Posts

John Durham Is the Jim Jordan of Ken Starrs

Last Thursday, John Durham indicted Michael Sussmann, the Perkins Coie lawyer who advised the DNC, DCCC, and Clinton Campaign about cybersecurity in 2016 as they struggled to deal with a hostile nation-state attack aiming — in part — to help elect their opponent. The indictment accuses Sussmann of lying to FBI General Counsel James Baker at a September 19, 2016 meeting at which Sussmann shared information about the curious DNS traffic between a server used by a Trump marketing contractor and Alfa Bank.

emptywheel’s long history of debunking the Alfa Bank story

Before I unpack the indictment, let me remind readers that when this story first publicly broke, I explained why the Spectrum Health (aka my boob hospital at the time) aspect of the allegations made no sense, criticized Hillary’s team (including Jake Sullivan) for jumping on the story, and echoed Rob Graham’s criticism of the researchers who accessed DNS data to conduct this research.

In addition to his technical debunking, Robert Graham made an equally important point: researchers shouldn’t be accessing this data for ad-lib investigations into presidential candidates, and it’s not even clear who would have access to it all except the NSA.

The big story isn’t the conspiracy theory about Trump, but that these malware researchers exploited their privileged access for some purpose other than malware research.

[snip]

In short, of all the sources of “DNS malware information” I’ve heard about, none of it would deliver the information these researchers claim to have (well, except the NSA with their transatlantic undersea taps, of course).

[snip]

[B]efore Tea Leaves started pushing this story to the press, the FBI had been investigating it for two months.

Which, to my mind, raises even more questions about the anonymous researchers’ identities, because (small world and all) the FBI likely knows them, in which case they may have known that the FBI wasn’t jumping on the story by the time they started pitching it.

Or the FBI doesn’t know them, which raises still more questions about the provenance of these files.

Ah well, if President Hillary starts a war with Russia based off Iraq-War style dodgy documents, at least I’ll have the satisfaction of knowing my boob clinic is right there on the front lines.

In March 2017, I observed that the weird Alfa Bank entry in the Steele dossier suggested a feedback loop between the Alfa Bank server story and the dossier project. Then days after that, I noted all the ways that the packaging of this story made it more suspect.

In 2018, I complained about the way Dexter Filkins had strained to sustain the story, while noting that people ought to look more closely at why Alfa Bank might be the focus here; the Mueller Report since confirmed that within weeks after the story broke publicly, Vladimir Putin pushed Oligarchs from Alfa Bank to fight harder against western sanctions, something that the alleged source for the Alfa Bank entry in the dossier seemed to parrot.

In short, I not only have consistently criticized this story, but done so in ways that anticipate the most justifiable parts of the indictment. It’s only the last bit — how the Alfa narrative echoes Putin’s interests — that this indictment doesn’t incorporate.

I guess with five more years Durham might get there…

So in unpacking this indictment, I’m in no way defending the Alfa Bank – Trump Tower story. It was a sketchy allegation, the packaging of it was suspect, and those who conducted the research arguably violated ethical guidelines.

I got to where Durham got in this indictment years and years ago. But that doesn’t make it a crime.

John Durham’s “narrative”

Moreover, that doesn’t mean Durham should tell as strained a “narrative” as those who packaged up this story. Central to Durham’s indictment is an assumption that if a victim of a crime who believed at the time that the crime had a — since confirmed — political goal reports suspicious, potentially related details, the victim must be motivated exclusively out of self-interest, not good citizenship or a concern about national security. That is, this entire indictment assumes that when Russia attacks a Presidential candidate, that is not itself a national security concern, but instead nothing more than a political dispute.

Effectively, John Durham has made it a crime for someone victimized by a Russian influence operation to try to chase down Russian influence operations.

Tech Executive-1 and Clinton both had retained Perkins Coie long before this, with Sussmann getting involved specifically for cybersecurity help in the wake of the Russian hack

The indictment, perhaps deliberately, obscures the timeline and facts leading up to the charged lie. But here’s the story it tells. First, all of Durham’s subjects established contracts with each other, even though all of those contracts (including Fusion GPS’) had scopes far larger than oppo research on Trump’s relationship with Russia.

  • In February 2015, Tech Executive-1 (whom I’ll call TE-1 for brevity) retained Sussmann to deal with a US government agency [Durham does not say whether this matter was resolved or continued in this period in 2016, which is central to the question of what kind of client of Sussmann’s TE-1 was].
  • In April 2015, the Clinton Campaign retained Perkins Coie and made Marc Elias the Campaign’s General Counsel.
  • In April 2016, the victim of a Russian government election-related attack, the DNC, retained Sussmann to help it deal with aftermath, which included meeting with the FBI. As the indictment describes this was not just legal support but cybersecurity.
  • [After a Republican retained them first and on a date that Durham doesn’t reveal,] Perkins Coie retained Fusion GPS to conduct oppo research on Trump pertaining to Russia [and other topics, though Durham doesn’t mention those other topics].

Durham only mentions in passing, later, that the researchers involved here similarly knew each other through relationships that focused on cybersecurity and predated these events.

Via means and on specific dates that Durham doesn’t always provide, Tea Leaves, TE-1, Sussmann, and two Researchers got the DNS data showing an anomaly

There are two sets of research here: that done in a university setting and that done at companies associated with TE-1, though TE-1 is the pivot to both. As depicted, Durham suggests the former are more legally exposed than the latter.

  • By some time in late July 2016 [the exact date Durham doesn’t provide], a guy who always operated under the pseudonym Tea Leaves but whom Durham heavy-handedly calls “Originator-1” instead had assembled “purported DNS data” reflecting apparent DNS lookups between Alfa Bank and “mail1.trump-email.com” that spanned from May 4 through July 29.
  • Tea Leaves was a business associate of TE-1 and via means Durham doesn’t describe, the data Tea Leaves gathered was shared with TE-1.
  • “In or about July 2016” [at a time that, because of the laws of physics, must post-date the late July date when Tea Leaves collected this data and the date when he shared them with TE-1], TE-1 alerted Sussmann to the data.
  • On July 31, Sussmann billed the Clinton Campaign for 24 minutes with the billing description, “communications with Marc Elias regarding server issue.”
  • At some point [Durham doesn’t provide even a month, but by context it was at least as early as July 2016 and could have been far, far earlier], TE-1’s company provided a university with data for a government contract ultimately not contracted until November 2016, including the DNS data from an Executive Branch office of the US government that Tech Exec-1’s company had gotten as a sub-contractor to the US government. [This date of this is critical because it would be the trigger for a Conspiracy to Defraud charge, if Durham goes there.]
  • In or about August 2016 [Durham doesn’t provide a date], a federal government was finalizing but had not yet signed a cybersecurity research contract with [presumably] that same university to receive and analyze large quantities of public and non-public data “to identify the perpetrators of malicious cyber-attacks and protect U.S. national security.” Tea Leaves was the founder of a company that the university was considering [Durham doesn’t provide the date of consideration, but generally these things precede finalization] for a subcontract with the government contract.

TE-1 directs employees of companies under his control to research this issue

Though Durham’s indictment is somewhat vague, at least one piece of research from companies associated with TE-1 was shared with the FBI; it appears that other threads of research were not shared.

  • In or about early August 2016 [the dates of which Durham doesn’t provide], TE-1 directed personnel at two companies in which he had an ownership interest to search for what the indictment calls, “any Internet data reflecting potential connections or communications between Trump or his associates and Russia,” which Durham describes to be “derogatory information on Trump.” In connection with this tasking, TE-1 later stated [on a date Durham doesn’t describe] he was working with someone who had close ties to the Democratic Party.
  • At some point, an individual tasked with this work described being “uncomfortable regarding this tasking,” [Durham doesn’t describe when he learned this or whether there is any contemporaneous proof].
  • At some point [Durham doesn’t describe the date], TE-1 provided one of his companies with personal (but publicly available) data from six Trump associates and one purported US-based lobbyist for Alfa Bank and directed these individuals should be the focus of that company’s data queries and analysis [Durham doesn’t say whether these six associates overlapped with the people Fusion had been tasked to research, nor does he allege they got included in the eventual reports to the FBI; both details are needed to assess his case].
  • On August 12, 2016, Sussmann, Elias, and TE-1 met in Elias’ office; Sussmann billed his time to the Clinton Campaign describing, “confidential meetings with Elias, others.”
  • On August 15, employees at one of the companies queried their holdings against a set of addresses that referred to Trump and/or Alfa Bank.
  • During the same time period [Durham doesn’t specify when], employees at Internet Company-3 drafted a written paper that included technical observations that Sussmann would later convey to the FBI.

Around the time this started, Sussmann met Fusion and a bunch of meetings happened that were billed to Hillary

  • On July 29, Sussmann and Marc Elias met with Fusion GPS [Durham doesn’t affirmatively claim this data pertained to the server issue], and Sussmann billed his time to the Hillary Campaign under “General Political Advice,” a different description than all the other Fusion meetings that Durham more credibly claims relate to the Alfa Bank allegation.
  • Around “the same [August] time period” [Durham doesn’t provide the date], Sussmann, Elias, and Fusion personnel began exchanging emails with the subject line, “Connecting you all by email;” [Durham doesn’t say who initiated the email, but it suggests that before this period, Sussmann and Fusion did not have direct contact].
  • On August 17, 2016, Sussmann, Elias, and TE-1 conducted an additional conference call, for which Sussmann billed his time to the Clinton campaign, noting “telephone conference with” TE-1 and Elias.
  • On August 19, 2016, Sussman and Elias had another in-person meeting that Sussmann described as a meeting with TE-1, which was billed as a “confidential meeting with Elias, others.”

Researchers 1 and 2 and Tea Leaves worked with TE-1 on a “storyline” and “narrative” with varying degrees of skepticism expressed

This is the stuff Durham–with some justification–will and has used to taint all this as a political project.

  • On July 29, Researcher-2 emailed Researcher-1 the data compiled by Tea Leaves [Durham provides no evidence that TE-1 was involved in this exchange].
  • On August 19, Researcher-1 queried Internet data maintained by TE-1’s company [it is not clear but this suggests it was not the data turned over to the University] for the aforementioned mail1.trump-email.com domain. Researcher-1 then emailed TE-1 with the list of domains that had communicated with it, saying the list, “does not make much sense with the storyline you have.”
  • On August 20, Tea Leaves emailed Tech Exec-1, Researcher-1, and Researcher 2, stating that, “even if we found what [TE-1] asks us to find in DNS, we don’t see the money flow, and we don’t see the content of some message saying, ‘send money here’.” Tea Leaves then explained that one could fill out sales forms and cause them, “to appear to communicate with each other in DNS.” Tea Leaves then noted that “it’s just not the case that you can rest assured that Hillary’s opposition research and whatever professional gov and investigative journalists are also digging come up with the same things.”
  • On August 20, TE-1 clarified that the task was “indeed broad,” and that,
    • Being able to provide evidence of *anything* that shows an attempt to behave badly in relation to this [Durham doesn’t describe what the antecedent of “this” is], the VIPs would be happy. They’re looking for a true story that could be used as the basis for closer examination.
  • Still on August 20, seemingly distinguishing between that task and the Alfa Bank allegations, TE-1 said, “the prior hypothesis was all that they needed: mailserver dedicated or related to trump … and with traffic almost exclusively with Alfa was sufficient to do the job. … Trump has claimed he and his company have had NO dealings with .ru other than the failed Casino, and the Miss universe pageant. He claims absolutely NO interaction with any financial institutions. So any potential like that would be jackpot.” [Ellipses original]
  • On August 21, TE-1 emailed the recipients [but not, apparently, Sussmann], urging them to do further research on Trump which would “given the base of a very useful narrative.” He added that he didn’t believe the trump-email.com domain was a secret communications channel but a “red herring,” because the host was “a legitimate valid company,” stating they could “ignore it, together with others that seem to be part of the marketing world.”
  • On August 22, Researcher-1 raised doubts about whether, using only the tools they were currently using, they could prove their hypothesis. Among the concerns raised is that they couldn’t prove that “this is not spoofed [] traffic.” [brackets original; bolded in the original]
  • Later in or about August 2016 [on dates Durham doesn’t provide], TE-1 exchanged emails with personnel from Fusion.

Sussmann drafts a white paper and (via unstated means) TE-1 gets Researchers 1 and 2 and Tea Leaves to review it

  • Between September 5 and September 14, Sussmann drafted a white paper, generally billing his time to the Clinton Campaign, but on September 14, billing time to both Clinton and TE-1.
  • On September 14, TE-1 [not Sussmann] sent the white paper he had drafted to Researcher 1, Researcher 2, and Tea Leaves to ask them if a review of less than an hour would show this to be plausible. Though some of them noted how limited the standard of “plausibility” was, they agreed it was plausible, and Researcher 2 said [Durham does not quote the specific language here] “the paper should be shared with government officials.”

Sussmann shares this and other information with James Baker and–Durham claims–affirmatively lies about whether he is representing someone

  • Both before the September 19 meeting and after it (notably in a September 12 meeting involving the NYTimes, in which Marc Elias also participated), Sussmann spoke to the press about what Durham credibly suggests was the Alfa Bank white paper. Sussmann billed this to Clinton.
  • On September 19, Sussmann met with Baker and provided him with three white papers and a thumb drive with data. Durham doesn’t actually make clear where all three of these came from.
  • On September 19, Sussmann met with James Baker. Durham claims that “he stated falsely that he was not acting on behalf of any client” [which Durham cannot quote because there’s no contemporaneous record], that he had been approached by multiple cyber experts [Durham doesn’t say whether the three he named were Researcher 1, Researcher 2, and Tea Leaves or other people, as seems to be the case], three white papers [which I may return to because this is another problematic spot in his story], and some of the data, which Durham calls “purported.”
  • Immediately after the September 19 meeting, Baker met with Bill Priestap whose notes read:
    • Michael Sussman[n] — Atty: Perkins Coie — said not doing this for any client
      • Represents DNC, Clinton Foundation, etc. []
      • Been approached by Prominent Cyber People (Academic or Corp. POCs), People like: [three names redacted]
  • Durham substantiates a claim that Sussmann billed the meeting itself to Hillary to a description, “work and communications regarding confidential project,” that does not, at least as he quotes it, mention a meeting with the FBI General Counsel at all.

