Posts

Alexander Vindman Proves That Working Within System Works Even While Derek Harvey Works To Destroy It

Jim here.

Last night, two very remarkable stories were published that, taken together, illustrate an extreme chasm in our defense community that receives far too little attention. To set the stage, it is necessary to go back to the early 2000’s for a development that has mostly been erased from our collective memory but has had an indelible and particularly harmful and lingering effect. As the George W. Bush Administration executed its pivot from the war in Afghanistan to the invasion of Iraq, it became necessary for the Bush folks to craft a set of intelligence “facts” supporting and then sustaining the action in Iraq. A primary tool used in this effort was create a separate intelligence apparatus, since the existing intelligence agencies did not produce analyses supporting the invasion.

A huge impact of this illegal war was that it devastated morale within the military at all ranks. Sadly, many of our highest ranking–and most ethical–officers chose retirement rather than to serve while an illegal war was being waged. With the Defense Secretary, Vice President and President clearly leading the charge for the war, it seems obvious that these officers realized that their analyses showing that the invasion was not justified were falling on deaf ears and that they would never be able to inject a dose of reality into the artificial reality on which the whole war effort rested. The result, as they had to be able to foresee, was that the Iraqi people and our enlisted forces suffered unnecessary and devastating losses, with impact continuing into the present even after “end” of US action in Iraq.

By 2006, some of these retired officers even began to speak out, calling for the resignation of Donald Rumsfeld. In a normal world, where the system of checks and balances within the military and with legislative and executive oversight functions operating properly, these officers would not have needed to retire, but instead would have been key factors in rejecting the invasion as unnecessary and based only on a set of political objectives rather than an actual need for military action to stave off harm to the region. As a trained geneticist, my feeling was that this event served as a sort of genetic selection within the military, where the population of those remaining and advancing through the ranks was enriched for those who bought into distorted politics of the invasion and a willingness to shape “facts” around a desired outcome. Our only hope, I felt, was that at least some would desire to stay within the system anyway and continue to work for the ideals of their oath to the Constitution administered when they joined the military.

So, fast forward to last night. The New York Times article on Alexander Vindman illustrates that Vindman is indeed just that sort of person I hoped would continue to stay and work within the system. His work as the senior Ukraine analyst on the National Security Council put him into position to see the illegal plan that the Trump Administration was carrying out force Ukrainian President Volodymyr Zelensky to investigate Hunter Biden in return for the release of essential Ukraine aid that Trump had frozen. Vindman’s response was by the book: document the crime and then report it up the chain of command:

“I did not think it was proper to demand that a foreign government investigate a U.S. citizen, and I was worried about the implications for the U.S. government’s support of Ukraine,” Colonel Vindman said in his statement. “I realized that if Ukraine pursued an investigation into the Bidens and Burisma it would likely be interpreted as a partisan play which would undoubtedly result in Ukraine losing the bipartisan support it has thus far maintained.”

/snip/

“This would all undermine U.S. national security,” Colonel Vindman added, referring to Mr. Trump’s comments in the call.

 

Vindman then went on to report his concerns:

“I did convey certain concerns internally to national security officials in accordance with my decades of experience and training, sense of duty, and obligation to operate within the chain of command,” he plans to say.

He will testify that he watched with alarm as “outside influencers” began pushing a “false narrative” about Ukraine that was counter to the consensus view of American national security officials, and harmful to United States interests. According to documents reviewed by The Times on the eve of his congressional testimony, Colonel Vindman was concerned as he discovered that Rudolph W. Giuliani, the president’s personal lawyer, was leading an effort to prod Kiev to investigate Mr. Biden’s son, and to discredit efforts to investigate Mr. Trump’s former campaign chairman, Paul Manafort, and his business dealings in Ukraine.

Vindman made not one, but two reports to the top lawyer in the NSC, John Eisenberg. Were it not for the whistleblower report and the impeachment inquiry stemming from it, the sad reality is that Vindman’s heroic actions might have ended with his reports to Eisenberg, as Eisenberg has been shown to have been working to quash the efforts to expose Trump’s illegal actions. But now that the House of Representatives has finally rediscovered the real duty of oversight (we already miss you, Elijah Cummings!), Vindman today has the opportunity provide a deposition to the three committees carrying out the impeachment investigation.  Vindman’s testimony seems likely to seal Trump’s fate, as it is nearly impossible to see how at least one article of impeachment won’t arise from the facts Vindman lays out. Whether Senate Republicans will also find their duty to truth rather than manufactured reality, of course, seems less likely, but at the very least it will be valuable to watch them squirm when the decision is laid squarely in their laps.

At almost the same time the Vindman article came out in the Times, Daily Beast detailed how a retired military officer, Derek Harvey, is working outside proper channels to disclose the identity of the whistleblower, endangering this individual and making future whistleblowers less likely to expose corruption. Harvey seems to be a poster child for exactly the type of officer who flourished after the mass exodus of those with a conscience. Here is how Daily Beast described his background:

Derek Harvey’s career has been extraordinary. As a Defense Intelligence Agency analyst, he played an important role in the 2007-8 troop surge in Iraq. David Petraeus kept Harvey aboard for an intelligence billet at U.S. Central Command. Harvey aligned with another member of the counterinsurgency coterie, DIA Director Mike Flynn, and followed Flynn onto Trump’s White NSC. From there, Harvey became a crucial aide to Nunes, a pivotal Flynn and Trump ally. There is no reasonable definition of Deep State that excludes Derek Harvey from elite membership.

So Harvey accelerated his military career, and career after retiring but staying within military intelligence, by joining forces with the Petraeus effort to craft “facts” around the Iraq surge–a cataclysmic failure that Petraeus always claimed as a stunning success–and then eventually joined Mike Flynn both in DIA and the NSC. One stop in Harvey’s career not on that list is detailed in Bob Woodward’s “Obama’s Wars” [quoted here]:

Based on what Harvey reported to General Petraeus, according to Woodward’s book, Petraeus “decided to create his own intelligence agency inside CentCom” (pg. 78, “Obama’s War”) to offset the shortcomings of the DNI, CIA, NSA, DIA and other US intelligence gathering agencies in gathering information about the Afghanistan-Pakistan region. He asked Harvey to draft plans for an agency modeled on Harvey’s approach. Reports Woodward, “Soon, Harvey was appointed director of the new Afghanistan-Pakistan Center of Excellence based at CentCom headquarters in Tampa, Florida.”

According to Woodward, Petraeus moved over $100 million into this project with Congress unaware of that move for several months. Harvey’s analysis that he gave to Petraeus: “the war could be won, but the U.S. government would have to make monumental long-term commitments for years that might be unpalatable with voters” (p. 79).

So Harvey clearly is essentially a ratfucker for hire, being willing to craft an intelligence set of “facts” to serve whatever master is paying him to do so. Although Woodward paints a rather admiring picture of Harvey’s diligence in approaching his intelligence gathering, comparing it to that of a homicide detective, historical context tells us that Petraeus simply didn’t like what he was getting from the existing agencies and needed his own “intelligence” to continue on his chosen path.

But, as you see above, Harvey is now working for Devin Nunes (R-Cow) and that is an especially devious team. From Daily Beast:

Derek Harvey, who works for Nunes, the ranking Republican on the House intelligence committee, has provided notes for House Republicans identifying the whistleblower’s name ahead of the high-profile depositions of Trump administration appointees and civil servants in the impeachment inquiry. The purpose of the notes, one source said, is to get the whistleblower’s name into the record of the proceedings, which committee chairman Adam Schiff has pledged to eventually release. In other words: it’s an attempt to out the anonymous official who helped trigger the impeachment inquiry.

Mark Zaid explained to Daily Beast the horrible implications of what Harvey is doing:

“Exposing the identity of the whistleblower and attacking our client would do nothing to undercut the validity of the complaint’s allegations,” said Mark Zaid, one of the whistleblower’s attorneys. “What it would do, however, is put that individual and their family at risk of harm. Perhaps more important, it would deter future whistleblowers from coming forward in subsequent administrations, Democratic or Republican.”

It’s hard to imagine two more polar opposites than Alexander Vindman and Derek Harvey. Vindman is a patriot committed to the security of the US and working within the system while Harvey is willing to sell out US security to whatever wingnut is willing to pay him and to bypass every safeguard built into the system.

The Significance of the James Wolfe Sentence for Mike Flynn, Leak Investigations, and the Signal Application

Yesterday, Judge Ketanji Brown Jackson sentenced former SSCI head of security James Wolfe to two months in prison for lying to the FBI. In her comments announcing the sentence, Jackson explained why she was giving Wolfe a stiffer sentence than what George Papadopoulos and Alex van der Zwaan received: because Wolfe had abused a position of authority.

“This court routinely sentences people who come from nothing, who have nothing, and whose life circumstances are such that they really don’t have a realistic shot of doing anything other than committing crimes,” Jackson said. “The unfortunate life circumstances of those defendants don’t result in a lower penalty, so why should someone who had every chance of doing the right thing, a person who society rightly expects to live up to high moral and ethical standards and who has no excuse for breaking the law, be treated any better in this regard.”

[snip]

Wolfe’s case was not part of special counsel Robert Mueller’s investigation, but the judge compared his situation to two defendants in the Mueller probe who also pleaded guilty to making false statements — former Trump campaign adviser George Papadopoulos, who spent 12 days in prison, and Dutch lawyer Alex van der Zwaan, who was sentenced to 30 days. Jackson concluded that Wolfe’s position as head of security for the Intelligence Committee was an “aggravating” factor.

