interest about Trump’s tax returns since the election with a spike reflecting two pages leaked from Trump’s 2005 return on Rachel Maddow’s show last month. Stretching out the Google Trends period to five years and a seasonal bump can be seen each year. This year’s seasonal bump is completely distorted by discussion of Trump’s returns.

59 Tomahawk missiles launched at Syria and a GBU-43/B MOAB dropped on Afghanistan aren’t going to change this picture. Where are your tax returns, Trump?

Bombs away
Speaking of missiles and bombs, I sure hope somebody is watching transactions related to military industrial complex stocks. The image here includes just three companies, one of which is Raytheon, the maker of Tomahawk missiles in which  Trump may or may not own shares. How convenient for shareholders of record last Friday the stock went ex dividend this Monday after a spike in price late last week when 59 missiles were aimed just off a Syrian runway.

Considering both Russia and Syria knew in advance the US was deploying missiles, one would be foolish not to wonder if any one with vested interest in NYSE:RTN or competitors might also have known in advance to buy before the 01:40 UTC launch with a sell order for Monday’s open. For those of you mentally checking off time zones of key cities and major stock markets:

Damascus Fri 07-APR-2017 4:40:00 am EEST UTC+3 hours
Washington DC Thu 06-APR-2017 9:40:00 pm EDT UTC-4 hours
Moscow Fri 07-APR-2017 4:40:00 am MSK UTC+3 hours
Tokyo Fri 07-APR-2017 10:40:00 am JST UTC+9 hours
Shanghai Fri 07-APR-2017 9:40:00 am CST UTC+8 hours
Corresponding UTC(GMT) Fri 07-APR-2017 01:40:00

Get Carter 2
I’d much rather talk about a second installment of the 1971 movie featuring Michael Caine but no, it’s all about Carter Page and his less-than-stellar ability to prevaricate about his dealings with Russians. While quizzed by ABC’s George Stephanopolous about the chances sanctions were discussed by Page and Russians during the 2016 campaign season, Carter replied, “Something may have come up in a conversation…”

Uh-huh. Imagine somebody at the FBI cutting to a taped conversation or two at that point. Page insists he didn’t ask or offer about the sanctions, but he’s wholly unconvincing. It’s no wonder at all known Russian spies in the Buryakov case were skeptical about Page, a.k.a. ‘Male-1’. Whatever Page claims there was enough there to pass the threshold requirements for a FISA warrant.

Why is Page talking to media now anyhow? Is he somebody’s canary-in-the-coal-mine? Definitely not a FISA warrant canary.

That’s Three Things. By the way: about 22 percent of taxpayers wait until the last two weeks before the deadline to file. Tick-tock — only a handful of hours until Day 5 before deadline.

(p.s. treat this like an open thread)

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

Three Things: Day 7, Get Carter, SLAPP-ish Defense

Busy, busy, busy here, now running very late. Only have time for three quick things.

DAY 7 and counting
U.S. income tax filings are due by midnight local time next Tuesday, April 18, the day before we ask where Trump’s 2016 tax returns are in addition to previous years’ returns.

Coincidentally, scientists may have gotten a snapshot of a black hole for the first time, though we won’t know for a few months. We may have better luck looking to that void for Trump’s tax returns.

Get Carter
Carter Page, that is, not to be confused with the 1971 film character Jack Carter. You’ve surely heard since Tuesday night’s reports that a FISA warrant was issued mid-2016 to allow the FBI to monitor Page’s communications. You’ll recall that Page was identified as U.S. contact “Male-1” in the 2015 Buryakov complaint. Russian spy Victor Podobnyy tried to recruit Page, who was intent on doing business with state-controlled energy company Gazprom. It was Page’s relationship with both Gazprom and Russia which were touted as strengths when he joined the Trump campaign in March 2016 as an adviser. Page had been both an investor and an adviser to Gazprom; with Gazprom being majority owned by the Russian government since 2005, Page’s status under the Foreign Agents Registration Act has been fuzzy, though not as clear as Evgeny Buryakov or Victor Podobnyy. As of mid-2015, things did not look good for Gazprom — rough because of U.S. sanctions from 2014, and worse because of cannibalization of the domestic energy business by Rosneft. If Page was still invested in or committed to Gazprom, it’s hard to see how he would not have been influenced by this Russian state-controlled business. He has said he sold his Gazprom stock, but details about timing aren’t readily available.

And now, Get Paul — sorry, no movie of that name, but things are definitely heating up about the former Trump campaign manager Paul Manafort. He’s registering as a foreign agent — a wee bit after the fact — conveniently after AP reported money received by his business linked with a black ledger produced last year. Do watch sourcing; not many names attached to the content. Are they leaked materials or are the sources unwilling to go public given how many Russians have suddenly taken to keeping on their backs, pining for the fjords?

Anthem SLAPPs breach victims
I’m not a lawyer, but looks to me like Anthem is using strategic lawsuits against public participation (SLAPP) against customers who whose private health care data was exposed by a breach of Anthem’s security. The health care insurer won court orders demanding examination of customers’ computers to determine if any exposure was due not to Anthem’s breach but to the customers’ information security prior to the breach. Customers withdrew their suits against Anthem rather than subject their machines to examination. This sets a hideous precedent allowing greater sloppiness with information security which may only be reined in by shareholder suits and government intervention if HIPAA regulations were violated.

Nearly Day 6 o’clock. Do you know where your deductions are?

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.