Some of this — the reference to crafting a narrative and a storyline — is damning and validates my discomfort with the political nature of this project five years ago. Other parts of this emphasize the researchers’ insistence on truth from at least parts of this effort. Still others (such as the recognition that this could be spoofed data) will almost certainly end up being presented as exculpatory if this ever goes to trial, but Durham seems to think is inculpatory.

In one place, Durham describes “aforementioned views,” plural, that the Alfa Bank data was a “red herring,” something only attributed to TE-1 in the indictment, seemingly presenting TE-1’s stated view on August 21 to everyone involved, including Sussmann, who does not appear to have been on that email chain. He claims Sussmann, Researcher 1 and 2, TE-1, and Tea Leaves drafted the white paper(s) shared with the FBI, but all he substantiates is a less than one hour review by everyone but Sussmann. He leaves out a great deal of detail about what Jean Camp and someone using the moniker Tea Leaves did and said, publicly, after the FBI meeting, which may totally undercut Durham’s “narrative.”

But other parts, even of the story that Durham tells, are problematic for his narrative. First, there is not (yet) the least hint that Tea Leaves — whom he calls “The Originator” — fabricated this data (or even packaged it up misleadingly, though I think there is evidence he did). Nor is there the least hint that TE-1 asked Tea Leaves to come up with the data. That part of the story is fundamentally important and Durham simply ignores it with that legally unnecessary — particularly given that Durham clearly labels this person as Tea Leaves — moniker “Originator,” giving the anomalous forensic data a kind of virgin birth. And while two of the four tech experts described herein (there appear to be at least three others not described) expressed some doubt about the meaning of it, none of them seems to have doubted that there was an anomaly in the Trump marketing server and Alfa Bank.

Based on this story, though, Durham insinuates Sussmann fed information that he, Sussmann, knew to be bullshit to the FBI on behalf of both Hillary and TE-1, and in so doing affirmatively hid that the bullshit “storyline” was designed to help Hillary which (he claims) would have led the FBI to treat it differently.

In spite of a lot of thus far extraneous details, that’s the only crime he has alleged.

The existing case is remarkably weak

As a number of people have noted, as charged this is a remarkably weak case. Ben Wittes dedicates a section of his post on this indictment to those weaknesses. They are, succinctly:

  • The evidence regarding the core allegation in the indictment pits Sussmann’s word against James Baker’s; there are no other witnesses.
  • After the meeting with Baker, Sussmann repeatedly admitted under oath he was representing a client, a detail which could be exculpatory or inculpatory.
  • Baker testified to Congress he did believe Sussmann was representing a client (meaning Baker will be used to discredit Baker, the one witness to Sussmann’s alleged lie).
  • Even in Bill Priestap’s nearly-contemporaneous notes which are the only documentation of Sussmann’s comments, he describes Sussmann as Hillary’s lawyer (including for the Clinton Foundation, which may be incorrect), so FBI knew full well that Sussmann represented Hillary.
  • Priestap’s notes may be inadmissible hearsay at trial.

The NYT article predicting these charges also claim Durham is conflating Sussmann’s tracking of his hourly work with the actual money charged to the Hillary campaign.

Moreover, internal billing records Mr. Durham is said to have obtained from Perkins Coie are said to show that when Mr. Sussmann logged certain hours as working on the Alfa Bank matter — though not the meeting with Mr. Baker — he billed the time to Mrs. Clinton’s 2016 campaign.

[snip]

They are also said to have argued that the billing records are misleading because Mr. Sussmann was not charging his client for work on the Alfa Bank matter, but needed to show internally that he was working on something. He was discussing the matter with Mr. Elias and the campaign paid a flat monthly retainer to the firm, so Mr. Sussmann’s hours did not result in any additional charges, they said.

There are a number of other ways that Sussmann’s presumably well-funded defense will combat these charges. But as to the allegation buried amid all these details, Durham’s evidence is weak.

Durham’s materiality broadcasts his bid for a ConFraudUS conspiracy

But that’s not what this is about.

Durham is not just alleging that Sussmann was hiding that he was working for Hillary. He is also claiming that Sussmann was at the same time representing TE-1 at that meeting. In the indictment, I think that’s based on a single data point — that Sussmann billed TE-1’s company for “communications regarding confidential project” on September 14. I’m not sure whether that makes the false statements case still weaker or stronger.

But it’s a key part of where Durham obviously wants to go.

Not only are many of the details Durham included in the indictment irrelevant to the false statements charge, but if they were crimes by themselves, they would have been tolled under any five year statute of limitations already. There are only two conceivable purposes for including them in this indictment. First, to give the Alfa Bank Oligarchs more cause to sue more people, effectively a US prosecutor assisting Russians in cynical lawfare. Durham’s investigation incorporates stuff the Oligarchs have already liberated, so is itself derivative of Russian lawfare. Effectively, that means that a prosecutor working for Bill Barr’s DOJ pursued a prosecution that was complementary to an intelligence-related effort by foreigners who pay Kirkland & Ellis a lot of money. Sussmann will have real cause to question whether Brian Benczkowski (who recused from matters involving this aspect of Alfa Bank) or any other Kirkland & Ellis lawyer had a role in this strand of the investigation.

Then there’s the most obvious way to extend the statute of limitations on the events that happened in July and August 2016: to include them in a conspiracy that continued after those dates (and indeed, Durham refers to Elias, Researcher 1 and 2, and Tea Leaves in the way DOJ often uses to refer to charged or uncharged co-conspirators).

Given the extended statement Durham includes to explain why Sussmann’s alleged lie is material under the charged statute, that’s undoubtedly where Durham wants to head with his investigation.

SUSSMANN’s lie was material because, among other reasons, SUSSMANN’s false statement misled the FBI General Counsel and other FBI personnel concerning the political nature of his work and deprived the FBI of information that might have permitted it more fully to assess and uncover the origins of the relevant data and technical analysis, including the identities and motivations of SUSSMANN’s clients.

Had the FBI uncovered the origins of the relevant data and analysis and as alleged below, it might have learned, among other things that (i) in compiling and analyzing the Russian Bank-1 allegations, Tech Executive-1 had exploited his access to non-public data at multiple Internet companies to conduct opposition research concerning Trump; (ii) in furtherance of these efforts, Tech Executive-1 had enlisted, and was continuing to enlist, the assistance of researchers at a U.S.-based university who were receiving and analyzing Internet data in connection with a pending federal government cybersecurity research contract; and (iii) SUSSMAN, Tech Executive-1, and Law Firm-1 had coordinated, and were continuing to coordinate, with representatives and agents of the Clinton Campaign with regard to the data and written materials that Sussmann gave to the FBI and the media.

Don’t get me wrong. This will clearly pass the incredibly low standard for materiality under existing precedent. Though Sussmann will surely make much of citing the invented standard Billy Barr used to try to dismiss the Mike Flynn prosecution, which first requires the investigation in question to be legitimate.

The Government is not persuaded that the January 24, 2017 interview was conducted with a legitimate investigative basis and therefore does not believe Mr. Flynn’s statements were material even if untrue. Moreover, we not believe that the Government can prove either the relevant false statements or their materiality beyond a reasonable doubt.

[snip]

In any event, there was no question at the FBI as to the content of the calls; the FBI had in its possession word-for-word transcripts of the actual communications between Mr. Flynn and Mr. Kislyak. See Ex. 5 at 3; Ex. 13. at 3. With no dispute as to what was in fact said, there was no factual basis for the predication of a new counterintelligence investigation. Nor was there a justification or need to interview Mr. Flynn as to his own personal recollections of what had been said. Whatever gaps in his memory Mr. Flynn might or might not reveal upon an interview regurgitating the content of those calls would not have implicated legitimate counterintelligence interests or somehow exposed Mr. Flynn as beholden to Russia.

If DOJ had no interest in figuring out whether Trump was undermining sanctions to pay off a quid pro quo, they sure as hell have no interest in launching a 3-year investigation to figure out the tie between these allegations and Hillary that was obvious to Priestap in real time, particularly given how quickly the FBI dismissed the allegations in 2017 and given that the allegations are not publicly known to have had a tie to their larger Russian investigation.

Still, while Durham will have no trouble proving Sussmann’s claimed lie meets the standards of materiality, Durham’s claims for it are ridiculous.

It’s a load of horseshit that FBI would have treated this tip any differently — which amounted to investigating it, alerting the press there was nothing to it, then dismissing it pretty quickly, as far as is public — if they knew that Sussmann was formally being paid at that meeting by Hillary, if he in fact was. Priestap knew Sussmann was representing Hillary and said as much in the best evidence Durham has! In fact, FBI’s warning to the NYT about this story in October could be presented as evidence that FBI already incorporated an assumption this came from Hillary.

Likewise, it’s a load of horseshit that FBI couldn’t know that the Bureau needed to ID the researchers behind the project. If I was able to figure that was important out before the 2016 election, and I did, then the experts at the FBI surely figured that out.

But what Durham’s materiality statement emphasizes — what Durham claims Sussmann intended to hide with his claimed lie — is that, “researchers at a U.S.-based university … were receiving and analyzing Internet data in connection with a pending federal government cybersecurity research contract.” That’s the significance of ¶¶23a through e of the indictment, which describe how TE-1 provided data that included some from an Executive Branch office of the U.S. government, which his company had obtained “as a sub-contractor in a sensitive relationship between the U.S. government and another company,” to the university at which Researcher 1 and 2 were working, and both with his university researcher allies and employees of his own company, he tasked people to research Donald Trump. Durham is suggesting that subset of data taints the whole pool that TE-1 shared, making it a Federal interest.

It’s not just that Durham is working on a theory that Sussmann deliberately dealt garbage to the FBI (which GOP sources also did on the Clinton Foundation) while trying to hide that fact. It’s that data originally sourced from the government was used in doing that research.

It’s actually the kind of argument that DOJ prosecutors typically succeed with. Except it’s all premised on proving that Sussman was trying to hide all this in his meeting with Baker. Even if the evidence surrounding the meeting weren’t so flimsy, this is another degree of motive that Durham is straining mightily to make.

Durham needs Sussmann to have lied, because a deliberate attempt to obscure the rest is necessary for his “storyline.” His evidence that Sussmann lied — much less, deliberately — is shoddy. But if he can’t get that, then his hopes for a larger “narrative” collapse.

The parts of the story Durham doesn’t tell

That becomes more clear when you consider some details that Durham doesn’t include in his indictment.

Two details that were public to everyone involved make it clear why Durham’s silence about the exact dates in July when this operation started is so corrupt.

On July 22, WikiLeaks published emails that were at the time believed and since have been confirmed by the FBI to have been hacked by Russia. Durham hides the dates in July when many of these events transpired, but everything he includes suggests this activity post-dated the time when WikiLeaks published stolen emails and the entire security community in the US, surely including every researcher mentioned in this story, coalesced on the belief that Russia was the culprit. Durham refers to Russia’s attack on Hillary (and therefore on the US) inaccurately as, “the hacking of its email servers by the Russian government” and “a hack” (the hack went well beyond just email and continued through the period of Sussmann’s meeting with Baker). But, amazingly, Durham’s “narrative” doesn’t account for the fact that Hillary was targeted not just with an attack but with an information operation. And the timeline he presents here affirmatively hides that these events took place after the entire security community understood that there was an information operation aspect to the attack.

Then, on July 27, Trump gave a press conference in Florida where he said numerous things that make all the actions of Sussmann and others justifiable on national security grounds. First, Trump raised doubts about the Russian attribution of the DNC hack that, by that point in July, was the consensus among national security experts, undoubtedly including every tech expert mentioned in this indictment.

I watched this guy Mook and he talked about we think it was Russia that hacked. Now, first of all was what was said on those that’s so bad but he said I watched it. I think he was live. But he said we think it was Russia that hacked.

And then he said — and this is in person sitting and watching television as I’ve been doing — and then he said could be Trump, yeah, yeah. Trump, Trump, oh yeah, Trump. He reminded me of John Lovitz for “Saturday Night Live” in the liar (ph) where he’d go yes, yes, I went to Harvard, Harvard, yes, yes. This is the guy, you have to see it. Yes, it could be Trump, yes, yes. So it is so farfetched. It’s so ridiculous. Honestly I wish I had that power. I’d love to have that power but Russia has no respect for our country.

And that’s why — if it is Russia, nobody even knows this, it’s probably China, or it could be somebody sitting in his bed. But it shows how weak we are, it shows how disrespected we are. Total — assuming it’s Russia or China or one of the major countries and competitors, it’s a total sign of disrespect for our country. Putin and the leaders throughout the world have no respect for our country anymore and they certainly have no respect for our leader. So I know nothing about it.

Trump then offered his bullshit explanation for why he wouldn’t release his tax returns, framing it in terms of whether he had business ties to Russia.

