Posts

The Cultivation of Don Jr: A Framework to Think of the Russian Attack

/17 Comments/in , /by

Months ago, I started laying out a framework to provide background to explain how Trump has trained the GOP to hate rule of law, a key part of how he has brought us close to fascism. My weekend post on Bill Barr’s obfuscation about his role in Ukrainian matters (to which there will be a follow-up) started to fill in another of the remaining bullets.

Today, and in parallel, LOLGOP and I will begin to release some podcasts as we explain the important part: how all this brings us to where we are, with both Aileen Cannon and SCOTUS taking active measures [heh] to help Donald Trump avoid accountability.

So I need to explain how I think of the Russian attack.

Generally, people think of the Russian attack in the same way Robert Mueller set up Volume I of his Report:

  • Volume I Section II: [Dead] Yevgeniy Prigozhin’s social media campaign
  • Volume I Section III: GRU’s hack and leak campaign
  • Volume I Section IV: Russian Government contacts to the Trump campaign

Remember, his report was an explanation of prosecutorial decisions. It was only intended to determine whether things were crimes. It only included the prosecutorial decisions that had been concluded by Mueller. So, for example, the report itself didn’t describe the referrals sent to other districts, such as SDNY’s prosecution of Michael Cohen for financial crimes and hush money payments or EDNY’s prosecution of Tom Barrack on foreign agent crimes, which ended in acquittal; it remains unclear how much of these referrals show up in the referral section. Mentions of ongoing investigations, such as into the suspected $10 million payment to Trump from an Egyptian bank or evidence that Roger Stone conspired with Russian in the hack-and-leak, were relegated to the appendix or a footnote.

The SSCI Report instead considered whether these things posed a counterintelligence risk, rather than a crime. As such, they considered a long list of possible compromises, categorized both by people (like Paul Manafort or Maria Butina — the latter of whom was not included in scope of Mueller Report) and events (like the June 9 meeting). Viewed from that framework, having a guy who spent years implementing influence operations for Russian allies Manafort, work for “free” on the campaign looks quite different, like a grave counterintelligence risk to Donald Trump. Great swaths of that report — such as a section on Andrii Telizhenko’s influence operations, which may even have incorporated Bill Barr — remain redacted.

But as this effort to interfere in the US election proceeded, Russia conducted at least two (and, I argue, at least a third) devastating attacks on US intelligence, which had ties to the election year attack itself.

  • The Shadow Brokers release of NSA’s hacking tools, which (I was told but have not reconfirmed) shared one forensic link and has several human infrastructure links to the election attack
  • The Vault 7/Vault 8 release of CIA’s hacking tools, which in implementation continued a pressure campaign by Julian Assange rooted in the election year attack
  • A concerted campaign against the FBI, largely focused but not exclusively reliant on the Steele dossier

The Solar Winds attack, discovered in the last year of Trump’s presidency, could be another such attack, one used by Sidney Powell’s team (including Mike Flynn and Patrick Byrne) in their attack on democratic elections, one that stole Chad Wolf’s emails as he helped Trump discredit election integrity efforts, one Trump is using in his attack on rule of law. The attack was first initiated years earlier, possibly as early as 2016. But so little is known about the attack — aside from that it targeted a number of government agencies and court filing systems — that I will bracket that for now.

This sets up a structure something like this:

What Mueller includes in his contacts with Russia section is possible (and in some cases, definite) attempted recruitment. That kind of thing is a constant.

In advance of the Russian attack, however, Russian entities may have been behind a number of efforts focused on Trump and his associates. Deripaska worked a brutal double game that made it more likely to get Manafort’s cooperation, witting or not. Joseph Mifsud brokered ties to Russian officials for George Papadopoulos — leading to an (aborted) plan to set up a meeting with Putin’s team in London. A former GRU officer and two sanctioned banks got involved in Felix Sater’s pitch of a Trump Tower to Cohen, resulting in Dmitry Peskov collecting proof of Trump’s willingness to work with GRU before the Hillary hack was ever revealed. Someone dangled stolen emails before Roger Stone, ultimately giving him an advance peek — in exchange for what, we don’t know — but Stone started pursuing a pardon for Julian Assange no later than November 15 (and probably as early as October 3).

With the exception of the Manafort pitch (which leveraged his financial desperation), none of those pitches from Russia — whether they were backed by Russian spooks or not — would have required anything more than recklessness and venality from the Trump side. For example, in January, when Cohen called Dmitry Peskov to ask for Putin’s help finalizing the Trump Tower deal, Trump probably doubted he was going to win and there was no reason to be particularly alarmed by the GRU tie; but after the revelation that GRU hacked the DNC, after Trump got the nomination, the existence of the January call became potentially devastating. The Coffee Boy bragged to diplomats from three different countries that Russia was going to attack Hillary, which looked dramatically different when WikiLeaks released the stolen DNC emails (which is when the Australians shared their knowledge of it).

If I’m right that Russia deliberately used some of the same infrastructure in the hack-and-leak and the Shadow Broker operation, it would serve as a stick unveiled at precisely the moment Roger Stone bit on the carrot of advanced access to John Podesta emails, basically tying Stone’s outreach to an attack on the NSA.

Similarly, the unveiling of the Vault 7 release, which WikiLeaks (or an intermediary between Josh Schulte and WikiLeaks) sat on from May 2016 until March 2017, made Stone’s sustained commitment to winning a pardon for Assange all the more damaging. It is unknown whether Russia got an advanced look at those files (which would have provided a way to identify CIA’s assets in Russia), but Assange used a Deripaska-linked attorney to try to negotiate immunity in advance of releasing the files, tying its release to Russia.

Along with Stone, this entire operation came to a focus on Don Jr.

Obviously, there’s the June 9 meeting pitch, which again requires nothing more than recklessness from Don Jr, but which resulted in him receiving a pitch for sanctions relief in exchange for dirt on Hillary. “If it’s what you say I love it especially later in the summer.” Maria Butina similarly tried to pitch Trump’s son.

Don Jr, who joined some of the most rabid Trumpsters in validating the Prigozhin’s trolls, likewise would have represented an overlap between those trolling operations and the ones run by right wing extremists.

At least as interesting is the way Assange repeatedly incorporated Don Jr into his pitch. On September 20, WikiLeaks alerted Don Jr to an anti-Trump campaign and provided a password.

59. On or about September 20, 2016, at approximately 11 :59PM, Target Account 1 sent a private message to a high level individual associated with the Campaign (the “high-level · Campaign individual”). 4 The message stated: “A PAC run anti-Trump site ‘ ‘ is about to launch. The PAC is a recycled pro-Iraq war·PAC. We have guessed the password. It is ‘. See ‘About’ for who is behind it. Any comments?”

Jr passed it onto the campaign, making it clear he had accessed the site. This was the basis of the (totally appropriate) prosecution declination for Jr. only disclosed after years of FOIA challenge by Jason Leopold.

In October, at a time when WikiLeaks was rebuffing Stone’s outreach, WikiLeaks repeatedly suggested Don Jr push out links (and recommend his father do so too). A figure in the Douglass Mackey DM threads by the name of P0TUSTrump kept pushing those links as if in response.

The day of the election, WikiLeaks pushed Don Jr to convince his dad not to concede.

Hi Don; if your father ‘loses’ we think it is much more interesting if he DOES NOT conceed [sic] and spends time CHALLENGING the media and other types of rigging that occurred–as he has implied that he might do. He is also much more likely to keep his base alive and energised this way and if he is going to start a new network, showing how corrupt the old ones are is helpful. The discussion about the rigging can be transformative as it exposes media corruption, primary corruption, PAC corruption etc. We don’t like corruption ither [sic] and our publications are effective at proving that this and other forms of corruption exists.

On December 16, 2016, WikiLeaks pushed Jr to convince his dad to give Assange an Ambassadorship (which would amount to immunity).

Hi Don. Hope you’re doing well! In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to DC “That’s a really smart tough guy and the most famous australian you have! ” or something similar. They won’t do it, but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons. Background: justice4assange.com

As news of the June 9 meeting broke, WikiLeaks advised Jr to release his emails via WikiLeaks and also advised he reach out to Margaret Kunstler.

When these DMs were released on November 14, 2017, Assange tweeted out a follow-up to the December 2016 one, adding a threat by hashtagging, Vault8, the source code to the CIA files, a single example of which WikiLeaks had just released on November 9, 2017.

I read this as a concerted effort to shift from Stone to Don Jr. Whether Don Jr was actively soliciting this help or not, WikiLeaks made sure to tie Trump’s son to their plight, both publicly and privately.

Whatever else may have gone on between WikiLeaks and the failson, around the time that Mueller’s questions would have alerted Trump that he knew of the pardon pitches, at a time when WikiLeaks’ ties with Russia were under far greater scrutiny, Jr’s buddy Arthur Schwartz went after Cassandra Fairbanks, disabusing her of any hopes Trump would pardon Assange. She ultimately flew off to London to tell him.

None of this says that Don Jr conspired with Russia on the 2016 attack. What is says is that Russian assets systematically viewed him as an idiot that could be and was often useful. And Jr ended up connecting all the through-strands: he bridged the hack-and-leak and social media campaigns with the right wing lists, he reliably got his dad to act on his instructions, and then — as the cost of all this went up — Assange repeatedly targeted Jr as he increased the cost of the hack of the CIA, effectively extorting Jr as he started releasing CIA source code.

Even before I turn to the dossier, viewed this way, the Russian operation in 2016 isn’t so much about getting Trump elected. Rather, it’s about sowing irreparable polarization in the US that deliberately tied Trump’s people to the twin attacks on the Deep State — Shadow Brokers and Vault 7/8.

With little involvement beyond predictable recklessness and venality (and Don Jr’s stupidity), then, Russian assets implicated Trump’s people in attacks on the Deep State that raised the cost of their openness to Russian help in 2016, but which would have made any admissions by Trump all the more costly.

Russia didn’t need cooperation from Trump’s people (though they got it from at least Manafort and Stone and a certain idiot who proved useful). They just needed to make any already improbable conciliation impossible, impossible politically and impossible for a Narcissist like Trump to do. That would practically guarantee that Trump would attack the country to defend himself, his son, his ego.

That, in turn, would make the aftermath of the 2016 attack far more fertile for recruitment, because it would prioritize allegiance to Trump over allegiance to country.

emptywheel Makes CIPA History

/59 Comments/in , /by

Yesterday, Judge Aileen Cannon issued a surly order, acceding to Jack Smith’s request to protect witnesses. In reversing herself, Cannon scolded Smith for not making a more fulsome case to seal information.

Only now, after failing to meaningfully “raise argument[s] or present evidence that could have been raised” in these responses, Wilchombe, 555 F.3d at 957, the Special Counsel moves for reconsideration and argues, in no uncertain terms, that the Court committed “clear error” by applying an unobjected-to legal standard [ECF Nos. 267, 282]

Ultimately, Cannon argued the 11th Circuit precedent on this — but not on other — types of pretrial motions is undecided.

Having done so, the bottom line is this. The Eleventh Circuit has not specifically addressed the instant question: whether, in a criminal proceeding, the First Amendment qualified right of access attaches to discovery materials referenced or attached in support of a publicly filed Rule 12(b) motion to compel discovery under Rule 16. Nevertheless, the most faithful application of Supreme Court and available Eleventh Circuit authority is that Defendants’ MTC in this case is not subject to a public right of access, whether constitutional or common law in nature, because it is a still, ultimately, a discovery motion as distinct from a substantive pre-trial motion requiring judicial resolution on the merits.

Remember: One reason Trump has these materials to attempt to publicly release is because Smith was more generous in discovery than the rules require. Cannon did not permit Smith to seal information that would otherwise be Jencks, aside from information identifying witnesses.

The Court reaches a different conclusion as to the Special Counsel’s broad-based request to seal the substance of all substantive Jencks statements referenced in and/or attached to the MTC [ECF No. 278 p. 2 (arguing for wholesale sealing of potential witnesses’ statements to avoid “influenc[ing] the testimony of other witnesses or the jury pool”)]. By granting this sweeping and undifferentiated request—which the Special Counsel also raises in seal requests associated with Defendants’ substantive pretrial motions [See ECF No. 348 pp. 6–7]—the Court would be authorizing the categorical sealing of large portions of the record attached in support of critical
pretrial defense motions.