Latest Carter Page Scoop May Not Be That Incriminating

Several months before Ali Watkins (followed by ABC, though that didn’t stop ABC from claiming credit) confirmed that a person named in the complaint against Evgeny Buryakov is Carter Page, Rayne was examining potential connections between that case — in which Buryakov eventually plead guilty to being a Russian spy (after his two colleagues, working under official cover, had returned to Russia) and allegations of Russian influence on Donald Trump.

While many people are insinuating that this confirmation damns Page, that’s not at all clear.

As the complaint — which was unsealed on January 26, 2015 — describes, Victor Podobnyy tried to recruit Page in the period leading up to April 2013. Podobnyy complained that Page left on a trip to Moscow without returning his call. In that complaint, Podobnyy emphasized Page’s interest in getting Gazprom business.

[Page] wrote that he is sorry, he went to Moscow and forgot to check his inbox, but he wants to meet when he gets back. I think he is an idiot and forgot who I am. Plus he writes to be in Russian [to] practice the language. He flies to Moscow more often than I do. He got hooked on Gazprom thinking that if they have a project, he could rise up. Maybe he can. I don’t know, but it’s obvious that he wants to earn lots of money.

Podobnyy then jokes with fellow spy Igor Sporyshev about (presumably) Russia blowing “a couple of borrowed million” before screwing Page over.

Podobnyy: I also promised him a lot; that I have connections in the Trade Representation, meaning you[,] that you can push contracts [laughs]. I will feed him empty promises.

Sporyshev: Shit, then he will write me. Not even me, to our clean one.

Podobnyy: I didn’t say the Trade Representation… I didn’t even indicate that this is connected to a government agency. This is intelligence method to cheat, how else to work with foreigners? You promise a favor for a favor. You get the documents from him and tell him to go fuck himself.

The complaint then describes a June 13, 2013 FBI interview with Page in which Page describes meeting Podobnyy at an energy symposium. Page told the FBI agents he shared his outlook on the current and future of the energy industry and provided documents to him about the energy business. That is consistent with Podobnyy’s mocking description of their relationship.

Again, all of that occurred in 2013, and it was made public in early 2015. Page even complained to BuzzFeed that the complaint had made it obvious (back in 2015) that he was the one the Russian spies were recruiting and mocking.

Page suggested that the complaint was written so that it was obvious he was the Gazprom-connected man Podobnyy talked about recruiting.

“In this city? Give me a break,” he said. “It is so obvious.”

Which is all a way of saying that Page knew that he had been recruited by Russian spies in 2013 and knew how they were trying to recruit him before he went to Russia and allegedly met with Rosneft President Igor Sechin. Here’s how Christopher Steele’s dossier described the July 7 or 8, 2016 meeting between Page and Sechin:

[T]he Rosneft President (CEO) had raised with PAGE the issues of future bilateral energy cooperation and prospects for an associated move to lift Ukraine-related western sanctions against Russia. PAGE had reacted positively to this demarche by SECHIN but had been generally not-committal in response. [Report dated July 19, 2016, sourced to a Russian source close to Sechin]

[snip]

[T]he Roseneft President was so keen to lift personal and corporate western sanctions imposed on the company, that he offered PAGE/TRUMP’s associates the brokerage of up to a 19 per cent (privatised) stake in Rosneft in return. PAGE had expressed interest and confirmed that were TRUMP elected US president, then sanctions on Russia would be lifted. [Report dated October 18, 2016, sourced to a close associate of Sechin ]

Importantly, Steele’s sources reported that Russia was dangling the same thing that showed up in Page’s 2013 conversations with Podobnyy: business with Rosneft. That could either be taken as a sign the Russian integrated information they learned in 2013 — that Page wanted to get rich working with Rosneft (which would have been obvious anyway). Or it could be taken as a sign that they dangled something that Page would have known the Russians were already talking to him about.

Note that the two reports on his meeting with Sechin conflict on one key detail: whether Page took the bait. The first report (at a time when Steele was not as urgently trying to ensure Trump would lose the election) stated that Page was non-committal. Having a huge deal of the sort he had been pursuing for three years dangled before him, Page did not immediately jump. The later report, however, did seem to promise a quid pro quo dealing precisely the same thing he had got caught talking to Russians about three years earlier.

Now consider the other allegation about Page from the dossier. It claims that a senior colleague in the Presidential Administration Head, Divyekin, dangled something else: kompromat on Hillary (as I explained here, in context this is just about intelligence gathered while she was First Lady and Secretary of State, even though this report was written a year after FSB started hacking the DNC, four months after GRU allegedly started hacking the DNC and John Podesta, and more than a month after the former two things were public). But even here, this is a dangle.

Their agenda had included DIVEYKIN raising a dossier of ‘kompromat’ the Kremlin possessed on TRUMP’s Democratic presidential rival, Hillary CLINTON, and its possible release to the Republican’s campaign team.

However, the Kremlin official close to S. IVANOV added that s/he believed DIVEYKIN also had hinted (or indicated more strongly) that the Russian leadership also had ‘kompromat’ on TRUMP which the latter should bear in mind in his dealings with them.

In the context of having had another Russian spy explicitly state he would dangle promises but not deliver, it’s unclear how Page would take this information. But he would presumably at least consider what he had learned in 2013 about dealing with Russian spies, which is that they might not deliver on their promises.

