Julian Assange

1 2 3 5

Did Wikileaks Do US Intelligence Bidding in Publishing the Syria Files?

Consider this nutty data point: between CNN’s Reliable Sources and NBC’s Meet the Press, Julian Assange was on more Sunday shows today than John McCain, with two TV appearances earlier this week.

Sadly, even in discussions of the potential that the DNC hack-plus-publication amounts to tampering with US elections, few seem to understand that evidence at least suggests that Wikileaks — not its allegedly Russian source — determined the timing of the release to coincide with the Democratic National Convention. Guccifer 2, at least, was aiming to get files out earlier than Wikileaks dumped them. So if someone is tampering, it is Julian Assange who, I’ve noted, has his own long-standing gripes with Hillary Clinton (though he disclaims any interest in doing her harm). If his source is Russia, that may just mean they had mutual interest in the publication of the files; but Assange claims to have determined the timing.

Since Wikileak’s role in the leak has been downplayed even as Assange has made the media rounds, since the nation’s spooks claim that publishing these documents is what makes it different, I want to consider this exchange Assange had with Chuck Todd:

CHUCK TODD:

All right. Let me ask you this. Do you, without revealing your source on this, do you accept information and leaked documents from foreign governments?

JULIAN ASSANGE:

Well, our publishing model means that what we publish is guaranteed to be true. That’s what we’re concerned about. That’s what our readers are concerned about. That’s the right of the general public, to not–

[snip]

CHUCK TODD:

Does that not trouble you at all, if a foreign government is trying to meddle in the affairs of another foreign government?

JULIAN ASSANGE:

Well, it’s an interesting speculative question that’s for the press and others to perhaps–

CHUCK TODD:

That doesn’t bother you? That is not part of the WikiLeaks credo?

JULIAN ASSANGE:

Well, it’s a meta story. If you’re asking would we accept information from U.S. intelligence that we had verified to be completely accurate, and would we publish that, and would we protect our sources in U.S. intelligence, the answer is yes, of course we would. [my emphasis]

Sure, at one level this is typical Assange redirection. When Todd asked if he’d accept files from Russia, Assange instead answered that he would accept them from the United States.

But it may not be so farcical as it seems. Consider the case of the Syria Files Wikileaks posted in spring 2012, at the beginning of the time the US was engaging in covert operations in Syria. They contained embarrassing information on Bashar al-Assad, his wife, and close associates, as well as documents implicating western companies that had facilitated Assad’s repression. Even at the time, people asked if the files were a western intelligence pys-op, though they were explicitly sourced to various factions of Anonymous. Then, between Jeremy Hammond and Sabu’s sentencing processes, it became clear that in January 2012, the latter identified targets for Anonymous hackers, targets that include the Syrian government.

An informant working for the F.B.I. coordinated a 2012 campaign of hundreds of cyberattacks on foreign websites, including some operated by the governments of Iran, Syria, Brazil and Pakistan, according to documents and interviews with people involved in the attacks.

Exploiting a vulnerability in a popular web hosting software, the informant directed at least one hacker to extract vast amounts of data — from bank records to login information — from the government servers of a number of countries and upload it to a server monitored by the F.B.I., according to court statements.

[snip]

The sentencing statement also said that Mr. Monsegur directed other hackers to give him extensive amounts of data from Syrian government websites, including banks and ministries of the government of President Bashar al-Assad. “The F.B.I. took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems,” the statement said.

What’s not known (as multiple reports say is still not known about the DNC hack) is whether the specific files the Sabu-directed Anonymous hackers obtained were the same ones that Wikileaks came to publish, though the timing certainly works out. It’s a very distinct possibility. In which case Assange’s comment may be more than redirection, but instead a reminder that Wikileaks has played the analogous role in US-directed hack-and-publish operation, one designed to damage Assad and his western allies. If those documents did ultimately come via FBI direction of Sabu, then Assange might be warning US spooks that their own similar actions could be exposed if he were asked to reveal more about any Russian role in the DNC hack.

Two (Three, Four?) Data Points on DNC Hack: Why Does Wikileaks Need an Insurance File?

Actually, let me make that three data points. Or maybe four.

First, Reuters has reported that the DCCC has also been hacked, with the hacker apparently believed to be the same entity (APT28, also believed to be GRU). The hackers created a spoof version of ActBlue, which donors use to give money to campaigns.

The intrusion at the group could have begun as recently as June, two of the sources told Reuters.

That was when a bogus website was registered with a name closely resembling that of a main donation site connected to the DCCC. For some time, internet traffic associated with donations that was supposed to go to a company that processes campaign donations instead went to the bogus site, two sources said.

The sources said the Internet Protocol address of the spurious site resembled one used by Russian government-linked hackers suspected in the breach of the DNC, the body that sets strategy and raises money for the Democratic Party nationwide.

That would mean hackers were after either the donations themselves, the information donors have to provide (personal details including employer and credit card or other payment information), or possibly the bundling information tied to ActBlue.

Second, Joe Uchill, who wrote one of the stories — on two corrupt donors to the Democratic Party — that preceded both publication at the Guccifer 2 site and Wikileaks, said Guccifer gave him the files for the story because Wikileaks was dawdling in publishing what they had.

Screen Shot 2016-07-29 at 12.59.01 PM
Guccifer posted some of the documents Uchill used here.

