Posts

Serving as Julian Assange’s Unwitting Data Mule to Israel Shamir Is Not Journalism

/21 Comments/in , , , /by

It’s a testament to how effective WikiLeaks’ propaganda is that almost none of the people implicated by things Julian Assange did years ago and almost none of the people who brainlessly repeat Julian Assange’s propaganda now know about this May 16, 2022 filing, submitted last year in the Josh Schulte case, which I wrote about here.

The redacted bits of the filing almost certainly describe things obtained in an ongoing investigation of WikiLeaks that pertain to how the data stolen by Schulte was used. The unredacted parts, however, describe that what must be the WikiLeaks investigation is both ongoing and has a scope that, “is neither known to the public nor to all of the targets of the investigation.”

“All of the targets.” That phrase is telling. At least one target — Assange — knows he is a target. The other targets (and DOJ uses the jargon to describe people who almost certainly will be charged, not just people who might be) don’t know.

The WikiLeaks investigation — which is ongoing and not just, as many boosters claim, an attempt to shore up the case against Assange — is not an investigation into Assange, exclusively. There are other targets.

Key WikiLeaks people almost certainly know about this filing, because they treated Schulte’s second trial — where he defended himself and repeatedly tried to publicly share classified information, almost certainly including details of the discovery about the ongoing WikiLeaks investigation he had received — differently than the first.

They’re just not telling you that there are other targets of the WikiLeaks investigation.

They’re not telling you, in part, because it ensures that when the Met or FBI or other investigators approach people to obtain information about those other targets, they’ll refuse, because they don’t want to be part of a prosecution of Julian Assange for what they’re telling themselves is journalism.

James Ball is the latest person describing how that happened.

In a Rolling Stone post describing the two year effort to obtain his cooperation, he claims journalists are being asked to cooperate against Assange.

And he claims he’s being approached — for information that clearly pertains to Israel Shamir — as a journalist.

He asserts that he’s being approached as a journalist by claiming that DOJ wants to talk to him about this 2013 article, rather than about his own conduct described in the article.

As the article described, in 2010, he unwittingly served as Assange’s data mule, handing off 90,000 State Cables to Israel Shamir, who then exploited them — by sharing them with Belarusian dictator Alexandr Lukashenko and/or selling them — before the entire Cable set was released.

Shamir is an anti-Semitic writer, a supporter of the dictator of Belarus, and a man with ties and friends in Russian security services. He and Julian—unknown to us—had been in friendly contact for years. It was a friendship that would have serious consequences.

Introduced to WikiLeaks staff and supporters under a false name, Shamir was given direct access to more than 90,000 of the U.S. Embassy cables, covering Russia, all of Eastern Europe, parts of the Middle East, and Israel. This was, for quite some time, denied by WikiLeaks. But that’s never a denial I’ve found convincing: the reason I know he has them is that I gave them to him, at Assange’s orders, not knowing who he was.

Why did this prove to be a grave mistake? Not just for Shamir’s views, which are easy to Google, but for what he did next. The first hints of trouble came through contacts from various Putin-influenced Russian media outlets. A pro-Putin outlet got in touch to say Shamir had been asking for $10,000 for access to the cables. He was selling the material we were working to give away free, to responsible outlets.

Worse was to come. The NGO Index on Censorship sent a string of questions and some photographic evidence, suggesting Shamir had given the cables to Alexander Lukashenko of Belarus, Europe’s last dictator. Shamir had written a pro-Belarus article, shortly before photos emerged of him leaving the interior ministry. The day after, Belarus’s dictator gave a speech saying he was establishing a WikiLeaks for Belarus, citing some stories and information appearing in the genuine (and then unpublished) cables. [my emphasis]

As he admits, at least by 2013, Ball was aware that Shamir had ties to Russian spooks.

What Ball describes in the piece is that he entered into an agreement with Assange to provide data to someone, Shamir, that Shamir did not publish, but instead shared with a repressive dictator and, probably, with Russian intelligence services.

That’s not journalism. That’s spying.

To be sure: as Ball describes, he realized his error and promptly left WikiLeaks (and, as he described in the 2013 article, refused to sign some of the NDAs Assange was pushing). That’s why he was approached as a witness and not a subject, because he made affirmative efforts to leave the conspiracy that has already been charged against Assange and almost certainly will be charged against Shamir, if it hasn’t already been, under seal.

After having served as an unwitting data mule for Assange in a handoff that would result in Lukashenko (and possibly Russian spies) getting advance access to the content of the Cables, Ball subsequently became a journalist. But that does not retroactively change what happened in 2010. Nor does that mean FBI approached him as a journalist. They approached him as a guy who once unwittingly served as a data mule for the part of the Cable releases that undermines all the claims that Assange is nothing but a publisher.

Here’s what people miss about the publication charges against Julian Assange, including the Cable count. They charge him for, “distributing them and then by publishing them.” Proving that Assange distributed the State Cables via unwitting data mule James Ball to Shamir is all DOJ would have to do to prove that charge against Assange, to prove that Assange shared them with someone not authorized to receive them. At a hypothetical trial of Assange (and whoever else gets charged), they’ll undoubtedly explain that after first giving privileged access to the Cables to Shamir, who handed them onto people who would use them to suppress dissent, Assange published all of them. That’s part of the cover. That’s part of what leads people like Ball to imagine he was involved in journalism when he shared the Cable files with Shamir.

For a number of WikiLeaks releases, there’s some story like this, about how before publication, files were either removed from the publication set or provided exclusively to someone in advance. The publication is, in part, cover for that earlier sharing. Schulte even described how if Russia got the source code he shared with WikiLeaks but which WikiLeaks, with limited exceptions, did not publish, they would never publish it, because it would be more useful to reverse engineer what the CIA had been doing.

These tools are MUCH more valuable undiscovered by the media or the nation that lost them. Now, you can secretly trace and discover every operation that nation is conducting.

Schulte is one of the people that anyone charged in a larger WikiLeaks conspiracy would be charged with conspiring with.

That’s the tough thing about US conspiracy law: Once you enter into a conspiracy, you’re on the hook for the actions of anyone who later enters into that conspiracy — like Shamir or Schulte — whether or not you know about it personally. You’re on the hook unless and until you take affirmative actions to leave the conspiracy. Lots of people with ties to WikiLeaks want no tie to Assange’s relationship with Shamir, but if DOJ adds him as a co-conspirator, then they’re not going to have much choice in the matter.

In any case, because so few of WikiLeaks’ boosters know that there are other targets in this investigation, they seem to be getting unfortunate legal advice, such as regarding the import of the detail that FBI obtained a statement from Shamir — whose statements, if and when he is charged as a co-conspirator, can be entered at trial — stating that Ball provided Cables, which he claimed to be about “the Jews,” to him.

The U.S. government cannot make much use of what I revealed in the article in a court of law unless I testify to it — and it is not hard to see how I could be useful if they were trying to strengthen the political case against Assange. In the article, I admit that I was the one who gave Shamir the material, albeit on Assange’s orders, without knowing who he was. If I testified to all this, it could, at least in theory, open me to criminal charges of my own.

[snip]

When, after months of delaying tactics had run out of road, we said a final “no”, there was a small sting in the tale from a DOJ prosecutor to my lawyers. Sending a statement in which Shamir had falsely claimed I had provided him with cables on “the Jews,” the prosecutor noted:

“Upon seeing those words from Shamir, I cannot help but ask whether Mr. Ball would reconsider his decision about speaking to the investigators, even if only just to respond to Shamir’s allegations.”

Yeah, it was a sleazy tactic, but also one designed to alert his lawyer that Ball does not currently have exposure but at a trial in which Shamir is a co-conspirator, Ball’s own conduct will be introduced at trial as part of proving that Cable charge and can be introduced without the article Ball wrote in 2013. Ball was advised they can’t use his article without his testimony — and because he had already left any agreement with Assange that’s probably right — but FBI can certainly introduce Shamir’s claims that he got the Cables from Ball, along with whatever other evidence they have about what Shamir did with them afterwards.

One more reason the fact that this is an ongoing investigation into targets not publicly identified matters: DOJ may or may not  or may already have gotten the UK to approve superseding the existing indictment against Assange, the one that has led people to believe he is the only target of it. But they certainly have the ability to charge a conspiracy in which Assange is an uncharged co-conspirator, showing a seven year conspiracy involving Russian spooks — starting no later than that handoff of cables to Shamir — charging everyone else that entered into a conspiracy via Assange with Russian spooks. Back in 2020, prosecutors implied to Jeremy Hammond that the long extradition process of Assange would provide the opportunity to charge Assange’s involvement in the 2016 Russian hack-and-leak. And because at least one of the people who would be charged in such a conspiracy, Josh Schulte, appears to have continued his efforts to leak through last year, any statute of limitations might go through 2027. That’s why they’re in no rush to charge Shamir publicly: because the way conspiracy law works in the US, they can charge everyone who didn’t affirmatively leave the WikiLeaks conspiracy so long as the conspiracy remains ongoing.

Ball may well be right that the other people the FBI has approached are being approached for coverage of WikiLeaks they did, as journalists (though there are some edge cases). But of the descriptions I’ve seen, there’s always another as yet uncharged target about whom the FBI is asking. That may not change their calculus about whether they want to cooperate, but it means, whether they know it or not, that their refusals are not limited to a bid to protect Assange’s conduct.

I think the people approached for their coverage of WikiLeaks should definitely tell the FBI to fuck off.

But there’s more going on here, particularly with the request to Ball.

Jack Teixeira: Leak Dumps Don’t Care about (the Story You Tell about) Motive

/49 Comments/in , /by

Dan Froomkin says reporters should call Jack Teixeira’s release of highly classified documents “theft,” not a leak, distinguishing “public-spirited” leakers from “self-serving … thieves.” Spencer Ackerman muses that Teixeira, “leaked for that most ineffable thing, something nonmaterial but nevertheless hyper-real in the logic of the poster, and particularly the right-wing-chud poster: clout.” Charlie Savage suggests something distinguishes this case, legally, from those of everyone else (among a limited subset) who took classified information. Glenn Greenwald has been all over the map, in one breath calling this, “a bullshit leak, despite some relevant docs, the impact of which has been severely overblown from the start,” but then applauding Tucker Carlson’s focus on the altered casualty numbers in Ukraine and Tucker’s claims that even Fox has factchecked as an example of, “the significant revelations these leaks provide.”

Now he’s just making shit up about WaPo and NYT hunting down Teixeira, shit that a quick reading of the arrest affidavit readily debunks, shit that ignores that WaPo’s source(s) for hundreds of still-unpublished documents, at least, are one or more of the Discord chat kids, to whom WaPo has given source protection (that will be utterly meaningless in the face of the subpoenas already served).

A bunch of people who made their careers because a young, narcissistic IT guy stole a shit-ton of records about which he had little personal expertise — some incredibly important, a great many useful only to America’s adversaries — seem to be uncertain what to make of Jack Teixeira, who, early reports at least suggest, is an even younger narcissistic IT guy who stole a smaller shit-ton of records about which he had even less personal expertise, some newsworthy, some useful primarily to America’s adversaries.

We will likely have the rest of Teixeira’s young life to get a better understanding of why he allegedly did what he did, which may well be very different than what he told the kids in the Discord chat rooms about why he did what he did, who in any case are entirely unreliable narrators. But then, they may be no more unreliable, as narrators, than Greenwald is about Edward Snowden, and for a similar reason: because their identity is wrapped up in a certain narrative about this dude.

Since this age of the leak dump started, journalists have been sustaining self-serving stories about what leak dumps really are.

That Ackerman treats Josh Schulte’s hack-and-dump in the same breath as the leak dumps of Chelsea Manning or Edward Snowden, calling Teixeira’s leaks, “something different than the Snowden leaks, Manning leaks or, say, the Vault 7 hack,” is a great example of that. At trial, Schulte didn’t so much claim he was a whistleblower as he was a scapegoat, someone the CIA already hated to blame for an embarrassing compromise. But in his second trial, in the course of representing himself, he performed precisely what the government said he was: a narcissistic coder — KingJosh, he called himself — exacting revenge for the escalating personnel problems he caused after his manager moved his desk. “I think you are playing into the government’s theory of the case,” Judge Jesse Furman warned in a sidebar during Schulte’s cross-examination of a former supervisor, “by making clear to the jury that even today you remain aggrieved by you as being mistreated.”

Vault 7 was not a noble leak. It was an epic act of nihilism. A man-boy retaliating because he couldn’t get his way at work.