Page strikes me as a dummy. So maybe he didn’t learn anything from being targeted in 2013. Or maybe the inconclusive language relayed here, even if true (Page still denies the Sechin meeting) can be explained by the fact that Page had already been recruited at least once by a Russian spy, with the embarrassing result that (he believed) everyone in NY knew he had been taken for a chump in 2013.

But there are two other parts of the complaint that — given what we’ve learned since Rayne wrote about this — deserve new scrutiny.

First, in a discussion on April 10, 2013, Podobnyy had a discussion with his boss at SVR. The boss asked Podobyy what Sporyshev’s cover was. “What is his cover? The Chamber of Commerce?” Podobnyy corrected him, explaining that Sporyshev worked as a Trade Representative.

The exchange is interesting because one of the people believed to be a key figure in the Steele dossier, described as Source D in parts of the dossier, founded a Russian American Chamber of Commerce in 2006. The figure, Sergei Millian, has insinuated himself into Trump’s circle since that time, including posting pictures of himself on inauguration day. It seems as if Podobnyy’s boss knew of someone who was working under the cover of some kind of Chamber of Commerce. There are two other “Chambers” he might have been thinking of — the US-Russian Chamber of Commerce, and the Chamber of Commerce and Industry of the Russian Federation. But Millian’s organization certainly looks like a cover, and the reference of a an SVR manager to a Chamber used as cover could back that claim.

Finally, there’s the point Rayne raised in her post. Buryakov’s cover was working at Vnesheconombank, the same bank whose FSB-tied head Jared Kushner met with in December. The key to busting Buryakov was an undercover FBI employee pretending to represent the interests of a “wealthy investor looking to work with [Vnesheconombank] to develop casinos in Russia.” As Rayne noted, Buryakov and the UCE toured some Atlantic City casinos at a time when Trump still had some there. And while Trump may not be the only wealthy casino owner considering business opportunities in Russia in 2013, he definitely was doing so (recall that the Golden Shower incident allegedly happened in 2013, so before the casino meetings).

The reason all that is interesting is because of the claimed ties between Trump associates like Felix Sater and the FBI. While Sater has served as an informant, not an FBI employee (and Sater’s informant role was already public by 2013, meaning the Russians would be unlikely to treat him as a real entrée to reach Trump), there’s still other reasons to think Trump might have been the purported investor used to set up Buryakov (which, again, was Rayne’s point).

In any case, we know that a figure that ended up in Trump’s inner circle was recruited as early as 2013 for information. That doesn’t necessarily mean subsequent attempts, such as they occurred, would be more or less successful (indeed, if Page weren’t such a dummy you’d figure they’d be less successful, if only because Page had already had to deal with the FBI over his Russian ties). But it does raise interesting questions about that network of spies and any subsequent efforts to reach out to Trump’s associates.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The Temporal Feint in Adam Schiff’s Neat Narrative

I did four — count them! four! — interviews on the Russian hearing yesterday. And one thing I realized over the course of the interviews is that people were far more impressed with Adam Schiff’s opening speech than they should have been.

I want to look closely at this passage which — if it were accurate — would be a tight little presentation of quid pro quo tied to the change of platform at the July 18-21, 2016 RNC. But it’s not. I’ve bolded the two claims that are most problematic, though the presentation as a whole is misleading.

In early July, Carter Page, someone candidate Trump identified as one of his national security advisors, travels to Moscow on a trip approved by the Trump campaign. While in Moscow, he gives a speech critical of the United States and other western countries for what he believes is a hypocritical focus on democratization and efforts to fight corruption.

According to Christopher Steele, a former British intelligence officer who is reportedly held in high regard by U.S. Intelligence, Russian sources tell him that Page has also had a secret meeting with Igor Sechin (SEH-CHIN), CEO of Russian gas giant Rosneft. Sechin is reported to be a former KGB agent and close friend of Putin’s. According to Steele’s Russian sources, Page is offered brokerage fees by Sechin on a deal involving a 19 percent share of the company. According to Reuters, the sale of a 19.5 percent share in Rosneft later takes place, with unknown purchasers and unknown brokerage fees.

Also, according to Steele’s Russian sources, the Trump campaign is offered documents damaging to Hillary Clinton, which the Russians would publish through an outlet that gives them deniability, like Wikileaks. The hacked documents would be in exchange for a Trump Administration policy that de-emphasizes Russia’s invasion of Ukraine and instead focuses on criticizing NATO countries for not paying their fare share – policies which, even as recently as the President’s meeting last week with Angela Merkel, have now presciently come to pass.

In the middle of July, Paul Manafort, the Trump campaign manager and someone who was long on the payroll of Pro-Russian Ukrainian interests, attends the Republican Party convention. Carter Page, back from Moscow, also attends the convention. According to Steele, it was Manafort who chose Page to serve as a go-between for the Trump campaign and Russian interests. Ambassador Kislyak, who presides over a Russian embassy in which diplomatic personnel would later be expelled as likely spies, also attends the Republican Party convention and meets with Carter Page and additional Trump Advisors JD Gordon and Walid Phares. It was JD Gordon who approved Page’s trip to Moscow. Ambassador Kislyak also meets with Trump campaign national security chair and now Attorney General Jeff Sessions. Sessions would later deny meeting with Russian officials during his Senate confirmation hearing.

Just prior to the convention, the Republican Party platform is changed, removing a section that supports the provision of “lethal defensive weapons” to Ukraine, an action that would be contrary to Russian interests. Manafort categorically denies involvement by the Trump campaign in altering the platform. But the Republican Party delegate who offered the language in support of providing defensive weapons to Ukraine states that it was removed at the insistence of the Trump campaign. Later, JD Gordon admits opposing the inclusion of the provision at the time it was being debated and prior to its being removed.