This detail is important because it says Julian Assange is setting the agenda (and possibly, the decision to fully dox DNC donors) for the Wikileaks release, and that agenda does not perfectly coincide with Guccifer’s (which is presumed to be a cut-out for GRU).

As I’ve noted, Wikileaks has its own beef with Hillary Clinton, independent of whom Vladimir Putin might prefer as President or any other possible motive for Russia to do this hack.

Now consider this bizarre feature of several high level leak based stories on the hack: the claim of uncertainty about how the files got from the hackers to Wikileaks. This claim, from NYT, seems bizarrely stupid, as Guccifer and Wikileaks have both said the former gave the latter the files.

The emails were released by WikiLeaks, whose founder, Julian Assange, has made it clear that he hoped to harm Hillary Clinton’s chances of winning the presidency. It is unclear how the documents made their way to the group. But a large sampling was published before the WikiLeaks release by several news organizations and someone who called himself “Guccifer 2.0,” who investigators now believe was an agent of the G.R.U., Russia’s military intelligence service

The claim seems less stupid when you consider these two cryptic comments from two equally high level sourced piece from WaPo. In a story on FBI’s certainty Russia did the hack(s), Ellen Nakashima describes that the FBI is less certain that Russia passed the files to Wikileaks.

What is at issue now is whether Russian officials directed the leak of DNC material to the anti-secrecy group WikiLeaks — a possibility that burst to the fore on the eve of the Democratic National Convention with the release of 20,000 DNC emails, many of them deeply embarrassing for party leaders.

The intelligence community, the officials said, has not reached a conclusion about who passed the emails to WikiLeaks.

“We have not drawn any evidentiary connection to any Russian intelligence service and WikiLeaks — none,” said one U.S. official. Doing so will be a challenge, in part because the material may not have been passed electronically. [my emphasis]

The claim appears this way in a more recent report.

The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

Now, the doubts about whether the files were passed electronically is thoroughly fascinating. I assume the NSA has Assange — and potentially even the Wikileaks drop — wired up about 100 different ways, so the questions about whether the files were passed electronically may indicate that they didn’t see them get passed in such a fashion.

Add in the question of whether they’re even the same emails! We know the DCCC hack is targeting donor information. The Wikileaks release included far more than that. Which raises the possibility GRU is only after donor information (which is part of, but just one part of, what Guccifer has released).

But then there’s this detail. On June 17, Wikileaks released an insurance file — a file that will be automatically decrypted if Wikileaks is somehow impeded from releasing the rest of the files. It has been assumed that the contents of that file are just the emails that were already released, but that is almost certainly not the case. After all, Wikileaks has already released further documents (some thoroughly uninteresting voice mails that nevertheless further impinge on the privacy of DNC staffers). They have promised still more, files they claim will be more damaging. Indeed, Wikileaks claims there’s enough in what they have to indict Hillary, though such claims should always be taken with a grain of salt. Correction: That appears to have been a misunderstanding about what Assange said about the previously released State emails.

But here’s the other question.

There’s no public discussion of Ecuador booting Assange from their Embassy closet (though I’m sure they’re pretty tired of hosting him). His position — and even that of Wikileaks generally — seems pretty stable.

So why does Assange believe they need an insurance file? I don’t even remember the last time they issued an insurance file (update: I think it was when they released an insurance file of Chelsea Manning’s documents). So is there someone else in the process that needs an insurance file? Is there someone else in the process that would use the threat of full publication of the files (which presumably is going to happen anyway) to ensure safety?

I’ll leave that question there.

That said, these data point confirms there are at least two players with different motivations: Wikileaks, and the Russian hackers. But the FBI isn’t even certain whether the files the Russians took are the same that Wikileaks released, which might suggest a third party.

Meanwhile, James Clapper (who thankfully is willing to poo poo claims that hacks that we ourselves do are unique) seems very interested in limiting the panic about this hack.

Update: Oh! I forgot this fifth data point. This absolutely delightful take-down of Debbie Wasserman Schultz includes this claim that Wikileaks has malware in its site, which I’ve asked around and doesn’t seem to be true.

Staff members were briefed in a Tuesday afternoon meeting in Washington that their personal data was part of the hack, as were Social Security numbers and other information for donors, according to people who attended. Don’t search WikiLeaks, they were told — malware is embedded throughout the site, and they’re looking for more data.

Who told the DNC Wikileaks is releasing malware, and why?

Update: here’s what the malware claim is about: When it posted the “AKP emails,”  WL either added or did not remove a bunch of malware included in those emails, and as a result, that malware is still posted at the site. That is, the malware is associated with a separate set of documents available at the site.

FBI Is Not “Surveilling” WikiLeaks Supporters in Its Never-Ending Investigation; Is It “Collecting” on Them?

The FOIA for records on FBI’s surveillance of WikiLeaks supporters substantially ended yesterday (barring an appeal) when Judge Barbara Rothstein ruled against EPIC. While she did order National Security Division to do a more thorough search for records, she basically said the agencies had properly withheld records under Exemption 7(A) for its “multi-subject investigation into the unauthorized disclosure of classified information published on WikiLeaks, which is ‘still active and ongoing’ and remains in the investigative stage.” (Note, the claim that the investigation is still in what FBI calls an investigative stage, which I don’t doubt, is nevertheless dated, as the most recent secret declarations in this case appear to have been submitted on April 25, 2014, though Rothstein may not have read them until after she approved such ex parte submissions on July 29 of last year.)

