Posts

The Eight Investigations into the Russian Investigation Have Already Lasted 47% Longer than the Investigation Itself

Before the holiday weekend, FBI Director Christopher Wray announced an “after-action review of the Michael Flynn investigation.” Thus far, that makes the eighth known investigation into the Russian investigation — and every known investigation included at least a small component relating to Mike Flynn. The investigations into the Russian investigation, which collectively have lasted around 2,064 days, have gone on 47% longer than the investigation itself.

This table lists all the known investigations pertaining to the Russian investigation, save those into people involved in the Carter Page FISA applications. All have at least a component touching on the investigation into Mike Flynn.

This table assumes the Russian investigation is ongoing, based off the redactions in the Roger Stone warrant releases and FOIAed 302s, even though Mueller closed up shop a year ago.

At least three of the investigations in this table pertain to allegations first seeded with Sara Carter and then to various Congressional staffers that Andrew McCabe said, “Fuck Flynn, and I fucking hate Trump.” McCabe was actually considered the victim of the first investigation, which was conducted by the FBI’s Inspection Division, the same entity that will conduct the investigation announced last week. While the full timing of that investigation is not known, Strzok gave a statement to the Inspection Division on July 26, 2017. That Inspection Division investigation led into the investigation into McCabe himself, though that investigation focused on his confirmation of the investigation into the Clinton Foundation (and so is not counted in this table).

Mike Flynn kept raising the “Fuck Flynn” allegations with prosecutors, leading the government to review the allegations two more times, including an October 25, 2018 interview with Lisa Page where she was also asked about her role in editing the Flynn 302s.

The defendant’s complaints and accusations are even more incredible considering the extensive efforts the government has made to respond to numerous defense counsel requests, including to some of the very requests repeated in the defendant’s motion. For instance, the defendant alleges that former FBI Deputy Director Andrew McCabe said, “‘First we f**k Flynn, then we f**k Trump,’ or words to that effect;” and that Deputy Director McCabe pressured the agents to change the January 24 interview report. See Mot. to Compel at 4, 6 (Request ##2, 22). Defense counsel first raised these allegations to the government on January 29, 2018, sourcing it to an email from a news reporter. Not only did the government inform defense counsel that it had no information indicating that the allegations were true, it conducted additional due diligence about this serious allegation. On February 2, 2018, the government disclosed to the defendant and his counsel that its due diligence confirmed that the allegations were false, and referenced its interview of the second interviewing agent, 4 who completely denied the allegations. Furthermore, on March 13, 2018, the government provided the defendant with a sworn statement from DAD Strzok, who also denied the allegations.

Nevertheless, on July 17, 2018, the defense revived the same allegations. This time, the defense claimed that the source was a staff member of the House Permanent Select Committee on Intelligence (“HPSCI”). The HPSCI staff member allegedly told the defendant that the second interviewing agent had told the staff member that after a debrief from the interviewing agents, Deputy Director McCabe said, “F**k Flynn.” Once again, the government reviewed information and conducted interviews, and once again confirmed that the allegations were completely false. And after defendant and his counsel raised the accusation for a third time, on October 15, 2018, the government responded by producing interview reports that directly contradicted the false allegations. Despite possessing all of this information, defense counsel has again resurrected the false allegations, now for a fourth time

The DOJ IG investigation into whether Jim Comey violated policy or the law by bringing home his CYA memos started in July 2017 and continued through last summer. Obviously, one of those memos recorded Trump asking Comey to let the Flynn investigation go.

The table above does not include the DOJ IG Report on the Midyear Exam investigation (into Hillary), even though that was the first to examine the Lisa Page and Peter Strzok texts. For timing purposes, only the DOJ IG investigation into Carter Page’s FISA applications investigation counts the investigation into Page and Strzok. That investigation also considered the treatment of Flynn’s presence in the first intelligence briefing for Trump.

Finally, there’s the John Durham investigation — which Bill Barr’s top aides were scoping at least as early as April 12 of last year. There is no public scope document. Similarly, there’s no public scope document of the Jeffrey Jensen review, which Barr launched to create some excuse to move to dismiss the Flynn prosecution after prosecutors recommended (and all of DOJ approved) prison time. Wray’s statement announcing the FBI’s own investigation into the Flynn investigation made clear that the Jensen investigation remains ongoing.

FBI Director Christopher Wray today ordered the Bureau’s Inspection Division to conduct an after-action review of the Michael Flynn investigation.  The after-action review will have a two-fold purpose:  (1) evaluate the relevant facts related to the FBI’s role in the Flynn investigation and determine whether any current employees engaged in misconduct, and (2)  evaluate any FBI policies, procedures, or controls implicated by the Flynn investigation and identify any improvements that might be warranted.

The after-action review will complement the already substantial assistance the FBI has been providing to U.S. Attorney Jeff Jensen in connection with his work on the Flynn case.  Under Director Wray’s leadership, the FBI has been fully transparent and cooperative with Mr. Jensen, and the FBI’s help has included providing special agents to assist Mr. Jensen in the fact-finding process.  Although the FBI does not have the prosecutorial authority to bring a criminal case, the Inspection Division can and will evaluate whether any current on-board employees engaged in actions that might warrant disciplinary measures.  As for former employees, the FBI does not have the ability to take any disciplinary action.