Later in July, and after the convention, the first stolen emails detrimental to Hillary Clinton appear on Wikileaks. A hacker who goes by the moniker Guccifer 2.0 claims responsibility for hacking the DNC and giving the documents to Wikileaks. But leading private cyber security firms including CrowdStrike, Mandiant, and ThreatConnect review the evidence of the hack and conclude with high certainty that it was the work of APT28 and APT29, who were known to be Russian intelligence services. The U.S. Intelligence community also later confirms that the documents were in fact stolen by Russian intelligence and Guccifer 2.0 acted as a front. [emphasis on most problematic claims mine]

What Schiff tries to do here is suggest that the Russians offered Trump kompromat on Hillary, Trump’s team changed the GOP platform, and then in response the Russians started releasing the DNC emails through Wikileaks.

Later in the hearing, several Republicans disputed the nature of the change in the platform. Both in and outside of the hearing, Republicans have noted that the changed platform matched the policy in place by the Obama Administration at the time: to help Ukraine, but stop short of arming them. All that said, the story on this has clearly changed. The change in the platform clearly shows the influence of Russophiles moving the party away from its hawkish stance, but it’s not enough, in my opinion, to sustain the claims of quid pro quo. [Update: One of the outside the hearing arguments that the platform was not weakened is this Byron York piece b linked, which argues the platform actually got more anti-Russian.]

The bigger problem with Schiff’s neat narrative is the way it obscures the timeline of events, putting the release of DNC emails after the change in platform. That is true with regards to the Wikileaks release, but not the Guccifer 2 release, which preceded the platform change.  Moreover, the references in Steele’s dossier Schiff invokes are not so clear cut — the dossier alleges Russia offered kompromat on Hillary unrelated to the stolen emails before any discussion of the Wikileaks emails. I’ve put what Schiff’s timeline would look like if it were not aiming to play up the quid pro quo of the RNC below (note this timeline doesn’t include all Steele reports, just those specifically on point; see also this site for a comprehensive Guccifer related timeline). It shows several things:

  • The changes to the platform preceded the meetings with Sergey Kislyak. Indeed, the first public report on the change in platform even preceded the Kislyak meetings by a day.
  • The stolen documents began to be released well before the platform got changed.
  • The early Steele report on discussions of sharing a dossier of kompromat on Hillary pertains to a dossier dating back decades (even though these reports all post-date the first Guccifer releases, so could have included a discussion of hacked materials). The first explicit reference to the DNC hack comes after Wikileaks started releasing documents (and earlier reports which ought to include such references don’t).
  • The later Steele report tying the Wikileaks release to a change in policy came after the policy had already changed and documents had already been released.
  • The alleged quid pro quo tied to the early July Carter Page meeting was for the lifting of sanctions, not the shift on NATO and Ukraine; the Steele dossier describes the latter as the quid pro quo in exchange for the Wikileaks release only after the emails start coming out from Wikileaks.

Also note: the report that first ties Wikileaks (but not Guccifer) to a quid pro quo is one of the reports that made me raise questions about the provenance of the report as we received it.

This is not lethal for the argument that the Trump campaign delivered on a quid pro quo. For example, if there was extensive coordination, Trump could have changed his policy in March after learning that the Russian military intelligence hack — the one allegedly designed to collect documents to leak — had started. Or perhaps the Guccifer leaks were a down-payment on the full batch. But there’s no evidence of either.

In any case, the narrative, as laid out by Adam Schiff, doesn’t hold together on several points. Trump’s team has not yet delivered on the quid pro quo allegedly tied to the Rosneft brokerage fees that were paid to someone (it’s not public whom) in December — that is, the lifting of sanctions. As laid out here, the descriptions of an offer of a dossier of information on Hillary prior to the Republican platform pertained to stuff going back decades, not explicitly to Wikileaks; the shift of discussion to Wikileaks only came after the emails had already appeared and any Ukraine related policy changes had already been made.

There’s plenty of smoke surrounding Trump and his associates. It doesn’t require fudging the timeline in order to make it appear like a full quid pro quo (and given Jim Comey’s reliance on “coordination” rather than “collusion” in Monday’s discussion, it’s not even clear such quid pro quo would be necessary for a conspiracy charge). Adam Schiff can and should be more careful about this evidence in future public hearings.

Update: Given how remarkably late the references to the stolen emails are in the dossier, I’m linking this post showing how later entries included a feedback loop.


March 19: John Podesta phished (DNC compromise generally understood to date to same time period).

March 31: Trump reportedly embraces pro-Russian stance in foreign policy meeting with advisors.

April 19th: DCLeaks.com registered.

June 8th: DCLeaks.com posts leaks (from post dates).

June 13th: First archived record of DCLeaks posts.

June 15: Crowdstrike report names Russia in DNC hack, first Guccifer 2.0 releases via TSG and Gawker.

June 18: Guccifer releases at WordPress site.

June 20: Steele report presents obviously conflicting information on exchanging intelligence with Trump. A senior Russian Foreign Ministry figure said “the Kremlin had been feeding TRUMP and his team valuable intelligence on his opponents, including … Hillary CLINTON, for several years.” A former top level intelligence officer still active in the Kremlin stated that the Kremlin had been collating a dossier on Hillary, “for many years, dating back to her husband Bill’s presidency, and comprised mainly eavesdropped conversations of various sorts. … Some of the conversations were from bugged comments CLINTON had made on her various trips to Russia and focused on things she had said which contradicted her current position on various issues.” A senior Kremlin official, however, said that the dossier “had not as yet been made available abroad, including to TRUMP or his campaign team.”