In so ruling, Rothstein has dodged a key earlier issue, which is that all three entities EPIC FOIAed (DOJ’s Criminal and National Security Division and FBI) invoked a statutory Exemption 3 from FOIA, but refused to explain what statute they were using.

2 Defendants also rely on Exemptions 1, 3, 5, 6, 7(C), 7(D), 7(E), and 7(F). The Court, finding that Exemption 7(A) applies, does not discuss whether these alternative exemptions may apply.

I have argued — and still strongly suspect — that the government was relying, in part, on Section 215 of PATRIOT, as laid out in this post.

In addition to the Exemption 3 issue Rothstein dodged, though, there were three other issues that were of interest in this case.

First, we’ve learned in the 4 years since EPIC filed this FOIA that their request falls in the cracks of the language the government uses about its own surveillance (which it calls intelligence, not surveillance). EPIC asked for:

  1. All records regarding any individuals targeted for surveillance for support for or interest in WikiLeaks;
  2. All records regarding lists of names of individuals who have demonstrated support for or interest in WikiLeaks;
  3. All records of any agency communications with Internet and social media companies including, but not limited to Facebook and Google, regarding lists of individuals who have demonstrated, through advocacy or other means, support for or interest in WikiLeaks; and
  4. All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks. [my emphasis]

As I’ve pointed out in the past, if the FBI obtained datasets rather than lists of the people who supported WikiLeaks from Facebook, Google, Visa, MasterCard, and PayPal, FBI would be expected to deny it had lists of such supporters, as it has done. We’ve since learned about the extent to which it does collect datasets when carrying out intelligence investigations.

Then there’s our heightened understanding of the words “target” and “surveillance” which are central to request 1. The US doesn’t target a lot of Americans, but it does collect on them. And when it does so — even if it makes queries that return their identifiers — it doesn’t consider that “surveillance.” That is, the FBI would only admit to having responsive data to request 1 if it were obtaining FISA or Title III warrants against mere supporters of WikiLeaks, rather than — say — reading their email to Julian Assange, whom FBI surely has targeted and still targets under Section 702 and other surveillance authorities, or even, as I guarantee you has happened, looked up people after the fact and discovered they had previous conversations with Assange. We’ve even learned that NSA collects vast amounts of Internet communications that talk “about” a targeted person’s selector, meaning that Americans’ communications might be pulled if they used WikiLeaks or Assange’s Internet identifiers in the body of their emails or chats. None of that would count as “targeted” “surveillance,” but it is presumably among the kinds of things EPIC had in mind when it tried to learn how FBI’s investigation of WikiLeakas was implicating completely innocent supporters.

I noted the way FBI’s declaration skirted both these issues some years ago, and everything we’ve learned since only raises the likelihood that FBI is playing a narrow word game to claim that it doesn’t have any responsive records, but out of an act of generosity it nevertheless considered the volumes of FBI records that are related to the request that it nevertheless has declared 7(A) over. Rothstein’s order replicates the use of the word “targeting” to discuss FBI’s search, suggesting the distinction is as important as I suspect.

Plaintiff first argues that the release of records concerning individuals who are simply supporting WikiLeaks could not interfere with any pending or reasonably anticipated enforcement proceeding since their activity is legal and protected by the First Amendment. Pl.’s Cross-Mot. at 14. This argument is again premised on Plaintiff’s speculation that the Government’s investigation is targeting innocent WikiLeaks supporters, and, for the reasons previously discussed, the Court finds it lacks merit.

All  of which brings me to the remaining interesting subtext of this ruling.

Five years after the investigation into WikiLeaks must have started in earnest, 20 months after Chelsea Manning was found guilty for leaking the bulk of the documents in question, and over 10 months since Rothstein’s most recent update on the “investigation” in question, Rothstein is convinced these records may adequately be withheld because there is an active investigation.

While it’s possible DOJ is newly considering charges related to other activities of WikiLeaks — perhaps charges relating to WikiLeaks’ assistance to Edward Snowden in escaping from Hong Kong, though like Manning’s verdict, that was over 20 months ago — it’s also very likely the better part of whatever ongoing investigation into WikiLeaks is ongoing is an intelligence investigation, not a criminal one. (See this post for my analysis of the language they used last year to describe the investigation.)

Rothstein is explicit that DOJ still has — or had, way back when she read fresh declarations in the case — a criminal investigation, not just an intelligence investigation (which might suggest Assange’s asylum in the Ecuador Embassy in London is holding up something criminal).

In stark contrast to the CREW panel, this Court is persuaded that there is an ongoing criminal investigation. Unlike the vague characterization of the investigation in CREW, Defendants have provided sufficient specificity as to the status of the investigation, and sufficient explanation as to why the investigation is of long-term duration. See e.g., Hardy 4th Decl. ¶¶ 7, 8; Bradley 2d Decl. ¶ 12; 2d Cunningham Decl. ¶ 8.

Yet much of her language (which, with one exception, relies on the earliest declarations submitted in this litigation) sounds like that reflecting intelligence techniques as much as criminal tactics.

Here, the FBI and CRM have determined that the release of information on the techniques and procedures employed in their WikiLeaks investigation would allow targets of the investigation to evade law enforcement, and have filed detailed affidavits in support thereof. Hardy 1st Decl. ¶ 25; Cunningham 1st Decl. ¶ 11. As Plaintiff notes, certain court documents related to the Twitter litigation have been made public and describe the agencies’ investigative techniques against specific individuals. To the extent that Plaintiff seeks those already-made public documents, the Court is persuaded that their release will not interfere with a law enforcement proceeding and orders that Defendants turn those documents over.

