Posts

Joshua Schulte Found Guilty on All Counts

/24 Comments/in , /by

The jury has returned guilty verdicts in all nine charges against Joshua Schulte. While I expected guilty verdicts on the revamped CFAA charges, I wasn’t sure about the far more circumstantial Espionage charges. DOJ must be breathing a sigh of relief.

I have no doubt Schulte will appeal. He has been setting up appeals on a Sixth Amendment SAMS challenge and on a Van Buren challenge to the CFAA charges; plus I imagine he’ll challenge some of the instructions and other decisions Judge Jesse Furman made (though I thought Furman was more favorable to Schulte than Paul Crotty before him).

I’m as interested in what happens with WikiLeaks after this.

WikiLeaks has been spamming references to the misleading Yahoo story about the response to WikiLeaks’ publication (and, more importantly, non-publication) of the stolen CIA files. And I know Assange’s US defense attorney has been getting transcripts from the case.

The WikiLeaks team surely recognizes what I have for years: The existing charges against Assange are all teed up to expand the CFAA count to incorporate the Vault 7 release and Vault 8 non-release (and, possibly, WikiLeaks’ role in the 2016 Russian effort). And Schulte was given discovery on an ongoing investigation into what is almost certainly WikiLeaks.

So while this closes the known part of the case against Schulte, it likely represents further headaches for Assange.

Update: SDNY’s statement calls this, straight up, Espionage.

Today, Schulte has been convicted for one of the most brazen and damaging acts of espionage in American history.

The Josh Schulte Trial Moves to Deliberations

/7 Comments/in , , /by

Yesterday, the two sides in the Josh Schulte case presented their closing arguments.

It is always difficult to read how a jury will view a case, and in this case (in part for reasons I’ll lay out below) that’s all the more true. I could imagine any of a range of outcomes: full acquittal, acquittal on some charges, guilty on most but not all charges, or another hung jury (though I think it likely he’ll win acquittal on at least one or two charges).

This is what the jury will be deliberating about. The short version: Judge Furman seems very skeptical of the obstruction charge against Schulte, quite persuaded by the government’s CFAA charges, but very impressed by Schulte’s closing argument.

The charges

After his first mistrial, DOJ obtained a superseding indictment designed to break his alleged crimes into explicitly identifiable crimes, presumably to prevent the jury from getting confused about what specific actions allegedly constitute a crime, as the first jury appears to have done.

The indictment is generally broken into Espionage tied to files taken directly from the CIA’s servers (Counts One and Two), Espionage tied to stuff Schulte allegedly tried to send out from jail (Counts Three and Four), CFAA for hacking the CIA servers (Counts Five through Eight), and obstruction (Count Nine). I’ve put the legal code below, but here’s how Judge Furman described the charges in his draft jury instructions.

Specifically, Count One charges the defendant with illegal gathering of national defense  information or “NDI.” Specifically, it charges that, on or about April 20, 2016, the defendant, without authorization, copied backup files of certain electronic databases (what I will refer to as the “Backup Files”) housed on a classified computer system maintained by the CIA (namely “DEVLAN”).

Count Two charges the defendant with illegal transmission of unlawfully possessed documents, writings, or notes containing NDI. Specifically, it charges that, between April and May 2016, the defendant, without authorization, retained copies of the Backup Files and communicated them to a third party not authorized to receive them, the organization WikiLeaks.

Count Five charges the defendant with unauthorized access to a computer to obtain classified  information. Specifically, it charges that, between April 18 and April 20, 2016, the defendant accessed a 16 computer without authorization and exceeded his authorized access to obtain the Backup Files and subsequently transmitted them to WikiLeaks without authorization.

Count Six charges the defendant with unauthorized access to a computer to obtain information form a department or agency of the United States. Specifically, it charges that, on or about April 20, 2016, the defendant, accessed a computer without authorization or in excess of his authorized access, and copied the Backup Files.

Count Seven charges the defendant with causing transmission of a harmful computer command. Specifically, it charges that, on or about April 20, 2016, the defendant transmitted commands on DEVLAN to manipulate the state of the Confluence virtual server on DEVLAN.

Count Eight charges the defendant with causing transmission of a harmful computer command. Specifically, it charges that, on or about April 20, 2016, the defendant transmitted commands on DEVLAN to delete log files of activity on DEVLAN.

Counts Three and Four charge the defendant with crimes relating to the unlawful disclosure or attempted disclosure of NDI while he was in the Metropolitan Correctional Center (“MCC”), the federal jail.

Count Three charges that, in or about September 2018, the defendant had unauthorized possession of documents, writings, or notes containing NDI related to the internal computer networks of the CIA, and willfully transmitted them to a third party not authorized to receive them.

Count Four charges that, between July and September 2018, the defendant had unauthorized possession of documents, writings, and notes containing NDI related to tradecraft techniques, operations, and intelligence gathering tools used by the CIA, and attempted to transmit them to a third party or parties not authorized to receive them.

Finally, Count Nine charges the defendant with obstruction of justice. Specifically, it charges that between March and June 2017, the defendant made certain false statements to agents of the FBI during their investigation of the WikiLeaks leak.

Here’s that language with the legal statutes included:

Count One, 18 USC 793(d) and 2 (WikiLeaks Espionage), Illegal gathering of National Defense Information: For copying the DevLAN backup files on or about April 20, 2016.

Count Two, 18 USC 793(e) and 2 (WikiLeaks Espionage), Illegal transmission of unlawfully possessed NDI: For transmitting the backup files to WikiLeaks in or about April and May 2016.

Count Three, 18 USC 793(e) and 2 (MCC Espionage), Illegal transmission of unlawfully possessed NDI: For sending this information about DevLAN to Shane Harris in or about September 2018.

In reality, two groups — EDG and COG and at least 400 people had access. They don’t include COG who was connected to our DEVLAN through HICOC, an intermediary network that connected both COG and EDG. . . . There is absolutely NO reason they shouldn’t have known this connection exists. Step one is narrowing down the possible suspects and to completely disregard an ENTIRE GROUP and HALF the suspects is reckless. All they needed to do was talk to ONE person on Infrastructure branch or through ANY technical description / diagram of the network.”