July 7-8: Carter Page in Moscow. Allegedly (per later Steele dossier reports) he is offered brokerage fees for the sale of a stake in Rosneft in exchange for ending sanctions on Russia.

July 11-12: Platform drafted.

July 18-21: RNC.

July 18: First report of changes to platform.

July 19: Sergey Kislyak meets numerous Trump associates after a Heritage sponsored Jeff Sessions talk.

July 19: Steele report provides first details of Carter Page meeting in Russia during which Divyekin raises “a dossier of ‘kompromat’ the Kremlin possessed on TRUMP’s Democratic presidential rival, Hillary CLINTON, and its possible release to the Republican’s campaign team.” In context (especially because the same report also warns Trump of kompromat Russia holds on him), this seems to be the dossier going back years also mentioned in the June 20 report, not Wikileaks emails. Certainly no explicit mention of Wikileaks or the hack appears in the report, even though the report is based off July reporting that post-date the first Guccifer 2.0 leaks.

July 22: Wikileaks starts releasing DNC emails.

July 26: Steele report describing conversations from June describes Russian hacking efforts in terms already publicly known to be false. For example, the report claims FSB had not yet had success penetrating American or other “first tier” targets. FSB had success hacking American targets the previous year, including the DNC. This report includes no discussion of the DNC hack or Wikileaks.

Undated July, probably because of report number between July 26 and 30: An “ethnic Russian close associate of Republican US presidential candidate Donald TRUMP” includes the first reference to the DNC hack and WikiLeaks:

[T]he Russian regime had been behind the recent leak of embarrassing e-mail messages, emanating from the Democratic National Committee (DNC) to the Wikileaks platform. The reason for using WikiLeaks was “plausible deniability” and the operation had been conducted with the full knowledge and support of TRUMP and senior members of his campaign team. In return the TRUMP team had agreed to sideline Russian intervention in Ukraine as a campaign issue and to raise US/NATO defence commitments in the Baltics and Eastern Europe to deflect attention away from Ukraine, a priority for PUTIN who needed to cauterise the subject.

July 30: A Russian emigre close to Trump describes concern in the campaign about the DNC email fallout. This report mentions that the Kremlin “had more intelligence on CLINTON and her campaign but he did not know the details or when or if it would be released.” In context, it is unclear whether this refers to stolen documents, though the reference to the campaign suggests that is likely.

August 5: Steele report describes Russian interference as a botched operation, discusses wishful thinking of Trump withdrawing.

August 10: Steele report discusses the “impact and results of Kremlin intervention in the US presidential election to date” claiming Russia’s role in the DNC hack was “technically deniable.” This report conflicts in some ways with the August 5 report, specifically with regards to the perceived success of the operation.

September 14: Steele report referencing kompromat on Hillary clearly in context of further emails.

October 18: More detailed Steele report account of Carter Page meeting, including date. It asserts that “although PAGE had not stated it explicitly to SECHIN, he had clearly implied that in terms of his comment on TRUMP’s intention to lift Russian sanctions if elected president, he was speaking with the Republican candidate’s authority.”

October 19: More Steele report accounting of Michael Cohen’s August attempts to clean up after Manafort and Page.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The Feedback Loop in Christopher Steele’s Dossier

Last week, at least three media outlets have provided new details about the relationship between former MI6 officer Christopher Steele — the author of the Trump dossier — and the FBI. First WaPo reported that Steele had reached a verbal agreement that the FBI would pay him to continue his investigation of Russia’s involvement with Trump after still unnamed Democrats stopped paying him after the election. CNN then reported that FBI actually had paid Steele for his expenses. Finally, NBC reported Steele backed out of the deal before it was finalized. Chuck Grassley just sent a letter to Jim Comey asking for more information about the proposed arrangement with Steele.

I’m with Grassley on this. According to WaPo and NBC, FBI would only have paid Steele after the election, presumably regardless of the outcome; by that point Steele’s research couldn’t affect the outcome of the investigation. Nevertheless, the possibility that FBI may have used information from a Democratically paid oppo researcher does raise questions of propriety. Add in the discrepancies in these three reports about whether FBI did pay for Steele’s work, and Grassley is right to raise questions.

I’m also interested in what the relationship says about the way in which political necessities may have impacted the content of Steele’s dossier. All three reports attribute the termination of any FBI-Steele relationship, at least in part, to Steele’s frustration with the FBI. WaPo goes on at some length, explaining that Steele got pissed when Jim Comey reopened the Hillary investigation on October 28, and then grew angrier after the NYT reported the FBI had not confirmed any link to Russia.

Ultimately, the FBI did not pay Steele. Communications between the bureau and the former spy were interrupted as Steele’s now-famous dossier became the subject of news stories, congressional inquiries and presidential denials, according to the people familiar with the arrangement, who spoke on the condition of anonymity because they were not authorized to discuss the matter.

[snip]

In October, anticipating that funding supplied through the original client would dry up, Steele and the FBI reached a spoken understanding: He would continue his work looking at the Kremlin’s ties to Trump and receive compensation for his efforts.