The public shame he had endured, and the loss of his job and reputation, were not punishment enough, the judge said, but were rather the “natural consequence of having chosen to break the law.”

“You made blatant false statements directly to FBI agents who questioned you about matters of significance in the context of an ongoing investigation. And if anything, the fact that you were a government official tasked with responsibility for protecting government secrets yourself seems to make you more culpable than van der Zwaan and Papadopoulos, who held no such positions,” Jackson said.

While the resolution of this case is itself notable, it has likely significance in three other areas: for Mike Flynn, for DOJ’s leak investigations, and for encrypted messaging apps.

Emmet Sullivan will cite this sentence as precedent

It’s still far from clear that Emmet Sullivan will be sentencing Mike Flynn three months from now. Given Trump’s increasingly unstable mood, Flynn might get pardoned. Or, Flynn might try to judge shop, citing Sullivan’s invocation of treason Tuesday.

But if Sullivan does eventually sentence Flynn and if he still feels inclined to impose some prison time to punish Flynn for selling out his country, he can cite both this sentence and the language Jackson used in imposing it. Like Wolfe, Flynn occupied a (arguably, the) position of great responsibility for protecting our national security. Sullivan seems to agree with Jackson that, like Wolfe, Flynn should face more consequences for abusing the public trust. So Wolfe’s sentence might start a countertrend to the David Petraeus treatment, whereby the powerful dodge all responsibility.

(Note, this is a view that Zoe Tillman also expressed yesterday.)

DOJ may rethink its approach to using false statements to avoid the difficulties of leak cases

I have zero doubt that DOJ prosecuted Wolfe because they believe he is Ellen Nakashima’s source for the story revealing that Carter Page had been targeted with a FISA order, which is how they came to focus on him in the first place. But instead of charging him with that, they charged him for lying about his contacts with Nakashima, Ali Watkins, and two other journalists (and, in their reply to his sentencing memo, made it clear he had leaked information to two other young female national security reporters). In the sentencing phase, however, the government asked for a significant upward departure, a two year sentence that would be equivalent to what he’d face if they actually had proven him to be Nakashima’s source.

While the government provided circumstantial evidence he was Nakashima’s source — in part, her communications to him in the aftermath of the story — he convincingly rebutted one aspect of that claim (a suggestion that she changed her email footer to make her PGP key available to him). More importantly, he rightly called out what they were doing, trying to insinuate he had leaked the FISA information without presenting evidence.

The government itself admitted no fewer than four times in its opening submission that it found no evidence that Mr. Wolfe disclosed Classified Information to anyone. See infra Part I.A. Nonetheless, the government deploys the word “Classified” 58 times in a sentencing memorandum about a case in which there is no evidence of disclosure of Classified Information—let alone a charge.

[snip]

The government grudgingly admits that it lacks evidence that Mr. Wolfe disclosed Classified Information to anyone. See, e.g., Gov. Mem. at 1 (“although the defendant is not alleged to have disclosed classified information”); id. at 6 (“notwithstanding the fact that the FBI did not uncover evidence that the defendant himself disclosed classified national security information”); id. at 22 (“[w]hile the investigation has not uncovered evidence that Wolfe disclosed classified information”); id. at 25 n.14 (“while Wolfe denied that he ever disclosed classified information to REPORTER #2, and the government has no evidence that he did”).

The Court should see through the government’s repetition of the word “Classified” in the hope that the Court will be confused about the nature of the actual evidence and charges in this case and sentence Mr. Wolfe as if he had compromised such information.1

1 Similarly, the government devotes multiple pages of its memorandum describing the classified document that Mr. Wolfe is not accused of having disclosed. And although the government has walked back its initial assertion that Mr. Wolfe “received, maintained, and managed the Classified Document” (Indictment ¶ 18) to acknowledge that he was merely “involved in coordinating logistics for the FISA materials to be transported to the SSCI” (Gov. Mem. at 10), what the government still resists conceding is the fact that Mr. Wolfe had no access to read that document, let alone disclose any part of it. Beyond providing an explanation of how the FBI’s investigation arose, that document has absolutely no relevance to Mr. Wolfe’s sentencing, but it and its subject, an individual under investigation for dealings with Russia potentially related to the Trump campaign, likely have everything to do with the vigor of the government’s position.

It’s unclear, at this point, whether the government had evidence against Wolfe but chose not to use it because it would have required imposing on Nakashima’s equities (notably, they appear to be treating Nakashima with more respect than Ali Watkins, though it may be that they only chose to parallel construct Ali Watkins’ comms) and introduce classified evidence at trial. It may be that Wolfe genuinely isn’t the culprit.

Or it may be that Wolfe’s operational security was just good enough to avoid leaving evidence.

Whatever it is, particularly in a culture of increasing aggressiveness on leaks, the failure to get Wolfe here may lead DOJ to intensify its other efforts to pursue leakers using the Espionage Act.

DOJ might blame Signal and other encrypted messaging apps for their failure to find the Carter Page FISA culprit

And if DOJ believes they couldn’t prove a real case against Wolfe because of his operational security, they may use it to go after Signal and other encrypted messaging apps.

That’s because Wolfe managed to hide a great deal of his communications with journalists until they had sufficient evidence for a Rule 41 warrant to search his phone (which may well mean they hacked his phone). Here’s what it took to get Wolfe’s Signal texts.

Once the government discovered that Wolfe was dating Watkins, they needed to find a way to investigate him without letting him know he was a target, which made keeping classified information particularly difficult. An initial step involved meeting with him to talk about the leak investigation — purportedly of others — which they used as an opportunity to image his phone.

The FBI obtained court authority to conduct a delayed-notice search warrant pursuant to 18 U.S.C. § 3103a(b), which allowed the FBI to image Wolfe’s smartphone in October 2017. This was conducted while Wolfe was in a meeting with the FBI in his role as SSCI Director of Security, ostensibly to discuss the FBI’s leak investigation of the classified FISA material that had been shared with the SSCI. That search uncovered additional evidence of Wolfe’s communications with REPORTER #2, but it did not yet reveal his encrypted communications with other reporters.

Imaging the phone was not sufficient to discover his Signal texts.

Last December and this January, the FBI had two more interviews with Wolfe where they explicitly asked him questions about the investigation. At the first one, even after he admitted his relationship with Watkins, Wolfe lied about the conversations he continued to have on Signal.

The government was able to recover and view a limited number of these encrypted conversations only by executing a Rule 41 search warrant on the defendant’s personal smartphone after his January 11, 2018 interview with the FBI. It is noteworthy that Signal advertises on its website that its private messaging application allows users to send messages that “are always end-to-end encrypted and painstakingly engineered to keep your communication safe. We [Signal] can’t read your messages or see your calls, and no one else can either.” See Signal Website, located at https://signal.org. The government did not recover or otherwise obtain from any reporters’ communications devices or related records the content of any of these communications.

Then, in a follow-up meeting, he continued to lie, after which they seized his phone and found “fragments” of his Signal conversations.

It is noteworthy that Wolfe continued to lie to the FBI about his contacts with reporters, even after he was stripped of his security clearances and removed from his SSCI job – when he no longer had the motive he claimed for having lied about those contacts on December 15. During a follow-up voluntary interview at his home on January 11, 2018, Wolfe signed a written statement falsely answering “no” to the question whether he provided REPORTER #2 “or any unauthorized person, in whole or in part, by way of summary, or verbal [or] non-verbal confirmation, the contents of any information controlled or possessed by SSCI.” On that same day, the FBI executed a second search warrant pursuant to which it physically seized Wolfe’s personal telephone. It was during this search, and after Wolfe had spoken with the FBI on three separate occasions about the investigation into the leak of classified information concerning the FISA application, that the FBI recovered fragments of his encrypted Signal communications with REPORTERS #3 and #4.

They specify that this second warrant was a Rule 41 warrant, which would mean it’s possible — though by no means definite — that they hacked the phone.

The government was able to recover and view a limited number of these encrypted conversations only by executing a Rule 41 search warrant on the defendant’s personal smartphone after his January 11, 2018 interview with the FBI. It is noteworthy that Signal advertises on its website that its private messaging application allows users to send messages that “are always end-to-end encrypted and painstakingly engineered to keep your communication safe. We [Signal] can’t read your messages or see your calls, and no one else can either.” See Signal Website, located at https://signal.org.

Mind you, this still doesn’t tell us much (surely by design). In another mention, they note Signal’s auto-delete functionality.

Given the nature of Signal communications, which can be set to delete automatically, and which are difficult to recover once deleted, it is impossible to tell the extent of Wolfe’s communications with these two reporters. The FBI recovered 626 Signal communications between Wolfe and REPORTER #3, and 106 Signal communications between Wolfe and REPORTER #4.

Yet it remains unclear (though probably likely) that the “recovered” texts were Signal (indeed, given that he was lying and the only executed the Rule 41 warrant after he had been interviewed a second time, he presumably would have deleted them then if not before). DOJ’s reply memo also reveals that Wolfe deleted a ton of his texts to Watkins, as well.