Count Four, 18 USC 793(e) and 2 (MCC Espionage), Attempted illegal transmission of unlawfully possessed NDI: For staging a tweet and preparing to send out information about CIA’s hacking tools from at least July 2018 through October 2018. (Here’s the version of Exhibit 809 used at the first trial.)

Government Exhibit 801, page 3: “Which brings me to my next point — Do you know what my speciality was at the CIA? Do you know what I did for fun? Data hiding and crypto. I designed and wrote software to conceal data in a custom-designed file system contained with the drive slackspace or hidden partitions. I disguised data. I split data across files and file systems to conceal the crypto—analysis tools could NEVER detect random or pseudo-random data indicative of potential crypto. I designed and wrote my own crypto—how better to foll bafoons [sic] like forensic examiners ad the FBI than to have custom software that doesn’t fit into their 2-week class where they become forensic ‘experts.’”

Government Exhibit 809, page 8: “[tool from vendor report] — Bartender for [redacted] [vendor].”

Government Exhibit 809, page 10: “Additionally, [Tool described in vendor report] is in fact Bartender. A CIA toolset for [operators] to configure for [redacted] deployment.”

Government Exhibit 809, page 11: “[@vendor] discussed [tool] in 2016, which is really the CIA’s Bartender tool suite. Bartender was written to [redacted] deploy against various targets. The source code is available in the Vault 7 release.”

Count Five, 18 USC 1030(a)(1) and 2 (CFAA), Unauthorized access to a computer to obtain classified information: For hacking into the DevLAN backup files.

Count Six, 18 USC 1030(a)(2)(B) and 2 (CFAA), Unauthorized access of a computer to obtain classified information from a department or agency, for hacking into and copying the backup files.

Count Seven, 18 USC 1030(a)(5)(A) and 2 (CFAA), Causing transmission of harmful computer code: For the reversion of Confluence on April 20, 2016.

Count Eight, 18 USC 1030(a)(5)(A) and 2 (CFAA), Causing transmission of harmful computer code: For deleting log files on DevLAN on April 20, 2016.

Count Nine, 18 USC 1503, obstruction: For lying about having taken the backup files, keeping a copy of the letter he sent to the CIA IG, having classified information in his apartment, taking information from the CIA and transferring it to an unclassified network, making DevLAN vulnerable to theft, housing information from the CIA on his home computer, and removing classified information from the CIA.

The law

Based on orders Judge Jesse Furman issued and his response to Schulte’s Rule 29 motions for an acquittal after trial, it seems he views some of the charges to be stronger than others.

Espionage, WikiLeaks charges: Furman didn’t say much about the charges tied to Schulte allegedly obtaining and sharing the Vault 7 and 8 content with WikiLeaks. The transmission charge is the one that is most circumstantial (because the government made no claims about how Schulte got the stolen files out of the CIA and didn’t fully commit to how Schulte sent them to WikiLeaks), and so is one a jury might unsurprisingly find reasonable doubt on.

Espionage, MCC charges: There are two weaknesses to the MCC charges. First, Furman allowed Schulte to argue that because the Bartender information was already made public by WikiLeaks — a topic on which Schulte elicited helpful testimony — it was no longer National Defense Information (there’s more discussion on this issue here). There’s some question whether the Hickock information was NDI as well. But also, in the Bartender case, there’s a question about whether drafting a Tweet in a notebook is a significant enough step to be found guilty.

Obstruction: Furman seems quite skeptical the government has proven their case on obstruction and came close to ruling for Schulte on his Rule 29 motion on it. He ordered the two sides to brief whether the government had provided sufficient evidence of this charge. And in the conference on the instructions, he challenged whether things Schulte said on March 15, 2017 before receiving a grand jury subpoena could be included in an obstruction charge. As Schulte pointed out, too, his false statements from later interviews got less focus in this trial.

CFAA: Furman did rule against Schulte’s Rule 29 motions on the CFAA charges, suggesting he finds the evidence here much stronger. Schulte as much as admitted he had taken the steps DOJ claims he did to revert the confluence files, effectively admitting to one of the charges as written (and that’s what the government focused on in their rebuttal). That said, if he were found guilty on the CFAA charges, Schulte would mount an interesting appeal under SCOTUS’ Van Buren ruling, issued since his last trial, which held that you can’t be guilty of CFAA if you had authorized access. Schulte laid the groundwork to argue that while he didn’t have access to Atlassian, the CIA had not revoked his access as an Administrator to ESXi, which is what he used to be able to do the reversion.

Emotion

In Schulte’s first trial, it seems clear the jury hung based on nullification of one juror, who (according to some jurors) refused to deliberate fairly. DOJ stupidly presented the case in a way that emphasized the human resource dispute, and not the leak. And in a contest of popularity between the CIA and WikiLeaks, the CIA is never going to win 12 votes unanimously, certainly not in SDNY.

I had thought that Schulte would be able to recreate that dynamic with this trial, by once again portraying himself as the unfair victim of CIA bullying. But in at least one case, I think that attempt backfired (by showing Schulte to be precisely the insubordinate prick that the CIA claims him to be).

That said, given Furman’s response, Schulte did brilliantly portray the investigation into him as being biased. So he may win the emotional battle yet again. After he finished, Furman suggested that if Schulte were acquitted, he might have a future as a defense attorney.

THE COURT: You may be seated. All right. Mr. Schulte, that was very impressive, impressively done.

MR. SCHULTE: Thank you.

THE COURT: Depending on what happens here, you may have a future as a defense lawyer. Who knows?

Tactics

In a recent New Yorker profile of Schulte, Sabrina Shroff described how by going pro se, Schulte would be able to push boundaries that she herself could not.

When you consider the powerful forces arrayed against him—and the balance of probabilities that he is guilty—Schulte’s decision to represent himself seems reckless. But, for the C.I.A. and the Justice Department, he remains a formidable adversary, because he is bent on destroying them, he has little to lose, and his head is full of classified information. “Lawyers are bound,” Shroff told me. “There are certain things we can’t argue, certain arguments we can’t make. But if you’re pro se ”—representing yourself—“you can make all the motions you want. You can really try your case.”

Schulte did this repeatedly. He did so with classified information, as when he tried to get “Jeremy Weber” to admit to a report by a still-classified group that Weber was not aware of and which the government insists, to this day, does not exist undermined the attribution of the case (this is based off an out of context text that Weber was not privy to).

