Posts

Prosecutors Have Discovered the Joshua Schulte Is a Hack-and-Leak Case, Not a Personnel Dispute

While I’ve been buried in the Mike Flynn beat, on Monday, there was a status hearing in the Joshua Schulte case.

There were three main news items in the hearing.

First, prosecutors revealed unsurprisingly that they’re going retry Schulte. More interesting, they said they planned to supersede the indictment against Schulte, alleging the same charges, but providing more information on them. They cited the notes from jurors, which made it crystal clear that the jurors were confused by the forensic testimony and how the charges related to that testimony. What the limits of Schulte’s legal access were seemed to be particularly confusing (something that is not sufficiently clear in the law anyway). At the time of both the initial Espionage indictment and the superseding one, the CIA was still trying to keep secret specifically what had been stolen when and how, but now that that’s public. I expect the superseding indictment to explain more clearly what was stolen and how Schulte allegedly exceeded his legal accesses to do that.

In discussions around that superseding indictment, prosecutor David Denton said something to the effect that grand juries are only available in emergencies. As far as the public record goes, however, grand juries aren’t available at all, so Denton’s disclosure was news. That only matters in the Schulte case insofar as he’s going to refuse most Speedy Trial exclusions (meaning prosecutors may be forced to find some way to start a new trial before COVID lockdowns end). But it’s an interesting admission more generally.

Finally, prosecutors said they didn’t think the retrial will take as long as his initial trial. In my summary of why the prosecution was in a remarkably weak position as the last trial went to the jury, I described how prosecutors had made it look like the Vault 7 breach was just a really nasty personnel dispute to which burning the CIA’s hacking abilities to the ground was just a side dispute.

Add that to the pace of the trial, which feels like a nasty employment dispute to which the massive breach of the CIA’s hacking tools became just a side-dispute. That’s often true of CIA trials — it certainly was for Jeffrey Sterling. But the long parade of CIA witnesses — Schulte’s buddy, two other colleagues, his boss, his boss’s boss, his boss’s boss’s boss, her boss, and then yet another boss, plus a CIA SysAdmin and a security guy — all describing a series of disputes escalating from a nerf gun fight to WikiLeaks burning the CIA’s hacking capabilities to the ground refocused the trial onto whether Schulte’s complaints had merit and not on what the forensic evidence showed.

And Sabrina Shroff did a superb job of defending not the forensic case (indeed, defense expert Steve Bellovin did not take the stand to float any of the alternate theories that Schulte has been offering for two years, and in so doing will leave Shroff to claim Michael could have accessed the backup without prosecutors having gotten him to admit that wouldn’t have worked), but instead arguing that her client was maligned by the entire CIA. The boss, the boss’s boss, the boss’s boss’s boss, the boss’s boss’s boss’s boss, and then the senior-most boss are all lined up against Schulte for being an asshole. She even defused utterly damning notes about working with Russia (which I’ll return to). From the transcripts, it seemed like Shroff rattled a good many government witnesses, too, and a number of them (one of the FBI agents and the classification expert, especially) seemed to come off as unresponsive as a result.

I expect prosecutors will shorten the trial by limiting this testimony to just the four or so people who have first-hand knowledge of Schulte’s actions (and in the retrial, the government won’t have to backpedal as they try to fix their late disclosure that Schulte’s buddy Michael had been put on paid leave by the CIA). If so, that should make it easier for prosecutors to focus on why the circumstantial forensic evidence strongly supports Schulte’s involvement.

All that said, prosecutors also seemed to be fighting jury nullification in Schulte’s trial, with at least two jurors who were determined to acquit Schulte no matter what other jurors said. That may be a WikiLeaks thing (one that would be far less likely to happen if this were tried in EDVA, which is why Julian Assange says he can’t get a fair trial in EDVA). But it also may be the case that CIA’s hacking department doesn’t make a very sympathetic hacking victim.

The Roger Stone Prosecution Was One Step in an Ongoing Investigation

I’ve spent the last few days going through the warrants released the other day in detail. This post attempts to summarize what they show about the Stone investigation.

