Posts

The Government Argues that Edward Snowden Is a Recruiting Tool

As I noted in my post on the superseding indictment against Julian Assange, the government stretched the timeline of the Conspiracy to Hack count to 2015 by describing how WikiLeaks helped Edward Snowden flee to Russia. DOJ seems to be conceiving of WikiLeaks’ role in helping Snowden as part of a continuing conspiracy designed to recruit more leakers.

Let me make clear from the onset: I am not endorsing this view, I am observing where I believe DOJ not only intends to head with this, but has already headed with it.

Using Snowden as a recruitment tool

After laying out how Chelsea Manning obtained and leaked files that were listed in the WikiLeaks Most Wanted list (the Iraq Rules of Engagement and Gitmo files, explicitly, and large databases more generally; here’s one version of the list as entered into evidence at Manning’s trial), then describing Assange’s links to LulzSec, the superseding Assange indictment lays out WikiLeaks’ overt post-leak ties and claimed ties to Edward Snowden.

83. In June 2013, media outlets reported that Edward J. Snowden had leaked numerous documents taken from the NSA and was located in Hong Kong. Later that month, an arrest warrant was issued in the United States District Court for the Eastern District of Virginia, for the arrest of Snowden, on charges involving the theft of information from the United States government.

84. To encourage leakers and hackers to provide stolen materials to WikiLeaks in the future, ASSANGE and others at WikiLeaks openly displayed their attempts to assist Snowden in evading arrest.

85. In June 2013, a WikiLeaks association [Sarah Harrison, described as WLA-4 in the indictment] traveled with Snowden from Hong Kong to Moscow.

86. On December 31, 2013, at the annual conference of the Chaos Computer Club (“CCC”) in Germany, ASSANGE, [Jacob Appelbaum] and [Harrison] gave a presentation titled “Sysadmins of the World, Unite! A Call to Resistance.” On its website, the CCC promoted the presentation by writing, “[t]here has never been a higher demand for a politically-engaged hackerdom” and that ASSANGE and [Appelbaum] would “discuss what needs to be done if we re going to win.” ASSANGE told the audience that “the famous leaks that WikiLeaks has done or the recent Edward Snowden revelations” showed that “it was possible now for even a single system administrator to … not merely wreck[] or disabl[e] [organizations] … but rather shift[] information from an information apartheid system … into the knowledge commons.” ASSANGE exhorted the audience to join the CIA in order to steal and provide information to WikiLeaks, stating, “I’m not saying doing join the CIA; no, go and join the CIA. Go in there, go into the ballpark and get the ball and bring it out.”

87. At the same presentation, in responding to the audience’s question as to what they could do, [Appelbaum] said “Edward Snowden did not save himself. … Specifically for source protection [Harrison] took actions to protect [Snowden] … [i]f we can succeed in saving Edward Snowden’s life and to keep him free, then the next Edward Snowden will have that to look forward to. And if look also to what has happened to Chelsea Manning, we see additionally that Snowden has clearly learned….”

The following section describes how, “ASSANGE and WikiLeaks Continue to Recruit,” including two more paragraphs about the Most Wanted Leaks:

89. On May 15, 2015, WikiLeaks tweeted a request for nominations for the 2015 “Most Wanted Leaks” list, and as an example, linked to one of the posts of a “Most Wanted Leaks” list from 2009 that remained on WikiLeaks’s website.

[snip]

92. In June 2015, to continue to encourage individuals to hack into computers and/or illegaly obtain and disclose classified information to WikiLeaks, WikiLeaks maintained on its website a list of “The Most Wanted Leaks of 2009,” which stated that documents or materials nominated to the list must “[b]e likely to have political, diplomatic, ethical or historical impact on release … and be plausibly obtainable to a well-motivated insider or outsider,” and must be “described in enough detail so that … a visiting outsider not already familiar with the material or its subject matter may be able to quickly locate it, and will be motivated to do so.”

Effectively, Snowden is included in this indictment not because the government is alleging any ties between Snowden and WikiLeaks in advance of his leaks (Snowden’s own book lays out reasons to think there was more contact between him and Appelbaum than is publicly known, but the superseding Assange indictment makes no mention of any contacts before Snowden’s first publications), but because WikiLeaks used their success at helping Snowden to flee as a recruiting pitch.

Snowden admits Harrison got involved to optimize his fate

This is something that Snowden lays out in his book. First, he addresses insinuations that Assange only helped Snowden out of selfish reasons.

People have long ascribed selfish motives to Assange’s desire to give me aid, but I believe he was genuinely invested in one thing above all—helping me evade capture. That doing so involved tweaking the US government was just a bonus for him, an ancillary benefit, not the goal. It’s true that Assange can be self-interested and vain, moody, and even bullying—after a sharp disagreement just a month after our first, text-based conversation, I never communicated with him again—but he also sincerely conceives of himself as a fighter in a historic battle for the public’s right to know, a battle he will do anything to win. It’s for this reason that I regard it as too reductive to interpret his assistance as merely an instance of scheming or self-promotion. More important to him, I believe, was the opportunity to establish a counterexample to the case of the organization’s most famous source, US Army Private Chelsea Manning, whose thirty-five-year prison sentence was historically unprecedented and a monstrous deterrent to whistleblowers everywhere. Though I never was, and never would be, a source for Assange, my situation gave him a chance to right a wrong. There was nothing he could have done to save Manning, but he seemed, through Sarah, determined to do everything he could to save me.

This passage is written to suggest Snowden believed these things at the time, describing what “seemed” to be true at the time. But it’s impossible to separate it from Appelbaum’s explicit comparison of Manning and Snowden at CCC in December 2013.

Snowden then describes what he thinks Harrison’s motive was.

By her own account, she was motivated to support me out of loyalty to her conscience more than to the ideological demands of her employer. Certainly her politics seemed shaped less by Assange’s feral opposition to central power than by her own conviction that too much of what passed for contemporary journalism served government interests rather than challenged them.

Again, this is written to suggest Snowden believed it at the time, though it’s likely what he has come to believe since.

Then Snowden describes believing, at that time, that Harrison might ask for something in exchange for her help — some endorsement of WikiLeaks or something.

As we hurtled to the airport, as we checked in, as we cleared passport control for the first of what should have been three flights, I kept waiting for her to ask me for something—anything, even just for me to make a statement on Assange’s, or the organization’s, behalf. But she never did, although she did cheerfully share her opinion that I was a fool for trusting media conglomerates to fairly guard the gate between the public and the truth. For that instance of straight talk, and for many others, I’ll always admire Sarah’s honesty.

Finally, though, Snowden describes — once the plane entered into Chinese airspace and so narratively at a time when there was no escaping whatever fate WikiLeaks had helped him pursue — asking Harrison why she was helping. He describes that she provided a version of the story that WikiLeaks would offer that December in Germany: WikiLeaks needed to be able to provide a better outcome than the one that Manning suffered.

It was only once we’d entered Chinese airspace that I realized I wouldn’t be able to get any rest until I asked Sarah this question explicitly: “Why are you helping me?” She flattened out her voice, as if trying to tamp down her passions, and told me that she wanted me to have a better outcome. She never said better than what outcome or whose, and I could only take that answer as a sign of her discretion and respect.

Whatever has been filtered through time and (novelist-assisted) narrative, Snowden effectively says the same thing the superseding indictment does: Assange and Harrison went to great lengths to help Snowden get out of Hong Kong to make it easier to encourage others to leak or hack documents to share with WikiLeaks. I wouldn’t be surprised if these excerpts from Snowden’s book show up in any Assange trial, if it ever happens.

Snowden’s own attempt to optimize outcomes

Curiously, Snowden did not say anything in his book about his own efforts to optimize his outcome, which is probably the most interesting new information in Bart Gellman’s new book, Dark Mirror (the book is a useful summary of some of the most important Snowden disclosures and a chilling description of how aggressively he and Askhan Soltani were targeted by foreign governments as they were reporting the stories). WaPo included the incident in an excerpt, though the excerpt below is from the book.

Early on in the process, Snowden had asked Gellman to publish the first PRISM document with a key, without specifying what key it was. When WaPo’s editors asked why Gellman’s source wanted them to publish a key, Gellman finally asked.

After meeting with the Post editors, I remembered that I could do an elementary check of the signature on my own. The result was disappointing. I was slow to grasp what it implied.

gpg –verify PRISM.pptx.sig PRISM.pptx

gpg: Signature made Mon May 20 14:31:57 2013 EDT

using RSA key ID ⬛⬛⬛⬛⬛⬛⬛⬛

gpg: Good signature from “Verax”

Now I knew that Snowden, using his Verax alter ego, had signed the PowerPoint file himself. If I published the signature, all it would prove to a tech-savvy few was that a pseudonymous source had vouched for his own leak. What good would that do anyone?

In the Saturday night email, Snowden spelled it out. He had chosen to risk his freedom, he wrote, but he was not resigned to life in prison or worse. He preferred to set an example for “an entire class of potential whistleblowers” who might follow his lead. Ordinary citizens would not take impossible risks. They had to have some hope for a happy ending.

To effect this, I intend to apply for asylum (preferably somewhere with strong Internet and press freedoms, e.g. Iceland, though the strength of the reaction will determine how choosy I can be). Given how tightly the U.S. surveils diplomatic outposts (I should know, I used to work in our U.N. spying shop), I cannot risk this until you have already gone to press, as it would immediately tip our hand. It would also be futile without proof of my claims—they’d have me committed—and I have no desire to provide raw source material to a foreign government. Post publication, the source document and cryptographic signature will allow me to immediately substantiate both the truth of my claim and the danger I am in without having to give anything up. . . . Give me the bottom line: when do you expect to go to print?

Alarm gave way to vertigo. I forced myself to reread the passage slowly. Snowden planned to seek the protection of a foreign government. He would canvass diplomatic posts on an island under Chinese sovereign control. He might not have very good choices. The signature’s purpose, its only purpose, was to help him through the gates.

How could I have missed this? Poitras and I did not need the signature to know who sent us the PRISM file. Snowden wanted to prove his role in the story to someone else. That thought had never occurred to me. Confidential sources, in my experience, did not implicate themselves—irrevocably, mathematically—in a classified leak. As soon as Snowden laid it out, the strategic logic was obvious. If we did as he asked, Snowden could demonstrate that our copy of the NSA document came from him. His plea for asylum would assert a “well-founded fear of being persecuted” for an act of political dissent. The U.S. government would maintain that Snowden’s actions were criminal, not political. Under international law each nation could make that judgment for itself. The fulcrum of Snowden’s entire plan was the signature file, a few hundred characters of cryptographic text, about the length of this paragraph. And I was the one he expected to place it online for his use.

Gellman, Poitras, and the Post recognized this would make them complicit in Snowden’s flight and go beyond any journalistic role.

After some advice from WaPo’s lawyers, Gellman made it clear to Snowden he could not publish the key (and would not have, in any case, because the slide deck included information on legitimate targets he and the WaPo had no intent of publishing).

We hated the replies we sent to Snowden on May 26. We had lawyered up and it showed. “You were clear with me and I want to be equally clear with you,” I wrote. “There are a number of unwarranted assumptions in your email. My intentions and objectives are purely journalistic, and I will not tie them or time them to any other goal.” I was working hard and intended to publish, but “I cannot give you the bottom line you want.”

This led Snowden to withdraw his offer of exclusivity which — as Gellman tells the story — is what led Snowden to renew his efforts to work with Glenn Greenwald. The aftermath of that decision led to a very interesting spat between Gellman and Greenwald — to read that, you should buy the book.

To be clear, I don’t blame Snowden for planning his first releases in such a way as to optimize the chances he wouldn’t spend the rest of his life in prison. But his silence on the topic in his own account, even while he adopted the WikiLeaks line about their goal of optimizing his outcome, raises questions about any link between Harrison’s plans and Snowden’s.

The government is using Snowden as inspiration in other cases

The superseding Assange indictment is the first place I know of where the government has specifically argued that WikiLeaks’ assistance to Snowden amounted to part of a criminal conspiracy (though it is totally unsurprising and I argued that it was clear the government was going there based on what they had argued in the Joshua Schulte case).

But it’s not the first place they have argued a tie between Snowden as inspiration and further leaks.

The indictment for Daniel Everette Hale, the guy accused of sharing documents on the drone program with Jeremy Scahill, makes it clear how Hale’s relationship with Scahill blossomed just as the Snowden leaks were coming out (and this detail makes it clear he’s the one referred to in Citizenfour as another source coming forward).

15. On or about June 9, 2013, the Reporter sent HALE an email with a link to an article about Edward Snowden in an online publication. That same day. Hale texted a friend that the previous night he had been hanging out with journalists who were focused on his story. Hale wrote that the evening’s events might provide him with “life long connections with people who publish work like this.”