Q. Were there many forensic reports filed by AFD about the leak?

A. Not that I’m aware of.

Q. OK. But at some point you learned that AFD determined the backups from the Altabackups must have been stolen, correct?

MR. LOCKARD: Objection.

THE COURT: Sustained. (Defendant conferred with standby counsel)

BY MR. SCHULTE: Q. You reviewed the AFD reports, correct?

MR. LOCKARD: Objection.

THE COURT: Sustained. Let’s move on, Mr. Schulte. (Defendant conferred with standby counsel)

THE COURT: And please keep your voice down when conferring with standby counsel.

… with investigative details (both into his own and a presumed ongoing investigation into WikiLeaks) he has become privy to, such as when he suggested that a SysAdmin named Dave had lost a Stash backup.

Q. Speaking with the admins, you’re talking Dave, Dave C., right; he was one of those?

A. Yeah, Dave.

Q. And he was an employee who put the Stash on a hard drive, correct?

A. I know I’ve heard some of that. I don’t know exactly the situation around that, but —

Q. But that, basically this hard drive with Stash was lost, correct?

MR. DENTON: Objection.

THE COURT: Sustained.

… with testimony presented as questions, as here when Schulte tried to get Special Agent Evanchec to testify that his retention of an OIG email was an honest mistake.

Q. So in your career, classifying documents, sometimes people make honest mistakes when they classify documents, correct?

MR. LOCKARD: Objection.

A. I think that’s —

THE COURT: Sustained.

BY MR. SCHULTE: Q. Have you ever made a mistake classifying a document, sir?

MR. LOCKARD: Objection.

THE COURT: Sustained.

BY MR. SCHULTE: Q. Do you know if someone makes an honest mistake in classifying a document, if they can be charged with a crime?

MR. LOCKARD: Objection.

THE COURT: Sustained.

… and with speculative claims about alternative theories, such as here when he mocked jail informant Carlos Betances’ claim that Schulte said he needed Russian help for what he wanted to accomplish.

Q. OK. Next, you testified on direct that I told you the Russians would have to help me for the work I was doing, right?

A. Yes, correct.

Q. OK. So the Russians were going to send paratroopers into New York and break me out of MCC?

MR. LOCKARD: Objection.

THE COURT: Sustained.

Over and over, prosecutors objected when Schulte made such claims, and most often their objections were sustained. But I think it highly unlikely jurors will be able to entirely unhear many of the speculative claims Schulte made, and so while some of the claims Schulte presented in such fashion were outright false, the jury is unlikely to be able to fully ignore that information.

The unsaid

There are three things that didn’t happen at the trial that I’m quite fascinated by.

First, after delaying the trial for at least four months so as to be able to use Steve Bellovin as his expert, Schulte didn’t even submit an expert report for him. There are many possible explanations for this — that Schulte didn’t like what Bellovin would have said, that Schulte used Bellovin, instead, as a hyper-competent forensic source to check his own theories but never intended to call him, or finally, that Schulte correctly judged he could serve as his own expert in questioning witnesses. That said, the fact that he didn’t use Bellovin makes the delay far more curious.

There are numerous instances — one example is a gotcha that Schulte staged about a purported error (but not a far more significant real error) one of the FBI agents in the case made about Schulte’s Google searches — that were actually quite incriminating. The government, unsurprisingly, didn’t distract from their main case to lay this out though. But I hope to return to some of these details because, while they are irrelevant to the verdict against Schulte (and I want to make clear are distinct from the jury’s ultimate decision about his innocence), they do provide interesting details about Schulte’s actions.

Finally, the government fought hard for the right to be able to present a Schulte narrative about what happened that he shared with his cousin, Shane Presnall, but didn’t introduce it at trial. Effectively, in the document Schulte exposed the real identity of one or more of his colleagues to his cousin. I’m not sure whether the government didn’t rely on this because they wanted to avoid the possibility Presnall would testify, they wanted to limit damage already done to the covert status of the CIA employees, or they didn’t want jeopardy to attach to the document (meaning they could use it in further charges in case of an acquittal). But I’d sure like to know why DOJ didn’t rely on it.

Note: As it did with the first trial, Calyx Institute made the transcripts available. This time, however, they were funded by Germany’s Wau Holland Foundation. WHF board member Andy Müller-Maguhn has been named in WikiLeaks operations and was in the US during some of the rough period when Schulte is alleged to have leaked these documents. 

On Josh Schulte’s Continued Attempts to Hack the Judicial System

/25 Comments/in , , /by

Last June, I argued that accused Vault 7 leaker Josh Schulte’s decision to represent himself involved a plan to “hack” the judicial system, not with computer code, but by introducing commands into the legal system to make it malfunction.

Joshua Schulte attempted to complete a hack of the court system yesterday.

I don’t mean that Schulte used computer code to bring down the court systems. His laptop doesn’t connect to the Internet, and so he does not have those tools available. Rather, over the 3.5 years he has been in jail, he has tested the system, figured out which messages can be used to distract adversaries, and which messages have an effect that will lead the system to perform in unexpected ways. He identified vulnerabilities and opportunities — SDNY arrogance, the pandemic and related court delays, Louis DeJoy’s postal system, and even the SAMs imposed on him — and attempted to exploit them.

[snip]

It is almost without exception an insanely bad idea for a defendant to represent themselves, and this is probably not that exception. Still, there are advantages that Schulte would get by representing himself. He’s brilliant, and clearly has been studying the law in the 3.5 years he has been in prison (though he has made multiple errors of process and judgment in his own filings). He has repeatedly raised the Sixth Amendment problems with Special Administrative Measures, notably describing how delays in receiving his mail make it impossible for him to respond to legal developments in timely fashion. So I imagine he’d prepare a Sixth Amendment challenge to everything going forward. He’d be able to demand access to the image of the server he is alleged to have hacked himself. By proceeding pro se, Schulte could continue to post inflammatory claims to the docket for sympathetic readers to magnify, as happened with a filing he submitted earlier this year. And after the government has made clear it will reverse its disastrous strategy from the first trial of making the trial all about Schulte’s conflicts with the CIA, by questioning witnesses himself, Schulte would be able to make personality conflicts central again, even against the government’s wishes. Plus, by not replacing Bellovin, Schulte would serve as expert himself. In that role, Schulte would present the false counter story he has been telling since he was jailed, but in a way that the government couldn’t cross-examine him. So it would probably be insanely detrimental, but less so than for most defendants that try it. It certainly would provide a way to mount the defense that Schulte clearly wants to pursue.