Director Wray authorized this additional level of review now that the Department of Justice, through Mr. Jensen’s work, has developed sufficient information to determine how to proceed in the Flynn case.  However, Mr. Jensen’s work will continue to take priority, and the Director has further ordered the Inspection Division to coordinate closely with Mr. Jensen and ensure that the review does not interfere with or impede his efforts.  Relatedly, for purposes of ensuring investigative continuity across these related matters, the Inspection Division will also utilize to the extent practicable the special agents that the FBI previously assigned to assist Mr. Jensen.

In Bill Barr’s interview with Catherine Herridge, he discussed the Jensen review in terms of criminal behavior, which would mean Jensen and Durham are both considering criminal charges for some of the same activities — activities that had been investigated six times already.

Based on the evidence that you have seen, did senior FBI officials conspire to throw out the national security adviser?

Well, as I said, this is a particular episode. And it has some troubling features to it, as we’ve discussed. But I think, you know, that’s a question that really has to wait an analysis of all the different episodes that occurred through the summer of 2016 and the first several months of President Trump’s administration.

What are the consequences for these individuals?

Well, you know, I don’t wanna, you know, we’re in the middle of looking at all of this. John Durham’s investigation, and U.S. Attorney Jensen, I’m gonna ask him to do some more work on different items as well. And I’m gonna wait till all the evidence is, and I get their recommendations as to what they found and how serious it is.

But if, you know, if we were to find wrongdoing, in the sense of any criminal act, you know, obviously we would, we would follow through on that. But, again, you know, just because something may even stink to high heaven and be, you know, appear everyone to be bad we still have to apply the right standard and be convinced that there’s a violation of a criminal statute. And that we can prove it beyond a reasonable doubt. The same standard applies to everybody.

This is one reason why DOJ’s claim to have found “new” information justifying their flip-flop on Flynn’s prosecution would be so absurd if DOJ weren’t making the claim (with no documentation) in court. Different entities in DOJ had already investigated circumstances surrounding the Flynn investigation at least seven times before Jensen came in and did it again.

But I guess Barr is going to keep investigating until someone comes up with the result he demands.

Bill Barr and Chris Wray Schedule a Press Conference to Admit Trump Let an Al Qaeda Terrorist onto Our Military Base

Today, Billy Barr and Chris Wray had a press conference to announce that — in spite of his Muslim Ban — Trump had permitted an affiliate of AQAP, Mohammed Saeed Alshamrani, into this country, and onto a military base, where he bought a gun and murdered three sailors.

The evidence we’ve been able to develop from the killer’s devices shows that the Pensacola attack was actually the brutal culmination of years of planning and preparation, by a longtime AQAP associate.

The new evidence shows that al-Shamrani had radicalized not after training here in the U.S. but at least as far back as 2015, and that he had been connecting and associating with a number of dangerous AQAP operatives ever since. It shows that al-Shamrani described a desire to learn about flying years ago, around the same time he talked about attending the Saudi Air Force Academy in order to carry out what he called a “special operation.” And he then pressed his plans forward, joining the Air Force and bringing his plot here—to America.

Thanks to a lot of hard work by our people, we now know that al-Shamrani continued to associate with AQAP even while living in Texas and in Florida; and that in the months before the attack, while he was here among us, he talked with AQAP about his plans and tactics—taking advantage of the information he acquired here, to assess how many people he could try to kill.

After presenting this evidence, Barr and Wray didn’t announce that Trump is ending his Muslim Ban or retargeting it to focus on countries like Saudi Arabia that have always been a risk for terrorism. Barr and Wray didn’t explain how it was that the Trump Administration’s vetting was so poor that they let Alshamrani into a flight training program in Pensacola without vetting his social media or searching his phone on arrival. They didn’t explain how they’ll make sure foreign military officers we’re training don’t continue to plot attacks under our nose.

Instead, Barr and Wray used this opportunity to explain that Apple has to make all our phones less secure even after the FBI succeeded in accessing Alshamrani’s phones.

Barr and Wray didn’t explain why the obvious solution is not, instead, to properly vet military officers from countries that have attacked us in the past, including consensual searches of phones as those officers enter the country.

Useful But Not Sufficient: FBI’s FISA Fix Filing

As one of her last acts as presiding FISA judge, Rosemary Collyer ordered the government to explain how it will ensure the statement of facts in future FISA applications don’t have the same kind of errors laid out in the DOJ IG Report on Carter Page.

THEREFORE, the Court ORDERS that the government shall, no later than January 10, 2020, inform the Court in a sworn written submission of what it has done, and plans to do, to ensure that the statement of facts in each FBI application accurately and completely reflects information possessed by the FBI that is material to any issue presented by the application. In the event that the FBI at the time of that submission is not yet able to perform any of the planned steps described in the submission, it shall also include (a) a proposed timetable for implementing such measures and (b) an explanation of why, in the government’s view, the information in FBI applications submitted in the interim should be regarded as reliable.

DOJ and FBI submitted their response on Friday. (This post lays out new revelations about the FISA process in it.) While I think there are useful fixes, most laid out in FBI Director Chris Wray’s response to the IG Report itself, the fixes are insufficient to fix FISA.