The defendant and REPORTER #2 had an extraordinary volume of contacts: in the ten months between December 1, 2016, and October 10, 2017, alone, they exchanged more than 25,750 text messages and had 556 phone calls, an average of more than 83 contacts per day. The FBI was unable to recover a significant portion of these text messages because they had been deleted by the defendant.

All of this is to say two things: first, the government would not pick up Signal texts — at least not deleted ones — from simply imaging a phone. Then, using what they specify was a Rule 41 warrant that could indicate hacking, they were able to obtain Signal. At least some of the Signal texts the government has revealed pre-date when his phone was imaged.

That’s still inconclusive as to whether Wolfe had deleted Signal texts and FBI was able to recover some of them, or whether they were unable to find Signal texts that remained on his phone when they imaged it in October.

Whichever it is, it seems clear that they required additional methods (and custody of the phone) to find the Signal texts revealing four relationships with journalists he had successfully hidden until that point.

Which is why I worry that the government will claim it was unable to solve the investigation into who leaked Carter Page’s FISA order because of Signal, and use that claim as an excuse to crack down on the app.

On Emmet Sullivan’s Order for Mike Flynn’s 302s: Be Careful What You Ask For

In his sentencing memorandum, Mike Flynn waved the following in front of Judge Emmet Sullivan, like a red cape before a bull.

There are, at the same time, some additional facts regarding the circumstances of the FBI interview of General Flynn on January 24, 2017, that are relevant to the Court’s consideration of a just punishment.

At 12:35 p.m. on January 24, 2017, the first Tuesday after the presidential inauguration, General Flynn received a phone call from then-Deputy Director of the FBI, Andrew McCabe, on a secure phone in his office in the West Wing.20 General Flynn had for many years been accustomed to working in cooperation with the FBI on matters of national security. He and Mr. McCabe briefly discussed a security training session the FBI had recently conducted at the White House before Mr. McCabe, by his own account, stated that he “felt that we needed to have two of our agents sit down” with General Flynn to talk about his communications with Russian representatives.21

Mr. McCabe’s account states: “I explained that I thought the quickest way to get this done was to have a conversation between [General Flynn] and the agents only. I further stated that if LTG Flynn wished to include anyone else in the meeting, like the White House Counsel for instance, that I would need to involve the Department of Justice. [General Flynn] stated that this would not be necessary and agreed to meet with the agents without any additional participants.”22

Less than two hours later, at 2:15 p.m., FBI Deputy Assistant Director Peter Strzok and a second FBI agent arrived at the White House to interview General Flynn.23 By the agents’ account, General Flynn was “relaxed and jocular” and offered to give the agents “a little tour” of the area around his West Wing office. 24 The agents did not provide General Flynn with a warning of the penalties for making a false statement under 18 U.S.C. § 1001 before, during, or after the interview. Prior to the FBI’s interview of General Flynn, Mr. McCabe and other FBI officials “decided the agents would not warn Flynn that it was a crime to lie during an FBI interview because they wanted Flynn to be relaxed, and they were concerned that giving the warnings might adversely affect the rapport,” one of the agents reported.25 Before the interview, FBI officials had also decided that, if “Flynn said he did not remember something they knew he said, they would use the exact words Flynn used, . . . to try to refresh his recollection. If Flynn still would not confirm what he said, . . . they would not confront him or talk him through it.”26 One of the agents reported that General Flynn was “unguarded” during the interview and “clearly saw the FBI agents as allies.”27

He cited a memo that fired FBI Deputy Director Andrew McCabe wrote the day of Flynn’s interview and the interview report (called a “302”) that fired FBI Special Agent Peter Strzok had a hand in writing up in August 2017, some seven months after the interview.

In response, the judge in his case, Emmet Sullivan, issued an order asking not just for those two documents, but any documents related to the matters Flynn writes up, to be filed by tomorrow, along with the government’s reply to his memorandum.

And so it is that on the one year anniversary of the order Sullivan issued to ensure that Flynn got any exculpatory information relating to his plea, that the hopes among the frothy right that Flynn’s prosecution (including for lying about his sleazy influence peddling with Turkey) will be delegitimized and with it everything that happened subsequent to Flynn’s plea might be answered.

Or maybe not.

For those unfamiliar with his background, back in the waning years of the Bush Administration, Sullivan presided over the Ted Stevens’ prosecution. After Stevens was convicted, DOJ started ‘fessing up to a bunch of improprieties, which led Sullivan (on newly confirmed Eric Holder’s recommendation) to throw out the conviction. Sullivan demanded a report on the improprieties, which ended up being a scathing indictment of DOJ’s actions (that nevertheless didn’t lead to real consequences for those involved). Since that time, Sullivan has been wary of DOJ’s claims, which has led him to do things like routinely issue the order he did with Flynn’s case, making sure that defendants get any exculpatory evidence they should get.

Regardless of how this request works out, you should applaud Sullivan’s diligence. He’s one of just a few judges who approaches the government with the skepticism they deserve. And to the extent that problems with our criminal justice system only get noticed when famous people go through it, it’s important that this one be treated with such diligence.

Still, those problems include both abuse, like we saw in the Stevens case, and special treatment, like David Petraeus got, and it’s actually unclear whether Sullivan’s request will uncover one or the other (or neither). I say that for several reasons.

First, because the public evidence suggests that — if anything — Obama’s appointees demanded FBI proceed cautiously in their investigation of Trump’s people, delaying what in any other case would have been routine early collection. When FBI discovered Flynn making suspicious comments to Sergei Kislyak, concerns about how to proceed went all the way up to Obama.

Moreover, contrary to most reporting on this interview, the FBI’s suspicions about Flynn did not arise exclusively from his calls to Kislyak. The interview happened after a counterintelligence investigation into Flynn had been open for months, as laid out by the House Intelligence Committee Russia report.

Director Comey testified that he authorized the closure of the CI investigation into general Flynn by late December 2016; however, the investigation was kept open due to the public discrepancy surrounding General Flynn’s communications with Ambassador Kislyak. [redacted] Deputy Director McCabe stated that, “we really had not substantiated anything particularly significant against General Flynn,” but did not recall that a closure of the CI investigation was imminent.

If McCabe believed the CI investigation into Flynn had produced mostly fluff, it might explain why he would approach setting up an interview with him with less than the rigor that he might have (as arguably happened with Hillary in the analogous situation). He didn’t expect there to be a there there, but then there was (remember, Jim Comey has repeatedly said that the one thing that might have led the Hillary investigation to continue past her interview as if they caught her lying; the difference is that Flynn told obvious lies whereas Hillary did not).

Finally, there’s one other, major reason to think this ploy may not work out the way Flynn might like. That’s because the frothy right, its enablers in Congress, and the White House itself has pursued this line for most of a year. Particularly in the wake of Flynn’s cooperation agreement, claiming that Flynn was just confused or forgetful when he spoke to the FBI has been central to Trump’s serial cover stories for why he fired Flynn.

So Republicans hoping to find the smoking gun have looked and looked and looked and looked and looked at the circumstances of Mike Flynn’s interview. Already by March of last year, they had resorted only to misstating Comey’s testimony about what happened in the HPSCI report.

Director Comey testified to the Committee that “the agents … discerned no physical indications of deception. They didn’t see any change in posture, in tone, in inflection, in eye contact. They saw nothing that indicated to them that he knew he was lying to them.”

Nothing in the report — which now includes a section substantially declassified to reveal more purportedly incriminating details about Flynn — suggests real impropriety with his interview.

Even in that very same paragraph, they quote McCabe (the guy who wrote up a memo that same day, which is probably what Sally Yates relied on when she suggested to the White House they needed to fire Flynn) stating very clearly that the FBI agents recognized that Flynn had lied.

McCabe confirmed the interviewing agent’s initial impression and stated that the “conundrum that we faced on their return from the interview is that although [the agents] didn’t detect deception in the statements that he made in the interview … the statements were inconsistent with our understanding of the conversation that he had actually had with the ambassador.”

The degree to which, after looking and looking and looking and looking for some smoking gun relating to the Flynn interview but finding very little is perhaps best indicated by where that search has gotten after looking and looking and looking and looking — as most recently exhibited in Jim Comey’s questioning from a week ago, by the Republicans’ best prosecutor, Trey Gowdy. After (apparently) hoping to catch Comey lying about what investigators thought when the lifetime intelligence officer managed to lie without any tells but instead leading him through a very cogent explanation of it, Gowdy then resorts to sophistry about what day of the week it is.

Mr. Gowdy. Who is Christopher Steele? Well, before I go to that, let me ask you this.

At any — who interviewed General Flynn, which FBI agents?

Mr. Comey. My recollection is two agents, one of whom was Pete Strzok and the other of whom is a career line agent, not a supervisor.

Mr. Gowdy. Did either of those agents, or both, ever tell you that they did not adduce an intent to deceive from their interview with General Flynn?

Mr. Comey. No.

Mr. Gowdy. Have you ever testified differently?

Mr. Comey. No.

Mr. Gowdy. Do you recall being asked that question in a HPSCI hearing?

Mr. Comey. No. I recall — I don’t remember what question I was asked. I recall saying the agents observed no indicia of deception, physical manifestations, shiftiness, that sort of thing.

Mr. Gowdy. Who would you have gotten that from if you were not present for the interview?

Mr. Comey. From someone at the FBI, who either spoke to — I don’t think I spoke to the interviewing agents but got the report from the interviewing agents.