I also noted the signs that what Schulte really wanted to do was act as co-counsel with his attorneys, something prohibited by precedent in the 2nd Circuit.

Much of this has held up (though not regarding Steve Bellovin, Schulte’s superb expert; Schulte has effectively just waited for Bellovin to become available again). Schulte has engaged in the legal equivalent of a DDOS attack, with dozens of motions in the last year, many serial repeats of the same arguments rejected already, and seventeen appeals of one sort or another.

It appears that Schulte may still be attempting to have hybrid counsel. In a New Yorker profile that came out this week, his attorney, Sabrina Shroff, described how by going pro se, Schulte will not be bound by the legal ethics she is (particularly if he’s willing to face further charges for whatever he does at trial — his potential sentence is already so long any additional contempt or leaking charges might make little difference).

When you consider the powerful forces arrayed against him—and the balance of probabilities that he is guilty—Schulte’s decision to represent himself seems reckless. But, for the C.I.A. and the Justice Department, he remains a formidable adversary, because he is bent on destroying them, he has little to lose, and his head is full of classified information. “Lawyers are bound,” Shroff told me. “There are certain things we can’t argue, certain arguments we can’t make. But if you’re pro se ”—representing yourself—“you can make all the motions you want. You can really try your case.”

Nevertheless, Schulte recently wrote a letter inquiring about whether Shroff could cross-examine some of the witnesses and issue objections for him.

I fully expect Schulte to make his contentious relationship with his colleagues a central feature of the trial (Schulte even attempted, unsuccessfully, to exclude the one CIA witness who remained on good terms with him, which would have made it easy to portray his targeting as a vendetta by colleagues who hate him). I expect Schulte to disclose information about his colleagues — perhaps including that Jeremy Weber, a pseudonym, appears under his real name in the Ashley Madison hack, an allegation Schulte seemed primed to make in 2018. Whatever else Schulte does, he will attempt to raise the costs of this trial on the CIA.

Stipulating stipulations

No doubt he has other stunts planned. Schulte claimed this week that the government is refusing to stipulate to things from official custodians (like Google).

This doesn’t make sense, unless Schulte is trying to undermine the regularity of this evidence with stipulations.

All that said, I think I may have underestimated Schulte when I suggested he only intended to use legal filings as the code with which he would hack the judicial system.

When dropping a laptop alters its BIOS

On June 1, Shroff wrote the court informing Judge Jesse Furman that a guard had accidentally dropped Schulte’s discovery laptop, but asking for no further relief.

We write to inform the Court that a guard at the MDC accidently dropped Mr. Schulte’s laptop today, breaking it. Because the computer no longer functions, Mr. Schulte is unable to access or print anything from the laptop, including the legal papers due this week. The defense team was first notified of the incident by Mr. Schulte’s parents early this afternoon. It was later confirmed in an email from BOP staff Attorney Irene Chan, who stated in pertinent part: “I just called the housing unit and can confirm that his laptop is broken. It was an unfortunate incident where it was accidentally dropped.”

Given the June 13, 2022 trial date, we have ordered him a new computer, and the BOP, government, and defense team are working to resolve this matter as quickly as possible. We do not seek any relief from the Court at this time.

I think Shroff is a formidable defense attorney and she has no patience for the carceral regime that her clients face, particularly someone under strict measures like Schulte. Which is why I find it so odd that she was so blasé about what might be viewed as intentional retaliation against Schulte, just days before trial, especially given Schulte’s recent complaints about his access to the law library. A month earlier, after all, Shroff had described that efforts at détente with the jail had failed.

I’m especially puzzled about Shroff’s response given the discrepancy between her explanation — sourced to Schulte’s parents and the prison attorney, not anyone who could  be held accountable for a false claim — and that of the government.

On June 6, DOJ explained its resolution of the laptop. Their explanation sounds nothing like a dropped laptop, at all. It sounds like an attempted hack.

First, with respect to the defendant’s discovery laptop, which he reported to be inoperable as of June 1, 2022 (D.E. 838), the laptop was operational and returned to Mr. Schulte by the end of the day on June 3, 2022. Mr. Schulte brought the laptop to the courthouse on the morning of June 3 and it was provided to the U.S. Attorney’s Office information technology staff in the early afternoon. It appears that the laptop’s charger was not working and, after being charged with one of the Office’s power cords, the laptop could be turned on and booted. IT staff discovered, however, that the user login for the laptop BIOS1 had been changed. IT staff was able to log in to the laptop using an administrator BIOS account and a Windows login password provided by the defendant. IT staff also discovery [sic] an encrypted 15-gigabyte partition on the defendant’s hard drive. The laptop was returned to Mr. Schulte, who confirmed that he was able to log in to the laptop and access his files, along with a replacement power cord. Mr. Schulte was admonished about electronic security requirements, that he is not permitted to enable or use any wireless capabilities on the laptop, and that attempting to do so may result in the laptop being confiscated and other consequences.

All the more so given one of the new details disclosed in the New Yorker profile: that in his moments of desperation to keep his contraband cell phone charged in jail back in 2018, Schulte figured out how to hot-wire the phone to the light switch.

Schulte figured out a way to hot-wire a light switch in his cell so that it worked as a cell-phone charger. (The person who knew Schulte during this period praised his innovation, saying, “After that, all M.C.C. phones were charged that way.”)

In recent months, Schulte has been making technical requests, such as for his own printer or a write-capable DVD which (he explicitly said) he wanted to use to transfer “other binary files” in addition to trial exhibits, that seemed an attempt to acquire equipment that could be used for other purposes. Here, in the guise of an accident caused by a guard, Schulte got his laptop, with its BIOS alteration, its encrypted compartment, and apparent attempts to use wireless capabilities, into the office of the people prosecuting him, then got it returned with a new power cord.