And except for security researchers in the business of attributing CIA hacks, the Vault 7 files weren’t all that newsworthy, either — though they did give Julian Assange a way to pressure the Trump Administration. Plus, the fate of both the Vault 7 files during the nine months between leak and publication, during a period when Assange was a key part of a Russian influence operation, as well as the Vault 8 source code included in Schulte’s guilty verdict, remains unknown. In a letter attempting to exonerate himself (even while exposing the protected identities of several colleagues), Schulte himself described the value that the source code would have for Russia, particularly during that nine month window before the CIA learned Schulte had hacked them:

So much still unknown, and with potential (yet unconfirmed) link between wikileaks and Russia–Did the Russians have all the tools? How long? It seems very unlikely that an intelligence service would ever leak a nation’s “cyber weapons” as the media calls them. These tools are MUCH more valuable undiscovered by the media or the nation that lost them. Now, you can secretly trace and discover every operation that nation is conducting.

I don’t imagine that these issues were what Ackerman had in mind, when comparing Schulte to Manning and Snowden, but perhaps he should give some thought to why he believes otherwise.

Meanwhile, Marjorie Taylor Greene is already creating a heroic myth about Teixeira not all that dissimilar from the myths WikiLeaks spun about Schulte that Ackerman appears to still believe.

Maybe, like Chelsea Manning, a struggle with his own demons made Teixeira more apt to leverage classified records to win the adulation of a bunch of teenagers. Or maybe, like Schulte, he really is the racist shithole he sounds like.

Or both.

We may never learn how much damage these leaks did such that we could adequately balance their value against their cost. We will undoubtedly get inflammatory claims from prosecutors if Teixeira is ever sentenced, which may or may not be backed by some damage assessment that will get declassified in a decade or three.

Because it’ll be some time before we really understand this guy, because journalists seem to be struggling to understand how to treat him, I thought it worthwhile to lay out some lessons I have learned from covering leak-dumps for 15 years, lessons that have resulted in a radically different view than the Manichean belief in good dumps or bad dumps others have.

Leak dumps don’t care about all that.

In what follows, I’m not questioning the value of (some) of Snowden’s and Manning’s leaks. I’m saying that some of the people most closely involved haven’t taken a step back, in the decade since, to see what we’ve learned since, including some things these celebrated leakers have in common with what we know, so far, of Teixeira.

It’s worth distinguishing leaks from people knowledgable about what they’re leaking

Those who’ve worked on past leak dumps like to compare the leakers with Daniel Ellsberg, a comparison Ellsberg has welcomed.

But for most, there’s something that clearly distinguishes this later group of leakers: many don’t have expertise on the specific files they’re leaking.

Indeed, several of these leakers obtained new jobs while they were already contemplating leaking (or, in Snowden’s case, long after he had started collecting documents to leak). Several took files entirely unrelated to their jobs.

By comparison, Ellsberg was a PhD who leaked the Rand study he worked on himself.

To the extent that prior leak dumpers leaked files they didn’t have specific reason to want to expose, they often did so out of a generalized malaise, usually stemming from America’s war on terror policies. While I think Manning and Daniel Hale’s reaction to the war on terror was just and righteous, and while Teixeira thus far seems like a badly misguided conspiracy theorist, the type of motivation, a general malaise about American conduct, may not be that dissimilar.

Similarly, Teixeira clearly doesn’t have the knowledge or maturity to make an ethical decision to leak these documents. But it’s not clear some of his predecessors did either.

False claims about authentic documents are still false claims

Over the years, Greenwald and others — most recently #MattyDickPics Taibbi — have completely collapsed the distinction between “true” and “authentic.” There’s a good deal of Snowden reporting, for example, that remains uncorrected. Ackerman even repeated one such error, from the Guardian’s report on PRISM, in his 2021 book — “the NSA could conduct what internal documents described as ‘legally-compelled collection’ from the servers—the exact form of access remains unknown”—of PRISM participants. [my emphasis] This description of getting data directly from tech companies’ servers came from a guy who was overselling the program, effectively a Deep State hypester snookering civil libertarian journalists to buy into his hype.

As Bart Gellman described in his own book, not only was the direct access misleading, but it distracted from the more important policy points of the Section 702 collection.

Companies that had declined to comment in advance, or had said nothing of substance, now issued categorical denials that any U.S. agency had “direct access” to their servers. I scrambled to reconcile those statements with the NSA program manager’s explicit words—repeated twice—in the authoritative PRISM overview. Later that night I found a clue in another document from the Snowden archive. There, in a description of a precursor to PRISM, I found a variation on Rick’s formula. “For Internet content selectors, collection managers sent content tasking instructions directly to equipment installed at company-controlled locations,” it said. That sounded as though the U.S. government black box was on company property but might not touch the servers themselves. I updated my story to disclose the conflicting information and the new evidence.

[snip]

The “direct access” question became a big distraction, rightly essential to the companies but not so much to the core questions of public policy.”

The Snowden reporters were under a real time crunch and unbelievable security pressure to report, so have a good excuse, but others don’t.

#MattyDickPics blithely started reporting on Twitter without first bothering to get the least understanding of what he was looking at and he still has never gotten records showing what requests Trump made of Twitter, the only thing close to real censorship in question. Yet because he has some screen caps to wave around, vast swaths of people believe his false claims.

The same is true of the “laptop.” Virtually the entire Republican Party has refused to distinguish between authentic emails on a hard drive allegedly obtained from a Hunter Biden laptop, and the authenticity of the laptop itself, even after people in Rudy’s orbit started altering that hard drive. To say nothing of whether provably authentic emails say what the GOP breathlessly claims they do, which so far, they have not.

As noted, Tucker has already magnified (with Greenwald applauding) two of the false claims about the documents that Teixeira released: the doctored casualty numbers put out by Russia, and misrepresentations about the role of Special Operations forces in Ukraine, which have been debunked by the same Fox News reporter that Tucker tried to get fired one of the previous times she corrected the network’s false claims.

Notably, I think one thing that is contributing to more accurate reporting based on these files is more hesitation from responsible outlets to publish or magnify the files themselves, while still using them as a basis for stories, though as WaPo races to beat its competitors that may be changing.

Documents can serve to distract

And that’s because authentic documents have, from the start of these leak dumps, often served to distract attention from the actual content.

As I noted the other day, FBI’s cooperating troll witness in the Douglass Mackey trial, Microchip, described unashamedly how the trolls ensuring the John Podesta emails would go viral in the last weeks of the 2016 election knew there was no there, there. But they also knew that so long as they could invent some kind of controversy out of them, they could suck the air out of substantive political coverage.

Q What was it about Podesta’s emails that you were sharing?

A That’s a good question.

So Podesta ‘s emails didn’t, in my opinion, have anything in particularly weird or strange about them, but my talent is to make things weird and strange so that there is a controversy. So I would take those emails and spin off other stories about the emails for the sole purpose of disparaging Hillary Clinton.

T[y]ing John Podesta to those emails, coming up with stories that had nothing to do with the emails but, you know, maybe had something to do with conspiracies of the day, and then his reputation would bleed over to Hillary Clinton, and then, because he was working for a campaign, Hillary Clinton would be disparaged.

Q So you’re essentially creating the appearance of some controversy or conspiracy associated with his emails and sharing that far and wide.

A That’s right.

Q Did you believe that what you were tweeting was true?

A No, and I didn’t care.

Q Did you fact- check any of it?

A No.

Q And so what was the ultimate purpose of that? What was your goal?

A To cause as much chaos as possible so that that would bleed over to Hillary Clinton and diminish her chance of winning.

In this model — the exact model adopted by the Twitter Files (and, frankly, virtually all of Trump’s tweets) — the actual documents themselves are just a hook for viral dissemination of the false claims made about the documents, just like most of the Twitter Files are.

Microchip even admitted that disinformation can increase buzz.

Q As you sit here today, back in that time period, did you like to get a rise out of people?

A Sure, yeah.

Q And that’s one of the reasons you posted things on Twitter; correct?

A Correct.

Q Was it your belief back then that disinformation increases buzz? A Um, disinformation sometimes does increase buzz, yes.

The claims about the documents don’t work like truth claims do; instead, they serve to short-circuit rational thought, making it far easier to believe conspiracy theories or intentional disinformation.

We’re seeing some of that now from the disinformation crowd, starting with Tucker and Greenwald.

You can’t always tell who is in a chat room

The Discord kids told WaPo there were “roughly two dozen” active members of the Discord chat room where Teixeira allegedly first released the documents, about half of whom were overseas, including in Ukraine and elsewhere in post-Soviet countries.

Of the roughly 25 active members who had access to the bear-vs-pig channel, about half were located overseas, the member said. The ones who seemed most interested in the classified material claimed to be from mostly “Eastern Bloc and those post-Soviet countries,” he said. “The Ukrainians had interest as well,” which the member chalked up to interest in the war ravaging their homeland.

But the affidavit to search Teixeira’s house says there were twice that many members, approximately 50. WSJ reports that the group was more pro-Russian than the Discord kids have thus far admitted. So while initial reports suggest this was not espionage, it’s far too early to tell either what Teixeira’s motive was or whether he was cultivated by someone else in his server, encouraged to leak certain kinds of documents just as Chelsea Manning was encouraged to seek out certain things over a decade ago.

That’s why I harped on this earlier: I’ve learned, both stuff that’s public and not, about how easily sophisticated actors can manipulate precisely the kinds of people, usually young men, who inhabit these kinds of chat rooms.

Foreign intelligence services have been searching out these opportunities, eliciting both criminal hacking and leaks, for at least a decade.

For example, the LulzSec hackers knew there were Russians in their chat rooms, but didn’t much care. But it might explain why some documents hacked as part of the Syria Leaks that would be particularly damaging to Russia never got published by WikiLeaks, even though multiple sets of the documents were shared with the outlet.

Even the FBI, with subpoena power, may have troubles identifying everyone who participated in a chat room. And if the FBI can’t do it, the teenagers involved likely can’t either. That’s especially true as operational security increases. Which means they may have no idea who they were really talking to, no matter what they tell the WaPo and FBI.

So while Teixeira paid for with this server with his own credit card, it has been shut down long enough that FBI may never be able to figure out who else was in the chat room, much less their real identity. So we may never know what happened before someone decided to ruin their lives by leaking documents with what inevitably will be inadequate operational security.

Which, in the case of Teixeira’s leaks, means we may not know all the people who got advance access to documents months before their publication on Twitter and Telegram alerted the IC about them, to say nothing of whether those people were nudging Teixeira for certain kinds of leaks.

No one controls what happens with dump leaks

Back in 2021, former Principal Deputy Director of National Intelligence Sue Gordon and former DOD Chief of Staff Eric Rosenbach seemingly confirmed that the files released by Shadow Brokers in 2016 and 2017 were obtained after two NSA employees, Nghia Pho and Hal Martin, brought them home from work; there’s no evidence that Pho, at least, ever tried to share them and no proof Martin did either.

In two separate incidents, employees of an NSA unit that was then known as the Office of Tailored Access Operations—an outfit that conducts the agency’s most sensitive cybersurveillance operations—removed extremely powerful tools from top-secret NSA networks and, incredibly, took them home. Eventually, the Shadow Brokers—a mysterious hacking group with ties to Russian intelligence services—got their hands on some of the NSA tools and released them on the Internet. As one former TAO employee told The Washington Post, these were “the keys to the kingdom”—digital tools that would “undermine the security of a lot of major government and corporate networks both here and abroad.”

If that’s right, it means the last most damaging leak to DOD wasn’t intentionally leaked at all, which makes it not dissimilar from the way that Teixeira reportedly intended just to share it with the guys in his Discord server. It was exfiltrated from NSA’s secure servers by employees (in Pho’s case, purportedly for work reasons), then stolen, then released.

In the wake of that discovery, DOJ seems to have started pushing to hold leakers accountable for the unintended consequences of their leaks. In a declaration accompanying Terry Albury’s sentencing, for example, Bill Priestap raised the concern that by loading some of the files onto an Internet-accessible computer, Albury could have made them available to entities he had no intention of sharing them with.

The defendant had placed certain of these materials on a personal computing device that connects to the Internet, which creates additional concerns that the information has been or will be transmitted or acquired by individuals or groups not entitled to receive it.

But it’s a lesson journalists don’t take seriously, except (in most cases) their own operational security. What happened to the source code of CIA hacking tools Schulte took? What happened to the damning files on Russia from the Syria leaks? Did Chelsea Manning envision the State cables she leaked would be shared with someone like Israel Shamir, who reportedly shared them, in turn, with Alexander Lukashenko’s regime in advance — the same kind of advance knowledge that Schulte himself reflected on?

Even the laudable, distinguishing aspect of Snowden’s leaks, that he gave them to journalists to determine what was in the public interest (an approach he abandoned when he described CIA infrastructure in his own book), is a double-edged sword. He made multiple copies of his files — most of which weren’t in the public interest — and handed the files to others, including at least one person, Greenwald, that Snowden knew had started out with epically shitty OpSec. We would never know if someone got some the Snowden files as a result unless, like Shadow Brokers or Teixeira’s leaks, someone started sharing them openly on Telegram.