Mr. Gowdy. All right. So you would have, what, read the 302 or had a conversation with someone who read the 302?

Mr. Comey. I don’t remember for sure. I think I may have done both, that is, read the 302 and then spoke to people who had spoken to the investigators themselves. It’s possible I spoke to the investigators directly. I just don’t remember that.

Mr. Gowdy. And, again, what was communicated on the issue of an intent to deceive? What’s your recollection on what those agents relayed back?

Mr. Comey. My recollection was he was — the conclusion of the investigators was he was obviously lying, but they saw none of the normal common indicia of deception: that is, hesitancy to answer, shifting in seat, sweating, all the things that you might associate with someone who is conscious and manifesting that they are being — they’re telling falsehoods. There’s no doubt he was lying, but that those indicators weren’t there.

Mr. Gowdy. When you say “lying,” I generally think of an intent to deceive as opposed to someone just uttering a false statement.

Mr. Comey. Sure.

Mr. Gowdy. Is it possible to utter a false statement without it being lying?

Mr. Comey. I can’t answer — that’s a philosophical question I can’t answer.

Mr. Gowdy. No, I mean, if I said, “Hey, look, I hope you had a great day yesterday on Tuesday,” that’s demonstrably false.

Mr. Comey. That’s an expression of opinion.

Mr. Gowdy. No, it’s a fact that yesterday was —

Mr. Comey. You hope I have a great day —

Mr. Gowdy. No, no, no, yesterday was not Tuesday.

Then Gowdy tries a new tack: suggesting that Flynn should have gotten the agents’ finding that he lied without any physical tells provided as some kind of Brady evidence.

Mr. Gowdy. And, again — because I’m afraid I may have interrupted you, which I didn’t mean to do — your agents, it was relayed to you that your agents’ perspective on that interview with General Flynn was what? Because where I stopped you was, you said: He was lying. They knew he was lying, but he didn’t have the indicia of lying.

Mr. Comey. Correct. All I was doing was answering your question, which I understood to be your question, about whether I had previously testified that he — the agents did not believe he was lying. I was trying to clarify. I think that reporting that you’ve seen is the product of a garble. What I recall telling the House Intelligence Committee is that the agents observed none of the common indicia of lying — physical manifestations, changes in tone, changes in pace — that would indicate the person I’m interviewing knows they’re telling me stuff that ain’t true. They didn’t see that here. It was a natural conversation, answered fully their questions, didn’t avoid. That notwithstanding, they concluded he was lying.

Mr. Gowdy. Would that be considered Brady material and hypothetically a subsequent prosecution for false statement?

Mr. Comey. That’s too hypothetical for me. I mean, interesting law school question: Is the absence of incriminating evidence exculpatory evidence? But I can’t answer that question.

I mean, maybe there are some irregularities explaining why it took seven months to write up Flynn’s 302 and how information about the interview was shared within DOJ in the interim; if there is I’d like to know what those are. But what everyone seems to agree is that there was no dispute, from the very beginning, that Flynn lied.

And Flynn’s statement actually makes things worse for himself (and, importantly, for one of the White House cover stories that his firing was immediately precipitated by Don McGahn confronting him with the transcript of his conversation with Kislyak). Flynn’s own sentencing memo makes it clear the FBI Agents were quoting directly from the transcript about what he said.

FBI officials had also decided that, if “Flynn said he did not remember something they knew he said, they would use the exact words Flynn used, . . . to try to refresh his recollection. If Flynn still would not confirm what he said, . . . they would not confront him or talk him through it.”

So Flynn would have known, way back when the White House was trying to find excuses to keep him on, precisely what he had been caught saying.

Finally, remember two more details. While we can’t read it, Sullivan (and Flynn’s team) know what’s behind this redaction:

That means Sullivan knows, even if we don’t, why Mueller thinks it so important that Flynn lied, and so may have a very different understanding about the import of those lies.

Finally, note that along with requiring the government to turn over all the filings relating to his interview (not just the two Flynn selectively quoted from), Sullivan also instructed the government to file their reply to Flynn’s sentencing memo by the same time.

DOJ has never had the opportunity to write its own explanation for what happened with Flynn’s interview. By inviting a reply specifically in the context of this Flynn claim, Sullivan has given DOJ the opportunity to do just that, finally.

DOJ may have a very interesting explanation for why they approached a counterintelligence interview with a guy they might have considered one of them with jocularity.

Sure, there may yet be damning details. As I’ve said, I really look forward to learning why it took seven months to formally memorialize this interview.

But the GOP has been looking for a smoking gun for a year and have not apparently found one. It’s quite possible we’ll learn something else tomorrow, that Mike Flynn actually got special treatment that none of us would get if we were suspected of being recruited by Russian intelligence.

At the very least, Sullivan’s order may result in documentation that reveals just how shoddy all the claims irregularity surrounding Flynn’s interview have been all this time.

Update: Elevating this from pinc’s comment. If DOJ chooses to tell a story that at all resembles Greg Miller’s account of the meeting (including that Flynn specifically said he didn’t want to have a lawyer of any type present), then this could spectacularly backfire.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Peter Smith Had a Penchant for Secrecy, But Whence Might Be More Interesting Than How

After a long period of press disinterest in the Peter Smith operation during election year, the WSJ has an important story that describes that “investigators” are (predictably) showing intense interesting in the Republican rat-fucker’s efforts, which extended to working with presumed Russian hackers, to find Hillary’s deleted emails.

Before I address the headline claim of the story — about Smith’s secrecy — I’d like to lay out what the story actually describes.

Way at the end of the story, it provides evidence that casts doubt on the claim Smith killed himself last year — an on the record quote from retired Wall Street financier Charles Ortel, who had been involved in the anti-Clinton effort, describing correspondence with Smith in the days before he died laying out optimistic future plans.

As regards the Clinton email effort itself, the story says that the Smith effort “remain[s] of intense interest to federal investigators working for special counsel Robert Mueller’s office and on Capitol Hill,” suggesting it relies on both Hill sources and people who know what Mueller is up to (the latter of which up to this point, has always been mediated through witnesses). In key places in the story, it conflates those two investigations, which doesn’t necessarily mean witnesses making claims about Mueller’s intensifying focus are wrong, but does show real sloppiness on the part of the reporting, which invites some skepticism about the significance of the conclusions offered (including the article’s focus on Mike Flynn role in Smith’s rat-fuck; click through to read that).

People familiar with the investigations described Mr. Smith’s activities as an area of expanding interest.

The article also relies on documents, which it describes to include emails and court records, including:

  • Court records involving Smith associate John Szobocsan’s efforts to get Smith’s estate to repay him for legal fees associated with three interviews with the Mueller team and an August grand jury appearance (which is pretty good evidence of Mueller’s focus, though not why).
  • Correspondence showing Smith asking associates to “folder,” writing drafts in a Gmail account under the fake name of Robert Tyler, that both the associates and Smith had access to.
  • “[A]n email in the ‘Robert Tyler’ [foldering] account [showing] Mr. Smith obtained $100,000 from at least four financiers as well as a $50,000 contribution from Mr. Smith himself.” The email was dated October 11, 2016 and has the subject line, “Wire Instructions—Clinton Email Reconnaissance Initiative.” It came from someone calling himself “ROB,” describing the funding as supporting “the Washington Scholarship Fund for the Russian students.” The email also notes, “The students are very pleased with the email releases they have seen, and are thrilled with their educational advancement opportunities.” The WSJ states that Ortel is not among the funders named in the email, which means they know who the other four funders are (if one or more were a source for the story, it might explain why WSJ is not revealing that really critical piece of news).

The WSJ really bolloxes describing the significance of the timing of this email as coming,

just days after WikiLeaks and the website DCLeaks began releasing emails damaging to Mrs. Clinton’s campaign and four days after the U.S. government publicly warned that Russia was attempting to interfere in the U.S. election

What it means is that it came just four days after the Podesta emails first started coming out, suggesting that the reference to Russian students is actually code for happiness about the emails already being released by the Russians.

For reasons I’ll return to, the suggestion Smith and his fellow rat-fuckers appear to have been using code to discuss already released emails that were neither Clinton Foundation nor deleted emails are really interesting.

With all that in mind, here are Smith’s adopted methods of secrecy (beyond whatever funding methods are described in the email; Buzzfeed talked about different suspicious transactions here):

  • The apparent code used by an unidentified person, which appears to show conspirators speaking about stolen emails in the guise of a student fund in DC
  • Foldering — a method for which law enforcement has had effective countermeasures that have been widely publicized since the David Petraeus case, the use of which Smith committed to correspondence that got shared outside of the immediate conspirators
  • A burner phone or phone number: “one phone number that he used for sensitive matters”
  • Proton Mail or similar: “a commercially available encrypted email account”
  • Encryption not described to be anything beyond typical full disk encryption (but which could be PGP)

The code is interesting and perhaps intentionally damning. But fat lot of good either the code or the foldering does if the emails in question bear the smoking gun subject line, “Wire Instructions—Clinton Email Reconnaissance Initiative,” to say nothing of the correspondence that commits to writing that they’re using foldering. Indeed, using code in an email with an uncoded subject line is the opposite of good operational security; it serves instead as a blinking red light telling investigators where to look and that the code is code. “Bobby Three Sticks Read Me!!!”

As for the other things — basically the use of encryption and a burner that, given that it was discovered, wasn’t narrowly enough executed — they show an effort to use secrecy. But not a successful effort to do so.