Among the things Schulte worked on at CIA was a tool to jump an air gap and compressing and exfiltrating data.

The expanding Pompeo subpoena

Then there’s the way information has gotten to Schulte, who is under strict Special Administrative Measures that would normally limit news about his own case from getting shared with him (the following is not a commentary about the humanity  or constitutionality of SAMs, which are arguably not either; it is an observation that they may not be working). In a filing purporting to represent Schulte’s views as to why he needs to call Mike Pompeo as a witness, his stand-by attorneys laid out the following justification:

Secretary Pompeo was Director of the CIA in May 2017 when WikiLeaks began disclosing Vault 7 and Vault 8. As noted in prior briefings to the Court, [1] Mr. Pompeo was immediately debriefed about the WikiLeaks disclosure and specifically informed that Mr. Schulte was an early suspect. He was also told that Mr. Schulte had a disciplinary history. Further, less than a week after the disclosure, Secretary Pompeo approved the substance of the first search warrant application, authorizing the FBI to make various statements therein, at least some of which later proved untrue.

As such, Secretary Pompeo took an active role in the investigation against Mr. Schulte and has non-hearsay information that is relevant to the charges. Mr. Schulte also seek to inquire of Secretary Pompeo whether he directed his staff to consider charges against Mr. Schulte to the exclusion of anyone else or contrary to existing exculpatory evidence

Further, while the government has sought to establish the grave harm caused by the leak, just months after it allegedly occurred, [2] Secretary Pompeo championed WikiLeaks’ publication of the stolen DNS [sic] emails on social media. This disconnect, too, is ripe for examination.

Finally, as recently as September 2021, [3] Secretary Pompeo continued to voice his views on the prosecution of leaks from WikiLeaks, see https://nationalpost.com/news/trump-pompeo-and-cia-agents-discussed-kidnappingassassinating-assange-in-revenge-for-vault-7-leak. Secretary Pompeo’s evolving stance on the prosecution of leaks is relevant to the issues at trial. Accordingly, Mr. Schulte asks this Court to deny the government’s application to preclude Secretary Pompeo’s testimony. [my numbering]

In the past, I have argued that calling Pompeo as a witness is a reasonable request, for what I’ve marked as reason 2, above. As House Intelligence Chair, Mike Pompeo cheered WikiLeaks’ release of emails by Russia from the DNC. He did so in July 2016, months after Schulte is alleged to have transmitted the CIA files in early May 2016. That Pompeo’s support of WikiLeaks, even when he had access to intelligence about them, did not prevent him from being confirmed as CIA Director undercuts claims about Schulte’s perception of the particular damage leaking to WikiLeaks might do.

But the other two reasons are more suspect. Reason one, Pompeo’s approval of early steps in the investigation, is only a measure of what he got briefed, and the briefer would be the more direct witness to the substance of that briefing (and given the seniority of some of the witnesses who testified at his first trial, likely already appeared as witnesses. But Pompeo’s presumed briefing of the case to Donald Trump — before Trump almost blew the case by sharing those details with Tucker Carlson on the very day the FBI first searched Schulte — is another issue. I’m acutely interested in Trump’s treatment of the attack on the CIA by a Russian-associated outlet in 2017, but it really doesn’t indicate anything about Schulte’s guilt or innocence.

The last reason — the claim published by Yahoo but never matched by another outlet that Pompeo responded to the initial Vault 7 release by asking about the possibility of assassinating Julian Assange — is a more dubious argument still. Remember: This is Schulte’s standby counsel writing this filing. They’re not under SAMs, Schulte is, but they’re only his standby counsel, and so should only be posting things he can be privy to. The rationale for calling Pompeo is presented as Pompeo’s comments, from September 2021, responding to the Yahoo story. Except the story linked — to a Canadian story on the Yahoo story published a day before Pompeo’s response — doesn’t reflect those 2021 comments from Pompeo at all. If Pompeo were really asked to testify about this, he would debunk parts of it, as his actual public comments about the story did. If the Yahoo story became an issue at trial, it might come out that the story repeats a claim (though nowhere near the most inflammatory claim of the story) made publicly by a WikiLeaks surrogate in 2020, but never (AFAIK) made publicly elsewhere, and that Michael Isikoff had persistently suppressed details from the Stone prosecution that debunk large parts of the Yahoo story. That is, if the Yahoo story became an issue at Schulte’s — or anyone else’s — trial, it could easily be discredited, like several of the other stories used in WikiLeaks’ campaign against Assange’s extradition. But Schulte, who has purportedly read about this in spite of his SAMs, would like to make it an issue at his trial.

A minute note in the docket may indicate that the two sides settled this issue on Friday. So we’re likely to be deprived of Pompeo’s testimony for a second Schulte trial.

The [redacted] discovery

I find reasons one and three particularly interesting given a series of documents that presumably relate to a broader-than-publicly understood investigation into WikiLeaks. Schulte was provided materials from that investigation in discovery on April 6 or 8. Schulte sent Judge Furman a request on April 29 (perhaps not coincidentally, after a UK judge approved Assange’s extradition, though the actual extradition decision remains pending before Priti Patel) asking to obtain all the discovery from that case, have it excluded from the protective order so he could use it at trial, and asking Furman to give Schulte an investigator so he could learn more about that investigation. In response to an order from Furman, the government responded on May 16. All the materials were docketed on May 25.

The materials are so heavily redacted as to offer little illumination to the subject. They do say, however, that the investigation “is neither known to the public nor to all of the targets of the investigation,” suggesting that at least one of those targeted is aware of it, and that DOJ is working with targets, not subjects. DOJ asserts that Schulte’s claims about the utility of the evidence for his trial conflict. It also describes that Schulte wants to argue — falsely, DOJ asserts — that this evidence proves the Vault 7 materials were obtained by hackers. Given the original discovery letter and subsequent treatment, it is unclear to me whether this information is considered classified, or just confidential. But the government, unsurprisingly, argues that the material shouldn’t be released.

[B]ecause the [redacted] Investigation Materials relate to an ongoing criminal investigation, and their disclosure could cause serious harms to that investigation and other law enforcement interests.