Meanwhile, in SDNY, I won (or rather, Judge Jesse Furman used my intervention (and that of Inner City Press) as an excuse to grant disclosure of something even more rare: Redacted transcripts from the CIPA 6 conference in the Josh Schulte case.

[T]he Court concludes that CIPA overrides any common law right of public access to the transcripts of a closed CIPA Section 6 hearing, at least where, as here, the court determines that the classified information may not be disclosed or used at trial. But the Court concludes that the public has a qualified right of public access to such transcripts under the First Amendment. It follows that the transcripts at issue here, redacted to protect national security or to preserve other higher values, must be unsealed.

As Furman noted, he had already disclosed some of this in a conference on jury instructions; he had distinguished those who disseminated already-released classified information if they knew it was classified (and therefore, by re-disseminating it, would confirm that it was classified) from those who did not have means to know.

I gave you two hypotheticals. I think one is where a member of the public goes on WikiLeaks today and downloads Vault 7 and Vault 8 and then provides the hard dive with the download to someone who is not authorized to receive NDI, and I posed the question of whether that person would be guilty of violating the Espionage Act and I think your answer was yes. That strikes me as a very bold, kind of striking proposition because in that instance, if the person is not in a position to know whether it is actual classified information, actual government information, accurate information, etc., simply providing something that’s already public to another person doesn’t strike me as — I mean, strikes me as, number one, would be sort of surprising if that qualified as a criminal act. But, to the extent that the statute could be construed to [] extend to that act one would think that there might be serious constitutional problems with it.

I also posed the hypothetical of the New York Times is publishing something that appears in the leak and somebody sharing that article in the New York Times with someone else. That would be a crime and there, too, I think you said it might well be violation of the law. I think to the extent that that would extend to the New York Times reporter for reporting on what is in the leak, or to the extent that it would extend to someone who is not in position to know or position to confirm, that raises serious constitutional doubts in my mind. That, to me, is distinguishable from somebody who is in a position to know. I think there is a distinction if that person transmits a New York Times article containing classified information and in that transmission does something that confirms that that information is accurate — right — or reliable or government information, then that’s confirmation, it strikes me, as NDI. But it just strikes me as a very bold and kind of striking proposition to say that somebody, who is not in position to know or does not act in a way that would confirm the authenticity or reliability of that information by sharing a New York Times article, could be violating the Espionage Act. That strikes me as a kind of striking proposition.

So all of which is to say I think I have come around to the view that merely sharing something that is already in the public domain probably can’t support a conviction under this provision except that if the sharing of it provides something new, namely, confirmation that it is reliable, confirmation that it is CIA information, confirmation that it is legitimate bona fide national defense information, then that confirmation is, itself, or can, itself, be NDI. I otherwise
think that we are just in a terrain where, literally, there are hundreds of thousands of people unwittingly violating the Espionage Act by sharing the New York Times report about the WikiLeaks leak.

Furman has given the government an opportunity to further redact the transcripts, but ordered them otherwise released on May 3 — meaning they’d be available before the follow-up hearing in the Assange extradition case, on which — because they pertain to the First Amendment — they may have bearing.

I’m not entirely sure this move is as unprecedented as Furman makes out. Some of the CIPA materials in the Scooter Libby case were released.

But particularly because this may affect the Assange extradition and particularly because the CIPA hearings in the Trump case are sure to be contentious, I would not be surprised if the government appeals this decision.

Thanks, again, to National Security Counselors’ Kel McClanahan to agreeing to argue this for me. You can support them here or here.

Update: Here’s my post explaining the High Court order inviting assurances about Assange’s First Amendment protections. DOJ has 6 more days to issue those assurances.

High Court Decision May Pose New Challenges to Julian Assange Prosecution

/14 Comments/in , , /by

The British High Court today issued a ruling provisionally giving Julian Assange permission to appeal his extradition on three grounds. But before he can do that, the US has an opportunity to give assurances on those grounds to address specific concerns.

The court put everything on hold, then, for 55 days to allow that reassurance process to happen.

We adjourn the renewed application for leave to appeal on grounds iv), v) and ix). The adjournment is for a period of 55 days until 20 May 2024, subject to the following directions:

i) The respondents have permission to file any assurances with the court by 16 April 2024.

ii) In the event that no assurances are filed by then, leave to appeal will be granted on grounds iv), v) and ix).

iii) In the event that assurances are filed by 16 April 2024, the parties have permission to file further written submissions on the issue of leave to appeal, in the light of the assurances, such submissions to be filed by the applicant by 30 April 2024, and by the respondent and the Secretary of State by 14 May 2024.

iv) In the event that assurances are filed by 16 April 2024, we will consider the question of leave to appeal at a hearing on 20 May 2024.

One of those three grounds — that he might become eligible for the death penalty — will be easily dispensed with, as the US easily dispenses with similar concerns in terrorism cases.

When I first read the judgment, I assumed the other two issues would be similarly dispensed with easily (and the judges certainly seem inclined to grant extradition if they get appropriate assurances).

The third ground for appeal, after all, pertains to whether Assange will be treated as a defendant like an American would be. And since the Espionage Act doesn’t allow for content-based defenses, Assange would be no worse situated than any other Espionage Act defendant — arguably including Donald Trump (whose 2010 attacks on Assange were one basis for raising concerns about the death penalty).

But the second basis for appeal may be more tricky for the US to issue assurances.

It has to do with whether the First Amendment gives Assange equal protection to what he’d get under Article 10 of the European Convention on Human Rights.

The judges seem inclined to adopt Baraitser’s analysis that, so long as Assange can rely on the First Amendment, it would (and therefore that if the US says he can do so, the extradition can be approved).

However, we agree with the judge that extradition of the applicant would not involve a flagrant denial of his article 10 rights. In summary, that is because:

i) The First Amendment gives strong protection to freedom of expression, which broadly reflects the protection afforded by article 10 of the Convention. On the assumption that the applicant is permitted to rely on the First Amendment, it is not arguable that extradition will give rise to a real risk of a flagrant denial of his article 10 rights.

ii) Counts 1 to 14 and 18 concern conduct which is contrary to the criminal law and which does not directly concern free expression rights. The prosecution of such conduct does not involve a flagrant denial of article 10 of the Convention.

iii) Counts 15, 16 and 17 concern the publication of the names of human intelligence sources. There is a strong public interest in protecting the identities of human intelligence sources, and no countervailing public interest justification for publication has been identified.

iv) There were strong reasons, as the judge found, to conclude that the applicant’s activities did not accord with the “tenets of responsible journalism”.

But as I noted here, that analysis is fine for the extradition question. It’s fine to rule that Assange would get at least the same protections as he would in Europe.

It’s another thing altogether for use in a US courtroom.

That’s because the First Amendment doesn’t include a balancing test of privacy versus public interest present in the ECHR.

Rather, in language that would apply equally to Assange’s indiscriminate publication of the DNC and Podesta emails (as well as the publication of the Turkish and Saudi emails), Baraitser argued that Assange’s publication in bulk was not protected because it did not and could not properly weigh the risk to others.

This part of the ruling, in particular, would not translate into US law. There is no such privacy balance in the US outside of much weaker defamation laws. And so this part of the ruling does not offer much comfort with regards the existing charges as precedent in the US context.

Whereas in Europe, you have to act like a journalist to get protections as one (which Baraitser said Assange did not, especially not with respect to the three counts of publishing the identities of US and Coalition sources, which had little public interest value to counterweigh the harm he did to those whose names he published), in the US one does not have to adhere to journalistic principles to be protected by the First Amendment.

The US may have real concerns about giving assurances sufficient to meet this particular concern. If they do, Assange would be able to argue that the US was unfairly applying prior restraint to him in a way it doesn’t others — including Cryptome’s John Young, who has repeatedly tried to intervene in Assange’s case in various ways, each time on the basis that he published the State cables without punishment.

All that may be for the best. Faced with such a choice, the US might choose to drop the case entirely (or drop the three most damaging charges, if they are able to do that). I doubt they would drop it entirely, but they could.

They could also pursue the misdemeanor plea the WSJ recently reported, though as reported that seemed like mostly Assange-derived fluff.

Or they could limit the kinds of evidence they use on these charges. One thing that distinguishes Assange from journalists — and from Young — for example, is that prior to publishing all the cables without adequate redaction, he first shared a subset of them with Israel Shamir, who then gave them to (at least) Belarus. At least for the state cables, prosecutors could prove the dissemination charge without relying on publication altogether. Doing so would not only mitigate the damage this precedent would cause, but would get to the real damage that releasing those identities did, willfully giving dictators advance notice to retaliate against US sources before the US could take mitigating measures.

Finally, the might just note that Bartnicki does not apply because Assange allegedly was involved in the theft of the documents in question. Who knows. Depending on what happens with the Project Veritas investigation associated with Ashley Biden’s diary, DOJ might soon have a US citizen being prosecuted in a similar situation.

I imagine the US would have no problem assuring the Brits that Assange would have the same stinky content-based First Amendment rights as other Espionage Act defendants. The question is whether they’d be willing to allow Assange to argue that his prosecution amounted to prior restraint.

Don Jr Confesses He and Douglass Mackey Were “Put on Lists” Together

/10 Comments/in , /by

In an interview of far right troll and now convicted felon Douglass Mackey yesterday, Don Jr confessed that he and Mackey had frequented the same lists back in the day.

DONALD TRUMP JR. (HOST): And with that, guys, joining us now is Doug Mackey. Again, if you guys were in the meme wars, like, early adapters like me back in 2015 and ’16, you’ll know him as Ricky Vaughn. But Doug, for the people watching — and it’s great to have you. You know, I know — we’ve probably gone back and forth on Twitter back in the old days and DMs, and I’m sure we were put on lists way back then. But for the people watching, can you explain what happened here? I mean, you literally ran a Twitter account named Ricky Vaughn. And you got charged for posting a meme. What’s going on?

Later in the interview, Trump Jr. told Mackey that his Ricky Vaughn account was “awesome” and “may be my favorite Twitter account of all time” and “maybe the best of all time.” [my emphasis]

I find that particularly interesting, because there’s a troll in the troll rooms released as part of Mackey’s trial named P0TUS Trump. I’ve always wondered whether it could be Don Jr.

I had that suspicion not just because of the name, but also because P0TUS Trump always seemed even more focused on the WikiLeaks releases than the others. The others were busy conducting far more sophisticated campaigns.

On October 12, 2016, as everyone else was excited that Mackey had been added back to their group after being banned, P0TUS Trump was instead pushing #PodestaEmails3.

An hour later, in a conversation with Mackey co-conspirator MicroChip, he pushed #PodestaEmails4.

The next day, as MicroChip and unindicted co-conspirator HalleyBorderCol were casting doubt on claims that Trump was a rapist, P0TUS Trump again was focused on WikiLeaks.

That monomaniacal focus on WikiLeaks while everyone else was focused on other things came in the days after — according to the SSCI Report — WikiLeaks had DMed Don Jr at his normal Twitter account (for which Mueller obtained.a warrant in October 2017) directly to get him to push hashtags, including pertaining to PodestaEmails4.

(U) WikiLeaks also sought to coordinate its distribution of stolen documents with the Campaign. After Trump proclaimed at an October 10 rally, “I love WikiLeaks” and then posted about it on Twitter,1730 WikiLeaks resumed messaging with Trump Jr. On October 12, it said: “Strongly suggest your dad tweets this link if he mentions us … there’s many great stories the press are missing and we’re sure some of your follows [sic] will find it. btw we just released Podesta Emails Part 4.”1731 Shortly afterward, Trump tweeted: “Very little pick-up by the dishonest media of incredible information provided by WikiLeaks. So dishonest! Rigged System!”1732 Two days later, Donald Trump Jr. tweeted the link himself: “For those who have the time to read about all the corruption and hypocrisy all the @wikileaks emails are right here: wlsearch.tk.”1733 Trump Jr. admitted that this may have been in response to the request from WikiLeaks, but also suggested that it could have been part of a general practice of retweeting the WikiLeaks releases when they came out. 1734 [my emphasis]

WikiLeaks remained focused on cultivating Don Jr for at least another year, trying to get him rather than Roger Stone to take the lead on a pardon for Julian Assange, and when that didn’t happen, posting ominous warnings about dropping the source code Josh Schulte had stolen under the Vault 8 label.