Hale launched a fairly aggressive (and if it weren’t in EDVA, potentially an interesting) challenge to the Espionage Act charges against him. It included (but was not limited to) a Constitutional motion to dismiss as well as a motion to dismiss for selective prosecution. After his first motions, however, both the government’s response and Hale’s reply on selective prosecution were (and remain, nine months later) sealed.

But Hale’s reply on the Constitutional motion to dismiss was not sealed. In it, he makes reference to what remains sealed in the selective prosecution filings. That reference makes it clear that the government described searching for leakers who had been inspired “by a specific individual” who — given the mention of Snowden in Hale’s indictment — has to be Snowden.

Moreover, as argued in more detail in Defendant’s Reply in support of his Motion to Dismiss for Selective or Vindictive Prosecution (filed provisionally as classified), it appears that arbitrary enforcement – one of the risks of a vague criminal prohibition – is exactly what occurred here. Specifically, the FBI repeatedly characterized its investigation in this case as an attempt to identify leakers who had been “inspired” by a specific individual – one whose activity was designed to criticize the government by shedding light on perceived illegalities on the part of the Intelligence Community. In approximately the same timeframe, other leakers reportedly divulged classified information to make the government look good – by, for example, unlawfully divulging classified information about the search for Osama Bin Laden to the makers of the film Zero Dark Thirty, resulting in two separate Inspector General investigations.3 Yet the investigation in this case was not described as a search for leakers generally, or as a search for leakers who tried to glorify the work of the Intelligence Community. Rather, it was described as a search for those who disclosed classified information because they had been “inspired” to divulge improprieties in the intelligence community.

Hale argued, then, that the only reason he got prosecuted after some delay was because the FBI had a theory about Snowden’s role in inspiring further leaks.

Judge Liam O’Grady denied both those motions (and most of Hale’s other motions), though without further reference to Snowden as an inspiration. But I’m fairly sure this is not the only case where they’re making this argument.

The Superseding Assange Indictment Tidies Up CFAA Charges

Yesterday, the government released a second superseding indictment against Julian Assange. The EDVA press release explains that no new counts were added, but the language describing the computer hacking conspiracy was expanded.

The new indictment does not add additional counts to the prior 18-count superseding indictment returned against Assange in May 2019. It does, however, broaden the scope of the conspiracy surrounding alleged computer intrusions with which Assange was previously charged. According to the charging document, Assange and others at WikiLeaks recruited and agreed with hackers to commit computer intrusions to benefit WikiLeaks.

It is true the description of the hacking charge has been dramatically expanded, incorporating a bunch of hacks that WikiLeaks was associated with.

But there are a few details of the charges that changed as well. The CFAA charge has actually been reworked, focused on four different kinds of hacks:

  • Accessing a computer and exceeding access to obtain information classified Secret
  • Accessing a computer and exceeding access to obtain information from protected computers at a department or agency of the United States committed in furtherance of criminal acts
  • Knowingly transmitting code that can cause damage,
    • Greater than $5000
    • Used by an entity of the US in furtherance of the administration of justice, national defense, and national security
    • Affecting more than 10 or more protected computers in a given year
  • Intentionally accessing protecting computers without authorization to recklessly cause damage,
    • Greater than $5000
    • Used by an entity of the US in furtherance of the administration of justice, national defense, and national security
    • Affecting more than 10 or more protected computers in a given year

This is a grab bag of hacking charges, and it could easily cover (and I expect one day it will cover) actions not described in this indictment. While adding this grab bag of charges, the indictment takes out a specific reference to the Espionage Act, probably to ensure at least one charge against Assange can in no way be claimed to be a political crime. It also takes out 18 U.S.C. § 641, possibly because the thinking of its applicability to leaking classified information has gotten more controversial.

The indictment also changes the dates on several of the counts. The timeline on the three counts addressing leaking of informants’ identities (something that is criminalized in the UK in ways it is not here, but also the counts that most aggressively charge Assange for the publication of information) now extends to April 2019. The timeline on the hacking charges extends (for reasons I’ll explain below), to 2015. And the overall timeline of Assange’s behavior extends back to 2007, a date that post-dates the earliest WikiLeaks activity and so raises interesting questions about what actions it was chosen to include.

As to the 2015 date, the indictment gets there by discussing WikiLeaks’ role in helping Edward Snowden flee China and the ways WikiLeaks used Snowden’s case to encourage other leakers and hackers. It describes:

  • Sarah Harrison’s trip to Hong Kong in June 2013
  • The presentation Harrison, Jake Appelbaum, and Assange gave in December 2013 encouraging potential leakers to, “go and join the CIA. Go in there, go into the ballpark and get the ball and bring it out,” and claiming that, “Edward Snowden did not save himself … Harrison took actions to protect him”
  • A conference on May 6, 2014 when Harrison recruited others to obtain classified or stolen information to share with WikiLeaks
  • A May 15, 2015 Most Wanted Leaks pitch that linked back to the 2009 list that Chelsea Manning partly responded to
  • Comments Assange made on May 25, 2015 claiming to have created distractions to facilitate Snowden’s flight
  • Appelbaum and Harrison’s efforts to recruit more leakers at a June 18, 2015 event
  • The continued advertisement for Most Wanted Leaks until at least June 2015, still linking back to the 2009 file

I’ll explain in a follow-up where this is going. Obviously, though, the government could easily supersede this indictment to add later leakers, most notably but in no way limited to Joshua Schulte, who first started moving towards leaking all of CIA’s hacking tools to WikiLeaks in 2015.

I argued, in December, that the government appeared to be moving towards a continuing conspiracy charge, one that later hackers and leakers (as well as Appelbaum and Harrison) could easily be added to. Doing so as they’ve done here would in no way violate UK’s extradition rules. And fleshing out the CFAA charge makes this airtight from an extradition standpoint; some of the crimes alleged involving Anonymous have already been successfully prosecuted in the UK.

This doesn’t mitigate the harm of the strictly publishing counts. But it does allege Assange’s personal involvement in a number of hacks and leaks that others — both in the US and UK — have already been prosecuted for, making the basic extradition question much less risky for the US.

Update: I think this allegation in the new indictment is important:

In September 2010, ASSANGE directed [Siggi] to hack into the computer of an individual former associated with WikiLeaks and delete chat logs containing statements of ASSANGE. When Teenager asked how that could be done, ASSANGE wrote that the former WikiLeaks associate could “be fooled into downloading a trojan,” referring to malicious software, and then asked Teenager what operating system the former-WikiLeaks associate used.

I’ve heard allegations from the entire period of WikiLeaks’ prominence of Assange asking to spy on one or another partner or former partner, including protected entities. One relatively recent allegation I know of targeted a former WikiLeaks associate in 2016, after a break on election-related issues. I have no idea whether these allegations are credible (and I know of none who would involve law enforcement). But allegations that Assange considered — or did — spy on his allies undercuts his claim to being a journalist as much as anything else he does. It also raises questions about what WikiLeaks did with the unpublished Vault 7 files.

Update: Dell Cameron, who is the expert on the Stratfor hack, lays out some apparently big holes in the parts of the indictment that pertain to that.

How the Wyden/Khanna Espionage Act Fix Works (But Not for Julian Assange)

Last week, Ron Wyden and Ro Khanna released a bill that they say will eliminate much of the risk of prosecution that people without clearance would face under they Espionage Act. They claim the bill would limit the risk that:

  • Whistleblowers won’t be able to share information with appropriate authorities
  • Those appropriate authorities (including Congress) won’t be able to do anything with that information
  • National security journalists will be prosecuted for publishing classified information
  • Security researchers will be prosecuted for identifying and publishing vulnerabilities

I want to look at how the bill would do that. But I want to do so against the background of claims about how the bill would affect the ability to prosecute Julian Assange.

After explaining that under the bill Edward Snowden could still be prosecuted, the summary of the bill states in no uncertain terms that the government could still prosecute Julian Assange under the bill.

Q: How would this bill impact the government’s prosecution of Julian Assange?

A: The government would still be able to prosecute Julian Assange.

It doesn’t say how, but immediately after that question, it explains that the government could still prosecute hackers who steal government secrets.

Q: What about hackers who break into government systems and steal our secrets?

A: The Espionage Act is not necessary to punish hackers who break into U.S. government systems. Congress included a special espionage offense (U.S.C § 1030(a)(1)) in the Computer Fraud and Abuse Act, which specifically criminalizes this.

Khanna, in an interview with The Intercept, seems to confirm that explanation — that Assange could still be prosecuted under CFAA.

Khanna told The Intercept that the new bill wouldn’t stop the prosecution of Assange for his alleged role in hacking a government computer system, but would make it impossible for the government to use the Espionage Act to charge anyone solely for publishing classified information.

Indeed, that is sort of what Charge 18 against Assange is, conspiracy to commit computer intrusion, though, as written, it invokes the Espionage Act and theft of government secrets as part of the conspiracy (the Wyden/Khanna bill would limit the theft of government property bill in useful ways). Never mind that as charged it’s a weak charge for evidentiary reasons (though that may change in Assange’s May extradition hearing); it would still be available, if not provable given existing charged facts, under this bill.

But given the claims the US government makes about Assange, that may not be the only way he could be prosecuted under this bill. That’s because the bill works in two ways: first, by generally limiting its application to “covered persons,” who are people who’ve been authorized to access classified or national defense information by an Original Classification Authority. Then, it defines “foreign agent” using the definition in FISA (though carving out foreign political organizations) and says that anyone who is not a foreign agent “shall not be subject to prosecution” under the Espionage Act unless they commit a felony under the act — by aiding, abetting, or conspiring in the act — or pays for the information and wants to harm the US. The bill further carves out providing advice (for example, on operational security) or an electronic communication or remote computing service (such as a secure drop box) to the public.

So:

  • If you don’t have clearance or are sharing information not obtained illegally or via your clearance and
  • If you aren’t an agent of a foreign power and
  • If you’re not otherwise paying for, conspiring or aiding and abetting in some way beyond offering operational security and drop boxes with the specific intent to harm the US or help another government

Then you shouldn’t be prosecuted under the Espionage Act.

Below, I’ve written up how 18 USC §793 and 18 USC §798 would change under the bill, with changes italicized (18 USC §794 already includes the foreign government language added by this bill so would not change).

In the wake of the 2016 election operation, where Julian Assange helped a Russian operation hiding behind thin denials, Assange might well meet the definition of “foreign agent.” Three of WikiLeaks’ operations — the Stratfor hack (in which Russians were involved in the chat rooms), the 2016 election year operation, and Vault 7 (in which Joshua Schulte, between the initial leak and the alleged attempts to leak from jail, evinced an interest in Russia’s help) — involved some Russian activity.

And it’s not clear how Congress’ resolution — passed in last year’s NDAA — that WikiLeaks is a non-state hostile intelligence service often abetted by state actors would affect Assange’s potential treatment as a foreign agent.

It is the sense of Congress that WikiLeaks and the senior leadership of WikiLeaks resemble a nonstate hostile intelligence service often abetted by state actors and should be treated as such a service by the United States.

But even with all the new protections for those who don’t have clearance, this bill specifically envisions applying it to someone like Assange. That’s because it explicitly incorporates aiding and abetting (18 USC § 2) — which is how Assange is currently charged in Counts 2-14 — as well as accessory after the fact (18 USC § 3), and misprison of a felony (18 USC § 4) into the bill. That’s on top of the conspiracy to commit an offense against the US (18 USC § 371), which is already implicitly incorporated in 18 USC § 793(g), which is Count 1 in the Assange indictment. Arguably, explicitly adding the accessory after the fact and misprison of a felony would make it easier to prosecute Assange for assistance that WikiLeaks and associated entities routinely provide sources after the fact, such as publicity and legal representation, to say nothing of the help that Sarah Harrison gave Edward Snowden to flee to Russia.

And those charges don’t require someone formally fit the definition of agent of a foreign power so long as the person has “the specific intent to harm the national security of the United States or benefit any foreign government to the detriment of the United States.” (I’ve bolded this language below.) That’s a mens rea requirement that might otherwise be hard to meet — but not in the case of Assange, even before you get into any non-public statements the US government might have in hand.

This is a bill from Ron Wyden, remember. Back in 2017, when he first spoke out when SSCI first moved to declare WikiLeaks a non-state hostile intelligence service, he expressed concerns about the lack of clarity in such a designation.

I have reservations about Section 623, which establishes a Sense of Congress that WikiLeaks and the senior leadership of WikiLeaks resemble a non-state hostile intelligence service. The Committee’s bill offers no definition of “non-state hostile intelligence service” to clarify what this term is and is not. Section 623 also directs the United States to treat WikiLeaks as such a service, without offering further clarity.