The argument for Pompeo’s testimony, above, came after DOJ responded to Schulte’s request for more information. That is, Schulte’s defense stretched beyond a completely legitimate claim that Pompeo’s actions prove that even the CIA did not consider support for WikiLeaks disqualifying at the moment Schulte allegedly leaked the files, to claims that are little more than repetitions of Trumpist and WikiLeaks propaganda.

Meanwhile, Schulte is asking for a two day adjournment of trial after jury selection starting tomorrow, partly on account of the laptop, partly because the government has shifted the order in which they’ll present witnesses, this time starting with Richard Evanchec, one of the FBI Agents who originally investigated the leak, rather than Schulte’s colleagues at the CIA (among other things, doing so will foreground Schulte’s easily debunked cover story, which he plans to tell himself in court).

Sometime this week, Schulte will have his moment in court, this time running his own defense and exploiting whatever hacks — digital or legal — he has succeeded in launching over the last year or four. As Shroff says, Schulte’s not bound by professional ethics in any way that would limit what arguments he makes. Schulte will undoubtedly attempt to feed the jury the kind of code that the legal system normally doesn’t expect. We will then get to see whether such code causes the system to malfunction.

DOJ’s Ex Parte Classified Plans for Joshua Schulte — and Maybe, Julian Assange

/8 Comments/in , /by

Update: The High Court has overturned Baraitser’s ruling, finding that the US should have had an opportunity to give the assurances it has since given that Assange will not be subjected to solitary confinement. I expect Assange will appeal immediately.

Per a tweet from Stella Morris, the decision in the appeal of a Vanessa Baraitser’s decision denying the US extradition request for Julian Assange on humanitarian grounds will be announced Friday at 10:15 GMT. Because of something that happened in the High Court extradition hearing, I want to point to some things that happened in the Joshua Schulte docket in recent months.

On August 5, DOJ filed notice of an ex parte classified status letter in the Schulte case.

The Government respectfully submits this letter to provide notice of an ex parte, classified status letter submitted yesterday.

By filing an ex parte classified status letter, the government would have informed the judge (then Paul Crotty but the case has since been reassigned to Judge Jesse Furman) something about the case, without sharing it with Schulte or the public. The letter would have been filed five years to the day after the start date, August 4, 2016, for searches DOJ has described that Schulte did on WikiLeaks, Edward Snowden, and (as described elsewhere) Shadow Brokers.

In addition to the numerous searches for “wikileaks” which commenced on August 4, 2016, SCHULTE also conducted multiple related Searches, including: prior to the March 7, 2017 release of the Classified Information, “assange” (Julian Assange is the founder and “editor-in-chief’ of WikiLeaks.org), “snowden its time,” “wikileaks code,” and “wikileaks 2017”-and after the March 7, 2017 release of the Classified Information, “wikileaks public opinion,” and “officials were aware before the WikiLeaks release of a loss of sensitive information.”

On September 23, the government wrote a letter to Judge Crotty, voicing its support for adjourning Schulte’s trial date — which at that point was scheduled for October 25, two days before Assange’s extradition hearing — and revisiting the schedule after November 1, several days after the extradition hearing.

The Government respectfully submits this letter in response to the defendant’s request to adjourn the trial date, currently scheduled for October 25, 2021. (D.E. 495). As discussed at the pretrial conference held on September 15, 2021, the Government consents to the defendant’s request for an adjournment. We respectfully suggest that the Court enter an order adjourning the trial sine die, and the Government will provide an update with respect to our views on an appropriate trial date by November 1, 2021.

On September 26, Yahoo published a story that made claims about assassination discussions that, the story itself revealed, were overblown. The story debunked WikiLeaks’ claims that the charges against Assange were political retaliation pertaining to the Russian investigation from Trump. It corroborated the obvious temporal link between the initial charge against Assange and a Russian exfiltration attempt. And it provided details of CIA’s clandestine plans to limit the damage of the still (then, and now) unreleased Vault 8 source code of CIA’s hacking tools. There’s reason to believe WikiLeaks has known aspects of those damage mitigation plans for at least two years, via means they do not want to disclose.

Since its publication, WikiLeaks has used the story to try to suggest that the DOJ extradition should not go forward, but the British judges who heard the appeal seemed unimpressed by tales of CIA outrage about WikiLeaks’ hoarding CIA’s hacking tools.

As part of the extradition hearing on October 28, according to the WikiLeaks’ Twitter account, the lawyer representing the US in Assange’s extradition hearing, James Lewis, asserted that if this effort to extradite Assange fails, they can just start again with another extradition request.

Note: I looked for a more credible source for this quotation than WikiLeaks, which has been sowing more propaganda than usual in recent months, but did not find it quoted by other credible journalists. For the purposes of this post, though, I will accept this as accurate. A representative for US DOJ said that if this extradition attempt fails, Lewis seemed to suggest, DOJ can ask the UK to extradite on a different indictment.

Shortly after the extradition hearing, on November 5, in response to an order from Judge Furman, DOJ proposed March 21, 2022 as the earliest feasible trial date, largely because of expected CIPA proceedings, but in part because of whatever DOJ discussed in that August 4 ex parte classified status letter.

Although the Government is available for trial at any time in the first or second quarters of 2022, the Government does not believe it would be practical to schedule the trial prior to March 2022.

[snip]

The proposed trial date also takes into consideration matters discussed in the Government’s ex parte letter submitted on August 4, 2021. Accordingly, in order to afford sufficient time both for the likely upcoming CIPA litigation and for the parties to prepare for trial with the benefit of any supplemental CIPA rulings, the Government believes that the earliest practical trial date for this matter would be March 21, 2022.

March 21 would be two weeks after the five year anniversary of the first publication of Vault 7, the less harmful development notes stolen from the CIA, but with them, the names or pseudos of several colleagues that Schulte allegedly scapegoated. That would be the likely date for any statutes of limitation on another CFAA conspiracy to toll.

That is, this timing would provide DOJ an opportunity to learn the fate of Assange’s first, declassified charges through 2015, in case DOJ wanted to ask for extradition on a second case charging actions since 2015.

Admittedly, one explanation for that August 4 filing could be that DOJ obtained new evidence (though if it is evidence Schulte will ultimately get, it should not be ex parte). But given Lewis’ comment and the timing of DOJ’s various updates about trial schedule, one explanation is that DOJ would ask to extradite Assange for the Vault 7 publications (and related actions that have nothing to do with journalism) if the current extradition effort fails.