[snip]

In the instant case, releasing all of the records with investigatory techniques similar to that involved in the Twitter litigation may, for instance, reveal information regarding the scope of this ongoing multi-subject investigation. This is precisely the type of information that Exemption 7(A) protects and why this Court must defer to the agencies’ expertise.

I’m left with the impression that FBI has reams of documents responsive to what EPIC was presumably interested in — how innocent people have had their privacy compromised because they support a publisher the US doesn’t like — but that they’re using a variety of tired dodges to hide those documents.

DOJ Continues Its “Multi-Subject” Investigation of WikiLeaks

As I noted some weeks ago, the judge in EPIC’s FOIA for materials on the investigation into supporters of WikiLeaks asked for an update. The government provided that update last night.

It said it still must withhold all documents responsive to EPIC’s FOIA because two investigations pertaining to WikiLeaks are ongoing: Chelsea Manning’s appeal, and the investigation into WikiLeaks proper.

There are at least two separate categories of “enforcement proceedings” relevant to defendants’ Exemption 7(A) analysis, and those two separate categories of law enforcement proceedings are progressing on different tracks. One set consists of those enforcement proceedings directly related to the military prosecution of Army Pfc. Manning, which falls within the jurisdiction of the Department of Defense (“DoD”). Since this case was originally briefed, Manning was tried and convicted by a military court, as noted above. The court-martial remains ongoing, in the appellate phase.

The second type of enforcement proceeding, generally, is the DOJ’s civilian criminal/national security investigation(s) into the unauthorized disclosure of classified information that was published on the WikiLeaks website. The investigation of the unauthorized disclosure is a multi-subject investigation and is still active and ongoing. While there have been developments in the investigation over the last year, the investigation generally remains at the investigative stage. It is this second category of enforcement proceeding that is actually more central to defendants’ Exemption 7(A) withholdings in this case.

Note, DOJ says the investigation is “multi-subject.” Further, it describes it as an “civilian criminal/national security” investigation. It’s worth noting that the sealed declaration providing more detail on the investigation comes from Mark Bradley, in DOJ’s National Security Division, not from FBI. (I take my observation that the sealed declaration is from Bradley back: the motion is inconsistent on whom the sealed declaration is from. While the table on page 4 lists Bradley, it says the declaration is from FBI. The reference to a fourth declaration from David Hardy on page 9 suggests the declaration is from him.)

I’ll have a bit more to say about this later.

Update: One more observation: the description says there are “at least two” separate categories, suggesting there may be still another investigative matter.

Judge in WikiLeaks FOIA Cites “Events that Have Transpired,” Government Claims FOIA Is “Improper”

Back in 2011, the Electronic Privacy Information Center sued to enforce a FOIA for documents on FBI’s investigation of WikiLeaks supporters. In response, the government cited an ongoing investigation exemption. But they also cited a statutory exemption, claiming some law prevented them from releasing the records on investigations into WikiLeaks supporters. Unusually, DOJ refused to name the law in question. For that reason, and because my suspicions of how Section 215 gets used suggested it would make a spectacular tool for investigating a group of WikiLeaks supporters, I suggested that the statute was likely Section 215.

Since then, we’ve seen indications of NSA involvement in the investigation into WikiLeaks, though without any details from before EPIC’s FOIA.

And until March 11, that’s where things stood, with the government claiming it couldn’t release records about its investigation into completely innocent supporters of a publishing outlet and the judge (who had been newly assigned to the case in April 2013) doing nothing with the government’s motion for summary judgement.

On March 11, however, Judge Barbara Jacobs Rothstein ordered DOJ and EPIC to submit briefs updating her on the status of the investigation into WikiLeaks and with it the government’s ongoing investigation exemption, but not its claimed statutory exemption.

The Court takes judicial notice that events have transpired during that time that may cause the government’s position to to have changed. Therefore, the Court instructs the government to update its position regarding Plaintiff’s FOIA request, particularly with respect to the government’s invocation of exemption 7(A).

The language of her order suggests two things. First, if Rothstein is asking whether the 7(A) ongoing investigation exemption remains active, it suggests she’s may not accept the government’s statutory exemption 3 to completely withhold these documents. And she doesn’t say what the “events” that “have transpired” are, but it’s probably not any developments in the WikiLeaks investigation, as that’s what she says she doesn’t know. That makes it likely the Snowden leaks and related official disclosures have made the exemption 3, the basis for which she knows about from classified declarations, moot.

That’s all tea leaf reading. And even if I’ve read the tea leaves correctly, it doesn’t mean I’m right about Section 215. After all, back door searches on collection targeted at Julian Assange (who, as a foreign citizen and alleged spy, would be a legal target under Section 702 or even generally) would be a useful investigation into WikiLeaks supporters as well, though there’s abundant reason to believe dragnet queries serve as the basis for back door searches. Still, I think it’s likely that something that has been released and declassified since last April has mooted the government’s secret statutory claims.

The government, having sat on Judge Rothstein’s April 11 deadline from March 11 until Tuesday, is now stalling for time. (h/t JG; links to come shortly) On Tuesday, the lawyer who inherited this case claimed she has another case that prevents her from writing 10 pages on the status of the WikiLeaks investigation. But also that she needs more time to consult with the “defendant agencies.”

In addition, the draft supplemental brief will require review within the Department of Justice and defendant agencies before it may be filed.