TRUMP: Because it’s under order. And I’ll release them when the audits completed. Nobody would release when it’s under — I’ve had audits for 15 or 16 years. Every year I have a routine audit. I’m under audit, when the audits complete I’ll release them. But zero, I mean I will tell you right now, zero, I have nothing to do with Russia, yes?

Trump then said the nation-state hack of his opponent wasn’t the important thing, the content of the emails that were released was, thereby encouraging the press to participate in the information operation aspect of this attack.

He already did something today where he said don’t blame them, essentially, for your incompetence. Let me tell you, it’s not even about Russia or China or whoever it is that’s doing the hacking. It was about the things that were said in those e-mails. They were terrible things, talking about Jewish, talking about race, talking about atheist, trying to pin labels on people — what was said was a disgrace, and it was Debbie Wasserman Schultz, and believe me, as sure as you’re sitting there, Hillary Clinton knew about it. She knew everything.

Trump then asked Russia to further hack his opponent.

Russia, if you’re listening, I hope you’re able to find the 30,000 e-mails that are missing.

Trump then doubled down on the comment he made about his taxes, assuring the press that he had “zero” business ties with Russia.

TRUMP: No, I have nothing to do with Russia, John (ph). How many times do I have say that? Are you a smart man? I have nothing to with Russia, I have nothing to do with Russia.

And even — for anything. What do I have to do with Russia? You know the closest I came to Russia, I bought a house a number of years ago in Palm Beach, Florida.

Palm Beach is a very expensive place. There was a man who went bankrupt and I bought the house for $40 million and I sold it to a Russian for $100 million including brokerage commissions. So I sold it. So I bought it for 40, I told it for 100 to a Russian. That was a number of years ago. I guess probably I sell condos to Russians, OK?

QUESTION: (OFF-MIKE)

TRUMP: Of course I can. I told you, other than normal stuff — I buy a house if I sold it to a Russian. I have nothing to do with Russia. I said that Putin has much better leadership qualities than Obama, but who doesn’t know that?

QUESTION: (OFF-MIKE)

TRUMP: Of course not. I own the Trump organization. Zero, zero. Go ahead.

Trump then reiterated his claim that no one could attribute the DNC hack to Russia.

TRUMP: No, but they seem to be, if it’s Russians. I have no idea. It’s probably not Russia. Nobody knows if it’s Russia. You know the sad thing is? That with the technology and the genius we have in this country, not in government unfortunately, but with the genius we have in government, we don’t even know who took the Democratic National Committee e-mails. We don’t even know who it is.

I heard this morning, one report said they don’t think it’s Russia, they think it might be China. Another report said it might be just a hacker, some guy with a 200 I.Q. that can’t get up in the morning, OK? Nobody knows. Honestly they have no idea if it’s Russia. Might be Russia. But if it’s any foreign country, it shows how little respect they have for the United States. Yes, ma’am.

Finally, Trump also stated that he would consider lifting sanctions on Russia.

QUESTION: I would like to know if you became president, would you recognize (inaudible) Crimea as Russian territory? And also if the U.S. would lift sanctions that are (inaudible)?

TRUMP: We’ll be looking at that. Yeah, we’ll be looking.

Each of these comments, individually, would have raised eyebrows. The same comments, made by an American citizen, would equally have raised alarms among those committed to cybersecurity.

But for a presidential candidate to encourage the hostile nation-state information operation targeting his opponent, then ask the hostile nation-state to further target her, in conjunction with the repeated denials of any business ties to Russia raised real, legitimate questions about whether Trump was putting his own interests above the national security of the country.

You might excuse Durham for excluding this from his indictment because after all he was busy indicting a ham sandwich based on hearsay evidence he might be able to exclude these facts at trial. Except that an August 20 comment from TE-1 that Durham quotes in his indictment may be a direct reference to (and at the least incorporates knowledge of) this press conference.

Trump has claimed he and his company have had NO dealings with .ru other than the failed Casino, and the Miss universe pageant. He claims absolutely NO interaction with any financial institutions. So any potential like that would be jackpot.

That is, Durham included what appears to be a reference to the July 27 press conference. It appears (though Durham obscures this point) that all the actions laid out in this indictment post-date the press conference. Virtually everyone in the US committed to ensuring America’s national security was alarmed by Trump’s comments in this press conference. Yet Durham doesn’t acknowledge that all these actions took place in the wake of public comments that made it reasonable for those committed to cybersecurity to treat Donald Trump as a national security threat, irrespective of partisan affiliation.

Durham will work hard to exclude detail of Trump’s press conference from trial. But I assume that if any of the named subjects of this investigation were to take the stand at trial, they would point out that it was objectively reasonable after July 27 to have national security concerns based on Trump’s encouragement of Russia’s attack on Hillary Clinton and his defensive denials of any business ties. Any of the named subjects of the indictment would be able to make a strong case that there was reason to want to, as a matter of national security, test Trump’s claim to have no financial ties to Russia. Indeed, the bipartisan SSCI Report concluded that Trump posed multiple counterintelligence concerns, and therefore has concluded that Durham’s portrayal of politics as the only potential motive here to be false.

Central to Durham’s theory of prosecution is that there was no sound national security basis to respond to anomalous forensic data suggesting a possible financial tie between Trump and Russia. Except that, after that July 27 speech — and all of these events appear to post-date it — that theory is unsustainable.

The parts of the story Durham doesn’t tell

And not only was it objectively reasonable to test whether Trump’s claims to have “zero” business ties to Russia were false, but those suspecting that Trump was hiding such ties were, in fact, correct.

According to Michael Cohen, when Trump walked off the stage from that July 27 press conference, Cohen asked Trump why he had claimed that he had zero business ties with Russia when he had in fact been pursuing an impossibly lucrative deal to brand a Trump Tower in Moscow. And we now know that within hours of Trump’s request, GRU hackers made a renewed assault on Hillary’s own servers. By the time security researchers pursued anomalous data suggesting covert communications with a Russian bank, Cohen had already participated in discussions about working with two sanctioned Russian banks to fund the Trump Tower deal, had agreed to work with a former GRU officer to broker it, had spoken to an aide of Dmitry Peskov, and had been told that Putin was personally involved in making the deal happen. Just on the Trump Tower basis alone, Trump had publicly lied in such a way that posed a counterintelligence risk to America.

But that was not the only thing that Trump had done by the date when a bunch of security researchers responded to anomalous forensic data to test whether Trump was hiding further ties to Russia’s attack on Hillary Clinton.

In March, Trump hired Paul Manafort, a financially desperate political operative with close ties to a Russian intelligence officer, Konstantin Kilimnik, who (SSCI provided three redacted examples of) may have been involved in the hack-and-leak operation. In April, Manafort started leveraging his relationship with Trump to try to make money. In May, Manafort started regularly sending Kilimnik the campaign’s internal polling data. All that happened before researchers started testing Trump’s claims to have had no tie to Russia. On July 28, Kilimnik emailed Manafort to set up a meeting to talk about the future of Ukraine. Just days after the researchers started the inquiry, on August 2, Manafort met with Kilimnik to discuss carving up Ukraine in the same meeting where he described his strategy to win the election.

In April, an academic with close ties to Russia, Joseph Mifsud, told an unqualified braggart whom Trump had added to his team to pretend he had a foreign policy plan, George Papadopoulos, that Russia had thousands of Hillary’s emails that they intended to release to help Trump.

In May, according to Rick Gates’ testimony, Roger Stone started claiming he had advance knowledge of what would become the WikiLeaks releases. On or about June 15, per Gates, Stone told him that “he had contact with Guccifer 2.” According to a warrant affidavit targeting Stone, he searched Google on “Guccifer” before the Guccifer website went up that day. On June 23, Manafort called Stone and then the two old friends met for 30 minutes in the Trump cafeteria. On June 30, Stone spoke to Trump. According to multiple sources (including Michael Cohen), Stone knew of the DNC drop before it happened.

In June, Don Jr accepted a meeting with Natalia Veselnitskaya at which he believed he would get dirt on Hillary Clinton. At the meeting, Veselnitskaya asked Don Jr to end sanctions on Russia, and the candidate’s son said his dad would reconsider it if he won.

In short, the researchers who, in the wake of Trump’s damning comments, were testing whether Trump had lied about having ties to Russia, not only had objectively reasonable reasons to do that research. But their suspicions were proven correct, over and over again.

Durham describes the outcome of the FBI investigation into the allegations this way:

The FBI’s investigation of these allegations nevertheless concluded that there was insufficient evidence to support the allegations of a secret communications channel with Russian Bank-1. In particular, and among other things, the FBI’s investigation revealed that the email server at issue was not owned or operated by the Trump Organization but, rather, had been administered by a mass marketing email company that sent advertisements for Trump hotels and hundreds of other clients.

Nothing here suggests the FBI disproved that this was an anomaly.

And there’s one more detail that Durham didn’t include in the Sussmann indictment: on July 26, Australia first shared their report about what George Papadopoulos told Alexander Downer in May. The next day, July 27, the FBI Legat in the UK got the tip. On July 31 — before the substantive research into the Alfa Bank allegation began — the FBI opened an UNSUB investigation into who got advance warning about the Russian operation and shared it with George Papadopoulos. In other words, by hiding the dates when Tea Leaves first discovered the anomalous data, Durham is hiding not just the damning things that publicly happened before the Alfa Bank operation got started, but probably details about the tip that turned into the Crossfire Hurricane investigation.

In the wake of the Sussmann indictment, the usual Russian denialists have claimed that this proves that what they call “Russiagate” was all a fraud.

Such claims defy the rules of physics, suggesting that events that happened after the FBI opened an investigation to learn how and why the Trump campaign (via three channels, as it turns out) learned of the Russian attack in advance were in fact the cause of it.

It is likely that Durham will be able to exclude all these details from a Michael Sussmann trial, at least if it remains just a false statements case. He will be able to convince Judge Christopher Cooper, who is presiding over the case, that this information — that the researchers not only had reason to believe Trump presented a cybersecurity risk to the country, but that the researchers turned out to be right, and that FBI had itself determined there was reason to carry out the same kinds of investigations that the researchers did, possibly before any one of them took a single step — is irrelevant to the case against Sussmann. But if Durham charges ConFraudUS based on a claim that it was illegitimate to look into why Donald Trump was inviting Russia to hack his opponent, it will become centrally important that, before these researchers started conducting their investigation, the FBI had likewise decided such an investigation had merit.

The Alfa Bank story was sleazy and unethical. But it was still, nevertheless, an instance where someone representing the victim of a nation-state attack attempted to chase down information that may have pertained to that nation-state attack.

John Durham will go down in history as the guy who decided that torturing detainees, even in excess of legal guidance, was not a crime, but a victim sharing concerns about nation-state hacking is.

Update: It’s likely that Richard Burt was one of the people investigated as part of this effort. Per the Mueller Report, he was the person Petr Aven asked to establish a tie with Trump’s transition in 2016.

After the December 2016 all-hands meeting, A ven tried to establish a connection to the Trump team. A ven instructed Richard Burt to make contact with the incoming Trump Administration. Burt was on the board of directors for LetterOne (L 1 ), another company headed by Aven, and had done work for Alfa-Bank. 1169 Burt had previously served as U.S. ambassador to Germany and Assistant Secretary of State for European and Canadian Affairs, and one of his primary roles with Alfa-Bank and Ll was to facilitate introductions to business contacts in the United States and other Western countries. 1170

While at a L1 board meeting held in Luxembourg in late December 2016, Aven pulled Burt aside and told him that he had spoken to someone high in the Russian government who expressed interest in establishing a communications channel between the Kremlin and the Trump Transition Team. 1171 Aven asked for Burt’s help in contacting members of the Transition Team. 1172 Although Burt had been responsible for helping Aven build connections in the past, Burt viewed Aven’s request as unusual and outside the normal realm of his dealings with Aven. 1173

Burt, who is a member of the board of CNI (discussed at Volume I, Section IV.A.4, supra), 1174 decided to approach CNI president Dimitri Simes for help facilitating A ven’ s request, recalling that Simes had some relationship with Kushner. 1175 At the time, Simes was lobbying the Trump Transition Team, on Burt’s behalf, to appoint Burt U.S. ambassador to Russia.1176

Burt contacted Simes by telephone and asked if he could arrange a meeting with Kushner to discuss setting up a high-level communications channel between Putin and the incoming Administration. 1177 Simes told the Office that he declined and stated to Burt that setting up such a channel was not a good idea in light of the media attention surrounding Russian influence in the U.S. presidential election. 1178 According to Simes, he understood that Burt was seeking a secret channel, and Simes did not want CNI to be seen as an intermediary between the Russian government and the incoming Administration. 1179 Based on what Simes had read in the media, he stated that he already had concerns that Trump’s business connections could be exploited by Russia, and Simes said that he did not want CNI to have any involvement or apparent involvement in facilitating any connection. 118

Update: Corrected scope of Benczkowski’s recusal. His should cover the server issue (and Alfa Bank issues for the first two years he was CRM).

Update: Brian Krebs wrote a post laying out all the people who still believe there’s something going on technically. I don’t think that’s inconsistent, at all, with this one. As noted, everyone who looked at this believes it’s an anomaly. What I keep pointing to is the aftermath of that anomaly got Alfa Bank to act in a certain way that is consistent with Putin’s interests. Krebs notes that it has also led to a lot of scrutiny of security researchers in the US, not unlike the way the aftermath of the Steele dossier discredited most top Russian experts in the US government.

Update: This transcript of Preet Bharara and Joyce Vance discussing the many weaknesses of the Durham indictment largely replicates what I’ve laid out here but is worth a review.