To be clear, I am no supporter of WikiLeaks, and believe that the organization and its leadership have done considerable harm to this country. This issue needs to be addressed. However, the ambiguity in the bill is dangerous because it fails to draw a bright line between WikiLeaks and legitimate journalistic organizations that play a vital role in our democracy.

I supported efforts to remove this language in Committee and look forward to working with my colleagues as the bill proceeds to address my concerns.

While this bill does much to protect journalists (and in a way that doesn’t create a special class for journalists or InfoSec researchers that would violate the First Amendment), it provides the clarity that would enable charging Assange, even for things he did after the fact to encourage leakers.

Update: Two more points on this. First, as I understand it, the explicit references to 18 USC §§ 2-4 are designed to protect reporters, meaning the protections apply to those as well.

I also meant to note that the way this bill is written — which is clearly meant to allow for prosecution of people working at state-owned media outlets (Russia, China, and Iran all use their outlets as cover for spies) — would then by design not protect reporters at the BBC or Al Jazeera, both of which have done reporting on stories implicating US classified information in the past.


18 USC § 793

(a) Whoever, for the purpose of obtaining information respecting the national defense with intent or reason to believe that the information is to be used to the injury of the United States, or to the advantage of any foreign nation, goes upon, enters, flies over, or otherwise unlawfully obtains nonpublic information concerning any vessel, aircraft, work of defense, navy yard, naval station, submarine base, fueling station, fort, battery, torpedo station, dockyard, canal, railroad, arsenal, camp, factory, mine, telegraph, telephone, wireless, or signal station, building, office, research laboratory or station or other place connected with the national defense owned or constructed, or in progress of construction by the United States or under the control of the United States, or of any of its officers, departments, or agencies, or within the exclusive jurisdiction of the United States, or any place in which any vessel, aircraft, arms, munitions, or other materials or instruments for use in time of war are being made, prepared, repaired, stored, or are the subject of research or development, under any contract or agreement with the United States, or any department or agency thereof, or with any person on behalf of the United States, or otherwise on behalf of the United States, or any prohibited place so designated by the President by proclamation in time of war or in case of national emergency in which anything for the use of the Army, Navy, or Air Force is being prepared or constructed or stored, information as to which prohibited place the President has determined would be prejudicial to the national defense; or

(b) An individual who, while a covered person, for the purpose aforesaid, and with like intent or reason to believe, copies, takes, makes, or obtains, or attempts to copy, take, make, or obtain, any sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, document, writing, or note of anything connected with the national defense; or

(c) A foreign agent who, for the purpose aforesaid, and with like intent or reason to believe, receives or obtains or agrees or attempts to receive or obtain from any person, or from any source whatever, any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note, of anything connected with the national defense, knowing or having reason to believe, at the time the foreign agent receives or obtains, or agrees or attempts to receive or obtain it, that it has been or will be obtained, taken, made, or disposed of by any person contrary to the provisions of this chapter; or

(d) Whoever, lawfully having possession of, access to, control over, or being entrusted with any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note, or information relating to the national defense, which document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, note, or information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits or causes to be communicated, delivered, or transmitted or attempts to communicate, deliver, transmit or cause to be communicated, delivered or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it on demand to the officer or employee of the United States entitled to receive it; or

(e) An individual who—

(1) while a covered person, gains unauthorized possession of, access to, or control over any non public document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note of anything connected with the national defense; and

(2)(A) with reason to believe such information could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit, or cause to be communicated, delivered, or transmitted, the same to any person not entitled to receive it; or

(B) willfully—

(i) retains the same at an unauthorized location; and

(ii) fails to deliver the same to the officer or employee of the United States entitled to receive it; or’

(f) Whoever, being entrusted with or having lawful possession or control of any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance,  (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed, and fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer—

Shall be fined under this title or imprisoned not more than ten years, or both.

(g)(1) A foreign agent who—

(A) aids, abets, counsels, commands, induces, or procures the commission of an offense under this section shall be subject to prosecution under this section by virtue of section 2 of this title;

(B) knowing that an offense under this section has been committed by another person, receives, relieves, comforts, or assists such other person in order to hinder or prevent the apprehension, trial, or punishment of such other person shall be subject to prosecution under section 3 of this title;

(C) having knowledge of the actual commission of an offense under this section, conceals and does not as soon as possible make known the same to some judge or other person in civil or military authority under the United States shall be subject to prosecution under section 4 of this title; or

(D) conspires to commit an offense under this section shall be subject to prosecution under section 371 of this title.

(2) Any person who is not a foreign agent shall not be subject to prosecution under this section by virtue of section 2 of this title or under section 3, 4, or 371 of this 7 title, unless the person—

(A) commits a felony under Federal law in the course of committing an offense under this section (by virtue of section 2 of this title) or under section 3, 4, or 371 of this title;

(B) was a covered person at the time of the 13 offense; or

(C) subject to paragraph (3), directly and materially aids, or procures in exchange for anything of monetary value, the commission of an offense under this section with the specific intent to—

(i) harm the national security of the United States; or

(ii) benefit any foreign government to the detriment of the United States.

(3) Paragraph (2)(C) shall not apply to direct and material aid that consists of—

(A) counseling, education, or other speech activity; or

(B) providing an electronic communication service to the public or a remote computing service (as such terms are defined in section 2510 and 2711, respectively).

(h)

(1)Any person convicted of a violation of this section shall forfeit to the United States, irrespective of any provision of State law, any property constituting, or derived from, any proceeds the person obtained, directly or indirectly, from any foreign government, or any faction or party or military or naval force within a foreign country, whether recognized or unrecognized by the United States, as the result of such violation. For the purposes of this subsection, the term “State” includes a State of the United States, the District of Columbia, and any commonwealth, territory, or possession of the United States.

(2)The court, in imposing sentence on a defendant for a conviction of a violation of this section, shall order that the defendant forfeit to the United States all property described in paragraph (1) of this subsection.

(3)The provisions of subsections (b), (c), and (e) through (p) of section 413 of the Comprehensive Drug Abuse Prevention and Control Act of 1970 (21 U.S.C. 853(b), (c), and (e)–(p)) shall apply to—

(A)property subject to forfeiture under this subsection;

(B)any seizure or disposition of such property; and

(C)any administrative or judicial proceeding in relation to such property, if not inconsistent with this subsection.

(4)Notwithstanding section 524(c) of title 28, there shall be deposited in the Crime Victims Fund in the Treasury all amounts from the forfeiture of property under this subsection remaining after the payment of expenses for forfeiture and sale authorized by law.

(i) In this section—

(1) the term “covered person” means an individual who—

(A) receives official access to classified information granted by the United States Government;

(B) signs a nondisclosure agreement with regard to such classified information; and

(C) is authorized to receive documents, writings, code books, signal books, sketches, photographs, photographic negatives, blueprints, plans, maps, models, instruments, appliances, or notes of anything connected with the national defense by—

(i) by the President; or

(ii) the head of a department or agency of the United States Government which is expressly designated by the President to engage in activities relating to the national defense; and

(2) the term “foreign agent”—

(A) has the meaning given the term “agent of a foreign power” under section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801); and

(B) does not include a person who is an agent of a foreign power (as so defined) with respect to a foreign power described in section 101(a)(5) of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801(a)(5)).

18 USC §798

(a)Any individual who knowingly and willfully communicates, furnishes, transmits, or otherwise makes available to an unauthorized person, or publishes, or uses in any manner prejudicial to the safety or interest of the United States or for the benefit of any foreign government to the detriment of the United States any classified information obtained by the individual while the individual was a covered person and acting within the scope of his or her activities as a covered person

(1) concerning the nature, preparation, or use of any code, cipher, or cryptographic system of the United States or any foreign government; or

(2) concerning the design, construction, use, maintenance, or repair of any device, apparatus, or appliance used or prepared or planned for use by the United States or any foreign government for cryptographic or communication intelligence purposes; or

(3) concerning the communication intelligence activities of the United States or any foreign government; or

(4) obtained by the processes of communication intelligence from the communications of any foreign government, knowing the same to have been obtained by such processes—

Shall be fined under this title or imprisoned not more than ten years, or both.

(b)As used in subsection (a) of this section:

(1) The term ‘classified information’—

(A) means information which, at the time of a violation of this section, is known to the person violating this section to be, for reasons of national security, specifically designated by a United States Government Agency for limited or restricted dissemination or distribution and;

(B) does not include any information that is specifically designated as ‘Unclassified’ under any Executive Order, Act of Congress, or action by a committee of Congress in accordance with the rules of its House of Congress.

(2) The terms ‘code’, ‘cipher’, and ‘cryptographic system’ include in their meanings, in addition to their usual meanings, any method of secret writing and any mechanical or electrical device or method used for the purpose of disguising or concealing the contents, significance, or meanings of communications.

(3) The term “communication intelligence” means all procedures and methods used in the interception of communications and the obtaining of information from such communications by other than the intended recipients.

(4) The term ‘covered person’ means an individual who—

(A) receives official access to classified information granted by the United States Government;

(B) signs a nondisclosure agreement with regard to such classified information; and

(C) is authorized to receive information of the categories set forth in subsection (a) of this section—

(i) by the President; or

(ii) the head of a department or agency of the United States Government which is expressly designated by the President to engage in communication intelligence activities for the United States

(5) The term “foreign government” includes in its meaning any person or persons acting or purporting to act for or on behalf of any faction, party, department, agency, bureau, or military force of or within a foreign country, or for or on behalf of any government or any person or persons purporting to act as a government within a foreign country, whether or not such government is recognized by the United States.

(6) The term “unauthorized person” means any person who, or agency which, is not authorized to receive information of the categories set forth in sub10 section (a) of this section by—

(A) the President;

(B) the head of a department or agency of the United States Government which is expressly designated by the President to engage in communication intelligence activities for the United States; or

(C) an Act of Congress.

(c)Nothing in this section shall prohibit the furnishing of information to—

(1) any Member of the Senate or the House of Representatives;

(2) a Federal court, in accordance with such procedures as the court may establish;

(3) the inspector general of an element of the intelligence community (as defined in section 3 of the National Security Act of 1947 (50 U.S.C. 3003)), including the Inspector General of the Intelligence Community;

(4) the Chairman or a member of the Privacy and Civil Liberties Oversight Board or any employee of the Board designated by the Board, in accordance with such procedures as the Board may establish;

(5) the Chairman or a commissioner of the Federal Trade Commission or any employee of the Commission designated by the Commission, in accordance with such procedures as the Commission may establish;

(6) the Chairman or a commissioner of the Federal Communications Commission or any employee of the Commission designated by the Com2 mission, in accordance with such procedures as the Commission may establish; or

(7) any other person or entity authorized to receive disclosures containing classified information pursuant to any applicable law, regulation, or executive order regarding the protection of whistleblowers.

(d)

(1) In this subsection, the term ‘foreign agent’—

(A) has the meaning given the term “agent of a foreign power” under section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801); and

(B) does not include a person who is an agent of a foreign power (as so defined) with respect to a foreign power described in section 101(a)(5) of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801(a)(5)).

(2) A foreign agent who—

(A) aids, abets, counsels, commands, induces, or procures the commission of an offense under this section shall be subject to prosecution under this section by virtue of section 2 of this title;

(B) knowing that an offense under this section has been committed by another person, receives, relieves, comforts, or assists such other person in order to hinder or prevent the apprehension, trial, or punishment of such other person shall be subject to prosecution under section 3 of this title;

(C) having knowledge of the actual commission of an offense under this section, conceals and does not as soon as possible make known the same to some judge or other person in civil or military authority under the United States shall be subject to  prosecution under section 4 of this title; or

(D) conspires to commit an offense under this section shall be subject to prosecution under section 371 of this title.

(3) Any person who is not a foreign agent shall not be subject to prosecution under this section by virtue of section 2 of this title or under section 3, 4, or 371 of this title, unless the person—

(A) commits a felony under Federal law in the course of committing an offense under this section (by virtue of section 2 of this title) or under section 3, 4, or 371 of this title;

(B) was a covered person at the time of the offense; or

(C) subject to paragraph (4), directly and materially aids, or procures in exchange for anything of monetary value, the commission of an offense under this section with the specific intent to—

(i) harm the national security of the United States; or

(ii) benefit any foreign government to the detriment of the United States.

(4) Paragraph (3)(C) shall not apply to direct and material aid that consists of—

(A) counseling, education, or other speech activity; or

(B) providing an electronic communication service to the public or a remote computing service (as such terms are defined in section 2510 and 2711, respectively)

(e)

(1)Any person convicted of a violation of this section shall forfeit to the United States irrespective of any provision of State law—

(A)any property constituting, or derived from, any proceeds the person obtained, directly or indirectly, as the result of such violation; and

(B)any of the person’s property used, or intended to be used, in any manner or part, to commit, or to facilitate the commission of, such violation.