Ultimately, Schulte’s decisions have created a further delay than the one the government proposed. Because Schulte’s expert, Steve Bellovin, has limited availability due to his teaching schedule, the trial is scheduled to start on June 13, 2022, more than six years after Schulte allegedly stole the files in question.

Depends on what happens tomorrow, though, we may learn sooner what that ex parte filing was.

The Julian Assange Question: True Claims about Prison Conditions or Lies in Service of Martyrdom?

/54 Comments/in /by

Today and tomorrow, the United States will appeal Judge Vanessa Baraitser’s decision in the Julian Assange case that American prisons are too inhumane to house someone with suicidal tendencies safely. The US will argue several things about the decision, including that Baraitser had wrongly credited testimony of an expert that, like that of several others presented in Julian Assange’s extradition defense, was obviously misleading.

On Wednesday, judges said the weight given to a misleading report from Assange’s psychiatric expert that was submitted at the original hearing in January could form part of Washington’s full appeal in October.

Sitting in London, Lord Justice Holroyde said he believed it was arguable that Judge Vanessa Baraitser had attached too much weight to the evidence of Prof Michael Kopelman when deciding not to allow the US’s appeal.

[snip]

Delivering the latest decision, Holroyde said it was “very unusual” for an appeal court to have to consider evidence from an expert that had been accepted by a lower court, but also found to have been misleading – even if the expert’s actions had been deemed an “understandable human response” designed to protect the privacy of Assange’s partner and children.

The judge said that, in those circumstances, it was “at least arguable” that Baraitser erred in basing her conclusions on the professor’s evidence.

“Given the importance to the administration of justice of a court being able to reply on the impartiality of an expert witness, it is in my view arguable that more detailed and critical consideration should have been given to why [the professor’s] ‘understandable human response’ gave rise to a misleading report.”

The US government had previously been allowed to appeal against Baraitser’s decision on three grounds – including that it was wrong in law. Assange’s legal team had described the grounds as “narrow” and “technical”. The two allowed on Wednesday were additional.

One key issue is whether assurances the US offered to the UK that Assange won’t be held under Special Administrative Measures are worth the paper they were written on (they’re probably not).

The summary of the decision to accept the appeal said that the United States had “provided the United Kingdom with a package of assurances which are responsive to the district judge’s specific findings in this case.”

Specifically, it said, Mr. Assange would not be subjected to measures that curtail a prisoner’s contact with the outside world and can amount to solitary confinement, and would not be imprisoned at the supermax prison in Florence, Colo., unless he later did something “that meets the test” for imposing such harsh steps.

“The United States has also provided an assurance that the United States will consent to Mr. Assange being transferred to Australia to serve any custodial sentence imposed on him,” the summary said.

While the basis for refusing extradition — expanding on a precedent established with Lauri Love, whose Aspergers was far more severe and better established than Assange’s depression — may be controversial, the severe conditions in American prisons are not.

And that’s why the focus of Assange’s team over the past nine months and in the next few days will be so telling.

Assange’s team would need to look no further than Joshua Schulte — the accused source for the stolen CIA hacking tools who has been held under draconian Special Administrative Measures (which sharply curtail Schulte’s ability to communicate with anyone besides his lawyers and immediate family) for over three years — to demonstrate how WikiLeaks associates have been treated in US jails. Judge Paul Crotty recently rejected Schulte’s latest bid to end the SAMs before the case got reassigned — with no public explanation — to Judge Jesse Furman (Crotty must be getting close to going senior status, but Schulte also asked Crotty to recuse). In his order affirming the SAMs on Schulte, Crotty noted that the former CIA developer, “intentionally disclosed information he knows to be classified–including in a recently filed motion seeking declassification of that very information,” and prosecutors just warned that Schulte may face additional consequences for doing so.

In recent weeks, the defendant has, through standby counsel, attempted to file several documents on ECF that appear to contain classified information. Section 5 notices are particularly likely to contain classified information, since the statute requires the defendant to “include a brief description of the classified information” at issue, and prohibits the defendant from “disclos[ing] any information known or believed to be classified in connection with a trial or pretrial proceeding until notice has been given under this subsection” and the United States has had an opportunity to seek a CIPA § 6 hearing and, if applicable, an appeal from the Court’s determination under § 7. Should the defendant knowingly and intentionally publicly file or attempt to publicly file information “known or believed to be classified,” including as part of a § 5 notice, he could be subject to penalties.

Likewise Assange’s team could point to the case of Daniel Hale, who was jailed prior to sentencing because it was feared he would harm himself, but then was placed in the Marion Communications Management Unit, a less harsh regime restricting prisoners’ communications than SAMs, but nevertheless not something known to be justified by anything Hale did during pre-trial release, and something that exacerbates Hale’s isolation in prison.

Rather than focusing on these very uncontroversial issues, Assange’s team has spent the last nine months spinning wildly about topics other than US prison conditions. They did so, first, by falsely claiming that an article in which Siggi Thordarson reaffirmed one of the most damning things he said about Assange would doom the case against Assange, even though as a co-conspirator, Siggi is unlikely to be called as a witness. More recently, Assange’s team has embraced an article showing that CIA Director Mike Pompeo was unable to pursue a variety of measures to attempt to thwart the release of (still substantially unreleased) stolen hacking tools, even though the article proves that Assange lied wildly in his extradition hearing about when and why the US government changed its understanding of his actions and further shows that the US didn’t charge Assange in the face of Pompeo’s pressure, but only did so when Russia attempted to exfiltrate Assange.

Assange has a really good case to make about US jail and prison conditions.

Instead, Assange has spent the last nine months telling wild stories in an effort to make a man credibly accused of conspiring to hack US targets a martyr of journalism.

On the Missing Inspector General Report[s] about Wilbur Ross’ Lies

/39 Comments/in /by

There was a big news blitz yesterday on the news that the Commerce Department’s Inspector General had concluded Wilbur Ross twice misled Congress about the rationale for including a citizenship question in last year’s census.