Sidney Powell Submits Evidence Proving Materiality of Flynn’s Lies

In my third post about how stupid Sidney Powell is, I present this exhibit, which DOJ thinks helps Mike Flynn. These are hand-written notes of an FBI attorney recording a meeting talking about Flynn’s interview the earlier day. Powell thinks this exhibit helps her because people at the meeting thought the Logan Act — which was never the key point of investigating Flynn — would be an “uphill battle.” She also focuses on FBI GC Jim Baker’s question about how you’d prosecute false statements when you wouldn’t prosecute the underlying crime — which, on January 25, 2017, might have been the Logan Act.

Still, the notes point out what a glaring counterintelligence problem Flynn was because of his overt lies about what he said to Russia.

For years Flynn’s boosters have claimed that FBI and DOJ didn’t recognize his lies as lies. Here they are doing so.

But one of the first things on the page (after a discussion of Flynn’s trip to Dominican Republic) — one of the first things these FBI lawyers discussed when trying to make sense of the National Security Advisor lying his ass off about his conversations with the Russian Ambassador is this:

Toll records. Did Flynn “talk to admin first”?

As I have noted repeatedly, Peter Strzok and Joe Pientka knew when they interviewed Flynn that he was lying about having raised sanctions with Sergey Kislyak.

What they didn’t know — because they hadn’t gotten National Security Letters on Flynn earlier in the investigation, as they normally would have — was whether or not Flynn’s claims not to have spoken to anyone in advance of his call, and not to have known about Obama’s sanctions, were true.

The way they planned to figure that out was to obtain Flynn’s toll records, which they did, in February and March. That showed, not only, that he was using a whole slew of phones. But that in addition to the lies the FBI identified immediately, he told other lies, lies to hide that he had consulted with Mar-a-Lago.

And Sidney Powell, bless her soul, has just provided proof that that was virtually the first thing FBI turned to try and figure out.

Once the FBI obtained proof that Flynn had consulted with those attending Donald Trump, the entire meaning of his lies would change. As would the Administration’s willingness to fight to reverse the investigation back to before the moment when Flynn’s consultations with Mar-a-Lago — the possibility he undermined sanctions on orders from Donald Trump — became the entire point.

How Twelve Years of Warning and Six Years of Plodding Reform Finally Forced FBI to Do Minimal FISA Oversight

Earlier this week, the government released the reauthorization package for the 2018 Section 702 certificates of FISA. With the release, they disclosed significant legal fights about the way FBI was doing queries on raw data, what we often call “back door searches.” Those fights are, rightly, being portrayed as Fourth Amendment abuses. But they are, also, the result of the FISA Court finally discovering in 2018, after 11 years, that back door searches work like some of us have been saying they do all along, a discovery that came about because of procedural changes in the interim.

As such, I think this is wrong to consider “FISA abuse” (and I say that as someone who was very likely personally affected by the practices in question). It was, instead, a case where the court discovered that FBI using 702 as it had been permitted to use it by FISC was a violation of the Fourth Amendment.

As such, this package reflects a number of things:

  • A condemnation of how the government has been using 702 (and its predecessor PAA) for 12 years
  • A (partial — but thus far by far the most significant one) success of the new oversight mechanisms put in place post-Snowden
  • An opportunity to reform FISA — and FBI — more systematically

This post will explain what happened from a FISA standpoint. A follow-up post will explain why this should lead to questions about FBI practices more generally.

The background

This opinion came about because every year the government must obtain new certificates for its 702 collection, the collection “targeted” at foreigners overseas that is, nevertheless, designed to collect content on how those foreigners are interacting with Americans. Last we had public data, there were three certificates: counterterrorism, counterproliferation, and “foreign government,” which is a too-broadly scoped counterintelligence function. As part of that yearly process, the government must get FISC approval to any changes to its certificates, which are a package of rules on how they will use Section 702. In addition, the court conducts a general review of all the violations reported over the previous year.

Originally, those certificates included proposed targeting (governing who you can target) and minimization (governing what you can do once you start collecting) procedures; last year was the first year the agencies were required to submit querying procedures governing the way agencies (to include NSA, CIA, National Counterterrorism Center, and FBI) access raw data using US person identifiers. The submission of those new querying procedures are what led to the court’s discovery that FBI’s practices violated the Fourth Amendment.

In the years leading up to the 2018 certification, the following happened:

  • In 2013, Edward Snowden’s leaks made it clear that those of us raising concerns about Section 702 minimization since 2007 were correct
  • In 2014, the Privacy and Civil Liberties Oversight Board (which had become operational for the first time in its existence almost simultaneously with Snowden’s leaks) recommended that CIA and FBI have to explain why they were querying US person content in raw data
  • In 2015, Congress passed the USA Freedom Act, the most successful reform of which reflected Congress’ intent that the FISA Court start consulting amicus curiae when considering novel legal questions
  • In 2015, amicus Amy Jeffress (who admitted she didn’t know much about 702 when first consulted) raised questions about how queries were conducted, only to have the court make minimal changes to current practice — in part, by not considering what an FBI assessment was
  • In the 2017 opinion authorizing that year’s 702 package, Rosemary Collyer approved an expansion of back door searches without — as Congress intended — appointing an amicus to help her understand the ways the legal solution the government implemented didn’t do what she believed it did; that brought some (though not nearly enough) attention to whether FISC was fulfilling the intent of Congress on amici
  • In the 2017 Reauthorization (which was actually approved in early 2018), Congress newly required agencies accessing raw data to submit querying procedures along with their targeting and minimization procedures in the annual certification process, effectively codifying the record-keeping suggestion PCLOB had made over two years earlier

When reviewing the reauthorization application submitted in March 2018, Judge James Boasberg considered that new 2017 requirement a novel legal question, so appointed Jonathan Cederbaum and Amy Jeffress, the latter of whom also added John Cella, to the amicus team. By appointing those amici to review the querying procedures, Boasberg operationalized five years of reforms, which led him to discover that practices that had been in place for over a decade violated the Fourth Amendment.

When the agencies submitted their querying procedures in March 2018, all of them except FBI complied with the demand to track and explain the foreign intelligence purpose for US person queries separately. FBI, by contrast, said they already kept records of all their queries, covering both US persons and non-US persons, so they didn’t have to make a change. One justification it offered for not keeping US person-specific records as required by the law is that Congress exempted it from the reporting requirements it imposed on other agencies in 2015, even though FBI admitted that it was supposed to keep queries not just for the public reports from which they argued they were exempted, but also for the periodical reviews that DOJ and ODNI make of its queries for oversight purposes. FBI Director Christopher Wray then submitted a supplemental declaration, offering not to fix the technical limitations they built into their repositories, but arguing that complying with the law via other means would have adverse consequences, such as diverting investigative resources. Amici Cedarbaum and Amy Jeffress challenged that interpretation, and Judge James Boasberg agreed.

The FBI’s querying violations

It didn’t help FBI that in the months leading up to this dispute, FBI had reported six major violations to FISC involving US person queries. While the description of those are heavily redacted, they appear to be:

  • March 24-27, 2017: The querying of 70K facilities “associated with” persons who had access to the FBI’s facilities and systems. FBI General Counsel (then run by Jim Baker, who had had these fights in the past) warned against the query, but FBI did it anyway, though did not access the communications. This was likely either a leak or a counterintelligence investigation and appears to have been discovered in a review of existing Insider Threat queries.
  • December 1, 2017: FBI conducted queries on 6,800 social security numbers.
  • December 7-11, 2017, the same entity at FBI also queried 1,600 queries on certain identifiers, though claimed they didn’t mean to access raw data.
  • February 5 and 23, 2018: FBI did approximately 30 queries of potential sources.
  • February 21, 2018: FBI did 45 queries on people being vetted as sources.
  • Before April 13, 2018: an unspecified FBI unit queried FISA acquired metadata using 57,000 identifiers of people who work in some place.

Note, these queries all took place under Trump, and most of them took place under Trump’s hand-picked FBI Director. Contrary to what some Trump apologists have said about this opinion, it is not about Obama abuse (though it reflects practices that likely occurred under him and George Bush, as well).

These violations made it clear that Congress’ mandate for better record-keeping was merited. Boasberg also used them to prove that existing procedures did not prevent minimization procedure violations because they had not in these instances.

As he was reviewing the violations, Boasberg discovered problems in the oversight of 702 that I had noted before, based off my review of heavily redacted Semiannual Reports (which means they should have been readily apparent to everyone who had direct access to the unredacted reports). For example, Judge Boasberg noted how few of FBI’s queries actually get reviewed during oversight reviews (something I’ve pointed out repeatedly, and which 702 boosters have never acknowledged the public proof of).

As noted above, in 2017 the FBI conducted over three million queries of FISA-acquired information on just one system, [redacted]. See Supplemental FBI Declaration at 6. In contrast, during 2017 NSD conducted oversight of approximately 63,000 queries in [redacted] and 274,000 queries in an FBI system [redacted]. See Gov’t Response at 36.

Personnel from the Office of Intelligence (OI) within the Department of Justice’s National Security Division (NSD) visit about half of the FBI’s field offices for oversight purposes in a given year. Id at 35 & n 42. Moreover OI understandably devotes more resources to offices that use FISA authorities more frequently, so those offices [redacted] are visited annually, id at 35 n. 42, which necessitates that some other offices go for periods of two years or more between oversight visits. The intervals of time between oversight visits at a given location may contribute to lengthy delays in detecting querying violations and reporting them to the FISC. See, e.g., Jan. 18, 2019, Notice [redacted] had been conducting improper queries in a training context since 2011, but the practice was not discovered until 2017).

He also noted that the records on such queries don’t require contemporaneous explanation from the Agent making the query, meaning any review of them will not find problems.

The FBI does not even record whether a query is intended to return foreign-intelligence information or evidence of crime. See July 13, 2018, Proposed Tr. at 14 (DOJ personnel “try to figure out” from FBI query records which queries were run for evidence of crime purposes). DOJ personnel ask the relevant FBI personnel to recall and articulate the bases for selected queries. Sometimes the FBI personnel report they cannot remember. See July 9, 2018, Notice.

Again, I noted this in the past.

In short, as Boasberg was considering Wray’s claim that the FBI didn’t need the record-keeping mandated by Congress, he was discovering that, in fact, FBI needs better oversight of 702 (something that should have been clear to everyone involved, but no one ever listens to my warnings).

FISC rules the querying procedures do not comply with the law or Fourth Amendment

In response to Boasberg’s demand, FBI made several efforts to provide solutions that were not really solutions.

The FBI’s first response to FISC’s objections was to require General Counsel approval before accessing the result of any “bulk” queries like the query that affected 70K people — what it calls “categorical batch queries.”

Queries that are in fact reasonably likely to return foreign-intelligence information are responsive the government’s need to obtain and produce foreign-intelligence information, and ultimately to disseminate such information when warranted. For that reason, queries that comply with the querying standard comport with § 1801 (h), even insofar as they result in the examination of the contents of private communications to or from U.S. persons. On the other hand, queries that lack a sufficient basis are not reasonably related to foreign intelligence needs and any resulting intrusion on U.S. persons’ privacy lacks any justification recognized by§ 1801 (h)(l). Because the FBI procedures, as implemented, have involved a large number of unjustified queries conducted to retrieve information about U.S. persons, they are not reasonably designed, in light of the purpose and technique of Section 702 acquisitions, to minimize the retention and prohibit the dissemination of private U.S. person information.

But Boasberg was unimpressed with that because the people who’d need to consult with counsel would be the most likely not to know they did need to do so.

He also objected to FBI’s attempt to give itself permission to use such queries at the preliminary investigation phase (before then, FBI was doing queries at the assessment stage).

The FBI may open a preliminary investigation with even less of a factual predicate: “on the basis of information or an allegation indicating the existence of a circumstance” described in paragraph a. orb. above. Id. § II.B.4.a.i at 21 (emphasis added). A query using identifiers for persons known to have had contact with any subject of a full or preliminary investigation would not require attorney approval under § IV.A.3, regardless of the factual basis for opening the investigation or how it has progressed since then.

Boasberg’s Fourth Amendment analysis was fairly cautious. Whereas amici pushed for him to treat the queries as separate Fourth Amendment events, on top of the acquisition (which would have had broad ramifications both within FISA practice and outside of it), he instead interpreted the new language in 702 to expand the statutory protection under queries, without finding queries of already collected data a separate Fourth Amendment event.

Similarly, both Boasberg and the amici ultimately didn’t push for a written national security justification in advance of an actual FISA search. Rather, they argued FBI had to formulate such a justification before accessing the query returns (in reality, many of these queries are automated, so it’d be practically impossible to do justifications before the fact).

Boasberg nevertheless required the FBI to at least require foreign intelligence justifications for queries before an FBI employee accessed the results of queries.

The FBI was not happy. Having been told they have to comply with the clear letter of the law, they appealed to the FISA Court of Review, adding apparently new arguments that fulfilling the requirement would not help oversight and that the criminal search requirements were proof that Congress didn’t intend them to comply with the other requirements of the law. Like Boasberg before them, FISCR (in a per curium opinion from the three FISCR judges, José Cabranes, Richard Tallman, and David Sentelle) found that FBI really did need to comply with the clear letter of the law.

The FBI chose not to appeal from there (for reasons that go beyond this dispute, I suspect, as I’ll show in a follow-up). So by sometime in December, they will start tracking their backdoor searches.

FBI tried, but failed, to avoid implementing a tool that will help us learn what we’ve been asking

Here’s the remarkable thing about this. Something like this has been coming for two years, and FBI is only now beginning to comply with the requirement. That’s probably not surprising. Neither the Director of National Intelligence (which treated its intelligence oversight of FBI differently than it did CIA or NSA) nor Congress had demanded that FBI, which can have the most direct impact on someone’s life, adhere to the same standards of oversight that CIA and NSA (and an increasing number of other agencies) do.