Further, with regards to encryption, this Politico article from last year reveals Royal O’Brien (who, except for the context, might be a candidate to be the October 11 email described by WSJ) advising Smith about PGP, which suggests any non-commercial encryption may have been adopted after key parts of the conspiracy took place.

In an email chain from October obtained by Politico, Smith sought the advice of a tech-savvy business associate about concerns that WikiLeaks had been attacked by hackers. In the email, the associate, Royal O’Brien, a Jacksonville-based programmer Smith described as a dark web expert, advised Smith about the use of PGP keys for encryption and opined that anyone who launched an attack on WikiLeaks would likely face stiff blowback from the group’s web-savvy supporters.

All of this leads me to be more interested in where the methods adopted imperfectly by this 80 year old came from than that he did. An obvious candidate is Chuck Johnson, whose cooperation with the Smith rat-fuck is detailed in the Politico article, and whose businesses have all been shutting down in recent months, and whose defense attorney did not respond to a question from me last week about whether he still represents Johnson. Though Johnson, and his Nazi friend living in Ukraine, Weev, are better at operational security than what the WSJ describes here.

Someone got this old rat-fucker to use just enough secrecy to serve as signposts for the interesting bits.

I’m as interested in who provided that advice (and when) as I am in the identity of the four donors whom WSJ must know but isn’t sharing.

As I said in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The Two Legitimacy Problems with the Nghia Pho Sentence

Nghia Pho was sentenced to 5 years and 6 months yesterday. He is presumed to have been one of the sources for the files released by Shadow Brokers (though I have been told he couldn’t be the sole source).

The government had asked for 8 years, just a month short of the top of the guidelines for the crime to which he pled guilty (though the government could have charged him much more aggressively and gotten far more time). In sentencing Pho, however, Judge George Russell seemed persuaded by Pho attorney Robert Bonsib’s point that David Petraeus did no jail time for what actually would have been a worse offense had he also been charged with sharing with his mistress the code word intelligence he mishandled and then lying about both to the FBI, as well as if the government admitted that the information Petraeus shared actually did show up in Paula Broadwell’s hagiography of the general.

Russell seemed particularly perturbed that former CIA Director David Petraeus managed to get probation after admitting he kept highly classified information in his home without permission, shared it with his girlfriend and lied to investigators.

“Did he do one day in prison?” the clearly frustrated judge asked. “Not one day. … What happened there? I don’t know. The powerful win over the powerless? … The people at the top can, like, do whatever they want to do and walk away.”

Admittedly, the unstated presumption that Pho’s mishandling of NSA’s hacking tools led to first their leak then the downstream malware attacks tied to them seems to justify the government’s call for a harsh sentence and is reflected in statements from both Russell and prosecutor.

Russell called Pho’s actions “extraordinarily serious.” He also rejected claims that it was an isolated mistake, noting that Pho took the top-secret material to his home for years.

[snip]

Little was said at Tuesday’s hearing about what information may have escaped Pho’s control or where it wound up, although Windom used very strong language about the impact of Pho’s actions, calling it “devastating.”

And it also explains the language of Pho’s remorse — denying the things that might have been suspected of the release.

“I admit it but I do not betray the U.S.A.,” the white-haired, glasses-wearing engineer said in broken English. “I do not betray this country. … I do not send anything to anybody or on the internet. I do not make profit on this information. … I cannot damage this country.”

It also might explain the terms of the plea agreement, one part of which remains sealed.

There’s something that remains unexplained, however — at least not credibly. Pho continues to claim that he brought the NSA’s hacking tools home because he needed them to write his Employee Performance Assessments. (h/t Josh Gerstein for obtaining the documents)

I need extra times and information about what I worked on, cut and paste, to create a good EPA at home and hope that I will have a chance to be promoted this time hence I received a good high-three average salaries before I go to the retirement in next four years (2019) when my clearance will be expired.

I was devoted to EPA promotion, encircle by EPA/promotion and the last high-three salaries that made me blind to violate the security policy of the Agency.

But as the government noted in their sentencing memo, this was not a one-off in advance of writing a yearly EPA. Rather, Pho continued doing this over the course of five years, and did so with materials unrelated to his work.

For a period of at least five years, the defendant removed Top Secret and Sensitive Compartmented Information (“SCI”) from secure space at the National Security Agency (“NSA”) and retained it in his home–an unsecure residence.

[snip]

This assertion [that he did this solely for EPAs] is belied by the facts. The defendant did not take home and retain classified information consistently for five years to work on an annual performance review. This argument especially does not apply to the classified material found in his home that was unrelated to his work or any personnel evaluation. [citations removed]

The government also notes that Pho knew better than to load these materials onto his computer (as a guy who coded malware, that should be all the more true).

The defendant claims that he stored massive troves of classified information at his home without the intention of placing national security at risk. The defendant goes so far as to say, directly, that he “did handle the information with care.” His actions speak to his intentions, and the facts do not support his contentions. For years, the defendant received training on how and where to store classified information and on why such precautions were critical to protecting national security. The defendant well knew that the mere removal of classified information from secure spaces, in itself, could endanger national security, and that retaining classified information in an unsecure location compounded this danger. Indeed, in his plea agreement, the defendant admitted that his extensive training informed him that “unauthorized removal of classified materials and transportation and storage of those materials in unauthorized locations risked disclosure and transmission of those materials, and therefore could endanger the national security of the United States and the safety of its citizens.

This is a point that Admiral Rogers repeated in his (March 5) letter on the sentencing.

Mind you, even a year after Pho was discovered, it was still possible for even a translator to stick thumb drives into Top Secret computers at Fort Meade, as evidenced by Reality Winner’s actions (actions that were not charged). In the same way that Pho knew well that putting hacking tools on a computer attached to the Internet would be colossally stupid, the government itself has known the risks of leaving computers accessible to removable media since before Chelsea Manning’s leaks. They’re not exactly in a position to lecture.

That said, there’s something that still doesn’t add up about this and Pho’s claimed motive for it, which may be why when this story first broke, three different theories for why he brought the files home got leaked to the press. Maybe it was just ego fed by resentment that he (as reported in his letter) wasn’t getting promotions at the same rate as his colleagues, which doesn’t make for a very good excuse to having exposed the NSA’s crown jewels.

 

In media res: the FBI’s WannaCry Attribution

I’ve been working through the complaint charging Park Jin Hyok with a slew of hacking attributed to the Lazarus group associated with North Korea. Reading it closely has led me to be even less convinced about the government’s attribution of the May 2017 WannaCry outbreak to North Korea. It’s going to take me a series of posts (and some chats with actual experts on this topic) to explain why. But for now, I want to point to a really suspect move the complaint makes.

The FBI’s proof that Park and Lazarus and North Korea did WannaCry consists, speaking very broadly, of proof that the first generation of the WannaCry malware shared some key elements with other attacks attributed to Lazarus, and then an argument that the subsequent two generations of WannaCry were done by the same people as the first one. While the argument consists of a range of evidence and this post vastly oversimplifies what the FBI presents, three key moves in it are:

  • The earlier generations of WannaCry are not known to be publicly available
  • Subjects using a known Lazarus IP address were researching how to exploit the Microsoft vulnerability in the weeks before the attack
  • Both WannaCry versions 1 and 2 cashed out Bitcoin in a similar way (which the complaint doesn’t describe)

For now, I’m just interested in that middle point, which the complaint describes this way:

221. On March 14, 2017, Microsoft released a patch for a Server Message Block (SMB) vulnerability that was identified as CVE-2017-0144 on its website, https://technet.microsoft.com/en-us/library/security/ms17-010.aspx. Microsoft attempted to remedy the vulnerability by releasing patches to versions of Microsoft Windows operating systems that Microsoft supported at the time. Patches were not initially released for older versions of Windows that were no longer supported, such as Windows XP and Windows 8.

222. The next month, on April 15, 2017, an exploit that targeted the CVE-2017-0144 vulnerability (herein the “CVE-2017-0144 exploit”) was publicly released by a group calling itself the “Shadow Brokers.”

223. On April 18, 2017 and April 21, 2017, a senior security analyst at private cyber security company RiskSense, Inc. (“RiskSense”) posted research on that exploit on his website: https://zerosum0x0.blogspot.com.

224. On May 9, 2017, RiskSense released code on the website github.com with the stated purpose of allowing legal “white hat” penetration testers to test the CVE-2017-0144 exploit on unpatched systems. Essentially, RiskSense posted source code that its employees had reverse-engineered for the CVE-2017-0144 exploit, which cyber security researchers could then use to test vulnerabilities in client computer systems. I know based on my training and experience that penetration testers regularly seek to exploit vulnerabilities with their customers’ consent as a proof-of-concept to demonstrate how hackers could illegally access their customers’ systems.

225. On May 12, 2017, a ransomware attack called “WannaCry” (later identified as “WannaCry Version 2,” as discussed below) began affecting computers around the globe.