The filing largely focuses on the institution and evolution of the current accuracy review process. It promises to review the memorandum guiding that process (though doesn’t set a deadline for doing so), and adds some forms and training to try to ensure that FBI Agents provide DOJ all the information that the lawyers should include in an application to FISA. One of those forms — pertaining to human sources — seems important though might lead to counterintelligence problems in the future. Another, requiring agents to provide all exculpatory information, may improve the process. But fundamentally, DOJ and FBI assume that the process they currently use just needs to be improved to make sure it works the way they intend it to.

They’re probably insufficient to fix the underlying problems in the Carter Page FISA application.

The FISA Fix Filing is based on faulty assumptions

I say that, first of all, because the FISA Fix Filing adopts certain assumptions from the DOJ IG Report that may not be valid. The FISA Fix Filing assumes that:

  • FBI was responsible for all the errors on the Carter Page application
  • The right people at FBI had the information they needed
  • The Carter Page application was an aberration

The IG Report ignored where DOJ’s National Security Division contributed to errors

As I note in this post, possibly because of institutional scope (DOJ IG cannot investigate DOJ’s prosecutors), possibly because of its own confirmation bias, the IG Report held the FBI responsible for all the information that was known to investigators, but not included in the Carter Page FISA applications. Yet the report showed that at least two of the things it says should have been included in the Page applications — Page’s own denials of a tie with Paul Manafort, and Steele’s own derogatory comments about Sergei Millian — were shared with DOJ’s Office of Intelligence, which writes the applications. Indeed, Rosemary Collyer even noted the latter example in her letter. It also shows DOJ’s National Security Division had confirmed a fact — that Carter Page had no role in the platform change at the RNC — before FBI had.

Because the FISA Fix Filing assumes FBI is responsible for everything mistakenly excluded from the applications, the proposed fixes shift even more responsibility to FBI, requiring agents, with FBI lawyers, to identify the information that should be in an application. But if — as the IG Report shows — sometimes FBI provides the relevant information but it’s not included by the lawyers, then ensuring they provide all the relevant information won’t be sufficient to fix the problem.

The focus on FBI to the detriment of NSD has one other effect. NSD includes few changes to their behaviors in the FISA Fix Filing (largely limited to training and inadequate accuracy reviews). And where they do consider changes, they do not — as ordered by the court — set deadlines for themselves.

The IG Report barely noted the import of the failure to share information in timely fashion

The IG Report deviates radically from almost twenty years of after-action reports that have consistently advocated for more sharing of national security information. It recommends that Bruce Ohr be disciplined for doing just that. Perhaps to sustain that bizarre conclusion, the IG Report focuses almost no attention on an issue that is critical to fixing the problems in the Carter Page applications: ensuring that the people submitting a FISA application have all the information available to the US government. The IG Report showed a 2 month delay before the Crossfire Hurricane team obtained the Steele reports, a month delay in getting feedback from State Department official Kathleen Kavalec, and delays in obtaining the full extent of Bruce Ohr’s knowledge on the dossier, all of which contributed to the delayed vetting of the dossier. But the IG Report doesn’t explore why this happened. And the FBI FISA Fix only addresses it by reminding agents to consult with other agencies.

In another of the 17 problems with the FISA applications, the people submitting the applications apparently did not learn that Christopher Steele had admitted meeting with Yahoo in court filings.

According to the Rule 13 Letter and FBI officials, although there had been open source reporting in May 2017 about Steele’s statements in the foreign litigation, the FBI did not obtain Steele’s court filings until the receipt of Senators Grassley and Graham’s January 2018 letter to DAG Rosenstein and FBI Director Christopher Wray with the filings enclosed. We found no evidence that the FBI made any attempts in May or June 2017 to obtain the filings to assist a determination of whether to change the FBI’s assessment concerning the September 23 news article in the final renewal application.

In other instance (as noted above), while NSD had affirmative knowledge that Carter Page had not been involved in the change to the RNC platform, FBI had a different view, yet this issue was not resolved to fully discount the claim in FISA applications. The IG Report also faults FBI managers (but never NSD ones) for not aggressively questioning subordinates to get a full sense of problems with the applications. All of these are information sharing problems, not errors of transparency. Making the case agent fill out forms about what he or she knows will have only limited effect on ensuring that those agents obtain all the information they need, because if they don’t know it, they won’t know to look for it.

With the Crossfire Hurricane investigation, that problem was exacerbated by the close hold of the investigation (most notably by running the investigation out of Main Justice) and, probably, by the urgency of investigating an ongoing attack while it’s happening, which likely led personnel to focus more on collecting information about the attack than exculpatory information.

The FISA Fix Filing includes a vaguely worded document describing technological improvements — including a workflow document that sounds like bureaucratic annoyance as described — that suggest FBI is considering moving some of this to the cloud.

Corrective Action #11 requires the identification and pursuit of short- and long-term technological improvements, in partnership with DOJ, that aid in consistency and accountability. I have already directed executives in the FBI’s Information Technology Branch leadership to work with our National Security Branch leadership and other relevant stakeholders to identify technological improvements that will advance these goals. To provide one example of a contemplated improvement, the FBI is considering the conversion of the revised FISA Request Form into a workflow document that would require completion of every question before it could be sent to OI. The FBI proposes to update the Court on its progress with respect to this Corrective Action in a filing made by March 27, 2020.