(2)The court, in imposing sentence on a defendant for a conviction of a violation of this section, shall order that the defendant forfeit to the United States all property described in paragraph (1).

(3)Except as provided in paragraph (4), the provisions of subsections (b), (c), and (e) through (p) of section 413 of the Comprehensive Drug Abuse Prevention and Control Act of 1970 (21 U.S.C. 853(b), (c), and (e)–(p)), shall apply to

(A)property subject to forfeiture under this subsection;

(B)any seizure or disposition of such property; and

(C)any administrative or judicial proceeding in relation to such property,
if not inconsistent with this subsection.

(4)Notwithstanding section 524(c) of title 28, there shall be deposited in the Crime Victims Fund established under section 1402 of the Victims of Crime Act of 1984 (42 U.S.C. 10601) [1] all amounts from the forfeiture of property under this subsection remaining after the payment of expenses for forfeiture and sale authorized by law.

(5)As used in this subsection, the term “State” means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any territory or possession of the United States.

Joshua Schulte’s Hot and Cold Snowden Views

I’ve been tracking the government’s claims that the Vault 7 leaks “relate” to earlier WikiLeaks leaks — including Chelsea Manning’s and Anonymous‘ — Edward Snowden, and Shadow Brokers.

With respect to Snowden, specifically, in a warrant application submitted in 2017 (PDF 150) the government cited Schulte’s search for a specific Snowden tweet on August 4, 2016, just as he started searching for WikiLeaks information.

In a November filing laying out their theory of the crime, the government cited his searches on WikiLeaks and “related” topics in that same time period.

Around this time, Schulte also began regularly to search for information about WikiLeaks. In the approximately six years leading to August 2016, Schulte had conducted one Google search for WikiLeaks. Beginning on or about August 4, 2016 (approximately three months after he stole the Classified Information), Schulte conducted numerous Google searches for WikiLeaks and related terms and visited hundreds of pages that appear to have resulted from those searches. For example, in addition to searching for information about WikiLeaks and Julian Assange, its primary leader, Schulte also conducted searches using the search terms “narcissist snowden,” “wikileaks code,” “wikileaks 2017,” “shadow brokers,” and “shadow broker’s auction bitcoin.” “Snowden” was presumably a reference to Edward Snowden, the former NSA contractor who disclosed information about a purported NSA surveillance program, and “Shadow Brokers” was a reference to a group of hackers who disclosed online computer code that they purportedly obtained from the NSA, beginning in or about August 2016. Indeed, in contrast to the period before August 4, 2016, between that date and March 2017 (when the first of the Leaks occurred), Schulte conducted searches for Wikileaks and related information on at least 30 separate days.

Many of these searches, particularly the Snowden ones, could have been innocuous.

When Schulte’s lawyers tried to complain that Paul Rosenzweig’s inclusion of Manning, Anonymous, and Snowden in his expert testimony on WikiLeaks falsely assumed that Schulte knew of those earlier leaks, the government revealed that in contemporaneous chats, Schulte had commented on both Manning and Snowden.

Moreover, even setting aside the dubious assertion that a member of the U.S. intelligence community could have been completely unaware of WikiLeaks’ serial disclosures of classified and sensitive information and the resulting harm, the Government’s proof at trial will include evidence that the defendant himself was well aware of WikiLeaks’ actions and the harms it caused. For example, WikiLeaks began to disclose classified information Manning provided to the organization beginning in or about April 2010, including purported information about the United States’ activities in Afghanistan. In electronic chats stored on the defendant’s server, the defendant discussed these disclosures. For example, on August 10, 2010, the defendant wrote in a chat “you didn’t read the wikileaks documents did you?” and, after that “al qaeda still has a lot of control in Afghanistan.” In addition, on October 18, 2010, the defendant had another exchange in which he discussed Manning’s disclosures, including the fact that the information provided was classified, came from U.S. military holdings, and that (according to the defendant) it was easy for Manning to steal the classified information and provide it to WikiLeaks. Similarly, in a June 9, 2013 exchange, the defendant compared Manning to Edward Snowden, the contractor who leaked classified information from the National Security Agency, and stated, in substance and in part, that Snowden, unlike Manning, “didnt endanger in [sic] people.”

As I noted, that exchange the very day Snowden came forward might suggest Schulte had a much less critical view of Snowden’s leak than Manning’s.

But that’s not what he told his former CIA colleague, who testified this week under the pseudonym Jeremy Weber. To Weber, Schulte condemned Snowden’s behavior in the strongest terms, arguing Snowden was a traitor who should be executed.

A. I don’t believe so, no.

Q. You don’t remember him ever discussing leakers with you?

A. I, I do remember talking about leakers.

Q. Okay. What do you recall?

A. There was discussion around Snowden.

Q. Okay. And?

A. Schulte felt that Snowden was a — had betrayed his country.

Q. That doesn’t, you know, he seems to have strong opinions on everything. You sure he didn’t say more?

A. He probably would have call him a traitor. Said he should be executed for sure. I don’t remember specific verbiage, but he did express his typical strong opinions.

Q. Right. Then he had those same opinions about Chelsea Manning, correct?

A. Possibly. I don’t remember conversations about Chelsea Manning.

Q. And when he was talking about Snowden, it was clear to you that he strongly believed in the mission of the CIA, correct?

A. Yes.

Q. And he strongly believed that you should do nothing against America, correct?

A. Yes.

Q. And he thought Snowden should be executed, correct?

A. I believe I recall specifically him saying that.

Remarkably, Schulte’s lawyer Sabrina Shroff didn’t seem to expect this answer, even though she made much of the prior interviews Weber had had with what she called prosecutors, but which instead probably reflects having gotten 16 302s for Weber, many of them probably interviews with just FBI agents conducting early interviews as part of the investigation.

Q. You met with each one of these prosecutors, correct?

A. I don’t know if I talked to all of them, but, yes.

Q. You’ve talked to them somewhere between 11 and 15 times?

A. I have no idea what the number was.

Q. March 22, 2017, March 27, April 5, May 8th, May 22, June 1st, August 31. This was all in 2017.

A. Okay.

Q. Do you have any idea how many hours you spent with them in 2017?

A. No, I don’t.

Q. 2018, you met with them on January 12, June 1st, June 11, August 6, November 12, December 12, Any idea how many hours you spent with them?

MR. LAROCHE: Objection.

A. No.

THE COURT: Overruled.

Q. Then you met with them in January. Correct?

A. Yes.

Q. January 14, January 21, and January 29. Correct?

A. Possibly, yes.

Still, if Shroff has 16 302s from Weber and she didn’t know how he would answer this question, whether he and Schulte had ever spoken about Snowden’s leaks, it suggests the FBI and prosecutors never thought to ask someone who had worked side by side with Schulte for 6 years, starting around the same time as the Manning leaks and continuing through the Snowden leaks. Which is pretty remarkable.

The government responded by getting Weber to read from Schulte’s prison notebook where he seemingly advocated for sending top secret documents to WikiLeaks.

Q. Can you please read what the defendant wrote here?

A. “This is a huge wake-up call to U.S. intelligence officers. The Constitution you fight to defend will be” —

MS. SHROFF: Denied.

A. — “denied to you if, God forbid, you are ever accused of a crime. If your government has no allegiance in you, why do you have any allegiance towards your government or associates provided info to the NYT.”

MR. LAROCHE: Can we go up to the next, to the top of this page, please.

Q. Again, is this the defendant’s handwriting?

A. Yes.

Q. Can you please read what the defendant wrote?

A. “Your service in” — defense, maybe, “in” — I don’t recognize that word — “security investigations and pristine criminal history can’t even get you bail. As Joshua Schulte has said, you are denied a presumption of innocence. Ironic, you do your country’s dirty work, but when you — when your country accuses you of a crime, you are arrested and presumed guilty. And” — I don’t — “and” something, “your service. Send all of your secrets here: WikiLeaks.”

The chats from 2013 are not yet in evidence, so the government simply relied on what they had already entered with Weber based off his familiarity with Schulte’s handwriting.

But Shroff will — and already has — argued that you can’t argue the views Schulte expressed after he had been in jail for months were the same ones that motivated his actions in 2016, when he allegedly stole all these files. Weber couldn’t place his conversations about Snowden in time, so his views could have also changed before he leaked the files. But the 2018 prison notebooks cannot be said to reflect Schulte’s views in 2016.

The government seems intent on using Snowden et al to prove a level of mens rea that’s more than they need to prove to get convictions on the Espionage Act charges — that Schulte intended to do harm rather than had reason to know, based off his understanding of classification and the import of those hacking tools, that it would do harm. The varying things Schulte has said about Snowden and others may or may not support that, at least for the Espionage charges tied to the 2016 leaks.

That said, if and when Schulte is sentenced for all this, the testimony that he once claimed to believe leakers like Snowden should be executed may not help him avoid a life sentence.

Calyx Institute has generously funded obtaining these Schulte trial transcripts. Please consider a tax deductible donation to support that effort.

Methinks Joshua Schulte Doth Protest Too Much over Anonymous

Accused Vault 7 leaker Joshua Schulte — whose trial starts Monday — and the government are having a fight over Paul Rosenzweig’s expert witness testimony again (see this post for the most comprehensive coverage of this dispute). Rosenzweig submitted the Powerpoint he plans to use at trial. Schulte raised objections to the Powerpoint as a whole and to specific slides on it. And the government responded, offering to make some modifications.

The general complaint from Schulte is that the government is using Rosenzweig to introduce otherwise inadmissible hearsay. In one case, the government has agreed to withdraw the claim (a quote from Fred Kaplan, who in my opinion is not particularly reliable with respect to WikiLeaks in any case). The government makes two responses of particular interest. First, that experts are allowed to draw on periodicals to make their conclusions.

Moreover, the defendant’s objection to the introduction of statements from respected news publications ignores that the Rules of Evidence expressly provide for the introduction of such material. Federal Rule of Evidence 803(18) expressly permits the recitation of “[a] statement contained in a . . . periodical . . . if . . . the statement is . . . relied on by the expert on direct examination; and . . . the publication is established as a reliable authority by the expert’s admission or testimony, by another expert’s testimony, or by judicial notice.”

After pulling the Kaplan quote, there’s not really much left in the slide deck that quotes journalistic sources, aside from direct quotes about the diplomatic backlash to the State cables. But what the government doesn’t say is that WikiLeaks presents itself as a respected news publication, which if they truly believe is true should allow introducing the WikiLeaks material as such.

But the government wants to prevent that from coming into evidence (even though Schulte warned that calling Rosenzweig would invite it). Indeed, rather than including material from the About page that Schulte would like to include that makes that point,

The excerpts from the WikiLeaks website are taken out of context. If the government is permitted to introduce two sentences from the lengthy “about” page on WikiLeaks.org, the defense would be entitled to introduce other portions of that page, including that WikiLeaks is a “multi-national media organization and associated library,” that it has “contractual relationships” with more than 100 major media organizations, and that it has won numerous media awards. See https://wikileaks.org/What-is-WikiLeaks.html.

The government has offered to pull this slide:

Rather than conceding (or even mentioning) WikiLeaks’ claim to be a respected media outlet, the government says it can introduce the vast majority of the clips from WikiLeaks’ site because they are not assertions at all.

Indeed, other than WikiLeaks’ statements regarding the content of the Vault 7 leaks, the particular statements from WikiLeaks and Assange about which Mr. Rosenzweig will testify are not “statements” or “assertions” such that the rule against hearsay is even applicable.

That’s true. Some of what Rosenzweig plans to submit includes the pre-release hype WikiLeaks gave the Vault 7 release, including the release purporting to show the US had infiltrated French political parties (which it claimed provided justification for the Vault 7 release) and slides emphasizing the spookiness of the release, including this one invoking Chelsea Manning and Edward Snowden in the same breath as Julian Assange.

Other slides capture the instructions WikiLeaks gives to leakers, including to contact WikiLeaks if you have very large submissions (as this was) and to format and dispose of hard drives.

The government will claim Schulte followed some — but not all — of these instructions, in part because he couldn’t dispose of his CIA workstation, and in part because he kept the hard drives and a thumb drive he used to exfiltrate the files.

Mind you, WikiLeaks didn’t warn leakers not to Google everything they were doing as they did it, which is the really damning evidence against Schulte.

In any case, I can’t help but imagine we’ll be seeing this very same slide deck in a trial in EDVA (if Assange is ever extradited), as it shows a continuation of the kinds of activities charged in the existing Assange indictment. Assange’s extradition hearing has been split into two, with the second starting in May, so the government would have plenty of time to add such charges after this trial (which may last a month).

In addition to Rosenzweig’s refusal to include WikiLeaks’ awards (which I would imagine Schulte will bring out on cross in any case, though I honestly wonder why they didn’t bring in their own expert to present such material), one Schulte claim that absolutely has merit is that Rosenzweig should not use the WikiLeaks logo on all these slides.