And that’s just what’s public.

Imagine if the former President’s failson had a private identity, one playing right along with two men who have been convicted of conspiring to harm the civil rights of Hillary Clinton supporters, the same crime, 18 USC 241, for which Trump now stands accused.

Serving as Julian Assange’s Unwitting Data Mule to Israel Shamir Is Not Journalism

/21 Comments/in , , , /by

It’s a testament to how effective WikiLeaks’ propaganda is that almost none of the people implicated by things Julian Assange did years ago and almost none of the people who brainlessly repeat Julian Assange’s propaganda now know about this May 16, 2022 filing, submitted last year in the Josh Schulte case, which I wrote about here.

The redacted bits of the filing almost certainly describe things obtained in an ongoing investigation of WikiLeaks that pertain to how the data stolen by Schulte was used. The unredacted parts, however, describe that what must be the WikiLeaks investigation is both ongoing and has a scope that, “is neither known to the public nor to all of the targets of the investigation.”

“All of the targets.” That phrase is telling. At least one target — Assange — knows he is a target. The other targets (and DOJ uses the jargon to describe people who almost certainly will be charged, not just people who might be) don’t know.

The WikiLeaks investigation — which is ongoing and not just, as many boosters claim, an attempt to shore up the case against Assange — is not an investigation into Assange, exclusively. There are other targets.

Key WikiLeaks people almost certainly know about this filing, because they treated Schulte’s second trial — where he defended himself and repeatedly tried to publicly share classified information, almost certainly including details of the discovery about the ongoing WikiLeaks investigation he had received — differently than the first.

They’re just not telling you that there are other targets of the WikiLeaks investigation.

They’re not telling you, in part, because it ensures that when the Met or FBI or other investigators approach people to obtain information about those other targets, they’ll refuse, because they don’t want to be part of a prosecution of Julian Assange for what they’re telling themselves is journalism.

James Ball is the latest person describing how that happened.

In a Rolling Stone post describing the two year effort to obtain his cooperation, he claims journalists are being asked to cooperate against Assange.

And he claims he’s being approached — for information that clearly pertains to Israel Shamir — as a journalist.

He asserts that he’s being approached as a journalist by claiming that DOJ wants to talk to him about this 2013 article, rather than about his own conduct described in the article.

As the article described, in 2010, he unwittingly served as Assange’s data mule, handing off 90,000 State Cables to Israel Shamir, who then exploited them — by sharing them with Belarusian dictator Alexandr Lukashenko and/or selling them — before the entire Cable set was released.

Shamir is an anti-Semitic writer, a supporter of the dictator of Belarus, and a man with ties and friends in Russian security services. He and Julian—unknown to us—had been in friendly contact for years. It was a friendship that would have serious consequences.

Introduced to WikiLeaks staff and supporters under a false name, Shamir was given direct access to more than 90,000 of the U.S. Embassy cables, covering Russia, all of Eastern Europe, parts of the Middle East, and Israel. This was, for quite some time, denied by WikiLeaks. But that’s never a denial I’ve found convincing: the reason I know he has them is that I gave them to him, at Assange’s orders, not knowing who he was.

Why did this prove to be a grave mistake? Not just for Shamir’s views, which are easy to Google, but for what he did next. The first hints of trouble came through contacts from various Putin-influenced Russian media outlets. A pro-Putin outlet got in touch to say Shamir had been asking for $10,000 for access to the cables. He was selling the material we were working to give away free, to responsible outlets.

Worse was to come. The NGO Index on Censorship sent a string of questions and some photographic evidence, suggesting Shamir had given the cables to Alexander Lukashenko of Belarus, Europe’s last dictator. Shamir had written a pro-Belarus article, shortly before photos emerged of him leaving the interior ministry. The day after, Belarus’s dictator gave a speech saying he was establishing a WikiLeaks for Belarus, citing some stories and information appearing in the genuine (and then unpublished) cables. [my emphasis]

As he admits, at least by 2013, Ball was aware that Shamir had ties to Russian spooks.

What Ball describes in the piece is that he entered into an agreement with Assange to provide data to someone, Shamir, that Shamir did not publish, but instead shared with a repressive dictator and, probably, with Russian intelligence services.

That’s not journalism. That’s spying.

To be sure: as Ball describes, he realized his error and promptly left WikiLeaks (and, as he described in the 2013 article, refused to sign some of the NDAs Assange was pushing). That’s why he was approached as a witness and not a subject, because he made affirmative efforts to leave the conspiracy that has already been charged against Assange and almost certainly will be charged against Shamir, if it hasn’t already been, under seal.

After having served as an unwitting data mule for Assange in a handoff that would result in Lukashenko (and possibly Russian spies) getting advance access to the content of the Cables, Ball subsequently became a journalist. But that does not retroactively change what happened in 2010. Nor does that mean FBI approached him as a journalist. They approached him as a guy who once unwittingly served as a data mule for the part of the Cable releases that undermines all the claims that Assange is nothing but a publisher.

Here’s what people miss about the publication charges against Julian Assange, including the Cable count. They charge him for, “distributing them and then by publishing them.” Proving that Assange distributed the State Cables via unwitting data mule James Ball to Shamir is all DOJ would have to do to prove that charge against Assange, to prove that Assange shared them with someone not authorized to receive them. At a hypothetical trial of Assange (and whoever else gets charged), they’ll undoubtedly explain that after first giving privileged access to the Cables to Shamir, who handed them onto people who would use them to suppress dissent, Assange published all of them. That’s part of the cover. That’s part of what leads people like Ball to imagine he was involved in journalism when he shared the Cable files with Shamir.

For a number of WikiLeaks releases, there’s some story like this, about how before publication, files were either removed from the publication set or provided exclusively to someone in advance. The publication is, in part, cover for that earlier sharing. Schulte even described how if Russia got the source code he shared with WikiLeaks but which WikiLeaks, with limited exceptions, did not publish, they would never publish it, because it would be more useful to reverse engineer what the CIA had been doing.

These tools are MUCH more valuable undiscovered by the media or the nation that lost them. Now, you can secretly trace and discover every operation that nation is conducting.

Schulte is one of the people that anyone charged in a larger WikiLeaks conspiracy would be charged with conspiring with.

That’s the tough thing about US conspiracy law: Once you enter into a conspiracy, you’re on the hook for the actions of anyone who later enters into that conspiracy — like Shamir or Schulte — whether or not you know about it personally. You’re on the hook unless and until you take affirmative actions to leave the conspiracy. Lots of people with ties to WikiLeaks want no tie to Assange’s relationship with Shamir, but if DOJ adds him as a co-conspirator, then they’re not going to have much choice in the matter.

In any case, because so few of WikiLeaks’ boosters know that there are other targets in this investigation, they seem to be getting unfortunate legal advice, such as regarding the import of the detail that FBI obtained a statement from Shamir — whose statements, if and when he is charged as a co-conspirator, can be entered at trial — stating that Ball provided Cables, which he claimed to be about “the Jews,” to him.

The U.S. government cannot make much use of what I revealed in the article in a court of law unless I testify to it — and it is not hard to see how I could be useful if they were trying to strengthen the political case against Assange. In the article, I admit that I was the one who gave Shamir the material, albeit on Assange’s orders, without knowing who he was. If I testified to all this, it could, at least in theory, open me to criminal charges of my own.

[snip]

When, after months of delaying tactics had run out of road, we said a final “no”, there was a small sting in the tale from a DOJ prosecutor to my lawyers. Sending a statement in which Shamir had falsely claimed I had provided him with cables on “the Jews,” the prosecutor noted:

“Upon seeing those words from Shamir, I cannot help but ask whether Mr. Ball would reconsider his decision about speaking to the investigators, even if only just to respond to Shamir’s allegations.”

Yeah, it was a sleazy tactic, but also one designed to alert his lawyer that Ball does not currently have exposure but at a trial in which Shamir is a co-conspirator, Ball’s own conduct will be introduced at trial as part of proving that Cable charge and can be introduced without the article Ball wrote in 2013. Ball was advised they can’t use his article without his testimony — and because he had already left any agreement with Assange that’s probably right — but FBI can certainly introduce Shamir’s claims that he got the Cables from Ball, along with whatever other evidence they have about what Shamir did with them afterwards.

One more reason the fact that this is an ongoing investigation into targets not publicly identified matters: DOJ may or may not  or may already have gotten the UK to approve superseding the existing indictment against Assange, the one that has led people to believe he is the only target of it. But they certainly have the ability to charge a conspiracy in which Assange is an uncharged co-conspirator, showing a seven year conspiracy involving Russian spooks — starting no later than that handoff of cables to Shamir — charging everyone else that entered into a conspiracy via Assange with Russian spooks. Back in 2020, prosecutors implied to Jeremy Hammond that the long extradition process of Assange would provide the opportunity to charge Assange’s involvement in the 2016 Russian hack-and-leak. And because at least one of the people who would be charged in such a conspiracy, Josh Schulte, appears to have continued his efforts to leak through last year, any statute of limitations might go through 2027. That’s why they’re in no rush to charge Shamir publicly: because the way conspiracy law works in the US, they can charge everyone who didn’t affirmatively leave the WikiLeaks conspiracy so long as the conspiracy remains ongoing.

Ball may well be right that the other people the FBI has approached are being approached for coverage of WikiLeaks they did, as journalists (though there are some edge cases). But of the descriptions I’ve seen, there’s always another as yet uncharged target about whom the FBI is asking. That may not change their calculus about whether they want to cooperate, but it means, whether they know it or not, that their refusals are not limited to a bid to protect Assange’s conduct.

I think the people approached for their coverage of WikiLeaks should definitely tell the FBI to fuck off.

But there’s more going on here, particularly with the request to Ball.

James Gordon Meek and Merrick Garland’s “Suspect Exception”

/8 Comments/in /by

According to a discovery response letter sent on April 7, the government had only been able to access one of four laptops it seized from investigative reporter James Gordon Meek’s house when it searched his home for Child Sexual Abuse Material a year ago.

The government has not been able to access evidence item 1B4 and has not relied on any content from that device in its charges against your client. The laptop referenced in the complaint is evidence item 1B6. That item is and has been available for your review at the FBI facility, and a copy of the data was provided for your visit on March 16.

The government did seize four laptops from Mr. Meek. Those items are labeled 1B3, 1B4, 1B5, and 1B6. At this time, the government has only accessed 1B6.

The letter was made available as part of a motion to compel discovery filed last week.

That detail came in response to a question about why, when Meek’s legal team conducted an evidence review at the FBI on March 16, they were not able to access one of the laptops.

During our evidence review at the FBI on March 16, 2023, we were not able to review the contents of the laptop seized from Mr. Meek (item 1B4). Three of the data volumes appeared to still be encrypted. Our expert asked CART Gabriela Mancini about this issue, and Ms. Mancini explained that the laptop had not been “processed.” We noted that the government stated in the complaint affidavit that the FBI recovered 90 CSAM items from the laptop. It is unclear how this was done without processing the laptop.

[snip]

Furthermore, it is my understanding that the government seized a total of four laptop computers. Can you please confirm that 1B4 is a MacBook laptop, and the status of the other seized laptop computers?

These three still unexploited laptops are of some interest given the questions Meek’s (refreshingly competent, given what I’ve become used to from many of the January 6 lawyers) attorney Eugene Gorkhov raised in the MTC about how DOJ treated Meek as a journalist.

Most of the issues in the MTC are just competent lawyering: demanding more details about how the investigation into Meek moved from a DropBox tip to the National Center for Missing and Exploited Children to the Virginia State Police to the Arlington County Police to the FBI, and asking for evidence that the leaks to the press detailing aspects of the investigation show bias. Those questions are likely fairly easily explained (or blown off). If they’re not, they’ll provide leverage at trial, if not reason to dismiss the case.

It’s how DOJ treats a journalist when investigating him for suspected crimes entirely unrelated to his journalism that is of interest in this MTC.

Gorokhov describes receiving notice that DOJ used a filter team, both in advance of his April 2022 search and — presumably — in advance of investigating materials obtained with a warrant served on a cloud provider, back in November 2021. But DOJ refused to share the filter protocol.