But Steele’s frustration deepened when FBI Director James B. Comey, who had been silent on the Russia inquiry, announced publicly 11 days before the election that the bureau was investigating a newly discovered cache of emails Clinton had exchanged using her private server, according to people familiar with Steele’s thinking.

Those people say Steele’s frustration with the FBI peaked after an Oct. 31 New York Times story that cited law enforcement sources drawing conclusions that he considered premature. The article said that the FBI had not yet found any “conclusive or direct link” between Trump and the Russian government and that the Russian hacking was not intended to help Trump.

WaPo doesn’t lay this out in detail, however. Here’s what happened on those days in October:

October 28: Comey informs eight committee chairs he will reopen the investigation, which promptly (and predictably) leaks.

October 30: Having been officially briefed on the dossier, Harry Reid writes Comey accusing him of a Hatch Act violation for releasing the information on Clinton while withholding what we know to be information in the dossier.

October 31, 6:52PM: David Corn publishes story based on dossier.

October 31, 9:27PM: NYT publishes article describing multiple investigations into Russian interference, stating “no evidence has emerged that would link him or anyone else in his business or political circle directly to Russia’s election operations.”

October 31, 10:52PM: NYT edits article, adding “conclusive or direct” as a caveat in the sentence “Law enforcement officials say that none of the investigations so far have found any conclusive or direct link between Mr. Trump and the Russian government.”

Notably, assuming the times in Newsdiffs (from which I got the NYT timing) are correct, Steele had already gone public before the NYT published its article. That suggests he (like Harry Reid) believed his research should be part of a competing public story. And by going public in what was obviously a Democratically-seeded article, Steele likely made it far more difficult for FBI to continue the relationship.

Already, these new timeline details raise questions about the degree to which Steele’s concerns that the Trump Russian investigation should have more prominence than the email investigation may have influenced his work. Even if Jim Comey did do something colossally stupid by announcing the reopening of the investigation, that shouldn’t affect Steele’s interest in providing the best intelligence to the US, regardless of the public impact, unless he was always motivated primarily by his role as campaign oppo researcher.

The pointless Alfa Bank report that nevertheless seems to reinforce the dodgy Alfa server story

But I also wonder whether it relates to the content. Consider report 112, dated September 14. It pertains to “Kremlin-Alpha Group Cooperation.” It doesn’t have much point in a dossier aiming to hurt Trump. None of his associates nor the Russian DNC hack are mentioned. It does suggest that that Alfa Group had a “bag carrier … to deliver large amounts of illicit cash to” Putin when he was Deputy Mayor of St. Petersburg, though describes the current relationship as “both carrot and stick,” relying in part on kompromat pertaining to Putin’s activities while Deputy Mayor. It makes no allegations of current bribery, though says mutual leverage helps Putin “do his political bidding.”

As I said, there’s no point to have that Alfa Bank passage in a dossier on Trump. But it does serve, in its disclosure, to add a data point (albeit not a very interesting one) to the Alfa Server story that (we now know) FBI was already reviewing but which hadn’t been pitched to the press yet. In Corn’s piece, he mentions the Alfa Bank story but not the report on Putin’s ties to it. It may be in there because someone — perhaps already in possession of the Alfa Bank allegations — asked Steele to lay out more about Alfa’s ties with Putin.

Here’s one reason that’s interesting, though. Even aside from all the other reasons the Alfa story is dodgy, it was deliberately packaged for press consumption. Rather than the at least 19 servers that Trump’s spam email was pinging, it revealed just two: Alfa Bank and Spectrum Health (the latter of which got spun, anachronistically, as a DeVos organization that thus had to be tight with Trump). Which is to say, the Alfa story was dodgy and packaged by yet unknown people.

The discovery of direct collusion during the intelligence review of the Russian hack

More interesting still is what happens in the period that — according to public reporting, anyway — Steele was working for free.

Contrary to what Steele’s anger suggests, there was no real evidence of direct Russian ties to Trump outside of the famous PeeGate incident (and even if that happened, he was not a knowing participant). In the first report, there’s a claim that “the Kremlin has been feeding TRUMP and his team valuable intelligence … including Democratic presidential candidate Hillary Clinton,” but the part of the report that purportedly describes that sharing states that the Kremlin file on Hillary “had not yet been mae available abroad, including to TRUMP or his campaign team,” seemingly contradicting the claim. A subsequent report describes a Presidential Administration official discussed the “possible release [of the dossier] to the Republican’s campaign team,” but without any confirmation that occurred (or even that Trump knew about it).

A subsequent report includes a claim of a “well-developed conspiracy of co-operation between [Trump’s team] and the Russian leadership managed through Paul Manafort and Carter Page. It continued to suggest a quid pro quo between the Russian hack and a shift on Ukraine and NATO policies. But in subsequent discussions of Manafort and Page’s corruption, it drops this claim entirely. Even when Michael Cohen enters the narrative, its about managing fallout over Manafort’s Ukrainian corruption.

There are claims that Trump was trying to set up business in Russia, followed by repeated descriptions of Russians not succeeding in getting him to do so.

In other words, in spite of the fact that there were some really damning allegations in the reports, the subsequent reporting didn’t necessarily back the most inflammatory aspects of them.

After the election, there’s just one report, dated December 13. That dates it to after the CIA’s leak fest reporting that Putin hacked the DNC not just to hurt Hillary and the US, but also to elect Trump. It dates to after Obama ordered an IC report on the hack. It dates to after John McCain delivered yet another copy of the dossier to FBI. It slightly precedes a Crowdstrike report (also done for free) bumping its formerly non-public “medium” confidence Russia’s GRU hacked the DNC to “high.”

