Joshua Schulte’s Hot and Cold Snowden Views

I’ve been tracking the government’s claims that the Vault 7 leaks “relate” to earlier WikiLeaks leaks — including Chelsea Manning’s and Anonymous‘ — Edward Snowden, and Shadow Brokers.

With respect to Snowden, specifically, in a warrant application submitted in 2017 (PDF 150) the government cited Schulte’s search for a specific Snowden tweet on August 4, 2016, just as he started searching for WikiLeaks information.

In a November filing laying out their theory of the crime, the government cited his searches on WikiLeaks and “related” topics in that same time period.

Around this time, Schulte also began regularly to search for information about WikiLeaks. In the approximately six years leading to August 2016, Schulte had conducted one Google search for WikiLeaks. Beginning on or about August 4, 2016 (approximately three months after he stole the Classified Information), Schulte conducted numerous Google searches for WikiLeaks and related terms and visited hundreds of pages that appear to have resulted from those searches. For example, in addition to searching for information about WikiLeaks and Julian Assange, its primary leader, Schulte also conducted searches using the search terms “narcissist snowden,” “wikileaks code,” “wikileaks 2017,” “shadow brokers,” and “shadow broker’s auction bitcoin.” “Snowden” was presumably a reference to Edward Snowden, the former NSA contractor who disclosed information about a purported NSA surveillance program, and “Shadow Brokers” was a reference to a group of hackers who disclosed online computer code that they purportedly obtained from the NSA, beginning in or about August 2016. Indeed, in contrast to the period before August 4, 2016, between that date and March 2017 (when the first of the Leaks occurred), Schulte conducted searches for Wikileaks and related information on at least 30 separate days.

Many of these searches, particularly the Snowden ones, could have been innocuous.

When Schulte’s lawyers tried to complain that Paul Rosenzweig’s inclusion of Manning, Anonymous, and Snowden in his expert testimony on WikiLeaks falsely assumed that Schulte knew of those earlier leaks, the government revealed that in contemporaneous chats, Schulte had commented on both Manning and Snowden.

Moreover, even setting aside the dubious assertion that a member of the U.S. intelligence community could have been completely unaware of WikiLeaks’ serial disclosures of classified and sensitive information and the resulting harm, the Government’s proof at trial will include evidence that the defendant himself was well aware of WikiLeaks’ actions and the harms it caused. For example, WikiLeaks began to disclose classified information Manning provided to the organization beginning in or about April 2010, including purported information about the United States’ activities in Afghanistan. In electronic chats stored on the defendant’s server, the defendant discussed these disclosures. For example, on August 10, 2010, the defendant wrote in a chat “you didn’t read the wikileaks documents did you?” and, after that “al qaeda still has a lot of control in Afghanistan.” In addition, on October 18, 2010, the defendant had another exchange in which he discussed Manning’s disclosures, including the fact that the information provided was classified, came from U.S. military holdings, and that (according to the defendant) it was easy for Manning to steal the classified information and provide it to WikiLeaks. Similarly, in a June 9, 2013 exchange, the defendant compared Manning to Edward Snowden, the contractor who leaked classified information from the National Security Agency, and stated, in substance and in part, that Snowden, unlike Manning, “didnt endanger in [sic] people.”

As I noted, that exchange the very day Snowden came forward might suggest Schulte had a much less critical view of Snowden’s leak than Manning’s.

But that’s not what he told his former CIA colleague, who testified this week under the pseudonym Jeremy Weber. To Weber, Schulte condemned Snowden’s behavior in the strongest terms, arguing Snowden was a traitor who should be executed.

A. I don’t believe so, no.

Q. You don’t remember him ever discussing leakers with you?

A. I, I do remember talking about leakers.

Q. Okay. What do you recall?

A. There was discussion around Snowden.

Q. Okay. And?

A. Schulte felt that Snowden was a — had betrayed his country.

Q. That doesn’t, you know, he seems to have strong opinions on everything. You sure he didn’t say more?

A. He probably would have call him a traitor. Said he should be executed for sure. I don’t remember specific verbiage, but he did express his typical strong opinions.

Q. Right. Then he had those same opinions about Chelsea Manning, correct?

A. Possibly. I don’t remember conversations about Chelsea Manning.

Q. And when he was talking about Snowden, it was clear to you that he strongly believed in the mission of the CIA, correct?

A. Yes.

Q. And he strongly believed that you should do nothing against America, correct?

A. Yes.

Q. And he thought Snowden should be executed, correct?

A. I believe I recall specifically him saying that.

Remarkably, Schulte’s lawyer Sabrina Shroff didn’t seem to expect this answer, even though she made much of the prior interviews Weber had had with what she called prosecutors, but which instead probably reflects having gotten 16 302s for Weber, many of them probably interviews with just FBI agents conducting early interviews as part of the investigation.

Q. You met with each one of these prosecutors, correct?

A. I don’t know if I talked to all of them, but, yes.

Q. You’ve talked to them somewhere between 11 and 15 times?

A. I have no idea what the number was.

Q. March 22, 2017, March 27, April 5, May 8th, May 22, June 1st, August 31. This was all in 2017.

A. Okay.

Q. Do you have any idea how many hours you spent with them in 2017?

A. No, I don’t.

Q. 2018, you met with them on January 12, June 1st, June 11, August 6, November 12, December 12, Any idea how many hours you spent with them?

MR. LAROCHE: Objection.

A. No.

THE COURT: Overruled.

Q. Then you met with them in January. Correct?

A. Yes.

Q. January 14, January 21, and January 29. Correct?

A. Possibly, yes.

Still, if Shroff has 16 302s from Weber and she didn’t know how he would answer this question, whether he and Schulte had ever spoken about Snowden’s leaks, it suggests the FBI and prosecutors never thought to ask someone who had worked side by side with Schulte for 6 years, starting around the same time as the Manning leaks and continuing through the Snowden leaks. Which is pretty remarkable.

The government responded by getting Weber to read from Schulte’s prison notebook where he seemingly advocated for sending top secret documents to WikiLeaks.

Q. Can you please read what the defendant wrote here?

A. “This is a huge wake-up call to U.S. intelligence officers. The Constitution you fight to defend will be” —

MS. SHROFF: Denied.

A. — “denied to you if, God forbid, you are ever accused of a crime. If your government has no allegiance in you, why do you have any allegiance towards your government or associates provided info to the NYT.”

MR. LAROCHE: Can we go up to the next, to the top of this page, please.

Q. Again, is this the defendant’s handwriting?

A. Yes.

Q. Can you please read what the defendant wrote?

A. “Your service in” — defense, maybe, “in” — I don’t recognize that word — “security investigations and pristine criminal history can’t even get you bail. As Joshua Schulte has said, you are denied a presumption of innocence. Ironic, you do your country’s dirty work, but when you — when your country accuses you of a crime, you are arrested and presumed guilty. And” — I don’t — “and” something, “your service. Send all of your secrets here: WikiLeaks.”

The chats from 2013 are not yet in evidence, so the government simply relied on what they had already entered with Weber based off his familiarity with Schulte’s handwriting.

But Shroff will — and already has — argued that you can’t argue the views Schulte expressed after he had been in jail for months were the same ones that motivated his actions in 2016, when he allegedly stole all these files. Weber couldn’t place his conversations about Snowden in time, so his views could have also changed before he leaked the files. But the 2018 prison notebooks cannot be said to reflect Schulte’s views in 2016.

The government seems intent on using Snowden et al to prove a level of mens rea that’s more than they need to prove to get convictions on the Espionage Act charges — that Schulte intended to do harm rather than had reason to know, based off his understanding of classification and the import of those hacking tools, that it would do harm. The varying things Schulte has said about Snowden and others may or may not support that, at least for the Espionage charges tied to the 2016 leaks.

That said, if and when Schulte is sentenced for all this, the testimony that he once claimed to believe leakers like Snowden should be executed may not help him avoid a life sentence.

Calyx Institute has generously funded obtaining these Schulte trial transcripts. Please consider a tax deductible donation to support that effort.

“What is the root user?” Joshua Schulte Set Up the Shared “root” Password He’ll Use in His Defense

In a full day of testimony yesterday, one of Joshua Schulte’s former colleagues, testifying under the name Jeremy Weber (which may be a pseudonym of a pseudonym under the protective order imposed for the trial) introduced a ton of detail about how the engineering group he and Schulte worked in was set up bureaucratically, how the servers were set up, and how relations between Schulte and the rest of the group started to go south in the months and weeks leading up to the date when, the government alleges, he stole CIA’s hacking tools. He also described how devastating the leak was for the CIA.

In that testimony, the government began to lay out their theory of the case: When Schulte lost SysAdmin access to the servers hosting the malware they were working on — and the same day the unit announced they’d soon be moving the last server to which Schulte had administrator privileges under the official SysAdmin group — Schulte went back to the back-up file of the server from the day the fight started blowing up, March 3, 2016, and made a copy of it.

But the government also started previewing what will likely be Schulte’s defense: that some of these servers were available via a shared root password accessible to anyone in their group.

Prosecutor Matthew LaRoche walked Weber through a description of how a “root” user for the ESXi server was used.

Q. What is the root user?

A. The root user, in this situation, “root” was kind of Linux term for the administrative account on the machine, like the default administrator account.

Q. You also mentioned there was a password for the ESXi server?

A. That’s correct.

Q. Was that password stored anywhere?

A. Yes, it was.

Q. Where?

A. It was stored on OSB’s passwords page for some of our services.

Q. What do you mean by OSB’s passwords page?

A. OSB had a lot of virtual machines outside of the Atlassian products that had passwords on them solely because the technology required to have a password and not for security practices, so that — these were often like test machines, and these passwords we kept on a page so that if somebody was leveraging that VM they would have the credentials they needed to log in to it.