EPIC’s not buying it, citing from the judge’s previous orders warning against extensions and stating clearly that business in other matters is not a good excuse. EPIC also described DOJ’s sleazy post-business hours effort to provide notice. and noted this is precisely the kind of thing Judge Rothstein had said would get a motion summarily denied.

Ms. Zeidner Marcus also did not timely notify Plaintiff’s counsel of her plans to file this Motion for Extension of Time. Ms. Zeidner Marcus first contacted Ms. McCall on April 8, 2014, the date that the filing was due, after ordinary business hours. Ms. Zeidner Marcus first emailed Ms. McCall on April 8, 2014 at 5:01 PM and followed up at approximately 5:30 PM that day with a telephone call. This did not give Ms. McCall sufficient time to consider Ms. Zeidner Marcus’ request or to consult with Ms. McCall’s co-counsel ,Mr. Rotenberg, regarding that request. Ms. Zeidner Marcus then filed her Motion for Extension of Time at 11:23 PM on the same day (April 8, 2014).

To which DOJ responded by accusing EPIC of filing an “improper” FOIA.

This case involves plaintiff’s attempts to improperly use the Freedom of Information Act to seek information about ongoing criminal investigations.

Remember, the underlying issue here is that DOJ shouldn’t be investigating innocent supporters of a publishing outlet. But DOJ believes trying to learn how and why they are doing so is an improper FOIA.

Meanwhile, DOJ sources admitted last November that they can’t really charge Assange without charging the NYT as well.

Justice officials said they looked hard at Assange but realized that they have what they described as a “New York Times problem.” If the Justice Department indicted Assange, it would also have to prosecute the New York Times and other news organizations and writers who published classified material, including The Washington Post and Britain’s Guardian newspaper, according to the officials, who spoke on the condition of anonymity to discuss internal deliberations.

Which, I guess, explains the rudeness and urgent need for one more month. Because if the government loses both its ongoing investigation and its statutory exemptions, they might have to explain why they used national security tools against people exercising free speech.

Update: The Judge gave the government half the extension they requested, to April 25.

In light of the fact that the motion was not timely filed and that press of business is not an adequate reason for an extension, the Court will not grant the request for a thirty day extension. Instead, the Court will grant an extension to and including April 25, 2014. Plaintiff’s opposition shall be filed on or before May 12, 2014. The reply shall be file on or before May 19, 2014. In the future, the Court expects the parties to comply with the terms of the Standing Order in this case.

Obama’s Stubbornness and the Risk of Snowden

At the outset of this post, let me lay out my following assumptions (I can’t prove these points, but I suspect them):

  • The documents released so far by Guardian and WaPo — information on the Section 215 program, PRISM, and the PPD on cyberwar — have done negligible damage to our security (indeed, even Sheldon Whitehouse, a big defender of these programs, said the government should have been transparent about them earlier)
  • China already knew the content of Edward Snowden’s public revelations about our hacking into Chinese networks (we know China’s compromises of us, so it is unlikely China, which is more successful and aggressive at hacking than we are, doesn’t know our compromises of it); the revelations on this front so far have served primarily to even out the playing field on mutual accusations of hacking
  • Snowden personally (and his laptops) have information that China and Russia could both find of more use, particularly given that some of our programs targeting them were run out of HI
  • Snowden may also have things that might be of use to others, such as organized crime (If I were planning on longevity and had access, for example, I would take some zero day exploits when I left the NSA, though the street value of them would diminish once NSA had inventoried what I took)
  • The reporting I’ve seen has not confirmed reports that either China or Russia has debriefed Snowden or scanned his computers (indeed, this report on China’s involvement in his departure from Hong Kong suggests they did not talk with him directly)
  • Julian Assange knows where Snowden is, leading to the possibility he has escaped Russia to a country that has not yet been named in reports of Snowden’s escape (named countries have included Venezuela, Cuba, Ecuador, and Iceland)

All of that is a roundabout way of saying that Snowden could do great damage to the US, but may not have yet, and certainly hadn’t by the time he first revealed himself in Hong Kong.

If that’s right, then it seems the Obama approach has been precisely the wrong approach in limiting potential damage to national security. The best way to limit damage, for example, would be to get Snowden to a safe place where our greatest adversaries can’t get to him, where we could make an eternal stink about his asylum there, but still rest easy knowing he wasn’t leaking further secrets. Indeed, if he were exiled in some place like France, we’d likely have more influence over what he was allowed to do than if he gets to Ecuador, for example.

The most likely approach to lead to further damage, however, is to charge him with Espionage. This not only raises the specter of the treatment we’ve given Bradley Manning — giving Snowden Denise Lind’s judgement that Manning’s rights were violated to include in any asylum application — but also easily falls under what states can call political crimes, which permits them to ignore extradition requests. That is, we appear to be pursuing the approach that could lead to greater damage.

By contrast, letting Snowden get someplace safe is perfectly equivalent to letting the CIA off for torture (or, for that matter, James Clapper off for lying to Congress). It’s a violation of rule of law, but it also serves to minimize the tremendous damage the spooks might do to retaliate. Obama has chosen this path already when the criminals were his criminals; he clearly doesn’t have the least bit of compunction of setting aside rule of law for pragmatic reasons. But in Snowden’s case, he seems to be pursuing a strategy that not only might increase the likelihood of damage, but also lets China and Russia retaliate for perceived slights along the way.