And after previous reports describing Michael Cohen’s meetings as serving to cover up Manafort’s corruption and Page’s non-consummated Rosneft deal, this one alleges “the operatives involved [in the DNC hack] had been paid by both TRUMP’s team and the Kremlin,” the first such allegation. That is, over a month after the election but less than a month before its leak, the kind of detail backing direct collusion reappeared in this report.

Chuck Grassley’s questions

Which brings me back to Grassley’s letter. In addition to asking about payments, whether the agreement ever went into force, and whether and how Steele’s material served as a basis for FBI reports or even warrants, Grassley asks a question I’ve long wanted to know: Why we got this version of the memo, which is obviously just a partial selection of the complete dossier (rather like the Alfa story).

  1. How did the FBI first obtain Mr. Steele’s Trump investigation memos?  Has the FBI obtained additional memos from this same source that were not published by Buzzfeed?  If so, please provide copies.

We will actually learn a lot about the validity of the dossier if we see what other parts got dealt to the FBI, and if so whether the copy released to the public was cherry picked for the most damning information.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Devin Nunes Doesn’t Think Donald Trump Should be Subject To the Kind of “Witch Hunt” He Conducted with Edward Snowden

We know what a Devin Nunes-led investigation into possible Russian compromise looks like. Just in December, after all, the House Intelligence Committee released their investigation into Edward Snowden.

Using the Snowden investigation as a guide, we know that HPSCI believes that if there’s an ongoing investigation, it should avoid speaking to anyone who knows evidence first-hand. It can instead rely on the impressions of people who don’t like the target of the investigation, as HPSCI did for claims that Snowden went to a hackers conference in China. It can also avoid reviewing official records, including public school records or even official Army records. Rather than do that, it may rely on imprecise citations of public reporting, interpreted in the light designed to be most damning. Any lies told — such as Snowden’s cover story that he’d be undergoing epilepsy treatment or Mike Flynn’s lies to Mike Pence — are themselves evidence of the worst possible guilt. Numbers are interpreted in the most damning possible light, even if more recent and informed numbers suggest something far less damning; those damning numbers came, in Snowden’s case, from a decision made by former DIA Director and recently fired National Security Advisor Flynn to assume any contact involved potential compromise.

Very importantly, HPSCI’s standard is that if anyone alleges contact between Russians and the target of an investigation, they should believed, even if that person is not in a position to know first hand. According to HPSCI standard, it is permissible to rely on dubious translations of Russian comments.

That’s the standard a Devin Nunes-led investigation holds to — or at last held to, with Snowden — before it deems an American citizen a traitor (irrespective of the very specific requirements of a treason charge).

Now, you can certainly argue that that’s a horrible standard for an intelligence committee investigation into allegations that an American citizen is spying for Russia. I have made that argument myself. But that is the standard HPSCI very recently set for serious allegations of possible intelligence compromises involving Russia.

Which is mighty curious, because Devin Nunes just gave a press conference claiming, categorically, that no Trump campaign personnel had any contact with any Russian official. That, in spite of public reporting relying on an interview with Russian Ambassador Sergey Kislyak that said his contacts with Trump campaign advisor Mike Flynn went back before November 8. That’s pretty good evidence that Trump’s campaign was in contact with a Russian official. (Later in his presser, Nunes acknowledged that Flynn spoke with Russia, though suggested that happened after Trump became President-Elect.)

And if Nunes applied the same standard to Trump’s associates he applied to Edward Snowden, then clearly the allegations in the Trump dossier should be presumed to be true (again, I’m not advocating for this, I’m talking about what would happen if HPSCI applied the same standard). That would mean Carter Page’s contacts with Kremlin Internal Affairs official Diyevkin would count as evidence of a contact. Carter Page’s other contacts were not named. Michael Cohen’s, which were alleged to be even more inflammatory, were done with Russian Presidential Administration figures working under cover, but would seem to meet the Nunes HPSCI standard. Paul Manafort’s contacts were with Ukrainians.

Finally, if HPSCI applied the same standards they did with Snowden, then the claims from Sergei Ryabkov that there were discussions before the election should amount to sufficient evidence to substantiate the claim.

Devin Nunes invoked McCarthyism in insisting his committee shouldn’t just investigate American citizens without evidence. But he apparently extends that standard differently to men on whose transition team he served.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

FISA Is Not a Magic Word

The NYT had an article yesterday reporting on investigations into three (not four) of Donald Trump’s associates. The lead explains that authorities are reviewing “intercepted communications” in an investigation.

American law enforcement and intelligence agencies are examining intercepted communications and financial transactions as part of a broad investigation into possible links between Russian officials and associates of President-elect Donald J. Trump, including his former campaign chairman Paul Manafort, current and former senior American officials said.

The article differs from many of the reports on investigations into Trump because it is not so breathless and shows far more understanding of how DOJ works. Sadly, most readers appear not to have gotten this far into the story, which admits it’s not even clear whether the investigation is primarily about ties between Trump and the DNC hack.

It is not clear whether the intercepted communications had anything to do with Mr. Trump’s campaign, or Mr. Trump himself. It is also unclear whether the inquiry has anything to do with an investigation into the hacking of the Democratic National Committee’s computers and other attempts to disrupt the elections in November.