First, understand the scope of this release. According to a filing the government submitted a year ago, they considered the media request to apply to, “warrants to search Stone’s property and facilities [and] other warrants that were executed as part of the same line of investigation” obtained under both Rule 41 and Stored Communication Act.  It does not include warrants from other lines of investigation that happened to yield information on Stone. That said, there is good reason to believe there are either filings that were entirely withheld, or that DOJ’s interpretation of what constitutes the “same line of investigation” is fluid.

In his order to release the files, Judge Christopher Cooper said that the individual redactions hide, “the private information of non-parties, financial information, and non-public information concerning other pending criminal investigations.” In the hearing on the release, the media coalition suggested that people who had testified at Stone’s trial should not be protected under the guise of privacy, and that seems to have been the standard adopted on redactions of names. In general, then, this post assumes that the redaction of names (such as Ted Malloch) protects the privacy of people who did not testify at trial, but the redaction of entire paragraphs (such as 7 paragraphs of boilerplate describing why Malloch was suspected to be involved) was done to protect ongoing investigations. In the list of warrants below, I’ve marked with an asterisk those that — either because they weren’t for Stone’s property or because they didn’t yield evidence relevant to the the obstruction charges he was prosecuted for — were not provided to Stone in discovery; I’ve based that on the list in this order (see footnote 2).

This investigation may well have started as a box-checking exercise, effectively checking whether John Podesta’s allegations that Roger Stone had learned of the hack targeting Hillary’s campaign manager ahead of time. It appears that Mueller’s team slowly came to believe that Roger Stone had gotten advance notice — and possibly advanced possession — of the Podesta email drop. Along the way, it ruled out one after another theory of how he did so.

Two of the most fascinating applications — one pertaining to an Israeli contact and another regarding someone apparently introduced to Stone by Charles Ortel — seem to have fully (the Israeli lead) or partly (the Ortel one) fizzled. (I base that on whether communications described in the affidavits continue to show up in later applications and whether entire paragraphs remain redacted.)

But the government still seems to believe that Stone worked with Corsi and Malloch on these issues. The government is obviously still trying to figure out whether the rat-fuckers and hoaxsters managed to optimize the release of the Podesta emails on October 7, 2016 to drown out the Access Hollywood drop. Mueller’s uncertainty on this point is something explained in redacted sections of the Mueller Report.

Along the way, Mueller developed two side prongs to the investigation: an examination of how Stone used social media to advertise WikiLeaks documents (it’s likely that investigation came to include ads that may have replicated themes being pushed by Russia and may have involved improper collaboration with the campaign), and the obstruction and witness tampering investigation Stone was prosecuted for.

More interesting still, in fall 2018, Mueller’s team started pursuing several leads (including the Ortel one), most of which — if the rule that entirely redacted paragraphs reflect ongoing investigation — continue to be investigated. Indeed, it appears that the prosecution of Stone for obstruction served partly as a means to initiate a prosecution against him, possibly entice him to flip against Trump or others, but perhaps mainly to obtain Stone’s devices in an attempt to get texts from 2016 to 2017 he had deleted, as well as the content of the encrypted communications he had sent using those devices. That is, the search, arrest, and prosecution of Stone appears to have been just one step in an ongoing investigation, an investigation that may be targeting others (including Julian Assange).

Identify the Malloch and Corsi connection (May 2017 to July 2018)

From May (when Mueller’s team first obtained subscriber records on Stone’s Twitter account) until November 2017, the investigation may have been little more than an effort to assess the spat between Stone and John Podesta over Stone’s August 21, 2016 “time in the barrel tweet.” After the team obtained Stone’s Twitter accounts, they moved to obtain the email accounts on which he conducted conversations started on Twitter. In November, Mueller got a warrant for his own team to access Julian Assange’s Twitter accounts (though the government surely already had obtained that). By December, Stone’s email accounts would have led Mueller’s team to believe that Ted Malloch, who was in London, could have been the back channel Stone kept bragging about, and so got his Gmail account. Mueller gagged Google to prevent Malloch from learning that. As a result, Malloch was presumably surprised when he arrived at Logan airport in March and was searched — a search conducted to obtain his phones, partly in an attempt to get to his UK-hosted email.