Q. Where was that passwords page located?

A. Confluence.

Q. Was it restricted in any way?

A. It was.

Q. How?

A. It was to OSB.

This detail has been public since WikiLeaks first published the documents. I pointed it out here:

Among the pages that got exposed in this week’s Wikileaks dumps of CIA’s hacking tools was a page of Operational Support Branch passwords. For some time the page showed the root password for the network they used for development purposes.

These passwords, as well as one (“password”) for another part of their server, were available on the network site as well.

Throughout the period of updates, it included a meme joking about setting your password to Incorrect.


A discussion ensued about what a bad security practice this was.

2015-01-30 14:30 [User #14588054]:

Am I the only one who looked at this page and thought, “I wonder if security would have a heart attack if they saw this.”?

2015-01-30 14:50 [User #7995631]:

Its locked down to the OSB group… idk if that helps.

2015-01-30 15:10 [User #14588054]:

I noticed, but I still cringed when I first saw the page.

I have no idea whether these passwords exacerbated CIA’s exposure. The early 2015 discussion happened well before — at least as we currently understand it — the compromise that led to Wikileaks’ obtaining the files.

It turns out that Schulte himself moved this password onto the ESXi passwords page on or before March 31, 2015, almost a year before he allegedly stole the files.

MR. LAROCHE: Ms. Hurst, can you please publish Government Exhibit 1003, and please just zoom in on the top of the email, the to-from.

Q. Is this another email from the CIA, Mr. Weber?

A. Yes, it is.

Q. When was this email sent?

A. It was sent on March 31, 2015, at 8:20 p.m.

Q. Who sent it?

A. It was sent by Josh Schulte.

Q. Who was it sent to?

A. It was sent to the OSB email group.

Q. How do you know that?

A. The string NCS-IOC-EDG-AED-OSB is a user group and it’s explicit in its naming. NCS was in the org chart above IOC, the rest of those are the groups that we have previously talked about.

Q. It’s a lot of acronyms.

A. It is.

Q. Below that, what’s the subject line?

A. VM credentials.

Q. What’s

A. That was the OSB ESXi server.

MR. LAROCHE: Ms. Hurst, if you could please zoom out and then on to the text of the email.

Q. Can you read the first sentence, please?

A. “I’ve modified the OSB’s ESXi server page to contain the passwords and other information directly instead of through the OSB’s passwords page; also updated the permissions to be restricted to everyone outside of OSB.”

Q. Do you understand what he’s referring to by OSB’s ESXi server page?

A. Yes.

Q. What’s he referring to?

A. It was a second page created later to contain information specifically to the ESXi server and the administration of that.

Q. And do you understand what he means by updated the permissions to be restricted to everyone outside of OSB?

A. This was him saying that only people within the OSB — within OSB would have access to read this page.

Q. Now, is this the same ESXi server that as of 2015 was running Confluence and Bamboo?

A. Yes, it was.

I think this is what that page would have looked like, in part, in the March 3, 2016 files, with the same root password set to “mysweetsummer:”

Schulte will eventually argue that he not only recognized that this arrangement — which he set up, per this email — was insecure, but that he warned people about it repeatedly. Weber says that didn’t happen, because if Schulte had complained, he would have told Schulte to fix it.

Q. Are you sure that the defendant never made any complaints that DevLAN was vulnerable to theft?

A. Yes.

Q. Why?

MS. SHROFF: Objection.

THE COURT: Overruled.

A. If he had complained to me about the Atlassian products being vulnerable to theft, I would have told him to fix it. The Atlassian products were our responsibility, and if he had highlighted an issue with that, I would have made it our primary focus to fix that.

The government has already begun showing forensics suggesting the files were stolen via other means.

More importantly, they showed that if Schulte thought the shared root password was insecure, he’s got no one but himself to blame for it.

It’s certainly possible he will point to things he’ll argue are proof that he raised concerns about this arrangement — rather than just joking about it on the development pages (it won’t take too long before we learn which numbered ID WikiLeaks used for Schulte). But there’s already evidence that he’s the one who set it up that way.

Calyx Institute has generously sprung for Schulte transcripts. If you’d like to support the effort, you can make a tax deductible donation to them here.

The FBI Downloaded CIA’s Hacking Tools Using Starbuck’s WiFi

One of the most interesting details from the yesterday’s Joshua Schulte trial involved how the FBI obtained the Vault 7 and Vault 8 materials they entered into evidence yesterday. Because the FBI did not want to download the files onto an existing FBI computer (in part, out of malware concerns) and because they didn’t want to use an FBI IP address, they got a new computer and downloaded all the files at Starbucks.

Q. What were some of the parts of that plan?

A. So, one of the parts would be to obtain a separate computer that wasn’t connected, that wasn’t a previous government computer or connected to our network.

Another component was to just use public wi-fi and not a government-attributable internet connection. And the third part would be to find the best way to store this unique piece of evidence in the best way possible.

Q. Let’s talk about each of those steps. I think you said that you got a nongovernment computer, is that correct?

A. Correct.

Q. Why is that?

A. Just so that when we entered it into evidence, we wouldn’t be taking something from the network and essentially putting it aside indefinitely. And then also, we did not want to download information from the internet, which could potentially contain viruses or malware, to an FBI system.

Q. Do you have an understanding of what was contained within the disclosures made by WikiLeaks?

A. I do.

Q. And what is that information?

A. They were information about CIA hacking tools and cyber-exploitation tools.

Q. What, if any, impact did that have on your decision to use a nongovernment computer?

A. Anytime you download something from the internet, you take a risk. And then given what type of information we were going to acquire, we wanted to take an extra — many extra steps of security to maintain the integrity of our systems as well as be able to get the information and then store it properly.

Q. I think the second part of the plan was using public space to download the leak. Is that correct?

A. Correct.

Q. Why didn’t you download the leak from an FBI facility?

A. So, anytime actions on the internet are traceable as well as downloads, and we didn’t want to use an FBI system. And given the type of information we were going to acquire, we didn’t want to use an FBI system to download the information which could then be traced back to us and potentially implicate the IP address and potentially other investigations.

Q. And why would that be problematic for the FBI?

A. So, anytime actions on the internet are traceable as well as downloads, and we didn’t want to use an FBI system. And given the type of information we were going to acquire, we didn’t want to use an FBI system to download the information which could then be traced back to us and potentially implicate the IP address and potentially other investigations.

Q. And why would that be problematic for the FBI?

The explanation is interesting for more than the seeming validation of Starbuck’s WiFi quality.

It’s also interesting given details of timing and download method.

Q. When did you first go to Starbucks to download the leak?

A. In March of 2018.

Q. And how did you download the leak once you were there?

A. I went to the — used an internet browser, went to the WikiLeaks website first. Didn’t really see a quick way to download all the — the large volume of information, so WikiLeaks had also provided a torrent website, which is essentially just — it was about 15 hyperlinks that connected to zip files to download the bulk of the information that they released.

Q. What is a torrent website?

A. It’s a — it looked — just a blank website, but it had 15 hyperlinks, and each time you clicked on one of the links, it asked if you wanted to save the associated zip file. And then I saw there were 15 of those, and then I just downloaded it that way.

Q. And what is a zip file?

A. Zip file is just a way to compress information. So if you want to send a ton of files over an email or kind of website to website, you can use software to compress that information in a more easily storable format.

Q. Why did you go to the torrent instead of downloading it directly from the website?

A. I did — I tried — I perused the website for a little and didn’t see — given the volume of the information, there wasn’t, to my appearance, a good way to capture all of it. And I knew of this — from our investigation I knew of this torrent address, which had been provided by WikiLeaks too, if you wanted to essentially bulk download all the information.

Q. Did you download those zip files to the computer?

A. I did.

Q. And were you able to unzip those zip files?

A. I was.

Q. Were you able to download any of WikiLeaks’s public statements on that computer?

A. I was.

Q. And how did you do that?

A. Via screenshots.

Q. And you said you downloaded the zip files to the computer?

A. Correct.

Q. How long did that downloading process take?

A. Around an hour.

Q. And approximately how much data was found on those zip

A. Approximately 1.4 gigabytes.

One thing this does is explain that it took an hour to download just what got published on WikiLeaks. This will become a critical detail in proving that the files had to have been stolen from inside CIA — basically the “download speed” argument thrown back at the Russian hack denialists.

By revealing that that amounted to just 1.4GB of material, prosecutors have revealed that what WikiLeaks published was just a fraction of the 1TB of material that, per his contemporaneous Google searches, Schulte stole.

The other thing this description reveals is that WikiLeaks did not include Vault 8, the one case (beyond Marble, the obfuscation tool Schulte wrote) where they published source code, in their Torrent download of the files.

Q. Did there come a time when you went back to Starbucks to download additional materials?

A. I did.

Q. Approximately when did that happen?

A. In May of 2018.

Q. And why did you go back to download additional materials?

A. Through the investigation, we determined that the zip files which I had downloaded contained Vault 7, but it did not contain the Vault 8 release, and we wanted to capture the entirety of what WikiLeaks had put out there from March 2017 to November of 2017.

Q. Were you able to download Vault 8 when you went back?

A. I was.

Q. How did you do that?

A. So, it was a lot less information. I was able to just go to the release that WikiLeaks specified as Vault 8 and download the singular files in that way. It’s just — it’s a kind of like right click, save as.

Q. And did you download the Vault 8 leak on the same computer that you downloaded the Vault 7 leaks?

I’m not sure why WikiLeaks wouldn’t include Vault 8, but I find the decision very curious.