In its search of the electronic devices seized from Mr. Meek’s residence, the government accessed Mr. Meek’s newsgathering materials, including communications, sensitive confidential sources, and work product. The government stated that it employed filter procedures while carrying out these searches. The discovery materials reference filter team memoranda dated November 24, 2021 and April 22, 2022. The defense has requested copies of these memoranda, Ex. 4 at 6, but the government has refused to provide them, claiming that they are work product and that, in any event, Mr. Meek has no reporter’s privilege because no such privilege exists. Ex. 5 at 5. Mr. Meek has also requested documentation relating to requests to, and approvals by, senior DOJ officials19 in connection with the search warrant applications in this case or any other investigative steps in this case. Ex. 4 at 7. The government has refused to produce this material. Ex. 5 at 5.

Gorokhov asks how that’s consistent with its media policy, particularly given the 2021 report on legal process used with journalists. He suggests Meek shows up twice there — first, in a subpoena approved by the Assistant Attorney General served on a media outlet (presumably ABC) to identify who accessed a particular news article, then Deputy Assistant Attorney General approval under a “suspect exception” before obtaining the first warrant targeting Meek.

Mr. Meek has also requested documentation relating to requests to, and approvals by, senior DOJ officials19 in connection with the search warrant applications in this case or any other investigative steps in this case. Ex. 4 at 7. The government has refused to produce this material. Ex. 5 at 5.

The government’s own policies and actions belie its position that Mr. Meek’s newsgathering materials are entitled to no protection. If this were true, then why did the government claim to implement filter procedures? Additionally, why did the FBI agents at the search ask Mr. Meek to identify devices containing newsgathering materials? The DOJ’s own policies reflect the recognition that newsgathering materials are entitled to protection: “The Department recognizes the important national interest in protecting journalists from compelled disclosure of information revealing their sources, sources they need to apprise the American people of the workings of their Government.” 28 C.F.R. § 50.10(a)(2). To be sure, the DOJ’s policies provide more protection in circumstances where newsgathering activities are the subject of investigation, but the need to protect such information is recognized by the DOJ even in instances where the investigation is unrelated to newsgathering activities. See, e.g., 28 C.F.R. § 50.10(d)(2) (requiring authorization of Deputy Assistant Attorney General for the Criminal Division prior to issuing compulsory process to a member of the media for conduct unrelated to newsgathering); 28 C.F.R. § 50.10(o)(4) (“Members of the Department should consult the Justice Manual for guidance regarding the use of filter protocols to protect newsgathering-related materials that are unrelated to the conduct under investigation.”).

19 See Ex. 6, Annual Report: Department of Justice Use of Certain Law Enforcement Tools to Obtain Information from, or Records of, Members of the News Media; and Questioning, Arresting, or Charging Members of the News Media (Year 2021). The publicly available report indicates that in 2021, the Deputy Assistant Attorney General authorized a search warrant for an online account of a journalist in connection with a child exploitation investigation. The same report also states that “the Assistant Attorney General for the Criminal Division authorized the issuance of a grand jury subpoena to a news media entity in order to obtain IP address information for computers that accessed a particular online news article during a specified narrow timeframe.” The government has provided no records reflecting the latter investigative activity by the FBI, and

I highly doubt that Meek will get anywhere with this challenge for the legal reasons DOJ gave in its reply. There’s no reporter’s privilege, especially not in the Fourth Circuit, and especially not when a reporter has committed the offense at issue.

Your client has no reporter’s privilege in any way relevant to this case. The Fourth Circuit— following the Supreme Court—has declined to recognize a privilege for reporters in criminal proceedings even when the reporter is merely a witness to a crime. See United States v. Sterling, 742 F.3d 482 (4th Cir. 2013) (citing Branzburg v. Hayes, 408 U.S. 665 (1972)). There is no basis for the assertion of any such privilege when the reporter has himself committed the criminal offense, and even less so where, as here, the crime is unrelated to his newsgathering activities. That the government voluntarily took steps to shield the case prosecutors from materials related to your client’s newsgathering activities does not create any right or privilege for your client, and there would be no suppression right or remedy available, even supposing that there had been a deviation from the protocols the government elected to impose upon itself. [my emphasis]

But note the reference to “this case.”

As consistent with DOJ’s assurances that they will only rely on one laptop to prove the CSAM case against Meek, the forfeiture language in the indictment applies to just that one laptop.

But given Gorokhov’s language in the MTC, the warrants were written to access everything.

Given that the investigation was purportedly focused on CSAM, which is limited to a “visual depiction” of minors engaged in sexually explicit conduct, it is not clear why the government sought to have law enforcement agents search the entirety of Mr. Meek’s files.

To be fair, FBI searches everything in CSAM cases, not least because of means that sophisticated users use to hide CSAM.

But it’s an especially apt question given that, the day after the search, the FBI discussed suspicions that Meek had classified documents.

The FBI’s internal documents and communications in the wake of the raid, disclosed to defense counsel only after Mr. Meek was charged, revealed that the government planned to investigate its suspicions that Mr. Meek possessed classified documents.

This is a loophole I pointed out when Merrick Garland first rolled his revised media guidelines. The guidelines offered new protections to reporters obtaining classified materials in the course of newgathering — as Meek would have been.

But it also exempted subjects from the guidelines if they were suspected of a non-newsgathering crime. Like CSAM possession. Or, in the case of Julian Assange, the hacking charge with which he was first charged (I believe the Espionage Act is also exempted, and foreign agents are definitely exempted).

This is, I suspect, an error that Rashida Tlaib made in her letter calling on Merrick Garland to drop the charges against Assange. She suggests that dropping the indictment would be in keeping with Garland’s new policy.

As Attorney General, you have rightly championed freedom of the press and the rule of law in the United States and around the world. Just this past October the Justice Department under your leadership made changes to news media policy guidelines that generally prevent federal prosecutors from using subpoenas or other investigative tools against journalists who possess and publish classified information used in news gathering. We are grateful for these pro-press freedom revisions, and feel strongly that dropping the Justice Department’s indictment against Mr. Assange and halting all efforts to extradite him to the U.S. is in line with these new policies.

Ignoring the possibility that DOJ has made a foreign agent determination with Assange — a very real possibility, in his case, in which case the policy doesn’t apply at all — it still seems that the plain language of the policy suggests once you become an investigative subject for a non-newsgathering crime — hacking in the case of Assange, CSAM possession in Meek’s case — then the application of the policy is uncertain.

As DOJ moves towards a June 20 trial date for Meek on CSAM charges, three of his laptops remain, unexploited, at the FBI. DOJ has said he has no reporter’s privilege interest in the CSAM case and that’s absolutely right. But those three laptops, obtained with a warrant approved on that suspect exception, as well as other reporting materials from the devices they did exploit, still remain in FBI’s custody, obtained with a warrant gotten under the suspect exception.

The charges against Meek are very serious and quite disturbing. But that makes his case a very good test of how Garland’s media policy applies with someone who is a suspect in an awful crime, but also, by any measure, an investigative reporter. DOJ seized, and is holding (in potentially encrypted form) materials and devices that relate to his newsgathering which would otherwise be covered by the news media policy. DOJ has kept these materials from the CSAM team. But after his prosecution, what will become of those materials?

Disclosure: In this post I describe my limited acquaintance with Meek going back to the Libby trial, with more recent interactions in 2018 or 2019.

Timeline

March 11, 2021: NCMEC received tip from Dropbox

June 2021: Virginia State Police served subpoenas on Verizon and Google

N.d.: VSP referred case to Arlington County Police Department

September 7, 2021: Referral from ACPD to FBI

November 24, 2021: Filter team memoranda

April 22, 2022: Filter team memoranda

April 27, 2022: Search

April 28, 2022: FBI email chain stating Meek may be in possession of classified information

October 19, 2022: Rolling Stone reported on search; Marjorie Taylor Greene tweet claims to know search was about CSAM

November 2, 2022: Gorokhov raises leaks with AUSAs

December 19, 2022: Rolling Stone reported “indictment” being prepared

January 31, 2023: Arrest affidavit [warning: exceptionally graphic language]

February 1, 2023: At detention hearing, DOJ incorrectly claimed Meek said his “life was over”

February 20, 2023: Consent motion for extension of indictment

February 24, 2023: Meek discovery letter

March 16, 2023: DOJ response, stating that it does not intend to produce filter team memo

March 30, 2023: Indictment

March 31, 2023: Follow-up discovery letter

April 7, 2023: Government response

April 20, 2023: Motion to compel disclosure

April 21, 2023: Judge Claude Hilton granted complex designation, set June 20 trial date

Jack Teixeira: Leak Dumps Don’t Care about (the Story You Tell about) Motive

/49 Comments/in , /by

Dan Froomkin says reporters should call Jack Teixeira’s release of highly classified documents “theft,” not a leak, distinguishing “public-spirited” leakers from “self-serving … thieves.” Spencer Ackerman muses that Teixeira, “leaked for that most ineffable thing, something nonmaterial but nevertheless hyper-real in the logic of the poster, and particularly the right-wing-chud poster: clout.” Charlie Savage suggests something distinguishes this case, legally, from those of everyone else (among a limited subset) who took classified information. Glenn Greenwald has been all over the map, in one breath calling this, “a bullshit leak, despite some relevant docs, the impact of which has been severely overblown from the start,” but then applauding Tucker Carlson’s focus on the altered casualty numbers in Ukraine and Tucker’s claims that even Fox has factchecked as an example of, “the significant revelations these leaks provide.”

Now he’s just making shit up about WaPo and NYT hunting down Teixeira, shit that a quick reading of the arrest affidavit readily debunks, shit that ignores that WaPo’s source(s) for hundreds of still-unpublished documents, at least, are one or more of the Discord chat kids, to whom WaPo has given source protection (that will be utterly meaningless in the face of the subpoenas already served).

A bunch of people who made their careers because a young, narcissistic IT guy stole a shit-ton of records about which he had little personal expertise — some incredibly important, a great many useful only to America’s adversaries — seem to be uncertain what to make of Jack Teixeira, who, early reports at least suggest, is an even younger narcissistic IT guy who stole a smaller shit-ton of records about which he had even less personal expertise, some newsworthy, some useful primarily to America’s adversaries.

We will likely have the rest of Teixeira’s young life to get a better understanding of why he allegedly did what he did, which may well be very different than what he told the kids in the Discord chat rooms about why he did what he did, who in any case are entirely unreliable narrators. But then, they may be no more unreliable, as narrators, than Greenwald is about Edward Snowden, and for a similar reason: because their identity is wrapped up in a certain narrative about this dude.

Since this age of the leak dump started, journalists have been sustaining self-serving stories about what leak dumps really are.

That Ackerman treats Josh Schulte’s hack-and-dump in the same breath as the leak dumps of Chelsea Manning or Edward Snowden, calling Teixeira’s leaks, “something different than the Snowden leaks, Manning leaks or, say, the Vault 7 hack,” is a great example of that. At trial, Schulte didn’t so much claim he was a whistleblower as he was a scapegoat, someone the CIA already hated to blame for an embarrassing compromise. But in his second trial, in the course of representing himself, he performed precisely what the government said he was: a narcissistic coder — KingJosh, he called himself — exacting revenge for the escalating personnel problems he caused after his manager moved his desk. “I think you are playing into the government’s theory of the case,” Judge Jesse Furman warned in a sidebar during Schulte’s cross-examination of a former supervisor, “by making clear to the jury that even today you remain aggrieved by you as being mistreated.”

Vault 7 was not a noble leak. It was an epic act of nihilism. A man-boy retaliating because he couldn’t get his way at work.

And except for security researchers in the business of attributing CIA hacks, the Vault 7 files weren’t all that newsworthy, either — though they did give Julian Assange a way to pressure the Trump Administration. Plus, the fate of both the Vault 7 files during the nine months between leak and publication, during a period when Assange was a key part of a Russian influence operation, as well as the Vault 8 source code included in Schulte’s guilty verdict, remains unknown. In a letter attempting to exonerate himself (even while exposing the protected identities of several colleagues), Schulte himself described the value that the source code would have for Russia, particularly during that nine month window before the CIA learned Schulte had hacked them:

So much still unknown, and with potential (yet unconfirmed) link between wikileaks and Russia–Did the Russians have all the tools? How long? It seems very unlikely that an intelligence service would ever leak a nation’s “cyber weapons” as the media calls them. These tools are MUCH more valuable undiscovered by the media or the nation that lost them. Now, you can secretly trace and discover every operation that nation is conducting.