[snip]

242. Records that I have obtained show that the subjects of this investigation were monitoring the release of the CVE-2017-0144 exploit and the efforts by cyber researchers to develop the source code that was later packaged into WannaCry Version 2:

a. On numerous days between March 23 and May 12, 2017, a subject using North Korean IP Address #6 visited technet.microsoft.com, the general domain where Microsoft hosted specific webpages that provide information about Microsoft products, including information on Windows vulnerabilities (including CVE-2017-0144), although the exact URL or whether the information on this particular CVE was being accessed is not known.

b. On April 23, April 26, May 10, May 11, and May 12, 2017, a subject using North Korean IP Address #6 visited the blog website zerosum0x0.blogspot.com, where, on April 18, 2017 and 21, 2017, a RiskSense researcher had posted information about research into the CVE-2017-0144 exploit and progress on reverse-engineering the exploit; RiskSense subsequently released the exploit code on GitHub.com.

According to the in media res story told by the FBI, the following is the chronology:

March 14: Microsoft drops a vulnerability seemingly out of the blue without publicly calling attention to it

Starting on March 23: Someone using known Lazarus IP address #6 tracks Microsoft’s vulnerabilities reports (note, the FBI doesn’t mention whether this was typical behavior or unique for this period)

April 15: Shadow Brokers releases the Eternal Blue exploit

April 18 and 23: RiskSense releases a reverse engineered version of Eternal Blue

Starting on April 23 and leading up to May 12: Someone using that same known Lazarus IP #6 makes a series of visits to the RiskSense site that released an exploit reverse engineered off the Shadow Brokers release

May 12: A version of WannaCry spreads across the world using the RiskSense exploit

Of course, that’s not how things really happened. FBI neglects to mention that on January 8, Shadow Brokers offered to auction off files that NSA knew included the SMB exploit that Microsoft issued a patch for on March 14.

Along with that important gap in the narrative, the FBI Agent who wrote the affidavit behind this complaint, Nathan Shields, is awfully coy in describing Shadow Brokers simply as “a group calling itself the ‘Shadow Brokers.'” While the complaint remained sealed for three months, by June 8, 2018, when the affidavit was written, the FBI assuredly knew far more about Shadow Brokers than that it was a group with a spooky name.

As public proof, DOJ signed a plea agreement with Nghia Pho on November 29 of last year. Pho was reportedly the guy from whose home computer some of these same files were stolen. While the publicly released plea has no cooperation agreement, the plea included a sealed supplement, which given the repeated delays in sentencing, likely did include a cooperation agreement.

Pho is due to be sentenced next Tuesday. The sentencing memos in the case remain sealed, but it’s clear from the docket entry for Pho’s that he’s making a bid to be treated in the same way that David Petraeus and John Deutsch were — that is, to get a misdemeanor treatment and probation for bringing code word documents home to store in an unlocked desk drawer — which would be truly remarkable treatment for a guy who allegedly made NSA’s hacking tools available for theft.

And while it’s possible that FBI Agent Shields doesn’t know anything more about what the government knows about Shadow Brokers than that it has a spooky name, some of the folks who quoted in the dog-and-pony reveal of this complaint on September 6, not least Assistant Attorney General John Demers, do know whatever else the government knows about Shadow Brokers.

Including that the announcement of the sale of Eternal Blue on January 8 makes the searches on Microsoft’s site before the exploit was actually released on April 15 one of the most interesting details in this chronology. There are lots of possible explanations for the fact that someone was (as the FBI’s timeline suggests) searching Microsoft’s website for a vulnerability before the import of it became publicly known.

But when you add the January 8 Shadow Brokers post to the timeline, it makes culprits other than North Korea far more likely than the FBI affidavit makes out.

10 Years of emptywheel: Jim’s Dimestore

As you saw in Marcy’s posts yesterday, emptywheel is celebrating the ten year anniversary of the move from The Next Hurrah to Firedoglake.   You will notice that the current version of the blog comes to you without ads. If you want this wonderful state of affairs to continue, contributions are a must. A new subscription option helps to make sure the hamsters keep turning the wheels on the magic blog-hosting machines and the ever more sophisticated mole-whacking machinery stays up to date.

Marcy’s outstanding work over the years has received great acclaim. A huge part of the success of the blog, though, has been its ongoing tradition of the best commenting community on the internet. Over the years, the conversations that have taken place on each seminal post have helped to decipher the meaning of cryptic government documents, bring in alternate views and point out new information as it breaks. In the end,  emptywheel isn’t just a blog, it’s a community. For all of your support and participation during these trying times, we thank you.

In keeping with the “10” theme, Marcy has a post highlighting her favorite surveillance posts over each of the last ten years. She has graciously allowed a few of us hangers-on to participate with posts of our own.  I haven’t been an official emptywheeler for all of those ten years.  I did spend a year as an evening editor at Firedoglake around the time of the migration from TNH, so I got to start my friendship with this group of writers and commenters around that time.  I’m going to list my favorite ten posts from the time I started posting here, shortly after the blog moved from Firedoglake to the independent site. Several of these posts link back to earlier work at MyFDL. Sadly, the archives of that work were imperfectly migrated to the Shadowproof successor to Firedoglake, and so searching for those is imperfect and many of the graphics are lost.

So here is Jim’s Dimestore listing my 10 favorite posts on Emptywheel.net, in chronological order:

DETAILS OF SILICON-TIN CHEMISTRY OF ANTHRAX ATTACK SPORES PUBLISHED; WILLMAN TUT-TUTS

Sandia National Laboratories image of attack spore. In the upper frame, silicon, in green, is found exclusively on the spore coat and not on the exosporium (outer pink border).

Perhaps my favorite topic over the years has been a technical analysis of the evidence presented by the FBI in its Amerithrax investigation. It is absolutely clear from this analysis of the anthrax attacks of 2001 that the FBI failed to demonstrate how Bruce Ivins could have carried out the attacks on his own. This post goes deep into the technical weeds of how the spores in the attack material were treated so that they would disperse easily and seem to float on air. The bottom line is that high amounts of silicon are found inside these spores. The silicon could not have gotten there naturally, and it took very sophisticated chemistry to get it there and treat it to make sure it stayed. Ivins had neither the expertise nor the equipment to achieve this highly advanced bioweaponization. Earlier work I did in this series showed that Ivins also could not have grown the anthrax used in the attacks.  My favorite candidate for where it was produced is an isolated lab built by the Defense Threat Reduction Agency on what is now called the Nevada National Security Site (formerly the Nevada Test Site) that Judy Miller described on September 4, 2001.  That article by Miller has always stood out to me as the ultimate limited hangout presented by DoD before the fact, where we see a facility of the perfect size for producing the amount of material used in the anthrax attacks. Those attacks occurred just a short time after the article was published. Miller’s assurance in the article that the site only was used for production of harmless bacteria sharing some characteristics with anthrax just never smelled right to me.

INTELLIGENCE AIDE FLYNN RE MCCHRYSTAL: “EVERYONE HAS A DARK SIDE”

When Michael Hastings’ article in Rolling Stone led to Stanley McChrystal’s firing, little did we know that this would be the beginning of the fall from grace for David Petraeus and his all-star band of torture enablers. These “operators”, as Hastings termed the team, relied on night raids and illegal detentions as the core of their counterterrorism initiatives in Iraq and Afghanistan. These foolishly evil practices fueled massive growth in the insurgencies in response. In this post, Flynn reveals to us that he felt McChrystal, and everyone else, has a “dark side”. As we now await fallout from Flynn’s guilty plea for his lies to the FBI about conversations with Russian Ambassador Kislyak (mainly, his testimony against the rest of Trump’s team), it appears that Flynn himself found the dark side to be quite compelling.

DESPITE METAPHYSICAL IMPOSSIBILITY, US GOVERNMENT REPEATEDLY ATTEMPTS RETROACTIVE CLASSIFICATION

Another favorite topic of mine over the years has been the utter futility of the military’s efforts to “train” troops in both Iraq and Afghanistan. It has been an endless sequence of the military getting countless “do-overs”, with Congress rolling over and believing every single utterance of “This time it will work for sure!”. Part of the military’s strategy in hiding their training failures was to keep changing how Afghan troops were counted and evaluated for combat readiness. A corollary to the futility of the training effort is the horrific death toll of “green on blue” attacks, where the Afghan or Iraqi trainees attacked and often killed those who were training them. When this problem got especially bad in Afghanistan in 2011, DoD commissioned a sociological analysis that returned a result the military did not like. The report indicated that the military was utterly failing to address vast cultural differences between Afghan and coalition troops.  The military, in its infinite wisdom, decided to classify the report, but did so after it already had been released in unclassified form.  Oops.

PERSIANS PUNK PHOTO PRETENDERS: PARCHIN PRETTY IN PINK

Detail from the photo carried in CNN’s story showing the pink tarp over the building said to contain the blast chamber.