Finally, this story is really interesting from an investigative standpoint. The FBI didn’t download the files they were going to enter into evidence in this trial until March and May of 2018, a year after the leak and a year after they identified Schulte as the leaker. Someone — possibly the CIA, which started to investigate the leak even before the first dump — had done a forensic comparison of the first release within days after the leak. The FBI had access to that.

But they went back a year later and prepared the evidence for that trial.

During the entire period of the Schulte prosecution, prosecutors made it clear the case may involve classified information (so his attorneys needed to be able to get clearance). Starting in January 2018, they made clear the leak would be charged.

But — particularly given the child porn charges he faces would have the same kind of prison sentence that the Espionage charges against him will — they could have forgone the trial (I had heard discussion that just the porn would be charged, so it’s possible that was the initial plan). Yes, they want to make an example of him, but the CIA has had to declassify an unbelievable amount of sensitive information to put Schulte on trial. Plus, the cost for prosecuting this crime is enormous. So I wonder whether they didn’t make the final decision to do this prosecution until 2018.

If so, that would parallel the timing of the Julian Assange prosecution in interesting ways. He was charged in December 2017, then indicted in March 2018, literally the same month that FBI obtained the Vault 7 files to enter into evidence.

Joshua Schulte Opening Arguments

Accused Vault 7 leaker Joshua Schulte’s trial started yesterday. The first transcript, covering (very short) opening arguments and Paul Rosenzweig’s testimony, is here (Calyx Institute sprung for the transcripts).

The opening arguments were interesting for two reasons. First, the government revealed something that had not been in filings before: they’re certain that Joshua Schulte stole the backup dated March 3, the date his supervisors took actions because of his fight with a colleague.

And the evidence will show that shortly after Schulte had broken back into the system, he stole an entire backup, a copy of all those secrets. And not just any backup, actually one that meant something to him. He stole the backup from March 3, 2016, the very day that Schulte felt the CIA had wronged him, by dismissing his false accusations against his co-worker. The exact backup, the exact secrets, put out by WikiLeaks.

The government had originally believed the files were stolen on March 7, the one year anniversary of the leak. This detail now makes it clear that the initial assessment, regarding the date of the files, has never changed.

Schulte’s lawyer, Sabrina Shroff, did not adjust her opening argument to adjust for this level of detail. She claimed that the government has changed it story about when the files were stolen.

Not only is the government’s story implausible, it keeps changing. And you will hear about this. You will hear that the government and the FBI agents first said that the data was taken from the CIA in March of 2016. They identify for you a very specific time period of when they think this data was stolen, March 7th or 8th of 2016. But now they will tell you, and now they have told you, in fact, that their first theory was wrong.

That’s true, but with the assertion that the March 3, 2016 backup was stolen, the government doubles down on their same initial theory.

Shroff also falsely claimed that CIA did not know the files were stolen until they were published on March 7, 2017.

The CIA had no idea — no idea at all — how these documents were leaked.

Julian Assange was months into an attempt to use these files to obtain immunity; the CIA had started an investigation at least as soon as that started, which is one of the reasons they had concluded Schulte might be the culprit by the time the files were leaked.

Having made that false claim, Shroff makes much of the fact that WikiLeaks sat on the files for a year.

Does the government even know when this happened? They claim to, but let’s just examine that. All they know is WikiLeaks published the information on March 7, 2017. The government’s theory is that the information was stolen almost a year before that, leaked to WikiLeaks, and for a whole year, WikiLeaks just sat on the information. The government wants you to believe that this information — this is national defense information that everybody wanted, that the CIA worked so very hard to keep secret — was released to WikiLeaks and WikiLeaks sat on that information — sensational, mind-blowing, news-creating information — for a year. Does that make any sense to you? An organization that wants to spread information, give out the news, sits on information for a whole year.

This might open the trial up for discussions of how WikiLeaks attempted to use the files to try to extort a pardon. It certainly will open up discussions about other things she’d probably not discuss.

Perhaps most curiously, Shroff makes much of the fact that (she says) the government can’t prove how the files got to WikiLeaks.

You will see that they have no evidence that WikiLeaks was the first entity, person, government, foreign agency to get that information. They will be able to give you no such evidence, so they will shift.


The CIA still does not know, and as you hear the government put in evidence after evidence, you will see that they will never be able to tell you how the evidence was taken, whether, in fact, WikiLeaks was the only entity that got it.

She may know Schulte used a cut-out. If so, staking her case on this may not help her.

Methinks Joshua Schulte Doth Protest Too Much over Anonymous

Accused Vault 7 leaker Joshua Schulte — whose trial starts Monday — and the government are having a fight over Paul Rosenzweig’s expert witness testimony again (see this post for the most comprehensive coverage of this dispute). Rosenzweig submitted the Powerpoint he plans to use at trial. Schulte raised objections to the Powerpoint as a whole and to specific slides on it. And the government responded, offering to make some modifications.

The general complaint from Schulte is that the government is using Rosenzweig to introduce otherwise inadmissible hearsay. In one case, the government has agreed to withdraw the claim (a quote from Fred Kaplan, who in my opinion is not particularly reliable with respect to WikiLeaks in any case). The government makes two responses of particular interest. First, that experts are allowed to draw on periodicals to make their conclusions.

Moreover, the defendant’s objection to the introduction of statements from respected news publications ignores that the Rules of Evidence expressly provide for the introduction of such material. Federal Rule of Evidence 803(18) expressly permits the recitation of “[a] statement contained in a . . . periodical . . . if . . . the statement is . . . relied on by the expert on direct examination; and . . . the publication is established as a reliable authority by the expert’s admission or testimony, by another expert’s testimony, or by judicial notice.”

After pulling the Kaplan quote, there’s not really much left in the slide deck that quotes journalistic sources, aside from direct quotes about the diplomatic backlash to the State cables. But what the government doesn’t say is that WikiLeaks presents itself as a respected news publication, which if they truly believe is true should allow introducing the WikiLeaks material as such.

But the government wants to prevent that from coming into evidence (even though Schulte warned that calling Rosenzweig would invite it). Indeed, rather than including material from the About page that Schulte would like to include that makes that point,

The excerpts from the WikiLeaks website are taken out of context. If the government is permitted to introduce two sentences from the lengthy “about” page on, the defense would be entitled to introduce other portions of that page, including that WikiLeaks is a “multi-national media organization and associated library,” that it has “contractual relationships” with more than 100 major media organizations, and that it has won numerous media awards. See

The government has offered to pull this slide:

Rather than conceding (or even mentioning) WikiLeaks’ claim to be a respected media outlet, the government says it can introduce the vast majority of the clips from WikiLeaks’ site because they are not assertions at all.

Indeed, other than WikiLeaks’ statements regarding the content of the Vault 7 leaks, the particular statements from WikiLeaks and Assange about which Mr. Rosenzweig will testify are not “statements” or “assertions” such that the rule against hearsay is even applicable.

That’s true. Some of what Rosenzweig plans to submit includes the pre-release hype WikiLeaks gave the Vault 7 release, including the release purporting to show the US had infiltrated French political parties (which it claimed provided justification for the Vault 7 release) and slides emphasizing the spookiness of the release, including this one invoking Chelsea Manning and Edward Snowden in the same breath as Julian Assange.

Other slides capture the instructions WikiLeaks gives to leakers, including to contact WikiLeaks if you have very large submissions (as this was) and to format and dispose of hard drives.

The government will claim Schulte followed some — but not all — of these instructions, in part because he couldn’t dispose of his CIA workstation, and in part because he kept the hard drives and a thumb drive he used to exfiltrate the files.

Mind you, WikiLeaks didn’t warn leakers not to Google everything they were doing as they did it, which is the really damning evidence against Schulte.

In any case, I can’t help but imagine we’ll be seeing this very same slide deck in a trial in EDVA (if Assange is ever extradited), as it shows a continuation of the kinds of activities charged in the existing Assange indictment. Assange’s extradition hearing has been split into two, with the second starting in May, so the government would have plenty of time to add such charges after this trial (which may last a month).

In addition to Rosenzweig’s refusal to include WikiLeaks’ awards (which I would imagine Schulte will bring out on cross in any case, though I honestly wonder why they didn’t bring in their own expert to present such material), one Schulte claim that absolutely has merit is that Rosenzweig should not use the WikiLeaks logo on all these slides.

Each page of the power point has the WikiLeaks logo and name from the WikiLeaks website as if the power point document itself was created by WikiLeaks. This creates a misleading impression and should be removed.

Schulte doesn’t lay out what misleading impression the logo provides, but I would argue it suggests that WikiLeaks endorses some of the content in the slide deck, pertaining to damage or the characterization of certain leaks. The government says this misleading impression can be avoided with an instruction.

With respect to the inclusion of the WikiLeaks logo on the relevant pages of the Demonstrative, WikiLeaks is the subject of his testimony, and it is reasonable to include it as a header. To avoid any confusion, the Government will elicit from Mr. Rosenzweig that the Demonstrative as a whole was prepared as a demonstrative aid for his testimony and was not produced by WikiLeaks.

I vehemently disagree with this stance. Over half of people are visual learners (indeed, the government will rely on visual reenactments to show how they claim Schulte stole the files). The logo on this slide deck ascribes to WikiLeaks things that they would strongly dispute. Particularly given that Rosenzweig is claiming there are three official WikiLeaks channels — the site, the WikiLeaks Twitter account, and Assange’s Twitter account — it is imperative that he differentiate in his presentation between what is official and what is his own analysis.

All of which is to say that, as predicted, calling Rosenzweig will invite a dispute over what kind of organization WikiLeaks really is (which is probably the point).