Nevertheless, 12 years after this system was first moved under FISA (notably, two key Trump players, White House Associate Counsel John Eisenberg and National Security Division AAG John Demers were involved in the original passage), we’re only now going to start getting real information about the impact on Americans, both in qualitative and quantitative terms. For the first time,

  • We will learn how many queries are done (the FISC opinion revealed that just one FBI system handles 3.1 million queries a year, though that covers both US and non US person queries)
  • We will learn that there are more hits on US persons than previously portrayed, which leads to those US persons to being investigated for national security or — worse — coerced to become national security informants
  • We will learn (even more than we already learned from the two reported queries that this pertained to vetting informants) the degree to which back door searches serve not to find people who are implicated in national security crimes, but instead, people who might be coerced to help the FBI find people who are involved in national security crimes
  • We will learn that the oversight has been inadequate
  • We will finally be able to measure disproportionate impact on Chinese-American, Arab, Iranian, South Asian, and Muslim communities
  • DOJ will be forced to give far more defendants 702 notice

Irrespective of whether back door searches are themselves a Fourth Amendment violation (which we will only now obtain the data to discuss), the other thing this opinion shows is that for twelve years, FISA boosters have been dismissing the concerns those of us who follow closely have raised (and there are multiple other topics not addressed here). And now, after more than a decade, after a big fight from FBI, we’re finally beginning to put the measures in place to show that those concerns were merited all along.

William Barr Ratchets Up the “Witch Hunt” over an Investigation He Judges to be “Anemic” Given the Threat

Bill Barr hit the right wing news circuit today to make vague claims designed to feed the hoax about inappropriate spying on the Trump campaign. With both the WSJ and Fox, he obfuscated about what led him to ask John Durham to conduct what amounts to at least the third review of the origins of the Russia investigation.

“Government power was used to spy on American citizens,” Mr. Barr told The Wall Street Journal, in his first interview since taking office in February. “I can’t imagine any world where we wouldn’t take a look and make sure that was done properly.”

He added: “Just like we need to ensure that foreign actors don’t influence the outcome of our elections, we need to ensure that the government doesn’t use its powers to put a thumb on the scale.”

[snip]

In his Wednesday interview, he declined to elaborate or offer any details on what prompted his concerns about the genesis of the Russia probe.

[snip]

Mr. Barr wouldn’t specify what pre-election activities he found troubling, nor would he say what information he has reviewed thus far or what it has shown. He said he was surprised that officials have been so far unable to answer many of his questions.

“I have more questions now than when I came in,” he said, but declined to detail them.

Given his inability to point to a reason to start this (aside from Trump’s direct orders), it’s worth looking back at something Barr said in his May 1 Senate Judiciary Committee hearing. Mike Lee attempted to get the Attorney General to substantiate his claim — made on April 10 — that the Trump campaign had been inappropriately spied on. In response, Barr explained his spying comment by suggesting that if the “only intelligence collection that occurred” were the FISA warrant on Carter Page and the use of Stefan Halper to question George Papadopoulos, it would amount to an “anemic” effort given the counterintelligence threat posed.

One of the things I want to look — there are people — many people seem to assume that the only intelligence collection that occurred was a single confidential informant and a FISA warrant. I’d like to find out whether that is, in fact, true. It strikes me as a fairly anemic effort if that was the counterintelligence effort designed to stop the threat as it’s being represented.

Over the course of this exchange, Barr admits he doesn’t know or remember what the Mueller Report says about Carter Page, and Lee displays that he’s unfamiliar with several points about Page in the Mueller Report:

  • The report shows that Page had had two earlier ties to Russian intelligence before joining the Trump campaign, not just the one in 2013
  • After Page’s conversations with Viktor Podobnyy were quoted in the latter’s criminal complaint, Page went to a Russian official at the UN General Assembly and told him he “didn’t do anything” with the FBI
  • Page defended sharing intelligence with people he knew were Russian spies by explaining, “the more immaterial non-public information I give them, the better for this country”
  • Dmitry Peskov was Page’s trip to Moscow in July 2016 and Deputy Prime Minister Arkady Dvorkovich spoke about working with Page in the future
  • Mueller ultimately concluded that “Page’s activities in Russia — as described in his emails with the Campaign — were not fully explained”
  • According to Konstantin Kilimnik, on December 8, 2016 “Carter Page is in Moscow today, sending messages he is authorized to talk to Russia on behalf of DT on a range of issues of mutual interest, including Ukraine”
  • The declinations discussion appears to say Page could have been charged as a foreign agent, but was not

Even with all the details about Page Lee appears to be unfamiliar with, there are more that he cannot know, because they’re protected as grand jury materials.

Which is to say neither of these men knew enough about the investigation on May 1 to be able to explain why Barr needed to do an investigation except that Barr thought not enough spying occurred so he was sure there must be more. Had Barr read the IG Report laying out some of these issues, he would know that the investigation was anemic, in part because on August 15, Peter Strzok lost an argument about how aggressively they should pursue the investigation.

In a text message exchange on August 15, 2016, Strzok told Page, “I want to believe the path you threw out for consideration in Andy’s office—that there’s no way he gets elected—but I’m afraid we can’t take that risk. It’s like an insurance policy in the unlikely event you die before you’re 40….” The “Andy” referred to in the text message appears to be FBI Deputy Director Andrew McCabe. McCabe was not a party to this text message, and we did not find evidence that he received it.

In an interview with the OIG, McCabe was shown the text message and he told us that he did not know what Strzok was referring to in the message and recalled no such conversation. Page likewise told us she did not know what that text message meant, but that the team had discussions about whether the FBI would have the authority to continue the Russia investigation if Trump was elected. Page testified that she did not find a reference in her notes to a meeting in McCabe’s office at that time.

Strzok provided a lengthy explanation for this text message. In substance, Strzok told us that he did not remember the specific conversation, but that it likely was part of a discussion about how to handle a variety of allegations of “collusion between members of the Trump campaign and the government of Russia.” As part of this discussion, the team debated how aggressive to be and whether to use overt investigative methods. Given that Clinton was the “prohibitive favorite” to win,

Strzok said that they discussed whether it made sense to compromise sensitive sources and methods to “bring things to some sort of precipitative conclusion and understanding.” Strzok said the reference in his text message to an “insurance policy” reflected his conclusion that the FBI should investigate the allegations thoroughly right away, as if Trump were going to win. Strzok stated that Clinton’s position in the polls did not ultimately impact the investigative decisions that were made in the Russia matter.

So the investigation was anemic, and it was anemic because the guy Lee blames for unfairly targeting Trump wasn’t permitted to investigate as aggressively as he believed it should be investigated.

In the exchange, Barr also says he doesn’t want to get into the “FISA issue,” on account of the IG investigation into it — which would seem to leave just the Halper-Papadopoulos exchange to investigate.

DOJ’s IG has probably given the initial results of its investigation into FISA to FBI. I say that because of Chris Wray’s objection to the use of the word “spying” to describe predicated surveillance, Trump’s attack on Wray because of it, and the unsealing of the names of additional people at the FBI involved in interviewing Mike Flynn — Mike Steinbach, Bill Priestap, James Baker — as well as Principal Associate Deputy Attorney General Matt Axelrod in two of the documents tied to his sentencing released last night. That would suggest there’s nothing substantive there (which is not surprising, given how much more damning the information about Page is than we previously knew).

Which would mean the biggest reason Barr is starting this witch hunt is that the investigation was so anemic to begin with.

The Dossier Is Not the Measure of the Trump-Russia Conspiracy

It seems like the whole world has decided to measure Trump’s conspiracy with Russia not from the available evidence, but based on whether the Steele dossier correctly predicted all the incriminating evidence we now have before us.

The trend started with NPR. According to them (or, at least, NPR’s Phillip Ewing doing a summary without first getting command of the facts), if Michael Cohen didn’t coordinate a Tower-for-sanctions-relief deal from Prague, then such a deal didn’t happen. That’s the logic of a column dismissing the implications of the recent Cohen allocution showing that when Don Jr took a meeting offering dirt on Hillary as “part of Russia and its government’s support for Mr. Trump,” he knew his family stood to make hundreds of millions if they stayed on Vladimir Putin’s good side.

Item: Cohen ostensibly played a key role in the version of events told by the infamous, partly unverified Russia dossier. He denied that strongly to Congress. He also has admitted lying to Congress and submitted an important new version of other events.

But that new story didn’t include a trip to Prague, as described in the dossier. Nor did Cohen discuss that in his interview on Friday on ABC News. Could the trip, or a trip, still be substantiated? Yes, maybe — but if it happened, would a man go to prison for three years without anyone having mentioned it?

As I noted, Mueller laid out the following in the unredacted summary of Cohen’s cooperation.

Consider this passage in the Mueller Cohen sentencing memo.

The defendant’s false statements obscured the fact that the Moscow Project was a lucrative business opportunity that sought, and likely required, the assistance of the Russian government. If the project was completed, the Company could have received hundreds of millions of dollars from Russian sources in licensing fees and other revenues. The fact that Cohen continued to work on the project and discuss it with Individual 1 well into the campaign was material to the ongoing congressional and SCO investigations, particularly because it occurred at a time of sustained efforts by the Russian government to interfere with the U.S. presidential election. Similarly, it was material that Cohen, during the campaign, had a substantive telephone call about the project with an assistant to the press secretary for the President of Russia.

Cohen’s lies, aside from attempting to short circuit the parallel Russian investigations, hid the following facts:

  • Trump Organization stood to earn “hundreds of millions of dollars from Russian sources” if the Trump Tower deal went through.
  • Cohen’s work on the deal continued “well into the campaign” even as the Russian government made “sustained efforts … to interfere in the U.S. presidential election.”
  • The project “likely required[] the assistance of the Russian government.”
  • “Cohen [during May 2016] had a substantive telephone call about the project with an assistant to the press secretary for the President of Russia [Dmitri Peskov].”

But because the new Cohen details (along with the fact that he booked tickets for St. Petersburg the day of the June 9 meeting, only to cancel after the Russian hack of the DNC became public) didn’t happen in Prague, it’s proof, according to NPR, that there is no collusion. [Note, NPR has revised this lead and added an editors note labeling this piece as analysis, not news.]

Political and legal danger for President Trump may be sharpening by the day, but the case that his campaign might have conspired with the Russian attack on the 2016 election looks weaker than ever.

There are other errors in the piece. It claims “Manafort’s lawyers say he gave the government valuable information,” but they actually claimed he didn’t lie (and it doesn’t note that the two sides may have gone back to the drawing board after that public claim). Moreover, the column seems to entirely misunderstand that Manafort’s plea (would have) excused him from the crimes in chief, which is why they weren’t charged. Nor does it acknowledge the details from prosecutors list of lies that implicate alleged GRU associate Konstantin Kilimnik in an ongoing role throughout Trump’s campaign.

Then there’s the NPR complaint that Mike Flynn, after a year of cooperation, is likely to get no prison time. It uses that to debunk a straw man that Flynn was a Russian foreign agent.

Does that sound like the attitude they would take with someone who had been serving as a Russian factotum and who had been serving as a foreign agent from inside the White House as national security adviser, steps away from the Oval Office?

That’s never been the claim (though the Russians sure seemed like they were cultivating it). Rather, the claim was that Flynn hid details of Trump’s plans to ease sanctions, an easing of sanctions Russians had asked Don Jr to do six months earlier in a meeting when they offered him dirt. The 302 from his FBI interview released last night makes it clear that indeed he did.

Finally, NPR is sad that Carter Page hasn’t been charged.

Will the feds ever charge Trump’s sometime foreign policy adviser, Carter Page, whom they called a Russian agent in the partly declassified application they made to surveil him?

This is not a checklist, where Trump will be implicated in a conspiracy only if the hapless Page is indicted (any case against whom has likely been spoiled anyway given all the leaking). The question, instead, is whether Trump and his spawn and campaign manager and longtime political advisor (the piece names neither Don Jr nor Roger Stone, both of whom have been saying they’ll be indicted) entered into a conspiracy with Russians.

In short, this piece aims to measure whether there was “collusion” not by looking at the evidence, but by looking instead at the Steele dossier to see if it’s a mirror of the known facts.

But NPR isn’t the only outlet measuring reality by how it matches up to the Steele dossier. This piece describes that Michael Isikoff thinks, “All the signs to me are, Mueller is reaching his end game, and we may see less than what many people want him to find,” in part because of the same three points made in the NPR piece (Cohen didn’t go to Prague, no pee tape has been released, and Flynn will get no prison time), but also because Maria Butina — whose investigation was not tied to the Trump one, but whom Isikoff himself had claimed might be — will mostly implicate her former boyfriend, Paul Erickson. In the interview, Isikoff notes that because the dossier has not been corroborated, calling it a “mixed record, at best … most of the specific allegations have not been borne out” and notes his own past predictions have not been fulfilled.  Perhaps Isikoff’s reliance on the dossier arises from his own central role in it, but Isikoff misstates some of what has come out in legal filings to back his claim that less will come of the Mueller investigation than he thought.

Then there is Chuck Ross. Like Isikoff, Ross has invested much of his investigative focus into the dossier, and thus is no better able than Isikoff to see a reality but for the false mirror of the dossier. His tweet linking a story laying out more evidence that Michael Cohen did not go to Prague claims that that news is “a huge blow for the collusion narrative.”

Even when Ross wrote a post pretending to assess whether the Michael Cohen plea allocution shows “collusion,” Ross ultimately fell back on assessing whether the documents instead proved the dossier was true.