I don’t imagine that these issues were what Ackerman had in mind, when comparing Schulte to Manning and Snowden, but perhaps he should give some thought to why he believes otherwise.

Meanwhile, Marjorie Taylor Greene is already creating a heroic myth about Teixeira not all that dissimilar from the myths WikiLeaks spun about Schulte that Ackerman appears to still believe.

Maybe, like Chelsea Manning, a struggle with his own demons made Teixeira more apt to leverage classified records to win the adulation of a bunch of teenagers. Or maybe, like Schulte, he really is the racist shithole he sounds like.

Or both.

We may never learn how much damage these leaks did such that we could adequately balance their value against their cost. We will undoubtedly get inflammatory claims from prosecutors if Teixeira is ever sentenced, which may or may not be backed by some damage assessment that will get declassified in a decade or three.

Because it’ll be some time before we really understand this guy, because journalists seem to be struggling to understand how to treat him, I thought it worthwhile to lay out some lessons I have learned from covering leak-dumps for 15 years, lessons that have resulted in a radically different view than the Manichean belief in good dumps or bad dumps others have.

Leak dumps don’t care about all that.

In what follows, I’m not questioning the value of (some) of Snowden’s and Manning’s leaks. I’m saying that some of the people most closely involved haven’t taken a step back, in the decade since, to see what we’ve learned since, including some things these celebrated leakers have in common with what we know, so far, of Teixeira.

It’s worth distinguishing leaks from people knowledgable about what they’re leaking

Those who’ve worked on past leak dumps like to compare the leakers with Daniel Ellsberg, a comparison Ellsberg has welcomed.

But for most, there’s something that clearly distinguishes this later group of leakers: many don’t have expertise on the specific files they’re leaking.

Indeed, several of these leakers obtained new jobs while they were already contemplating leaking (or, in Snowden’s case, long after he had started collecting documents to leak). Several took files entirely unrelated to their jobs.

By comparison, Ellsberg was a PhD who leaked the Rand study he worked on himself.

To the extent that prior leak dumpers leaked files they didn’t have specific reason to want to expose, they often did so out of a generalized malaise, usually stemming from America’s war on terror policies. While I think Manning and Daniel Hale’s reaction to the war on terror was just and righteous, and while Teixeira thus far seems like a badly misguided conspiracy theorist, the type of motivation, a general malaise about American conduct, may not be that dissimilar.

Similarly, Teixeira clearly doesn’t have the knowledge or maturity to make an ethical decision to leak these documents. But it’s not clear some of his predecessors did either.

False claims about authentic documents are still false claims

Over the years, Greenwald and others — most recently #MattyDickPics Taibbi — have completely collapsed the distinction between “true” and “authentic.” There’s a good deal of Snowden reporting, for example, that remains uncorrected. Ackerman even repeated one such error, from the Guardian’s report on PRISM, in his 2021 book — “the NSA could conduct what internal documents described as ‘legally-compelled collection’ from the servers—the exact form of access remains unknown”—of PRISM participants. [my emphasis] This description of getting data directly from tech companies’ servers came from a guy who was overselling the program, effectively a Deep State hypester snookering civil libertarian journalists to buy into his hype.

As Bart Gellman described in his own book, not only was the direct access misleading, but it distracted from the more important policy points of the Section 702 collection.

Companies that had declined to comment in advance, or had said nothing of substance, now issued categorical denials that any U.S. agency had “direct access” to their servers. I scrambled to reconcile those statements with the NSA program manager’s explicit words—repeated twice—in the authoritative PRISM overview. Later that night I found a clue in another document from the Snowden archive. There, in a description of a precursor to PRISM, I found a variation on Rick’s formula. “For Internet content selectors, collection managers sent content tasking instructions directly to equipment installed at company-controlled locations,” it said. That sounded as though the U.S. government black box was on company property but might not touch the servers themselves. I updated my story to disclose the conflicting information and the new evidence.

[snip]

The “direct access” question became a big distraction, rightly essential to the companies but not so much to the core questions of public policy.”

The Snowden reporters were under a real time crunch and unbelievable security pressure to report, so have a good excuse, but others don’t.

#MattyDickPics blithely started reporting on Twitter without first bothering to get the least understanding of what he was looking at and he still has never gotten records showing what requests Trump made of Twitter, the only thing close to real censorship in question. Yet because he has some screen caps to wave around, vast swaths of people believe his false claims.

The same is true of the “laptop.” Virtually the entire Republican Party has refused to distinguish between authentic emails on a hard drive allegedly obtained from a Hunter Biden laptop, and the authenticity of the laptop itself, even after people in Rudy’s orbit started altering that hard drive. To say nothing of whether provably authentic emails say what the GOP breathlessly claims they do, which so far, they have not.

As noted, Tucker has already magnified (with Greenwald applauding) two of the false claims about the documents that Teixeira released: the doctored casualty numbers put out by Russia, and misrepresentations about the role of Special Operations forces in Ukraine, which have been debunked by the same Fox News reporter that Tucker tried to get fired one of the previous times she corrected the network’s false claims.

Notably, I think one thing that is contributing to more accurate reporting based on these files is more hesitation from responsible outlets to publish or magnify the files themselves, while still using them as a basis for stories, though as WaPo races to beat its competitors that may be changing.

Documents can serve to distract

And that’s because authentic documents have, from the start of these leak dumps, often served to distract attention from the actual content.

As I noted the other day, FBI’s cooperating troll witness in the Douglass Mackey trial, Microchip, described unashamedly how the trolls ensuring the John Podesta emails would go viral in the last weeks of the 2016 election knew there was no there, there. But they also knew that so long as they could invent some kind of controversy out of them, they could suck the air out of substantive political coverage.

Q What was it about Podesta’s emails that you were sharing?

A That’s a good question.

So Podesta ‘s emails didn’t, in my opinion, have anything in particularly weird or strange about them, but my talent is to make things weird and strange so that there is a controversy. So I would take those emails and spin off other stories about the emails for the sole purpose of disparaging Hillary Clinton.

T[y]ing John Podesta to those emails, coming up with stories that had nothing to do with the emails but, you know, maybe had something to do with conspiracies of the day, and then his reputation would bleed over to Hillary Clinton, and then, because he was working for a campaign, Hillary Clinton would be disparaged.

Q So you’re essentially creating the appearance of some controversy or conspiracy associated with his emails and sharing that far and wide.

A That’s right.

Q Did you believe that what you were tweeting was true?

A No, and I didn’t care.

Q Did you fact- check any of it?

A No.

Q And so what was the ultimate purpose of that? What was your goal?

A To cause as much chaos as possible so that that would bleed over to Hillary Clinton and diminish her chance of winning.

In this model — the exact model adopted by the Twitter Files (and, frankly, virtually all of Trump’s tweets) — the actual documents themselves are just a hook for viral dissemination of the false claims made about the documents, just like most of the Twitter Files are.

Microchip even admitted that disinformation can increase buzz.

Q As you sit here today, back in that time period, did you like to get a rise out of people?

A Sure, yeah.

Q And that’s one of the reasons you posted things on Twitter; correct?

A Correct.

Q Was it your belief back then that disinformation increases buzz? A Um, disinformation sometimes does increase buzz, yes.

The claims about the documents don’t work like truth claims do; instead, they serve to short-circuit rational thought, making it far easier to believe conspiracy theories or intentional disinformation.

We’re seeing some of that now from the disinformation crowd, starting with Tucker and Greenwald.

You can’t always tell who is in a chat room

The Discord kids told WaPo there were “roughly two dozen” active members of the Discord chat room where Teixeira allegedly first released the documents, about half of whom were overseas, including in Ukraine and elsewhere in post-Soviet countries.

Of the roughly 25 active members who had access to the bear-vs-pig channel, about half were located overseas, the member said. The ones who seemed most interested in the classified material claimed to be from mostly “Eastern Bloc and those post-Soviet countries,” he said. “The Ukrainians had interest as well,” which the member chalked up to interest in the war ravaging their homeland.

But the affidavit to search Teixeira’s house says there were twice that many members, approximately 50. WSJ reports that the group was more pro-Russian than the Discord kids have thus far admitted. So while initial reports suggest this was not espionage, it’s far too early to tell either what Teixeira’s motive was or whether he was cultivated by someone else in his server, encouraged to leak certain kinds of documents just as Chelsea Manning was encouraged to seek out certain things over a decade ago.

That’s why I harped on this earlier: I’ve learned, both stuff that’s public and not, about how easily sophisticated actors can manipulate precisely the kinds of people, usually young men, who inhabit these kinds of chat rooms.

Foreign intelligence services have been searching out these opportunities, eliciting both criminal hacking and leaks, for at least a decade.

For example, the LulzSec hackers knew there were Russians in their chat rooms, but didn’t much care. But it might explain why some documents hacked as part of the Syria Leaks that would be particularly damaging to Russia never got published by WikiLeaks, even though multiple sets of the documents were shared with the outlet.

Even the FBI, with subpoena power, may have troubles identifying everyone who participated in a chat room. And if the FBI can’t do it, the teenagers involved likely can’t either. That’s especially true as operational security increases. Which means they may have no idea who they were really talking to, no matter what they tell the WaPo and FBI.

So while Teixeira paid for with this server with his own credit card, it has been shut down long enough that FBI may never be able to figure out who else was in the chat room, much less their real identity. So we may never know what happened before someone decided to ruin their lives by leaking documents with what inevitably will be inadequate operational security.

Which, in the case of Teixeira’s leaks, means we may not know all the people who got advance access to documents months before their publication on Twitter and Telegram alerted the IC about them, to say nothing of whether those people were nudging Teixeira for certain kinds of leaks.

No one controls what happens with dump leaks

Back in 2021, former Principal Deputy Director of National Intelligence Sue Gordon and former DOD Chief of Staff Eric Rosenbach seemingly confirmed that the files released by Shadow Brokers in 2016 and 2017 were obtained after two NSA employees, Nghia Pho and Hal Martin, brought them home from work; there’s no evidence that Pho, at least, ever tried to share them and no proof Martin did either.

In two separate incidents, employees of an NSA unit that was then known as the Office of Tailored Access Operations—an outfit that conducts the agency’s most sensitive cybersurveillance operations—removed extremely powerful tools from top-secret NSA networks and, incredibly, took them home. Eventually, the Shadow Brokers—a mysterious hacking group with ties to Russian intelligence services—got their hands on some of the NSA tools and released them on the Internet. As one former TAO employee told The Washington Post, these were “the keys to the kingdom”—digital tools that would “undermine the security of a lot of major government and corporate networks both here and abroad.”

If that’s right, it means the last most damaging leak to DOD wasn’t intentionally leaked at all, which makes it not dissimilar from the way that Teixeira reportedly intended just to share it with the guys in his Discord server. It was exfiltrated from NSA’s secure servers by employees (in Pho’s case, purportedly for work reasons), then stolen, then released.

In the wake of that discovery, DOJ seems to have started pushing to hold leakers accountable for the unintended consequences of their leaks. In a declaration accompanying Terry Albury’s sentencing, for example, Bill Priestap raised the concern that by loading some of the files onto an Internet-accessible computer, Albury could have made them available to entities he had no intention of sharing them with.

The defendant had placed certain of these materials on a personal computing device that connects to the Internet, which creates additional concerns that the information has been or will be transmitted or acquired by individuals or groups not entitled to receive it.

But it’s a lesson journalists don’t take seriously, except (in most cases) their own operational security. What happened to the source code of CIA hacking tools Schulte took? What happened to the damning files on Russia from the Syria leaks? Did Chelsea Manning envision the State cables she leaked would be shared with someone like Israel Shamir, who reportedly shared them, in turn, with Alexander Lukashenko’s regime in advance — the same kind of advance knowledge that Schulte himself reflected on?

Even the laudable, distinguishing aspect of Snowden’s leaks, that he gave them to journalists to determine what was in the public interest (an approach he abandoned when he described CIA infrastructure in his own book), is a double-edged sword. He made multiple copies of his files — most of which weren’t in the public interest — and handed the files to others, including at least one person, Greenwald, that Snowden knew had started out with epically shitty OpSec. We would never know if someone got some the Snowden files as a result unless, like Shadow Brokers or Teixeira’s leaks, someone started sharing them openly on Telegram.