All that said, I’m frankly stunned that, amidst all the other slides in this presentation — including the one showing convicted leaker Chelsea Manning (whose leaks, the government will show, Schulte viewed as damaging in real time) and admitted leaker Edward Snowden (whom the government will show Schulte was Googling at a key time in August as he was also Googling WikiLeaks for almost the first time) — Schulte objects, again, to the invocation of Anonymous in this slide.

Having not objected that the government will raise Chelsea Manning and not objected that the government will raise Edward Snowden, Schulte is objecting that they’re raising Jeremy Hammond — like Manning, a confessed WikiLeaks source — and a 2010 operation to punish Paypal and others for blacklisting WikiLeaks.

We renew our objections to references to Anonymous, which are irrelevant and prejudicial.

As I have laid out, the way in which Schulte himself adopted the identity of Anonymous as part of his effort to leak to the WaPo from jail links together the three main pieces of evidence of that — his Signal texts with Shane Harris, his ProtonMail account in the name of Anonymous, and his prison notebooks. Schulte’s the one who claimed to be Anonymous, whether or not it’s true (and given the ethics the group adopts about membership, by claiming to be a member he basically is one). Anonymous’ tie to WikiLeaks is clearly admissible evidence based on Schulte’s own actions.

Schulte deems the invocation of Anonymous to suggest “concerted activity” that is more disturbing than simply stealing CIA’s hacking tools and leaking them to WikiLeaks in an effort to burn CIA to the ground out of spite for being made to sit in what Schulte considered an “intern desk” rather than a “prestigious desk with a window,” which is the motive the government says it will present.

The evidence of claimed participation in a shadowy, underground group infamous for cyber-attacks and dumping on WikiLeaks is unduly prejudicial as it suggests concerted activity of a type even more disturbing than what is charged.

The evidence suggests that Schulte adopted at least three personalities to leak from jail, deliberately attempting to present the illusion of concerted activity. Given the concerted concern about Anonymous amid all the equally damning references, perhaps some of Schulte’s imaginary friends aren’t actually imaginary?

As I disclosed in 2018, I provided information to the FBI in 2017. The government recently stated publicly that matters on which I shared information are related to Schulte. Aside from two press inquiries, I have not spoken with the government about Schulte.

Joshua Schulte Wanted to Include Instructions to Contact WikiLeaks in a Pro Se Motion

The lawyers for accused Vault 7 leaker Joshua Schulte made a last ditch effort yesterday to limit how much information from his prison notebooks can be admitted as evidence in his trial starting next week. Perhaps inadvertently, the letter provides new details about why the government believes Schulte was trying to leak from jail, as well as some hints about why his lawyers claim they may be responsible for some of his exposure on those charges.

As I had noted, the government wants to include a passage from his notebooks instructing somebody to “ask WikiLeaks” if they need help to prove that Schulte had knowledge of what WikiLeaks had received.

“Ask WikiLeaks” (014099) (undated): In the middle of the page, the defendant writes, “If you need help ask WikiLeaks for my code.”3 The defendant’s direction to consult WikiLeaks about his “code” is admissible as Nonpublic Information Evidence, because it is a statement that WikiLeaks is in possession of source code for tools upon which the defendant worked and that are contained in the back-up file that was stolen, even though WikiLeaks has not publicly disclosed that it possesses any source code for all of the tools. Schulte’s knowledge of non-public aspects of the information that was given to WikiLeaks helps to demonstrate that he was the one who gave that information to WikiLeaks in the first place.

Schulte’s lawyers argue, unpersuasively, that this is not relevant, though they also argue that it is “privileged information or work product” because the passage is part of a pro se motion Schulte was trying to draft.

  • “If you need help ask WikiLeaks for my code.” Gov. Ltr. 8. The government says that this sentence means that “WikiLeaks is in possession of source code for tools upon which the defendant worked and that are continued in the backup file that was stolen, even though WikiLeaks has not publicly disclosed that it possesses any source code for all of the tools.”

Nothing in the unredacted portion of Page JAS_022627 (classified #014099) is relevant to the government’s case. On the contrary, the beginning of the page is clearly part of a legal motion that Mr. Schulte was drafting. The top of the page states: “You can create a forensic copy of the device & then have control over it. There has been no reason over this past year that we would not have had access to this critical evidence except that the prosecutors have lied to your honor & played games.” This is privileged information or work product and is therefore not admissible.

Obviously, Schulte’s lawyers are wrong that this is not relevant to the government’s case, either on the MCC charges or the charges in chief. They don’t deny that this reflects knowledge that WikiLeaks has source code that Schulte wrote; they simply remain silent about it.

They’re instead making a half-hearted attempt to argue that it pertains to Schulte’s defense. That is, they’re arguing that in a pro se motion addressed to Judge Crotty, Schulte included instructions about how to use the code he wrote for the CIA to do something, possibly obtain forensic evidence from the CIA that the government had not yet turned over.

While the privilege claim, half-hearted as it is, is an interesting one, Schulte’s argument in some ways makes this passage more damning. After all, he had already, by this point, included allegedly classified information in a pro se bail motion. Around this period he tried to release information publicly via a pro se motion again, though the government pulled it from PACER before most people could access it. Schulte eventually would submit a pro se lawsuit challenging his SAMs designation that happened to make many of the same claims he had made in his “Presumption of Innocence” blog and alluded to some of the same challenges he had tried to make to warrants by leaking protected or classified information (though the government has not claimed it included classified information). That is, the record suggests that Schulte was using his pro se motions to communicate publicly as much as to mount legal arguments (though his pro se motion raises some important points about our shitty criminal justice system amid a lot of dreck and lies).

That makes the second part of what Schulte’s lawyers claim was a planned pro se motion all the more interesting. The government wants to present a page that appears 37 Bates stamp numbers later in Schulte’s notebook which lists a bunch of potentially classified topics.

“What We Expect to Find in Emails” (014136) (undated): At the top of this page, the defendant writes “What we expect to find in emails.” On the remainder of the page, the defendant writes a list of items, many of which contained classified information. This portion of the Blue Notebook is admissible as Intent Evidence and MCC Classified Information Evidence, because it shows the defendant cataloguing classified information that, if publicly disclosed, would likely be harmful to the United States. Indeed, some of the categories of information identified by the defendant on this page—such as certain operations—is the same as the classified information contained in the Fake Authentication Tweet, which serves to show that the defendant’s intent was to collect these materials for dissemination, not for any legitimate purpose related to his defense.

As noted, Schulte claims that this passage was not part of Schulte’s planned “New Articles,” which appears 22 pages earlier in the notebook, but instead the pro se motion. His defense claims this was a Fifth Amendment one, which I’m not sure I understand; it seems more like a selective prosecution challenge, but then they’re not engaging with the substance here.

What We Expect to Find in Emails (014136) (undated). This page is clearly part of Mr. Schulte’s pro se motion to dismiss under the Fifth Amendment for prosecutorial misconduct. The Fifth Amendment is referenced at the top of the right-hand page. As such it is privileged work product. In addition, the government has not specified which part of this page contains classified information and because the handwriting is not always legible the defense cannot fairly guess the offending part. Again this seems more a statement of Mr. Schulte’s political viewpoint, now as a wrongfully charged and detained defendant, and even were it not privileged, it would be irrelevant and unduly prejudicial.

In any case, even Schulte’s own lawyers are saying that Schulte wanted to submit a pro se motion that, first, instructed someone to use a tool he wrote for the CIA that could be obtained by asking WikiLeaks, possibly to find a bunch of email that includes classified information about CIA operations.

I can see how, in the wake of being busted once trying to spread protected information via pro se motion, his attorneys might advise him to draft any pro se motions in his notebook (at the time he had a classified discovery computer, but it’s not clear what he could write and save on it), which they could then review to make sure he wasn’t getting himself in more legal trouble. But then, when it was discovered, the government used it to claim he intended to leak more classified information.

Yet Schulte’s letter — in conjunction with evidence the government has said they’d submit at trial if the attorney-client advice issue came up — makes it clear that he was unhappy with his lawyer, Sabrina Shroff’s advice.

Finally, the government’s more general assertion that the conflict surrounding the MCC notebooks has somehow “disappear[ed]” based on the court’s ruling over objection that Mr. Schulte may not raise an advice-of-counsel defense is also incorrect. Gov. Ltr. 1. Indeed, the specific pages the government seeks to introduce include work product in preparation for Mr. Schulte’s defense. Some the pages that the government seeks to introduce also specifically mention “Sabrina” and refer to his family reaching out to different defense lawyers, strongly implying that Mr. Schulte had concerns about his current defense team. These portions of the notebooks only highlight the inherent conflict that the current defense team faces in representing Mr. Schulte. Additionally, if Mr. Schulte is convicted, this issue will surely be taken up on appeal, and may well cause a reversal of a conviction. The issue will only begin to “disappear” if the notebooks are excluded from the trial.

The government could easily show — and will, when Schulte appeals based on this argument — that at the time Shroff was trying to get him to stop trying to go public, he was threatening to go around her.

For example, the Government has described to the defense how, if the defendant offered his counsel’s testimony, the Government would likely rely on recorded prison calls in which the defendant criticized defense counsel’s advice, including, for example, calls in which the defendant stated that he would “go around” Ms. Shroff to disclose information to the media, despite her objections to this strategy.

In other words, written at a time when Schulte was trying to bypass Shroff, submitting a pro se motion including instructions on how to get and use one of the hacking tools he wrote, possibly to obtain classified emails, it could be seen as an attempt to use the pro se motion to leak information (or instruct others how to get and leak it). There’s no chance that that address, “If you need help ask WikiLeaks for my code,” was intended for Judge Crotty (who, in his writings, Schulte describes in very unfavorable terms), after all. Nor is it clear how someone as smart as Schulte is would include information confirming his role in the leak in a pro se motion claiming that prosecutors had unfairly targeted him.