The damage assessment and the reporting goes on

We are nine days into the public part of this leak and, thanks to WaPo reporters’ success at befriending the Discord kids, WaPo has obtained hundreds of otherwise unpublished documents. In addition to about eight background stories on the leaks and charges against Teixeira, WaPo currently has Discord Leak stories on: Taiwan’s military vulnerability, China’s surveillance balloonsSurveillance on Mexican cartels. There’s nothing that makes WaPo’s reporting more or less credible, more or less honorable, because Teixeira released these to show off to his buddies (if that is why he released them).

The Discord Leaks are a leak dump. They may have more in common with past leak dumps than a lot of past leak dump journalists would like to admit. Importantly, no matter what journalists would like to tell themselves, Teixeira’s motive, if he is the source, will have virtually no impact on the damage he does to US national security or the value those documents offer to the public good, both of which will be driven by the content of the documents and the details of any advance notice adversaries may have gotten.

And legally, Teixeira is going to be treated just like Chelsea Manning and Josh Schulte — which is to say, harshly, unless he decides to flip before prosecutors can build charges on another twenty documents and has information of value to prosecutors. That’s not surprising in the least. But — short of proving he knowingly shared these documents with an agent of a foreign power — nor will it be tied to his motive.

Leak dumps don’t care about motive.

Update: PwnAllTheThings’ analysis of the damage caused by the Discord leaks is worth reading. Along with noting that at least one human source has been put in danger by these leaks (as well as a bunch of SIGINT collection), he describes how these releases could have gotten a bunch of Ukrainians killed.

We don’t know yet if Teixeira wanted lots of Ukrainians to die as a result of his leak. But we definitely know he didn’t care if they did, and they certainly had the potential to cause colossal amounts of death—both military and civilian—in Ukraine, even if that huge potential was never fully realized.

SDNY Calls DOJ’s Definition of the Espionage Act an “Academic Interest”

/19 Comments/in , , /by

DOJ has now responded to my intervention in the Joshua Schulte case. Presumably because my motion, written by Kel McClanahan, focused on how flimsy the government’s claim to keep transcripts of a CIPA conference hidden, the government’s response pitches this as exclusively a CIPA battle. It’s totally a reasonable legal stance.

But along the way, in apparent effort to distract from the topic at issue — in part, the application of the Espionage Act to journalism — SDNY suggests it is just an academic interest whether DOJ would charge someone for sharing classified information already published by the NYT.

The mere fact that someone would like to know information is not a part of the right-of-access analysis, however, and the Government’s motion should be granted.

[snip]

Intervenor’s desire to speculate as to the potential application of the Government’s articulation of the elements of an offense to other circumstances has no bearing on the ability of the public to monitor or assess the actual rulings of the Court in the CIPA § 6 hearings to which Intervenor demands access.

[snip]

[T]he question is not whether redacted transcripts are coherent as a matter of language or whether they might be relevant to Intervenor’s academic interest.

I’m the intervenor here, not McClanahan (who is a professor on national security law at GW Law). I need to know this stuff not just to cover WikiLeaks (I’m more of an expert than the expert SDNY relied on in the first trial, Paul Rosenzweig), but also to understand my own exposure as a journalist.

Not once in the filing does the government use the words “Espionage Act.” Not once does DOJ mention “journalist.” Not once does it mention the NY Times, the hypothetical that DOJ is attempting to hide, which (as Judge Jesse Furman described in a court hearing) is this:

I gave you two hypotheticals. I think one is where a member of the public goes on WikiLeaks today and downloads Vault 7 and Vault 8 and then provides the hard dive with the download to someone who is not authorized to receive NDI, and I posed the question of whether that person would be guilty of violating the Espionage Act and I think your answer was yes. That strikes me as a very bold, kind of striking proposition because in that instance, if the person is not in a position to know whether it is actual classified information, actual government information, accurate information, etc., simply providing something that’s already public to another person doesn’t strike me as — I mean, strikes me as, number one, would be sort of surprising if that qualified as a criminal act. But, to the extent that the statute could be construed to the extend to that act one would think that there might be serious constitutional problems with it.

I also posed the hypothetical of the New York Times is publishing something that appears in the leak and somebody sharing that article in the New York Times with someone else. That would be a crime and there, too, I think you said it might well be violation of the law. I think to the extent that that would extend to the New York Times reporter for reporting on what is in the leak, or to the extent that it would extend to someone who is not in position to know or position to confirm, that raises serious constitutional doubts in my mind. That, to me, is distinguishable from somebody who is in a position to know. I think there is a distinction if that person transmits a New York Times article containing classified information and in that transmission does something that confirms that that information is accurate — right — or reliable or government information, then that’s confirmation, it strikes me, as NDI. But it just strikes me as a very bold and kind of striking proposition to say that somebody, who is not in position to know or does not act in a way that would confirm the authenticity or reliability of that information by sharing a New York Times article, could be violating the Espionage Act. That strikes me as a kind of striking proposition.

The government is no doubt exploiting the emphasis in my filing, but the notion that whether I can be charged for doing journalism is not an academic interest! It’s not just that there is an acute interest, amid the Julian Assange extradition proceedings, to know the government’s thinking about the Espionage Act, it goes to the chilling effect of not knowing what I can safely publish in the course of doing my job. I don’t have the luxury of “speculating” about the application of the Espionage Act, because if I guess wrong, I could be imprisoned for a decade.

The government wants this to be about CIPA. But the problem is that the government is attempting to hide something that is not classified — the elements of offense for a serious crime that can chill the ability to do journalism — via claims about CIPA.

Third, Intervenor asserts a First Amendment right of access premised on the assertion that “the Government present[ed] legal arguments about elements of the crime itself,” which Intervenor claims both have traditionally been open to the public and are of value to the monitoring of the judicial process. (D.E. 988 at 2). Intervenor’s contention that legal arguments the Government may have advanced at the Section 6 hearings are “something that interested persons in the field should know” (id. at 3) simply “cuts too wide a swath—taken to its extreme, considerations of logic would always validate public access to any judicial document or proceeding.” United States v. Cohen, 366 F. Supp. 3d 612, 631 (S.D.N.Y. 2019). Contrary to Intervenor’s suggestion that discussion of the elements of an offense “stray[s] far from a simple discussion of evidentiary issues” (D.E. 988 at 3), such discussion is integral to virtually any assessment of the relevance and admissibility of evidence, including that occurring in CIPA § 6 hearings, in which courts “look to what elements must be proven under the statute,” United States v. McCorkle, 688 F.3d 518, 521 (8th Cir. 2012); see also United States v. Bailey, 444 U.S. 394, 416 (1980) (describing need to “limit[] evidence in a trial to that directed at the elements of the crime”).

Tellingly, SDNY’s citation of a 2019 District opinion relating to the unsealing of Michael Cohen’s search warrants — which were released with redactions, the desired goal here! — is inapt to the question of whether the government should be able to hide its discussions of how it understands the Espionage Act by claiming that that needs to be protected as classified information.

Considerations of logic also counsel against recognizing a First Amendment right to access search warrant materials. Of course, public access to search warrant materials may promote the integrity of the criminal justice system or judicial proceedings in a generalized sense. United States v. Huntley943 F.Supp.2d 383, 385 (E.D.N.Y. 2013) (remarking that “the light of the press shining into the innards of government is necessary to inhibit violation of the public trust”). But such an argument cuts too wide a swath—taken to its extreme, considerations of logic would always validate public access to any judicial document or proceeding. Cf. Times Mirror Co.873 F.2d at 1213 (rejecting as overbroad the argument that the First Amendment mandates access to any proceeding or document that implicates “self-governance or the integrity of the criminal fact-finding process”); In re Bos. Herald, Inc.321 F.3d at 187 (“In isolation, the [rationale that the public must have a full understanding to serve as an effective check] proves too much—under it, even grand jury proceedings would be public.”). As the Ninth Circuit aptly observed, “[e]very judicial proceeding, indeed every governmental process, arguably benefits from public scrutiny to some degree, in that openness leads to a better-informed citizenry and tends to deter government officials from abusing the powers of government.” Times Mirror Co.873 F.2d at 1213.

Understanding the law is a matter that precedes the media’s scrutiny of whether the government abused the Espionage Act in this case (or in Julian Assange’s). And while the elements of the offense of the Espionage Act does dictate whether evidence would be helpful or not to the defense — the consideration of a CIPA hearing — ultimately this debate was about (and significantly appeared in) jury instructions, the law as applied.

Again, SDNY’s stance seems tactical, a response to our filing’s greater focus on matters of classification than the status of the press. But the outcome — SDNY’s claim that I have the luxury of merely “speculating” about the application of the Espionage Act — is alarmingly arrogant.

I was only able to make this challenge because McClanahan was able and willing to help — and he can only do so through the support of his non-profit. If you believe fights like this are important and have the ability to include it in your year-end donations, please consider supporting  the effort with a donation via this link or PayPal. Thanks!

The Day after I Blew Off Josh Schulte He Started Deleting “Suspicious Emails”

/29 Comments/in , /by

On the evening of August 13, 2018, Joshua Schulte activated a Samsung phone he had just gotten in a swap with another detainee at Metropolitan Correctional Center.

On August 14, according to a page of his prison notebook introduced at trial, he wrote up the beginnings of his plan for an “information war” conceived — Schulte claimed at trial — after doing some kind of drugs on August 8.

The way is clear. I will setup a wordpress of joshschulte.wordpress.com and presumption of innocence.wordpress.com. From here, I will stage my information war.

“Give me a phone and a blog and I will change the world,” he wrote in the margin of the same page where he planned out how to manage the limited charge time on his phone: “1 charge per day//use from 3-death.”

On August 21, according to another of the pages introduced at trial, Schulte made plans to cover his tracks.

In between those two days, August 14 and August 21, 2018, Schulte, his cellmate, Omar Amanat, and/or Amanat’s brother, Irfan, pitched me via email that Schulte could, “prove to be the most valuable source of information you have ever had.” The day after I declined that offer, Schulte started “delet[ing] suspicious emails.”

At 6:52PM ET on August 14, I received this email from the psalms100@protonmail account. (I’ve replaced the bitly links with direct links indicating the bitly code, but have not fixed typos.)

Hello Marcy : Confidential Intelligence Source

Dear Marcy,

I am writing on behalf of a senior ex NSA/CIA Intellgence officer who spearheaded many of the CIA’s technology hacking and counter-hacking intelligence efforts against state sponsored hackers overseas between 2010-November, 2016. He is currently imprisoned inside MCC (aka Manhattan’s Guantanamo) next to El Chapo and the Chelsea Bomber. He is charged with the largest leak in the history of the CIA: the Vault 7 release to Wikileaks.

The Government does not allow him to electronically communicate with anyone outside the prison via its monitored electronic communication system because he is designated as a “danger to the facility.” Please keep this source confidential as if all goes well you will be able to speak to him and even meet with him in person to corroborate everything I am writing as an approved visitor. We know you disclosed that you revealed another source to the FBI before and that we are therefore taking a huge risk in contacting you. However in your writings and NPR interview we have gleaned that you are a truly thoughtful independent thinker and patriot unafraid to communicate with others if you deem their underlying intentions to be worthy. That is the case with this source, whom you will find to have a pristine moral clarity and intellect -despite the lurid false and totally unsubstantiated accusations against him.

If you protect his confidentiality he will prove to be the most valuable source of information you have ever had.

He has a lot of material information —- never before revealed to the public —-including, but not limited to, Trump principals and agents acquiescence in what’s going on under cover of night with Putin backed Russian Oligarchs —revealing their true agenda. Trumo had a 2 hour dinner at Nobu in Moscow in 2013 with 12 Oligarchs which laid all of this out in advance. These covert efforts are ill understood by media and political hacks but they are actually the single largest threat posed by Putin-backed Russian Cyberhackers on behalf of the Oligarchy : their successful attempts to target second tier—-but highly strategic—- economic assets using an innovative Russian incubated “disruptive business model innovation” they are now exporting to the West called Reiderstvo. See www.reiderstvo.org It is the mechanism that enabled 12 men to end up with 51% of the wealth of one of the wealthiest countries in the world. If it continues unabated it will end with them perpetrating the largest transfer of power and wealth in the history of the world. —via state sponsored legalized theft —-not new value creation and if followed to its logical conclusion the evolution of this virulent “Malware of the Mind” could possibly usher in the decline of western civilization as we know it by rendering the west’s judicial infrastructure and Federal Rules of Evidence completely comprised and ineffectual.

These reids are highly sophisticated legal campaigns that began in 2016 targeting wealthy Clinton backers and they are using President Trump’s own personal lawyer Marc Kasowitz —-who represents Putin’s own bank the largest bank in Russia -Sberbank. [bitly link 2P3oVSd to this NYT story]. Using a Kasowitz division called Intelligence Options which on its website [bitly link 2BafcX6 to Intelligence Options page] brags about its ability to take out business rival targets in highly coordinated efforts involving law enforcement authorities. He can confirm that the Kasowitz firm has been paid “mid 8 figures” by Russian oligarchs close to Putin to implement Reiderstvo targeting American and European citizens who are falsely arrested and their assets seized by the Oligarchs losing billions in the process using (and distorting) the American justice system. And they are just getting started. The Despite the furor over Peter Strzok the FBI itself is compromised by many recent ex Field Agents loyal to Trump working for Kasowitz Intelligence Options division including many who served as personal security guards for him and his family. We have their names.