The damage assessment and the reporting goes on

We are nine days into the public part of this leak and, thanks to WaPo reporters’ success at befriending the Discord kids, WaPo has obtained hundreds of otherwise unpublished documents. In addition to about eight background stories on the leaks and charges against Teixeira, WaPo currently has Discord Leak stories on: Taiwan’s military vulnerability, China’s surveillance balloonsSurveillance on Mexican cartels. There’s nothing that makes WaPo’s reporting more or less credible, more or less honorable, because Teixeira released these to show off to his buddies (if that is why he released them).

The Discord Leaks are a leak dump. They may have more in common with past leak dumps than a lot of past leak dump journalists would like to admit. Importantly, no matter what journalists would like to tell themselves, Teixeira’s motive, if he is the source, will have virtually no impact on the damage he does to US national security or the value those documents offer to the public good, both of which will be driven by the content of the documents and the details of any advance notice adversaries may have gotten.

And legally, Teixeira is going to be treated just like Chelsea Manning and Josh Schulte — which is to say, harshly, unless he decides to flip before prosecutors can build charges on another twenty documents and has information of value to prosecutors. That’s not surprising in the least. But — short of proving he knowingly shared these documents with an agent of a foreign power — nor will it be tied to his motive.

Leak dumps don’t care about motive.

Update: PwnAllTheThings’ analysis of the damage caused by the Discord leaks is worth reading. Along with noting that at least one human source has been put in danger by these leaks (as well as a bunch of SIGINT collection), he describes how these releases could have gotten a bunch of Ukrainians killed.

We don’t know yet if Teixeira wanted lots of Ukrainians to die as a result of his leak. But we definitely know he didn’t care if they did, and they certainly had the potential to cause colossal amounts of death—both military and civilian—in Ukraine, even if that huge potential was never fully realized.

“Wink:” Where Jeff Gerth’s “No There, There” in the Russian Investigation Went

/32 Comments/in , , /by

On July 28, 2017, Robert Mueller’s investigators served two warrants on the company (probably Rackspace) that hosted Paul Manafort’s DMP emails to obtain Manafort, Rick Gates, and Konstantin Kilimnik’s company emails.

Mueller obtained several things with that warrant that remain unresolved. Those are just some of the many things about the Russian investigation — the one Jeff Gerth claims had no there, there — that remain unanswered, four years after Mueller closed up shop.

Manafort’s lies about the plan to carve up Ukraine

One thing Mueller obtained with that warrant would have been an email Manafort sent Konstantin Kilimnik on April 11, 2016, “How do we get whole” with Oleg Deripaska, Manafort asked. The email showed that Manafort was using his position as the “free” campaign manager for Donald Trump to fix his legal and financial woes.

Another was an email Kilimnik wrote, but did not send, on December 8, 2016, but which Manafort knew to and did read, a “foldering” technique to prevent interception also used by terrorists. The email referenced a plan to carve up Ukraine that Kilimnik had first pitched to Manafort on August 2, 2016.

Russians at the very top level are in principle not against this plan and will work with the BG to start the process of uniting DNR and LNR into one entity, with security issues resolved (i.e. Russian troops withdrawn, radical criminal elements eliminated). The rest will be done by the BG and his people.

[snip]

All that is required to start the process is a very minor ‘wink’ (or slight push) from DT saying ‘he wants peace in Ukraine and Donbass [sic] back in Ukraine’ and a decision to be a ‘special representative’ and manage this process.

The email — and a text Kilimnik sent around the same time — talked about “recreating old friendship” with Deripaska at an in-person meeting. Less than a month later, Manafort flew to Madrid and met with a different Deripaska associate.

Six years later, we don’t know the fate of Manafort’s efforts to “get whole” with Deripaska, to recreate that old friendship.

It’s something that Manafort promised to tell Mueller’s prosecutors on September 13, 2018, when he entered into a plea agreement that averted a damaging trial during the election season. But it’s something that, Judge Amy Berman Jackson found, Manafort lied to hide from prosecutors in the ensuing weeks. We know that the last thing on Manafort’s schedule before he met with Kilimnik on August 2, 2016 was a meeting with Trump and Rudy Giuliani. We know that during the period when Manafort was lying to hide what happened with this plan to carve up Ukraine, his lawyer was speaking regularly with Trump’s lawyer, Rudy Giuliani. We know that during the period when Rudy Giuliani was seeking campaign assistance from Ukraine, he was consulting with Manafort. We know that Trump tried to coerce Volodymyr Zelenskyy to enter into a quid pro quo on July 25, 2019, but was caught by a whistleblower. We know that Bill Barr went to extraordinary lengths to protect Rudy Giuliani from any consequences for his dalliance with Russian agents in Ukraine.

We know that on December 24, 2020, Donald Trump pardoned Manafort, rewarding him for his lies. Yesterday, a judge in Florida approved a $3 million fine to settle Manafort’s failure to reveal the money he earned from working in Ukraine, money Manafort got to keep as a result of Trump’s pardon.

SDNY alleges that even as Manafort was lying about his plans with Kilimnik in September 2018, a different Deripaska associate was cultivating recently retired FBI Special Agent in Charge Charles McGonigal, someone who could tell him about what DOJ was learning (or not learning) from Manafort. We know that Seth DuCharme, who played a key role in Barr’s efforts to protect Rudy, now represents McGonigal.

We know that after Trump’s efforts to exploit dirt from Ukraine failed and Joe Biden became President, Russia expanded its invasion of Ukraine, trying to achieve by force what it attempted to achieve by coercing Trump’s “free” campaign manager and his personal attorney.

When I wrote the last installment of my series demonstrating the false claims about “Russiagate” made by Jeff Gerth, I wrote a long passage (included below) that showed what Mueller was discovering in August 2017, a period when Gerth falsely claimed prosecutors had determined there was “no there, there” to Trump’s ties to Russia.

There was not only a lot there, where Gerth never bothered to look. In fact, the “there, there” remains unresolved and raw, six years later.

The investment in Michael Cohen

Take the investigation into Michael Cohen. One thing Mueller would discover in August 2017 is that Trump Organization was not fully complying with subpoenas, at least not subpoenas from Congress. As I noted in my piece, Mueller almost certainly obtained an email with an August 1, 2017 warrant that showed Michael Cohen had direct contact with the Kremlin during the campaign. The email also showed, Mueller would learn once Felix Sater and Cohen began to explain this to investigators, that Cohen and Trump were willing to do business with a former GRU officer and sanctioned banks in pursuit of an impossibly lucrative real estate deal in Moscow. The email obtained in August 2017 was proof that Trump was publicly lying about his ongoing pursuit of business in Russia. And for two more years, Trump kept that secret from the American public. That entire time, Russia knew he was lying to the American people. Russia knew, the American public did not.

Mueller got that email by asking Microsoft, not Trump Organization, for the email. But shortly after Mueller did so, Microsoft made it far harder to obtained enterprise emails without notifying Microsoft’s client. There are other questions about missing records — such as a letter Trump sent to then Deputy Prime Minister Sergei Prikhodko — that might have been answered with more records from Trump Organization.

There’s also the matter of the big infusion of money — more than $400,000 over the course of a few months — that Cohen got from a Columbus Nova, in investment fund controlled by Russian oligarch Viktor Vekselberg. Mueller investigated whether the money had some tie to the different Ukrainian peace deal that Felix Sater got Cohen to bring to the White House.

It didn’t. As Cohen explained to Mueller in 2018, he got the money to explain how Trump worked to Andrew Intrater, who claimed to be looking to spend money on an infrastructure project in the US.

The pitch was to assist in Columbus Nova’s infrastructure fund. [redacted] invests in several different areas. At the time, there were discussions of significant foreign investment interest dedicated to U.S. infrastructure.

[snip]

In Cohen’s discussions with [Intrater] Cohen did not provide any non-public information. Cohen was not selling non-public information. Cohen could assist [Intrater] because Cohen understood Trump and what Trump was looking for.

But the payment, while legal, remains dodgy as hell.

Republicans, certainly, don’t want to talk about it. When Mark Meadows accused Cohen of omitting his contracts with foreign companies at his 2019 testimony before the Oversight Committee, Trump’s future Chief of Staff made no mention of Columbus Nova.

Mr. MEADOWS. Mr. Cohen, I’m going to come back to the question I asked before, with regards to your false statement that you submitted to Congress. On here, it was very clear, that it asked for contracts with foreign entities over the last two years. Have you had any foreign contract with foreign entities, whether it’s Novartis or the Korean airline or Kazakhstan BTA Bank? Your testimony earlier said that you had contracts with them. In fact, you went into detail——

Mr. COHEN. I believe it talks about lobbying. I did no lobbying. On top of that they are not government——

Mr. MEADOWS. In your testimony — I’m not asking about lobbying, Mr. Cohen.

Mr. COHEN. They are not government agencies. They are privately and——

Mr. MEADOWS. Do you have—do you have foreign contracts——

Mr. COHEN [continuing]. publicly traded companies.

Nor did Republicans include Nova in the FARA referral they sent to DOJ.

But Viktor Vekselberg was among the oligarchs Treasury would sanction in in 2018, along with Deripaska and Alexandr Torshin, and he was among the first people hit with expanded sanctions last year, after the invasion.

A December 2018 article about those payments to Cohen and the sanctions against Vekselberg was likely the article that Vekselberg associate Vladimir Voronchenko was sharing in 2018, which was cited as proof he knew of the sanctions, in his indictment for maintaining Vekselberg’s US properties in his own name after Vekselberg was sanctioned. Today, the government started the process of seizing Vekselberg’s US properties.

And questions about whether Vekselberg is influencing politics through his cousin, Intrater, have been renewed amid disclosures about Intrater’s big funding for the imposter Congressman George Santos.

“Sort of a spy deal going on”

Then there’s the matter of Julian Assange, whose extradition remains hung up at the final approval stage.

When Candace Owens confronted Trump about why he didn’t pardon Assange last year, he got really defensive, folding his arms. He explained, seemingly referring to Assange and probably referencing the Vault 7 and Vault 8 releases of stolen CIA hacking tools, “in one case, you have sort of a spy deal going on … there were some spying things, and there were some bad things released that really set us back and really hurt us with what they did.”

But Twitter DMs Mueller obtained with the first August 2017 warrant targeting Roger Stone showed that, in the wake of Mike Pompeo’s designation of WikiLeaks as a non-state intelligence service in the wake of that release, Stone and Assange discussed a pardon. On June 4, 2017, Stone said, “I don’t know of any crime you need to be pardoned for.” On June 10, Stone told Assange, “I am doing everything possible to address the issues at the highest level of government.”

Nine days later, on June 19, 2017, Trump ordered Corey Lewandowski to order Jeff Sessions to limit the investigation to prospective meddling from Russian, an order that — had Lewandowski obeyed — would have had the effect of shutting down the entire investigation, including that into Assange’s role in the hack-and-leak.

Texts obtained from Stone much later would show that he and Randy Credico discussed asylum for Assange on October 3, 2016 — before WikiLeaks started releasing the John Podesta emails.

And Credico had set Stone up to discuss the pardon with Margaret Kunstler by November 15, 2016.

Stone claimed to be pursuing a pardon for Assange at least through early 2018. It was only after Mueller asked Trump about such pardon discussions in September 2018 that Don Jr’s close friend Arthur Schwartz told Cassandra Fairbanks the pardon wouldn’t happen.

Those pardon discussions are just one of the things that Stone held over Trump’s head to ensure he’d never do prison time.

Stone kept a notebook of all the conversations he had with Trump during the 2016 election. He may have brought it with him to a meeting he had with Trump in December 2016.

After the win, STONE tried a full court press in order to get a meeting with TRUMP. [redacted] eventually set up a meeting with TRUMP and STONE in early December 2016 on the 26th floor of Trump Tower. TRUMP didn’t want to take the meeting with STONE. TRUMP told BANNON to be in the meeting and that after 5 minutes, if the meeting hadn’t concluded, to throw STONE out. STONE came in with a book he wrote and possibly had a folder and notes. [full sentence redacted] TRUMP didn’t say much to STONE beyond “Thanks, thanks a lot.”. To BANNON, this reinforced STONE [redacted] After five to six minutes, the meeting was over and STONE was out. STONE was [redacted] due to the fact that during the meeting TRUMP just stared.