Neocons have long lusted after violent regime change in Iran. Cooked up allegations on Iran’s nuclear capabilities have played a central role over the years in how they wished to achieve that war. Despite the neocons’ best efforts to sabotage negotiations, Iran agreed to a comprehensive set of severe restrictions on its nuclear capabilities in return for “dropping” (quotes because the US has claimed other grounds for maintaining other sanctions) the worst of the US sanctions that crippled Iran’s economy. Along the way, I had a ton of fun picking at two of the worst offenders in spreading anti-Iran propaganda: David Albright of the Institute for Science and International Security and George Jahn of AP. Reports that Iran had constructed a high explosives blast chamber at the Parchin military site became quite a point of argument. Albright spent countless hours scouring satellite images of the site and claimed the photographs showed that Iran was attempting to clean radioactivity from the site. Iran seemed to have a lot of fun with this process. I’m sure the pink tarps in the post here were added just to punk Albright. I maintained that the real evidence of what had taken place at the site couldn’t be scrubbed, because the accused activity would have resulted in the steel chamber itself being made radioactive throughout its entire thickness. Perhaps Iran made the same assessment, because once the IAEA gained access to the site, there was no steel chamber to be found. Was there ever a blast chamber there? Who knows? In the end, whether Iran carried out that work is immaterial, as the Joint Comprehensive Plan of Action has the most aggressive inspection regime ever agreed to by a country that hasn’t just lost a war.  We can rest assured that Iran has no capability at the current time of assembling a nuclear weapon, and the neocons are left to pout about diplomacy working better than their war ever could have. If you want to know why Donald Trump put Rex Tillerson in charge of dismantling the Department of State, look no further than the success diplomacy played in achieving the JCPOA.

JOHN GALT KILLS TEXANS IN MASSIVE FERTILIZER PLANT EXPLOSION

When a massive explosion in West, Texas killed 15 people, injured over 250 and destroyed 500 homes, it was clear to me who had killed these Texans: Ayn Rand’s mythical libertarian hero John Galt. How else do  you explain a site being allowed to store hundreds of thousands of pounds of ammonium nitrate with inadequate fire protection and fatally close to inhabited structures than the misguided libertarian belief that free enterprise should rule?  In the post, I pointed to the dangers inherent in the lack of zoning laws that allowed this fatal mixture of structures. As we later learned from the Washington Post,  John Galt’s influence on the destruction was decades in the making:

The plant was a mom-and-pop operation, a distribution center where farmers picked up custom mixes of fertilizer to boost crop yields. It was built in 1962 a half-mile outside West. As the harvests grew, so did the town. In 1967, the rest home opened 629 feet from the plant. In the early ’70s, a two-story apartment complex was built even closer. Then a playground and basketball court, a mere 249 feet away.

We learned last year that ATF has determined that the fire that preceded the blast was intentional.  So while we don’t know who started the fire itself, we know for a fact that, ultimately, it was John Galt who killed these 15 Texans.

US DRONE STRIKE IN PAKISTAN REEKS OF POLITICAL RETALIATION YET AGAIN

The current concern that Donald Trump will lash out in fury with a nuclear strike, somewhere, anywhere, just to vent his anger over Mueller’s noose tightening over his entire administration is not the first time that it was appropriate to be concerned about an  enraged high-ranking government official killing innocent people. In the case of John Brennan, poorly targeted rage attacks carried out as retaliation for a perceived wrong happened repeatedly. In the post linked here, a drone strike in Pakistan’s tribal area seemed timed as retaliation for Pakistan refusing to reopen supply routes that had been closed six months earlier when the US killed 24 Pakistani troops in an erroneous attack. The post goes on to detail other rage drone strikes that Brennan ordered, with the worst probably being the killing of over 40 people who were simply gathered to discuss mineral rights. That strike was carried out the day after the CIA’s Raymond Davis was finally released and was clearly carried out without proper evaluation of targeting criteria, as it seems few if any actual terrorists were killed.

NO, WE AREN’T ALL GOING TO DIE BECAUSE EBOLA PATIENTS ARE COMING TO US FOR TREATMENT

image.ppat.v04.i11.g001

Scary, color-enhanced electron micrograph of Ebola virus particles. Creative Commons license courtesy of Thomas W. Geisbert, Boston University School of Medicine.

The Ebola outbreak in 2014 led to widespread fear in the US, especially when it was announced that medical personnel who had been treating Ebola patients in Africa and became infected would be transported to Atlanta for treatment. There was no appreciation for how the disease actually is spread, what the conditions were where the medical workers became infected in Africa and how such spread would be much less likely in a properly run US hospital. A poorly run hospital in Texas, however, did manage to have personnel treating Ebola acquire infections. Of course, the treatment at CDC in Atlanta was carried out without incident, and the virus did not spread in the US, even after the Texas hospital had its initial failure. In fact, as the virus wound down, those who study and understand the virus were shown to have been completely correct in their analysis when they modeled how large the outbreak would get before receding once proper intervention was carried out. But the fears of Ebola wiping out the US weren’t the only bit of bad science that had to be knocked down during the outbreak. Conspiracy theories started spreading that the Ebola virus in the 2014 outbreak had been genetically engineered in a bioweapons lab and was accidentally released from a lab in Africa. DNA sequence analysis quickly debunked that one.

WASHINGTON POST FAILS TO DISCLOSE HEINONEN’S UANI CONNECTION IN ANTI-IRAN OP/ED

Yes, the Iran nuclear agreement is so important that it is the only topic repeated in my ten favorite posts. In this post, we are in the time just a few months before the agreement is finalized, and the neocon opponents of the deal are reaching a fever pitch. The post outlines a horrible failure of full disclosure by the Washington Post. This occurred after Bezos purchased the paper, but clearly was a failure of beating back the darkness in which democracy dies. In this case, the Post carried an op-ed opposing the Iran deal. Besides allowing an incendiary headline (The Iran Time Bomb) and giving voice to Michael Hayden and neocon nightmare Ray Takeyh, the Post made its biggest failure regarding the middle author, Olli Heinonen. The Post allowed Heinonen to identify himself only by his current Harvard affiliation and his former role in IAEA. What is left out of that description is that Heinonen was also playing a prominent role on the Advisory Board of United Against Nuclear Iran, shadowy group with even more shadowy funding sources. Somehow, in the course of its “advocacy” work against Iran, UANI had come into possession of US state secrets that suddenly allowed it to avoid a civil case for defamation of a businessman they accused of breaking sanctions against Iran. Why, yes, of course the New York Times also allowed Heinonen to deceptively carry out his work on their pages, too. This time it was in a “news” story that came out shortly after the UANI civil court case was dismissed when the judge stated the case could not proceed because of the state secrets involved. Of course, even after more than two and a half years, neither the Washington Post nor New York Times have admitted their omissions in describing Heinonen’s affiliations in the cited articles. It is really remarkable that diplomacy defeated this full court press by the neocons who were working with the full cooperation of the media.

WAVING THE CONSTITUTION AT THOSE WHO IGNORE IT

I waved my pocket copy of the Constitution at Nancy Pelosi on July 19,2008. Khizr Khan waved his at Donald Trump on July 28,2016.

I waved my pocket copy of the Constitution at Nancy Pelosi on July 19,2008. Khizr Khan waved his at Donald Trump on July 28,2016.

I haven’t written much in the last couple of years, but I just couldn’t avoid writing this one only ten days after surgery to replace my aorta. When I saw Khizr Khan’s appearance at the Democratic National Convention, I was really moved when he waved his pocket copy of the Constiution at Donald Trump. I had done the same thing in July of 2008 when Nancy Pelosi appeared at Netroots Nation in Austin. I was waving my Constitution at Pelosi to remind her of her failure to impeach George W. Bush and Dick Cheney for their roles in torture and illegal wars. Khan was calling out Trump for his campaign promises that so clearly violate the Constiution. Sadly, Trump has followed through in enforcing many of those policies Khan warned us about and we are left without much more recourse than continuing to wave our Constitutions at those who violate it on a daily basis.

ON JULY 2016 PANEL, GEORGE PAPADOPOULOS USED SAME COVER ORGANIZATION AS JOSEPH MIFSUD 

My one minor contribution so far to the unfolding saga of Russian influence on the 2016 election was prompted by noticing a photo in my Twitter stream shortly after the George Papadopoulos plea agreement was made public. What initially caught my eye was that my Congressman, Ted Yoho, was in the photo with Papadopoulos while both appeared in a panel discussion in Cleveland in July of 2016. However, once I started digging into the circumstances of the photo, I discovered that when he appeared for the panel, Papadopoulos claimed an affiliation with an entity that was also an affiliation for the shadowy Joseph Mifsud. We still don’t have a satisfactory explanation of how these two came to have a shared cover organization where it seems both Papadopoulos and Mifsud had positions that were grossly inflated with respect to their previous career accomplishments. I still think that if we ever discover who was behind these two getting such inflated positions, we will learn much about who might have been orchestrating later events in which these two played roles.

Government Decides Reality Winner Leaked Just One Document After All

Back in June, I noted that one of the reasons the government convinced a judge to deny Reality Winner bail was that she had leaked documents, plural.

There’s no written record for this yet, but it appears from one of the less-shitty reports on the hearing that the claim is based on three things: First, Winner stuck a thumb drive in a Top Secret computer last year.

Winner inserted a portable hard drive in a top-secret Air Force computer before she left the military last year. She said authorities don’t know what happened to the drive or what was on it.

Second, because Solari portrayed the 25-year old translator’s knowledge as a danger unto itself (more ridiculously, she painted Winner’s knowledge of Tor — which Winner didn’t use to look up sensitive information — as a means by which she might flee).

“We don’t know how much more she knows and how much more she remembers,” Solari said. “But we do know she’s very intelligent. So she’s got a lot of valuable information in her head.”

And finally, because Winner told her mother, in a conversation from jail that was recorded, that she was sorry about the documents, plural.

Solari said Winner also confessed to her mother during a recorded jailhouse phone call, saying: “Mom, those documents. I screwed up.”

Solari apparently emphasized the latter point as a way to suggest Winter might still have documents to leak.