Inception Hacks
Our ex CIA tech wiz can confirm that they have already used ‘near misses’ in these disinformation campaigns to convince prosecutors, judges and juries that “real info is fake” and have distorted justice in the process. They have developed a lethal technology that is the “nuclear bomb of hacking” that no other state actor has discovered : “Inception Hacking”: is the planting of fabricated emails onto ISP’s without leaving a trace behind. Imagine planting child pornography on an adversary’s computer without him ever knowing or anyone being able to prove it wasn’t his. No network intrusion. No trace.

$6-9 billion of value has already been stolen from American citizens and another $150 billion is currently in the targets sights with $1Trillion in transfered assets by 2022 as their stretch goal. The targets of these campaign includes one in jail with the ex NSA/CIA intelligence officer who he met at MCC and whose case study you will find fascinating and disturbing.

Is there a phone number I can call you to discuss? I tried sending to your encrypted email but it doesn’t seem to work from protonmail.

Thanks

Jake

I declined the offer to connect with “the most valuable source of information you have ever had.”

Aside from an email I sent on October 29 after the contraband phones were revealed in a court filing (which went unanswered), our last contact was at at 3:49PM on August 21, the same day Schulte wrote a list of things to do to hide his tracks.

I wasn’t sure whether this pitch came from Schulte and/or someone working with him until the first trial. I’m still not sure who, specifically, sent the email. But evidence submitted at Schulte’s two trials revealed that the pitch used common content and the same email as were used in later efforts using contraband phones. It was Schulte or someone else involved in his efforts to communicate from jail.

Most notably, the email address — [email protected] — is the same one mentioned in a Signal text sent to Shane Harris about seven weeks later, after Schulte was thrown in SHU on October 1. The text probably reflects Schulte cellmate Omar Amanat’s effort, using Schulte’s Samsung after Amanat’s own iPhone had been seized, to get Harris to move to an account he still had access to.

In what follows, I will use the pronoun, “they,” to reflect that the email was, for the reasons I lay out here, probably a collective effort. At least in the case of a very similar email sent to Shane Harris months later, Schulte, Omar, and Irfan Amanat all worked on a common Google Doc, chatting on the side via encrypted texts, to put together the content of the email. Given the similarity between the documents and the use of the common protonmail account, I think it likely that the same happened with the email sent to me.

I’m sharing this now for several reasons. Most notably, I’m intervening in the case in an attempt to liberate a discussion during a sealed CIPA hearing about DOJ’s application of the Espionage Act, and I don’t want DOJ to have any lingering suspicions that I ever pursued a secret back channel with Schulte. I’ve long wanted to be transparent about this, given how closely I have covered the case. But I wanted to wait until after the guilty verdict to avoid contributing in any way to Schulte’s prosecution (I had hoped to wait until his post-trial motions were adjudicated, which is why I didn’t do it during the summer, when I started drafting this post). And for a variety of reasons, the WikiLeaks crowd has belatedly decided to spin Schulte as a hero, so I wanted to explain why I’m so certain he’s a fraud.

I’m sharing it (but not subsequent emails) because I did not agree to confidentiality before they sent it and I’m certain this email and follow-ups are riddled with lies. For example, the claim that this email was sent from a Schulte cousin and their representations about communications in jail almost certainly served to hide the use of a contraband mobile phone to send it. While Schulte’s cousin was involved in contacting other journalists, according to a 2020 FBI interview he did, he only ever used a JohnGalt@protonmail account to do so, and Schulte demonstrably lied to Shane Harris later in the summer about the same cousin.

Court filings give reason to believe Schulte was a liar even before I got this email, but this correspondence is one reason I’m certain he is.

I’m sharing this email, too, because I think the way they pitched this may be of interest for others trying to understand what Schulte was up to. For example, whereas Schulte got WaPo’s Harris to make a series of agreements before sending this Reiderstvo pitch on September 22, 2018, they just gave it to me as the initial dangle. Boom. Here’s the purported good stuff! I regarded it then, as now, as a dangle, an attempt to package up what they imagined I most wanted to hear as a way to get me on the phone. Maybe they tried to raise the value of it with Harris by making it harder to get?

The content of the email sent to me, too, may be of interest. It’s unclear whether and if so how the “Reiderstvo” pitch evolved by the time they prepared to send it to Harris. But as it appears here, it seems, at least in part, a bid to create an alternative narrative that might undermine the viability of the evidence against both Schulte and Amanat. The idea laid out in the “Inception Hacking” passage of the email incorporates alibis that both Schulte and Amanat were offering in their own defense in 2018 (and still, in Schulte’s case): a claim that the FBI fabricated Yahoo emails in Amanat’s case, and a claim that the FBI planted Child Sexual Abuse Material on Schulte’s computer in his case.

The form of the claim capitalized on Schulte’s own hacking expertise.

Here’s how Schulte described that expertise in another document he wrote in jail.

Do you know what my speciality was at the CIA? Do you know what I did for fun? Data hiding and crypto. I designed and wrote software to conceal data in a custom-designed filesystem contained within the drive slackspace or hidden partitions. I disguised data. I split data across files and filesystems to conceal the crypto — analysis tools would NEVER detect random or pseudo-random data indicative of potential crypto.

This was part of the National Defense Information that Schulte was charged and convicted of leaking from jail. So there must be truth to it (to be clear, I have no reason to believe the things in the email to me are true, much less classified).

Significantly, the email sent to me also calls “Inception Hacking,” “Malware of the Mind,” which is the name Schulte gave to that larger document in which he described “disguis[ing] data.”

According to this pitch, the evidence of Schulte and/or Amanat’s guilt was instead proof they were victims of the kind of hack Schulte bragged he could do for the CIA, but here the culprit (in an email to someone they seemed to think would respond enthusiastically) was Russia, not CIA.

Equating Malware of the Mind with Inception in the email sent to me invokes another spy movie, like the Jason Bourne identity Schulte (predictably) adopted as his own, days after this email was sent.

Finally, I’m posting this because of the timing. While I can’t prove this email came from Schulte, as opposed to one of the Amanats or someone else tied to them, during the entirety of the first week Schulte had that Samsung phone, someone was trying to get me on the phone with him, promising that I could speak to him without jailhouse monitors knowing (a claim I found absurd at the time, but which made more sense once I learned of the contraband phones). The day I said, “no,” August 21, Schulte made a list of things to start deleting. The next day, August 22, he renewed his outreach to Harris.

I didn’t then and don’t now know what to make of this. On the one hand, Schulte attempted to speak to a number of journalists who cover this beat; at least five others have been identified in trial exhibits and court filings. In that, there’s nothing special about outreach to me.

Plus, there’s a perfectly reasonable explanation for why they pitched some journalist at the time. At least according to jail house informant Carlos Betances, Schulte wanted the Samsung because, after someone that Betances believed to be Schulte’s cousin got raided by the FBI, Schulte grew paranoid that the FBI could be monitoring the phones Schulte and his buddies already had.

Q. Mr. Betances, what did the defendant say about why he didn’t want to use iPhones anymore?

A. Because of a conversation in Chino’s cell, he was very scared because his cousin — or, I don’t know who it was. The FBI had gone to that person’s house. They had taken his computer, and since then, he was very scared. So he wanted to replace all phones. He wanted to get all new phone chips, and because of something like that that had happened; he didn’t know what.

[snip]

Q. OK. But that has nothing to do with the FBI or my cousin, right?

A. It does have something to do, because we had that conversation, and you were there.

Q. OK. So when you described me as very scared, what is that based on?

A. Because you said we had to change the phones, we had to change everything. You were freaking out. You were freaked out, in panic mode.

Q. OK. So your description’s not based on the demeanor but based on what you say are requested actions from me, right?

A. I didn’t understand your question. Could you repeat it?

Q. Yes. It wasn’t my outward appearance but what we were discussing that led you to believe I was very scared, right?

MR. LOCKARD: Objection. Form.

THE INTERPRETER: I’m sorry, sir. Did you say something? The interpreter just wants — did you say something at the very end?

MR. SCHULTE: I think there was an objection.

THE COURT: The objection’s overruled.

A. It’s not that you made me believe. It’s the way that you were acting, your outward appearance. You were freaking out.

Q. OK. And what was I scared of?

A. The fact that we had to change our phones, you were pacing back and forth, because the FBI might be listening in on the calls; they might do something. And then, so I asked you why. You know, did you talk to somebody on the phones that we were all using? And that’s when you didn’t answer me. You didn’t say yes or no.

It may not have been his cousin, Shane Presnall, but instead his parents that Schulte was worried about.

DOJ had been ratcheting up pressure on Schulte’s attempts to leak from jail for months by August 2018, when I got this email. In response to journalists publishing information on Schulte’s affidavits in May, DOJ admonished Schulte for violating his protective order. In an attempt to learn how the affidavits had gotten shared, the FBI first interviewed, then served a subpoena on Presnall to appear before the Grand Jury on June 13.

On June 28, Schulte posted a pro se bail application that the CIA claimed included classified information, which led the FBI to ask his parents and attorney in Texas for any classified information, something he repeatedly called a “raid” during the trial.

Then, in early August, Presnall turned over to DOJ another of Schulte’s narratives, which by description may be the one his parents wouldn’t post for him.

On or about August 6, 2018, Presnall, through counsel, produced documents responsive to the subpoena and an index. The index described Articles 1 through 7 by Joshua Schulte, which corresponded to the articles published on the John Galt’s Legal Defense Fund Facebook page in April 2018; as well as an “Article 8 by Joshua Schulte” and the Schulte Article described as “Article entitled ‘. . .unalienable Rights, that among these are Life. Liberty and the pursuit of Happiness’ by Joshua Schulte.” ” (Ex. 4; id. at JAS_021890-JAS_021902). The latter two articles had not yet been published on Facebook. The Schulte Article has four chapter headings, including “Chapter 1: The confrontation,” “Chapter 2: my last experience at the CIA and my reason(s) for resigning,” “Chapter 3: Hell,” and “Chapter 4: The Red Pill.” As with his other articles, the primary thesis of Schulte Article is that the defendant is innocent and he is the victim of lawless, dishonest agents and a criminal justice system uninterested in civil liberties or truth.

As I have noted, this article not only referred to his colleagues whose identities were classified by name, which if published would have exposed their identities, but also described the benefit to Russia that advance access to CIA’s source code would provide. It was a really damning document.

Inexplicably, DOJ did not use it in either of the two trials against Schulte.

The government’s discovery of the materials from Presnall may explain the panic that shows up in Schulte’s notebook in this period, with two notes Schulte wrote reflecting concern that the government had compromised the IMEI numbers for “all 3” phones.

 

The reference to three phones is probably a reference to the contraband jail phones, but Schulte used three different phones in 2017, after FBI seized a first one, that he would have received discovery on. In any case, DOJ’s increased efforts to crack down on his leaking from jail would have come just as reviewing his own discovery may have led Schulte to belatedly realize the import of the basic investigative tools, such as subpoenas for subscriber records, which the FBI uses to track suspects. That is, at precisely the time he was pursuing a variety of means to leak from jail, Schulte discovered that he hadn’t covered his tracks anywhere nearly as well as he arrogantly believed he had.

So he got a new phone and tried to encrypt everything.

So it would be unsurprising for Schulte, believing his past communications with journalists to have been exposed, to try someone new — me. Then the day after I said no, Schulte turned to reestablish ties with Harris via a new channel and new false identity.

But let’s be honest: it was fucking insane for these guys to do a cold outreach to someone who (as they note!) had only recently publicly confessed to sharing information with the FBI. I’ve never spoken to the FBI about this, but if they did find evidence that Schulte had reached out to me, the outreach would be adjacent enough to the things I did share, it would set off alarms bells all over DOJ. Indeed, there are several non-public details –details that DOJ knows about — that make me uncertain, even today, whether Schulte wasn’t trying something more, and one of those details may have led DOJ to suspect the same.

Plus, Schulte had no reason to believe I’d be receptive to his story. Already, in my coverage of Vault 7, I had made observations — such as that someone may have used CIA’s own hacking tools against it or that Schulte violated release conditions to get back on Tor in the wake of an Assange tweet seeming to use the stolen CIA documents for leverage against Don Jr — that may have been of particular interest to Schulte. But my coverage of Schulte wasn’t particularly sympathetic at all. Even in 2018, Schulte was unlikely to convince me of his lies, and that should have been clear from what I had written.