Each page of the power point has the WikiLeaks logo and name from the WikiLeaks website as if the power point document itself was created by WikiLeaks. This creates a misleading impression and should be removed.

Schulte doesn’t lay out what misleading impression the logo provides, but I would argue it suggests that WikiLeaks endorses some of the content in the slide deck, pertaining to damage or the characterization of certain leaks. The government says this misleading impression can be avoided with an instruction.

With respect to the inclusion of the WikiLeaks logo on the relevant pages of the Demonstrative, WikiLeaks is the subject of his testimony, and it is reasonable to include it as a header. To avoid any confusion, the Government will elicit from Mr. Rosenzweig that the Demonstrative as a whole was prepared as a demonstrative aid for his testimony and was not produced by WikiLeaks.

I vehemently disagree with this stance. Over half of people are visual learners (indeed, the government will rely on visual reenactments to show how they claim Schulte stole the files). The logo on this slide deck ascribes to WikiLeaks things that they would strongly dispute. Particularly given that Rosenzweig is claiming there are three official WikiLeaks channels — the site, the WikiLeaks Twitter account, and Assange’s Twitter account — it is imperative that he differentiate in his presentation between what is official and what is his own analysis.

All of which is to say that, as predicted, calling Rosenzweig will invite a dispute over what kind of organization WikiLeaks really is (which is probably the point).

All that said, I’m frankly stunned that, amidst all the other slides in this presentation — including the one showing convicted leaker Chelsea Manning (whose leaks, the government will show, Schulte viewed as damaging in real time) and admitted leaker Edward Snowden (whom the government will show Schulte was Googling at a key time in August as he was also Googling WikiLeaks for almost the first time) — Schulte objects, again, to the invocation of Anonymous in this slide.

Having not objected that the government will raise Chelsea Manning and not objected that the government will raise Edward Snowden, Schulte is objecting that they’re raising Jeremy Hammond — like Manning, a confessed WikiLeaks source — and a 2010 operation to punish Paypal and others for blacklisting WikiLeaks.

We renew our objections to references to Anonymous, which are irrelevant and prejudicial.

As I have laid out, the way in which Schulte himself adopted the identity of Anonymous as part of his effort to leak to the WaPo from jail links together the three main pieces of evidence of that — his Signal texts with Shane Harris, his ProtonMail account in the name of Anonymous, and his prison notebooks. Schulte’s the one who claimed to be Anonymous, whether or not it’s true (and given the ethics the group adopts about membership, by claiming to be a member he basically is one). Anonymous’ tie to WikiLeaks is clearly admissible evidence based on Schulte’s own actions.

Schulte deems the invocation of Anonymous to suggest “concerted activity” that is more disturbing than simply stealing CIA’s hacking tools and leaking them to WikiLeaks in an effort to burn CIA to the ground out of spite for being made to sit in what Schulte considered an “intern desk” rather than a “prestigious desk with a window,” which is the motive the government says it will present.

The evidence of claimed participation in a shadowy, underground group infamous for cyber-attacks and dumping on WikiLeaks is unduly prejudicial as it suggests concerted activity of a type even more disturbing than what is charged.

The evidence suggests that Schulte adopted at least three personalities to leak from jail, deliberately attempting to present the illusion of concerted activity. Given the concerted concern about Anonymous amid all the equally damning references, perhaps some of Schulte’s imaginary friends aren’t actually imaginary?

As I disclosed in 2018, I provided information to the FBI in 2017. The government recently stated publicly that matters on which I shared information are related to Schulte. Aside from two press inquiries, I have not spoken with the government about Schulte.

Joshua Schulte Spoke Positively of Edward Snowden the Day Snowden Came Forward

Here I thought that Joshua Schulte’s lawyers had finally come up with a decent argument, that Paul Rosenzweig’s testimony would be pointless to prove that Schulte, in choosing to leak to WikiLeaks, intended to damage the US because the government would have to prove Schulte knew of WikiLeaks when he allegedly first stole the CIA documents in May 2016.

But after pointing out that Schulte’s lawyers already blew their chance to make that argument, in a response the government  then pointed out how bad this argument is: because Schulte’s lawyers have already admitted that, “of course, Mr. Schulte knew” about Chelsea Manning’s leaks.

As an initial matter, the defendant’s Reconsideration Motion directly contradicts the argument he made in his original motions in limine concerning Mr. Rosenzweig’s testimony. The defendant argues in the instant motion that Mr. Rosenzweig’s testimony should not be admitted because there is no evidence that the defendant knew of, for example, Chelsea Manning’s disclosures to WikiLeaks. In his original opposition to the Government’s motions in limine, however, the defendant argued the exact opposite:

Next, the government says that it intends to introduce evidence of Mr. Schulte’s “knowledge of [Ms.] Manning’s leak.” Gov. Res. 11. The release of documents by Ms. Manning was front page news in every major news publication for numerous days. Of course, Mr. Schulte knew about it; so did everyone else who picked up a newspaper. It is not clear what the expert would have to add to this information. (Dkt. 242 at 44).

Worse, the government lays out not just that Schulte wrote about both Manning’s leaks to WikiLeak and Edward Snowden’s leaks, but discloses that they intend to introduce those chats at trial.

Moreover, even setting aside the dubious assertion that a member of the U.S. intelligence community could have been completely unaware of WikiLeaks’ serial disclosures of classified and sensitive information and the resulting harm, the Government’s proof at trial will include evidence that the defendant himself was well aware of WikiLeaks’ actions and the harms it caused. For example, WikiLeaks began to disclose classified information Manning provided to the organization beginning in or about April 2010, including purported information about the United States’ activities in Afghanistan. In electronic chats stored on the defendant’s server, the defendant discussed these disclosures. For example, on August 10, 2010, the defendant wrote in a chat “you didn’t read the wikileaks documents did you?” and, after that “al qaeda still has a lot of control in Afghanistan.” In addition, on October 18, 2010, the defendant had another exchange in which he discussed Manning’s disclosures, including the fact that the information provided was classified, came from U.S. military holdings, and that (according to the defendant) it was easy for Manning to steal the classified information and provide it to WikiLeaks. Similarly, in a June 9, 2013 exchange, the defendant compared Manning to Edward Snowden, the contractor who leaked classified information from the National Security Agency, and stated, in substance and in part, that Snowden, unlike Manning, “didnt endanger in [sic] people.”

Effectively, the government is going to show that Schulte — who like Snowden worked at both CIA and NSA (though in reverse order) — had decided the day that Snowden revealed himself that he hadn’t endangered someone.

I suggested in this post that the government appears to be preparing to use Schulte as an exemplar of an ongoing conspiracy, complete with their reliance on organized crime precedents.

[T]he government is preparing to argue that Schulte intended to harm the United States when he leaked these files to WikiLeaks, a stronger level of mens rea than needed to prove guilt under the Espionage Act (normally the government aims to prove someone should have known it could cause harm, relying on their Non-Disclosure Agreements to establish that), and one the government has, in other places, described as the difference between being a leaker and a spy.

To make that argument, the government is preparing to situate Schulte’s leaks in the context of prior WikiLeaks releases, in a move that looks conspicuously like the kind of ongoing conspiracy indictment one might expect to come out of the WikiLeaks grand jury, one that builds off some aspects of the existing Assange indictment.

That is, the government appears to be using Schulte to lay out their theory — rolled out in the wake of the Vault 7 leaks — that WikiLeaks is a non-state hostile intelligence service.

To be sure, there’s nothing in the least bit incriminating about talking about Snowden in real time. But it will make it a lot easier to hold Schulte accountable for leaking stuff in a far more damaging way in 2016 than Snowden did in 2013.

As I disclosed in 2018, I provided information to the FBI in 2017.

Snowden Needs a Better Public Interest Defense: Disposing of the Journalist Filter

Some weeks ago, I wrote what was meant to be the second part of a three part review of Edward Snowden’s book, Permanent Record, in which I argued that his use of the Bildungsroman genre raised more questions than it answered about the timing of the moment he came to decide to reveal NSA’s files. I argued that the narrative did not present a compelling story that he had the maturity or the knowledge of the NSA’s files needed to sustain a public interest defense before the time he decided to take those files.

I’ve been struggling to write what was meant to be the first part of that review. That first part was meant to assess what I will treat as Snowden’s “cosmopolitan defense,” showing that his leaks have since been judged by neutral authorities to have revealed legal or human rights violations. As that first part has evolved, it has shifted into a more of a reflection on the failures of the surveillance community as a whole (and therefore my own failures) and of limits to an investment in whistleblowing as exposure. That part is not ready yet, but I hope the release of the FISA IG Report tomorrow will serve as a sounding board to pull those thoughts together.

But since this, the intended third part of the review, was mostly done, I wanted to release it to get it out of the way.

In addition to my other reactions about how this book fails to offer what Snowden has always claimed he wanted to do — offer a defense that he leaked the files in the public interest that could withstand cross-examination — this book harms the version of public interest defense Snowden has always offered. Snowden says that by sharing the NSA files with journalists, he made sure he wasn’t imposing his judgment for society. Given how unpersuasive his explanation for picking (especially) Glenn Greenwald as the journalist to make those choices is, which I addressed in my last post, and given Glenn’s much-mocked OpSec failures, there’s only so far Snowden can take that claim, because it’s always possible adversaries will steal the files or already have from journalists. The Intercept, in particular, went through very rigorous efforts to keep those files secure, but it took them some time to implement and that’s just one set of the files that are out there. 

Still, it is a claim that has a great deal of merit. It distinguishes Snowden from WikiLeaks. It mitigates a lot of concerns about the vast quantity of documents he took (or the degree to which they may relate to core national security concerns). I’m a journalist who once lost a battle to release Snowden documents that showed a troubling use of NSA authorities and who a second time chose not to rely on a Snowden document because its demonstrative value did not overcome the security damage releasing it might do. My experience working directly with the Snowden files is really quite limited and rather comical in its frustrations, but I will attest that there was a rigorous process put in place to protect the files and assess whether or not to publish them.

So I’m utterly biased about the value that journalists’ judgment might have served here. But if it ever comes to it, I will happily explain at length how Snowden’s choice to leak to journalists really does distinguish his actions.

Having made that argument, though, Snowden then violates precisely that principle by writing this book. 

There hasn’t been a lot of discussion about the disclosures Snowden makes in this book. They pale in comparison to what got disclosed with his NSA files. Nevertheless, I’m certain that Snowden revealed things that have forced CIA to mitigate risks if they hadn’t already done so before the book came out. In particular, Snowden describes the infrastructure of four different IC facilities, mostly CIA ones, in a way that would be useful for adversaries. Sure, our most skilled adversaries likely already knew what he disclosed in the book, but this book makes those details (if they haven’t already been mitigated) accessible to a wider range of adversaries.

More curious still is what Snowden makes a big show of not disclosing. In the book, Snowden describes how he took the files. While he describes sneaking the NSA’s files out on SD cards, he pointedly doesn’t explain how he transferred the files onto those SD cards.

I’m going to refrain from publishing how exactly I went about my own writing—my own copying and encryption—so that the NSA will still be standing tomorrow.

If Snowden really is withholding this detail out of some belief that sharing it would bring the NSA down tomorrow, he effectively just put a target on his back, walking as that back is around Moscow, to be coerced to answer precisely this question. And if Snowden really believes this detail is that damaging to the NSA, his assurances that he destroyed his encryption key to the files before he left Hong Kong and so could not be coerced, once he arrived in Russia, to share damaging information on the US falls flat. By his own estimation, Snowden did not destroy some of the most valuable knowledge he had that might be of interest, information he claims could bring the NSA down tomorrow. 

I actually doubt that’s why he’s withholding that detail. After all, the HPSCI Report on Snowden has a three page section that describes this process, including this entirely redacted passage (PDF 18) describing a particular vulnerability he used to make copies of the files, one the unredacted part of the HPSCI report suggests may have been unknown to NSA when Snowden exploited it.

Assuming the NSA, focusing all its forensic powers on understanding what had been, to that point, the agency’s worst breach ever, managed to correctly assess the vulnerability Snowden used by October 29, 2014, the date the NSA wrote a report describing “Methods Used by Edward Snowden To Remove Documents from NSA Networks,” then the NSA has presumably already fixed the vulnerability.

I honestly don’t know why, then, Snowden kept that detail secret. It’s possible it’s something banal, an effort to avoid sharing the critical forensic detail that would be used to prosecute him if he ever were to stand trial (though it’s not like there’s any doubt he took the documents). I can think of other possible reasons, but why he withheld this detail is a big question about the choices he made about what to disclose and what not to disclose in this book.

