Posts

Sessions Recusal: Election And/Or Russia?

Back when Jeff Sessions recused from the investigation into Trump, I noted that it was actually fairly narrow. He recused from election-related issues, but said nothing about Russia.

[T]he only thing he is recusing from is “existing or future investigations of any matters related in any way to the campaigns for President of the United States.”

There are two areas of concern regarding Trump’s ties that would not definitively be included in this recusal: Trump’s long-term ties to mobbed up businessmen with ties to Russia (a matter not known to be under investigation but which could raise concerns about compromise of Trump going forward), and discussions about policy that may involve quid pro quos (such as the unproven allegation, made in the Trump dossier, that Carter Page might take 19% in Rosneft in exchange for ending sanctions against Russia), that didn’t involve a pay-off in terms of the hacking. There are further allegations of Trump involvement in the hacking (a weak one against Paul Manafort and a much stronger one against Michael Cohen, both in the dossier), but that’s in no way the only concern raised about Trump’s ties with Russians.

Which is why I was so interested that Jim Comey emphasized something else in his testimony (see this post on this topic) — issues pertaining to Russia. [my emphasis throughout]

We concluded it made little sense to report it to Attorney General Sessions, who we expected would likely recuse himself from involvement in Russia-related investigations. (He did so two weeks later.)

This came up in his hearing yesterday, as well. First Wyden asked why Sessions was involved in Comey’s firing if he got fired for continuing to investigate Mike Flynn’s ties to Russia.

WYDEN: Let me turn to the attorney general. In your statement, you said that you and the FBI leadership team decided not to discuss the president’s actions with Attorney General Sessions, even though he had not recused himself. What was it about the attorney general’s interactions with the Russians or his behavior with regard to the investigation that would have led the entire leadership of the FBI to make this decision?

COMEY: Our judgment, as I recall, is that he was very close to and inevitably going to recuse himself for a variety of reasons. We also were aware of facts that I can’t discuss in an opening setting that would make his continued engagement in a Russia-related investigation problematic. So we were convinced — in fact, I think we’d already heard the career people were recommending that he recuse himself, that he was not going to be in contact with Russia-related matters much longer. That turned out to be the case.

WYDEN: How would you characterize Attorney General Sessions’s adherence to his recusal? In particular, with regard to his involvement in your firing, which the president has acknowledged was because of the Russian investigation.

COMEY: That’s a question I can’t answer. I think it is a reasonable question. If, as the president said, I was fired because of the Russia investigation, why was the attorney general involved in that chain? I don’t know.

Then Kamala Harris asked whether there had been any official guidance on recusal.

HARRIS: Thank you. As a former attorney general, I have a series of questions in connection with your connection with the attorney general while you were FBI director. What is your understanding of the parameters of Attorney General Sessions’ recusal from the Russia investigation?

COMEY: I think it’s described in a written release from DOJ which I don’t remember sitting here but the gist is he will be recused from all matters relating to Russia or the campaign. Or the activities of Russia and the ’16 election or something like that.

HARRIS: So, is your knowledge of the extent of the recusal based on the public statements he’s made?

COMEY: Correct.

HARRIS: Is there any kind of memorandum issued from the attorney general to the FBI outlining the parameters of his recusal?

COMEY: Not that I’m aware of.

In every comment, Comey emphasized the Russian aspect. Indeed, most of his comments only mention Russia; just one instance mentions the election.

Indeed, yesterday’s hearing made it clear that Comey believed Sessions should be recused from Russia-related issues because of unclassified issues that include his undisclosed two (now three) conversations with Russian Ambassador Sergey Kislyak.

After yesterday’s hearing, DOJ issued a statement (reproduced in its entirely below), and also released an email that appears to serve as the written guidance on Sessions’ recusal. Yesterday’s statement makes the limitation to election-related issues even more explicit.

Given Attorney General Sessions’ participation in President Trump’s campaign, it was for that reason, and that reason alone, the Attorney General made the decision on March 2, 2017 to recuse himself from any existing or future investigations of any matters related in any way to the campaigns for President of the United States.

So while the email directive does state Sessions’ recusal “extends to Department responses to Congressional and media inquiries related to any such investigations,” not a single thing from DOJ ever mentions the word Russia.

There are actually many important potential implications of this.

It may mean, for example, that Sessions feels he had every right to help Trump fire Comey for his aggressive investigation in Russian issues — even in spite of the fact that his own actions may be reviewed in the Russian investigation — because the Flynn investigation pertained to issues that happened after the election.

More alarmingly, it may mean that there will be a squabble about the scope of Robert Mueller’s special counsel investigation, which has already started digging into matters of Russian corruption that go back years, because Rod Rosenstein overstepped the scope of his own authority based on the limits of Sessions’ recusal.

Jim Comey thinks that as soon as February 14, it was clear that Sessions had to recuse from Russian related issues. Instead (all the evidence suggests) he recused only from election related issues.

The difference in understanding here is troubling.

Update: A friend notes that Jeff Sessions basically relied on Rod Rosenstein’s letter in recommending Trump fire Comey.

[F]or the reasons expressed by the Deputy Attorney General in the attached memorandum, I have concluded that a fresh start is needed at the leadership of the FBI.

The friend suggested that because Comey’s actions implicated the election, that means Sessions intervened in matter pertaining to the election (albeit for Trump’s opponent).

I’m not so sure. The phrasing of Rosenstein’s letter here is critical. Democrats may be angry at Comey for reopening the investigation (and sending a sure-to-leak letter to a stable of GOP Committee Chairs) days before the election. So to Democrats, Comey’s handing of the Hillary investigation pertains to the election.

But Rosenstein frames the issue in terms of “usurp[ing] the Attorney General’s authority” and “supplant[ing] federal prosecutors and assum[ing] control of the Justice Department.” While Rosenstein cites Eric Holder and Donald Ayer describing how Comey’s actions violated long-standing policies pertaining to comments in advance of elections, the Deputy Attorney General himself pitches it as insubordination.

Update: On Twitter Charlie Savage suggested the scope of the recusal could be taken from the language of Comey’s confirmation of the investigation in a HPSCI hearing on March 20, arguing that on March 2, when Sessions recused, the investigation and its ties to campaign members who spoke to Russians had not yet been disclosed.

I have been authorized by the Department of Justice to confirm that the FBI, as part of our counterintelligence mission, is investigating the Russian government’s efforts to interfere in the 2016 presidential election and that includes investigating the nature of any links between individuals associated with the Trump campaign and the Russian government and whether there was any coordination between the campaign and Russia’s efforts. As with any counterintelligence investigation, this will also include an assessment of whether any crimes were committed.

Except this statement says nothing about Jeff Sessions’ recusal, and in Thursday’s testimony, Comey said he was unaware of a memo aside from Sessions public statement. As noted above, the email that DOJ has now pointed to says nothing about Russia.

Plus, even if the recusal originally intended to include the secret Russia investigation, the statement written on Thursday, very clearly in response to Comey’s testimony and repeated claims that Sessions had to recuse from Russia-related issues, said the only reason Sessions recused was because of the campaign tie. And as I noted in my original post on the scope of Sessions’ recusal, he played games in his admission of conversations with Sergey Kislyak as to whether they pertained to Russia.

Update: In a March 6 letter to SJC claiming he didn’t need to correct his false testimony on conversations with Sergey Kislyak, Sessions said that his recusal should cover Russian contacts with the Trump transition and administration.

The March 3, 2017, letter also asked why I had not recused myself from “Russian contacts with the Trump transition team and administration.” I understand the scope of the recusal as described in the Department’s press release would include any such matters.

This would seem to conflict with Thursday’s statement.

______________________________________________________________________________

FOR IMMEDIATE RELEASE

THURSDAY, JUNE 8, 2017

DEPARTMENT OF JUSTICE ISSUES STATEMENT ON TESTIMONY OF FORMER FBI DIRECTOR JAMES COMEY

 

WASHINGTON – In response to testimony given today by former FBI Director James Comey, Department of Justice Spokesman Ian Prior issued the following statement:

  • Shortly after being sworn in, Attorney General Sessions began consulting with career Department of Justice ethics officials to determine whether he should recuse himself from any existing or future investigations of any matters related in any way to the campaigns for President of the United States.

Those discussions were centered upon 28 CFR 45.2, which provides that a Department of Justice attorney should not participate in investigations that may involve entities or individuals with whom the attorney has a political or personal relationship. That regulation goes on to define “political relationship” as:

“[A] close identification with an elected official, a candidate (whether or not successful) for elective, public office, a political party, or a campaign organization, arising from service as a principal adviser thereto or a principal official thereof ***”

Given Attorney General Sessions’ participation in President Trump’s campaign, it was for that reason, and that reason alone, the Attorney General made the decision on March 2, 2017 to recuse himself from any existing or future investigations of any matters related in any way to the campaigns for President of the United States.

  • In his testimony, Mr. Comey stated that he was “not *** aware of” “any kind of memorandum issued from the Attorney General or the Department of Justice to the FBI outlining the parameters of [the Attorney General’s] recusal.” However, on March 2, 2017, the Attorney General’s Chief of Staff sent the attached email specifically informing Mr. Comey and other relevant Department officials of the recusal and its parameters, and advising that each of them instruct their staff “not to brief the Attorney General *** about, or otherwise involve the Attorney General *** in, any such matters described.”
  • During his testimony, Mr. Comey confirmed that he did not inform the Attorney General of his concerns about the substance of any one-on-one conversation he had with the President. Mr. Comey said, following a morning threat briefing, that he wanted to ensure he and his FBI staff were following proper communications protocol with the White House. The Attorney General was not silent; he responded to this comment by saying that the FBI and Department of Justice needed to be careful about following appropriate policies regarding contacts with the White House.
  • Despite previous inaccurate media reports, Mr. Comey did not say that he ever asked anyone at the Department of Justice for more resources related to this investigation.
  • In conclusion, it is important to note that after his initial meeting with career ethics officials regarding recusal (and including the period prior to his formal recusal on March 2, 2017), the Attorney General has not been briefed on or participated in any investigation within the scope of his recusal.