All of which makes it interesting, to me, that this last-ditch letter addressing Schulte’s notebooks mounts an effort to get all reference to Anonymous, specifically, excluded from trial.

The government also again makes repeated reference to the “Anonymous” group. Dkt 257, at 5, 12, 17. As explained in our response to the motions in limine, all reference to Anonymous should be excluded under Rule 404(b).


The defense continues to object to any mention of Autonomous [sic] as unduly prejudicial and because it may confuse the jury.

The government has said it will introduce evidence that Schulte, in real time in 2010, opined that Chelsea Manning’s leaks to WikiLeaks had done damage, which not only proves that he followed historical WikiLeaks releases but believed that the way WikiLeaks had released her leaks did some damage. That piece of evidence is utterly damning in support of a claim that Schulte intended to damage the US with his alleged leaks. And the defense is focusing, instead, on Schulte’s self-proclaimed reference to Anonymous?!?!?

While Schulte’s team doesn’t specifically reference which arguments it relies on here, weeks ago, the defense made this argument about why mentioning Anonymous would be prejudicial.

The government has provided no justification to introduce comments about Anonymous, which must be excluded under Rule 404(b). The government offers no support why it should be allowed to introduce “additional communications with the Reporter, including encrypted communications in which [Mr.] Schulte claims to have been [a] member of the group Anonymous, which is a group known for conducting cyber-attacks that has provided documents to WikiLeaks in the past.” Gov. Mot. 33. This “additional” evidence is clearly not part of the charged offenses nor is it inextricably intertwined with them. The jury will discern no gaps in the government’s case if it is not included in the proof. Instead, it is just classic “bad act” evidence that would be purely prejudicial. The evidence of claimed participation in a shadowy, underground group infamous for cyber-attacks and dumping on WikiLeaks is unduly prejudicial as it suggests concerted activity of a type even more disturbing than what is charged.


The government also states that Mr. Rosenzweig will testify that in 2012 “Anonymous and WikiLeaks worked together to release information.” Gov. Res. 13. This testimony will “aid the jury in understanding the hacking group’s relationship with WikiLeaks” and that Mr. Schulte had “contact with access to WikiLeaks. Gov. Res. 13. As explained above, supra Point II(C)(1), information about Anonymous should be excluded from the trial.

That is, when Schulte’s team wrote this weeks ago (when they were trying unsuccessfully to exclude Paul Rosenzweig’s testimony about what Anonymous is and its past relationship with WikiLeaks), they focused only on the prejudicial aspect. Now, they’re claiming that discussion of Anonymous will confuse the jury, except that’s precisely why the government wanted Rosenzweig to explain what Anonymous is.

But we now know how inadequate this argument is.

Remember: the letter Schulte sent yesterday is an attempt to get Schulte’s notebooks (or at least the most damning parts of them) excluded from trial. But their reference to the government’s plan to introduce references to Anonymous in the letter actually draws from four different kinds of evidence: his notebooks, the Samsung phone he used in jail, and Signal texts and ProtonMail he used to contact a reporter (who warrant affidavits and recent filings have confirmed is WaPo’s Shane Harris).

Partly, the references to Anonymous prove that Schulte used the Samsung phone and the Annon ProtonMail account (the passwords for the ProtonMail accounts were also in the notebook), and that therefore the Signal texts that remain on the phone were sent by him.

In his correspondence with the Reporter, the defendant, pretending to be the defendant’s family and friends, asked the Reporter to send him the versions of the defendant’s articles that the defendant and his family had previously provided to the Reporter. When the Reporter demurred and sought confirmation from the defendant’s family whether the Reporter could provide the defendant’s articles to the user of the Annon Account, the defendant, posing as a member of his family, used a secure messaging application, Signal, to authorize release of the articles. In these Signal communications (the “Signal Messages”), the defendant claimed that the user of the Annon Account was a member of the hacktivist group Anonymous, of which, according to the defendant, the defendant was once a member. Anonymous has collaborated in the past with WikiLeaks to disclose stolen sensitive information.


Signal and Twitter to Send Articles and Tweets (014327) (Sept. 2, 2018): In this portion of the Red Notebook, Schulte writes, among other things, “Well its September now. Locked in all day. Hopefully tonight I can setup Signal from my cell & msg [last name of the Reporter] to confirm anon’s permission and get my fucking articles. I also need to confirm my twitter.” This page contains Use Evidence. In particular, the defendant references setting up Signal “from my cell”—which supports that the defendant was using Signal on the Samsung Phone—to confirm “anon’s permission”—which shows that the defendant was using the Anon Account to “get [his] fucking articles.” The defendant also made clear that he had created a Twitter account when he wrote “I also need to confirm my twitter.”


The Samsung Phone: Although the Samsung Phone was not found in the defendant’s cell, the Government intends to show that it was one of the cellphones that the defendant used at the MCC through various pieces of evidence, including by comparing identifying information appearing on the Samsung Phone to one of the images taken by CW-1 of one of the cellphones the defendant used in prison. The Samsung Phone contains, among other things, evidence that Encrypted Email Accounts were accessed on the cellphone, but not the actual communications from those accounts. The Samsung Phone also contains the Signal Messages in which the defendant, among other things, pretended to be a third person and attempted to convince the Reporter that the user of one of the Encrypted Email Accounts with whom the Reporter was corresponding (but who was in fact the defendant) is a member of the online hacktivist group Anonymous who is trying to help the defendant.

The Encrypted Email Accounts: The Annon Account contains the defendant’s correspondence with the Reporter, including the September 2018 Emails that attached the classified Network Structure Document and the Protected Search Warrant. The other Encrypted Email Accounts also contain records related to the defendant’s use and control of the Social Media Accounts, such as, for example, email notifications when the defendant modified the Social Media Accounts.

If I understand all this correctly, not only did Schulte use a ProtonMail account claiming to be a member of Anonymous to send details of CIA’s network structure to Harris (one of the charged pieces of classified information), but also used it to try to get him to send Schulte the original copies of his blog posts. Schulte was pretending to be a member of Anonymous on ProtonMail and a member of his family on Signal. And Schulte documented that scheme in his notebook in some of the references that Schulte’s lawyers want to exclude (though which they don’t lay out in such a way to show how it glues everything Schulte was doing from jail together).

But there’s still one more reference of Anonymous, tying it directly to the content that Schulte wanted to release: the Malware of the Mind article that reportedly discussed what he did at CIA.

Identifying Malware of the Mind as Article 10 (014319): On this page, the defendant identifies the Malware Article as article 10: “I’m hoping to write /edit my 9 articles. I don’t know how I can them—oh I may text [the Reporter] from [my cousin’s] number. Omar claims that some service exists to do this – I’m dubious. [Redacted]. Although I feel this may not work either . . . IDK Basically on hold for my publication. Secondly, I want to rewrite article #10: Malware of the Mind!” After a line drawn on the page, the page also includes, among other things, the phrase “Anonymous,” and the phrase “classified information.” This entry includes Intent Evidence, in that it shows that the defendant plans to re-draft his articles, including the Malware Article. Furthermore, the defendant’s statement that he might text the Reporter from his cousin’s telephone number, thus continuing to conceal his identity during those communications, is Guilty Conscience Evidence. Finally, the defendant’s reference to “Anonymous” and “classified information” is consistent with the defendant’s claims in his Signal messages that Anonymous is seeking to help prove his innocence by providing information to the Reporter.

The defense claims all this is prejudicial because, “it suggests concerted activity of a type even more disturbing than what is charged.” Except, by claiming that Schulte planned to include instructions in a pro se motion that people other than Judge Crotty — people with access to WikiLeaks — might use go get the code he wrote from WikiLeaks, possibly to obtain emails of classified information suggests that may well be what Schulte was attempting.

The government and Schulte are also arguing over what measures the government can use to protect the identities of a slew of CIA witnesses who will testify. Schulte has good reason to complain. In past trials (Jeffrey Sterling’s trial is being cited as precedent), the government engaged in a great deal of theater to make CIA witnesses — including witnesses whose CIA tie had already been declassified, as some of the witnesses here have been — seem especially momentous. Some of that is undoubtedly going on here. But if the government believes (and this letter from his defense does nothing to rebut that belief) that Schulte is using every opportunity in his prosecution to leak more information, there’s actually a solid case for some of those measures.

As I disclosed in 2018, I provided information to the FBI in 2017. The government recently stated publicly that matters on which I shared information are related to Schulte. Aside from two press inquiries, I have not spoken with the government about Schulte.

Joshua Schulte Spoke Positively of Edward Snowden the Day Snowden Came Forward

Here I thought that Joshua Schulte’s lawyers had finally come up with a decent argument, that Paul Rosenzweig’s testimony would be pointless to prove that Schulte, in choosing to leak to WikiLeaks, intended to damage the US because the government would have to prove Schulte knew of WikiLeaks when he allegedly first stole the CIA documents in May 2016.

But after pointing out that Schulte’s lawyers already blew their chance to make that argument, in a response the government  then pointed out how bad this argument is: because Schulte’s lawyers have already admitted that, “of course, Mr. Schulte knew” about Chelsea Manning’s leaks.