After Steven Bannon was interviewed in February 2018, Mueller’s team used that to obtain Stone’s Apple account; while not indicated anywhere in these applications, that’s where they would discover Stone and Michael Caputo had responded to a Russian offering dirt on Hillary.

In July, Mueller’s team obtained Jerome Corsi’s email and Apple accounts (there’s no record of them obtaining his Gmail account, but Corsi’s description of Mueller’s knowledge of his August 2016 searches suggests they got it). These affidavits begin to include a 7-page redaction that may indicate ongoing investigation into whether Stone or Corsi optimized the October 7 Podesta email release.

In this phase, the crimes being investigated expanded from just hacking to conspiracy to aiding and abetting. When Mueller got the Assange warrant, he added the illegal  foreign contribution charge (one he declined to prosecute in a long redacted passage of the Mueller Report).

Collect materials on Stone’s overt social media campaigns (August 2018)

On May 18, 2018, Mueller’s team interviewed John Kakanis, who had worked on tech issues for Stone during the election. Afterwards, Mueller’s team obtained a series of warrants to collect the social media campaigns Stone had conducted on issues related to the Russian hack-and-leak. Those warrants included one for several Facebook accounts, a Gmail and Twitter account Stone used for such issues, and a Facebook and Gmail account under the Brazilian name Falo Memo Tio. Stone apparently did not receive the Facebook Falo Memo Tio account, and that warrant included a gag.

Track Stone’s efforts to obstruct the investigation (August 2018)

As Mueller’s team started interviewing people loyal to Stone, they became aware that Stone was communicating with witnesses. In May, Mueller obtained a pen register on Stone’s email accounts, allowing them to track with whom Stone was communicating. An August 3, 2018 warrant describes how investigators used those toll records to track such communications:

  • In the wake of Michael Caputo’s interview, he and Stone communicated via his Hotmail account (this would have been obvious from the story Stone seeded with the WaPo not long after)
  • After FBI Agents approached Andrew Miller, Stone emailed him via Gmail at least 10 times and a over a hundred times after he started challenging his subpoena
  • Stone emailed both Corsi and Credico in May 2018
  • Stone hired a private investigator to conduct a background investigation into someone who had done IT work for him during the campaign and research where he could serve Credico with legal process; in a June 2018 interview, the PI told investigators he and Stone primarily communicated via iPhone text messages

This affidavit included a section (¶¶64-77), based off texts with Credico stored in Stone’s iCloud account and texts published by the media, describing Stone’s threats to Credico.

In response to Stone’s overt efforts to thwart the investigation, Mueller obtained new warrants on Stone’s Hotmail, Gmail, and Apple accounts, which would yield a great deal of evidence for the obstruction and witness tampering charges against Stone. From this point forward, those charges would be included on warrants targeting Stone. In addition, from that point forward, the government appears to have sought to obtain Stone’s communications with those whose testimony he was obstructing (though the names of others besides Credico are redacted).

Starting with the next warrant, affidavits would include a section (¶¶87-89) comparing what Stone had told the House Intelligence Committee with what his own communication records showed, language that would form the backbone for the obstruction indictment.

Investigate the spooky stuff (May to August 2018)

There’s a number of things in these warrants that are difficult to assess. They didn’t show up in Stone’s trial, and it’s unclear whether they were leads that fizzled or reflect far more damning evidence. For example, the Israeli source who kept trying (and ultimately succeeded, once) to use Stone to get a meeting with Donald Trump doesn’t appear to have amounted to much, at least not with respect to the WikiLeaks releases.