# # #

17-631

Comey and Friends Expected Jeff Sessions to Recuse by February 14

Here’s another detail from Jim Comey’s testimony that deserves more attention. On February 14, the day that President Trump asked Comey to drop the investigation into Mike Flynn, Comey and his aides expected Jeff Sessions to recuse himself from the investigation.

We also concluded that, given that it was a one-on-one conversation, there was nothing available to corroborate my account. We concluded it made little sense to report it to Attorney General Sessions, who we expected would likely recuse himself from involvement in Russia-related investigations. (He did so two weeks later.) [my emphasis]

Obviously, Sessions should have recused in any case, since he was involved in the campaign. But Comey specifically framed this as “Russia-related investigations,” not Trump investigations generally. Comey doesn’t say why the top people at FBI believed he would recuse, but by this point, the FBI would have pulled all intercepts involving Sergey Kislyak, so would have discovered ones reflecting conversations with Sessions.

In any case, to have that belief, the FBI presumably had already talked to Sessions about his conflicts with the Russian investigation.

That’s consistent with something Sessions said in his recusal statement. He describes the recusal process as a several week series of meetings.

During the course of the last several weeks, I have met with the relevant senior career Department officials to discuss whether I should recuse myself from any matters arising from the campaigns for President of the United States.

Having concluded those meetings today, I have decided to recuse myself from any existing or future investigations of any matters related in any way to the campaigns for President of the United States.

Yet it took two more weeks (actually, 16 days) for Sessions to recuse, which suggests he didn’t do it just for the election-related reasons, and didn’t do it when FBI first talked to him about it. He only did it once the leaks about his ties to Kislyak came out.

Given Trump’s reported continued rage at Sessions for recusing — so much so he’s considering firing him (do it!!!) — I find that very significant. It makes it more likely that Sessions and Trump spoke about a potential recusal in the interim weeks, and more likely that Trump thought he had a plan in place to kill any investigation that Sessions recusal killed.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The Problems with Rosemary Collyer’s Shitty Upstream 702 Opinion

This post took a great deal of time, both in this go-around, and over the years to read all of these opinions carefully. Please consider donating to support this work. 

It often surprises people when I tell them this, but in general, I’ve got a much better opinion of the FISA Court than most other civil libertarians. I do so because I’ve actually read the opinions. And while there are some real stinkers in the bunch, I recognize that the court has long been a source of some control over the executive branch, at times even applying more stringent standards than criminal courts.

But Rosemary Collyer’s April 26, 2017 opinion approving new Section 702 certificates undermines all the trust and regard I have for the FISA Court. It embodies everything that can go wrong with the court — which is all the more inexcusable given efforts to improve the court’s transparency and process since the Snowden leaks. I don’t think she understood what she was ruling on. And when faced with evidence of years of abuse (and the government’s attempt to hide it), she did little to rein in or even ensure accountability for those abuses.

This post is divided into three sections:

  • My analysis of the aspects of the opinion that deal with the upstream surveillance
    • Describing upstream searches
    • Refusing to count the impact
    • Treating the problem as exclusively about MCTs, not SCTs
    • Defining key terms
    • Failing to appoint (much less consider) appointing an amicus
    • Approving back door upstream searches
    • Imposing no consequences
  • A description of all the documents I Con the Record released — and more importantly, the more important ones it did not release (if you’re in the mood for weeds, start there)
  • A timeline showing how NSA tried to hide these violations from FISC

Opinion

The Collyer opinion deals with a range of issues: an expansion of data sharing with the National Counterterrorism Center, the resolution of past abuses, and the rote approval of 702 certificates for form and content.

But the big news from the opinion is that the NSA discovered it had been violating the terms of upstream FISA collection set in 2011 (after violating the terms of upstream FISA set in 2007-2008, terms which were set after Stellar Wind violated FISA since 2002). After five months of trying and failing to find an adequate solution to fix the problem, NSA proposed and Collyer approved new rules for upstream collection. The collection conducted under FISA Section 702 is narrower than it had been because NSA can no longer do “about” searches (which are basically searching for some signature in the “content” of a communication). But it is broader — and still potentially problematic — because NSA now has permission to do the back door searches of upstream collected data that they had, in reality, been doing all along.

My analysis here will focus on the issue of upstream collection, because that is what matters going forward, though I will note problems with the opinion addressing other topics to the extent they support my larger point.

Describing upstream searches

Upstream collection under Section 702 is the collection of communications identified by packet sniffing for a selector at telecommunication switches. As an example, if the NSA wants to collect the communications of someone who doesn’t use Google or Yahoo, they will search for the email address as it passes across circuits the government has access to (overseas, under EO 12333) or that a US telecommunications company runs (domestically, under 702; note many of the data centers at which this occurs have recently changed hands). Stellar Wind — the illegal warrantless wiretap program done under Bush — was upstream surveillance. The period in 2007 when the government tried to replace Stellar Wind under traditional FISA was upstream surveillance. And the Protect America Act and FISA Amendments Act have always included upstream surveillance as part of the mix, even as they moved more (roughly 90% according to a 2011 estimate) of the collection to US-based providers.

The thing is, there’s no reason to believe NSA has ever fully explained how upstream surveillance works to the FISC, not even in this most recent go-around (and it’s now clear that they always lied about how they were using and processing a form of upstream collection to get Internet metadata from 2004 to 2011). Perhaps ironically, the most detailed discussions of the technology behind it likely occurred in 2004 and 2010 in advance of opinions authorizing collection of metadata, not content, but NSA was definitely not fully forthcoming in those discussions about how it processed upstream data.

In 2011, the NSA explained (for the first time), that it was not just collecting communications by searching for a selector in metadata, but it was also collecting communications that included a selector as content. One reason they might do this is to obtain forwarded emails involving a target, but there are clearly other reasons. As a result of looking for selectors as content, NSA got a lot of entirely domestic communications, both in what NSA called multiple communication transactions (“MCTs,” basically emails and other things sent in bundles) and in single communication transactions (SCTs) that NSA didn’t identify as domestic, perhaps because they used Tor or a VPN or were routed overseas for some other reason. The presiding judge in 2011, John Bates, ruled that the bundled stuff violated the Fourth Amendment and imposed new protections — including the requirement NSA segregate that data — for some of the MCTs. Bizarrely, he did not rule the domestic SCTs problematic, on the logic that those entirely domestic communications might have foreign intelligence value.

In the same order, John Bates for the first time let CIA and NSA do something FBI had already been doing: taking US person selectors (like an email address) and searching through already collected content to see what communications they were involved in (this was partly a response to the 2009 Nidal Hasan attack, which FBI didn’t prevent in part because they were never able to pull up all of Hasan’s communications with Anwar al-Awlaki at once). Following Ron Wyden’s lead, these searches on US person content are often called “back door searches” for the way they let the government read Americans’ communications without a warrant. Because of the newly disclosed risk that upstream collection could pick up domestic communications, however, when Bates approved back door searches in 2011, he explicitly prohibited the back door searching of data collected via upstream searches. He prohibited this for all of it — MCTs (many of which were segregated from general repositories) and SCTs (none of which were segregated).

As I’ve noted, as early as 2013, NSA knew it was conducting “many” back door searches of upstream data. The reasons why it was doing so were stupid: in part, because to avoid upstream searches analysts had to exclude upstream repositories from the search query (basically by writing “NOT upstream” in a Boolean query), which also required them realizing they were searching on a US person selector. For whatever reason, though, no one got alarmed by reports this was going on — not NSA’s overseers, not FISC (which reportedly got notices of these searches), and not Congress (which got notices of them in Semiannual reports, which is how I knew they were going on). So the problem continued; I noted that this was a persistent problem back in August, when NSA and DOJ were still hiding the extent of the problems from FISC.

It became clear the problem was far worse than known, however, when NSA started looking into how it dealt with 704 surveillance. Section 704 is the authority the NSA uses to spy on Americans who are overseas. It basically amounts to getting a FISC order to use EO 12333 spying on an American. An IG Report completed in January 2016 generally found 704 surveillance to be a clusterfuck; as part of that, though, the NSA discovered that there were a whole bunch of 704 backdoor searches that weren’t following the rules, in part because they were collecting US person communications for periods outside of the period when the FISC had authorized surveillance (for 705(b) communication, which is the spying on Americans who are simply traveling overseas, this might mean NSA used EO 12333 to collect on an American when they were in the US). Then NSA’s Compliance people (OCO) did some more checking and found still worse problems.

And then the government — the same government that boasted about properly disclosing this to FISC — tried to bury it, basically not even telling FISC about how bad the problem was until days before Collyer was set to approve new certificates in October 2016. Once they did disclose it, Judge Collyer gave NSA first one and then another extension for them to figure out what went wrong. After 5 months of figuring, they were still having problems nailing it down or even finding where the data and searches had occurred. So, finally, facing a choice of ending “about” collection (only under 702 — they can still accomplish the very same thing under EO 12333) or ending searches of upstream data, they chose the former option, which Collyer approved with almost no accountability for all the problems she saw in the process.

Refusing to count the impact

I believe that (at least given what has been made public) Collyer didn’t really understand the issue placed before her. One thing she does is just operate on assumptions about the impact of certain practices. For example, she uses the 2011 number for the volume of total 702 collection accomplished using upstream collection to claim that it is “a small percentage of NSA’s overall collection of Internet communications under Section 702.” That’s likely still true, but she provides no basis for the claim, and it’s possible changes in communication — such as the increased popularity of Twitter — would change the mix significantly.