As an initial matter, the defendant’s Reconsideration Motion directly contradicts the argument he made in his original motions in limine concerning Mr. Rosenzweig’s testimony. The defendant argues in the instant motion that Mr. Rosenzweig’s testimony should not be admitted because there is no evidence that the defendant knew of, for example, Chelsea Manning’s disclosures to WikiLeaks. In his original opposition to the Government’s motions in limine, however, the defendant argued the exact opposite:

Next, the government says that it intends to introduce evidence of Mr. Schulte’s “knowledge of [Ms.] Manning’s leak.” Gov. Res. 11. The release of documents by Ms. Manning was front page news in every major news publication for numerous days. Of course, Mr. Schulte knew about it; so did everyone else who picked up a newspaper. It is not clear what the expert would have to add to this information. (Dkt. 242 at 44).

Worse, the government lays out not just that Schulte wrote about both Manning’s leaks to WikiLeak and Edward Snowden’s leaks, but discloses that they intend to introduce those chats at trial.

Moreover, even setting aside the dubious assertion that a member of the U.S. intelligence community could have been completely unaware of WikiLeaks’ serial disclosures of classified and sensitive information and the resulting harm, the Government’s proof at trial will include evidence that the defendant himself was well aware of WikiLeaks’ actions and the harms it caused. For example, WikiLeaks began to disclose classified information Manning provided to the organization beginning in or about April 2010, including purported information about the United States’ activities in Afghanistan. In electronic chats stored on the defendant’s server, the defendant discussed these disclosures. For example, on August 10, 2010, the defendant wrote in a chat “you didn’t read the wikileaks documents did you?” and, after that “al qaeda still has a lot of control in Afghanistan.” In addition, on October 18, 2010, the defendant had another exchange in which he discussed Manning’s disclosures, including the fact that the information provided was classified, came from U.S. military holdings, and that (according to the defendant) it was easy for Manning to steal the classified information and provide it to WikiLeaks. Similarly, in a June 9, 2013 exchange, the defendant compared Manning to Edward Snowden, the contractor who leaked classified information from the National Security Agency, and stated, in substance and in part, that Snowden, unlike Manning, “didnt endanger in [sic] people.”

Effectively, the government is going to show that Schulte — who like Snowden worked at both CIA and NSA (though in reverse order) — had decided the day that Snowden revealed himself that he hadn’t endangered someone.

I suggested in this post that the government appears to be preparing to use Schulte as an exemplar of an ongoing conspiracy, complete with their reliance on organized crime precedents.

[T]he government is preparing to argue that Schulte intended to harm the United States when he leaked these files to WikiLeaks, a stronger level of mens rea than needed to prove guilt under the Espionage Act (normally the government aims to prove someone should have known it could cause harm, relying on their Non-Disclosure Agreements to establish that), and one the government has, in other places, described as the difference between being a leaker and a spy.

To make that argument, the government is preparing to situate Schulte’s leaks in the context of prior WikiLeaks releases, in a move that looks conspicuously like the kind of ongoing conspiracy indictment one might expect to come out of the WikiLeaks grand jury, one that builds off some aspects of the existing Assange indictment.

That is, the government appears to be using Schulte to lay out their theory — rolled out in the wake of the Vault 7 leaks — that WikiLeaks is a non-state hostile intelligence service.

To be sure, there’s nothing in the least bit incriminating about talking about Snowden in real time. But it will make it a lot easier to hold Schulte accountable for leaking stuff in a far more damaging way in 2016 than Snowden did in 2013.

As I disclosed in 2018, I provided information to the FBI in 2017.

The Glenn Greenwald versus the Julian Assange Charges, Compared

Yesterday, Brazil charged Glenn Greenwald as part of the criminal sim swapping group that also leaked The Intercept details of corruption in Sérgio Moro’s efforts to put Lula in prison.

In a criminal complaint made public on Tuesday, prosecutors in the capital, Brasília, accused Mr. Greenwald of being part of a “criminal organization” that hacked into the cellphones of several prosecutors and other public officials last year.

Here’s the indictment.

The indictment comes after a ruling, in December, that Glenn (whom Bolsonaro was already targeting in a financial investigation) could not be investigated.

Those reports led a Supreme Court justice, Gilmar Mendes, to issue an extraordinary order barring the federal police from investigating Mr. Greenwald’s role in the dissemination of the hacked messages.

Prosecutors on Tuesday said they abided by that order until they found audio messages which, they argued, implicated Mr. Greenwald in criminal activity.

Prosecutors have claimed that they were abiding by that order, which relied on a Brazilian law (which sounds like it’s akin to the Bartnicki decision in the US) that says journalists cannot be prosecuted for publishing stolen information. But they found recordings that — they claim — show Glenn was interacting with the hackers while they were engaged in their other crimes, and advised them to delete logs, which (the indictment argues) helped them evade prosecution.

Citing intercepted messages between Mr. Greenwald and the hackers, prosecutors say the journalist played a “clear role in facilitating the commission of a crime.”

For instance, prosecutors contend that Mr. Greenwald encouraged the hackers to delete archives that had already been shared with The Intercept Brasil, in order to cover their tracks.

Prosecutors also say that Mr. Greenwald was communicating with the hackers while they were actively monitoring private chats on Telegram, a messaging app. The complaint charged six other individuals, including four who were detained last year in connection with the cellphone hacking.

The indictment includes long excerpts of the discussion, which (if my combination of shitty Portuguese assisted by Google Translate is correct) they claim shows that, amid news that Moro had been hacked, the source of the Intercept’s files came to Glenn and admitted there were currently monitoring Telegraph channels in the period before the Intercept was going to publish and had a discussion about whether they had to keep the stuff leaked to the Intercept pertaining to corruption. Glenn was quite careful to note he wasn’t offering advice about what the hackers should do, but said they would keep their one copy in a safe place and so the hackers could do whatever they wanted with the stuff they had. Even in spite of Glenn’s clear statement that The Intercept had obtained the files long before the ongoing hacking, the Brazilian prosecutors claim this shows Glenn knew of ongoing hacking and then discussed deleting logs of the prior hacking, making him a co-conspirator.

Apparently, however, this same evidence had already been reviewed before the December ruling, meaning the government is reversing itself to be able to include Glenn in the charges. The government must first get the approval of the judge that issued the initial ruling to prosecute Glenn.

Let me start by saying that this is both an attack on the press and a fairly clear attempt at retaliation against a Jair Bolsonaro critic, part of a sustained attack on Glenn and his spouse, David Miranda. The press in the US has pretty loudly come out in support of Glenn, and no matter what you think of Glenn or his Russia denialism, Glenn deserves support on this issue.

The charges have led a lot of people to say that the charges are just like what is happening with Julian Assange. They are similar. But I think they are distinct, and it’s worth understanding the similarities and distinctions.

Before I do that, since I’ve been accused — because I report on what the prosecution of Joshua Schulte says — of being insufficiently critical of the existing charges against Assange, here’s a post where I talked about the danger of the first charge against Assange (conspiracy to hack information) and here’s one where I lay out how a number of the Assange charges are for publishing information. I don’t support the current charges against Assange, though I think some of Assange’s more recent actions pose closer calls.

Renewing old charges

In both cases, the government took evidence that had already been assessed — in Assange’s case, chat logs from 2010 that the Obama Administration had deemed were not distinguishable from stuff the NYT does, and in Glenn’s case, the recordings that police had already reviewed before the ruling that Glenn should not be investigated — and found reason to charge that hadn’t existed before. In Glenn’s case, that decision was made just weeks later, under the same Administration. In Assange’s case, that decision came by another Administration (one installed in part with WikiLeaks’ assistance), but also came after WikiLeaks engaged in several more leaks that had pissed off the US.

The US government has (Trump flunky efforts to pardon Assange notwithstanding) always hated Assange, but it’s unlikely he would have been charged without 1) the Vault 7 leak burned the CIA’s hacking ability to the ground and 2) an authoritarian Trump administration with a gripe against journalism generally. That said, it’s still not clear why, if DOJ wanted to go after Assange, they didn’t do it exclusively on actions (like extortion using CIA files) that were more distinguishable from journalism, unless the government plans to add such charges to show a pattern over time, one that culminated in the Vault 7 leaks.

Whereas with Glenn, this feels immediately personalized, an effort to keep looking at a leak that exposed Bolsonaro’s hypocrisy until charges could be invented.

The similar conspiracy charge

Where the two cases are most similar is the common charge: a conspiracy involving computer hacking. But even there, there are important differences.

Brazil is arguing (again, relying on my shitty Portuguese) that Glenn is part of the conspiracy his sources are being prosecuted for because in a conversation where he acknowledged that they were still engaged in criminal hacking, he talked about deleting logs. That is, they’re not arguing that he tried to take part in the hacking. They’re arguing that he helped the ongoing hacking by helping the hackers evade discovery.

This is something that the government has shown WikiLeaks to do, for example showing Assange discussing with Chelsea Manning about operational security. The government cites OpSec assistance in the directly comparable “Conspiracy to Commit Computer Intrusion” charged against Assange (count 18):

  1. It was part of the conspiracy that ASSANGE and Manning used the “Jabber” online chat service to collaborate on the acquisition and dissemination of the classified records, and to enter into the agreement to crack the password hash stored on United States Department of Defense computers connected to the Secret Internet Protocol Network.
  2. It was part of the conspiracy that ASSANGE and Manning took measures to conceal Manning as the source of the disclosure of classified records to WikiLeaks, including by removing usernames from the disclosed information and deleting chat logs between ASSANGE and Manning.

But those are described in the “manner and means” section of the conspiracy charge. The overt acts part, however, describes things more commonly described as hacking: Manning’s use of a Linux operating system to obtain Admin privileges, her sharing of a password hash, and Assange’s unsuccessful effort to crack it. That is, Assange is charged with taking an overt act that amounts to hacking, whereas Glenn is charged with advising a source to delete logs (notwithstanding the way Glenn, in very lawyerly fashion, made it clear that he wasn’t offering advice). The inclusion of OpSec in the manners and means is absolutely dangerous in the Assange indictment. But the government alleged something more to include him in a CFAA conspiracy, something not present in the charge against Glenn.