A far more intriguing detail is the FBI claim — that lacks details that would be necessary to assess its accuracy — that Stone was searching for details of the Russian operation before those details were made public. The FBI made that claim twice. First, in a July 28, 2018 affidavit, they described that someone conducted searches on dcleaks and “guccifer june” using IP addresses that might be Stone, starting on May 17, 2016. The suggestion is that Stone may have had advance notice of those parts of the Russian operation. But some journalists learned of dcleaks after it got launched in early June and before it got more attention later in the summer. And the original Guccifer, Marcel Lazar, signed a plea agreement in late May 2016. Given Lazar’s claim to have hacked a Hillary server, it’s not unreasonable to think Stone would be researching him. A later warrant discusses someone — who again could be Stone — searching on Guccifer the day that the site would go up, but before it was public.

During the course of its investigation, the FBI has identified a series of searches that appear to relate to the persona Guccifer 2.0, which predate the public unveiling of that persona. In particular, on or about June 15, 2016 (prior to the publication of the Guccifer 2.0 WordPress blog), records from Google show that searches were conducted for the terms “guccifer” and “guccifer june,” from an IP address within the range 107. 77 .216.0/24.

The same rebuttal may be made — that this was about Marcel Lazar and not Guccifer 2.0. But evidence submitted at the trial suggests that Stone started anticipating the June 2016 dump on June 13, not June 15, making the claim more credible.

That July 28 warrant also describes several accounts that look like the FBI suspect Stone of sophisticated operational security. These include:

  • A Gmail account created on July 28, 2016 (right in the thick of Stone’s effort to find out what WikiLeaks had coming next) and used until July 5, 2017
  • A Gmail account created on October 26, 2016 and used until August 8, 2017
  • A Gmail account created on June 27, 2016 and used in conjunction with Craigslist to communicate

The latter effort may suggest some serious OpSec, a way for Stone to communicate publicly without using his own comms.

Finally, there are matching Gmail and Facebook accounts the government obtained warrants for on August 28, 2018. These were old accounts with the Brazilian name Falo Memo Tio. It appears the government was interested in activity on this account from the last four days before the election. They obtained a gag for the Facebook warrant.

Seal warrants investigating an Agent of Foreign Power (August to September 2018)

The government tried to obtain proof that it was Stone doing those searches on Guccifer — as well as evidence about whom he may have met with in early August 2016 when he told Sam Nunberg he had dined with Assange — by obtaining his cell site location for June 14 through November 15 of that year.

Minutes after FBI Agent Andrew Mitchell (who had been the primary affiant on Stone warrants starting in May 2018) obtained that cell site warrant, FBI Agent Patrick Myers obtained a warrant for a mail.com account that Guccifer 2.0 had created on July 23, 2016 and used until October 18, 2016 (the account kept receiving traffic until February 2017). There are several remarkable things about this warrant. While FBI Agents in San Francisco obtained a warrant for it in August 2016, and someone — possibly Mueller’s team — obtained the headers from the account in September 2017, the government had never before obtained a full warrant on the account for the entire span of its activity. So Myers, seven weeks after Mueller released an indictment against the GRU, obtained that information in hopes it would provide more information about how the Guccifer persona had shared files.

The other FBI Agents investigating Stone, to the extent they described such things, were located in either Washington Field Office or FBI Headquarters in DC. Myers, however, was stationed in Pittsburgh, where the investigation into GRU had been moved (they were also working on an indictment for GRU’s hacking of WADA).

Myers’ involvement with Stone extended beyond this curious warrant for Guccifer 2.0’s account. Over the course of the next month, he obtained warrants for:

  1. Stone’s Liquid Web server storing old communications
  2. A Twitter account obtained for redacted reasons
  3. Multiple Twitter accounts obtained for redacted reasons
  4. Multiple Facebook and Instagram accounts obtained for redacted reasons
  5. Multiple Microsoft and Skype accounts obtained for redacted reasons
  6. Multiple Google accounts obtained for redacted reasons
  7. A Twitter account for someone, probably referred by Charles Ortel, whose name ends in R and who traveled back and forth from the UK who Stone suggested, in October 2016, was his intermediary
  8. Multiple Google accounts obtained for redacted reasons

All those warrants save the Liquid Web one, as well as the Guccifer 2.0 account one, included a gag. One of those gag requests — for a warrant for some Twitter accounts — explains,

It does not appear that Stone is currently aware of the full nature and scope of the ongoing FBI investigation. Disclosure of this warrant to Stone could lead him to destroy evidence or notify others who may delete information relevant to the investigation.