It’s still not clear this would fix the problem (it’s still not clear how Bruce Ohr would have shared the information he had in such a way that he wouldn’t now be threatened with firing for doing so, for example). And for a close hold investigation like this, such a cloud might not work. But it would be an improvement (if FBI could keep it secure, which is a big if).

The FISA Fix Filing does have suggests to improve information sharing. But because the scope of the problem, as defined in the IG Report, doesn’t account for information that simply doesn’t get to the people submitting the application, it’s not clear it will fix that problem.

No one knows whether the Page applications are an aberration or not

Finally, no one yet knows whether the Carter Page application was an aberration, and thus far, no one at DOJ has committed to finding out. DOJ IG has committed to doing an audit of the Woods Procedure process that failed in the Carter Page case (and the FISA Fix Filing committed to respond to any findings from that).

The Government further notes that the OIG is conducting an audit of FBI’s process for the verification of facts included in FISA applications that FBI submits to the Court, including an evaluation of whether the FBI is in compliance with its Woods Procedures requirements. The Department will work with the OIG to address any issues identified in this audit.

Yet everyone involved admits that the most serious problems with the Page applications consisted of information excluded from the application, not inaccurate information in it.

Many of the most serious issues identified by the OIG Report were … [when] relevant information is not contained in the accuracy sub-file and has not been conveyed to the OI attorney.

Doing an audit of the Woods Procedures, then, does not test the conclusion that Page’s applications are an aberration, and therefore does not test whether more substantive fixes are necessary.

DOJ IG has considered doing more — and PCLOB suggested last year they might get involved (though technically, their counterterrorism scope wouldn’t even permit them to look at counterintelligence cases like Page’s) — but thus far there’s no plan in this filing to figure out of this is a broader problem.

The existing oversight for FISA may be inadequate

There are several reasons to believe that the existing oversight regime for FISA may be inadequate.

As noted, the existing IG plan to audit the Woods Procedure is insufficient to identify whether the existing FISA Fix Filing is sufficient to fix the problem. Also as noted above, the jurisdiction of DOJ’s IG, because it cannot review the actions of prosecutors, might not (and in this case, pretty demonstrably did not) adequately review all parts of the process, because it could not subject NSD attorneys to the same scrutiny it did FBI.

Then there are shortcomings to NSD’s oversight regime — shortcomings that Judge James Boasberg — the new presiding FISA Judge and so the just now in charge of overseeing these fixes — already highlighted in an opinion on problems with Section 702 queries.

As the FISA Fix Filing describes, OI (the same office that the IG Report let off when it received information but did not include it in applications) does a certain number of oversight reviews each year. But they don’t do reviews in every FBI field office (to which FBI devolved the FISA application process some years ago), and they don’t do accuracy reviews at every office where they do an oversight review.

OI’s Oversight Section conducts oversight reviews at approximately 25-30 FBI field offices annually. During those reviews, OI assesses compliance with Court-approved minimization and querying procedures, as well as the Court orders. Pursuant to the 2009 Memorandum, OI also conducts accuracy reviews of a subset of cases as part of these oversight reviews to ensure compliance with the Woods Procedures and to ensure the accuracy of the facts in the applicable FISA application. 5 OI may conduct more than one accuracy review at a particular field office, depending on the number ofFISA applications submitted by the office and factors such as whether there are identified cases where errors have previously been reported or where there is potential for use of FISA information in a criminal prosecution. OI has also, as a matter of general practice,_ conducted accuracy reviews of FISA applications for which the FBI has requested affirmative use of FISA-obtained or -derived information in a proceeding against an aggrieved person. See 50U.S.C. §§ 1806(c), 1825(d).

During these reviews, OI attorneys verify that every factual statement in the categories of review described in footnote 5 is supported by a copy of the most authoritative document that exists or, in enumerated exceptions, by an appropriate alternate document. With regard specifically to human source reporting included in an application, the 2009 Memorandum requires that the accuracy sub-file include the reporting that is referenced in the application and further requires that the FBI must provide the reviewing attorney with redacted documentation from the confidential human source sub-file substantiating all factual assertions regarding the source’s reliability and background.

As Boasberg noted in his 702 opinion last year, this partial review may result in problems going unaddressed for years.

Personnel from the Office of Intelligence (OI) within the Department of Justice’s National Security Division (NSD) visit about half of the FBI’s field offices for oversight purposes in a given year. Id at 35 & n 42. Moreover OI understandably devotes more resources to offices that use FISA authorities more frequently, so those offices [redacted] are visited annually, id at 35 n. 42, which necessitates that some other offices go for periods of two years or more between oversight visits. The intervals of time between oversight visits at a given location may contribute to lengthy delays in detecting querying violations and reporting them to the FISC. See, e.g., Jan. 18, 2019, Notice [redacted] had been conducting improper queries in a training context since 2011, but the practice was not discovered until 2017).

Furthermore, OI’s review of a subset of a subset of applications targeting Americans only reviews for things included in the application, not things excluded from it.