Similarly, she assumes that MCTs that involve “a non-U.S. person outside the United States” will be “for that reason [] less likely to contain a large volume of information about U.S. person or domestic communications.” She makes a similar assumption (this time in her treatment of the new NCTC raw take) about 702 data being less intrusive than individual orders targeted at someone in the US, “which often involve targets who are United States persons and typically are directed at persons in the United States.” In both of these, she repeats an assumption John Bates made in 2011 when he first approved back door searches using the same logic — that it was okay to provide raw access to this data, collected without a warrant, because it wouldn’t be as impactful as the data collected with an individual order. And the assumption may be true in both cases. But in an age of increasingly global data flows, that remains unproven. Certainly, with ISIS recruiters located in Syria attempting to recruit Americans, that would not be true at all.

Collyer makes the same move when she makes a critical move in the opinion, when she asserts that “NSA’s elimination of ‘abouts’ collection should reduce the number of communications acquired under Section 702 to which a U.S. person or a person in the United States is a party.” Again, that’s probably true, but it is not clear she has investigated all the possible ways Americans will still be sucked up (which she acknowledges will happen).

And she does this even as NSA was providing her unreliable numbers.

The government later reported that it had inadvertently misstated the percentage of NSA’s overall upstream Internet collection during the relevant period that could have been affected by this [misidentification of MCTs] error (the government first reported the percentage as roughly 1.3% when it was roughly 3.7%.

Collyer’s reliance on assumptions rather than real numbers is all the more unforgivable given one of the changes she approved with this order: basically, permitting the the agencies to conduct otherwise impermissible searches to be able to count how many Americans get sucked up under 702.  In other words, she was told, at length, that Congress wants this number (the government’s application even cites the April 22, 2106 letter from members of the House Judiciary Committee asking for such a number). Moreover, she was told that NSA had already started trying to do such counts.

The government has since [that is, sometime between September 26 and April 26] orally notified the Court that, in order to respond to these requests and in reliance on this provision of its minimization procedures, NSA has made some otherwise-noncompliant queries of data acquired under Section 702 by means other than upstream Internet collection.

And yet she doesn’t then demand real numbers herself (again, in 2011, Bates got NSA to do at least a limited count of the impact of the upstream problems).

Treating the problem as exclusively about MCTs, not SCTs

But the bigger problem with Collyer’s discussion is that she treats all of the problem of upstream collection as being about MCTs, not SCTs. This is true in general — the term single communication transaction or SCT doesn’t appear at all in the opinion. But she also, at times, makes claims about MCTs that are more generally true for SCTs. For example, she cites one aspect of NSA’s minimization procedures that applies generally to all upstream collection, but describes it as only applying to MCTs.

A shorter retention period was also put into place, whereby an MCT of any type could not be retained longer than two years after the expiration of the certificate pursuant to which it was acquired, unless applicable criteria were met. And, of greatest relevance to the present discussion, those procedures categorically prohibited NSA analysts from using known U.S.-person identifiers to query the results of upstream Internet collection. (17-18)

Here’s the section of the minimization procedures that imposed the two year retention deadline, which is an entirely different section than that describing the special handling for MCTs.

Similarly, Collyer cites a passage from the 2015 Hogan opinion stating that upstream “is more likely than other forms of section 702 collection to contain information of or concerning United States person with no foreign intelligence value” (see page 17). But that passage cites to a passage of the 2011 Bates opinion that includes SCTs in its discussion, as in this sentence.

In addition to these MCTs, NSA likely acquires tens of thousands more wholly domestic communications every year, given that NSA’s upstream collection devices will acquire a wholly domestic “about” SCT if it is routed internationally. (33)

Collyer’s failure to address SCTs is problematic because — as I explain here — the bulk of the searches implicating US persons almost certainly searched SCTs, not MCTs. That’s true for two reasons. First, because (at least according to Bates’ 2011 guesstimate) NSA collects (or collected) far more entirely domestic communications via SCTs than via MCTs. Here’s how Bates made that calculation in 2011 (see footnote 32).

NSA ultimately did not provide the Court with an estimate of the number of wholly domestic “about” SCTs that may be acquired through its upstream collection. Instead, NSA has concluded that “the probability of encountering wholly domestic communications in transactions that feature only a single, discrete communication should be smaller — and certainly no greater — than potentially encountering wholly domestic communications within MCTs.” Sept. 13 Submission at 2.

The Court understands this to mean that the percentage of wholly domestic communications within the universe of SCTs acquired through NSA’s upstream collection should not exceed the percentage of MCTs within its statistical sample. Since NSA found 10 MCTs with wholly domestic communications within the 5,081 MCTs reviewed, the relevant percentage is .197% (10/5,081). Aug. 16 Submission at 5.

NSA’s manual review found that approximately 90% of the 50,440 transactions in the same were SCTs. Id. at 3. Ninety percent of the approximately 13.25 million total Internet transactions acquired by NSA through its upstream collection during the six-month period, works out to be approximately 11,925,000 transactions. Those 11,925,000 transactions would constitute the universe of SCTs acquired during the six-month period, and .197% of that universe would be approximately 23,000 wholly domestic SCTs. Thus, NSA may be acquiring as many as 46,000 wholly domestic “about” SCTs each year, in addition to the 2,000-10,000 MCTs referenced above.

Assuming some of this happens because people use VPNs or Tor, then the amount of entirely domestic communications collected via upstream would presumably have increased significantly in the interim period. Indeed, the redaction in this passage likely hides a reference to technologies that obscure location.

If so, it would seem to acknowledge NSA collects entirely domestic communications using upstream that obscure their location.

The other reason the problem is likely worse with SCTs is because — as I noted above — no SCTs were segregated from NSA’s general repositories, whereas some MCTs were supposed to be (and in any case, in 2011 the SCTs constituted by far the bulk of upstream collection).

Now, Collyer’s failure to deal with SCTs may or may not matter for her ultimate analysis that upstream collection without “about” collection solves the problem. Collyer limits the collection of abouts by limiting upstream collection to communications where “the active user is the target of acquisition.” She describes “active user” as “the user of a communication service to or from whom the MCT is in transit when it is acquired (e.g., the user of an e-mail account [half line redacted].” If upstream signatures are limited to emails and texts, that would seem to fix the problem. But upstream wouldn’t necessarily be limited to emails and texts — upstream collection would be particularly valuable for searching on other kinds of selectors, such as an encryption key, and there may be more than one person who would use those other kinds of selectors. And when Collyer says, “NSA may target for acquisition a particular ‘selector,’ which is typically a facility such as a telephone number or e-mail address,” I worry she’s unaware or simply not ensuring that NSA won’t use upstream to search for non-typical signatures that might function as abouts even if they’re not “content.” The problem is treating this as a content/metadata distinction, when “metadata” (however far down in the packet you go) could include stuff that functions like an about selector.

Defining key terms terms

Collyer did define “active user,” however inadequately. But there are a number of other terms that go undefined in this opinion. By far the funniest is when Collyer notes that the government’s March 30 submission promises to sequester upstream data that is stored in “institutionally managed repositories.” In a footnote, she notes they don’t define the term. Then she pretty much drops the issue. This comes in an opinion that shows FBI data has been wandering around in repositories it didn’t belong and indicating that NSA can’t identify where all its 704 data is. Yet she’s told there is some other kind of repository and she doesn’t make a point to figure out what the hell that means.

Later, in a discussion of other violations, Collyer introduces the term “data object,” which she always uses in quotation marks, without explaining what that is.

Failing to appoint (or even consider) amicus

In any case, this opinion makes clear that what should have happened, years ago, is a careful discussion of how packet sniffing works, and where a packet collected by a backbone provider stops being metadata and starts being content, and all the kinds of data NSA might want to and does collect via domestic packet sniffing. (They collect far more under EO 12333.) As mentioned, some of that discussion may have taken place in advance of the 2004 and 2010 opinions approving upstream collection of Internet metadata (though, again, I’m now convinced NSA was always lying about what it would take to process that data). But there’s no evidence the discussion has ever happened when discussing the collection of upstream content. As a result, judges are still using made up terms like MCTs, rather than adopting terms that have real technical meaning.

For that reason, it’s particularly troubling Collyer didn’t use — didn’t even consider using, according to the available documentation — an amicus. As Collyer herself notes, upstream surveillance “has represented more than its share of the challenges in implementing Section 702” (and, I’d add, Internet metadata collection).

At a minimum, when NSA was pitching fixes to this, she should have stopped and said, “this sounds like a significant decision” and brought in amicus Amy Jeffress or Marc Zwillinger to help her think through whether this solution really fixes the problem. Even better, she should have brought in a technical expert who, at a minimum, could have explained to her that SCTs pose as big a problem as MCTs; Steve Bellovin — one of the authors of this paper that explores the content versus metadata issue in depth — was already cleared to serve as the Privacy and Civil Liberties Oversight Board’s technical expert, so presumably could easily have been brought into consult here.

That didn’t happen. And while the decision whether or not to appoint an amicus is at the court’s discretion, Collyer is obligated to explain why she didn’t choose to appoint one for anything that presents a significant interpretation of the law.

A court established under subsection (a) or (b), consistent with the requirement of subsection (c) and any other statutory requirement that the court act expeditiously or within a stated time–

(A) shall appoint an individual who has been designated under paragraph (1) to serve as amicus curiae to assist such court in the consideration of any application for an order or review that, in the opinion of the court, presents a novel or significant interpretation of the law, unless the court issues a finding that such appointment is not appropriate;

For what it’s worth, my guess is that Collyer didn’t want to extend the 2015 certificates (as it was, she didn’t extend them as long as NSA had asked in January), so figured there wasn’t time. There are other aspects of this opinion that make it seem like she just gave up at the end. But that still doesn’t excuse her from explaining why she didn’t appoint one.