Almost all of the warrants (not the R Apple one or the last Google one, though the R Apple one lists perjury) list FARA and 18 USC 951 (Agent of a Foreign Power) as crimes under investigation somewhere in the warrant, though often only in the gag request. To be clear, that doesn’t mean the FBI was investigating Stone as an Agent of a Foreign Power. The Guccifer 2.0 gag says FBI “is investigating WikiLeaks and others” for the listed crimes.

And those gags say the complexity of the investigation means it may extend more than a year from late September 2018. That is, in September 2018, the government took steps in an investigation they expected to last until around the time that Stone would eventually be tried, in November 2019.

Use the obstruction charges to seize Stone’s phones (January to February 2019)

The existence of those mystery warrants, none of which were provided to Stone in discovery and all but the R Apple one which appear to be ongoing, puts what happened in January 2019 in a very different light. At a time when Bill Barr promised to shut down the Mueller investigation as soon as he was confirmed yet while Mueller was still pursuing Andrew Miller’s testimony, the government obtained warrants to search Stone’s two homes, his office, and three devices seized in those searches (the affiants for those warrants had filed for earlier warrants in the investigation).

Unlike all the other warrants, those 2019 warrants listed only the obstruction, false statements, and witness tampering charges against Stone, largely tracking the indictment against him.

Those warrants emphasize the government’s interest in obtaining texts that might be accessed only via a forensic search of Stone’s phone, including texts sent via Apple, but also Signal, Wickr, and WhatsApp texts, as well as ProtonMail emails.

Which is to say, in the context of the warrants released this week, the prosecution of Roger Stone appears to be just one step in a far more serious investigation, one that may well be ongoing.


The warrants

August 7, 2017: Stone’s Twitter Accounts

This warrant only lists CFAA as the suspected crime, and doesn’t allege that Stone was the suspect in it. It also relies on Stone’s own public comments about DMing with Guccifer 2.0 rather than materials already obtained from the account, just the first of an insane number of instances where Stone’s comments to the press formed the basis for probable cause.

September 11, 2017: Stone’s Hotmail Account

When people DMed Stone, he’d refer them to this Hotmail account for further discussion. This affidavit incorporates DMs to Assange (including the June 10, 2017 one discussing a pardon) obtained with the August 7 warrant. It also describes investigating information to be used in the Republican primary. This warrant extended the timeframe of the Stone investigation back to January 1, 2015.

October 17, 2017: Stone’s Gmail

This warrant builds on emails between Corsi and Stone about getting the WikiLeaks releases — including Stone’s “get to Assange” one — to establish the probable cause to get Stone’s Gmail account. Because Corsi would sometimes discuss Podesta related business via both Stone’s Hotmail and Gmail accounts, Mueller’s team was able to get Stone’s Gmail account. This warrant makes it clear the investigation focused on Corsi and Stone’s evolving attacks against John Podesta (which I’ve covered in real time from early on) from the beginning. It also includes a detail about Malloch — that he made a reference in January 2017 about phishing Podesta — that almost certainly remains in the redacted sections pertaining to Malloch.

*November 6, 2017: WikiLeaks and Assange’s Twitter Accounts

This affidavit uses Assange’s DMs with Stone — including another one about a pardon and migration from the WikiLeaks to the Assange account– as well as his sharing of a password with Don Jr to get Mueller his own copy of the WikiLeaks and Assange Twitter accounts, which the government surely already had. The affidavit includes new details on initial communications between Guccifer 2.0 and WikiLeaks, some of which I laid out here. One detail that’s critical is WikiLeaks asked Guccifer 2.0 for Clinton Foundation documents from early on, meaning WikiLeaks and Trump’s people agreed about what they considered the best possible dirt.