After Stone was convicted of lying to cover up the real nature of his contacts with Russia during the election, he lobbied for a pardon by claiming, repeatedly and publicly, that prosecutors offered him a deal if he would reveal the content of the phone conversations he had with Trump during the election.

On December 23, 2020, Stone got that pardon. Four days later, Stone and Trump spoke about January 6 at Mar-a-Lago. That same day, also at Mar-a-Lago, Kimberly Guilfoyle, started the planning for Trump to speak (at that point, the plan included a march to the Capitol).

Earlier this month, DOJ included Stone’s contacts with Proud Boy Dan Scott at a January 3 Florida rally in Scott’s statement of offense for attempting to obstruct the January 6 vote certification. It included Stone’s ties to various Oath Keepers as part of the proof DOJ used to prosecute Stewart Rhodes of sedition.

“The boss is aware”

It took an extra week for prosecutors in the Mike Flynn case to get approval for his sentencing memo in early 2020. So senior officials at DOJ had to have approved of the explanation of why Flynn’s lies about calling the Russian Ambassador to undermine Obama’s sanctions on Russia were serious. “Any effort to undermine the recently imposed sanctions, which were enacted to punish the Russian government for interfering in the 2016 election,” the memo explained, “could have been evidence of links or coordination between the Trump Campaign and Russia.”

From the time that Mueller’s team obtained KT McFarland’s transition device and email on August 25, 2017, they had reason to believe Flynn’s calls with the Russian Ambassador were a group affair, not (as Trump had claimed) simply Flynn’s doing. McFarland’s emails showed that before Flynn called Kislyak, he had received an email from Tom Bossert reporting on what Lisa Monaco told him about Russia’s response to the sanctions, immediately after which he spoke to McFarland from his hotel phone for 11 minutes.

Mueller came pretty close to concluding that was why Flynn intervened with the Russian Ambassador, too. “Some evidence suggests that the President knew about the existence and content of Flynn’s calls when they occurred,” the Mueller Report explained in laying out reasons why Trump might have wanted to fire Jim Comey. “[B]ut the evidence is inconclusive and could not be relied upon to establish the President’s knowledge.” That’s because, after first denying that such calls happened at all, KT McFarland ultimately claimed not to remember telling Trump about the calls and Steve Bannon claimed not to remember discussing it with Flynn.

That was the conclusion Mueller reached in early 2019, a conclusion that already didn’t account for the fact that Flynn called the Russian Ambassador from a hotel phone, not his cell, or that he admitted that he and McFarland had deliberately written a text to cover up the contact. But the following year, in his effort to protect Trump, Bill Barr and other Republicans made available multiple pieces of evidence that make Trump’s knowledge of Flynn’s contacts more clear.

For example, after the House Intelligence Committee transcripts came out in 2020, it became clear that the White House had used Steve Bannon’s two appearances, with the assistance of Devin Nunes, to script certain answers. One of those answers denied continuing to discuss how to end sanctions against Russia after the inauguration. That scripting process happened between the time Flynn pled guilty and the time Bannon first denied remembering knowing of the sanctions discussion. Effectively, the White House scripted Bannon to deny knowledge of those sanction discussions in December 2016.

Then, in September 2020, as part of his efforts to justify overturning the prosecution of Flynn, Barr released the interview report from FBI agent Bill Barnett, who reportedly sent pro Trump texts on his FBI issued phone. It described how, after refusing to take part in that part of the Flynn investigation four different times, he nevertheless, “decided to work at the SCO hoping his perspective would keep them from ‘group think.'” He described being told that “was the only person who believed MCFARLAND was not holding back the information about TRUMP’s knowledge of [the sanction discussions].” He then asked a series of questions that would provide space for a denial: “BARNETT asked questions such as ‘Do you know that as a fact or are you speculating?’ and ‘Did you pass information from TRUMP to FLYNN?'”

Importantly, Barnett claimed it was “astro projection” that Trump directed Flynn’s contacts with the Ambassador.

He said that even after John Ratcliffe declassified the evidence that Mueller could never have used in the investigation, but which proved it wasn’t projection at all: the transcripts of Flynn’s calls with then-Ambassador Kislyak. They reveal that in the call on December 31, 2016, which Kislyak made to tell Flynn that “our conversation was also taken into account in Moscow” when Putin decided not to retaliate against the US for its sanctions, Flynn told Kislyak that “the boss is aware” of a plan to speak the day after Trump would be inaugurated. That would only be possible had Flynn either told Trump directly or had McFarland passed it along.

Once Barr came in, Flynn attempted to unwind all the things he had said to Mueller, directly contradicting multiple sworn statements. Just weeks after DOJ noted the centrality of Flynn’s lies to the question of whether Trump attempted to reverse sanctions just after Russia helped get him elected, Barr, too, joined the process of attempting to reverse the impact of the things Flynn had admitted to under oath. That effort extended to introducing notes with added, incorrect dates that Trump used in an effort to blame Biden for the investigation into Flynn. “We caught you,” Trump claimed to Biden in a prepared debate attack about the investigation that showed how his team first contacted Obama’s team to learn what they knew of the Russian response to sanctions, minutes before they called Russia to undermine those sanctions.

On November 25, Trump pardoned Flynn not just for his lies about the calls to the Russian Ambassador and working for Türkiye, but for any lies he told during the period he was reneging on his plea agreement. That same week, Flynn and Sidney Powell were in South Carolina together plotting ways to undermine Joe Biden’s election. Three weeks later, they would pitch Trump on a plan to seize the voting machines so he could stay in office.

When Bill Barr wrote his corrupt memo claiming there was no evidence that Trump obstructed the Mueller investigation, he was silent about the topic he had admitted, three times, would amount to obstruction: those pardon dangles. Those pardons aren’t just proof that Trump obstructed the investigation, stripping prosecutors of the leverage they might use to get Paul Manafort, Roger Stone, and Mike Flynn to tell the truth. But they’re also some of the most compelling proof that the secrets Stone and Manafort kept would have confirmed the suspicions that Trump coordinated with Russia in an attack on US democracy.

Update, 3/14: Corrected that Mueller closed up shop four years ago, not three. Time flies!

Links

CJR’s Error at Word 18

The Blind Spots of CJR’s “Russiagate” [sic] Narrative

Jeff Gerth’s Undisclosed Dissemination of Russian Intelligence Product

Jeff Gerth Declares No There, Where He Never Checked

“Wink:” Where Jeff Gerth’s “No There, There” in the Russian Investigation Went

My own disclosure statement

An attempted reconstruction of the articles Gerth includes in his inquiry

A list of the questions I sent to CJR

Just days earlier, on July 28, 2017, DOJ had already established probable cause to arrest George Papadopoulos for false statements and obstructing the investigation. His FBI interviews in the days after August 2 would go to the core questions of the campaign’s knowledge and encouragement of Russia’s interference. On August 11, Papadopoulos described, but then backed off certainty about, a memory of Sam Clovis getting upset when Papadopoulos told Clovis “they,” the Russians, have Hillary’s emails. On August 19, Papadopoulos professed to be unable to explain what his own notes planning a September 2016 meeting in London with the “Office of Putin” meant.

The investigation into Paul Manafort, too, was only beginning to take steps that would reveal suspect ties to Russia. Also on July 28, for example, DOJ obtained the first known warrant including conspiracy among the charges under investigation, and the first known warrant listing the June 9 meeting within the scope of the investigation. On August 17, DOJ would show probable cause to obtain emails from Manafort’s business involving ManafortGates, and Konstantin Kilimnik that would (among other things) show damning messages sent between Manafort and Kilimnik using the foldering technique, likely including Manafort’s sustained involvement in a plan to carve up Ukraine that started on August 2, 2016 (which Gerth omits from his description of that meeting).

Similarly, Mueller was still collecting evidence explaining why Flynn might have lied about his calls with Sergey Kislyak. On August 25, Mueller obtained a probable cause warrant to access devices owned by the GSA showing that Flynn had coordinated his calls with other transition officials, including those with Trump at Mar-a-Lago, when he called Kislyak to undermine Obama’s sanctions against Russia.

Plus, Mueller was just beginning to investigate at least two Trump associates that Rosenstein would include in an expanded scope in October 2017. On July 18, Mueller would obtain a probable cause warrant that built off Suspicious Activity Reports submitted to Treasury. That first known warrant targeting Michael Cohen never mentioned the long-debunked allegations about Cohen in the Steele dossier. Instead, the warrant affidavit would cite five deposits in the first five months of 2017 from Viktor Vekselberg’s Renova Group, totaling over $400K, $300K in payments from Korean Aerospace Industries, and almost $200K from Novartis, all of which conflicted with Cohen’s claim that the bank account in question would focus on domestic clients. On August 1, Mueller would obtain a probable cause warrant for Cohen’s Trump Organization emails from Microsoft. Mueller did so using a loophole that Microsoft would sue to close shortly afterwards, a move which likely stymied the investigation into a suspected $10 million donation to Trump, via an Egyptian bank, that kept him in the race in September 2016. That warrant for Trump Organization emails likely obtained Cohen’s January 2016 contact with the Kremlin – the one not turned over, to Congress at least, in response to a subpoena – a contact that Cohen would lie to Congress about four week later.

On August 7, Mueller used a probable cause warrant to obtain Roger Stone’s Twitter content, which revealed a mid-October 2016 exchange with WikiLeaks that disproved the rat-fucker’s public claims that he had never communicated with WikiLeaks during the campaign (a fact that Gerth gets wrong in the less than 1% of his series he dedicates to Stone). It also revealed that the day after the election, WikiLeaks assured Stone via DM that “we are now more free to communicate.” Those communications would, in one week (the subsequent investigation showed), turn into pardon discussions, which provides important background to the June 2017 Twitter DMs Stone had with Julian Assange, obtained with that August warrant, about “doing everything possible to address [Assange’s] issues at the highest level of Government.”

SDNY Calls DOJ’s Definition of the Espionage Act an “Academic Interest”

/19 Comments/in , , /by

DOJ has now responded to my intervention in the Joshua Schulte case. Presumably because my motion, written by Kel McClanahan, focused on how flimsy the government’s claim to keep transcripts of a CIPA conference hidden, the government’s response pitches this as exclusively a CIPA battle. It’s totally a reasonable legal stance.

But along the way, in apparent effort to distract from the topic at issue — in part, the application of the Espionage Act to journalism — SDNY suggests it is just an academic interest whether DOJ would charge someone for sharing classified information already published by the NYT.

The mere fact that someone would like to know information is not a part of the right-of-access analysis, however, and the Government’s motion should be granted.

[snip]

Intervenor’s desire to speculate as to the potential application of the Government’s articulation of the elements of an offense to other circumstances has no bearing on the ability of the public to monitor or assess the actual rulings of the Court in the CIPA § 6 hearings to which Intervenor demands access.

[snip]

[T]he question is not whether redacted transcripts are coherent as a matter of language or whether they might be relevant to Intervenor’s academic interest.

I’m the intervenor here, not McClanahan (who is a professor on national security law at GW Law). I need to know this stuff not just to cover WikiLeaks (I’m more of an expert than the expert SDNY relied on in the first trial, Paul Rosenzweig), but also to understand my own exposure as a journalist.

Not once in the filing does the government use the words “Espionage Act.” Not once does DOJ mention “journalist.” Not once does it mention the NY Times, the hypothetical that DOJ is attempting to hide, which (as Judge Jesse Furman described in a court hearing) is this:

I gave you two hypotheticals. I think one is where a member of the public goes on WikiLeaks today and downloads Vault 7 and Vault 8 and then provides the hard dive with the download to someone who is not authorized to receive NDI, and I posed the question of whether that person would be guilty of violating the Espionage Act and I think your answer was yes. That strikes me as a very bold, kind of striking proposition because in that instance, if the person is not in a position to know whether it is actual classified information, actual government information, accurate information, etc., simply providing something that’s already public to another person doesn’t strike me as — I mean, strikes me as, number one, would be sort of surprising if that qualified as a criminal act. But, to the extent that the statute could be construed to the extend to that act one would think that there might be serious constitutional problems with it.