Instead, she wrote a shitty opinion that doesn’t appear to fully understand the issue and that defers, once again, the issue of what counts as content in a packet.

Approving back door upstream searches

Collyer’s failure to appoint an amicus is most problematic when it comes to her decision to reverse John Bates’ restriction on doing back door searches on upstream data.

To restate what I suggested above, by all appearances, NSA largely blew off the Bates’ restriction. Indeed, Collyer notes in passing that, “In practice, however, no analysts received the requisite training to work with the segregated MCTs.” Given the persistent problems with back door searches on upstream data, it’s hard to believe NSA took that restriction seriously at all (particularly since it refused to consider a technical fix to the requirement to exclude upstream from searches). So Collyer’s approval of back door searches of upstream data is, for all intents and purposes, the sanctioning of behavior that NSA refused to stop, even when told to.

And the way in which she sanctions it is very problematic.

First, in spite of her judgment that ending about searches would fix the problems in (as she described it) MCT collection, she nevertheless laid out a scenario (see page 27) where an MCT would acquire an entirely domestic communication.

Having laid out that there will still be some entirely domestic comms in the collection, Collyer then goes on to say this:

The Court agrees that the removal of “abouts” communications eliminates the types of communications presenting the Court the greatest level of constitutional and statutory concern. As discussed above, the October 3, 2011 Memorandum Opinion (finding the then-proposed NSA Minimization Procedures deficient in their handling of some types of MCTs) noted that MCTs in which the target was the active user, and therefore a party to all of the discrete communications within the MCT, did not present the same statutory and constitutional concerns as other MCTs. The Court is therefore satisfied that queries using U.S.-person identifiers may now be permitted to run against information obtained by the above-described, more limited form of upstream Internet collection, subject to the same restrictions as apply to querying other forms of Section

This is absurd! She has just laid out that there will be some exclusively domestic comms in the collection. Not as much as there was before NSA stopped collecting abouts, but it’ll still be there. So she’s basically permitting domestic communications to be back door searched, which, if they’re found (as she notes), might be kept based on some claim of foreign intelligence value.

And this is where her misunderstanding of the MCT/SCT distinction is her undoing. Bates prohibited back door searching of all upstream data, both that supposedly segregated because it was most likely to have unrelated domestic communications in it, and that not segregated because even the domestic communications would have intelligence value. Bates’ specific concerns about MCTs are irrelevant to his analysis about back door searches, but that’s precisely what Collyer cites to justify her own decision.

She then applies the 2015 opinion, with its input from amicus Amy Jeffress stating that NSA back door searches that excluded upstream collection were constitutional, to claim that back door searches that include upstream collection would meet Fourth Amendment standards.

The revised procedures subject NSA’s use of U.S. person identifiers to query the results of its newly-limited upstream Internet collection to the same limitations and requirements that apply to its use of such identifiers to query information acquired by other forms of Section 702 collection. See NSA Minimization Procedures § 3(b)(5). For that reason, the analysis in the November 6, 2015 Opinion remains valid regarding why NSA’s procedures comport with Fourth Amendment standards of reasonableness with regard to such U.S. person queries, even as applied to queries of upstream Internet collection. (63)

As with her invocation of Bates’ 2011 opinion, she applies analysis that may not fully apply to the question — because it’s not actually clear that the active user restriction really equates newly limited upstream collection to PRISM collection — before her as if it does.

Imposing no consequences

The other area where Collyer’s opinion fails to meet the standards of prior ones is in resolution of the problem. In 2009, when Reggie Walton was dealing with first phone and then Internet dragnet problems, he required the NSA to do complete end-to-end reviews of the programs. In the case of the Internet dragnet, the report was ridiculous (because it failed to identify that the entire program had always been violating category restrictions). He demanded IG reports, which seems to be what led the NSA to finally admit the Internet dragnet program was broken. He shut down production twice, first of foreign call records, from July to September 2009, then of the entire Internet dragnet sometime in fall 2009. Significantly, he required the NSA to track down and withdraw all the reports based on violative production.

In 2010 and 2011, dealing with the Internet dragnet and upstream problems, John Bates similarly required written details (and, as noted, actual volume of the upstream problem). Then, when the NSA wanted to retain the fruits of its violative collection, Bates threatened to find NSA in violation of 50 USC 1809(a) — basically, threatened to declare them to be conducting illegal wiretapping — to make them actually fix their prior violations. Ultimately, NSA destroyed (or said they destroyed) their violative collection and the fruits of it.

Even Thomas Hogan threatened NSA with 50 USC 1809(a) to make them clean up willful flouting of FISC orders.

Not Collyer. She went from issuing stern complaints (John Bates was admittedly also good at this) back in October…

At the October 26, 2016 hearing, the Court ascribed the government’s failure to disclose those IG and OCO reviews at the October 4, 2016 hearing to an institutional “lack of candor” on NSA’s part and emphasized that “this is a very serious Fourth Amendment issue.”

… to basically reauthorizing 702 before using the reauthorization process as leverage over NSA.

Of course, NSA still needs to take all reasonable and necessary steps to investigate and close out the compliance incidents described in the October 26, 2016 Notice and subsequent submissions relating to the improper use of U.S.-person identifiers to query terms in NSA upstream data. The Court is approving on a going-foward basis, subject to the above-mentioned requirements, use of U.S.-person identifiers to query the results of a narrower form of Internet upstream collection. That approval, and the reasoning that supports it, by no means suggest that the Court approves or excuses violations that occurred under the prior procedures.

That is particularly troubling given that there is no indication, even six months after NSA first (belatedly) disclosed the back door search problems to FISC, that it had finally gotten ahold of the problem.

As Collyer noted, weeks before it submitted its new application, NSA still didn’t know where all the upstream data lived. “On March 17, 2017, the government reported that NSA was still attempting to identify all systems that store upstream data and all tools used to query such data.” She revealed that  some of the queries of US persons do not interact with “NSA’s query audit system,” meaning they may have escaped notice forever (I’ve had former NSA people tell me even they don’t believe this claim, as seemingly nothing should be this far beyond auditability). Which is presumably why, “The government still had not ascertained the full range of systems that might have been used to conduct improper U.S.-person queries.” There’s the data that might be in repositories that weren’t run by NSA, alluded to above. There’s the fact that on April 7, even after NSA submitted its new plan, it was discovering that someone had mislabeled upstream data as PRISM, allowing it to be queried.

Here’s the thing. There seems to be no way to have that bad an idea of where the data is and what functions access the data and to be able to claim — as Mike Rogers, Dan Coats, and Jeff Sessions apparently did in the certificates submitted in March that didn’t get publicly released — to be able to fulfill the promises they made FISC. How can the NSA promise to destroy upstream data at an accelerated pace if it admits it doesn’t know where it is? How can NSA promise to implement new limits on upstream collection if that data doesn’t get audited?

And Collyer excuses John Bates’ past decision (and, by association, her continued reliance on his logic to approve back door searches) by saying the decision wasn’t so much the problem, but the implementation of it was.

When the Court approved the prior, broader form of upstream collection in 2011, it did so partly in reliance on the government’s assertion that, due to some communications of foreign intelligence interest could only be acquired by such means. $ee October 3, 2011 Memorandum Opinion at 31 & n. 27, 43, 57-58. This Opinion and Order does not question the propriety of acquiring “abouts” communications and MCTs as approved by the Court since 2011, subject to the rigorous safeguards imposed on such acquisitions. The concerns raised in the current matters stem from NSA’s failure to adhere fully to those safeguards.

If problems arise because NSA has failed, over 6 years, to adhere to safeguards imposed because NSA hadn’t adhered to the rules for the 3 years before that, which came after NSA had just blown off the law itself for the 6 years before that, what basis is there to believe they’ll adhere to the safeguards she herself imposed, particularly given that unlike her predecessors in similar moments, she gave up any leverage she had over the agency?

The other thing Collyer does differently from her predecessors is that she lets NSA keep data that arose from violations.

Certain records derived from upstream Internet communications (many of which have been evaluated and found to meet retention standards) will be retained by NSA, even though the underlying raw Internet transactions from which they are derived might be subject to destruction. These records include serialized intelligence reports and evaluated and minimized traffic disseminations, completed transcripts and transcriptions of Internet transactions, [redacted] information used to support Section 702 taskings and FISA applications to this Court, and [redacted].

If “many” of these communications have been found to meet retention standards, it suggests that “some” have not. Meaning they should never have been retained in the first place. Yet Collyer lets an entire stream of reporting — and the Section 702 taskings that arise from that stream of reporting — remain unrecalled. Effectively, even while issuing stern warning after stern warning, by letting NSA keep this stuff, she is letting the agency commit violations for years without any disincentive.

Now, perhaps Collyer is availing herself of the exception offered in Section 301 of the USA Freedom Act, which permits the government to retain illegally obtained material if it is corrected by subsequent minimization procedures.

Exception.–If the Government corrects any deficiency identified by the order of the Court under subparagraph (B), the Court may permit the use or disclosure of information obtained before the date of the correction under such minimization procedures as the Court may approve for purposes of this clause.

Except that she doesn’t cite that provision, nor is there any evidence deficiencies have been corrected.

Which should mean, especially given the way Collyer depends on the prior opinions of Bates and Hogan, she should likewise rely on their practice of treating this as a potential violation of 50 USC 1809(a) to ensure the harm to Americans doesn’t persist. She did no such thing, basically sanctioning the illegal use of back door searches to spy on Americans.