*December 19, 2017: Ted Malloch’s Gmail

In addition to extra details about campaign communications (both between Stone and the campaign, and with Malloch and the campaign), this includes details of Turkish dirt Malloch was offering. It reveals that Stone got RNC credentials for Malloch (where, evidence suggests, Stone had meetings where upcoming releases may have been discussed). In addition, because Stone’s order to Corsi to reach out to Malloch is so important, this affidavit has previously unknown details about those days. The affidavit describes Malloch writing Stone on November 13, 2016 while with Jerome Corsi, a detail that may get redacted in subsequent affidavits.

This warrant included a gag on the provider.

This is the first application that introduces Stone, Corsi, and Malloch at the beginning of each affidavit, a practice that would generally continue (though some of these changes reflect different FBI agents writing the affidavit).

March 14, 2018: Two Apple Accounts used by Stone

In February, Steve Bannon was interviewed for two long days. He was asked questions and shared texts with Stone. This application uses some of what he testified about to justify getting Stone’s Apple accounts. Stone had his iCloud account set to full backup, but later warrants would make clear that he had deleted some of his texts from 2016 and 2017. Stone would later blame Sam Nunberg for revealing that he had claimed to have “dined” with Julian Assange while visiting Los Angeles in early August 2016, but this application began to incorporate that email into boilerplate application language (a footnote on what Nunberg told investigators about this is redacted in later warrants).

This application added wire fraud to Stone’s potential charges; it’s not at all clear why.

*March 27, 2018: Malloch’s person and his baggage

This warrant allowed the FBI to search Malloch as he landed in Logan airport. It incorporated details from Malloch’s Gmail obtained in December and was at least in part an effort to get to his UK-based email.

*May 4, 2018: Mystery Israeli Gmail

Over the course of the year, an Israeli exploited a seeming pre-existing relationship with Jerome Corsi to get close to Stone and through him to Trump. The person appeared to offer Stone dirt to save Trump (this story provides some background on potential players). Stone seems to have been reluctant to meet at multiple times, as when he said, in May 2016, “I am uncomfortable meeting without Jerry,” claimed, in June, “to have been poisoned,” in July, came down “with a nasty cold and too ill to travel,” followed later with, “I have pneumonia and may be hospitalized later today,” claimed, “Matters complicated” in August. When, in early November, they tried again, the Israeli deferred claiming, “HAVING a TIA. Early Stroke. … Blury Virson.” These exchanges never show up in later filings, so it’s quite likely Mueller determined they were nothing (or at least, that Stone and Corsi had done nothing wrong) after obtaining the emails. Alternately, a redaction in the affidavit may suggest the Israeli in question got referred and some kind of investigation is ongoing. This warrant included a gag on the provider.

*July 12, 2018: Jerome Corsi’s CSC Holdings, Windstream, and Apple accounts (second version)

This adds language about Russian hacking after the initial compromise (including the September hack of the AWS server). It includes 7 paragraphs of language from after the election that is redacted, possibly because it remains under investigation. This Stone filing describes four of those paragraphs as pertaining to Corsi taking credit for optimizing the Podesta release and Malloch introducing Corsi to Assange after the election (see this post). Some of the redactions (probably the Malloch introduction) repeats the “phishing Podesta” quip. This warrant included a gag on the provider. It limited the scope of the warrant to June 15 through November 10, 2016 and included only CFAA and conspiracy in the crimes being investigated.

July 27, 2018: Roger Stone’s OpSec emails

This warrant obtains the search histories for 3 Gmail accounts Roger Stone set up, possibly for OpSec purposes. They include:

  • Target Account 1 created on July 28, 2016 and used until July 5, 2017
  • Target Account 2 created on October 26, 2016 and used until August 8, 2017
  • Swash Buckler Account created on June 27, 2016 and used to communicate via Craigslist ads

Between May 17, 2016 and June 15, 2016, the affidavit suggests, Stone may have conducted Google searches for DCLeaks and Guccifer (which could be 1 or 2) prior to the publication of the Guccifer 2.0 blog. The FBI connected them to Stone via the IP addresses he used to access Twitter and Facebook, something they would continue to investigate. The affidavit also reveals that Stone deleted the search history for a different Google account between January 18 and July 23, 2016.