Notably absent from the Mueller filing is any indication that Cohen provided information that matches the allegations laid out in the Steele dossier, the infamous document that Democrats tout as the roadmap to collusion between the Trump campaign and Russian government.

The most prominent allegation against Cohen in the 35-page report is that he traveled to Prague in August 2016 to meet with Kremlin insiders to discuss paying off hackers who stole Democrats’ emails.

The Isikoff comments appear to have traveled via Ross to Trump’s Twitter thumbs, all without assessing the evidence in plain sight.

Meanwhile, Lawfare is erring in a parallel direction, checking on the dossier to see “whether information made public as a result of the Mueller investigation—and the passage of two years—has tended to buttress or diminish the crux of Steele’s original reporting.”

Such an exercise is worthwhile, if conducted as a measure of whether Christopher Steele obtained accurate intelligence before it otherwise got reported by credible, public sources. But much of what Lawfare does does the opposite — assessing reports (it even gets the number of reports wrong, saying there are 16, not 17, which might be excusable if precisely that issue hadn’t been the subject of litigation) out of context of when they were published. Even still, aside from Steele’s reports on stuff that was already public (Carter Page’s trip to Moscow, Viktor Yanukovych’s close ties to Paul Manafort), the post reaches one after another conclusion that the dossier actually hasn’t been confirmed.

There’s the 8-year conspiracy of cooperation, including Trump providing Russia intelligence. [my emphasis throughout here]

Most significantly, the dossier reports a “well-developed conspiracy of co-operation between [Trump and his associates] and the Russian leadership,” including an “intelligence exchange [that] had been running between them for at least 8 years.” There has been significant investigative reporting about long-standing connections between Trump, his associates and Kremlin-affiliated individuals, and Trump himself acknowledged that the purpose of a June 2016 meeting between his son, Donald Trump Jr. and a Kremlin-connected lawyer was to obtain “dirt” on Hillary Clinton. But there is, at present, no evidence in the official record that confirms other direct ties or their relevance to the 2016 presidential campaign.

There’s the knowing support for the hack-and-leak among Trump and his top lackeys.

It does not, however, corroborate the statement in the dossier that the Russian intelligence “operation had been conducted with the full knowledge and support of Trump and senior members of his campaign team.”

There’s Cohen’s Trump Tower deal.

These documents relate to Cohen’s false statements to Congress regarding attempted Trump Organization business dealings in Russia. The details buttress Steele’s reporting to some extent, but mostly run parallel, neither corroborating nor disproving information in the dossier.

There’s Cohen’s role in the hack-and-leak, including his trip to Prague.

Even with the additional detail from the Cohen documents, certain core allegations in the dossier related to Cohen—which, if true, would be of utmost relevance to Mueller’s investigation—remain largely unconfirmed, at least from the unredacted material. Specifically, the dossier reports that there was well-established, continuing cooperation between the Trump campaign and the Kremlin; that Cohen played a central role in the coordination of joint efforts; and that he traveled to Prague to meet with Russian officials and cut-outs.

There’s Papadopoulos, who (as Lawfare admits) doesn’t show up in the dossier; here they argue he could have, without asking why Steele missed him running around London talking to people who traveled in Steele’s circles.

We revisit his case because it resonates with one of the themes of the dossier, which is the extensive Russian outreach effort to an array of individuals connected to the Trump campaign. Steele’s sources reported on alleged interactions between Carter Page and Russian officials, but Papadopoulos’s conduct would have fit right in.

Again, except for the stuff that was publicly known, Lawfare assesses one after another claim from the dossier and finds that Mueller’s investigation has not corroborated the specific claims, even while Mueller has provided ample evidence of something else going on. But that doesn’t stop Lawfare from claiming that Mueller has “confirm[ed] pieces of the dossier.”

The Mueller investigation has clearly produced public records that confirm pieces of the dossier. And even where the details are not exact, the general thrust of Steele’s reporting seems credible in light of what we now know about extensive contacts between numerous individuals associated with the Trump campaign and Russian government officials.

However, there is also a good deal in the dossier that has not been corroborated in the official record and perhaps never will be—whether because it’s untrue, unimportant or too sensitive. As a raw intelligence document, the Steele dossier, we believe, holds up well so far. But surely there is more to come from Mueller’s team. We will return to it as the public record develops.

In the end, I actually think Mueller may show that Trump, Stone, and Manafort did abet the hack-and-leak campaign, certainly the later parts of it, and that the Trump Tower deal was a key part of the quid pro quo. That’s aside from anything that Trump did with analytics data made available, if it was. But Mueller has just shown the outlines of where a case in chief might fit thus far. And where has has, those outlines raise one after another question of why Steele missed evidence (like the June 9 meeting) that was literally sitting in front of him. No one is answering those questions in these retrospectives.

One reason this effort, coming from Lawfare, is particularly unfortunate is because of a detail recently disclosed in Comey’s recent testimony to Congress. As you read, remember that this exchange involves Mark Meadows, who is the source of many of the most misleading allegations pertaining to the Russian investigation. In Comey’s first appearance this month (given Comey’s comments after testifying yesterday, I expect we’ll see more of the same today when his transcript is released), Meadows seemed to make much of the fact that Michael Sussman, who works with Marc Elias at Perkins Coie, provided information directly to Lawfare contributor James Baker.

Mr. Meadows. So are you saying that James Baker, your general counsel, who received direct information from Perkins Coie, did so and conveyed that to your team without your knowledge?

Mr. Comey. I don’t know.

Mr. Meadows. What do you mean you don’t know? I mean, did he tell you or not?

Mr. Comey. Oh, I — well —

Mr. Meadows. James Baker, we have testimony that would indicate that he received information directly from Perkins Coie; he had knowledge that they were representing the Democrat National Committee and, indeed, collected that information and conveyed it to the investigative team. Did he tell you that he received that information from them? And I can give you a name if you want to know who he received it from.

Mr. Comey. I don’t remember the name Perkins Coie at all.

Mr. Meadows. What about Michael Sussmann?

Mr. Comey. I think I’ve read that name since then. I don’t remember learning that name when I was FBI Director. I was going to ask you a followup, though. When you say “that information,” what do you mean?

Mr. Meadows. Well, it was cyber information as it relates to the investigation.

Mr. Comey. Yeah, I have some recollection of Baker interacting with — you said the DNC, which sparked my recollection — with the DNC about our effort to get information about the Russian hack of them —

Mr. Meadows. Yeah, that’s — that’s not — that’s not what I’m referring to.

Mr. Comey. — but I don’t — I don’t remember anything beyond that.

Mr. Meadows. And so I can give you something so that you — your counsel can look at it and refresh your memory, perhaps, as we look at that, but I guess my concern is your earlier testimony acted like this was news to you that Perkins Coie represented the Democratic National Committee, and yet your general counsel not only knew that but received information from them that was transmitted to other people in the investigative team. [my emphasis]

I have long wondered how the Perkins Coie meeting with the FBI on the hack timed up with the hiring, by Fusion GPS working for Perkins Coie, of Christopher Steele lined up, and that appears to be where Meadows is going to make his final, desperate stand. An earlier version of this hoax revealed that it pertained to materials on hacking, but did not specify that Steele had anything to do with it (indeed, Steele was always behind public reporting on the hack-and-leak).

Still, it would be of more public utility for Lawfare to clarify this detail than engage in yet another exercise in rehabilitating the dossier.

Instead, they — just like everyone else choosing not to look for evidence (or lack thereof) in the actual evidence before us — instead look back to see whether Steele’s dossier was a mirror of reality or something else entirely. If it’s the latter — and it increasingly looks like it is — then it’s time to figure out how and what it is.

Update: Cheryl Rofer did a line by line assessment of Steele’s dossier which is worthwhile. I would dispute a number of her claims (and insist that Steele’s reporting on the hacks be read in the temporal context in which he always lagged public reporting) and wish she’d note where the public record shows facts that actually conflict with the dosser. But it is a decent read.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

James Baker Channels a Road Map He and Comey and Andrew McCabe Might Navigate

Some weeks ago, I used Leon Jaworski’s Road Map to imagine what an equivalent Robert Mueller Road Map, packaging grand jury information to share with the House Judiciary Committee, might look like.

Among other things I showed the close parallel between John Dean’s attempt to craft a cover story and Don McGahn’s attempts to do the same. That section included how Nixon worked Henry Petersen, then Assistant Attorney General for Criminal Division, to try to influence the investigation.

After substantiating what would have been the indictment against Nixon, the Watergate Road Map showed how Nixon had John Dean and others manufacture a false exonerating story. The Road Map cited things like:

  • Nixon’s public claims to have total confidence in John Dean
  • Nixon’s efforts to falsely claim to the Attorney General, Richard Kleindienst, that former AG John Mitchell might be the most culpable person among Nixon’s close aides
  • Nixon’s instructions to his top domestic political advisor, John Ehrlichman, to get involved in John Dean’s attempts to create an exculpatory story
  • Press Secretary Ron Ziegler’s public lies that no one knew about the crime
  • Nixon’s efforts to learn about what prosecutors had obtained from his close aides
  • Nixon’s private comments to his White House Counsel to try to explain away an incriminating comment
  • Nixon’s ongoing conversations with his White House Counsel about what he should say publicly to avoid admitting to the crime
  • Nixon’s multiple conversations with top DOJ official Henry Petersen, including his request that Petersen not investigate some crimes implicating the Plumbers
  • Nixon’s orders to his Chief of Staff, HR Haldeman, to research the evidence implicating himself in a crime

This is an area where there are multiple almost exact parallels with the investigation into Trump, particularly in Don McGahn’s assistance to the President to provide bogus explanations for both the Mike Flynn and Jim Comey firings — the former of which involved Press Secretary Sean Spicer and Chief of Staff Reince Priebus, the latter of which involved Trump’s top domestic political advisor Stephen Miller. There are also obvious parallels between the Petersen comments and the Comey ones. Finally, Trump has made great efforts to learn via Devin Nunes and other House allies what DOJ has investigated, including specifically regarding the Flynn firing.

One key point about all this: the parallels here are almost uncanny. But so is the larger structural point. These details did not make the draft Nixon indictment. There were just additional proof of his cover-up and abuse of power. The scope of what HJC might investigate regarding presidential abuse is actually broader than what might be charged in an indictment.

The equivalent details in the Mueller investigation — particularly the Comey firing — have gotten the bulk of the press coverage (and at one point formed a plurality of the questions Jay Sekulow imagined Mueller might ask). But the obstruction was never what the case in chief is, the obstruction started when Trump found firing Flynn to be preferable to explaining why he instructed Flynn, on December 29, to tell the Russians not to worry about Obama’s sanctions. In the case of the Russia investigation, there has yet to be an adequate public explanation for Flynn’s firing, and the Trump team’s efforts to do so continue to hint at the real exposure the President faces on conspiracy charges. [my emphasis]

Another section showed how Nixon was commenting on what he had said to Petersen and Attorney General Kleindienst was like Trump’s comments on Jim Comey and other DOJ officials.

That was all written from the outside.

Today, former FBI General Counsel James Baker performs the same task. He doesn’t describe the effort as such. Rather, he just says he finds certain things — particularly those having to do with Henry Petersen — attracted his (and Sarah Grant’s, with whom he wrote this) attention.

One of the aspects of the recently released Watergate “road map” and related documents that attracted our attention is the set of materials pertaining to interactions, direct and indirect, between President Richard M. Nixon and two senior Department of Justice officials.

The whole post starts with a description of how Petersen told Nixon that Haldeman and Ehrlichman were implicated in the break-in and advised him to fire them, only to have the President respond that he would not.

One of the officials later testified: “He said he couldn’t believe it. You know, just these are fine upstanding guys. Just couldn’t be, you know.” He impressed on the president, “We are here to alert you. We think we’ve got something. We could be wrong, but we are telling you it’s time for you to move to protect yourself and the presidency.” And he urged the president to “get rid” of the staffers in question; the president responded, “‘Yeah, and I don’t think I should. I’ve got to think about this and that and a thousand other things.’”

The parallel here, of course, is Mike Flynn, whom Sally Yates recommended Trump fire, but whom Trump kept on for almost two weeks because he had ordered him to engage in the suspect behavior in question.

The post goes on to describe how Nixon got that top DOJ figure to provide information on a DOJ investigation investigating him personally.

In addition, on two occasions President Nixon asked Petersen for written summaries of aspects of the Justice Department’s investigation, including information regarding Haldeman and Ehrlichman: “[H]e asked for a full exposition. Having got into it this far, he felt he needed all the information, and I said I would undertake to . . . try to do that.” The president asked Petersen “to be kept informed of these things” but did not expect Petersen to divulge grand jury material. Petersen said that he ultimately determined that he could not provide any additional information at that time because it would have involved disclosing grand jury material; the president accepted that conclusion. In the following two weeks, however, Petersen did provide the president with “very general” information about the investigation, and the president on one occasion asked him, “‘Well, what else is new?’”

According to the president’s logs, between March 13, 1973, and April 30, 1973, President Nixon had seven meetings and initiated 19 phone calls with Petersen. These calls included four on April 15, 1973, after Kleindienst and Petersen met with the president to recommend that he fire Haldeman and Ehrlichman, including one call from 11:45 p.m. to 11:53 p.m. It is difficult to recount concisely the details of all of these communications to the extent that they are reflected in the information that we reviewed. Suffice it to say that these communications and other information in the attachments to the road map indicate that the Justice Department provided the White House with certain information about the course of the investigation on an ongoing basis.

