Posts

Dot Connecting about Failure to Connect the Dots: Trump Tower Edition

I’d like to throw two dots out there. Well, maybe four.

First, this curious language in the House Judiciary Committee 702 bill, mandating that any FBI back door search of 702 data ensure it includes all data in its holdings.

(F) SIMULTANEOUS QUERY OF FBI DATABASES.—Except as otherwise provided by law or applicable minimization procedures, the Director of the Federal Bureau of Investigation shall ensure that all available investigative or intelligence databases of the Federal Bureau of Investigation are simultaneously queried when the Bureau properly uses an information system of the Bureau to determine whether information exists in such a database.

Here’s what it had been.

(E) SIMULTANEOUS ACCESS OF FBI DATABASES.—The Director of the Federal Bureau of Investigation shall ensure that all available investigative or intelligence databases of the Federal Bureau of Investigation are simultaneously accessed when the Bureau properly uses an information system of the Bureau to determine whether information exists in such a database. Regardless of any positive result that may be returned pursuant to such access, the requirements of this subsection shall apply.

In his commentary on the new language, Charlie Savage suggested the first change pertained to rules in the EO 12333 sharing language prohibiting the search for criminal purposes. I’m as interested by the second change: the language that originally said even if you got a positive hit from one source, you still had to make sure you pulled up the same positive hit via all databases. Requiring that FBI pull up all incidences of a piece of intelligence anytime they do a search would have several functions: ensure they found data that would be easier to parallel construct, because it was collected under Title III or didn’t have notice provisions, make sure an Agent understand the context from which the intelligence was collected, and ensure any associated analysis got seen along with the intelligence.

In my opinion this suggests there is at least once incidence when the FBI did a search and missed something.

My original thought was that the use of ad hoc databases removed certain information from the general search pool such that an important dot was missed. Ad hoc databases were formalized in 2013 to permit FBI to store raw 702 data in separate repositories; one reason among other redacted reasons to do so was to more easily manipulate the data, but the repositories might be as small as a single laptop.

The formalization of a requirement that all queries include all databases in the HJC would seem to require that ad hoc databases (at least those with unique data streams) be included in those searches. And that, it seems, would be formalized because some queries missed data.

But it also might be that an FBI Agent did a search and missed critical context that would have been obvious if he had gotten that hit in a different database.

Someone missed a dot.

Someone missed a dot sufficiently important to codify rules to avoid missing dots into law.

That dot could be on any subject pertaining to 702: terrorism, counterproliferation, hacking, or counterintelligence. That said, we certainly don’t have any counterterrorism dots — in the form of a foreign sponsored attack — that appear to be missed.

Now let’s look at another dot. Among the many Russia-related items the SSCI-passed intelligence authorization mandates for next year is an intelligence posture review — separate from the SSCI investigation going on right now — to examine (in part) whether the IC was collecting the right intelligence to identify and respond to the Russian tampering.

(b) Elements.—The review required by subsection (a) shall include, with respect to the posture and efforts described in paragraph (1) of such subsection, the following:

(1) An assessment of whether the resources of the intelligence community were properly aligned to detect and respond to the efforts described in subsection (a)(1).

(2) An assessment of the information sharing that occurred within elements of the intelligence community.

(3) An assessment of the information sharing that occurred between elements of the intelligence community.

Admittedly, this is what the IC does in the wake of every intelligence failure: figure out why they failed. But I’m interested in the focus on whether information was shared within and between intelligence agencies sufficiently.

That’s because the public reports of the Task Force investigating the operation in real time describe it as very compartmented — the kind of compartment that might require the use of an ad hoc database.

Brennan convened a secret task force at CIA headquarters composed of several dozen analysts and officers from the CIA, the NSA and the FBI.

The unit functioned as a sealed compartment, its work hidden from the rest of the intelligence community. Those brought in signed new non-disclosure agreements to be granted access to intelligence from all three participating agencies.

They worked exclusively for two groups of “customers,” officials said. The first was Obama and fewer than 14 senior officials in government. The second was a team of operations specialists at the CIA, NSA and FBI who took direction from the task force on where to aim their subsequent efforts to collect more intelligence on Russia.

Dot three.

None of this is definitive in any way.

But I raise it all because there is a dot that — dot four is stunning in retrospect — was missed: the June 9, 2016 meeting at Trump Tower. Rayne even noted it at the time it was reported. While I’m less sure than she is that Rinat Akhmetshin — a naturalized American — would be targeted under FISA, it seems likely that Natalia Veselnitskaya would be, or those in the background of those meetings.

A former Trump lawyer working for Aras Agalarov, Scott Balber, went to Moscow to obtain this partial email thread. It’s not a PRISM provider, but Veselnitskaya is a likely target whose emails could be obtained via upstream surveillance. And she was still in Russia — discussing the meeting with another likely target, Agalarov — days before the June 9 meeting.

Veselnitskaya has said she was interested in the Magnitsky Act issue on behalf of a private client. She was working closely in the United States with Akhmetshin, a Russian American lobbyist who has been accused of having ties to Russian intelligence. He has denied ties to the Russian government.

Veselnitskaya told Balber that she met with a series of well-connected Russians in early June 2016 to discuss her upcoming trip to the United States. One person with whom she met was Agalarov, for whom she had previously done legal work.

Veselnitskaya told Balber she did not seek a meeting with the Trump campaign but was “surprised and pleased” when Agalarov explained his business connection to the presidential candidate and offered to make a connection. Veselnitskaya told Agalarov that she had in October 2015 provided information intended to undermine the U.S. law to Yuri Chaika, the Russian prosecutor general, Balber said. Balber said he believes it is possible Veselnitskaya’s statement resulted in a misunderstanding about the prosecutor’s role.

Side note: this entire press blitz based on former Trump lawyer Balber’s months old meeting with Veselnitskaya reeks of an attempt to compare notes in advance of someone’s testimony. CNN reported today that several of the Russians involved in the meeting had been interviewed by SSCI, and Richard Burr all but confirmed Veselnitskaya had been included among those at a press conference earlier this month.

Mind you, it’s not clear either of these likely targets would be in FBI’s databases in real time, in part because they’re less likely 702 targets. But they’d likely be in NSA databases. Which means as things heated up, particularly around meeting attendee Paul Manafort — who, as an individualized FISA target, could automatically be backdoor searched at NSA, against far more extensive NSA collection — this might have come up (though it’s not clear Manafort got mentioned until and except for the Rob Goldstone-Don Jr email thread).

All of which is to say when this meeting came out in July, Robert Mueller reportedly had just learned of it. That’s true, in spite of the fact that one reported FISA target (Manafort) and at least one likely NSA target (Veselnitskaya) attended the meeting.

As we learn more and more about that meeting, it seems more remarkable that it got missed for over a year after it happened (and only disclosed in response to subpoenas, not back door searches).

If we’re going to codify back door searches, even of Americans, can we first learn how it was this meeting never came up in a back door search?