All this is just an observation. I believe Obama’s relentless attacks on whistleblowers and his ruthless enforcement of information asymmetry have actually raised the risk of something like this. And he seems to be prioritizing proving the power of the US (which has, thus far, only proved our diminishing influence) over limiting damage Snowden might do.

Update: This fearmongering WaPo article nevertheless quotes a former senior US official admitting that what Snowden has released so far wouldn’t help China or Russia.

A former senior U.S. official said that the material that has leaked publicly would be of limited use to China or Russia but that if Snowden also stole files that outline U.S. cyber-penetration efforts, the damage of any disclosure would be multiplied.

The International Manhunt for WikiLeaks

One of the things DOJ is protecting from FOIA in Electronic Privacy Information Center’s suit is information other governments have shared with the US on the investigation.

According to FBI’s David Harvey, this includes classified information from foreign governments.

(45) E.O. 13526, § 1.4(b) authorizes the classification of foreign government information. E.O. 13526, § 6.1(s) defines foreign government information as: “(1) information provided to the United States Government by a foreign government or governments, an international organization of governments, or any element thereof, with the expectation that the information, the source of the information, or both, are to be held in confidence; (2) information produced by the United States Government pursuant to or as a result of a joint arrangement with a foreign government or governments, or an international organization of governments, or any element thereof, requiring that the information, the arrangement, or both, are to be held in confidence; or (3) information received and treated as ‘foreign government information’ under the terms of a predecessor order.”

(46) Many foreign governments do not officially acknowledge the existence of some of their intelligence and security services, or the scope of their activities or the sensitive information generated by them. The free exchange of information between United States intelligence and law enforcement services and their foreign counterparts is predicated upon the understanding that these liaisons, and information exchanged between them, must be kept in confidence.

(47) The release of official United States Government documents that show the existence of a confidential relationship with a foreign government reasonably could be expected to strain relations between the United States and the foreign governments and lead to diplomatic, political, or economic retaliations. A breach of this relationship can be expected to have at least a chilling effect on the free flow of vital information to the United States intelligence and law enforcement agencies, which may substantially reduce their effectiveness. Although the confidential relationship of the United States with certain countries may be widely reported, they are not officially acknowledged. (48) Disclosure of such a relationship predictably will result in the careful analysis and possible compromise of the information by hostile intelligence services. The hostile service may be able to uncover friendly foreign intelligence gathering operations directed against it or its allies. This could lead to the neutralization of friendly allied intelligence activities or methods or the death of live sources, cause embarrassment to the supplier of the information, or result in economic or diplomatic retaliation against both the United States and the supplier of the information.

(49) Even if the government from which certain information is received is not named in or identifiable from the material it supplies, the danger remains that if the information were to be made public, the originating government would likely recognize the information as material it supplied in confidence. Thereafter, it would be reluctant to entrust the handling of its information to the discretion of the United States.

(50) The types of classified information provided by foreign government intelligence components can be categorized as: (a) information that identifies a named foreign government and detailed information provided by that foreign government; (b) documents received from a named foreign government intelligence agency and classified “Secret” by that agency; and (c) information that identifies by name, an intelligence component of a specific foreign government, an official of the foreign government, and information provided by that component official to the FBI.

[snip]

(51) The cooperative exchange of intelligence information between the foreign governments and the FBI was, and continues to be, with the express understanding that the information will be kept classified and not released to the public. Disclosure of the withheld information would violate the FBI’s promise of confidentiality. Continue reading

DOJ: We Can’t Tell Which Secret Application of Section 215 Prevents Us From Telling You How You’re Surveilled

As Mike Scarcella reported yesterday, the government has moved for summary judgment in an Electronic Privacy Information Center FOIA suit for details on the government’s investigation into WikiLeaks. EPIC first FOIAed these materials in June 2011. After receiving nothing, they sued last January.

The government’s motion and associated declarations would be worth close analysis in any case. All the more so, though, in light of the possibility that the government conducted a fishing expedition into WikiLeaks as part of its Aaron Swartz investigation, almost certainly using PATRIOT Act investigative techniques. The government’s documents strongly suggest they’re collecting intelligence on Americans, all justified and hidden by their never ending quest to find some excuse to throw Julian Assange in jail.

EPIC’s FOIA asked for information designed to expose whether innocent readers and supporters of WikiLeaks had been swept up in the investigation. It asked for:

  1. All records regarding any individuals targeted for surveillance for support for or interest in WikiLeaks;
  2. All records regarding lists of names of individuals who have demonstrated support for or interest in WikiLeaks;
  3. All records of any agency communications with Internet and social media companies including, but not limited to Facebook and Google, regarding lists of individuals who have demonstrated, through advocacy or other means, support for or interest in WikiLeaks; and
  4. All records of any agency communications with financial services companies including, but not limited to Visa, MasterCard, and PayPal, regarding lists of individuals who have demonstrated, through monetary donations or other means, support or interest in WikiLeaks. [my emphasis]

At a general level, the government has exempted what files it has under a 7(A) (ongoing investigation) exemption, while also invoking 1 (classified information), 3 (protected by statute), 5 (privileged document), 6 (privacy), 7(C) (investigative privacy), 7(D) (confidential source, which can include private companies like Visa and Google), 7(E) (investigative techniques), and 7(F) (endanger life or property of someone) exemptions.