The president, in short, was using a senior Justice Department official to gather intelligence about an ongoing criminal investigation in which he was personally implicated.

The post also explains how Nixon tried to influence Petersen to speed up the investigation and by offering promotions.

On at least one occasion, President Nixon commented to Petersen on the pace of the investigation. Petersen testified: “Well, there was some discussion about the need for, you know—‘Hurry up and get this over with.’ ‘Yes. We’ll make haste as reasonably as we can.’”

President Nixon also discussed Petersen’s future role with him, as they concurrently discussed a live investigative matter. Petersen testified: “there were statements, during the course of the President’s conversations with me, ‘Now, you’ll have to serve as White House counsel,’ or, ‘You’re the adviser to the President now,’ which I, frankly, thought was a little heavy handed.”

It lays out how Nixon asked the top DOJ official whether he, personally, was under investigation.

Similarly, the Watergate Task Force report referenced above states that on April 27, 1973, “the President asked Petersen if he had any information implicating the President himself. Petersen said he did not.” The president, in other words, was asking the head of the Criminal Division whether he was personally under investigation.

And then it shows how HJC included such abuses in its articles of impeachment.

How was all of this presidential contact with the Justice Department understood in the context of Watergate? Pretty harshly. For example, Article II, paragraph 5, of the House Judiciary Committee’s July 27, 1974, Articles of Impeachment states in part that President Nixon:

In disregard of the rule of law, . . . knowingly misused the executive power by interfering with agencies of the executive branch, including the Federal Bureau of Investigation, the Criminal Division, and the Office of Watergate Special Prosecution Force, of the Department of Justice, and the Central Intelligence Agency, in violation of his duty to take care that the laws be faithfully executed.

President Nixon resigned on Aug. 9, 1974, and was pardoned by President Gerald Ford on Sept. 8, 1974.

As I noted in the post where I drew these parallels, we’re not in 1974 anymore, and there are a lot of reasons to doubt Trump will be impeached for acting in a similar manner as Nixon did.

But James Baker definitely seems to think the parallels are there.

Homeland Security Chair Ron Johnson Thinks It Scandalous that Lawyer of Hacking Victim Talks to FBI about Hack

In the never-ending scandal industry of Republican members of Congress trying to make a huge deal out of the fucking Steele dossier, Senate Homeland Security Chair Ron Johnson is demanding that Christopher Wray provide more information (including on the John Doe investigations into Scott Walker’s corruption in WI). Johnson never went to such lengths to obtain information from the FBI during the investigation of the Boston Marathon bombing, but I guess he has different priorities.

Among the things he’s demanding are details of a conversation that Perkins Coie attorney Michael Sussmann had with then FBI General Counsel James Baker.

According to public reports, former FBI General Counsel James Baker met with Michael Sussman, [sic] an attorney with the Perkins Coie law firm, which retained Fusion GPS in 2016 to research allegations about then-candidate Donald Trump. Fusion GPS hired Christopher Steele, author of the Steele dossier–and Mr. Sussman allegedly provided the FBI with information “related to Russian interference in the election, hacking and possible Trump connections.”

The John Solomon piece that has gotten Ron Johnson all hot and bothered about this contact says that Sussmann gave Baker some materials on Russian hacking and possible Trump connections with it.

Baker identified lawyer Michael Sussman, [sic] a former DOJ lawyer, as the Perkins Coie attorney who reached out to him and said the firm gave him documents and a thumb drive related to Russian interference in the election, hacking and possible Trump connections.

Michael Sussmann has been publicly identified as the person that helped the DNC respond to the Russian hack since June 14, 2016, the day the hack first became public.

Chief executive Amy Dacey got a call from her operations chief saying that their information technology team had noticed some unusual network activity.

“It’s never a call any executive wants to get, but the IT team knew something was awry,” ­Dacey said. And they knew it was serious enough that they wanted experts to investigate.

That evening, she spoke with Michael Sussmann, a DNC lawyer who is a partner with Perkins Coie in Washington. Soon after, Sussmann, a former federal prosecutor who handled computer crime cases, called Henry, whom he has known for many years.

His role in helping the DNC help respond to the hack was further described by the NYT’s magnum opus on it.

No one knew just how bad the breach was — but it was clear that a lot more than a single filing cabinet worth of materials might have been taken. A secret committee was immediately created, including Ms. Dacey, Ms. Wasserman Schultz, Mr. Brown and Michael Sussmann, a former cybercrimes prosecutor at the Department of Justice who now works at Perkins Coie, the Washington law firm that handles D.N.C. political matters.

“Three most important questions,” Mr. Sussmann wrote to his clients the night the break-in was confirmed. “1) What data was accessed? 2) How was it done? 3) How do we stop it?”

Mr. Sussmann instructed his clients not to use D.N.C. email because they had just one opportunity to lock the hackers out — an effort that could be foiled if the hackers knew that the D.N.C. was on to them.

“You only get one chance to raise the drawbridge,” Mr. Sussmann said. “If the adversaries know you are aware of their presence, they will take steps to burrow in, or erase the logs that show they were present.”

The D.N.C. immediately hired CrowdStrike, a cybersecurity firm, to scan its computers, identify the intruders and build a new computer and telephone system from scratch. Within a day, CrowdStrike confirmed that the intrusion had originated in Russia, Mr. Sussmann said.

The NYT even describes Sussmann and DNC executives meeting with “senior F.B.I. officials” — a description that would fit the FBI’s General Counsel, Baker, whom Sussman would have known from when they worked on national security cases at DOJ together.

The D.N.C. executives and their lawyer had their first formal meeting with senior F.B.I. officials in mid-June, nine months after the bureau’s first call to the tech-support contractor. Among the early requests at that meeting, according to participants: that the federal government make a quick “attribution” formally blaming actors with ties to Russian government for the attack to make clear that it was not routine hacking but foreign espionage.

“You have a presidential election underway here and you know that the Russians have hacked into the D.N.C.,” Mr. Sussmann said, recalling the message to the F.B.I. “We need to tell the American public that. And soon.”

In other words, there has been public reporting for years that Sussmann spoke to the FBI, reporting that even explains why he was involved — because he was the guy with experience working on cybersecurity. But in spite of that, the Chair of one of the committees most centrally involved in cybersecurity is now suggesting that victims of nation-state hacking and their lawyers should not talk to the FBI about that hacking.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Did the FBI Have a Chance to Fix Their Lies about Encryption in 2016?

The WaPo reports that the FBI has been presenting grossly inflated numbers describing how many devices it can’t open because of encryption. The error stems, the FBI claims, to a “programming” error that actually sounds like an analytical error: the double or triple counting of the same encrypted phones.

Over a period of seven months, FBI Director Christopher A. Wray cited the inflated figure as the most compelling evidence for the need to address what the FBI calls “Going Dark” — the spread of encrypted software that can block investigators’ access to digital data even with a court order.

The FBI first became aware of the miscount about a month ago and still does not have an accurate count of how many encrypted phones they received as part of criminal investigationslast year, officials said. Last week, one internal estimate put the correct number of locked phones at 1,200, though officials expect that number to change as they launch a new audit, which could take weeks to complete, according to people familiar with the work.

“The FBI’s initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,’’ the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.

I find the April 2016 failed test suspicious.

To know why, consider this bit of history. Back in 2015, in the wake of Apple making encryption standard, Jim Comey and Sally Yates made a big pitch for back doors. But when Al Franken asked them, they admitted the FBI didn’t actually know how big the problem is.

Over an hour and a quarter into the SJC hearing, Al Franken asked for actual data demonstrating how big of a problem encryption really is. Yates replied that the government doesn’t track this data because once an agency discovers they’re targeting a device with unbreakable encryption, they use other means of targeting. (Which seems to suggest the agencies have other means to pursue the targets, but Yates didn’t acknowledge that.) So the agencies simply don’t count how many times they run into encryption problems. “I don’t have good enough numbers yet,” Comey admitted when asked again at the later hearing about why FBI can’t demonstrate this need with real data.

Nevertheless, in spite of Congress’ request for real numbers in July 2015, in January 2016 — just as some at FBI were trying to create an excuse to force Apple to open Syen Rizwan Farook’s phone — Comey and Yates admitted they still hadn’t started tracking numbers.

Around January 26, 2016 (that’s the date shown for document creation in the PDF) — significantly, right as FBI was prepping to go after Syed Rizwan Farook’s phone, but before it had done so — Comey and Yates finally answered the Questions for the Record submitted after the hearing. After claiming, in a response to a Grassley question on smart phones, “the data on the majority of the devices seized in the United States may no longer be accessible to law enforcement even with a court order or search warrant,” Comey then explained that they do not have the kind of statistical information Cy Vance claims to keep on phones they can’t access, explaining (over five months after promising to track such things),

As with the “data-in-motion” problem, the FBI is working on improving enterprise-wide quantitative data collection to better explain the “data-at-rest” problem.”

[snip]

As noted above, the FBI is currently working on improving enterprise-wide quantitative data collection to better understand and explain the “data at rest” problem. This process includes adopting new business processes to help track when devices are encountered that cannot be decrypted, and when we believe leads have been lost or investigations impeded because of our inability to obtain data.

[snip]

We agree that the FBI must institute better methods to measure these challenges when they occur.

[snip]

The FBI is working to identify new mechanisms to better capture and convey the challenges encountered with lawful access to both data-in-motion and data-at =-rest.

Grassley specifically asked Yates about the Wiretap report. She admitted that DOJ was still not collecting the information it promised to back in July.

The Wiretap Report only reflects the number of criminal applications that are sought, and not the many instances in which an investigator is dissuaded from pursuing a court order by the knowledge that the information obtained will be encrypted and unreadable. That is, the Wiretap Report does not include statistics on cases in which the investigator does not pursue an interception order because the provider has asserted that an intercept solution does not exist. Obtaining a wiretap order in criminal investigations is extremely resource-intensive as it requires a huge investment in agent and attorney time, and the review process is extensive. It is not prudent for agents and prosecutors to devote resources to this task if they know in advance the targeted communications cannot be intercepted. The Wiretap Report, which applies solely to approved wiretaps, records only those extremely rare instances where agents and prosecutors obtain a wiretap order and are surprised when encryption prevents the court-ordered interception. It is also important to note that the Wiretap Report does not include data for wiretaps authorized as part of national security investigations.

These two answers lay out why the numbers in the Wiretap Report are of limited value in assessing how big a problem encryption is.

Significantly, Comey and Yates offered these answers in response to a Chuck Grassley question about whether they believed, as the corrupt Cy Vance had claimed in Senate testimony, that “71% of all mobile devices examined…may be outside the reach of a warrant.”

The number FBI is now trying to correct was “more than half,” inching right up towards that 71% Vance floated years ago. In other words, this faulty methodology got them to where they needed to go.

I find that all the more suspicious given something that happened later in 2016. As soon as Jim Comey started providing numbers in August 2016, back when they showed 13% of phones could not be accessed, I asked how FBI came up with the number. At the time, a spox admitted that the number included more than encrypted phones — it also included deleted or destroyed phones.

It is a reflection of data on the number of times over the course of each quarter this year that the FBI or one of our law enforcement partners (federal, state, local, or tribal) has sought assistance from FBI digital forensic examiners with respect to accessing data on various mobile devices where the device is locked, data was deleted or encrypted, the hardware was damaged, or there were other challenges with accessing the data. I am not able to break that down by crime type.

That is, in September 2016, five months after FBI failed to find their flawed methodology, an FBI spox told me the number used was not an accurate count of how many phones couldn’t be accessed because of encryption.

When then FBI General Counsel James Baker used the same 13% a few months later, claiming all were encrypted, I checked back. The same spox said the number at that point was just encrypted phones.

It is true that damaged devices are provided to CART and RCFL for FBI assistance, but the 886 devices in FY16 that the FBI was not able to access (which is the number that GC Baker provided last week), does not include those damaged devices. It includes only those devices for which we encountered a password we were not able to bypass.

Now, it’s possible that the methodological problem I identified in 2016 — that their “Going Dark” number actually included phones they couldn’t access for entirely different reasons — was a different problem than the one just identified a month ago (just before Baker retired). Certainly, it doesn’t sound like the same problem (though as I reminded someone from DOJ’s IG some time ago, the forensics labs sending in these numbers have a history of unreliable numbers). That said, given the proliferation of chat apps with disappearing messages that amount to “destroyed” evidence — which under the flawed methodology used in 2016 would be counted as an encryption problem — it could be.

Still, what I identified in September 2016 was a methodological problem. It should have triggered a closer look at the time.

Instead, the FBI has been lying about how bad the Going Dark problem is for another year and a half.

On McCabe’s Firing

Update: 8/28/19: I just re-read this amid discussion that Andrew McCabe may be fired. Much of this I stand by. I was right about the import of Mike Flynn already pleading guilty, I stand by my comments about Michael Horowitz and think the IG Report is damning, though in his lawsuit, McCabe credibly argues it was no developed in the normal fashion. I was right that McCabe would not be a big witness in any obstruction investigation; I was wrong that Comey wouldn’t be. But I want to admit that obstruction did end up being what Mueller effectively issued an impeachment referral for. That said, there was obstruction in both the Stone and Manafort threads of any interactions with Russia. 

I’m going to refrain from making any conclusions about Andy McCabe’s firing until we have the Inspector General Report that underlies it. For now (update: I’ve now cleaned this up post-Yoga class), keep the following details in mind:

Michael Horowitz is a very good Inspector General

The allegations that McCabe lacked candor in discussions about his communications with Devlin Barrett all arise out of an investigation Democrats demanded in response to FBI’s treatment of the investigation into Hillary Clinton. It is being led by DOJ’s Inspector General, Michael Horowitz. Horowitz was nominated by Barack Obama and confirmed while Democrats still had the majority, in 2012.