Up until this opinion, I was generally willing to argue for the efficacy of the FISC (even while arguing the job could and should be devolved to district courts for more rigorous testing of the law). But not now. This opinion discredits the entire court.

Last April when Collyer became presiding FISC judge, I pointed to what I considered Rosemary Collyer’s worst FISC decision, which was actually a District Court opinion that permitted the NSA to keep aspects of its upstream problems secret from EFF, which is suing over those same issues. I predicted then that, “I fear she will be a crummy presiding judge, making the FISC worse than it already is.”

In my opinion — as a civil libertarian who has been willing to defend the FISC in the past — with this opinion she has done real damage to any credibility or legitimacy the FISC has.

Update: Latter for former fixed in which choice the Administration picked, h/t CS.

The Documents

Here’s what I Con the Record released.

January 7, 2016 IG Report

This heavily redacted report describes a review of NSA’s compliance with 704/705b of Title VII of FISA, the authority NSA uses to spy on Americans who are located overseas (see my report on the 704 problems here). It was conducted from March through August 2015 and reviewed data from January through March 2015. It basically showed there were no compliance mechanisms in place for 704/705b, and NSA couldn’t even reliably identify the queries that had been conducted under the authority. This report is relevant to the reauthorization, because Americans targeted in individual FISA orders are approved (and almost certainly tasked) by default for 702 back door searches. Though the report was obviously done well before the 702 certifications were submitted on September 26, was not noticed to FISC until days before the court would otherwise have approved the certifications in conjunction with the upstream problems.

September 26, 2016 702 Certification Package 

ICTR released much if not all of the materials submitted for 702 reauthorization on September 2016. The package includes:

Certification cover filing: This is basically the application, which the metadata reveals is actually two parts merged. It describes the changes to the certificates from the past year, most notably a request to share raw 702 data directly from NSA or FBI to NCTC, some tweaks to the FBI targeting and minimization procedures, and permission for NSA, FBI, and CIA to deviate from minimization procedures to develop a count of how many US persons get collected under 702.

The report also describes how the government has fulfilled reporting requirements imposed in 2015. Several of the reports pertain to destroying data it should not have had. The most interesting one is the report on how many criminal queries of 702 data FBI does that result in the retrieval and review of US person data; as I note in this post, the FBI really didn’t (and couldn’t, and can’t, given the oversight regime currently in place) comply with the intent of the reporting requirement.

Very importantly: this application did not include any changes to upstream collection, in large part because NSA did not tell FISC (more specifically, Chief Judge Rosemary Collyer) about the problems they had always had preventing queries of upstream data in its initial application. In NSA’s April statement on ending upstream about collection, it boasts, “Although the incidents were not willful, NSA was required to, and did, report them to both Congress and the FISC.” But that’s a load of horse manure: in fact, NSA and DOJ sat on this information for months. And even with this disclosure, because the government didn’t release the later application that did describe those changes, we don’t actually get to see the government’s description of the problems; we only get to see Collyer’s (I believe mis-) understanding of them.

Procedures and certifications accepted: The September 26 materials also include the targeting and minimization procedures that were accepted in the form in which they were submitted on that date. These include:

Procedures and certificates not accepted: The materials include the documents that the government would have to change before approval on April 26. These include,

Note, I include the latter two items because I believe they would have had to be resubmitted on March 30, 2017 with the updated NSA documents and the opinion makes clear a new DIRNSA affidavit was submitted (see footnote 10), but the release doesn’t give us those. I have mild interest in that, not least because the AG/DNI one would be the first big certification to FISC signed by Jeff Sessions and Dan Coats.

October 26, 2016 Extension

The October 26 extension of 2015’s 702 certificates is interesting primarily for its revelation that the government waited until October 24, 2016 to disclose problems that had been simmering since 2013.

March 30, 2017 Submissions

The release includes two of what I suspect are at least four items submitted on March 30, which are:

April 26, 2017 Opinion

This is the opinion that reauthorized 702, with the now-restricted upstream search component. My comments below largely lay out the problems with it.

April 11, 2017 ACLU Release

I Con the Record also released the FOIAed documents released earlier in April to ACLU, which are on their website in searchable form here. I still have to finish my analysis of that (which includes new details about how the NSA was breaking the law in 2011), but these posts cover some of those files and are relevant to these 702 changes:

Importantly, the ACLU documents as a whole reveal what kinds of US persons are approved for back door searches at NSA (largely, but not exclusively, Americans for whom an individual FISA order has already been approved, importantly including 704 targets, as well as more urgent terrorist targets), and reveal that one reason NSA was able to shut down the PRTT metadata dragnet in 2011 was because John Bates had permitted them to query the metadata from upstream collection.

Not included

Given the point I noted above — that the application submitted on September 26 did not address the problem with upstream surveillance and that we only get to see Collyer’s understanding of it — I wanted to capture the documents that should or do exist that we haven’t seen.

  • October 26, 2016 Preliminary and Supplemental Notice of Compliance Incidents Regarding the Querying of Section 702-Acquired Data
  • January 3, 2017: Supplemental Notice of Compliance Incidents Regarding the Querying of Section 702-Acquired Data
  • NSA Compliance Officer (OCO) review covering April through December 2015
  • OCO review covering April though July of 2016
  • IG Review covering first quarter of 2016 (22)
  • January 27, 2017: Letter In re: DNI/AG 702(g) Certifications asking for another extension
  • January 27, 2017: Order extending 2015 certifications (and noting concern with “important safeguards for interests protected by the Fourth Amendment”)
  • March 30, 2017: Amendment to [Certificates]; includes (or is) second explanatory memo, referred to as “March 30, 2017 Memorandum” in Collyer’s opinion; this would include a description of the decision to shut down about searches
  • March 30, 2017 AG/DNI Certification (?)
  • March 30, 2017 DIRNSA Certification
  • April 7, 2017 preliminary notice

Other Relevant Documents

Because they’re important to this analysis and get cited extensively in Collyer’s opinion, I’m including:

Timeline

November 30, 2013: Latest possible date at which upstream search problems identified

October 2014: Semiannual Report shows problems with upstream searches during period from June 1, 2013 – November 30, 2013

October 2014: SIGINT Compliance (SV) begins helping NSD review 704/705b compliance

June 2015: Semiannual Report shows problems with upstream searches during period from December 1, 2013 – May 31, 2014

December 18, 2015: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

January 7, 2016: IG Report on controls over §§704/705b released

January 26, 2016: Discovery of error in upstream collection

March 9, 2016: FBI releases raw data

March 18, 2016: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

May and June, 2016: Discovery of querying problem dating back to 2012

May 17, 2016: Opinion relating to improper retention

June 17, 2016: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

August 24, 2016: Pre-tasking review update

September 16, 2016: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

September 26, 2016: Submission of certifications

October 4, 2016: Hearing on compliance issues

October 24, 2016: Notice of compliance errors

October 26, 2016: Formal notice, with hearing; FISC extends the 2015 certifications to January 31, 2017

November 5, 2016: Date on which 2015 certificates would have expired without extension

December 15, 2016: James Clapper approves EO 12333 Sharing Procedures

December 16, 2016: Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA

December 29, 2016: Government plans to deal with indefinite retention of data on FBI systems

January 3, 2017: DOJ provides supplemental report on compliance programs; Loretta Lynch approves new EO 12333 Sharing Procedures

January 27, 2017: DOJ informs FISC they won’t be able to fully clarify before January 31 expiration, ask for extension to May 26; FISC extends to April 28

January 31, 2007: First extension date for 2015 certificates

March 17, 2017:Quarterly Report to the FISC Concerning Compliance Matters Under Section 702 of FISA; Probable halt of upstream “about” collection

March 30, 2016: Submission of amended NSA certifications

April 7, 2017: Preliminary notice of more query violations

April 28, 2017: Second extension date for 2015 certificates

May 26, 2017: Requested second extension date for 2015 certificates

June 2, 2017: Deadline for report on outstanding issues

James Clapper: Unmasking And/Or Jeff Sessions?

I’m traveling so I’ll have to lay out my thoughts about the Comey firing later.

But for the moment I want to point to a detail in Monday’s hearing that deserves more attention now.

Early in the hearing, Chuck Grassley asked both Sally Yates and James Clapper if they have ever unmasked a Trump associate or member of Congress. Yates said no, but Clapper revealed he had unmasked someone, but couldn’t say more.

GRASSLEY: OK. I want to discuss unmasking.

Mr. Clapper and Ms. Yates, did either of you ever request the unmasking of Mr. Trump, his associates or any member of Congress?

CLAPPER: Yes, in one case I did that I can specifically recall, but I can’t discuss it any further than that.

GRASSLEY: You can’t, so if I ask you for details, you said you can’t discuss that, is that what you said?

CLAPPER: Not — not here.

Grassley returned to the issue for clarification later on. Clapper said he had asked to have the identity of both a member of Congress and a Trump associate unmasked. But then he said he had only asked on one occasion.

GRASSLEY: Mr. Clapper, you said yes when I asked you if you ever unmasked a Trump associate or a member of Congress. But I forgot to ask, which was it? Was it a Trump associate, a member of Congress, or both?

CLAPPER: Over my time as DNI, I think the answer was on rare occasion, both. And, again, Senator, just to make the point here, my focus was on the foreign target and at the foreign target’s behavior in relation to the U.S. person.

GRASSLEY: OK. How many instances were there, or was there just one?

CLAPPER: I can only recall one.

Finally, Lindsey Graham returned to the issue at the close of the hearing. Clapper confirmed he had made a request to unmask a Trump associate and a member of Congress.

You made a request for unmasking on a Trump associate and maybe a member of Congress? Is that right, Mr. Clapper?

CLAPPER: Yes.