But that’s the challenge for Snowden, after investing much of a public interest defense in using journalists as intermediaries, now making choices personally about what to disclose and what to withhold. It accords Snowden a different kind of responsibility for the choices he makes in this book. And it’s not clear that, having assumed that role, Snowden met his own standards.

The WikiLeaks Conspiracy: The Government Prepares to Argue WikiLeaks Has Always Been an Organized Crime Syndicate

Last June, I ran into some folks who remain very close to Julian Assange. One of them scheduled dinner with me solely to scold me for writing honestly about the things that WikiLeaks had done in the past three years rather than focusing exclusively on the EDVA Espionage indictment charging Assange for things he did almost a decade ago.

The person complained that my factual reporting on 2016 election and — especially — the Vault 7 leak (I think this was the offending post) would undercut whatever unanimity there was among journalists (unanimity that I joined) that the existing charges against Assange were a dangerous precedent for actual journalists. Reporting true details about shitty things Assange had done in recent years on my humble little blog, it was claimed, would dangerously and singlehandedly undercut Assange’s defense.

No, I did not much appreciate the irony of being criticized for accurate reporting by someone purportedly defending journalism.

But I also thought the concerted effort to suppress what Assange had done recently, while perhaps necessary to generate the statements of support from journalists that were forthcoming, was short-sighted, because it misrepresents what Assange is actually facing. The grand jury in EDVA remains (as far as we know) active. The government specifically said, in June, that it needed Chelsea Manning’s testimony for subjects or charges not yet charged and said such charges were not time barred (as would be true of any ongoing conspiracy).

As the government’s ex parte submissions reflect, Manning’s testimony remains relevant and essential to an ongoing investigation into charges or targets that are not included in the superseding indictment. See Gov’t’s Ex Parte Mem. (May 23, 2019). The offenses that remain under investigation are not time barred, see id., and the submission of the government’s extradition request in the Assange case does not preclude future charges based on those offenses, see Gov’t’s Supplement to Ex Parte Mem. (June 14, 2019).

Since then, Jeremy Hammond has joined Manning in believing he can wait out whatever EDVA has in store.

Most of all, Joshua Schulte’s prosecution for the Vault 7 leak — a leak almost no WikiLeaks supporters I know will offer an enthusiastic defense of — kept chugging along. In recent weeks, Schulte has submitted a number of questionable filings claiming the dog ate his homework so he can’t be prepared in time for his trial:

  • The attorney appointed after defense attorneys said they needed one more attorney to prep for trial in time said he couldn’t prep for trial in time, but can’t talk about why not until he’s done with a week-long vacation
  • The government’s (admittedly long) motion in limine repeating details the government disclosed several times before took the defense by surprise
  • The defense can’t make a constitutional challenge to CIPA generally until the judge rules on CIPA specifically (this is the one arguably reasonable request)
  • The defense had no idea the government wasn’t claiming Schulte downloaded a terabyte of data onto a thumb drive that can’t hold that terabyte even though the government told the defense that a year ago and then again in November

But as of now, Schulte’s trial is due to start on January 13, a month and a half before Assange’s first substantive extradition hearing starting on February 25.

And at that trial, the government is preparing to argue that Schulte intended to harm the United States when he leaked these files to WikiLeaks, a stronger level of mens rea than needed to prove guilt under the Espionage Act (normally the government aims to prove someone should have known it could cause harm, relying on their Non-Disclosure Agreements to establish that), and one the government has, in other places, described as the difference between being a leaker and a spy.

To make that argument, the government is preparing to situate Schulte’s leaks in the context of prior WikiLeaks releases, in a move that looks conspicuously like the kind of ongoing conspiracy indictment one might expect to come out of the WikiLeaks grand jury, one that builds off some aspects of the existing Assange indictment.

In a motion opposing Schulte’s effort to disqualify Paul Rosenzweig as an expert witness (see this post for background), the government lays out some of the things it plans to have Rosenzweig explain to the jury. Some of this is dangerous criminalization of security, most notably tying WikiLeaks’ endorsement of Tor and Tails to Schulte’s own use of it.

But some of it fleshes out the scope the government laid out when it first requested to call Rosenzweig.

The Government recognizes the need to avoid undue prejudice, and will therefore limit Mr. Rosenzweig’s testimony to prior WikiLeaks leaks that have a direct relationship with particular aspects of the conduct relevant to this case, for example by linking specific harms caused by WikiLeaks in the past to Schulte’s own statements of his intent to cause similar harms to the United States or conduct. Those leaks include (i) the 2010 disclosure of documents provided to WikiLeaks illegally by Chelsea Manning; (ii) the 2010 disclosure of U.S. diplomatic cables; (iii) the 2012 disclosure of files stolen from the intelligence firm Stratfor; and (iv) the 2016 disclosure of emails stolen from a server operated by the Democratic National Committee.

For example, it will tie WikiLeaks’ failure to redact the identities of US sources in Chelsea Manning’s leaks — something charged in counts 15 through 17 of Assange’s indictment — to Schulte’s behavior. It sounds like Rosenzweig will explain something I’ve alluded to: WikiLeaks apparently left the names of some of Schulte’s colleagues unredacted, which given WikiLeaks’ big show of redacting the files could only have been intentional and would have required coordination with Schulte to do.

Mr. Rosenzweig will testify that WikiLeaks does not typically redact the information that it publicly discloses (even when that information may reveal confidential sources). The Government will introduce evidence, however, that the Classified Information was purportedly redacted when posted online. Mr. Rosenzweig’s testimony will help the jury understand the significance of WikiLeaks’ unique claim to have redacted the Classified Information, including, for example, the period of delay between when Schulte disclosed the Classified Information to WikiLeaks (in or about the spring of 2016) and when WikiLeaks first announced that it would begin to disclose the Classified Information (in or about the spring of 2017). [my emphasis]

One reason Assange made a show of redacting the identities was because he was attempting to extort a pardon at the time, so he had to appear willing to negotiate with DOJ. But it seems likely Rosenzweig will explain that that was just a show and that even as WikiLeaks was making that show it was also ensuring that other CIA SysAdmins might be targeted by foreign governments.

Likewise, Rosenzweig will tie the embarrassment caused by Manning’s releases to Schulte’s own intent to cause damage with his self-described Information War against the US.

The Government intends to introduce evidence (including his statements) of Schulte’s knowledge of Manning’s leak and the need for the U.S. government to maintain secrecy over certain information. Furthermore, the Government also plans to introduce evidence of how Schulte, from the Metropolitan Correctional Center (the “MCC”), declared an “information war” against the United States, pursuant to which he intended to publicly disclose classified information and misinformation, including through WikiLeaks (such as the Fake FBI Document), for the purpose of destroying the United States’ “diplomatic relationships,” and encouraged other U.S. government employees to disclose confidential information to WikiLeaks. Mr. Rosenzweig will explain to the jury generally information other leakers have transmitted to WikiLeaks that the organization published and how foreign governments reacted negatively to WikiLeaks’ disclosure of that information—leading, for example, to the highly-publicized resignation of the U.S. Ambassador to Mexico.

Effectively, the government will argue that if you want to conduct an Information War on the US, you choose to leak to WikiLeaks and ensure it will be as damaging as possible. Whatever the circumstances of Manning’s leaks, this uses Schulte’s stated desire to damage the US to retroactively taint what WikiLeaks has claimed in the past was mere journalistic exposure of wrong-doing. That doesn’t necessarily change the First Amendment danger in charging Assange. But it surely attempts to undercut WikiLeaks’ brand as a journalistic entity.

Most interestingly, the government will point to a claim Schulte made to a journalist while writing from jail (one that is plausible given some of his past public postings, but if true, is an unfathomable indictment of CIA’s vetting process) that he once belonged to Anonymous. Rosenzweig will tie this to Anonymous’ decisions to leak the Stratfor cables to WikiLeaks in 2012.

As described in the Government Motions in Limine, in encrypted communications from one of the Contraband Cellphones, Schulte (posing as a third person) stated that he had previously been a member of Anonymous, a group of online hacker activists. Mr. Rosenzweig will testify about how, in 2012, Anonymous and WikiLeaks worked together to release information from a private U.S. intelligence firm.

Of course, Anonymous didn’t just leak the Stratfor cables to WikiLeaks. They also shared files stolen during the Arab Spring and the Syria files. The latter leak provides one of the earliest indicators where the process by which WikiLeaks obtained files may have involvement of Russia, because somehow a file that would have been very damning for Russia never got published. But both would make the story the US wants to tell more complex (though still potentially consistent).

In any case, the focus on Stratfor may explain why the government is holding Jeremy Hammond in contempt to try to get him to testify in the EDVA grand jury, particularly if the government has reason to believe that Schulte was part of that hack.

Finally, the government will use Rosenzweig to explain how, in the wake of the DNC leak and at a time he was in a huff at his CIA bosses again, Schulte did … something in August 2016.

The Government intends to introduce evidence that Schulte transmitted the Classified Information to WikiLeaks in the spring of 2016, that WikiLeaks did not begin to disclose the Classified Information until March 2017, that Schulte was angry with CIA management in August 2016 over a performance review he received, that Schulte’s protective order against Employee-1 was vacated in August 2016, and that, around that same time (i.e., in August 2016), Schulte began to conduct extensive research online about WikiLeaks. The Government intends to offer evidence relating to those searches, including the specific queries Schulte conducted. Schulte has argued in his writings that his August 2016 research was related to WikiLeaks’ August 2016 disclosure of information stolen from a Democratic National Committee server (the “DNC Leak”). Mr. Rosenzweig will testify about the DNC Leak, including the type of information that WikiLeaks actually disclosed in connection with that leak, which will demonstrate why Schulte’s WikiLeaksrelated searches include queries that had nothing to do with the DNC Leak

Side note: Part of the media blitz Assange did in the wake of the DNC leaks included a claim to Chuck Todd that if WikiLeaks ever received information from US intelligence, they would publish it.

Well, it’s a meta story. If you’re asking would we accept information from U.S. intelligence that we had verified to be completely accurate, and would we publish that, and would we protect our sources in U.S. intelligence, the answer is yes, of course we would.

No one else would have, but Schulte would presumably have recognized this as a nod to him, reassurance provided on heavily watched TV that WikiLeaks was progressing towards releasing the files Schulte had leaked. Which is why the likelihood that Schulte also stole a single file reflecting CIA collecting information on who might win the 2012 French presidential election, which WikiLeaks subsequently falsely portrayed as proof that CIA had infiltrated political parties in France rather than asked well-placed sources for readily available information, is of particular interest.

The government, however, is going to point to other Google searches by Schulte from August 2016 that lump Edward Snowden and Shadow Brokers in with WikiLeaks.

For example, in addition to searching for information about WikiLeaks and Julian Assange, its primary leader, Schulte also conducted searches using the search terms “narcissist snowden,” “wikileaks code,” “wikileaks 2017,” “shadow brokers,” and “shadow broker’s auction bitcoin.” “Snowden” was presumably a reference to Edward Snowden, the former NSA contractor who disclosed information about a purported NSA surveillance program, and “Shadow Brokers” was a reference to a group of hackers who disclosed online computer code that they purportedly obtained from the NSA, beginning in or about August 2016.

I have long wondered whether Vault 7 was not a free-standing leak but instead part of the Shadow Brokers operation.  This seems to suggest the government knows they are. If that’s right, it would suggest that in the period when the government was trying to figure out precisely what Russia had done in 2016, both the NSA and CIA’s ability to spy on Russia (and other countries) would have been been deliberately burnt to the ground. And if Schulte knowingly participated in that — in an effort to ensure that the US would struggle to even learn what Russia had done in 2016 — it would explain why they’re planning on arguing he is more of a spy than a leaker.

Which would, in turn, explain why they took the first steps towards arresting Assange as FBI started putting together the evidence needed to charge Schulte on these leaks in 2017.

Let me be clear: I’m not saying I’m sure they’ll fill all these details in a superseding Assange indictment (though the government said it could not provide Assange the underlying evidence even for the 2010 charges until around Christmas — at which point Schulte will have gone through the CIPA process of declassifying classified information for use in his defense, and they could add charges at least until the February 25 hearing). It may still be that the government won’t want to get into the level of classified detail they’d need to to flesh out that case, particularly if they can’t coerce Manning and Hammond to cooperate.

I’m also not making a normative judgment that this eliminates the very real problems with the way Assange is charged now. Without seeing the government’s case, it’s too soon to tell.

What I’m trying to do is lay out what the government seems to be preparing to argue about WikiLeaks in the Schulte case. No doubt this will get me invited for another stern scolding at dinner, but it’s time to stop pretending Assange is being prosecuted for the understanding of WikiLeaks that existed in 2010. By all means, people can and will still defend Assange for taking on an imperialist America. For much of the world (though presumably not among any Five Eyes governments, including Assange’s home country), that still makes him an important dissident taking on a superpower. There is some merit to that stance, but it also requires arguing that superpowers shouldn’t have democratic elections.