OI’s accuracy reviews cover four areas: (1) facts establishing probable cause to believe that the target is a foreign power or an agent of a foreign power; (2) the fact and manner of FBI’s verification that the target uses or is about to use each targeted facility and that property subject to search is or is about to be owned, used, possessed by, or in transit to or from the target; (3) the basis for the asserted U.S. person status of the target(s) and the means of verification; and (4) the factual accuracy of the related criminal matters section, such as types of criminal investigative techniques used (e.g., subpoenas) and dates of pertinent actions in the criminal case.

DOJ admits that this is a problem, and considers doing a check for the kind of information excluded from Carter Page’s applications, but doesn’t commit to doing so and (again, unlike FBI) doesn’t give itself a deadline to do so.

Admittedly, these accuracy reviews do not check for the completeness of the facts included in the application. That is, if additional, relevant information is not contained in the accuracy sub-file and has not been conveyed to the OI attorney, these accuracy reviews would not uncover the problem. Many of the most serious issues identified by the OIG Report were of this nature. Accordingly, OI is considering how to expand at least a subset of its existing accuracy reviews at FBI field offices to check for the completeness of the factual information contained in the application being reviewed. NSD will provide a further update to the Court on any such expansion of the existing accuracy reviews.

Improving these oversight reviews will have a salutary effect on all FISA authorities, not just individualized orders. Since Boasberg has already identified the inadequacies of the current reviews, I would hope he’d ask for at least an improved oversight regime.

Treating alleged subpoenas like they’re not subpoenas

There’s a change promised that I’m unsure about: Chris Wray’s voluntary decision to subject Section 215 and pen register orders to heightened accuracy reviews.

Currently, the accuracy of facts contained in applications for pen register and trap and trace surveillance pursuant to 50 U.S.C. § 1841 , et seq. , or applications for business records pursuant to 50 U.S. C. § 1861 , et seq. , must, prior to submission to the Court, be reviewed for accuracy by the case agent and must be verified as true and correct under penalty ofpeijury pursuant to 28 U.S.C. § 1746 by the Supervisory Special Agent or other designated federal official submitting the application. Historically, the Woods Procedures described herein have not been formally applied by the FBI to applications for pen register and trap and trace surveillance or business records. As discussed in the FBI Declaration, FBI will begin to formally apply accuracy procedures to such applications and proposes to update the Court on this action by March 27, 2020.

FBI has, for years, told the public these are mere grand jury subpoena equivalents, and so the privacy impact is not that great. That Wray thinks these need accuracy reviews suggests they’re more intrusive than that, in which case by all means FBI should add these reviews.

But as I suggested in this post, some of the problems with the Carter Page applications might have been avoided had the Crossfire Hurricane team obtained call records from both Page and George Papadopoulos early in the process, which would not only have confirmed Page’s accurate claim that Paul Manafort never returned his emails (undermining a key claim from the dossier), but it would have revealed Papadopoulos’ interactions with suspect Russian asset Joseph Mifsud, thereby pinpointing where the investigative focus should have been (and making it a lot harder for Papadopoulos to obstruct the investigation in the way he did). The IG Report doesn’t ask why this didn’t happen, but it seems an important question because if the FBI chose not to use ostensibly less intrusive legal process because existing Section 215 applications are not worth the trouble, then making the purportedly less-intrusive applications even more onerous will only lead to a rush to use full FISA, as appears to have happened here.

Further breaking the affiant-officer of the court relationship

One of the more insightful observations from the IG Report described how OI attorneys and FBI agents applying for FISA orders don’t work as closely as prosecutors and agents on a normal case.

NSD officials told us that the nature of FISA practice requires that OI rely on the FBI agents who are familiar with the investigation to provide accurate and complete information. Unlike federal prosecutors, OI attorneys are usually not involved in an investigation, or even aware of a case’s existence, unless and until OI receives a request to initiate a FISA application. Once OI receives a FISA request, OI attorneys generally interact with field offices remotely and do not have broad access to FBI case files or sensitive source files. NSD officials cautioned that even if OI received broader access to FBI case and source files, they still believe that the case agents and source handling agents are better positioned to identify all relevant information in the files.

The proposed FISA fixes seem to derive from this OI viewpoint, that because OI don’t work closely with agents they need to replace cooperation that is often inadequate on normal criminal investigations with a process that has even less cooperation for applications that are supposed to have a higher degree of candor.

The FISA Fix Filing seems to envision FBI lawyers picking up this slack, but especially since DOJ devolved the application process to Field Agents some years ago, it’s not clear, at all, why this would result in better lawyering.

Formalizing the role of FBI attorneys in the legal review process for FISA applications, to include identification of the point at which SES-level FBI OGC personnel will be involved, which positions may serve as the supervisory legal reviewer, and establishing the documentation required for the legal review;

[snip]

Corrective Action #7 requires the formalization of the role of FBI attorneys in the legal review process for FISA applications, to include identification of the point at which SES-level FBI OGC personnel will be involved, which positions may serve as the supervisory legal reviewer, and establishing the documentation required for the legal reviewer. Through this Corrective Action, the FBI seeks to encourage legal engagement throughout the FISA process, while still ensuring that case agents and field supervisors maintain ownership of their contributions.

As it is, the FISA process requires a more senior agent to be the affiant on an application, which in at least one of the Page applications, resulted in someone who had less knowledge of the case making the attestation under penalty of perjury.