The claim was based off a letter from Inspector General Peggy Gustafsonwho was nominated under President Obama — explaining what had become of a 2019 request to investigate whether Ross had lied. In her letter, which was publicly released, Gustafson revealed the outcome of her investigation.

Our investigation established that the then-Secretary misrepresented the full rationale for the reinstatement of the citizenship question during his March 20, 2018, testimony before the House Committee on Appropriations and again in his March 22, 2018, testimony before the House Committee on Ways and Means. During Congressional testimony, the then-Secretary stated his decision to reinstate the citizenship question was based solely on a DOJ request. That request memorandum was signed by the DOJ on December 12, 2017. However, evidence shows there were significant communications related to the citizenship question among the then-Secretary, his staff, and other government officials between March 2017 and September 2017, which was well before the DOJ request memorandum. Evidence also suggests the Department requested and played a part in drafting the DOJ memorandum. Further, the then-Secretary sent a memorandum to the Department on June 21, 2018, clarifying his deliberations regarding adding a citizenship question to the Decennial Census. In this memorandum, the then-Secretary stated he began considering the content of the 2020 Census, to include reinstating the citizenship question, soon after his appointment to Secretary.

This investigation was presented to and declined for prosecution by the Public Integrity Section of the DOJ’s Criminal Division.

She sent the report to Congress along with her letter. But the report itself has not been released publicly or, best as I can tell, even leaked with those who wrote stories on the letter.

Reports on DOJ’s declination created a great deal of outrage that Merrick Garland had declined to prosecute the case. Only, as an AP correction revealed, Garland’s DOJ hadn’t declined prosecution. Barr’s DOJ did.

This story has been corrected to reflect that the decision not to prosecute Ross was made by the Department of Justice during the Trump administration, not the Biden administration.

But corners of the media blitz left out a lot more details about the context of the original request. It came after a Republican strategist, Thomas Hofeller, died, leaving his Democratic daughter to go through his papers, only to discover he, and very racist plans for gerrymandering, were behind the census question. After that smoking gun was discovered, House Oversight (starting under Elijah Cummings before he died) did more investigation and then a bunch of Senators asked for an investigation.

And after DOJ kept appealing a District Court ruling on the question in NY, even the Supreme Court found that Commerce had misrepresented the reason for the question.

Finally, we have recognized a narrow exception to the general rule against inquiring into “the mental processes of administrative decision-makers.” Overton Park, 401 U. S., at 420.

On a “strong showing of bad faith or improper behavior,” such an inquiry may be warranted and may justify extra-record discovery. Ibid. The District Court invoked that exception in ordering extra-record discovery here. Although that order was premature, we think it was ultimately justified in light of the expanded administrative record. Recall that shortly after this litigation began, the Secretary, prodded by DOJ, filed a supplemental memo that added new, pertinent information to the administrative record. The memo disclosed that the Secretary had been considering the citizenship question for some time and that Commerce had inquired whether DOJ would formally request reinstatement of the question. That supplemental memo prompted respondents to move for both completion of the administrative record and extra-record discovery. The District Court granted both requests at the same hearing, agreeing with respondents that the Government had submitted an incomplete administrative record and that the existing evidence supported a prima facie showing that the VRA rationale was pretextual.

[snip]

That evidence showed that the Secretary was determined to reinstate a citizenship question from the time he entered office; instructed his staff to make it happen; waited while Commerce officials explored whether another agency would request census-based citizenship data; subsequently contacted the Attorney General himself to ask if DOJ would make the request; and adopted the Voting Rights Act rationale late in the process. In the District Court’s view, this evidence established that the Secretary had made up his mind to reinstate a citizenship question “well before” receiving DOJ’s request, and did so for reasons unknown but unrelated to the VRA. 351 F. Supp. 3d, at 660.

John Roberts laid out the evidence that Commerce’s IG must also have relied on.

[I]t was not until the Secretary contacted the Attorney General directly that DOJ’s Civil Rights Division expressed interest in acquiring census-based citizenship data to better enforce the VRA. And even then, the record suggests that DOJ’s interest was directed more to helping the Commerce Department than to securing the data. The December 2017 letter from DOJ drew heavily on contributions from Commerce staff and advisors. Their influence may explain why the letter went beyond a simple entreaty for better citizenship data—what one might expect of a typical request from another agency—to a specific request that Commerce collect the data by means of reinstating a citizenship question on the census. Finally, after sending the letter, DOJ declined the Census Bureau’s offer to discuss alternative ways to meet DOJ’s stated need for improved citizenship data, further suggesting a lack of interest on DOJ’s part.

Altogether, the evidence tells a story that does not match the explanation the Secretary gave for his decision. In the Secretary’s telling, Commerce was simply acting on a routine data request from another agency. Yet the materials before us indicate that Commerce went to great lengths to elicit the request from DOJ (or any other willing agency). And unlike a typical case in which an agency may have both stated and unstated reasons for a decision, here the VRA enforcement rationale—the sole stated reason—seems to have been contrived.

After SCOTUS ruled Commerce could not include a citizenship question in the census, the plaintiffs asked the judge to sanction DOJ and Commerce officials who made misrepresentations to the court. Judge Jesse Furman made the government pay fees but did not further sanction the government witnesses in question.

That is, the underlying record has been known for some time. The only thing new in the record, as far as we know, is that — after a bunch of Senators asked for an investigation into this — the Commerce IG agreed with John Roberts and referred Ross for prosecution, only to have Barr’s hyper-politicized DOJ — a DOJ that was itself caught making untrue statements to the District Judge in the NY case — decline prosecution.

Which makes it all the more curious that Commerce didn’t publicly release the report along with the letter. The report is done. Why not release it publicly, as past derogatory reports about Ross were released?

One more detail that may explain DOJ’s silence in response to this news. The original letter from a bunch of Senators requesting the investigation wasn’t addressed just to Commerce. It was also addressed to Michael Horowitz, DOJ’s Inspector General. There’s no sign of such an investigation on their site (and I have thus far gotten no response to a question about this from them) — but they don’t include all their investigations.

But these stories are only about what the result of the Commerce Inspector General investigation was, and how Bill Barr’s DOJ responded. They’re not about whether there was an investigation at DOJ, and what happened if that investigation ended under Merrick Garland. They’re not about what a DOJ that has put great emphasis on voting rights has done with all this.