Obviously, there’s plenty of room for confusion in these exchanges, and Clapper has a history of sowing confusion in Congressional testimony.

But if it is true that he has only unmasked one person but that he has unmasked both a Trump associate and a member of Congress, it would suggest he unmasked the identity of a member of Congress who is a Trump associate.

If that’s right, there are several possibilities for who it could be: transition official Devin Nunes, national security advisor Richard Burr, and national security official Jeff Sessions.

But the most likely is Sessions, because we know he was talking to Sergey Kislyak and the intelligence community has pulled their collection on Kislyak.

Even if that’s the case, it’s unsurprising Sessions’ communications with Kislyak have been reviewed and unmasked.

Still, it is a data point from Monday’s hearing that makes Sessions’ role in the firing of Jim Comey worth noting.

Dana Boente Still Has a Job and Why That’s of Interest for WikiLeaks

WaPo has a weird story reporting, erroneously, that Donald Trump has no US Attorneys.

Attorney General Jeff Sessions is making aggressive law enforcement a top priority, directing his federal prosecutors across the country to crack down on illegal immigrants and “use every tool” they have to go after violent criminals and drug traffickers.

But the attorney general does not have a single U.S. attorney in place to lead his tough-on-crime efforts across the country. Last month, Sessions abruptly told the dozens of remaining Obama administration U.S. attorneys to submit their resignations immediately — and none of them, or the 47 who had already left, have been replaced.

“We really need to work hard at that,” Sessions said when asked Tuesday about the vacancies as he opened a meeting with federal law enforcement officials. The 93 unfilled U.S. attorney positions are among the hundreds of critical Trump administration jobs that remain open.

While it is true that Trump had Sessions ask for the remaining 93 US Attorneys’ resignations, he subsequently announced he was keeping Rod Rosenstein (who contrary to WaPo’s claim that he “served as U.S. attorney for Maryland” is still there, and who will become Deputy Attorney General as soon as he’s confirmed in the next few weeks) and Dana Boente (who is US Attorney for EDVA but also acting AG for the Russia investigation).

Both Boente and Rosenstein made press announcements today; the guys whose custody they announced probably would prefer if they weren’t on the job.

I guess the WaPo wanted to suck up to Jeff Sessions and so didn’t consider the possibility that we’re better off with 91 US Attorney vacancies than 91 racist hacks like Sessions, pushing through his regressive policies.

Anyway, since we’ve established that Boente still has a job and in fact oversees the Russia investigation, I thought I’d point out something I was considering during last week’s threats from CIA Director Mike Pompeo against WikiLeaks.

During Pompeo’s comments at CSIS last week, he said,

Julian Assange and his kind are not the slightest bit interested in improving civil liberties or enhancing personal freedom. They have pretended that America’s First Amendment freedoms shield them from justice. They may have believed that, but they are wrong.

[snip]

[W]e have to recognize that we can no longer allow Assange and his colleagues the latitude to use free speech values against us. To give them the space to crush us with misappropriated secrets is a perversion of what our great Constitution stands for. It ends now.

As some people observed, Pompeo’s comments are inconsistent with the practice of Obama’s DOJ, particularly under Holder. While Holder would have happily prosecuted Julian Assange for his role in release of files leaked by Chelsea Manning, he realized that if he did, he’d be criminalizing stuff that the press does.

Pompeo, at least, seems to disagree.

And the reason why Boente’s continued tenure as Eastern District US Attorney — and his role overseeing the Russian investigation — is that he has also been overseeing the ongoing investigation into Wikileaks since 2013.

Consider the fact that Assange’s actions of late may be more incriminating than those involving Manning (even assuming Assange can credibly claim he has no way of knowing whether Russia is responsible for the DNC hack, Assange’s comments about both the DNC and the Vault 7 leak suggest more coordination than in the past). Then add in the fact that Boente, for the next few weeks anyway, might be able to claim to be both US Attorney and Acting AG on any role by WikiLeaks in the publication of the DNC emails. And it raises the possibility that Boente would use this window to indict Assange.

I think that’s unlikely. Moreover, while an indictment would give the US reason to pressure Ecuador even more to boot Assange, it’s not clear they would. But it’s possible.

Raw Versus Cooked: Could NSC Monitor FBI’s Investigation?

Multiple people,including Bart Gellman and Josh Marshall, are now arguing that the reason Ezra Cohen-Watnick and Michael Ellis found intercepts involving Trump’s people is that they were monitoring FBI’s investigation of the investigation.

I certainly think the Trump people would like to do that — and would be willing to stoop to that. I even believe that the response to the Russian hack last year had some counterintelligence problems, though probably not on the FBI side.

But there are some details that may limit how much the NSC can monitor the investigation.

First, Devin Nunes has always been very clear: the intercepts he was shown have nothing to do with Russia. That’s not, itself, determinative. After all, Cohen-Watnick and Ellis might have found a bunch of Russian intercepts, but only shared the non-Russian ones so Nunes could make a stink without being accused of endangering the investigation. Also, it’s possible that intercepts involving other countries — most notably Turkey, but there are other countries that might be even more interesting, including Ukraine or Syria — would impact any Russian investigation.

Also note that among the many things Nunes appears not to understand about surveillance is that there are two ways an American’s name can be visible outside the circle of analysts doing the initial review of them: their names can be put into finished intelligence reports that get circulated more broadly, with customers asking to have the name unmasked after the fact. Alternately, their names can be found off of subsequent searches of raw data. At the NSA and CIA, searches for US person content are somewhat controlled. At FBI they are not only not controlled, but they are routine even for criminal investigations. So if, say, General Flynn (or Paul Manafort) were under investigation for failing to register as a foreign agent, the FBI would routinely search their database of raw FISA material on his name. (These are the “back door searches” Ron Wyden has been screaming about for years, concerns which people like Devin Nunes have previously dismissed on national security grounds.) And we have every reason to believe that counterintelligence intercepts of Russians in the US are among the raw feeds that the FBI gets. So if Flynn had conversations with Russians (or Turks) in the US, we should assume that FBI saw them as a routine matter if Flynn became the subject of an investigation at all. We should also assume that the FBI did a search on every Sergey Kislyak intercept in their possession, so they will have read everything that got picked up, including all recorded calls with Trump aides.

On March 15, the House Intelligence Committee asked the NSA, CIA, and FBI for information on unmasking. I don’t believe that request asked about access to US person names on subsequent searches or raw material. Furthermore, at least as of last week, the FBI was not rushing to comply with that request. As I noted after the Jim Comey hearing before HPSCI, none of the Republicans concerned about these issues seemed to have any basic clue about FBI’s searches on raw data. If Nunes doesn’t know (and he appears not to), it’s unlikely Ellis knows, who was until this month Nunes’ aide.

But there’s one other thing that may prevent NSC from obtaining information about the investigation: FBI sometimes uses what are called “ad hoc databases” that include raw FISA data (and probably, post EO 12333 sharing rule changes, raw EO 12333 data) tied to particular investigations. It’s unclear what conditions might necessitate the use of an ad hoc database (see page 25ff for a discussion of them), but if security concerns would encourage their use, it would be likely to have one here, an investigation which Comey described as being so sensitive he delayed briefing the Gang of Four. Ad hoc databases are restricted to those working on investigations, and include specific records of those authorized to access the database. So if FBI were using an ad hoc database for this investigation, it would be even harder for the NSC to learn what they were looking at.

If the FBI’s investigation relies on raw intelligence — and it would be unfathomable that it does not, because it would probably receive the raw FISA data tied to such an investigation routinely, and EO 12333 sharing rules specifically envision the sharing of raw data associated with counterintelligence investigations — then the NSC’s access to finished intelligence reports would provide little insight into the investigation (Nunes was a bit unclear on whether that’s what he was looking at, but the entire premise of his complaints is that these were finished reports).

But while we’re worrying about whether and how Trump would monitor an investigation into his aides, remember that in 2002, Jay Bybee wrote a memo authorizing the sharing of grand jury information with the President and his close advisors including for counterintelligence investigations.

In addition, the Patriot Act recently amended 6(e) and Title III specifically to provide that matters involving foreign intelligence or counterintelligence or foreign intelligence information may be disclosed by any attorney for the government (and in the case of Title III, also by an investigative or law enforcement officer) to certain federal officials in order to assist those officials in carrying out their duties. Federal officials who are included within these provisions may include, for example, the President, attorneys within the White House Counsel’s Office, the President’s Chief of Staff, the National Security Advisor, and officials within the Central Intelligence Agency and the Department of Defense.

[snip]

Although the new provision in Rule 6(e) permitting disclosure also requires that any disclosures be reported to the district court responsible for supervising the grand jury, we conclude that disclosures made to the President fall outside the scope of the reporting requirement contained in that amendment, as do related subsequent disclosures made to other officials on the President’s behalf.

In other words, Trump could demand that he — or his National Security Advisor! — get information on any grand jury investigations, including those covering counterintelligence cases. And no judge would be given notice of that.

With Jeff Sessions’ recusal, that’s far less likely to happen than it might have been. But understand that the Executive Branch believes that the President can learn about the happenings in grand jury investigations of the sort that might target his aides.

Update: additional details have been added to this post after it was first posted.

FBI Delayed Telling the Gang of Four about Trump-Related Investigation Because It Is So Serious

As every newspaper in town has reported, at today’s hearing into Russia’s hack of the DNC, Jim Comey confirmed that the FBI has a counterintelligence investigation into the hack that includes whether Trump’s associates coordinated with Russian actors. Along the way, Comey refused to join in James Clapper’s statement that there was no evidence of collusion between Trump’s aides and Russia. When the now retired Director of National Intelligence said that, Clapper had emphasized that his statement only extended through the end of his service, January 20; he warned that some evidence may have been discovered after that.