Solari stressed that Winner referred to “documents” in the plural, and that federal agents were looking to see whether she may have stolen other classified information.

The idea is that because Winner used the plural and she only leaked one document, there must be more she’s planning on leaking.

Except that doesn’t appear right.

It appears Winner actually already leaked two documents. [my emphasis]

I showed that Winner actually leaked two documents to the Intercept.

Curiously, it appears the prosecutor in this case, Jennifer Solari, has changed her mind. Attached to a motion to reconsider bail, Winner’s lawyers have noted that weeks after claiming Winner had to be jailed because she told her mom she had stolen multiple documents, Solari listened to the transcript and decided Winner only referred to a document, singular.

The following is new evidence that was not available at the time of the initial detention hearing (and could not have reasonably been available given the mere three days between the initial appearance and detention hearing), all of which have a material bearing on the issue of release. • While repeatedly alleging that Ms. Winner disclosed numerous “documents” at the initial detention hearing—a fact that the Court specifically noted in its findings to support detention the Government has, via email to this Court, retracted those assertions. The Government now alleges there was only one document, rather than numerous documents, at issue. [See Exhibit A (email correspondence from Assistant United States Attorney Jennifer Solari to defense counsel and the Court dated June 29, 2017); Doc. 29 p. 105; see also Doc. 72].

In her email informing the defense of this, Solari explained,

Before the hearing, I had only heard a portion of the call in which the defendant asked her mother to “play that angle” regarding the alleged circumstances of her FBI interview. I proffered information about the other jail calls based upon verbal summaries I was provided by the FBI just before the hearing. Now that I’ve heard the recordings myself, I’d like to clarify some of the information for the court and counsel.

Solari goes on to suggest that another correction — regarding why Winner had her mom transfer money — came from an inference the FBI agent made.

I’m glad Solari corrected these issues — prosecutors often double down in such instances. I’d certainly scrutinize the other claims made by the FBI agents in the case after this.

Apparently, the government also left other details out of its story when painting Winter as an opsec genius to deny her bail. For example, in addition to pointing out how many people use Tor, her lawyers revealed that she had used it to access Wikileaks once.

The Government failed to explain, however, that Ms. Winner told the Government during her interrogation on June 3, 2017, that she used Tor once for looking at WikiLeaks.

It also notes that the superseding indictment still just charges Winner for the one document.

Finally, it compares her treatment with all of the other alleged leakers who got bail (including David Petraeus).

It’s unclear whether this will win her release. But it certainly suggests the government overstated her threat in her bail hearing.

US Indicts Hal Martin — But Offers No Hint He’s the Source for Shadow Brokers, Or Anyone Else

After David Petraeus shared notebooks full of code word intelligence with his girlfriend (and boxes of other classified information), then lied about it to the FBI, the government let Petraeus off with two years of probation.

DOJ just indicted Hal Martin — the Booz Allen contractor who allegedly stole terabytes of NSA information — with 20 charges each carrying up to 10 years of punishment. The indictment includes no hint that Martin did anything but hoard the files he stole. There’s no allegation he shared them with anyone (though, like Petraeus, he definitely kept very sensitive documents in highly insecure fashion).

Significantly, there’s no mention of the Shadow Brokers or even a description of the hacking tools Martin allegedly stole (though that’s likely because DOJ would draw up the indictment to avoid confirming that NSA even has hacking tools, much less the ones released to the public).

The only description of a document specifically targeting an adversary akin to the one described to the WaPo seems to target a terrorist organization, not Russia (meaning that they’re not presenting evidence Martin preferentially collected information on Russia, though again, if he were, they might hide that).

And the indictment alleges that Martin continued to steal documents up until 12 days before he was arrested, and significantly, three days after the first Shadow Brokers post on August 13.

It would be the height of folly for someone who knew he was the source for the Shadow Brokers to keep stealing documents after Shadow Brokers had gone public (though at that point, it wasn’t clear precisely what Shadow Brokers was going to release).

Certainly, the way in which DOJ has charged this — larding on 20 different charges — suggests they’re trying to coerce him into cooperating. The case against Chelsea Manning, which was partly an attempt to coerce Manning to testify against Julian Assange and Wikileaks, was very nearly parallel in the charging of many documents. In Manning’s case, there was no way for her to cooperate to implicate Assange except to lie; there’s nothing Assange did to elicit the files. That may be the case for Martin, too.

The big difference here is there’s absolutely no hint that Martin shared any of this. Given the Petraeus and Hillary precedents, the government will have a difficult time coercing Martin further, given that Petraeus didn’t even do prison time for hoarding and then sharing equally classified documents (albeit not as many of them).

Nevertheless, it appears that that DOJ is trying to coerce Martin to get information it offers no proof he even has.

Update: As it happens, DOJ indicted Hal Martin just over 4 hours before Jeff Sessions, who has refused to recuse himself in investigations of the Russian hack of the DNC, was confirmed as Attorney General. Again, there’s no evidence whatsoever that DOJ has any evidence Martin was a source for Shadow Brokers, who are presumed to have a tie to the DNC hack. But if they suspect it, indicting Martin with such extensive charges before Sessions comes in will make it hard for Sessions to reverse what seems to be an effort to coerce Martin to reveal any tie to the hack.

Does Jim Comey Think Thomas Drake Exhibited Disloyalty to the United States?

As you’ve no doubt heard, earlier today Jim Comey had a press conference where he said Hillary and her aides were “extremely careless in their handling of very sensitive, highly classified information” but went on to say no reasonable prosecutor would prosecute any of them for storing over 100 emails with classified information on a server in Hillary’s basement. Comey actually claimed to have reviewed “investigations into mishandling or removal of classified information” and found no “case that would support bringing criminal charges on these facts.”

Our investigation looked at whether there is evidence classified information was improperly stored or transmitted on that personal system, in violation of a federal statute making it a felony to mishandle classified information either intentionally or in a grossly negligent way, or a second statute making it a misdemeanor to knowingly remove classified information from appropriate systems or storage facilities.

[snip]

Although there is evidence of potential violations of the statutes regarding the handling of classified information, our judgment is that no reasonable prosecutor would bring such a case. Prosecutors necessarily weigh a number of factors before bringing charges. There are obvious considerations, like the strength of the evidence, especially regarding intent. Responsible decisions also consider the context of a person’s actions, and how similar situations have been handled in the past.

In looking back at our investigations into mishandling or removal of classified information, we cannot find a case that would support bringing criminal charges on these facts. All the cases prosecuted involved some combination of: clearly intentional and willful mishandling of classified information; or vast quantities of materials exposed in such a way as to support an inference of intentional misconduct; or indications of disloyalty to the United States; or efforts to obstruct justice. We do not see those things here.

To be clear, this is not to suggest that in similar circumstances, a person who engaged in this activity would face no consequences. To the contrary, those individuals are often subject to security or administrative sanctions. But that is not what we are deciding now.

Before we get into his argument, consider a more basic point: It is not Jim Comey’s job to make prosecutorial decisions. Someone else — whichever US Attorney oversaw the prosecutors on this case, Deputy Attorney General Sally Yates, or Loretta Lynch — makes that decision. By overstepping the proper role of the FBI here, Comey surely gave Lynch cover — now she can back his decision without looking like Bill Clinton convinced her to do so on the tarmac. But he has no business making this decision, and even less business making it public in the way he did (the latter of which points former DOJ public affairs director Matthew Miller was bitching about).

But let’s look at his judgment.

Given that Jeffrey Sterling has been in prison for a year based off a slew of metadata (albeit showing only 4:11 seconds of conversation between James Risen and Sterling) and three, thirty year old documents, classified Secret, describing how to dial a phone, documents which were presented to prove Sterling had the “intent” to retain a document FBI never showed him retaining, I’m particularly interested in Comey’s judgment that no reasonable prosecutor would bring charges based on the facts found against Hillary. Similarly, given the history of the Thomas Drake prosecution, in which he was charged with Espionage because he kept a bunch of documents on NSA’s fraud, at the direction of the Inspector General, which the FBI found in his basement.

I can only imagine Comey came to his improper public prosecutorial opinion via one of two mental tricks. Either he — again, not the prosecutor — decided the only crime at issue was mishandling classified information (elsewhere in his statement he describes having no evidence that thousands of work emails were withheld from DOJ with ill intent, which dismisses another possible crime), and from there he decided either that it’d be a lot harder to prosecute Hillary Clinton (or David Petraeus) than it would be someone DOJ spent years maligning like Sterling or Drake. Or maybe he decided that there are no indications that Hillary is disloyal to the US.

Understand, though: with Sterling and Drake, DOJ decided they were disloyal to the US, and then used their alleged mishandling of classified information as proof that they were disloyal to the US (Drake ultimately plead to Exceeding Authorized Use of a Computer).

Ultimately, it involves arbitrary decisions about who is disloyal to the US, and from that a determination that the crime of mishandling classified information occurred.

For what its worth, I think most of these cases should involve losing security clearances rather than criminal prosecution (though Petraeus also lied to FBI). But we know, even there, the system is totally arbitrary; DOJ has already refused to answer whether any of Hillary’s aides will be disciplined for their careless handling of classified information and Petraeus never did lose his clearance. Nor did the multiple witnesses who testified against Sterling who themselves mishandled classified information lose their security clearance.

Which is another way of saying our classification system is largely a way to arbitrarily label people you dislike disloyal.