I’ve never seen anything in Horowitz’ work that suggests he is influenced by politics, though he has shown an ability to protect his own department’s authority, in part by cultivating Congress. Of significant note, he fought with FBI to get the information his investigators needed to do the job, but was thwarted, extending into Jim Comey’s tenure (as I laid out in a fucking prescient post written on November 3, 2016).

As I’ve long covered, in 2010, the FBI started balking at the Inspector General’s proper investigative demands. Among other things, the FBI refused to provide information on grand jury investigations unless some top official in FBI said that it would help the FBI if the IG obtained it. In addition, the FBI (and DEA) have responded to requests very selectively, pulling investigations they don’t want to be reviewed. In 2014, the IG asked OLC for a memo on whether it should be able to get the information it needs to do its job. Last year, OLC basically responded, Nope, can’t have the stuff you need to exercise proper oversight of the FBI.

DOJ’s Inspector General, Michael Horowitz, has been trying for some time to get Congress to affirmatively authorize his office (and IGs generally, because the problem exists at other agencies) to receive the information he needs to do his job. But thus far — probably because Jim Comey used to be known as the world’s biggest Boy Scout — Congress has failed to do so.

I care about how FBI’s misconduct affects the election (thus far, polling suggests it hasn’t done so, though polls are getting closer as Republican Gary Johnson supporters move back to supporting the GOP nominee, as almost always happens with third party candidates). But I care even more about how fucked up the FBI is. Even if Comey is ousted, I can’t think of a likely candidate that could actually fix the problems at FBI. One of the few entities that I think might be able to do something about the stench at FBI is the IG.

Except the FBI has spent 6 years making sure the IG can’t fully review its conduct.

So while I don’t think he’d be motivated by politics, he has had a running fight with top FBI officials about their willingness to subject FBI to scrutiny for the entirety of the Comey tenure.

McCabe has suggested that the investigation into him was “accelerated” only after he testified to the House Intelligence Committee that he would corroborate Jim Comey’s version of his firing.

I am being singled out and treated this way because of the role I played, the actions I took, and the events I witnessed in the aftermath of the firing of James Comey. The release of this report was accelerated only after my testimony to the House Intelligence Committee revealed that I would corroborate former Director Comey’s accounts of his discussions with the President. The OIG’s focus on me and this report became a part of an unprecedented effort by the Administration, driven by the President himself, to remove me from my position, destroy my reputation, and possibly strip me of a pension that I worked 21 years to earn. The accelerated release of the report, and the punitive actions taken in response, make sense only when viewed through this lens.

I’m not sure this timeline bears out (the investigation was supposed to be done last year, but actually got extended into this year). The statement stops short of saying that he was targeted because his testimony — presumably already delivered to Robert Mueller by the time of his HPSCI testimony — corroborated Comey’s.

What we’ve seen of the other personnel moves as a result of this investigation — the reassignment of Peter Strzok and Lisa Page for texts that really did raise conflict issues (to say nothing of operational security problems), and the reassignment of James Baker — seem reasonable. McCabe’s firing was reviewed by a whole bunch of people who have been around DOJ a long time.

So it’s possible the underlying claim has merit. It’s also possible that McCabe is getting the same punishment that a line agent would get if he did not answer the IG honestly.

Trump’s comments matter

Obviously, all that cannot be taken out of context of Trump’s own statements and Jeff Sessions’ efforts to keep his job.

We will get these details in upcoming days, and almost all the details will come from people who’ve got a big stake in the process.

Michael Bromwich — McCabe’s lawyer — says they didn’t get a review of the allegations against McCabe until very recently, and were still trying to contest the firing two days ago (as was publicly reported). I find his claim that this was “cleaved off” from the larger investigation unconvincing: so were Strzok and Page, but that was done to preserve the integrity of the Mueller investigation, and Chris Wray had said publicly that he wanted to act on problems as they found them. Bromwich curiously is not saying that McCabe’s firing violates any agreement McCabe made when he took leave to await retirement.

Undoubtedly, Jeff Sessions did this in the most cowardly way possible. While I think it’s likely, I’m not 100% convinced that the timing was anything other than trying to make a real decision rather than let the retirement make it.

There’s no evidence, yet, that McCabe will lose all his pension

It has been said for over a month that McCabe was just waiting out his birthday so he could “get” his pension. That was so he could start drawing on it immediately. Josh Gerstein laid out the best thing I’ve seen on the implications (as well as what limited legal recourse McCabe has).

The financial stakes for McCabe could be significant. If he had made it to his 50th birthday on Sunday while still in federal service, he would have been eligible to begin drawing a full pension immediately under provisions that apply to federal law enforcement officers, said Kimberly Berry, a lawyer in Arlington, Virginia, who specializes in federal retirement issues.

Berry disputed reports, however, that McCabe would lose his pension altogether.

“He doesn’t lose his retirement,” she said. “It’s not all thrown out in the garbage.“

Even after his dismissal, McCabe will probably be eligible to begin collecting his pension at about age 57, although he would likely lose access to federal health coverage and would probably get a smaller pension than if he stayed on the federal payroll, experts said.

There have been claims McCabe could get hired by a member of Congress for a week so he can start drawing on it. But I’ve heard the finances aren’t even the issue, it’s the principle, which if you want to be a martyr, being fired works better.

This will have a far smaller impact on the Mueller probe than Comey-McCabe loyalists and John Dowd lay out

McCabe and others have suggested that there has been a successful effort to retaliate against Comey’s three corroborating witnesses, though that is least convincing with regards to Jim Rybicki, who was replaced as happens as a matter of course every time a new FBI Director comes in.

But the Comey-McCabe loyalists make far too much of their role in the Mueller probe, making themselves the central actors in the drama. Yes, if their credibility is hurt it does do some damage to any obstruction charges against Trump, which, as I keep repeating, will not be the primary thrust of any charges against Trump. Mueller is investigating Trump for a conspiracy with Russians; the obstruction is just the act that led to his appointment as Special Counsel and with that, a much more thorough investigation. Contrary to what you’re hearing, little we’ve seen thus far is fruit of the decisions Comey and his people made. While all were involved in the decision to charge Mike Flynn, he has already pled guilty and started spilling his guts to Mueller. There’s no reason to believe McCabe or Comey are direct witnesses in the conspiracy charges that will be filed against people close to Trump, if not against Trump himself.

For all those reasons, John Dowd’s claim that McCabe’s firing should end the investigation is equally unavailing.

I pray that Acting Attorney General Rosenstein will follow the brilliant and courageous example of the FBI Office of Professional Responsibility and Attorney General Jeff Sessions and bring an end to alleged Russia Collusion investigation manufactured by McCabe’s boss James Comey based upon a fraudulent and corrupt Dossier.

I mean, if this really is Dowd’s impression of why his client is being investigated, I almost feel sorry for Trump.

But the truth is the dossier has always been a distraction. The obstruction charge was probably used to distract Trump (and his NYT stenographers) while Mueller’s team collected the far more serious evidence on the conspiracy charges, though events of this week may well add to the conspiracy charges. And Comey didn’t manufacture any investigation; if anything, his people were not aggressive enough in the months he oversaw the investigation, particularly as it pertains to George Papadopoulos.

So if Dowd thinks McCabe’s firing will affect the core of the evidence Mueller has already developed (and, I suspect, started hanging on a sealed magnet indictment), he is likely to be very disappointed.

Regardless of the merits of the McCabe firing, it (and the related shit storm) may give Rosenstein and Mueller more time to work. It’s not clear they need that much more time to put together the conspiracy charges that are sitting right beneath the surface.

Finally — and I’m about to do a post on this — the far more important news from yesterday is that Facebook is cutting off Cambridge Analytica for violating its agreements about data use. That may well lead to some far more important changes, changes that Trump has less ability to politicize.

On Jim Baker’s Non-Prosecution for Leaking

The WaPo provides details on something that right wing propagandists had used to slam FBI General Counsel Jim Baker (who, the article notes, is being reassigned within FBI). The leak investigation into Baker must pertain to the Yahoo scan.

For months, Baker had become caught up in what some law enforcement officials considered a particularly frustrating probe of a leak involving the FBI, the National Security Agency and stories that appeared about a year ago involving surveillance techniques for a particular email provider, according to people familiar with the matter.

Some NSA officials were concerned that too much had been revealed about a classified program in an effort to correct a prior report, these people said.

“Jim was distressed about it but was confident he hadn’t leaked anything’’ and would be cleared, one U.S. official said.

A respected veteran prosecutor was assigned to the case, but people close to the matter said the investigation had petered out recently and charges were not expected to be filed.

The leak probe frustrated some law enforcement officials, who said officials were caught up in it only because they had tried to prevent misinformation about surveillance capabilities from spreading among the public and lawmakers. Others said the very existence of the investigation was mostly due to a disagreement between two agencies, according to people familiar with the matter.

The story that the government had obtained authority to scan all of Yahoo’s emails for some signature tied to either a foreign government or a terrorist organization (or most likely, Iran, which the US considers both) was first broken by Reuters, which claimed the scan happened under Section 702. But as I laid out here, Charlie Savage (who has written an entire billion page book on such matters) reported, more plausibly, that it was done under a targeted FISA order. Not only did the discrepancy in stories raise concerns about how Section 702 was being applied, but it led a lot of surveillance critics who had heretofore not understood things they were lobbying about to newly examine what the term “facility” meant.

From the context, it seems likely that Baker was trying to correct initial reports that the scan occurred under Section 702, which probably had a salutary effect on this year’s debate; no one has raised questions about that Yahoo scan (though surveillance critics have proven that they didn’t internalize the lesson  of the exchange to learn that the government has long interpreted facility more broadly than they understood).

If all that’s right, the spooks should be happy that Baker corrected the record. Heck, Baker could probably point to my work for proof that the definition of “facility” was actually known to people he hasn’t ever spoken with.

[S]tarting in 2004 and expanded in 2010, “facility” — the things targeted under FISA — no longer were required to tie to an individual user or even a location exclusively used by targeted users.

When Kollar-Kotelly authorized the Internet dragnet, she distinguished what she was approving, which did not require probable cause, from content surveillance, where probable cause was required. That is, she tried to imagine that the differing standards of surveillance would prevent her order from being expanded to the collection of content. But in 2007, when FISC was looking for a way to authorize Stellar Wind collection — which was the collection on accounts identified through metadata analysis — Roger Vinson, piggybacking Kollar-Kotelly’s decision on top of the Roving Wiretap provision, did just that. That’s where “upstream” content collection got approved. From this point forward, the probable cause tied to a wiretap target was freed from a known identity, and instead could be tied to probable cause that the facility itself was used by a target.

There are several steps between how we got from there to the Yahoo order that we don’t have full visibility on (which is why PCLOB should have insisted on having that discussion publicly). There’s nothing in the public record that shows John Bates knew NSA was searching on non-email or Internet messaging strings by the time he wrote his 2011 opinion deeming any collection of a communication with a given selector in it to be intentional collection. But he — or FISC institutionally — would have learned that fact within the next year, when NSA and FBI tried to obtain a cyber certificate. (That may be what the 2012 upstream violation pertained to; see this post and this post for some of what Congress may have learned in 2012.) Nor is there anything in the 2012 Congressional debate that shows Congress was told about that fact.

One thing is clear from NSA’s internal cyber certificate discussions: by 2011, NSA was already relying on this broader sense of “facility” to refer to a signature of any kind that could be associated with a targeted user.

The point, however, is that sometime in the wake of the 2011 John Bates opinion on upstream, FISC must have learned more about how NSA was really using the term. It’s not clear how much of Congress has been told.

The leap from that — scanning on telephone switches for a given target’s known “facility” — to the Yahoo scan is not that far. In his 2010 opinion reauthorizing the Internet dragnet, Bates watered down the distinction between content and metadata by stripping protection for content-as-metadata that is also used for routing purposes. There may be some legal language authorizing the progression from packets to actual emails (though there’s nothing that is unredacted in any Bates opinion that leads me to believe he fully understood the distinction). In any case, FISCR has already been blowing up the distinction between content and metadata, so it’s not clear that the Yahoo request was that far out of the norm for what FISC has approved.

Which is not to say that the Yahoo scan would withstand scrutiny in a real court unaware of the FISC precedents (including the ones we haven’t yet seen). It’s just to say we started down this path 12 years ago, and the concept of “facilities” has evolved such that a search for a non-email signature counts as acceptable to the FISC.

Of course, the better option is to stop playing word games and explain to everyone what facility actually means, and point out that that interpretation has been in place since 2007.

All that said, this is yet another example where a cherished government official can engage in behavior that others go to prison for. As I’ve pointed out, for example, the Jeffrey Sterling case codified the precedent that someone can go to prison for four minutes and 11 seconds of phone conversations during which you provide unclassified tips about classified information they know.

The Fourth Circuit just codified the principle that you can go to prison for four minutes and 11 seconds of phone calls during which you tell a reporter to go find out classified details you know about.

That’s probably pretty close to what Baker got investigated for. Obviously, doing so as a General Counsel is a different function than as a whistleblower. And whatever conversations Baker had probably took place in DC, so outside of the Fourth Circuit where that precedent stands.

I have no doubt that non-prosecution, if I’ve gotten the facts of the case correct, is the correct decision. But so should it be for others in similar situations, others treated differently because they’re not part of the FBI.

More importantly, the government’s so-called transparency should be such that experts like the surveillance critics who didn’t know how facility is used don’t have to get leaks to understand basic facts about the surveillance they discuss.