I also posed the hypothetical of the New York Times is publishing something that appears in the leak and somebody sharing that article in the New York Times with someone else. That would be a crime and there, too, I think you said it might well be violation of the law. I think to the extent that that would extend to the New York Times reporter for reporting on what is in the leak, or to the extent that it would extend to someone who is not in position to know or position to confirm, that raises serious constitutional doubts in my mind. That, to me, is distinguishable from somebody who is in a position to know. I think there is a distinction if that person transmits a New York Times article containing classified information and in that transmission does something that confirms that that information is accurate — right — or reliable or government information, then that’s confirmation, it strikes me, as NDI. But it just strikes me as a very bold and kind of striking proposition to say that somebody, who is not in position to know or does not act in a way that would confirm the authenticity or reliability of that information by sharing a New York Times article, could be violating the Espionage Act. That strikes me as a kind of striking proposition.

The government is no doubt exploiting the emphasis in my filing, but the notion that whether I can be charged for doing journalism is not an academic interest! It’s not just that there is an acute interest, amid the Julian Assange extradition proceedings, to know the government’s thinking about the Espionage Act, it goes to the chilling effect of not knowing what I can safely publish in the course of doing my job. I don’t have the luxury of “speculating” about the application of the Espionage Act, because if I guess wrong, I could be imprisoned for a decade.

The government wants this to be about CIPA. But the problem is that the government is attempting to hide something that is not classified — the elements of offense for a serious crime that can chill the ability to do journalism — via claims about CIPA.

Third, Intervenor asserts a First Amendment right of access premised on the assertion that “the Government present[ed] legal arguments about elements of the crime itself,” which Intervenor claims both have traditionally been open to the public and are of value to the monitoring of the judicial process. (D.E. 988 at 2). Intervenor’s contention that legal arguments the Government may have advanced at the Section 6 hearings are “something that interested persons in the field should know” (id. at 3) simply “cuts too wide a swath—taken to its extreme, considerations of logic would always validate public access to any judicial document or proceeding.” United States v. Cohen, 366 F. Supp. 3d 612, 631 (S.D.N.Y. 2019). Contrary to Intervenor’s suggestion that discussion of the elements of an offense “stray[s] far from a simple discussion of evidentiary issues” (D.E. 988 at 3), such discussion is integral to virtually any assessment of the relevance and admissibility of evidence, including that occurring in CIPA § 6 hearings, in which courts “look to what elements must be proven under the statute,” United States v. McCorkle, 688 F.3d 518, 521 (8th Cir. 2012); see also United States v. Bailey, 444 U.S. 394, 416 (1980) (describing need to “limit[] evidence in a trial to that directed at the elements of the crime”).

Tellingly, SDNY’s citation of a 2019 District opinion relating to the unsealing of Michael Cohen’s search warrants — which were released with redactions, the desired goal here! — is inapt to the question of whether the government should be able to hide its discussions of how it understands the Espionage Act by claiming that that needs to be protected as classified information.

Considerations of logic also counsel against recognizing a First Amendment right to access search warrant materials. Of course, public access to search warrant materials may promote the integrity of the criminal justice system or judicial proceedings in a generalized sense. United States v. Huntley943 F.Supp.2d 383, 385 (E.D.N.Y. 2013) (remarking that “the light of the press shining into the innards of government is necessary to inhibit violation of the public trust”). But such an argument cuts too wide a swath—taken to its extreme, considerations of logic would always validate public access to any judicial document or proceeding. Cf. Times Mirror Co.873 F.2d at 1213 (rejecting as overbroad the argument that the First Amendment mandates access to any proceeding or document that implicates “self-governance or the integrity of the criminal fact-finding process”); In re Bos. Herald, Inc.321 F.3d at 187 (“In isolation, the [rationale that the public must have a full understanding to serve as an effective check] proves too much—under it, even grand jury proceedings would be public.”). As the Ninth Circuit aptly observed, “[e]very judicial proceeding, indeed every governmental process, arguably benefits from public scrutiny to some degree, in that openness leads to a better-informed citizenry and tends to deter government officials from abusing the powers of government.” Times Mirror Co.873 F.2d at 1213.

Understanding the law is a matter that precedes the media’s scrutiny of whether the government abused the Espionage Act in this case (or in Julian Assange’s). And while the elements of the offense of the Espionage Act does dictate whether evidence would be helpful or not to the defense — the consideration of a CIPA hearing — ultimately this debate was about (and significantly appeared in) jury instructions, the law as applied.

Again, SDNY’s stance seems tactical, a response to our filing’s greater focus on matters of classification than the status of the press. But the outcome — SDNY’s claim that I have the luxury of merely “speculating” about the application of the Espionage Act — is alarmingly arrogant.

I was only able to make this challenge because McClanahan was able and willing to help — and he can only do so through the support of his non-profit. If you believe fights like this are important and have the ability to include it in your year-end donations, please consider supporting  the effort with a donation via this link or PayPal. Thanks!

If a Bear Shits in a Sealed CIPA Conference, Can It Expand the Espionage Act to the NYT’s Readers?

/23 Comments/in /by

On May 3, 2022, Judge Jesse Furman posed two hypotheticals to prosecutors in the Joshua Schulte case about whether the Espionage Act would apply to people who disseminated already public information from the Vault 7/Vault 8 leaks: First, a member of the public, having downloaded publicly-posted CIA hacking materials made available by WikiLeaks, who gave those materials to a third party. Second, someone who passed on information from the Vault 7/8 leaks published by the NYT to a third party. In both cases, the government argued that someone passing on already public information from the leaked files could be guilty of violating the Espionage Act.

At least, it appears that the government argued for this expansive hypothetical application of the Espionage Act, based on what Furman said in a discussion about jury instructions on July 6. I’ve put a longer excerpt of the exchange from the discussion about jury instructions below; here’s how Judge Furman instructed the jury on the matter.

The actual discussion in May took place in a hearing conducted as part of the Classified Information Procedures Act, CIPA, the hearings during which the government and defense argue about what kind of classified information must be declassified for trial (I wrote more about CIPA in this post). Because the discussion happened as part of the CIPA process, the hearing itself is currently sealed.

And the government wants it to stay that way.

Both in a letter motion filed on November 11, postured as an update on the classification review of the transcripts of that hearing, and in a December 5 letter motion Furman ordered the government to file formally asking to keep the transcripts sealed, the government argued that CIPA trumps the public’s right of access to such court records.

CIPA’s mandatory sealing of the records of in camera proceedings conducted pursuant to Section 6 supersedes any common law right of access to those records, and neither history, logic, nor the right of attendance at proceedings support a right of access under the First Amendment.

The earlier letter even explained why it wanted to keep the “extensive colloquies” in these hearings sealed.

Beyond that, the extensive colloquies and the specific issues of law discussed at that hearing would reveal, by itself, the specific type of relief sought by the parties on specific subjects, which would in turn provide significant indications about what classified information was at issue, prompting undue speculation that would undermine national security interests.

But this specific issue of law, whether journalists or their readers have legal exposure under the Espionage Act for reporting on leaked, classified material, is not secret. Nor should it be.

That’s why, with the support of National Security Counselors’ Kel McClanahan, I’m intervening in the case to oppose the government’s bid to keep the May 3 and other transcripts sealed. How the government applies the Espionage Act to people who haven’t entered into a Non-Disclosure Agreement with the government to keep those secrets has been a pressing issue for years, made all the more so by the prosecution of Julian Assange. Indeed, the government may have given the answers to Judge Furman’s hypotheticals that they did partly to protect the basis of the Assange prosecution. But for the same reason that the Assange prosecution is a dangerous precedent, the prosecutors’ claims — made in a sealed hearing — that they could charge people who share a NYT article (or an emptywheel post) on the Vault 7 releases raise real Constitutional concerns. As Judge Furman noted, “there are hundreds of thousands of people unwittingly violating the Espionage Act by sharing the New York Times report about the WikiLeaks leak” (and, though he doesn’t say it, tens of thousands sharing the emptywheel reporting about it). And yet no one will learn that fact if the discussion about it remains sealed.

I’m not usually able to intervene in such matters because I don’t have the resources of a big media in-house counsel to do so. McClanahan’s willingness to help makes that possible. National Security Counselors are experts on this kind of national security law, with extensive experience both on the Espionage Act and on CIPA. But the group relies heavily on tax-exempt charitable contributions to be able to do this kind of work. Please consider supporting  the effort with a donation via this link or PayPal. Thanks!

Transcript excerpt

These transcripts were obtained by the Calyx Institute with funding from Wau Holland, the latter of which has close ties to WikiLeaks.

So that’s the context and a little bit of the background. I think I have frankly come around to thinking that for reasons and constitutional avoidance and otherwise that there is a lot to — that Mr. Schulte is not entirely correct but is substantially correct, that is to say that if all — let me put it differently. I think the reason that Mr. Schulte is in a different position with respect to the MCC counts is that he is someone in a position to know whether the information was classified, was NDI, was CIA information and in that sense by virtue of leaking it again, so to speak, he is providing official confirmation but it is the official confirmation that is the new information that would qualify as NDI and I think Rosen kind of highlights that, that particular nuance. I think that distinguishes Mr. Schulte from — I gave you a hypothetical, again, I think it is currently in the classified hearing and therefore not yet public, but I gave you two hypotheticals. I think one is where a member of the public goes on WikiLeaks today and downloads Vault 7 and Vault 8 and then provides the hard dive with the download to someone who is not authorized to receive NDI, and I posed the question of whether that person would be guilty of violating the Espionage Act and I think your answer was yes. That strikes me as a very bold, kind of striking proposition because in that instance, if the person is not in a position to know whether it is actual classified information, actual government information, accurate information, etc., simply providing something that’s already public to another person doesn’t strike me as — I mean, strikes me as, number one, would be sort of surprising if that qualified as a criminal act. But, to the extent that the statute could be construed to the extend to that act one would think that there might be serious constitutional problems with it.

I also posed the hypothetical of the New York Times is publishing something that appears in the leak and somebody sharing that article in the New York Times with someone else. That would be a crime and there, too, I think you said it might well be violation of the law. I think to the extent that that would extend to the New York Times reporter for reporting on what is in the leak, or to the extent that it would extend to someone who is not in position to know or position to confirm, that raises serious constitutional doubts in my mind. That, to me, is distinguishable from somebody who is in a position to know. I think there is a distinction if that person transmits a New York Times article containing classified information and in that transmission does something that confirms that that information is accurate — right — or reliable or government information, then that’s confirmation, it strikes me, as NDI. But it just strikes me as a very bold and kind of striking proposition to say that somebody, who is not in position to know or does not act in a way that would confirm the authenticity or reliability of that information by sharing a New York Times article, could be violating the Espionage Act. That strikes me as a kind of striking proposition.

So all of which is to say I think I have come around to the view that merely sharing something that is already in the public domain probably can’t support a conviction under this provision except that if the sharing of it provides something new, namely, confirmation that it is reliable, confirmation that it is CIA information, confirmation that it is legitimate bona fide national defense information, then that confirmation is, itself, or can, itself, be NDI. I otherwise think that we are just in a terrain where, literally, there are hundreds of thousands of people unwittingly violating the Espionage Act by sharing the New York Times report about the WikiLeaks leak.

MR. DENTON: So, your Honor, I think there is a couple of different issues there and one of them is sort of whether the question that you are posing right now is actually the right question for this moment in time when we are talking about the elements of the offense.

In the context of that earlier discussion, and I will repeat it here, I think one of the things that we emphasized is there is a difference between whether a set of conduct, either the hypotheticals that you describe would satisfy the elements of a violation of 793 as opposed to the separate question of whether a person or an organization in that context would have a well-taken, as-applied First Amendment challenge to the application of the statute to them in that context.

THE COURT: But I have to say — and I recognize this may be in tension with my prior holding on this issue — the First Amendment is an area where somebody — I mean, the overbreadth doctrine in the First Amendment context allows somebody, as to whom a statute could be applied, constitutionally to challenge the statute on the grounds that it does cover conduct that would violate the First Amendment. So in that regard, it is distinct from a vagueness challenge. I think to the extent that you are saying that in those instances — I mean, the reason being that the First Amendment embodies a concept of chilling. If a New York Times reporter doesn’t know whether he is violating the Espionage Act by repeating what is in the WikiLeaks leak notwithstanding the fact that there is serious public interest in it, it may chill the suppression and that suppression is protected by the First Amendment. That’s the point in the overbreadth doctrine.

Go ahead.