No one will say what secret law they’re using to surveil Americans

But I’m most interested in how all three units at DOJ — as reflected in declarations from FBI’s David Hardy, National Security Division’s Mark Bradley, and Criminal Division’s John Cunningham — claimed the files at issue were protected by statute.

None named the statute in question. All three included some version of this statement, explaining they could only name the statute in their classified declarations.

The FBI has determined that an Exemption 3 statute applies and protects responsive information from the pending investigative files from disclosure. However, to disclose which statute or further discuss its application publicly would undermine interests protected by Exemption 7(A), as well as by the withholding statute. I have further discussed this exemption in my in camera, ex parte declaration, which is being submitted to the Court simultaneously with this declaration

In fact, it appears the only reason that Cunningham submitted a sealed declaration was to explain his Exemption 3 invocation.

And then, as if DOJ didn’t trust the Court to keep sealed declarations secret, it added this plaintive request in the motion itself.

Defendants respectfully request that the Court not identify the Exemption 3 statute(s) at issue, or reveal any of the other information provided in Defendants’ ex parte and in camera submissions.

DOJ refuses to reveal precisely what EPIC seems to be seeking: what kind of secret laws it is using to investigate innocent supporters of WikiLeaks.

By investigating a publisher as a spy, DOJ gets access to PATRIOT Act powers, including Section 215

There’s a very very large chance that the statute in question is Section 215 of the PATRIOT Act (or some other national security administrative subpoena). After all, the FOIA asked whether DOJ had collected business records on WikiLeaks supporters, so it is not unreasonable to assume that DOJ used the business records provision to do so.

Moreover, the submissions make it very clear that the investigation would have the national security nexus to do so. While the motion itself just cites a Hillary Clinton comment to justify its invocation of national security, both the FBI and the NSD declarations make it clear this is being conducted as an Espionage investigation by DOJ counterintelligence people, which — as I’ve been repeating for over two years — gets you the full PATRIOT Act toolbox of investigative approaches.

Media outlets take note: The government is, in fact, investigating a publisher as a spy. You could be next.

Continue reading

Our Government’s UnPATRIOTic Investigation of Aaron Swartz

As I noted back in December 2010, as soon as Eric Holder declared WikiLeaks’ purported crime to be Espionage, it opened up a whole slew of investigative methods associated with the PATRIOT Act. It allowed the government to use National Security Letters to get financial and call records. It allowed them to use Section 215 orders to get “any tangible thing.” And all that’s after FISA Amendments Act, which permits the government to bulk collect “foreign intelligence” on a target overseas–whether or not that foreign target is suspected of Espionage–that includes that target’s communications with Americans. The government may well be using Section 215 to later access the US person communications that have been collected under an FAA order, though that detail is one the government refuses to share with the American people.

At no point would a judge have the opportunity to challenge Holder’s assertion that a website publishing documents offered up anonymously is engaged in Espionage. All it would take is Holder’s assertion that it was, and those investigative powers would become available.

No matter how many Americans got sucked up into that investigation.

Which is why I find it interesting that Aaron Swartz’ lawyers were asking, last summer–but got only indirect answers–about how the government had collected some of the evidence, particularly emails, turned over to the grand jury.

This paragraph asked the government to “identify the origin of any and all statements of Aaron Swartz including but not limited to emails, text messages, chats, documents, memoranda or letters, i.e., to identify the source from which each statement was received and the legal procedure used to obtain each such statement of the defendant.” Swartz has received in discovery internet memoranda and chats purporting to be from him. For example, the discovery contains a number of chats on googlegroups.com which contain entries which facially indicate that Swartz was a participant in the communications. The discovery also contains a number of emails which on their faces indicate that they were either to or from Swartz. Swartz requires the additional information requested – the source of these statements and the procedure used by the government to obtain them – to enable him to move to suppress such statements if grounds exist to do so, which he cannot determine without the requested information.

The government offered this explanation.

In Paragraph 15, the defendant would require the government to identify the origin of any and all statements of Aaron Swartz in its possession and the legal procedure used to obtain the statements. All of the emails, text messages, chat sessions, and documents containing statements provided by the defendant relevant to this case were obtained either from individuals with whom the defendant communicated or from publicly available websites stored on the Internet. No emails, texts messages, chat logs, or documents were obtained from Internet service providers using orders under 18 U.S.C. 2703(d). As previously represented to defense counsel, there was no court-authorized electronic surveillance in this case. [my emphasis]

The government admits the defense has asked for the content and origin of all Aaron’s statement in its possession. In response, it described how it had gotten Aaron’s statements relevant to this case–which may well be just a subset of Aaron’s statements in their possession. It also says that it did not obtain any of his statements (presumably referring to the larger potential universe) using 18 USC 2703(d), which is how DOJ demanded Twitter information on four WikiLeaks figures in late 2010 to early 2011. It suggests everything it got relevant to this case was either willingly from people involved in private conversations with him–though it didn’t say whether it asked for them specifically or not–or from publicly available places. And it alludes to an earlier representation to the defense about whether or not it had intercepted Aaron’s communications in this case.

I believe these are the representations in question, which comes from early discovery discussions in August 2011.

C. Electronic Surveillance under Local Rule 1 16.1 (C)(l)(c)

No oral, wire, or electronic communications of the defendant as defined in 18 U.S.C. § 2510 were intercepted relating to the charges in the indictment.

D. Consensual Interceptions under Local Rule 1 16.1 (C)(l)(d)

There were no interceptions (as the term “intercept” is defined in 18 U.S.C. § 2510(4)) of wire, oral, or electronic communications relating to the charges contained in the indictment, made with the consent of one of the parties to the communication in which the defendant was intercepted or which the government intends to offer as evidence in its case-in-chief.