It may be that these changes go in the opposite direction from where FISA should go, which would be closer to the criminal warrant model where a judge will have an FBI affiant who anticipates taking the stand at a trial (and therefore needs to retain his or her integrity to avoid damaging the case), and an office of the court signing off on applications (whom judges can sanction directly). That is, by introducing more layers and absolving OI from some of the direct responsibility for the process, these proposed changes may make FISA worse, not better.

Remarkably, the court might consider something far more effective.

On Friday, Boasberg appointed David Kris as amicus for this consideration. Kris literally wrote the book on all this, in addition to writing the 2001 OLC memo that eliminated the wall between the intelligence collected under FISA and the prosecutions that arise out of them. In a recent podcast, he mused that the way to fix all this may be to give defendants review of their applications, something always envisioned by Congress, but something no defendant has done. That — along with a more robust oversight process — seems like it has a better chance of changing the way the FBI and DOJ approach FISA applications than adding a bunch more checklists for the process.

The frothy right is in a lather over Kris’ appointment, which is a testament to how little these people (up to and especially Devin Nunes) understand FISA. But he has the institutional clout to be able to recommend real fixes to FISA, rather than a bunch of paperwork to try to make the Woods Procedure to work the way it’s supposed to.

DOJ could, voluntarily, provide review to more defendants. Alternately, Congress could mandate it in whatever bill reauthorizes Section 215 this year. Or Kris could suggest that’s the kind of thing that should happen.

Update: David Kris submitted his recommendations to Boasberg. Like me, he finds Wray’s plan useful but not sufficient. Like me he notes that the agents doing the investigation should be the ones signing off on affidavits (and he suggests the FISC review more applications until new procedures are in place). Kris also focuses on cultural changes that need to happen.

One thing he doesn’t do is review DOJ’s role (though he does argue that part of this stems from conflict between DOJ and FBI).

He also notes that DOJ has not imposed deadlines for itself.

Horowitz

With Release of DOJ IG FISA Report, Democrats Should Pause on Impeachment

Democrats are going to roll out at least two articles of impeachment today.

But I think, in the wake of the release of the DOJ IG FISA Report, they should take a brief pause.

Don’t get me wrong. I think impeachment is necessary and urgent. I can see why Democrats might want to impeach even as Trump meets with Sergei Lavrov — particularly given Trump’s assault on Chris Wray for making some honest comments about the IG Report yesterday.

But I’ve gotten far enough into the IG Report to believe that it merits a pause for both sides to consider what it says. That’s because it basically says both parties were right. Democrats were right to think the investigation into Trump was fair and legitimately predicated. The Mueller Report has provided abundant evidence not only that Paul Manafort and Roger Stone (at a minimum) were willing to “collude” in the Russian hack-and-leak, but that they both took affirmative efforts to prevent Mueller from finding out whether they succeeded in doing so. Trump was a key player in that effort to obstruct the investigation. So the investigation was warranted, fairly predicated, and produced results that confirmed Trump’s people wanted to conspire with the Russian operation, whether or not they succeeded.

Republicans, however, were right that the Steele dossier was not adequately vetted by the FBI, and the FISA on Carter Page may not have been adequately substantiated (and the vetting on the follow-ups was even worse). That doesn’t mean Page shouldn’t have been investigated; he was already being investigated in April 2016, and things he did through December 2016 provided more cause for concern.

But neither of those things — the dossier’s shoddy vetting or the Page FISA — were key to the more substantive investigation into Trump. Indeed, Stone wasn’t even a subject in this early process; the first big investigative steps on him took place in August 2017, under Mueller.

I’ve got some quibbles with the report (mostly about how it treats exonerating information and Bruce Ohr and information sharing).

That said, the report should be an opportunity to step back and reflect on how the key issue — that Russia aggressively interfered in the US and a number of Americans embraced that effort — has gotten lost. That focus might make a few people, including Republicans who otherwise would not support impeachment but are appalled by the way Rudy has doubled down on his Ukrainian escapades, even meeting with KGB trained thugs, rethink the investigation into Trump.

Plus, the FISA Report provides one basis for bipartisan work in the near term.

Section 215 of the PATRIOT Act was due to get reauthorized on December 15. That got extended 3 months in the continuing resolution, but it will need reauthorized at that point. Meanwhile, over the past year, evidence that FBI misused FISA under both Jim Comey (with this IG Report) and Chris Wray (with the earlier report on problems with 702).

I’ve been arguing since at least February — and more aggressively since September, when I got the first concrete descriptions of how much this report would focus on process issues at FBI — that this IG Report would present an opportunity to call more substantive review of FISA. I got pushback among allies, because Carter Page is such an unsympathetic person to Democrats. But I think the report really demonstrates that, no matter how unsympathetic he is, no matter how warranted the investigation into him, the FISA process used against him was appalling.

So the surveillance community, which previously was able to unite Jim Jordan and the most Progressive Dems, really ought to take a step back and propose a three-part fix for FISA, one that could guide the further audit of FISA Michael Horowitz announced and one that might implement immediate legislative fixes to known FISA problems. At least beginning those conversation would provide some of the people yelling most loudly at each other a chance to talk about something they claim to agree on.

Let me be clear: I’m just arguing for a pause — maybe a week. Trump has violated every word of his oath of office and he threatens to undo our Constitution. But let’s take a few days and reflect on the way that the events of 2016 have sown division without getting us to do the things to prevent further Russian aggression. It won’t happen, but it’s what I think should happen.