It’s pretty likely that DOJ did discover traces of this outreach, which is another reason I’m not withholding it. Schulte laid out a plan to delete his Google Docs (given the length of the email and the hotlinks in this email, I assume it was drafted in Google Docs, as the documents later shared with Harris were) the same day I declined this offer, so DOJ may not have the banal content of this email. But even assuming he deleted drafts of this email written collectively on Google Docs, given all the references to other journalists submitted in exhibits and other court filings, I assume references to me would show up in the same places that their names did: in searches conducted using the other phones, in text threads conducted on WhatsApp before Schulte installed Signal, in Schulte’s notebook, in pictures that jailhouse informant Betances took of the phones he tended (by Betances’ description, the email to me was sent before Schulte changed the password to the Samsung). DOJ has a great deal of evidence about Schulte’s actions they didn’t share at trial, and given the timing, much of it would be precisely where any mention of my name would appear.

For example, my name doesn’t show up in unredacted form in what were described as the “Internet searches” done on the Samsung (this is the version introduced at the first trial), though those only start on August 13, by which point whoever sent the email presumably had already gotten contact information for me. But it’s likely it shows up on another phone — perhaps the iPhone that Amanat had been using, or in Google searches (at the first trial the jury got all of Schulte’s Google searches, but the exhibit was not released publicly). Someone went to my website to get both the email addresses I had listed at the time.

Nor does my name appear in the prison notebooks introduced at trial. But there are twenty pages in Schulte’s prison notebooks between the beginning of the August 14 entry and the beginning of the August 21 one, just one of which was included in the trial exhibit. So even assuming the FBI never got into the psalms100 ProtonMail account (something I think is unlikely), they probably learned of the existence of this email via the notebook and searches, and may have gotten the content from Google Docs. So the final reason I’m sharing this is to clarify for anyone at DOJ who might still wonder about this that I said “no” to this outreach. There’s probably nothing in the email Schulte sent me that they didn’t find in other places.

And, yes, whoever sent this really did use “Confidential Intelligence Source” in the subject line of an email sent to a Gmail email, and they really did mention Vault 7 in the first paragraph.

So Schulte and his buddies were not just liars and bad suck-ups, but also stupid.

Again, I had and have no idea what to make of this — though over the course of two trials, how it fits into Schulte’s efforts to work the press in 2018 makes more sense. But at the very least, it hints that there are a lot more things in evidence seized from Schulte’s jail cell that were likely of interest to investigators, but not evidence of a crime.

Sabrina Shroff Really Wants to Meet in Person with Josh Schulte

/5 Comments/in /by

Something odd happened in the Josh Schulte case yesterday.

He still has to submit his Rule 29 motion for acquittal and Rule 33 motion for a new trial for his trial. Before the government seized his laptop in a search, they were originally due September 23.

But since the FBI allegedly found Child Sexual Abuse Material on his discovery laptop — the FBI suspects he copied it from the materials allegedly on his home computer via a thumb drive brought into the SCIF storing his discovery — he has been restricted to a typewriter, and so will be given more time to write the filings.

On October 6, Judge Jesse Furman ordered the two sides to come up with a new schedule for those motions by Friday to accommodate that restriction.

The FBI is also investigating Schulte for having contraband on his discovery laptop. Back in September, Schulte insisted that “the only material on the laptop was provided by the government or my attorneys.”

So early yesterday, the government filed a letter, effectively pre-empting one they said that Schulte’s attorney, Sabrina Shroff, had written but not yet docketed. They did so, they said, because hers was inaccurate and did not reflect consultation with Schulte, who is representing himself pro se on the last trial.

Counsel’s letter, which asks the Court to order the means by which the parties carry out their obligation to meet-and-confer about a proposed motions schedule, (i) is materially inaccurate, (ii) seeks unnecessarily burdensome and delay-laden restrictions on what should be a straightforward conversation about a schedule, and (iii) inappropriately attempts to speak on the defendant’s behalf with respect to an issue for which the defendant is pro se. Defense counsel’s letter falsely claims, for example, that the Government previously refused to have calls with the defendant while he was in the MDC and has “repudiated” this practice; when, in fact, the Government previously arranged meet-and-confer calls with the defendant during his courthouse SCIF days because doing so was logistically simpler. Here, where the defendant is no longer produced to the SCIF, the Government proposed a telephone call from the MDC, which defense counsel has been invited to join. When counsel objected to the call, the Government noted that the defendant is pro se and entitled to decide for himself whether or not to participate in the call and, if he declined to do so, the Government would attempt to confer through other means. The Government also offered to respond to a proposed schedule from the defendant conveyed by counsel. Rather than pursue either option or allow the defendant to speak for himself on this pro se matter,1 defense counsel submitted today’s letter to the Court.

1 Counsel’s letter does not assert that the defendant is incompetent to act for himself pro se and makes no representation that the defendant was consulted on the letter.

When Shroff’s letter was finally docketed (with two redactions describing Schulte’s current status, apparently something pertaining to having been moved from his prior cell), it became clear that she’s insisting on using the meet-and-confer as an opportunity to meet with him in person, rather than with her on the call, or barring that, ensuring that anything Schulte say not be used against him.

In the past, the government has fulfilled its meet and confer obligations by calling Mr. Schulte in the SCIF, where one or more of his standby counsel could be physically present and beside Mr. Schulte as he spoke with opposing counsel. During the time Mr. Schulte was entirely pro se, the government refused to have calls with him while he was at MDC-Brooklyn, insisting the calls take place while he was at the SCIF. Each call was recorded by the government and an FBI agent was present for the call.

In repudiation of this prior practice, the government now seeks to meet and confer with Mr. Schulte by arranging a telephone call with him at the MDC, meaning no defense counsel would be physically present next to Mr. Schulte during the call.1 Given (i) the hybrid representation in place; (ii) Mr. Schulte [redacted];2 and (iii) such a setup is not necessary, it would not be prudent for defense counsel to agree to such a meet and confer.

In lieu of the government’s proposal, defense counsel has offered to (i) take the government’s proposed briefing schedule to Mr. Schulte to get his sign-off;3 (ii) allow the meet and confer at the MDC, provided the government can arrange for Mr. Schulte’s counsel to be there physically with him in the same room; (iii) have Mr. Schulte produced at the 500 Pearl Street pens on the 4th floor for the meet and confer; or (iv) if the Court allows the meet and confer to take place outside the physical presence of counsel as the government demands, that the government agree not to use any purported spontaneous statements or questions that may come out during the call against Mr. Schulte at any future legal proceeding. The government has rejected each of these four proposals.

Given this impasse, and the importance of defense counsel being physically next to Mr. Schulte when the Government speaks with him, we respectfully ask the Court to Order the government to adopt one of the four proposals, so the meet and confer can proceed in a manner that allows defense counsel to step in and ensure that Mr. Schulte’s right against self-incrimination and right to counsel are protected.

1 Defense counsel has apprised the government of her unavailability on the government’s chosen date and time of October 19, 2022, and asked at the very least, the call be re-scheduled should the Court not grant the requested relief.

2 Neither the government nor the BOP informed counsel for Mr. Schulte [redacted] The BOP did not provide (for three days in row) the requested emergency legal calls. In person visits were also made unavailable. Counsel was told that the in-person visit could not take place as the room in the SAMs unit was occupied by other counsel, when in fact Mr. Schulte was not on his regular unit.

3 I twice offered to go to the MDC and vet with Mr. Schulte the government’s proposed briefing schedule for the Rule 29 and 33 motion. The government declined to provide its proposed timeline/schedule to me.

While Shroff’s letter sounds sketchy in light of Schulte’s own observation that any contraband had to have come from the government or his lawyers, Shroff is too smart to facilitate Schulte’s crimes. That said, the record suggests that he manipulates every single human being he comes into contact with, including his own family. I think the most likely explanation for any contraband is that he made a seemingly reasonable request for something from his lawyers, and then repurposed it.

The government, meanwhile, has used the recent developments to propose a long delay — with briefing to begin two months from now — on Schulte’s pretrial motions. Now they’re proposing he submit his motions on December 16.

I’ve been wondering how Schulte would respond to being accused of reaccessing CSAM material, something that, if proven, would make proving his pending charges on that easier to prove and also dramatically increase his potential sentence. He’s at the point where he has to be contemplating life in prison.

However he has and will respond, Shroff is worried about him speaking with the government without being present.

FBI Allegedly Found Child Sexual Abuse Material When It Searched Josh Schulte’s Discovery Laptop

/21 Comments/in /by

For the past several weeks — since his attorney, Sabrina Shroff, filed a letter on September 28 asking why he hadn’t been delivered to the SCIF as expected on September 26 — there has been something weird going on in the docket for Josh Schulte — who in July was convicted of stealing and leaking the CIA’s hacking tools to Wikileaks. She noted there was a probable request that he be withheld from the SCIF in the docket and wanted access to it. Today, the government unsealed three filings explaining what happened: They allegedly caught Schulte with Child Sexual Abuse Material again. Almost four years to the day after he was found using contraband phones in MCC, the government did another search of his cell to figure out whether and how he got the CSAM (which probably came from his discovery pertaining to the files allegedly on his home computer in 2017).

The filings are:

What happened is this:

July 27: The government obtained a warrant for Schulte’s discovery laptop covering contempt and contraband with search run by filter AUSA.

As the Court is aware, on July 27, 2022, United States Magistrate Judge Cheryl L. Pollak of the Eastern District of New York signed a warrant authorizing the seizure and search of the laptop previously provided to the defendant for his use in the Bureau of Prisons for reviewing unclassified discovery and preparing litigation materials in this case (the “Laptop Warrant”), which was at that time located at the Metropolitan Detention Center (“MDC”) in Brooklyn, New York. Pursuant to the terms of the Laptop Warrant, the initial search and review of the contents of the defendant’s laptop for evidence of the subject offenses set forth therein, specifically violations of 18 U.S.C. §§ 401(3) (contempt of court) and 1791(a) (possessing contraband in a correctional facility), is being conducted by agents from the Federal Bureau of Investigation (“FBI”) who are not part of the prosecution team, supervised by an Assistant U.S. Attorney who is also not part of the prosecution team and is experienced in privilege matters (the “Wall Team”), to segregate out any potentially privileged documents or data.

August 26: The FBI discovered an extra thumb drive in the SCIF.

On or about August 26, 2022, Schulte was produced to the Courthouse SCIF and, during that visit, asked to view the hard drive containing the Home CSAM Files from the Home Desktop. The hard drive was provided to Schulte and afterwards re-secured in the dedicated safe in the SCIF. The FBI advised the undersigned that, while securing the hard drive containing the Home CSAM Files, they observed that an unauthorized thumb drive (the “Thumb Drive”) was connected to the SCIF laptop used by Schulte and his counsel to review that hard drive containing the Home CSAM Files. On or about September 8, 2022, at the Government’s request, the CISO retrieved the hard drive containing materials from the Home Desktop from the SCIF and returned it to the FBI so that it could be handled pursuant to the normal procedures applicable to child sexual abuse materials. The CISO inquired about what should be done with the Thumb Drive, which remained in the dedicated SCIF safe. The Government requested that the Thumb Drive remain secured in the SCIF while the Government completed its review of the defendant’s laptop and continued to investigate the defendant’s potentially unauthorized activities.

September 22: FBI discovers “a substantial amount” of suspected CSAM on his discovery laptop with review run by a second AUSA.

[O]n September 22, 2022, the Wall Team contacted one of the FBI case agents handling this matter to inform him that, during the Wall Team’s review of the defendant’s MDC laptop, they had discovered a substantial amount of what appeared to be child sexual abuse materials (the “Laptop CSAM Files”) and to request guidance about how to proceed.

[snip]

[A]nother Assistant U.S. Attorney was assigned to the Wall Team at the request of the undersigned to be able to review the material and assist in obtaining that additional warrant, which this Court issued on September 23, 2022 (the “CSAM Expansion Warrant”).

October 5: FBI executes a search on Schulte’s cell, the SCIF, and electronics in the SCIF.

One warrant, which was issued on October 4, 2022 by United States Magistrate Judge Robert M. Levy of the Eastern District of New York, authorized the search of the defendant’s cell at the MDC and the seizure of certain materials contained therein, including electronic devices (the “MDC Cell Warrant”). The second warrant, which was also issued on October 4, 2022 by this Court, authorized the seizure and search of three specified electronic devices previously used by the defendant in the Courthouse Sensitive Compartmented Information Facility (“SCIF”) in connection with his review of CSAM obtained from the defendant’s home computer equipment and produced in discovery for review in the SCIF (the “CSAM Devices Warrant”). Both the MDC Cell Warrant and the CSAM Devices Warrant contain substantially the same procedures as the CSAM Expansion Warrant for initial review of the seized materials by the Wall Team. Both warrants were executed by the FBI on October 5, 2022.