A far more telling detail came close to the end of the hearing, during NY Congresswoman Elise Stefanik’s questioning. She started by asking what typical protocols were for informing the DNI, the White House, and senior Congressional leadership about counterintelligence investigations.

Stefanik: My first set of questions are directed at Director Comey. Broadly, when the FBI has any open counterintelligence investigation, what are the typical protocols or procedures for notifying the DNI, the White House, and senior congressional leadership?

Comey: There is a practice of a quarterly briefing on sensitive cases to the Chair and Ranking of the House and Senate Intelligence Committees. The reason I hesitate is, thanks to feedback we’ve gotten, we’re trying to make it better. And that involves a briefing briefing the Department of Justice, I believe the DNI, and the — some portion of the National Security Council at the White House. We brief them before Congress is briefed.

Stefanik: So it’s quarterly for all three, then, senior congressional leadership, the White House, and the DNI?

Comey: I think that’s right. Now that’s by practice, not by rule or by written policy. Which is why, thanks to the Chair and Ranking giving us feedback, we’re trying to tweak it in certain ways.

Note that point: the practice has been that FBI won’t brief the Gang of Four until after they’ve briefed DOJ, the DNI, and the White House. Stefanik goes on to ask why, if FBI normally briefs CI investigations quarterly, why FBI didn’t brief the Gang of Four before the last month, at least seven months after the investigation started. Comey explains they delayed because of the sensitivity of the investigation.

Stefanik: So since in your opening statement you confirmed that there is a counterintelligence investigation currently open and you also referenced that it started in July, when did  you notify the DNI, the White House, or senior Congressional leadership?

Comey: Congressional leadership, sometime recently — they were briefed on the nature of the investigation and some details, as I said. Obviously the Department of Justice must have been aware of it all along. The DNI … I don’t know what the DNI’s knowledge of it was, because we didn’t have a DNI until Mr. Coats took office and I briefed him his first morning in office.

Stefanik: So just to drill down on this, if the open investigation began in July, and the briefing of Congressional leadership only occurred recently, why was there no notification prior to the recent — the past month.

Comey: I think our decision was it was a matter of such sensitivity that we wouldn’t include it in the quarterly briefings.

Stefanik: So when you state “our decision,” is that your decision, is it usually your decision what gets briefed in those quarterly updates?

Comey: No. It’s usually the decision of the head of our counterintelligence division.

Stefanik: And just again, to get the details on the record, why was the decision not to brief senior congressional leadership until recently, when the investigation had been open since July, a very serious investigation. Why was that decision made to wait months?

Comey: Because of the sensitivity of the matter.

Stefanik then got Comey to reconfirm what the IC report says: that Russia had hacked numerous entities, he would later say over a thousand, including Republican targets.

Stefanik then turned to the Yahoo investigation. She asked whether the FSB officers involved conducted the hack for intelligence purposes — a question Comey refused to answer. He also refused to answer what the FSB did with the information stolen.

Stefanik: Taking a further step back of what’s been in the news recently and I’m referring to the Yahoo hack, the Yahoo data breach, last week the Department of Justice announced it was charging hackers with ties to the FSB in the 2014 data breach. Was this hack done, to your knowledge, for intelligence purposes?

Comey: I can’t say in this forum.

Stefanik: Press reporting indicates the Yahoo hack targeted journalists, dissidents and government officials. Do you know what the FSB did with the information they obtained?

Comey: Same answer.

Stefanik: Okay, I understand that.

This is important for a number of reasons, including the evidence that the FSB was hiding their hacking from others in Russia.

Stefanik then turned to the sanctions, asking if Comey had any insight into how the Obama Administration chose who got sanctioned in December — which included Alexsey Belan but not the FSB officers involved (one of whom, Dmitry Dokuchaev, was already under arrest for treason by the time of the sanctions).

Stefanik: How did the Administration determine who to sanction as part of the election hacking? How familiar are [] with that decision process and how is that determination made?

Comey: I don’t know. I’m not familiar with the decision-making process. The FBI is a factual input but I don’t recall — I don’t have any personal knowledge about how the decisions were made about who to sanction.

Again, her interest in this is significant — I’ll explain why in a follow-up.

Stefanik then asked what the intelligence agencies would do going forward to keep entities safe from Russian hacking. As part of the response, Mike Rogers revealed (unsurprisingly) that NSA first learned of FSB’s hacking of those many targets in the summer of 2015.

Finally, Stefanik returned to her original point, when Congress gets briefed on CI investigations. Comey’s response was remarkable.

Stefanik: It seems to me, in my first line of questioning, the more serious a counterintelligence investigation is, that would seem to trigger the need to update not just the White House, the DNI, but also senior congressional leadership. And you stated it was due to the severity. I think moving forward, it seems the most severe and serious investigations should be notified to senior congressional leadership. And with that thanks for your lenience, Mr. Chairman, I yield back.

Comey could have been done with Stefanik yielding back. But instead, he interrupted, and suggested part of the delay had to do with the practice of briefing within the Executive Branch NSC before briefing Congress.

Comey: That’s good feedback, Ms. Stefanik, the challenge for is, sometimes we want to keep it tight within the executive branch, and if we’re going to go brief congressional leaders, the practice has been then we brief inside the executive branch, and so we have to try to figure out how to navigate that in a good way.

Which seems to suggest one reason why the FBI delayed briefing the Gang of Four (presumably, this is the Gang of Eight) is because they couldn’t brief all Executive Branch people the White House, and so couldn’t brief Congress without first having briefed the White House.

Which would suggest Mike Flynn may be a very central figure in this investigation.

Update: I’ve corrected my last observation to match Comey’s testimony that the delay had to do with keeping things on a close hold within the Executive Branch. That may be nothing, it may reflect the delay on confirming Dan Coats, it may be Flynn (if you normally brief the NSC, after all the National Security Advisor would be among the first to be briefed), but it also could be Jeff Sessions.

The Friday Afternoon Massacre: Who Is Overseeing the Trump Investigation?

Update: After refusing to resign, Preet has now officially been fired. It remains to be seen whether there’s some underlying legal reason to force Trump to do this, or whether it’s press grand-standing.

Dana Boente, the US Attorney for Eastern District of VA and Acting Deputy Attorney General since Trump fired Sally Yates, just called the other US Attorneys and told them to submit their resignations effective immediately.

The press seems most interested in whether this order covers media hound Preet Bharara, US Attorney for Southern District of NY. Preet is leading an investigation into NY political scandals affecting key Democrats, and Trump had told him he would be kept on (Preet’s political godfather is Chuck Schumer, which may have had something to do with that).

But I’m far more interested in whether Boente himself is resigning to himself.

In addition to serving as Acting DAG, since Jeff Sessions recused himself from any investigation into Trump last week, Boente has been in charge of that investigation. So if Boente resigned to himself this afternoon, it would mean no one was in charge of the investigation. Plus, Boente also oversees several other interesting investigations, notably the long-standing investigation of Wikileaks.

Mind you, Rod Rosenstein, at least until this afternoon US Attorney for MD, is all teed up to be confirmed as DAG. Except Richard Blumenthal has said he would hold up that investigation until a special counsel was appointed to investigate Trump. With no DAG and no one in charge of the Trump investigation (the USAs in WDPA, DC, and NDCA, who also have a piece of the investigation presumably also just resigned), Blumenthal might be pressured to relent on that front.

Update: NBC finally got some clarity on Boente — he (and Rosenstein) will stay on. Which I guess means Preet is out.

Jeff Sessions’ Narrow Recusal

Update: I was on Democracy Now on these issues today. Here’s the link.

As you know, after having two meetings with Russian Ambassador Sergey Kislyak that he did not reveal in response to specific questions posed as part of his confirmation process exposed, Attorney General Jeff Sessions recused from any investigation into the elections.

Contrary to much reporting on the recusal, it was nowhere near a complete recusal from matters pertaining to Trump’s administration and its’ ties to Russia. Here’s what Sessions said in his statement:

During the course of the confirmation proceedings on my nomination to be Attorney General, I advised the Senate Judiciary Committee that ‘[i]f a specific matter arose where I believed my impartiality might reasonably be questioned, I would consult with Department ethics officials regarding the most appropriate way to proceed.

During the course of the last several weeks, I have met with the relevant senior career Department officials to discuss whether I should recuse myself from any matters arising from the campaigns for President of the United States.

Having concluded those meetings today, I have decided to recuse myself from any existing or future investigations of any matters related in any way to the campaigns for President of the United States.

I have taken no actions regarding any such matters, to the extent they exist.

This announcement should not be interpreted as confirmation of the existence of any investigation or suggestive of the scope of any such investigation.

Consistent with the succession order for the Department of Justice, Acting Deputy Attorney General and U.S. Attorney for the Eastern District of Virginia Dana Boente shall act as and perform the functions of the Attorney General with respect to any matters from which I have recused myself to the extent they exist.

As I emphasized, the only thing he is recusing from is “existing or future investigations of any matters related in any way to the campaigns for President of the United States.”

There are two areas of concern regarding Trump’s ties that would not definitively be included in this recusal: Trump’s long-term ties to mobbed up businessmen with ties to Russia (a matter not known to be under investigation but which could raise concerns about compromise of Trump going forward), and discussions about policy that may involve quid pro quos (such as the unproven allegation, made in the Trump dossier, that Carter Page might take 19% in Rosneft in exchange for ending sanctions against Russia), that didn’t involve a pay-off in terms of the hacking. There are further allegations of Trump involvement in the hacking (a weak one against Paul Manafort and a much stronger one against Michael Cohen, both in the dossier), but that’s in no way the only concern raised about Trump’s ties with Russians.