The Other Servers and Laptops FBI Never Investigated: VR Systems and North Carolina Polling Books

Ron Wyden had a lot to say in his minority views to the SSCI Report on election security released yesterday, mostly arguing that there need to be national standards and assistance and that no one can make any conclusions about the effects of Russia’s efforts in 2016 because no one collected the data to make such conclusions.

But there’s one line in his section raising questions about the 2016 conclusions I find particularly interesting, pertaining to VR Systems (which he doesn’t name).

Assessments about Russian attacks on the administration of elections are also complicated by newly public information about the infiltration of an election technology company.

Since the Mueller Report came out, Wyden has been trying to chase down this reference in the report to the VR Systems hack.

Unit 74455 also sent spear-phishing emails to public officials involved in election administration and personnel a~ involved in voting technology. In August 2016, GRU officers targeted employees of [redacted; VR Systems], a voting technology company that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network.

In May, he sent a letter to VR Systems President Mindy Perkins, asking how the company could claim, in March 2018, that it had not experienced a security breach when the report said it had been infected with malware in August 2016. In response, the company told Wyden (according to a letter he and Amy Klobuchar sent FBI Director Chris Wray) that they had alerted the FBI that they found suspicious IPs in their logs in real time, but that FBI had never explained the significance of that.

In a May 16, 2019, letter to Senator Wyden, VR Systems described how it participated in an August 2016 conference call with law enforcement. Participants in that call were apparently asked by the FBI to “be on the lookout for certain suspicious IP addresses.” According to VR Systems, the company examined its website logs, “found that several of the IP addresses had, in fact, visited our website” and as a result, the company “notified the FBI as we had been directed to do.” VR Systems indicates they did not know that these IP addresses were part of a larger pattern until 2017, which suggests the FBI may not have followed up with VR Systems in 2016 about the nature of the threat they faced.

The implication from Wyden’s letters is that VR Systems only hired FireEye to conduct an assessment of what happened after Reality Winner leaked an NSA document making it clear they had been targeted by GRU in 2017. [Update: Kim Zetter actually reported this here.]

In their June 12 letter, Wyden and Klobuchar asked Wray whether the FBI followed up on VR Systems’ report.

  1. What steps, if any, did the FBI take to examine VR Systems’ servers for evidence of a successful cyber breach after the company alerted the FBI, in August of 2016, to the presence of suspicious IP addresses in its website logs? If the FBI did not examine VR Systems’ servers or request access to those servers, please explain why.
  2. Several months after VR Systems first contacted the FBI, electronic pollbooks made by the company malfunctioned during the November 8 general election in Durham County, North Carolina. In the two and a half years since that incident in Durham County, has the FBI requested access to the pollbooks that malfunctioned, and the computers used to configure them, in order to examine them for evidence of hacking? If not, please explain why.
  3. VR Systems contracted FireEye to perform a forensic examination of its systems in the summer of 2017. Has the FBI reviewed FireEye’s conclusions? If so, what were its key findings?

It’s unclear how Wray answered (or didn’t). But just before Wyden sent this letter, the WaPo reported that no one had yet conducted a forensic examination of the laptops used in the VR Systems polling books in North Carolina. After Democrats took over control, they finally persisted in getting DHS to agree to check the laptops.

On Tuesday, the Department of Homeland Security told The Washington Post it will conduct a forensic analysis of the laptops used in Durham County elections in 2016. Lawson said North Carolina first asked the department to conduct such a review more than 18 months ago, though he added that DHS has generally been a “good partner” on election security.

“We appreciate the Department of Homeland Security’s willingness to make this a priority so the lingering questions from 2016 can be addressed in advance of 2020,” said Karen Brinson Bell, the newly appointed executive director of the State Board of Elections.

After the election, Durham County hired a firm called Protus3 to dig into what happened. The security consultant said it appeared the problems were caused by user error but ended its 12-page report with a list of recommendations that included examining computers in a lab setting and interviewing more election workers.

Durham County elections director Derek Bowens said he is comfortable with the report’s conclusions. Even so, in 2017, the county switched to electronic poll books created by the state. Bowens said in an interview that the state’s software would save money and is, in his view, better.

But for North Carolina officials, concerns resurfaced in June 2017 when the website Intercept posted a leaked National Security Agency report referencing “cyber espionage operations against a . . . U.S. company in August 2016.” The NSA report said that “it was likely that at least one account was compromised.”

VR Systems soon acknowledged that hackers had targeted the company but insisted that its network had not been breached.

North Carolina officials weren’t so sure.

“This was the first leak that indicated anything like a nation-state actor targeting a voting systems vendor,” Lawson said.

The state elections board soon launched its own investigation, seizing 40 laptops from Durham in July. And it suspended the certification that allowed more than 20 North Carolina counties to use VR Systems’ poll books during elections, an action that would later land in court. “Over the past few months there has been a considerable change in the election security landscape and the level of scrutiny we receive,” the board wrote in a letter explaining its decision to VR Systems.

No one working for the board had the technical expertise to do a forensic examination of the machines for signs of intrusion. Staffers asked DHS for technical help but did not get a substantive answer for a year and a half, Lawson said.