DOJ is still investigating the discovery laptop for both the contraband and the CSAM. But they’re ready to give Schulte a typewriter so he can write his post-trial motions.

As the Government previously informed defense counsel and the Court, the Government cannot at this point consent to providing the defendant with a replacement laptop under any conditions (D.E. 950), in light of both his convictions of a variety of computer-related offenses and the additional evidence of his misconduct with regard to the previous MDC laptop that was seized. The Government has conferred with legal counsel at the MDC to request that the defendant have access to a typewriter for purposes of drafting these post-trial motions, similar to that available to inmates in general population. MDC legal counsel has indicated that this would likely be possible, subject to approval from the senior management of the MDC.

The French President May Be Contained Inside the Roger Stone Clemency

/108 Comments/in /by

These are pictures the FBI took during their March 2017 search of Josh Schulte’s apartment for evidence that he violated 18 USC 793, one of the same crimes for which Trump is being investigated. (I’ve not included links and included just fragments of the images to minimize privacy impact.)

I thought they’d be useful background to the search of Trump’s golf resort and the receipts included on the publicly released warrant. As I understand it, the FBI takes these pictures for several reasons:

  • To document the condition of a search location before they start their search in case of an attempt to suppress the seizure
  • To record the original location and condition of each item that will be seized
  • To assist the inventory process

In Schulte’s case, the FBI put a post-it bearing a letter A-G in the framing picture they took of every room in his apartment (I’ve shown B, the closet, and D, his living room), then used additional post-its to identify the items they would seize from those rooms. The pictures make it easy to show (for example) that the FBI took item B1, probably a server, from the closet where it had been stored next to the Kingsford Charcoal bag and under the vacuum cleaner.

FBI’s use of this kind of process is one of the reasons that I think the grant of executive clemency for Roger Stone described in the inventory of the search of Mar-a-Lago is probably neither the commutation nor the pardon that we already know about: Stone’s get out of jail free card for lying to cover-up whatever real back-channel he had to Russia’s hack-and-leak effort.

It appears to show that the “Info re: President of France” was contained inside the “Executive Grant of Clemency re: Roger Jason Stone Jr.”

While we can’t be sure, it appears that the FBI used a similar labeling system as used in the search of Schulte to identify all the boxes the found when they arrived at Mar-a-Lago, A-1 through at least A-73, then went through, room by room, to determine whether those boxes were covered by the scope of the warrant. Ultimately, the FBI seized 27 boxes out of what appears to be at least 73 they inspected.

The warrant permitted the FBI to seize anything that was obviously evidence of two of the three crimes under investigation:

  • Presidential or Governmental Records created during Trump’s term, which because they weren’t turned over under the Presidential or Federal Records Act, might be evidence that someone removed records from a public office and therefore a potential violation of 18 USC 2071
  • Any evidence of the knowing alteration, destruction, or concealment of Government and/or Presidential Records, or of any documents with classification markings, which in addition to being a potential violation of 18 USC 2071, might also be evidence that Trump obstructed the Archives’ efforts to fulfill its duties under 18 USC 1519

The way in which the warrant authorized the collection of evidence for the third crime, 18 USC 793, was two-fold. First, the FBI could collect any document about the storage of classified information. Responsive records might include a post-it note saying, “Sekrit, Keep Out,” the email from Jay Bratt telling Trump’s lawyers his storage facilities didn’t comply with regulations setting standards for storing classified documents, or cover sheets for classified documents that were discarded (the FBI found some of those in Schulte’s shredder and used those as evidence at trial to prove he knew he had CIA documents). The FBI would use such things to show that Trump or his staff knew how they were supposed to keep classified documents.

In addition, the FBI was allowed to seize documents with classification markings, stuff in the same box as such documents, and stuff in the same storage location as such boxes.

Any physical documents with classification markings, along with any containers/boxes (including any other contents) in which such documents are located, as well as any other containers/boxes that are collectively stored or found together with the aforementioned documents and containers/boxes;

As I showed in my nifty graphic the other day, that might might explain how the FBI seized three of Trump’s passports. If they were in a box with classified documents — here shown by Trump’s diplomatic passport in the leatherbound box where he allegedly also had TS/SCI documents — or in a box in the same closet as boxes that stored classified documents — shown here as a box with no classified documents but stored in the same closet where he had boxes with Top Secret and Secret documents — then FBI would be permitted to seize them, but would (and did) return them once they confirmed they were out of scope.

This proximal search protocol may be part of the reason why the FBI seems to have used sub-entries to describe the contents of 11 boxes.

Items 1 through 7 or 8 may have come from either Trump’s office or residence (wherever he stored the leatherbound box that, according to a Guardian story, only his family knew about).

If so, under the proximal protocol, all could be seized if they were stored in the same place as Item 2, a leatherbound box, in which there were documents marked TS/SCI. (Of course, they could also be seized if they fit one of the two other search criteria, a possible Presidential Record — as item 3 is described — or proof of obstruction.)

There are no classified documents identified in boxes A-12, A-13, A-14, or A-17, but they were likely stored in close proximity to boxes A-15, A-16, and A-18, which are described to contain documents with classification marks. There are no classified documents identified in boxes A-22, A-24, or A-26, but boxes A-23, A-27, and A-28 are listed as containing documents classified at various levels. Boxes A-71 and A-73 may have been stored in an entirely different place at Mar-a-Lago, but the former could have been seized under the proximal search protocol if it were stored in the same place as box A-73, which is listed as containing Top Secret documents.

If this is right, then these labels on boxes (and their inclusion in the inventory) would serve several purposes. It would signal which boxes had to be treated with greater care in seizing them and taking them to the FBI inventory. It would make it easy for those doing intake to identify where the most sensitive documents were and which documents needed to be sent for classification review. It would reveal to the public that the FBI found precisely what it expected to find: stolen classified documents. And it would at least hint that the FBI did follow this proximal protocol, taking just 27 out of at least 73 boxes it reviewed, almost all of which appear to have been in close proximity to other classified documents.

The single solitary exception to what appears to be a practice of listing the contents of boxes in this entire inventory is the Roger Stone clemency.

It’s possible 1A, the information on the French President, wasn’t part of the clemency. Maybe Trump has a folder full of blackmail on people, and his blackmail on Emmanuel Macron was paper-clipped to his pardon for Stone. Maybe his filing system is just even more chaotic than reported, and Stone and Macron simply ended up in the same box, swimming through Trump’s mementos for all eternity together.

But the most likely explanation of this, given the rest of the inventory, is that the information about a President of France is information included inside the Stone clemency.

If that’s right, the reasons the FBI might have recorded the content of what would be a previously unknown Executive Grant of Clemency could be similar to the reasons listing the classified documents Trump had stored away. If this document is not a Presidential Record, a classified document, or proof of obstruction via evidence impairment (using a pardon to obstruct justice would not qualify under 18 USC 1519, unless the FBI were seizing it under a Plain View claim), then the FBI had no business taking it unless by dint of proximity to the leatherbound box containing TS/SCI documents. If this apparent grant of clemency weren’t on official letterhead, for example, it’s not clear that it would be a real grant of clemency, and so not a Presidential Record. Maybe Trump and his rat-fucker just engage in pardon cosplay together to relive the old times, and they have a game to think up the most outlandish pardon? That may be one of the purposes of including the reference to a French President, if it’s really part of the clemency. For example, the reference may appear potentially classified, perhaps non-public information obtained via intelligence intercepts, which would be another proper reason to seize the document under the warrant.

Of course, the FBI also might have recorded that tidbit for the same reason I keep coming back to it, because the agent looked at it and said WTF, and wanted to make sure someone else chased down what this is about.

Again, this is not definitive. But given the convention that seems to be used elsewhere in the warrant receipt, there is more evidence this is not the known commutation and pardon for Stone than that it is, because it appears to include something — some tie to a President of France — that neither of those do.

In a follow-up, I’ll explain why this is not as outlandish as it seems.

Update: Here’s a bureaucratic manual on FBI evidence collection. It’s not really helpful but it’s a guide to all the forms that are being filed to catalog stuff seized from Trump’s home.

emptywheel Trump Espionage coverage

Trump’s Timid (Non-Legal) Complaints about Attorney-Client Privilege

18 USC 793e in the Time of Shadow Brokers and Donald Trump

[from Rayne] Other Possible Classified Materials in Trump’s Safe

Trump’s Stolen Documents

John Solomon and Kash Patel May Be Implicated in the FBI’s Trump-Related Espionage Act Investigation

[from Peterr] Merrick Garland Preaches to an Overseas Audience

Three Ways Merrick Garland and DOJ Spoke of Trump as if He Might Be Indicted

The Legal and Political Significance of Nuclear Document[s] Trump Is Suspected to Have Stolen

Merrick Garland Calls Trump’s Bluff

Trump Keeps Using the Word “Cooperate.” I Do Not Think That Word Means What Trump Wants the Press To Think It Means

[from Rayne] Expected Response is Expected: Trump and Right-Wing DARVO

DOJ’s June Mar-a-Lago Trip Helps Prove 18 USC 793e

The Likely Content of a Trump Search Affidavit

All Republican Gang of Eight Members Condone Large-Scale Theft of Classified Information, Press Yawns

Some Likely Exacerbating Factors that Would Contribute to a Trump Search

FBI Executes a Search Warrant at 1100 S Ocean Blvd, Palm Beach, FL 33480

The ABCs (and Provisions e, f, and g) of the Espionage Act

Trump’s Latest Tirade Proves Any Temporary Restraining Order May Come Too Late

How Trump’s Search Worked, with Nifty Graphic

Pat Philbin Knows Why the Bodies Are Buried

Rule of Law: DOJ Obtained Trump’s Privilege-Waived Documents in May

The French President May Be Contained Inside the Roger Stone Clemency

DOJ’s June Mar-a-Lago Trip Helps Prove 18 USC 793e

/135 Comments/in /by

Everyone is squabbling over whether DOJ should release more information on the search of Mar-a-Lago, with entirely reasonable people saying they want DOJ to have to defend taking documents the government owns so we can learn more about what went down.

But we may get more clarity more easily than that. That’s because, if DOJ has any intention of actually charging Donald Trump for stealing classified information, then obtaining specific documents he stole may be one of the last things they need to do before charging him.

As I noted here and here, one of the statutes that’s likely on the table for the Former President is 18 USC 793(e), basically taking national defense information you’re not authorized to have and refusing to give it back.

Whoever having unauthorized possession of, access to, or control over any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note relating to the national defense, or information relating to the national defense which information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;

Regular readers of this site are familiar with this statute because I’ve covered tons of cases charging it: Reality Winner and Hal Martin and Joshua Schulte, among others.

But I went back and found some pattern jury instructions for the unlawful retention charge, and because of that meeting in June, DOJ has most of what they’d need to charge the Former President.

Here’s what jurors would be asked to decide:

Did the defendant, without authorization, have possession of, access to, or control over a document that was National Defense Information?

Yes. The Archives spent a year telling him he was not authorized to have it under the Presidential Records Act.

Did the document in question relate to the national defense?

We don’t know what the documents in question are, but given WaPo’s description in February, then absolutely.

Bonus fact: The jury decides if something was NDI, not the former Original Classification Authority (the fancy term for, “the President gets to decide whether something is classified or not”). So if the agency whose document Trump stole is still trying to protect it from hostile powers, if that agency still believes it is classified, if it remains secret, then a jury is likely to find that it’s NDI.

Did the defendant have reason to believe the information could be used to the injury of the United States or to the advantage of any foreign nation?

Trump is such a psychopath that the answer to this might normally be in question. After all, he routinely treated top secret intelligence like it was toilet paper or party favors for visiting Russians.

Except DOJ went to Trump’s residence in June and told him this information could harm the US. Then they wrote him a letter, saying that it could harm the US and could he please put a padlock on the basement room that had, up until that point, been accessible to all the suspected foreign assets who’ve paid the price of admission to Mar-a-Lago.

Did the defendant retain the above material and fail to deliver it to the officer or employee of the United States entitled to receive it?

Yes! The Archives asked and asked and asked. And then DOJ went to his home and asked again!

Did he keep this document willfully?

Yup. Again, DOJ asked and asked and asked. Trump exhibited awareness the Archives were asking. He stopped in to say “hi!” when Jay Bratt, the head of DOJ’s espionage section, came to visit. And he still hoarded the document.

This may be why Trump claims that nothing was in the hotel safe in his bridal suite, by the way. Keeping these documents at Mar-a-Lago was willful by itself. But keeping such documents in his safe would be proof that he, personally, was hoarding it.

If the FBI really did scoop up highly sensitive documents when they were at Mar-a-Lago the other day, then there may be relatively few steps left to charging him — aside from cataloging the 12 new boxes of stolen documents. DOJ may only need permission from the agencies that own these documents to make the declassifications required to prosecute it.

By going to Mar-a-Lago and asking for these documents in person on June 3, DOJ made it very easy to prove that Trump had been asked, but refused, to give any classified documents found in Trump’s possession on Monday back.