A number of people, including — bizarrely! — former DHS Assistant Secretary for Intergovernmental Affairs Juliette Kayyem have asked why the NYT article doesn’t mention FISA.

Great piece. Honest ? Is there reason why it doesn’t mention word FISA? I don’t know other ways to intercept comms.

Kayyem asks that, even about an article that partially raises another — the most common — way intercepts get done: by targeting foreigners.

The counterintelligence investigation centers at least in part on the business dealings that some of the president-elect’s past and present advisers have had with Russia. Mr. Manafort has done business in Ukraine and Russia. Some of his contacts there were under surveillance by the National Security Agency for suspected links to Russia’s Federal Security Service, one of the officials said.

The Russians alleged to have bought off Manafort, and the Russians alleged to have hacked the DNC are all legal targets without a FISA order (unless they’re targeting in the US, and even then, in some cases you wouldn’t need a FISA order). But these people are described as Russians and Ukrainians in Europe, so no FISA order needed. Moreover, the BBC article that started this line of reporting made clear the investigation arises from an intercept from a Baltic ally. Even if the US did the spying, foreign targets could be collected on under EO 12333 or under Section 702 of FISA without an individual order, and the Manafort sides of those conversations would be read. Indeed, those communications would be read precisely because a US person was having conversations with targets of interest.

So to review, here are the ways that the government might collect data in this case.

  • As the BBC reported, the US gets intercepts from its foreign partners, and appears to have done so here.
  • For foreign targets like those described, much US surveillance takes place under EO 12333. The NSA is collecting on switches and satellites carrying such communications, and to the extent that they’re not encrypted (or encrypted using technology the NSA has broken) those communications are readily available without a court order.
  • Those foreign targets located in Europe are also legal targets under Section 702. For national security cases (including counterintelligence ones) NSA routinely shares the raw feed off such collection with FBI, and FBI is not only allowed to read both sides of those conversations, but to go back and search for US persons in them without any suspicion of wrong-doing.
  • This counterintelligence investigation is primarily about money changing hands. That’s Treasury’s job, and its methods of coercion for collecting information don’t usually involve courts. Banks are obliged to hand over certain kinds of suspicious transfers in any case. Treasury also gets to go to SWIFT and get what it wants. That’s not an “intercept” in the traditional sense, but is likely a key piece of evidence in this case.

The issue, then, is when someone like Manafort becomes the target of the investigation and/or when Russians in the US (but not exclusively at an Embassy) are targeted. In that case, the following might explain intercepts.

  • In some respects, Manafort’s behavior reeks of classic influence peddling, a lobbyist gone wrong. To the extent that’s the case, it might be investigated under regular criminal law with pretty much the same secrecy that FISA will give you (especially given that multiple sources are leaking like sieves about FISA orders now). So FBI could have obtained a criminal warrant targeting Manafort’s communications.
  • To target Manafort anywhere in the world, the FBI/NSA would need a FISA order. Domestically, that’d be a traditional order(s). Given the overseas connection, they’d likely get a 705b order, allowing them to keep spying if Manafort were to leave the country.
  • To target Russians who are in the country but not at the Russian embassy, the government would need a FISA order.

To be sure, there were earlier reports that FBI asked for FISA orders in June and July, finally obtaining one (not three) in October. Even there, the original BBC report suggested the Americans were not the primary targets, but foreign targets, though it misstates who could actually be targeted (and seems to think Russian banks would require a FISA order).

Lawyers from the National Security Division in the Department of Justice then drew up an application. They took it to the secret US court that deals with intelligence, the Fisa court, named after the Foreign Intelligence Surveillance Act. They wanted permission to intercept the electronic records from two Russian banks.

Their first application, in June, was rejected outright by the judge. They returned with a more narrowly drawn order in July and were rejected again. Finally, before a new judge, the order was granted, on 15 October, three weeks before election day.

Neither Mr Trump nor his associates are named in the Fisa order, which would only cover foreign citizens or foreign entities – in this case the Russian banks

A more recent, but breathless, version of the story originally misstated the standard for FISA, but does get closer to suggesting Trump’s associates are the targets.

Note that in one place NYT refers to “investigations” plural.

The F.B.I. is leading the investigations, aided by the National Security Agency, the C.I.A. and the Treasury Department’s financial crimes unit.

It is possible that there are separate investigation(s), one targeting Manafort for clear influence peddling, another targeting Roger Stone for apparent involvement in the hand-off of DNC documents to Wikileaks, and a third for corrupt business dealings on the part of Carter Page. It is also possible that such independent investigations could converge on the election, if what the Trump dossier claims is true. It is further possible that if all of those investigations converged into one election-related investigation, there’d still be no way to prove Trump knew of Russian involvement; right now, only his associates have been “targeted,” to the extent even that has occurred. (Roger Stone, of course, is an old hand at giving the President plausible deniability about the rat-fucking done in his name.)

Finally, there’s one more (delicious) detail most people have missed. Just last week the intelligence community rolled out its new EO 12333 sharing guidelines. I suspect such guidelines were in place between FBI and NSA before then; for a variety of reasons I think they may have been sharing such data since … September. But as I’ll show in a follow-up, one very clear objective for the expanded EO 12333 sharing is to give FBI (and CIA) direct access to raw EO 12333 collected information for counterintelligence purposes. That means all those intercepts on Russian and Ukrainian people talking to Manafort, going back over a year? At least as of January 3, the FBI (and CIA) can have those, including Manafort’s side of the conversation, in raw form.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.