Assange is also charged with another conspiracy charge that reflects ongoing discussions to obtain more information. That’s distinguishable from Glenn’s charge in that Assange was talking about getting more information, whereas all Glenn is alleged to have done is have a discussion at a time he knew his source was committing other ongoing hacking unrelated to and long after obtaining the files he published. But the two conspiracies are similar insofar as the government in question holds a publisher/journalist accountable for continued communication with a source who is engaged in ongoing lawbreaking, but in Assange’s case that crime pertains to obtaining information for Assange, whereas with Glenn it involves an entirely different crime.

More — and in some way, more dangerous — charges against Assange

There’s no parallel between the charge against Glenn and the other charges against Assange, which are some of the most dangerous. As I’ve laid out, there are three theories of prosecution used against Assange:

  • The attempt to hack to obtain additional classified information (described above, along with a charge tied to the things they were trying to obtain by cracking that password)
  • A solicitation of specific files, some of which Manning sought out and provided
  • The publication of three sets of informants names

The last of these is absolutely a charge for publishing information; that’s specifically what (with its contorted thinking) the charge against Glenn tries not to do.

The solicitation request is something both Brazil and the US attempt to insinuate about the Intercept for its advocacy of SecureDrop (which is now used by a slew of outlets). It’s also something that could easily be used to criminalize normal journalism.

The Brazilian charge against Glenn at least attempts to avoid criminalizing any of these things.


Of course, that’s a big difference right away. Glenn is not accused of publishing anything classified. Assange is.

And Assange is charged in such a way that gives him liability for releasing classified information under the Espionage Act.

And that’s an added danger of the Assange charges. Thus far, Assange has been charged for leaks that Chelsea Manning has never backed off having a whistleblower interest in leaking (the broad use of State cables she leaked would support that, but that’s less true of the Afghan and Iraqi war logs). As such, Assange is being charged for something that could implicate any journalist publishing classified information.

That said, that could change. That’s why some of the arguments the government is making in the Schulte case are so noteworthy. They are preparing to rely on precedents used for organized crime to argue that, in part because he leaked to WikiLeaks, Schulte intended to harm the US. To the extent that they substantiate that motive, it would put Schulte solidly in the position that the Espionage was designed for. But the government seems to be preparing to apply that argument to WikiLeaks more broadly.

Extradition and international legal process

Finally, though some folks appear to be forgetting this in demanding that the US get involved in Glenn’s case, Glenn was charged as a resident of Brazil for actions taken in Brazil. Assange was charged as an Australian citizen for actions taken in the UK affecting the US government, which has asked the Brits to extradite him for charges (Espionage) that fit under the kind of political crime that often will not merit extradition. Of course, Assange is fighting against Five Eyes governments that, post Vault 7 leak, are likely far less interested in such legal distinctions. Indeed, I suspect that’s one of the reasons the US charged Assange for leaking informant identities; some of those informants were British sources as much as American ones.

Still, the extradition gives Assange a preliminary opportunity to fight these charges, not just because it is a political crime and his health is at risk, but also based on claims (the validity of which I’ve been meaning to unpack) that he was spied on in the Embassy in ways that violate EU if not UK law.

Glenn, however, is facing charges in the increasingly authoritarian country he lives in with his spouse and children. So even though, as I understand it, the high court will have to approve his charges before he is actually prosecuted, Glenn still faces political retaliation within his resident country.

Update: Here’s a Mathew Ingram piece doing similar, though less granular, analysis.

Joshua Schulte’s Plans from Jail: “#TopSecret#FuckYourTopSecret”

In response to an order from Judge Paul Crotty, the government laid out what evidence it wants to use from prison notebooks seized from accused Vault 7 leaker Joshua Schulte’s jail cell. The whole filing is –as all descriptions of these notebooks have been — utterly damning.

For example, the filing explains a reference the government had earlier made: that Schulte had made reference to non-public information about what WikiLeaks had received in the Vault 7 leak. Schulte wrote a note sometime in July 2018 suggesting that if “you” needed help, they should ask WikiLeaks for Schulte’s “code.”

“Ask WikiLeaks” (014099) (undated): In the middle of the page, the defendant writes, “If you need help ask WikiLeaks for my code.”3 The defendant’s direction to consult WikiLeaks about his “code” is admissible as Nonpublic Information Evidence, because it is a statement that WikiLeaks is in possession of source code for tools upon which the defendant worked and that are contained in the back-up file that was stolen, even though WikiLeaks has not publicly disclosed that it possesses any source code for all of the tools. Schulte’s knowledge of non-public aspects of the information that was given to WikiLeaks helps to demonstrate that he was the one who gave that information to WikiLeaks in the first place.

Schulte wrote this in the second person, suggesting he was advising (or planning to advise) someone to use source code he wrote. He is known to have worked on obfuscation tools and a remote USB exfiltration tool. If he did intend that as instruction, he assumed the person in question would have been able to consult directly with WikiLeaks. It’s unclear to what end Schulte was imagining advising someone to use obfuscation or hacking tools written for the CIA.

In any case, the government claims that’s proof that Schulte knows exactly what was in WikiLeaks’ possession.

A later entry suggests Schulte and someone else — “we” — were trying to compromise email, possibly his own CIA email.

“What We Expect to Find in Emails” (014136) (undated): At the top of this page, the defendant writes “What we expect to find in emails.” On the remainder of the page, the defendant writes a list of items, many of which contained classified information. This portion of the Blue Notebook is admissible as Intent Evidence and MCC Classified Information Evidence, because it shows the defendant cataloguing classified information that, if publicly disclosed, would likely be harmful to the United States. Indeed, some of the categories of information identified by the defendant on this page—such as certain operations—is the same as the classified information contained in the Fake Authentication Tweet, which serves to show that the defendant’s intent was to collect these materials for dissemination, not for any legitimate purpose related to his defense.

Later, the letter describes a part of Schulte’s planned Information War on the United States, probably dating to late August or early September 2018, one he wanted to roll out in a tweet with the hash tag, “#TopSecret#FuckYourTopSecret.”

Over these three pages, Schulte wrote the following. At the top of the first page, Schulte wrote “#TopSecret#FuckYourTopSecret,” and under that draws an arrow to the phrase “or dump the secrets here:”. At the top of the page Schulte also wrote “establish credibility,” and, underneath that appears another version of the Fake Authentication Tweet. Later, the defendant recommends to U.S. intelligence agency employees to “send all your govt’s secrets here: WikiLeaks” until the U.S. government “honors” their service. As with the last entry, this is entry contains MCC Classified Information Evidence in the form of the Fake Authentication Tweet. In addition, the instruction to intelligence agency employees to give their “secrets” to WikiLeaks is Intent Evidence.

Effectively, the government seems to be arguing, Schulte planned to use a Twitter account in the name of Jason Bourne to encourage US intelligence agency employees to leak information to WikiLeaks, something Julian Assange did himself in a post-Snowden 2013 speech. Not only does this suggest Schulte was shifting into recruitment mode, but it validates the motive the government claims he himself had for leaking the CIA’s hacking tools, because the CIA didn’t “honor” his service. That’s one of the classic recruitment motives (of money, ideology, compromise, and ego, the latter).

These parts of Schulte’s prison notebooks, then, suggest he was doing more than just posting his blogposts and sharing a CIA network diagram from jail. He was at least imagining he might use tools he wrote for the CIA to steal emails full of classified secrets and also recruit others to feed WikiLeaks with more classified information over Twitter.

Schulte’s team, in one of the only filings they’ve submitted that makes a decent point in Schulte’s defense, finally offered an explanation for why this may not be as damning as it looks.

In yet another bid to get Paul Rosenzweig’s testimony showing how Schulte’s actions fit into a pattern that make look WikiLeaks look like a criminal organization, they argue that Rosenzweig’s testimony that leaking to WikiLeaks would exhibit an intent to damage the US could only work if the government first proved that Schulte knew how WikiLeaks worked.

The Court ruled, in relevant part, that “[a]n understanding of the WikiLeaks organization and how it operates is directly relevant to the allegation that, In transmitting Classified Information to WikiLeaks, Schulte intended or had reason to believe there would be injury to the United States.” Dkt. 256, at 4. This ruling makes sense only if the government first presents foundational evidence showing that Mr. Schulte knew how WikiLeaks was organized and operated. Absent such evidence showing what Mr. Schulte knew, expert testimony about these subjects would be totally disconnected from—and therefore would have no bearing on—Mr. Schulte’s state of mind.


Here, absent proof that Mr. Schulte was aware of how WikiLeaks was organized or functioned, Mr. Rosenzweig’s testimony about those subjects, even if accurate and admissible under Fed. R. Evid. 702, would be irrelevant to what Mr. Schulte “intended or had reason to believe” when he allegedly leaked information to WikiLeaks in 2016. As in Kaplan, it would be error to admit this testimony without the required connection to what Mr. Schulte actually knew.

The same principle applies to Mr. Rosenzweig’s purported testimony about harm ostensibly caused by prior WikiLeaks revelations. If Mr. Schulte did not know in 2016 about the prior revelations or the harm they supposedly caused to the United States, any expert testimony about those revelations and resulting harm is irrelevant (and unfairly prejudicial under Rule 403).

In earlier filings, the government has made much of the fact that August 4, 2016 is the first or one of the first times Schulte ever searched Google for information on WikiLeaks. And, trust me, this guy recorded everything in his Google searches. So, the defense could argue, Schulte didn’t even begin to learn about the outlet he had leaked to until three months after he leaked the files to them (nevermind how he figured out how to get it to them).