Update: Here’s an indictment from the 793 case that’s most similar to the evidence that may be present with Trump. Hal Martin kept taking highly classified documents home from CIA and NSA, just like Trump took documents home. In Martin’s case, they charged him for 20 documents out of the great swath of documents he stole. He ultimately pled guilty. With good behavior he might get released next April.

A Different DOJ Search of Note: Joshua Schulte

/5 Comments/in , /by

Josh Schulte should have grown concerned when David Denton — one of the two AUSAs in charge of his prosecution — didn’t show up to a status conference on July 26.

THE COURT: All right. Good afternoon, everyone. Mr. Lockard, will Mr. Denton be joining us?

MR. LOCKARD: He will not be joining us today.

For that matter, he should have sussed something was up a month earlier, during trial, when Denton objected to Schulte’s bid to introduce a script he wrote as evidence at his trial because of ongoing and escalating security concerns.

[Y]our Honor, we have accepted a continuing expansion of the defendant’s use of a laptop that was originally provided for the purpose of reviewing discovery, but to us, this is really a bridge too far in terms of security concerns, particularly in light of the issues uncovered during the last issue with his laptop and the concerns that the MDC has raised to us about tampering with the law library computer. We have not taken any action in response to that, because we’re in the middle of trial and we’re loath to do things that would disrupt the trial at this point.

As I laid out, among the security concerns Denton was worried about was that, just weeks before trial when Schulte claimed that his laptop was broken, IT staff at the US Attorney’s Office discovered that Schulte had been tampering with the BIOS on his laptop, seemingly in an attempt to bypass WiFi restrictions.

First, with respect to the defendant’s discovery laptop, which he reported to be inoperable as of June 1, 2022 (D.E. 838), the laptop was operational and returned to Mr. Schulte by the end of the day on June 3, 2022. Mr. Schulte brought the laptop to the courthouse on the morning of June 3 and it was provided to the U.S. Attorney’s Office information technology staff in the early afternoon. It appears that the laptop’s charger was not working and, after being charged with one of the Office’s power cords, the laptop could be turned on and booted. IT staff discovered, however, that the user login for the laptop BIOS1 had been changed. IT staff was able to log in to the laptop using an administrator BIOS account and a Windows login password provided by the defendant. IT staff also discovery an encrypted 15-gigabyte partition on the defendant’s hard drive. The laptop was returned to Mr. Schulte, who confirmed that he was able to log in to the laptop and access his files, along with a replacement power cord. Mr. Schulte was admonished about electronic security requirements, that he is not permitted to enable or use any wireless capabilities on the laptop, and that attempting to do so may result in the laptop being confiscated and other consequences. Mr. Schulte returned to the MDC with the laptop.

1 The BIOS is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the booting process. The BIOS settings can determine, for example, whether external ports and wireless capabilities are enabled or disabled.

So DOJ revealed evidence that Schulte was attempting to hack his discovery laptop before trial, Denton implied DOJ was waiting until after trial to do anything about it, and Denton was too busy to show up at the status hearing on July 26.

He appears to have been busy getting a search warrant for the laptop. The government served Schulte with the warrant and seized the offending laptop two days later, on July 28. After Schulte attorney Sabrina Shroff complained, the government explained that since they had not yet charged Schulte in conjunction with the new warrant, they didn’t have to provide their affidavit.

[T]he Government’s investigation of the defendant’s conduct that gave rise to the search warrant is ongoing, no charges related to his use of the laptop have been filed, and the scope and precise nature of the conduct that the Government is investigating are not known either to the public or to the defendant.

If that investigation results in the use of information obtained pursuant to the search warrant, the Government will comply with its discovery obligations promptly.

They did, however, object to getting Schulte a new laptop.

The defendant has seven weeks to draft and file his pro se motions pursuant to Federal Rules of Criminal Procedure 29 and 33, and can do so using the normal resources available to pro se inmates at the Metropolitan Detention Center. The defendant “has the right to legal help through appointed counsel, and when he declines that help, other alternative rights, like access to a [personal laptop], do not spring up.” United States v. Byrd, 208 F.3d 592, 593 (7th Cir. 2000). Particularly in view of the Magistrate Judge’s determination that there is probable cause to believe that the defendant’s previous laptop contains evidence of additional crimes, there is no reason that the defendant should be afforded special access to a new laptop simply because the Court has permitted him to proceed partially pro se for certain matters going forward.

Shroff’s reply, in addition to making a legitimate case that Schulte should be able to get a laptop to finish his Rule 29 and 33 motions, provided more detail of what she knows about the warrant. This is not about espionage. She mentions only additional counts of contempt and possessing contraband, the same charges investigated in 2018 when Schulte’s phone was found (though those crimes seem inconsistent with the security concerns — hacking — described leading up to the trial).

The search warrant itself notes that the government is not alleging it has probable cause for any acts of espionage.

[snip]

Notably, while the government’s letter states the factors which may permit an affidavit to be withheld – e.g., to preserve confidential sources or protect witnesses – the government never explains how those factors possibly could apply here, where someone already incarcerated is accused of violations of Title 18, United States Code, Sections 401(3) (contempt of court) and 1791(a) (possessing contraband in a correctional facility). There are no confidential sources or witness at risk – and production of the affidavit in support of the search warrants implicates none of the articulated concerns.

But that’s not right. It can’t be right. If Schulte got contraband, it means someone — his legal team, his family, or the guards — shared it with him. He has a history of getting the latter two involved in ferrying information or goods improperly. I’m mindful, too, of Schulte’s curious replication of a WikiLeaks-seeded propaganda campaign about Mike Pompeo, even in spite of being on SAMs.

After suggesting there couldn’t be witnesses in a situation where there’d have to be witnesses, Shroff turns the government’s efforts to avoid disrupting Schulte’s trial on its head, claiming it is proof that waiting until after the trial is punitive.

The timing of the search warrant sought by the government as it relates to its stance on a replacement laptop is perhaps informative. Right before start of trial, a guard at the MDC dropped Mr. Schulte’s laptop. See ECF Docket Entry No. 838. In an effort to “fix” the laptop, Mr. Schulte provided it to the government – for that limited purpose. The government then returned the laptop saying it was working but asked Mr. Schulte about the organization of the laptop and then asked the court to admonish Mr. Schulte for manner in which he was maintaining it. The government did nothing more. It did not ask the Court for a search warrant or to curtail Mr. Schulte’s access to the laptop. The government allowed Mr. Schulte to keep his laptop – all through the trial – and only now seeks its seizure. The timing appears punitive and not keyed to any potential harm to a third party.

Ultimately, Judge Jesse Furman declined to intervene, in part because the warrant was obtained in EDNY, not SDNY.

How Josh Schulte Got Judge Jesse Furman to Open a File in Internet Explorer

/26 Comments/in , , /by

Something puzzles me about both Josh Schulte trials (as noted yesterday, the jury found Schulte guilty of al charges against him yesterday).

In both, the government introduced a passage from his prison notebooks advocating the use of the tools he has now been found guilty of sharing with WikiLeaks in an attack similar to NotPetya. [This is the version of this exhibit from his first trial.]

Vault 7 contains numerous zero days and malware that could be [easily] deployed repurposed and released onto the world in a devastating fashion that would make NotPetya look like Child’s play.

Neither time, however, did prosecutors explain the implications of this passage, which proved both knowledge of the non-public files released to WikiLeaks and a desire that they would be used, possibly by Russia, as a weapon.

Here’s how AUSA Sidhardha Kamaraju walked FBI Agent Evan Schlessinger through explaining it on February 26, 2020, in the first trial.

Q. Let’s look at the last paragraph there.

A. “Vault 7 contains numerous zero days and malware that could easily be deployed, repurposed, and released on to the world in a devastating fashion that would make NotPetya look like child’s play.”

Q. Do you know what NotPetya is?

A. Yes, generally.

Q. What is it?

A. It is a version of Russian malware.

Here’s how AUSA David Denton walked Agent Shlessinger through that same exact script this June 30 in the second trial.

Q. And the next paragraph, please.

A. “Vault 7 contains numerous zero days and malware that could easily be deployed,” struck through “repurposed and released onto the world in a devastating fashion that would make NotPetya look like child’s play.”

Q. Sir, do you know what NotPetya is?

A. Yes, generally.

Q. Generally, what is a reference to?

A. Russian malware.

The placid treatment of that passage was all the more striking in this second trial because it came shortly after Schulte had gone on, at length, mocking the claim from jail informant Carlos Betances that Schulte had expressed some desire for Russia’s help to do what he wanted to do, which in context (though Betances wouldn’t know it) would be to launch an information war.

Q. OK. Next, you testified on direct that I told you the Russians would have to help me for the work I was doing, right?

A. Yes, correct.

Q. OK. So the Russians were going to send paratroopers into New York and break me out of MCC?

MR. LOCKARD: Objection.

THE COURT: Sustained.

BY MR. SCHULTE: Q. What is your understanding of how the Russians were going to help?

A. No, I don’t know how they were going to help you. You were the one who knew that.

Q. What work was I doing for Russia?

A. I don’t know what kind of work you were doing for Russia, but I know you were spending long periods of time in your cell with the phones.

Q. OK.

A. With a sheet covering you.

Q. OK. But only Omar ever spoke about Russia, correct?

A. No. You spoke about Russia.

Q. Your testimony is you never learned anything about Omar and Russian oligarchs?

A. No.

Denton could easily have had Schlessinger point out that wanting to get a CIA tool repurposed in Russian malware just like the Russians had integrated stolen NSA tools to use in a malware attack of unprecedented scope would be pretty compelling malicious cooperation with Russia. It would have made Schulte’s mockery with Betances very costly. But Denton did not do that.

In fact, the government entirely left this theory of information war out of Schulte’s trial. In his closing argument for the second trial, for example, Michael Lockard explicitly said that Schulte’s weapon was to leak classified information, not to launch cyberattacks.

Mr. Schulte goes on to make it even more clear. He says essentially it is the same as taking a soldier in the military, handing him a rifle, and then begin beating him senseless to test his loyalty and see if you end up getting shot in the foot or not. It just isn’t smart.

Now, Mr. Schulte is not a soldier in the military, he is a former CIA officer and he doesn’t have a rifle. He has classified information. That is his bullet.

To be sure, that’s dictated by the charges against Schulte. Lockard was trying to prove that Schulte developed malicious plans to leak classified information, not that he developed malicious plans to unleash a global cyberattack that would shut down ports in the United States. But that’s part of my point: The NotPetya reference was superfluous to the charges against Schulte except to prove maliciousness they didn’t use it for.

I may return to this puzzle in a future post. For now, though, I want to use it as background to explain how, that very same day that prosecutors raised Schulte’s alleged plan to get CIA hacking tools used to launch a global malware attack, Schulte got Judge Jesse Furman to open a document in Internet Explorer.

One of the challenges presented when a computer hacker like Schulte represents himself (pro se) is how to equip him to prepare a defense without providing the tools he can use to launch an information war. It’s a real challenge, but also one that Schulte exploited.

In one such instance, in February, Schulte argued the two MDC law library desktops available to him did not allow him to prepare his defense, and so he needed a DVD drive to transfer files including “other binary files,” the kind of thing that might include malware.

Neither of these two computers suffices for writing and printing motions, letters, and other documents. The government proposes no solution — they essentially assert I have no right to access and use a computer to defend myself in this justice system.

I require an electronic transfer system; printing alone will not suffice, because I cannot print video demonstratives I’ve created for use at trial; I cannot print forensics, forensic artifacts, and other binary files that would ultimately be tens of thousands of useless printed pages. I need a way to transfer my notes, documents, motion drafts, demonstrative videos, technical research, analysis, and countless other documents to my standby counsel, forensic expert, and for filing in this court.

The government had told Schulte on January 21 that he could not have a replacement DVD drive that his standby counsel had provided in January because it had write-capabilities; as they noted in March, not having such a drive was not preventing him from filing a blizzard of court filings. Ultimately, in March, the government got Schulte to let them access the laptop to add a printer driver to his discovery laptop. Schulte renewed his request for a write-capable DVD, though, in April.

Schulte continued to complain about his access to the law library for months, sometimes with merit, and other times (such as when he objected to the meal times associated with his choice to fast during Ramadan) not.

The continued issues, though, and Schulte’s claims of retaliation by prison staffers, are why I was so surprised that when, on June 1, Sabrina Shroff reported that a guard had broken Schulte’s discovery laptop by dropping it just weeks before trial, she didn’t ask for any intervention from Judge Furman. Note, she attributes her understanding of what happened to the laptop to Schulte’s parents (who could only have learned that from Schulte) and the prison attorney (who may have learned of it via Schulte as well). In response, as Shroff had tried to do with the write-capable DVD, she was just going to get him a new laptop.