But the government is preparing to argue that, after helping Russia tamper in America’s election, WikiLeaks deliberately burned some of CIA’s collection abilities to the ground, making it harder for the US to figure out how Russia did so. The government is preparing to argue that such actions are consistent with what WikiLeaks has been up to since 2010.

I’ve been expecting we might see an indictment alleging WikiLeaks and its associates were and remain engaged in an ongoing conspiracy (a possibility that, if Manning and Hammond’s lawyers haven’t warned them about, they are being utterly negligent, because the government could well argue that obstructing this investigation by refusing to provide immunized testimony is an overt act furthering the conspiracy).

The citations the government has used to justify Rosenzweig’s testimony are heavily focused on terrorism and mob cases (United States v. Farhane and United States v. Mustafa, which are al Qaeda cases; United States v. El Gammal, which is an ISIL one, and United States v. Rahimi, the self-radicalized Chelsea bomber; United States v. Lombardozzi and United States v. Locascio which are Gambino cases, United States v. Amuso, a Lucchese case), including one RICO case. That’s undoubtedly why Schulte’s lawyers really want Rosenzweig’s testimony excluded, to avoid having WikiLeaks treated like an organized crime syndicate.

But if the government is preparing to claim that WikiLeaks worked with Schulte not only to obtain files it tried to use to extort a pardon but then released them in a way that would hurt America’s efforts to respond to Russia’s 2016 operation, that’s a pretty compelling analogy.

Update: After comments from Stefania Maurizi, I’ve rephrased how I described what happened with the Syria Files. I want to be clear the statement in the post was not based on what I’ve been told by reliable sources about the process by which those files got shared with WikiLeaks.

As I disclosed last year, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Snowden Needs a Better Public Interest Defense, Part I: Bildungsroman

If I were Zachary Terwilliger, the US Attorney for Eastern District of Virginia, where Edward Snowden was indicted, I’d call up Snowden’s lawyer, Ben Wizner, and say, “Bring it on.” 

Since Snowden first went public, he has claimed he’d return to the US for trial if he could mount a public interest defense where he could explain why he did what he did and demonstrate how his leaks benefited society. With his book, Permanent Record, Snowden did just that, albeit in a narrative targeted at the general population, not prosecutors and a jury. And yet, the book falls far short of the kind of argument Snowden would need to make to mount such a legal defense. If Terwilliger were to make an exception to EDVA’s precedents that prohibit defendants from mounting a public interest defense (he won’t, of course), then, this “permanent record” would be available for prosecutors to use to pick apart any public interest defense Snowden tried to make.

Let me be clear, I think Snowden can make such a case — I’ve addressed some of the issues here. I also am well aware of the tremendous debt both domestic and international surveillance activism, to say nothing of my own journalism, owes to Snowden. While I’m agnostic about his true motives and implementation (I’ve got more questions after reading the book than before), he is undeniably a courageous person who sacrificed his comfort and safety to do what he did. Whether he can mount a hypothetical public interest defense or not is not necessarily tied to the lasting value of his releases, something I’ll address in a follow-up. And the book serves other purposes as well, such as alerting non-experts to the privacy dangers of Silicon Valley’s unquenchable thirst for their data.

But the book fails to do adequately what Snowden has been claiming he wanted to do all along, and as such, I found it profoundly disappointing. I’ve been struggling to write up how and why, so will need to break up my reasons into three parts. 

I’m an expert on surveillance. But I also happen to have a PhD in literature. And it was the narrative structure of the book that first triggered my frustration with it.

The book–which Snowden wrote with novelist Joshua Cohen–is a classic Bildungsroman, a narrative that portrays the maturation of its protagonist as he (usually it’s a he) struggles with the conventions of the world. Snowden was pretty much stuck writing his memoir as a Bildungsroman, because he needs to explain why, after enthusiastically pursuing jobs at the center of the Deep State–something he’s now bitterly critical of–he then turned on the Deep State and exposed it. He attributes his prior enthusiasm, bitterly, to naiveté, and the narrative does portray young Snowden as emotionally immature and kind of annoying. People would only voluntarily work in the Deep State because they’re naive, this narrative approach insinuates. 

For the general public, writing a Bildungsroman is a really effective genre because (for the same reason we get assigned Bildungsroman to read in high school), it helps the public vicariously travel the same path of maturation. For lay readers, the genre may help them develop a more mature view on technology and privacy. 

For a guy with legal problems, though, writing one is fraught with danger. That’s because any public interest defense will depend on Snowden arguing about his state of mind and motives for leaking, and in writing this book, he committed to a chronology that maps that out. So the serial moments that, in Bildungsroman you read in high school, are just means to reaching an ethical adulthood, here serve as roadmaps to measure whether, at key moments when Snowden engaged in certain actions related to his leaking (taking a particular job, seeking out certain files), he had the state of mind that might sustain a public interest defense. The genre provides a way to measure whether he had the maturity and pure motive to make the decisions he did at each stage of the process.

From an ethical perspective, if the moment he becomes mature comes too late in the story, then it means he was not mature enough to make the decisions he did to take NSA’s documents, and we should question the judgment he exercised, particularly given how painfully immature he portrays himself at the beginning. From a legal perspective, if that moment comes too early in the story, it means he started the process of taking the documents before he got what he claims (unconvincingly) was a full understanding of what he was taking, so he must have taken them for some other reason than a measured assessment of the problems with the NSA’s programs.

As a reader (with, admittedly, far more training in narrative than virtually all of Snowden’s imagined readers), I found it hard to determine when, in Snowden’s own mind, he graduated from being the emotionally immature and naive person he disdainfully describes himself as at the beginning of his development to being the sophisticated person who could make sound decisions about what is good for humanity he claims to be when he takes the NSA documents. He makes it clear there were several such moments: when he realized how our spying is like China’s, when he read the draft NSA IG Report on Stellar Wind, when he saw the kid of a target and realized it could have been him. The process was iterative. But every one of those moments presents problems for either his ethical or legal claims.

It doesn’t help that there were key gaps in this story. The most discussed one involves what has happened to him since he got to Russia. That gap feels all the more obvious given how much time (3 hours out of 11 in the Audible version of the book) he spends describing his youth. 

What Snowden has done since he got to Russia obviously can’t change the events that happened years ago, while dissident Snowden was being formed and as he carried out his exfiltration of NSA’s documents. But whatever has happened to him in Russia may change the perspective through which Snowden, the narrator, views his own actions.

Just by way of illustration, much of Snowden’s discussion of the law and privacy in the book bears the marks of years of intellectual exchange with Wizner and Glenn Greenwald — both of whom he invokes in his acknowledgments. If Ben and Glenn are a tangible part of the focal point through which Snowden views his own story — and as someone who knows them both, they are — then so must be exile in Russia (as well as his relationship with Lindsey, though he foregrounds that lens throughout the book). The narrator of this book is sitting in exile in Russia, and as such Snowden’s silence about what that means is jarring. 

The other gaps, however, are more problematic for this Bildungsroman of public interest.

A minor example: Snowden doesn’t address how he got sent home from Geneva, an episode that, per HPSCI’s report on Snowden, involved a disciplinary dispute. From the Intelligence Community’s perspective, that’s the moment where Snowden turned on the Deep State, and for petty emotional reasons, not ethical ones. So his silence on the point is notable.

Far more significantly, one of the episodes that Snowden treats as a key developmental moment, a moment where he shifted from repressing the problem of being a key participant in a dragnet to wanting to defeat it, came when, during convalescence after his first bout of epilepsy, he set up a Tor bridge to support Iranian protesters during the Arab Spring. 

I wanted to help, but I didn’t know how. I’d had enough of feeling helpless, of being just an asshole in flannel lying around on a shabby couch eating Cool Ranch Doritos and drinking Diet Coke while the world went up in flames.

[snip]

Ever since I’d been introduced to the Tor Project in Geneva, I’d used its browser and run my own Tor server, wanting to do my professional work from home and my personal Web browsing unmonitored. Now, I shook off my despair, propelled myself off the couch, and staggered over to my home office to set up a bridge relay that would bypass the Iranian Internet blockades. I then distributed its encrypted configuration identity to the Tor core developers.

This was the least I could do. If there was just the slightest chance that even one young kid from Iran who hadn’t been able to get online could now bypass the imposed filters and restrictions and connect to me—connect through me—protected by the Tor system and my server’s anonymity, then it was certainly worth my minimal effort.

[snip]

The guy who started the Arab Spring was almost exactly my age. He was a produce peddler in Tunisia, selling fruits and vegetables out of a cart. In protest against repeated harassment and extortion by the authorities, he stood in the square and set fire to his life, dying a martyr. If burning himself to death was the last free act he could manage in defiance of an illegitimate regime, I could certainly get up off the couch and press a few buttons.

Four paragraphs later, Snowden describes realizing (once on his new job in Hawaii, on his birthday) that his life would take a new direction.

One day that summer—actually, it was my birthday—as I passed through the security checks and proceeded down the tunnel, it struck me: this, in front of me, was my future. I’m not saying that I made any decisions at that instant. The most important decisions in life are never made that way. They’re made subconsciously and only express themselves consciously once fully formed—once you’re finally strong enough to admit to yourself that this is what your conscience has already chosen for you, this is the course that your beliefs have decreed. That was my twenty-ninth birthday present to myself: the awareness that I had entered a tunnel that would narrow my life down toward a single, still-indistinct indistinct act.

As described, this is a dramatic moment, that instant where the protagonist becomes a mature actor. But it’s also (as all story-telling is) narrative manipulation, the narrator’s decision to place the key moment in a tunnel in Hawaii, after he already has the job, and not weeks earlier on a couch in Maryland before he starts looking for a new job. Nevertheless, the proximity narratively links his response to the Arab Spring inseparably to his decision to become a dissident.

Immediately after his response to the Arab Spring, then, he moved to the pineapple field in Hawaii, yet another new job at NSA helping run the dragnet. Immediately upon arriving, he set up a script to obtain certain kinds of documents, Heartbeat. He insists that he first set up the script only to read the files to learn what the NSA was really doing and also claims that that script is where most of the documents he shared with journalists came from (the latter claim would be one of the first things prosecutors would rip to shreds, because the exceptions are important ones). 

Before I go any further, I want to emphasize this: my active searching out of NSA abuses began not with the copying of documents, but with the reading of them. My initial intention was just to confirm the suspicions that I’d first had back in 2009 in Tokyo.

[snip]

Nearly all of the documents that I later disclosed to journalists came to me through Heartbeat. It showed me not just the aims but the abilities of the IC’s mass surveillance system. This is something I want to emphasize: in mid-2012, I was just trying to get a handle on how mass surveillance actually worked.

That’s a crucial step for the public interest defense, because unless he had some basis to determine the NSA was doing stuff egregiously wrong, stealing the documents to expose them would not be based on the public interest. That he could learn more in the six months to a year he spent doing that covertly, part time, than the handful of journalists who’ve spent the better part of five years doing nothing but that is questionable (though Snowden rightly claims he has a better understanding of the technology and infrastructure than most of the journalists who have reported on the files).

But the way the epilepsy narrative immediately precedes his move to Kunia hurts his public interest defense, because it means he had already started thinking in terms of action at the time he sought out a job where he’d have reason to scrape the NSA’s files in bulk.

That’s all the more true given that it would be unlikely he’d be sharing information about Tor bridges during the Arab Spring with core Tor developers and not interact with Jake Appelbaum. I know the Snowden story pretty well, but this is the first that I heard of the possibility that he was interacting with Jake — who already was a fierce critic of the US government and had close ties to WikiLeaks at the time — before he went to Kunia. And if the process by which he became a dissident involved interacting with Jake, then it makes his decision to start a new job at NSA rather than just quit and apply his skills to building privacy tools, far, far more damning. It also makes Snowden’s explanation of why he leaked to Laura Poitras and Glenn (his explanation for the latter of which is already thoroughly unconvincing in the book) far more problematic. To be clear, I don’t know if he did interact with Jake, but Jake had a very central and public role in using Tor to facilitate the Arab Spring, so the gap raises more questions than answers.

There are other, similar gaps in the narrative. I won’t lay them out because the FBI sucks ass at narrative, and there’s no reason for me to help them. Suffice it to say, though, that Snowden’s own story about when and how he became an ethical dissident hurts his legal story far more than it helps.

How Twelve Years of Warning and Six Years of Plodding Reform Finally Forced FBI to Do Minimal FISA Oversight

Earlier this week, the government released the reauthorization package for the 2018 Section 702 certificates of FISA. With the release, they disclosed significant legal fights about the way FBI was doing queries on raw data, what we often call “back door searches.” Those fights are, rightly, being portrayed as Fourth Amendment abuses. But they are, also, the result of the FISA Court finally discovering in 2018, after 11 years, that back door searches work like some of us have been saying they do all along, a discovery that came about because of procedural changes in the interim.