The concern about the scope of Sessions’ recusal is underscored by the way in which he narrowly addressed his lies to the Senate. Here is his answer to Al Franken, which was a question about campaign surrogates, but did not ask about communications about the campaign.

FRANKEN: CNN has just published a story and I’m telling you this about a news story that’s just been published. I’m not expecting you to know whether or not it’s true or not. But CNN just published a story alleging that the intelligence community provided documents to the president-elect last week that included information that quote, “Russian operatives claimed to have compromising personal and financial information about Mr. Trump.” These documents also allegedly say quote, “There was a continuing exchange of information during the campaign between Trump’s surrogates and intermediaries for the Russian government.”

Now, again, I’m telling you this as it’s coming out, so you know. But if it’s true, it’s obviously extremely serious and if there is any evidence that anyone affiliated with the Trump campaign communicated with the Russian government in the course of this campaign, what will you do?

SESSIONS: Senator Franken, I’m not aware of any of those activities. I have been called a surrogate at a time or two in that campaign and I didn’t have — did not have communications with the Russians, and I’m unable to comment on it.

His press conference and a (surprisingly good) interview with Tucker Carlson underscores that he is just addressing questions about the election, not conversations with Russians generally (conversations that might address those other two concerns, especially that of influencing policy on things like Ukraine). In the interview, Sessions denied having conversations with Russians “on a continuing basis to advance any kind of campaign agenda” and said “I never had any conversations with the Russians about the campaign.”

By Sessions’ own admission, the conversation with Kislyak concerned Ukraine; he said Kislyak was pushing back on what the Ukrainian Ambassador had said just the day before, though Sessions claims he himself pushed back as well.

That’s important because they key policy issue on which there have been concerns about undue influence is Ukraine.

It is not illegal to have meetings with an Ambassador, where the Ambassador makes a case for policies his country supports — precisely what appears to have gone on in the meeting Sessions did not disclose. But the (thus far unproven) allegations involving other Trump officials go beyond that, without necessarily pertaining to the election. That’s why Sessions’ recusal is far too narrow to be meaningful.

Five Data Points on the Sessions News

As you no doubt have heard, Jeff Sessions met twice with Russian Ambassador Sergey Kislyak last year, then told the Senate Judiciary Committee he had either not talked about the election with any Russians (a written response to Patrick Leahy’s question) or not talked with Russians as a surrogate of the campaign (an oral response to Al Franken).WSJ describes the probe as reviewing stuff in spring of last year, so before the July contact with Kislyak. Thus far, Sessions, his spox, and anonymous Trump official have offered three conflicting explanations for Sessions’ non-disclosure, including Sessions’ own, “I have no idea what this allegation is about. It is false.”

Already, Democrats are demanding Sessions’ resignation and more Democrats and some Republicans are calling for him to recuse himself for the FBI counterintelligence investigation. The Twittersphere is calling for prosecution for perjury.

Update: WSJ had originally said Sessions and Kislyak spoke by phone, then corrected to in-person. According to this, he had one of each, with a phone followup several days after the in-person. Which means there’d be a transcript.

Jeff Sessions will almost certainly not be prosecuted for perjury

Which brings me to my first data point. Jeff Sessions is not going to be prosecuted for perjury. And that’s true for more reasons than that he is the AG.

First, it’s a hard crime to prove, because you have to prove that someone knowingly lied. Right now Sessions is all over the map, but he’s also dumb enough to be able to feign stupidity.

Plus, lying to Congress just doesn’t get prosecuted anymore. Remember, Alberto Gonzales lied in his own confirmation hearing in 2005, claiming there were no disagreements about Stellar Wind. It was always clear that was a lie, but even after Jim Comey confirmed that was the case with his May 2007 SJC hospital heroes performance, AGAG stuck around for another three months. And while his lie has often been cited as the reason for his departure in August 2007, I believe that the proximate reason is that he refused to do something Bush wanted him to do, at which point the White House threw him under the bus.

Plus, there are already at least three Trump officials who lied in their confirmation hearings — Mnuchin on his role in robosigning, DeVos on her role in the Prince family foundation, and Pruitt on his use of private emails. None of them are going anywhere.

Finally, in 2013, Holder’s DOJ went way out of its way to protect former DOJ official Scott Bloch from doing time after he lied to the House Oversight Committee. That precedent will make it all the harder to hold anyone accountable for lying to Congress in the future.

The timing of this roll-out gets more and more interesting

Now consider the timing of how all this rolled out.

In another blockbuster (revealing that the Obama Administration squirreled away information on Trump’s advisors to protect informants IDs from him, but also to ensure incriminating information would be available for others), NYT reveals that, after Putin’s non-response to Obama’s December 28 sanctions raised concerns, the FBI found Mike Flynn’s contacts with Kislyak on January 2.

On Jan. 2, administration officials learned that Mr. Kislyak — after leaving the State Department meeting — called Mr. Flynn, and that the two talked multiple times in the 36 hours that followed. American intelligence agencies routinely wiretap the phones of Russian diplomats, and transcripts of the calls showed that Mr. Flynn urged the Russians not to respond, saying relations would improve once Mr. Trump was in office, according to multiple current and former officials.

On January 10, the Trump dossier began to leak. Al Franken actually used that as the premise to ask Sessions about contacts with the Russians.

On January 12, David Ignatius published the first word of the Flynn-Kislyak calls, alerting anyone dumb enough not to already know that the FBI was going through Kislyak’s ties with Trump officials.

This had the effect of teeing up Flynn as a target, without giving Sessions (and other Trump officials) that their contacts with Kislyak were being scrutinized. And only after Flynn’s departure has this Sessions stuff come out.

I imagine someone in the White House Counsel’s office is now reviewing all the metadata and transcripts tied to Kislyak to see who else had curious conversations with him.

The claim Kislyak is the top spy recruiter

CNN’s version of this story and a separate profile of Kislyak insinuates that Session’s contact with Kislyak by itself is damning, because he “is considered by US intelligence to be one of Russia’s top spies and spy-recruiters in Washington.”

Current and former US intelligence officials have described Kislyak as a top spy and recruiter of spies, a notion that Russian officials have dismissed. Kremlin spokesman Dmitri Peskov said that “nobody has heard a single statement from US intelligence agencies’ representatives regarding our ambassador,” and attacked the “depersonalized assumptions of the media that are constantly trying to blow this situation out of proportion.”

Even aside from the fact that two Democrats — Joe Manchin of his own accord, and Claire McCaskill after she claimed never to have spoken with Kislyak — have also had contact with him, this seems like a red herring. No matter what Kislyak’s intention, it is still acceptable for someone to meet with a person presenting as a diplomat (for example, no one used to care that Saudi Arabia’s Bandar bin Sultan was running ops when he was Ambassador to the US).

Moreover, if current and former US intelligence officials are so sure Kislyak is the master spook in the US, why wasn’t he at the top of the Persona Non Grata list of 35 diplomats who got ejected at the end of December (though, as I’ve noted in the past, the Russian press was talking about him being replaced).

The delayed preservation request

Yesterday, AP reported that Don McGahn instructed White House officials on Tuesday to retain information relating to Russian contacts.

One official said McGahn’s memo instructs White House staff to preserve material from Trump’s time in office, and for those who worked on the campaign, relevant material from the election.

But the timing of this actually raises more questions. Preservation requests first went out February 17. Reince Priebus admitted knowing about it on the Sunday shows February 19. Sometime during the week of February 20-24, Sean Spicer with Don McGahn conducted a device check with White House staffers to see whether staffers were using Signal or Confide, the latter of which automatically deletes texts, the former of which can be set to do so (after Spicer warned everyone not to leak about the device check, it leaked).

And yet, McGahn only gave preservation instructions on February 28?

Now it’s possible the White House didn’t receive one of the letters sent on February 17 (which would raise other questions), which seems to be the implication of the AP report. But if it did, then McGahn sat on that preservation request for over 10 days, even while being involved in activities reflecting an awareness that staffers were using apps that thwarted retention rules.

Some things can’t be prosecuted

Contrary to what you may believe, thus far none of these reports have confirmed a smoking gun, and the NYT pointedly makes it clear that its sources are not claiming to have a smoking gun (which may not rule out that they have one they’re not yet sharing).

The nature of the contacts remains unknown. Several of Mr. Trump’s associates have done business in Russia, and it is unclear if any of the contacts were related to business dealings.

But consider that smoking guns may be different depending on what they are. That’s true because somethings may be perfectly legal — such as investments from shady Russians — that nevertheless pose a serious counterintelligence risk of compromise going forward.

Its all the more true when you factor in the role of Sessions and Trump. For some of this stuff (including the September meeting with Kislyak) Sessions will be protected by Speech and Debate. It’d be very hard for DOJ to prosecute Sessions for stuff he did as a Senator, even assuming you had someone else in charge of the investigation or department.

Likewise, other crimes may not rise to the level of criminal prosecution but would rise to the level of impeachment. Which is why this passage from the NYT is so interesting.

Obama White House officials grew convinced that the intelligence was damning and that they needed to ensure that as many people as possible inside government could see it, even if people without security clearances could not. Some officials began asking specific questions at intelligence briefings, knowing the answers would be archived and could be easily unearthed by investigators — including the Senate Intelligence Committee, which in early January announced an inquiry into Russian efforts to influence the election.

If FBI judged it could not prosecute Trump or his close associates for something but nevertheless believed the evidence constituted something disqualifying, what they’d want to do is preserve the evidence, make sure SSCI could find it, and provide tips — laid out in the NYT, if need be — about where to look.

And any things that did rise to the level of criminal charges would be a lot easier to charge if someone besides Sessions were in charge.

This seems to be very methodical.

Update: February for January preservation date requests corrected. h/t TN.