We write to inform the Court that a guard at the MDC accidently dropped Mr. Schulte’s laptop today, breaking it. Because the computer no longer functions, Mr. Schulte is unable to access or print anything from the laptop, including the legal papers due this week. The defense team was first notified of the incident by Mr. Schulte’s parents early this afternoon. It was later confirmed in an email from BOP staff Attorney Irene Chan, who stated in pertinent part: “I just called the housing unit and can confirm that his laptop is broken. It was an unfortunate incident where it was accidentally dropped.”

Given the June 13, 2022 trial date, we have ordered him a new computer, and the BOP, government, and defense team are working to resolve this matter as quickly as possible. We do not seek any relief from the Court at this time.

Only, as I previously noted, that’s not what happened to the laptop, at all. When DOJ’s tech people examined the laptop, it just needed to be charged. As they were assessing it, though,  they discovered he had a 15GB encrypted partition on the laptop and had been trying to use wireless capabilities.

First, with respect to the defendant’s discovery laptop, which he reported to be inoperable as of June 1, 2022 (D.E. 838), the laptop was operational and returned to Mr. Schulte by the end of the day on June 3, 2022. Mr. Schulte brought the laptop to the courthouse on the morning of June 3 and it was provided to the U.S. Attorney’s Office information technology staff in the early afternoon. It appears that the laptop’s charger was not working and, after being charged with one of the Office’s power cords, the laptop could be turned on and booted. IT staff discovered, however, that the user login for the laptop BIOS1 had been changed. IT staff was able to log in to the laptop using an administrator BIOS account and a Windows login password provided by the defendant. IT staff also discovery an encrypted 15-gigabyte partition on the defendant’s hard drive. The laptop was returned to Mr. Schulte, who confirmed that he was able to log in to the laptop and access his files, along with a replacement power cord. Mr. Schulte was admonished about electronic security requirements, that he is not permitted to enable or use any wireless capabilities on the laptop, and that attempting to do so may result in the laptop being confiscated and other consequences. Mr. Schulte returned to the MDC with the laptop.

1 The BIOS is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the booting process. The BIOS settings can determine, for example, whether external ports and wireless capabilities are enabled or disabled.

This had all the markings of a hacker — someone who had once envisioned launching a cyberattack as part of his information war from jail — trying to prepare just such an attack.

Weeks later, during the trial, the government intimated that they might punish Schulte for that stunt, but were just trying to get through trial.

We have not taken any action in response to that, because we’re in the middle of trial and we’re loath to do things that would disrupt the trial at this point.

Along the way, though, Schulte’s laptop access continued to grow — for perfectly justifiable reasons tied to the trial, but which appears to have resulted in the discovery laptop (the one with the encrypted partition that he had apparently tried to access WiFi on) being in the same place as a second exhibit laptop, perhaps the very laptop originally intended to replace the one that wasn’t really broken at all. On June 13, Judge Furman ordered the Marshals to let Schulte keep his laptop at breaks. On June 15, Schulte got Furman to order the Marshals to let him use his second laptop, “just like the discovery laptop.”

MR. SCHULTE: OK. So the first thing is I think the marshals just need permission or authorization from you for me to be able to use the second laptop for my exhibits.

THE COURT: Use in the courtroom?

MR. SCHULTE: Yeah, be able to access and use it likeI use the other. I think there was court order for me to be able to use this laptop so they need authorization from you for me to use the second laptop.

THE COURT: And the second laptop is something that standby counsel procured? What is it?

MR. SCHULTE: Yes.

THE COURT: Any objection, Mr. Denton? Any concerns?

MR. DENTON: I think as long as it is something that’s used just here in the courtroom, that’s fine, your Honor. I think to the extent that it was going with the defendant anywhere else other than the courtroom, we would want to make sure that we applied the same security procedures that were applied to his original laptop.

THE COURT: Is it just to be used in this courtroom?

MR. SCHULTE: Yes. That’s correct. It is being locked, I think, in the FBI marshal’s room by the SCIF.

On June 17, Schulte asked Furman to issue a specific order to MDC to ensure he’d be able to “go to the law library and access the laptop.” Again, these are generally understandable accommodations for a defendant going pro se. But they may have placed his discovery laptop (normally used in MDC in Brooklyn) in close proximity to his exhibit laptop used outside of a SCIF in Manhattan.

With that in the background, on June 24, prosecutors described that just days earlier, Schulte had provided them code he wanted to introduce as an exhibit at trial. There were evidentiary problems — this was a defendant representing himself trying to introduce his own writing without taking the stand — but the real issue was his admission he was writing (very rudimentary) code on his laptop. As part of that explanation, the government also claimed that MDC had found Schulte tampering with the law library computer.

The third, however, and most sort of problematic category are the items that were marked as defense exhibits 1210 and 1211, which is code and then a compiled executable program of that code that appear to have been written by the defendant. That raises an evidentiary concern in the sense that those are essentially his own statements, which he’s not entitled to offer but, separately, to us, raises a substantial security concern of how the defendant was able to, first, write but, more significantly, compile code into an executable program on his laptop.

You know, your Honor, we have accepted a continuing expansion of the defendant’s use of a laptop that was originally provided for the purpose of reviewing discovery, but to us, this is really a bridge too far in terms of security concerns, particularly in light of the issues uncovered during the last issue with his laptop and the concerns that the MDC has raised to us about tampering with the law library computer. We have not taken any action in response to that, because we’re in the middle of trial and we’re loath to do things that would disrupt the trial at this point. The fact that defendant is compiling executable code on his laptop raises a substantial concern for us separate from the evidentiary objections we have to its introduction.

THE COURT: OK. Maybe this is better addressed to Mr. Schulte, but I don’t even understand what the third category would be offered for, how it would be offered, what it would be offered for.

MR. DENTON: As best we can tell, it is a program to change the time stamps on a file, which I suppose would be introduced to show that such a thing is possible. I don’t know. We were only provided with it on Tuesday. Again, we think there are obvious issues with its admissibility separate and apart from its relevance, but like I said, for us, it also raises the security concern that we wanted to bring to the Court’s attention.

[snip]

MR. SCHULTE: But for the code, the government produced lots of source code in discovery, and this specific file is, like, ten, ten lines of source code as well as —

THE COURT: Where does it come from? Did you write it?

MR. SCHULTE: Yes, I wrote it. That’s correct.

Schulte didn’t end up introducing the script he wrote. Instead, he asked forensics expert Patrick Leedom if he knew that Schulte had used the “touch” command in malware to alter file times.

Q. Do you know about the Linux touch command?

A. Yes.

Q. This command can be used to change file times, right?

A. Yes, it can.

Q. That includes access times, right?

A. Yes.

Q. And from reviewing my workstation, you know that I developed Linux malware tools for the CIA, right?

A. I know you worked on a few tools. I don’t know if they were Linux-specific or not, but —

Q. And you knew from that that I wrote malware that specifically used the touch command to change file times, right?

In the end, then, it turned out to be just one of many instances during the trial where Schulte raised the various kinds of malware he had written to hide his tracks, infect laptops, and jump air gaps, instances that appeared amidst testimony — from that same jail informant, Carlos Betonces — that Schulte had planned to launch some kind of key event in his information war from the (MCC) law library.

Q. That we — you testified that we were going to do something really big and needed to go to the law library, right?

A. You were paying $200 to my friend named Flaco to go to the library, yes.

Q. I paid someone money?

A. No. They were paying. And Flaco refused to take it downstairs. And the only option left was that they had to go down and take it themselves.

Q. OK. So Omar offered to pay money for Flaco to take some phone down, right?

A. That’s not how Flaco told me. That’s not the way Flaco described it. He said that both of them were offering him money.

Q. All right. But there were cameras in the law library, correct?

THE INTERPRETER: I’m sorry. Can you repeat the question?

Q. There were cameras in the law library, correct?

A. I don’t know.

Q. OK. But your testimony on direct was that me and Omar needed to send some information from the phone, right?

A. Let me explain it to you again. Not information. It’s that you had to do something in the, in the library. That’s what I testified about.

Q. OK. What did I have to do in the law library, according to you?

A. Well, you’re very smart. You must know the question. There was something down there that you wanted to use that you couldn’t use upstairs.

Q. OK. You also testified something about a USB drive, right?

A. Yes.

Q. You testified, I believe, that me and Omar wanted a USB device, right?

A. Yeah. You asked me all the time when the drive was going to arrive. When was it coming? When was it coming?

Q. OK. But there were already USB hard drives given to prisoners in the prison, right?

A. Not to my understanding.

Q. You don’t — you never received or saw anyone using a USB drive with their discovery on it?

A. No, because I — no, I hardly ever went down to the law library.

Q. All right. And then you said, you testified that you slipped a note under the guard’s door?

A. Yes.

Q. And that was about, you said something was going to happen in the law library, right?

THE INTERPRETER: Could you repeat the question, please?

MR. SCHULTE: Yes.

Q. You said that the note said something was going to happen in the law library, right?

A. Yes.

Which finally brings us to the Internet Explorer reference. During his cross-examination of FBI Agent Schlessinger on June 30, Schulte attempted to introduce the return from the warrant FBI served on WordPress after discovering Schulte was using the platform to blog from jail. The government objected, which led to an evidentiary discussion after the jury left for the weekend. The evidentiary discussion pertained to how to introduce the exhibit — which was basically his narrative attacking the criminal justice system — without also disclosing the child porn charges against Schulte referenced within them.

Schulte won that discussion. On the next trial day, July 6, Furman ruled for Schulte, and Schulte said he’d just put a document that redacted the references to his chid porn and sexual assault charges on a CD to share with the government.

MR. SCHULTE: Yes. I just — if I can get the blank CD from them or something I can just give it to them and they can review it.

But back on June 30, during the evidentiary discussion, Judge Furman suggested that the 80- or 90-page document that the government was looking at was something different than the file he was looking at.

That was surprising to Furman.

So was the fact that his version of the document opened in Internet Explorer.

MR. DENTON: Your Honor, on Exhibit 410 we recognize the Court has reserved judgment on that. I want to put sort of a fourth version in the hopper. At least in the version we are looking at, it is a 94-page 35000-word document. To the extent that the only thing the Court deems admissible is sort of the fact that there were postings that did not contain NDI, we would think it might be more appropriate to stipulate to that fact rather than put, essentially, a giant manifesto in evidence not for the truth. So I want to put that option out there given the scope of the document.

[snip]

MR. DENTON: Understood, your Honor. I think at that point, even if we get past the hearsay and the not for the truth problems, then there is a sort of looming 403 problem in the sense that it is a massive document that is essentially an manifesto offered for a comparatively small point. I think at that point it is risk of confusing the jury and potentially inflaming them if people decide to sit down and to read his entire screed, it significantly outweighs the fairly limited value it serves. But, we recognize the Court has reserved on this so I don’t need to belabor the point now.

THE COURT: Unless I am looking at something different, what I opened as Defendant’s Exhibit 410 — it opened for me in Internet Explorer, for some reason and I didn’t even think Internet Explorer existed anymore — and it does not appear to be 84 pages. So, I don’t even know if I am looking at what is being offered or not. But, let me add another option, which is if the government identifies any particular content in here that it thinks should be excluded under 403, then you are certainly welcome to make that proposal as well in the event that I do decide that it should come in in more or less its entirety with the child porn redacted. And if you think that there is something else that should be redacted pursuant to 403, I will consider that. All right?

MR. DENTON: We will make sure we are looking at the same thing and take a look at it over the weekend, your Honor.

To be clear: The reason this opened in IE for Furman is almost certainly that the document was old — it would date to October 2018 — and came in a proprietary form that Furman’s computer didn’t recognize. So for some reason, his computer opened it in IE.

That said, it’s not clear that the discrepancy on the page numbers in the file was ever addressed. Schulte just spoke to one of the prosecutors and they agreed on how it would be introduced.

And if a developer who had worked on malware in 2016 wanted an infection vector, IE might be one he’d pick. That’s because Microsoft stopped supporting older versions of IE in 2016, the year Schulte left the CIA. And WordPress itself was a ripe target for hacking in 2018. Schulte himself might relish using a Microsoft vector because the expert in the trial, Leedom, has moved onto Microsoft since working as a consultant to the FBI.

I have no idea how alarmed to be about all this. The opinions from experts I’ve asked have ranged from “dated file” to “he’d have to be lucky” to “unlikely but potentially terrifying” to “no no no no!” And Schulte is the kind of guy who lets grudges fester so badly that avenging the grudge becomes more important than all else.

So I wanted to put this out there so smarter people can access the documents directly — and perhaps so technical staff from the courthouse can try to figure out why that document opened in Internet Explorer.

Note: As it did with the first trial, Calyx Institute made the transcripts available. This time, however, they were funded by Germany’s Wau Holland Foundation. WHF board member Andy Müller-Maguhn has been named in WikiLeaks operations and was in the US during some of the rough period when Schulte is alleged to have leaked these documents.