As noted, FireEye appears to have done an assessment at VR Systems itself in the wake of the Winner disclosure. The WaPo reports that FireEye declared VR Systems hadn’t been hacked, but wouldn’t share any information with Wyden or–apparently–DHS.

VR Systems said a cybersecurity firm it hired to review its computer network in 2017 found no evidence of a hack. A subsequent review by DHS also found no issues, the company said. VR Systems declined to give Wyden documentation of those reviews, citing the need to protect proprietary information.

Wyden in a statement to The Post accused VR Systems of “stonewalling congressional oversight.”

A senior U.S. official confirmed DHS’s review of VR Systems’s network to The Post and noted that by the time agency investigators arrived, a commercial vendor had already “swept” the networks. “I can’t tell you what happened before the commercial vendor came in there,” the official said, speaking on the condition of anonymity to discuss a sensitive matter.

The same day as the WaPo report, Kim Zetter reported that VR Systems used remote updates for their software, opening up a possible point of compromise for hackers.

For two years, GRU hack denialists have thought it was the most important thing that the DNC provided FBI Crowdstrike’s forensic images of the hacked laptops, rather than providing the servers themselves.

But that step has, apparently, not been done yet with VR Systems. And the laptops that failed on election day are only now being forensically examined.  Which is why, I presume, that Wyden believes it’s premature to claim no vote totals were affected on election day 2016.

Congress Should Revert to Section 702 as Passed in 2008, If That’s What the Spooks Want!

Congress is passing a continuing resolution with an extension of Section 702 today, giving Congress one month to figure out how it will reauthorize the surveillance program.

But the Intelligence Community is making one more bid to talk Congress into passing some bill today. The same Intelligence Community that has opposed bills that offer even lip service reforms — most notably the House Judiciary Committee bill — insist that anything else than a new authorization will make the country less safe.

Reauthorizing Section 702 before it expires is vital to keeping the nation safe. Let us be clear: if Congress fails to act, vital intelligence collection on international terrorists and other foreign adversaries will be lost. The country will be less secure.

And (again, from an IC that has refused to engage with the HJC bill) the IC wants its reauthorization now, without the short term extension, because short term extension don’t provide certainty.

We also believe it is important that Congress reauthorize Section 702 before it expires on December 31, 2017.  Although the current Section 702 certifications do not expire until April 2018, the Intelligence Community would need to start winding down its Section 702 program well in advance of that date.  Winding down such a valuable program would force agencies to divert resources away from addressing foreign threats. Short-term extensions are not the long-term answer either, as they fail to provide certainty, and will create needless and wasteful operational complications. We urge Congress, therefore, to act quickly to reauthorize Section 702 in a manner that preserves the effectiveness of this critical national security law before it expires.

Where the release gets truly inexcusable, however, is how they flip their demand that this reauthorization codify certain dubious practices and not limit other ones. Congress is not required to make changes, the spooks say, without telling you that even the SSCI bill makes at least one reform, and most of the bills on the floor today make more serious ones. Those are the bills the IC prevented from passing.

To be clear – Congress is not required to make any changes to Section 702. The Intelligence Community conducts and uses 702 collection in a manner that protects the privacy and civil liberties of individuals.

The spooks pretend, as they have before, that the Ninth Circuit approved back door searches, which it didn’t.

Every single court that has reviewed Section 702 and queries of its data has found it to be constitutional.

They then take their emphasis on the word targeting a step further than normal to avoid telling you that their “targeted surveillance” of location-obscuring servers like Tor and VPNs actually collects on US persons, and the “oversight’ of that collection allows entirely domestic communications collected via such “targeted” collection to be used in criminal cases.

The Intelligence Community’s use of Section 702, which permits targeted surveillance only of foreign persons located outside the United States, is subject to extensive oversight and incorporates substantial protections to protect the privacy and civil liberties of individuals.

Here, the spooks don’t acknowledge how much has changed in between the various passage of these bills.

In short, we believe Congress got it right in 2008 when it passed Section 702 and in 2012 when Congress reauthorized it.

Consider: if the 702 on the table today were 702 as it existed in 2008, Congress would pass it gladly. That’s because no backdoor searches were permitted (though FBI was already doing them), to say nothing of the 2014 exception that permits the collection of US person location-obscured communications. And upstream “about” collection wasn’t affirmatively permitted either.

In other words, if Congress could have Section 702 as it passed in 2008, it’d be a vast improvement from a privacy perspective than the program as it exists right now (and also wouldn’t include a counterproliferation certificate or approval to target cybersecurity targets).

Note, too, the spooks don’t admit that most of Congress didn’t know about backdoor and other kinds of US person searches in 2012.

All that said, even after saying that Congress had it right in 2008, the spooks return to the coded demands that Congress not do a single thing to limit the spying on Americans that has gotten added to the program since 2008.

Nevertheless, the Intelligence Community continues to be open to reasonable reforms to Section 702 to further enhance the already-substantial privacy protections contained in the law, but we simply cannot support legislation that would impede the operational efficacy of this vital authority.

There were many “reasonable reforms to … further enhance the already-substantial privacy protections contained in the law.” Those were the bills the IC refused to let pass, which is why we’re here on one of the last legislative days of the year, punting this legislation for a month.