As you can see, in this statement the government made in August 2011 anticipated some of the same dodges the government was making in June 2012.

But in the earlier statement, the limitation on its assertions are even narrower than the later one. Whereas by June 2012 they were making assertions about “this case” in general, when they first discussed the issue, they discussed only the communications related to “the charges contained in the indictment” (though presumably they may have still been considering other charges).

Also, the second paragraph makes it very clear it is discussing intercepts only as defined under the Title III definition for intercept, which pertains to communications collected in transit. I’m not sure what the government considers communications collected under FISA and stored, though I would not be surprised, given all the discussions about the government yoking Section 215 onto FAA if they had some creative treatment of those US person communications.

None of that is proof that they had accessed Swartz’ communications via other means or, indeed, that they have any communications outside those pertaining directly to JSTOR downloads.

But their very careful hedges sure seem to leave that possibility open.

 

The Fishing Expedition into WikiLeaks

If, as WikiLeaks claims, Aaron Swartz:

  • Assisted WikiLeaks
  • Communicated with Julian Assange in 2010 and 2011
  • May have contributed material to WikiLeaks

Then it strongly indicates the US government used the grand jury investigation into Aaron’s JSTOR downloads as a premise to investigate WikiLeaks. And they did so, apparently, only after the main grand jury investigation into WikiLeaks had stalled.

(See this Verge article on the ways these tweets appear to violate WikiLeaks’ promises of confidentiality.)

As I noted in this post, when Aaron’s lawyer requested discovery last June, he wanted material that had been subpoenaed or otherwise collected but not turned over in discovery–material that does not have an obvious tie to Aaron’s relatively simple alleged crime of downloading journal articles from JSTOR.

These paragraphs request information relating to grand jury subpoenas. Paragraph 1 requested that the government provide “[a]ny and all grand jury subpoenas – and any and all information resulting from their service – seeking information from third parties including but not limited to Twitter. MIT, JSTOR, Internet Archive that would constitute a communication from or to Aaron Swartz or any computer associated with him.” Paragraph 4 requested “[a]ny and all SCA applications, orders or subpoenas to MIT, JSTOR, Twitter, Google, Amazon, Internet Archive or any other entity seeking information regarding Aaron Swartz, any account associated with Swartz, or any information regarding communications to and from Swartz and any and all information resulting from their service.” Paragraph 20 requested “[a]ny and all paper, documents, materials, information and data of any kind received by the Government as a result of the service of any grand jury subpoena on any person or entity relating to this investigation.”

Swartz requests this information because some grand jury subpoenas used in this case contained directives to the recipients which Swartz contends were in conflict with Rule 6(e)(2)(A), see United States v. Kramer, 864 F.2d 99, 101 (11th Cir. 1988), and others sought certification of the produced documents so that they could be offered into evidence under Fed. R. Evid. 803(6), 901. Swartz requires the requested materials to determine whether there is a further basis for moving to exclude evidence under the Fourth Amendment (even though the SCA has no independent suppression remedy).

[snip]

Moreover, defendant believes that the items would not have been subpoenaed by the experienced and respected senior prosecutor, nor would evidentiary certifications have been requested, were the subpoenaed items not material to either the prosecution or the defense. Defendant’s viewing of any undisclosed subpoenaed materials would not be burdensome, and disclosure of the subpoenas would not intrude upon the government’s work product privilege, as the subpoenas were served on third parties, thus waiving any confidentiality or privilege protections. [my emphasis]

Given that this material (I’m particularly interested in the material Amazon returned to the grand jury, though also the Twitter and Google material, which after all, the main WikiLeaks grand jury requested for public WikiLeaks figures) had not been turned over to Aaron’s defense almost a full year after he was indicted, it’s fairly clear it did not pertain to (or certainly was not necessary to prove) the charges against him, which related to JSTOR.

Yet prosecutor Stephen Heymann had used a grand jury he was using to investigate that JSTOR download–a grand jury that appears not to have gotten started in earnest until the main WikiLeaks grand jury had stalled–to collect information that appears directly relevant to the WikiLeaks grand jury. And he collected it in a form such that could be directly entered as evidence into that WikiLeaks grand jury.

Let me clear about two things. First, I think this is perfectly within the range of what grand juries do. If the government suspected–and they appear to have–that Aaron’s JSTOR downloads were part of a larger effort, then it’s not surprising they investigated broadly to determine whether it was. That’s part of the significant power of grand juries–they can expand in secret to fish for other crimes. As judge Judith Dein said when rejecting Aaron’s effort to see what the government had gotten from these subpoenas, citing US v. Dionisio, “A grand jury’s investigation is not fully carried out until every available clue has been run down and all witnesses examined in every proper way to find if a crime has been committed.”

But even after this fishing expedition (and I hope to show in a later post just how broad it appears to have been), Heymann apparently came up with no evidence that Aaron had broken any laws related to whatever he did with and for WikiLeaks (again, assuming WikiLeaks’ assertions are correct). After investigating for over a year, Heymann added no charges pertaining to WikiLeaks.

He just ratcheted up the charges related to JSTOR.

It appears the government tried–and failed–to establish a criminal connection between Aaron and WikiLeaks. And when they failed to do that, they increased their hardline stance on the JSTOR charges.

1 2 3 5