As such, I think this is wrong to consider “FISA abuse” (and I say that as someone who was very likely personally affected by the practices in question). It was, instead, a case where the court discovered that FBI using 702 as it had been permitted to use it by FISC was a violation of the Fourth Amendment.

As such, this package reflects a number of things:

  • A condemnation of how the government has been using 702 (and its predecessor PAA) for 12 years
  • A (partial — but thus far by far the most significant one) success of the new oversight mechanisms put in place post-Snowden
  • An opportunity to reform FISA — and FBI — more systematically

This post will explain what happened from a FISA standpoint. A follow-up post will explain why this should lead to questions about FBI practices more generally.

The background

This opinion came about because every year the government must obtain new certificates for its 702 collection, the collection “targeted” at foreigners overseas that is, nevertheless, designed to collect content on how those foreigners are interacting with Americans. Last we had public data, there were three certificates: counterterrorism, counterproliferation, and “foreign government,” which is a too-broadly scoped counterintelligence function. As part of that yearly process, the government must get FISC approval to any changes to its certificates, which are a package of rules on how they will use Section 702. In addition, the court conducts a general review of all the violations reported over the previous year.

Originally, those certificates included proposed targeting (governing who you can target) and minimization (governing what you can do once you start collecting) procedures; last year was the first year the agencies were required to submit querying procedures governing the way agencies (to include NSA, CIA, National Counterterrorism Center, and FBI) access raw data using US person identifiers. The submission of those new querying procedures are what led to the court’s discovery that FBI’s practices violated the Fourth Amendment.

In the years leading up to the 2018 certification, the following happened:

  • In 2013, Edward Snowden’s leaks made it clear that those of us raising concerns about Section 702 minimization since 2007 were correct
  • In 2014, the Privacy and Civil Liberties Oversight Board (which had become operational for the first time in its existence almost simultaneously with Snowden’s leaks) recommended that CIA and FBI have to explain why they were querying US person content in raw data
  • In 2015, Congress passed the USA Freedom Act, the most successful reform of which reflected Congress’ intent that the FISA Court start consulting amicus curiae when considering novel legal questions
  • In 2015, amicus Amy Jeffress (who admitted she didn’t know much about 702 when first consulted) raised questions about how queries were conducted, only to have the court make minimal changes to current practice — in part, by not considering what an FBI assessment was
  • In the 2017 opinion authorizing that year’s 702 package, Rosemary Collyer approved an expansion of back door searches without — as Congress intended — appointing an amicus to help her understand the ways the legal solution the government implemented didn’t do what she believed it did; that brought some (though not nearly enough) attention to whether FISC was fulfilling the intent of Congress on amici
  • In the 2017 Reauthorization (which was actually approved in early 2018), Congress newly required agencies accessing raw data to submit querying procedures along with their targeting and minimization procedures in the annual certification process, effectively codifying the record-keeping suggestion PCLOB had made over two years earlier

When reviewing the reauthorization application submitted in March 2018, Judge James Boasberg considered that new 2017 requirement a novel legal question, so appointed Jonathan Cederbaum and Amy Jeffress, the latter of whom also added John Cella, to the amicus team. By appointing those amici to review the querying procedures, Boasberg operationalized five years of reforms, which led him to discover that practices that had been in place for over a decade violated the Fourth Amendment.

When the agencies submitted their querying procedures in March 2018, all of them except FBI complied with the demand to track and explain the foreign intelligence purpose for US person queries separately. FBI, by contrast, said they already kept records of all their queries, covering both US persons and non-US persons, so they didn’t have to make a change. One justification it offered for not keeping US person-specific records as required by the law is that Congress exempted it from the reporting requirements it imposed on other agencies in 2015, even though FBI admitted that it was supposed to keep queries not just for the public reports from which they argued they were exempted, but also for the periodical reviews that DOJ and ODNI make of its queries for oversight purposes. FBI Director Christopher Wray then submitted a supplemental declaration, offering not to fix the technical limitations they built into their repositories, but arguing that complying with the law via other means would have adverse consequences, such as diverting investigative resources. Amici Cedarbaum and Amy Jeffress challenged that interpretation, and Judge James Boasberg agreed.

The FBI’s querying violations

It didn’t help FBI that in the months leading up to this dispute, FBI had reported six major violations to FISC involving US person queries. While the description of those are heavily redacted, they appear to be:

  • March 24-27, 2017: The querying of 70K facilities “associated with” persons who had access to the FBI’s facilities and systems. FBI General Counsel (then run by Jim Baker, who had had these fights in the past) warned against the query, but FBI did it anyway, though did not access the communications. This was likely either a leak or a counterintelligence investigation and appears to have been discovered in a review of existing Insider Threat queries.
  • December 1, 2017: FBI conducted queries on 6,800 social security numbers.
  • December 7-11, 2017, the same entity at FBI also queried 1,600 queries on certain identifiers, though claimed they didn’t mean to access raw data.
  • February 5 and 23, 2018: FBI did approximately 30 queries of potential sources.
  • February 21, 2018: FBI did 45 queries on people being vetted as sources.
  • Before April 13, 2018: an unspecified FBI unit queried FISA acquired metadata using 57,000 identifiers of people who work in some place.

Note, these queries all took place under Trump, and most of them took place under Trump’s hand-picked FBI Director. Contrary to what some Trump apologists have said about this opinion, it is not about Obama abuse (though it reflects practices that likely occurred under him and George Bush, as well).

These violations made it clear that Congress’ mandate for better record-keeping was merited. Boasberg also used them to prove that existing procedures did not prevent minimization procedure violations because they had not in these instances.

As he was reviewing the violations, Boasberg discovered problems in the oversight of 702 that I had noted before, based off my review of heavily redacted Semiannual Reports (which means they should have been readily apparent to everyone who had direct access to the unredacted reports). For example, Judge Boasberg noted how few of FBI’s queries actually get reviewed during oversight reviews (something I’ve pointed out repeatedly, and which 702 boosters have never acknowledged the public proof of).

As noted above, in 2017 the FBI conducted over three million queries of FISA-acquired information on just one system, [redacted]. See Supplemental FBI Declaration at 6. In contrast, during 2017 NSD conducted oversight of approximately 63,000 queries in [redacted] and 274,000 queries in an FBI system [redacted]. See Gov’t Response at 36.

Personnel from the Office of Intelligence (OI) within the Department of Justice’s National Security Division (NSD) visit about half of the FBI’s field offices for oversight purposes in a given year. Id at 35 & n 42. Moreover OI understandably devotes more resources to offices that use FISA authorities more frequently, so those offices [redacted] are visited annually, id at 35 n. 42, which necessitates that some other offices go for periods of two years or more between oversight visits. The intervals of time between oversight visits at a given location may contribute to lengthy delays in detecting querying violations and reporting them to the FISC. See, e.g., Jan. 18, 2019, Notice [redacted] had been conducting improper queries in a training context since 2011, but the practice was not discovered until 2017).

He also noted that the records on such queries don’t require contemporaneous explanation from the Agent making the query, meaning any review of them will not find problems.

The FBI does not even record whether a query is intended to return foreign-intelligence information or evidence of crime. See July 13, 2018, Proposed Tr. at 14 (DOJ personnel “try to figure out” from FBI query records which queries were run for evidence of crime purposes). DOJ personnel ask the relevant FBI personnel to recall and articulate the bases for selected queries. Sometimes the FBI personnel report they cannot remember. See July 9, 2018, Notice.

Again, I noted this in the past.

In short, as Boasberg was considering Wray’s claim that the FBI didn’t need the record-keeping mandated by Congress, he was discovering that, in fact, FBI needs better oversight of 702 (something that should have been clear to everyone involved, but no one ever listens to my warnings).

FISC rules the querying procedures do not comply with the law or Fourth Amendment

In response to Boasberg’s demand, FBI made several efforts to provide solutions that were not really solutions.

The FBI’s first response to FISC’s objections was to require General Counsel approval before accessing the result of any “bulk” queries like the query that affected 70K people — what it calls “categorical batch queries.”

Queries that are in fact reasonably likely to return foreign-intelligence information are responsive the government’s need to obtain and produce foreign-intelligence information, and ultimately to disseminate such information when warranted. For that reason, queries that comply with the querying standard comport with § 1801 (h), even insofar as they result in the examination of the contents of private communications to or from U.S. persons. On the other hand, queries that lack a sufficient basis are not reasonably related to foreign intelligence needs and any resulting intrusion on U.S. persons’ privacy lacks any justification recognized by§ 1801 (h)(l). Because the FBI procedures, as implemented, have involved a large number of unjustified queries conducted to retrieve information about U.S. persons, they are not reasonably designed, in light of the purpose and technique of Section 702 acquisitions, to minimize the retention and prohibit the dissemination of private U.S. person information.

But Boasberg was unimpressed with that because the people who’d need to consult with counsel would be the most likely not to know they did need to do so.

He also objected to FBI’s attempt to give itself permission to use such queries at the preliminary investigation phase (before then, FBI was doing queries at the assessment stage).

The FBI may open a preliminary investigation with even less of a factual predicate: “on the basis of information or an allegation indicating the existence of a circumstance” described in paragraph a. orb. above. Id. § II.B.4.a.i at 21 (emphasis added). A query using identifiers for persons known to have had contact with any subject of a full or preliminary investigation would not require attorney approval under § IV.A.3, regardless of the factual basis for opening the investigation or how it has progressed since then.

Boasberg’s Fourth Amendment analysis was fairly cautious. Whereas amici pushed for him to treat the queries as separate Fourth Amendment events, on top of the acquisition (which would have had broad ramifications both within FISA practice and outside of it), he instead interpreted the new language in 702 to expand the statutory protection under queries, without finding queries of already collected data a separate Fourth Amendment event.

Similarly, both Boasberg and the amici ultimately didn’t push for a written national security justification in advance of an actual FISA search. Rather, they argued FBI had to formulate such a justification before accessing the query returns (in reality, many of these queries are automated, so it’d be practically impossible to do justifications before the fact).

Boasberg nevertheless required the FBI to at least require foreign intelligence justifications for queries before an FBI employee accessed the results of queries.

The FBI was not happy. Having been told they have to comply with the clear letter of the law, they appealed to the FISA Court of Review, adding apparently new arguments that fulfilling the requirement would not help oversight and that the criminal search requirements were proof that Congress didn’t intend them to comply with the other requirements of the law. Like Boasberg before them, FISCR (in a per curium opinion from the three FISCR judges, José Cabranes, Richard Tallman, and David Sentelle) found that FBI really did need to comply with the clear letter of the law.

The FBI chose not to appeal from there (for reasons that go beyond this dispute, I suspect, as I’ll show in a follow-up). So by sometime in December, they will start tracking their backdoor searches.

FBI tried, but failed, to avoid implementing a tool that will help us learn what we’ve been asking

Here’s the remarkable thing about this. Something like this has been coming for two years, and FBI is only now beginning to comply with the requirement. That’s probably not surprising. Neither the Director of National Intelligence (which treated its intelligence oversight of FBI differently than it did CIA or NSA) nor Congress had demanded that FBI, which can have the most direct impact on someone’s life, adhere to the same standards of oversight that CIA and NSA (and an increasing number of other agencies) do.

Nevertheless, 12 years after this system was first moved under FISA (notably, two key Trump players, White House Associate Counsel John Eisenberg and National Security Division AAG John Demers were involved in the original passage), we’re only now going to start getting real information about the impact on Americans, both in qualitative and quantitative terms. For the first time,

  • We will learn how many queries are done (the FISC opinion revealed that just one FBI system handles 3.1 million queries a year, though that covers both US and non US person queries)
  • We will learn that there are more hits on US persons than previously portrayed, which leads to those US persons to being investigated for national security or — worse — coerced to become national security informants
  • We will learn (even more than we already learned from the two reported queries that this pertained to vetting informants) the degree to which back door searches serve not to find people who are implicated in national security crimes, but instead, people who might be coerced to help the FBI find people who are involved in national security crimes
  • We will learn that the oversight has been inadequate
  • We will finally be able to measure disproportionate impact on Chinese-American, Arab, Iranian, South Asian, and Muslim communities
  • DOJ will be forced to give far more defendants 702 notice

Irrespective of whether back door searches are themselves a Fourth Amendment violation (which we will only now obtain the data to discuss), the other thing this opinion shows is that for twelve years, FISA boosters have been dismissing the concerns those of us who follow closely have raised (and there are multiple other topics not addressed here). And now, after more than a decade, after a big fight from FBI, we’re finally beginning to put the measures in place to show that those concerns were merited all along.