This only works to limit the applicability of Rosenzweig’s testimony for the CIA leaks, not the leaks and attempted leaks from MCC. Plus, Schulte’s claim to have been part of Anonymous — whether or not it’s true — would amount to a claim that he operated in an environment where he would have learned of WikiLeaks in chatrooms. But it’s not clear the government could prove that.

Whether or not they can show Schulte’s actions are part of a longer campaign by WikiLeaks to encourage intelligence professionals to leak to WikiLeaks to avenge slights by the government, the notebooks are even more damning than the government has previously revealed.

As I disclosed in 2018, I provided information to the FBI on issues related to the Mueller investigation.

Joshua Schulte’s Carefully Crafted Plan to (Metaphorically) Blow Up His Trial

There’s an unintentionally ironic footnote in accused Vault 7 leaker Joshua Schulte’s response to the government motion in limine that, among other things, seeks to ensure the government can introduce evidence from Schulte’s prison notebooks to show he had a plan to conduct Information War from his jail cell.

In it, the defense objects to the government plan to use Schulte’s own writings to provide evidence of motive. In the angry tone the motion adopts throughout, the footnote argues that it’s not clear how Schulte’s “messy, ranting” notes could be evidence of a carefully crafted plan, then goes on to argue that the government’s reliance on a ruling in the Chelsea bomber’s case finding that the bombs he had planted in New Jersey reflected motive to bomb New York is inapt.

The government also says that the “MCC Evidence” is admissible of Mr. Schulte’s “motive, intent, preparation, and planning” with respect to the MCC counts. Gov. Mot. 45. The government does not define which pieces of evidence fall under this category, a phrase it uses for the first time at Gov. Mot. 38, and may refer to all information that was collected at MCC without limit. For example, the government says his notebooks are a “carefully crafted plan,” for an “information war.” Gov. Mot. 45. It is far from clear what evidence the government believes is part of this “careful[ ]” plan,” or why the government believes that messy, ranting, handwritten notes in notebooks labeled privileged could be part of any carefully crafted plan. In any event, the cases it cites, about an uncharged bomb threat being introduced to show intent to threaten a victim, and the planting of bombs in one location to be introduced to prove planning to plant bombs in another case, are nothing like this one. Id. This broad request should be denied.

The footnote appears in a filing that is itself messy, making arguments at one point (for example, that the government shouldn’t be able to present evidence Schulte stuck a USB drive that likely had Tails on it into his CIA workstation right before he allegedly stole the CIA’s hacking tools) that contradict arguments made elsewhere (that the government shouldn’t be able to use Paul Rosenzweig as an expert witness to describe the import of WikiLeaks encouraging its sources to use Tails, because the significance of using Tails is clear).

Over and over again, the filing makes arguments that amount to saying, “you can’t argue that our client’s weaponization of CIA hacking tools and disinformation are at all akin to bombs, even though WikiLeaks argued those tools were newsworthy precisely because they pose that same kind of proliferation threat,” and “you can’t argue that WikiLeaks acts like an organized crime outfit,” because if you did it would make the gravity of our client’s alleged crimes clear.

As I read the manic tone of the argument — the most substantive public argument the defense has made in months, amid an extended period of making one after another process argument about why they can’t move to trial next month —  I wondered whether Schulte is driving his attorneys nuts. He is, undoubtedly, among the most confounding defendants I’ve covered — and I’ve covered plenty who exhibited far more signs that extended incarceration on top of underlying mental illness had made them unfit to stand trial.

Schulte may well be exhibiting signs of being jailed for an extended period under Special Administration Measures that limit his communication with outsiders. Though, as the government noted in one of their responses to this extended effort to avoid going to trial, Schulte apparently told Judge Paul Crotty last month he’s willing to undergo the SAMs he has twice challenged for at least another six months to be able to make the process arguments he claims, unconvincingly, he wants to make.

If the defendant’s strategy works, trial in this case would likely not begin until more than two years after the original national security charges in this case were filed, more than three and a half years from the WikiLeaks disclosure that began this investigation, and more than four years from when the Government alleges the defendant stole and transmitted to WikiLeaks the national defense information at issue in this case.

The defendant has claimed that he is willing to remain in prison for this extended period of time—even though he is, according to him, innocent of these charges and the victim of a campaign to frame him conducted by the U.S. Attorney’s Office, the Federal Bureau of Investigation, and the CIA—because Ms. Shroff and Mr. Larsen are “necessary” witnesses who would provide testimony that would help to exonerate him. The defendant has further stated, under oath, that he knows that relying on these witnesses’ testimony would lead to a potentially broad waiver of his attorney-client privilege. But despite acquiescing to even longer detention under special administrative measures, regardless of his purported innocence and the waiver of his privilege, all for the opportunity to present Ms. Shroff’s and Mr. Larsen’s testimony at trial, the defendant still maintains that his decision as to whether he will call either of these attorneys as witnesses remains so amorphous and theoretical that he should not be required to provide the Government even the most meager information about the substance of this purported testimony just weeks before the current trial date.

But ultimately, it’s clear that this is his defense strategy, as messy and stupid and self-destructive as it is.

In another of the government’s responses to this process defense — one that lays out what I did in a post arguing that Schulte is engaged in a con game of three card monte with his legal representation — they take three pages to lay out the timeline of Schulte’s efforts to prevent his virtual confessions in his prison notebooks from being used in the case against him. In my own similar timeline, I had missed that Sabrina Shroff had left the Public Defender’s office in sometime before December 3, rendering one of the claims about an institutional conflict she continues to make moot.

More importantly, there are several new details to that timeline. James Branden, who was appointed in October based on representations he could be ready for trial in January, who then made a request for a six month delay in November because he couldn’t be ready even while admitting he had a week vacation scheduled when he first took on the case, has only met Schulte twice (which must be two court hearings, including the Curcio hearing last month). That’s revealed in both a Schulte request to fire Branden and a Branden response saying he’s happy to be fired, neither of which have been docketed yet.

January 2, 2020: The defendant—despite not having raised any such concerns at the Curcio Hearing—submitted the Schulte Letter to the Court, in which the defendant claimed that he had only seen Mr. Branden twice and that the defendant has “no relationship or confidence in his ability to assist in my defense at trial next month.” The defendant asked that the Court to appoint the defendant a new attorney.


January 7, 2019: Mr. Branden submitted a response to the Schulte Letter, in which Mr. Branden confirmed the defendant’s factual representations in the Schulte Letter and stated that Mr. Branden would not oppose being replaced as counsel— notwithstanding his prior representations to the Court regarding his availability to prepare for and participate in the trial as counsel appointed pursuant to the Criminal Justice Act.

I had been wondering whether Schulte’s team asked for Branden to be appointed to make it easier for them to quit, as they’ve tried to do in about three different ways since. I wonder, too, whether Branden hasn’t begun to worry the same thing (not least because he hasn’t signed any of the defense briefs since he was brought on), and he wants off now before — like Wile E. Coyote in virtually every Loony Tunes episode ever — he’s left holding an exploding bomb he set himself.

Basically, what happened over eighteen months ago is that Schulte’s lawyers told him to stop publishing attacks on the government’s case himself, as he kept including classified information that made his situation worse. So instead he wrote plans to publicly rebut the charges against him in a notebook — plans that (according to Schulte’s own recorded jail phone calls) Shroff opposed.

[T]he Government has described to the defense how, if the defendant offered his counsel’s testimony, the Government would likely rely on recorded prison calls in which the defendant criticized defense counsel’s advice, including, for example, calls in which the defendant stated that he would “go around” Ms. Shroff to disclose information to the media, despite her objections to this strategy.

In addition to this evidence that Schulte was ignoring Shroff’s warnings about going public, the stuff in his prison notebooks — including passwords for ProtonMail accounts — is in no way consistent with a public rebuttal that any defense attorney could legally agree to.

So instead, Schulte has just gotten his lawyers to claim they gave bad advice, have a conflict, and now might face criminal exposure for trying to get their client to stop breaking the law from an MCC jail cell. Which might be true, but only because his lawyers were trying to represent his desires, and ultimately his desire seems to be to blow the CIA up, using means that are illegal.

All this appears to be an effort to forestall being tried, indefinitely, out of a presumed recognition that the government already has what amounts to a written confession, and he’s willing to rot at MCC rather than go to trial with that apparent written confession.

In a filing from last month, the government catalogued thirteen different attorneys who have represented Schulte over the course of this prosecution.

Finally, it is also a case in which the defendant—over the course of those three adjournment requests—has cycled through at least 13 attorneys,1 including the instant defense team, which includes at least three attorneys who have represented the defendant for more than a year and a half.

Those 13 attorneys who have represented the defendant are Sabrina Shroff, Edward Zas, Allegra Glashausser, James Branden (all of whom currently represent the defendant, and three of whom have security clearances), Matthew Larsen, Lauren Dolecki, Jacob Kaplan, Mark Baker, Alex Spiro, Taylor Koss, Kenneth Smith, Sean Maher (who was recently appointed as Curcio counsel), and at least one attorney who has not filed a notice of appearance but who appears to be advising Schulte about constitutional arguments to make with respect to the Classified Information Procedures Act (“CIPA”).

There are a lot of reasons why Schulte has gone through so many lawyers, money and clearance, among others.

But at this point, Schulte’s strategy seems to be avoiding trial by ensuring he has no lawyers.

Schulte seems convinced he can’t win on the merits. So to avoid losing, he’s going to hack the legal system in an effort to ensure he never loses.