August 2, 2018: Roger Stone marketing Facebook accounts

This warrant gets three of Stone’s Facebook accounts, two of which include advertisements pertaining to WikiLeaks or Russia (the description of the third is redacted). Stone used this warrant when signaling to his co-conspirators what was in his warrants, so redacted details are available here. The biggest redaction for an ongoing investigation pertains to whether Corsi and Stone affected the release of the Podesta emails and Malloch offering to set Corsi up with Assange after the election.

August 3, 2018: Renewed warrants for Apple, Hotmail, and Gmail

Partly because the way Stone worked the press and aired the threats he had made against Randy Credico, it became clear he was tampering or comparing notes with witnesses (also including Jerome Corsi, Michael Caputo, and Andrew Miller, as well as one other witness that Stone hired a private investigator to investigate). That gave Mueller the excuse to get new warrants on Stone’s main email and text accounts to get those conversations. This request expanded the focus to include Credico and others (the names of the others are redacted but are likely those with whom Stone was trying to tamper). This warrant also adds obstruction and witness tampering to the crimes being investigated.

August 8: Warrants for a Gmail and Twitter account Stone used for social media campaigns (Twitter)

On May 18, 2018, Mueller’s team interviewed John Kakanis about work he did for Stone during the campaign. He described how Stone conducted social media campaigns — including materials relating to WikiLeaks and the Russian investigation — which both of these accounts played a role in.

August 20, 2018: Warrant for Stone’s cell site information from June 15 to November 15, 2016

Citing the searches probably made by Stone for Guccifer and dcleaks information before those accounts were made public, the government obtained cell site information for the period from the day that the Guccifer 2.0 account first started to a day the week after the election. The affidavit also explained wanting to know if Stone was with the Trump campaign at various times and where he was in Los Angeles when he told Sam Nunberg he had dined with Assange. Note, this affidavit suggests Stone did a Google search on “Guccifer” on June 15, 2016 before the site went up.

*August 20, 2018: Warrant for Guccifer 2.0’s second email account

The same day the government got a warrant to find out where Stone had been when during the election, they got a renewed warrant for one of the email accounts associated with the Guccifer 2.0 site. They had previously gotten everything from that email account in “approximately” August 2016, and then gotten headers for any emails sent in “approximately” September 2017. Getting the full content would give it additional details on any activity with the account between the original warrant — August 2016 — and the final login on October 18, 2016, as well as any email traffic subsequent to that. The stated purpose for obtaining this information was to “assist in identifying additional means by which Guccifer 2.0 shared stolen documents with WikiLeaks and others.” Patrick Myers, an FBI agent located in Pittsburgh (and therefore presumably someone more closely involved in the GRU investigation) obtained this warrant. This warrant included a gag on the provider. Parts of this warrant invoke 18 USC 951 — agent of a foreign power charges — in addition to the other crimes under investigation.

*August 28, 2018: Warrant for Stone’s Falo Memo Tio Facebook account

August 28, 2018: Warrant for Stone’s Falo Memo Gmail account

This incorporates details about Stone’s Facebook accounts used to push the hack-and-leak, found in the earlier August Facebook warrants. It seeks to obtain an old Stone Facebook account that got advertising traffic right before the election. These were Stone-specific warrants that was not turned over in discovery, suggesting it returned nothing pertaining to his prosecution. The Facebook warrant, but not the Gmail one, included a gag on the provider; it also was not included in the warrants provided to Stone in discovery.

August 28, 2018: Warrant for Stone’s [email protected] account

This email account–and the fact that he had been using it to tell his cover story about WikiLeaks–showed up in his Gmail account.

*September 24, 2018: Warrant for Stone’s Liquid Web server

This was a server Stone used to encrypt and back up his data in case the government seized his computers. It was not provided to Stone in discovery so may not have revealed any interesting information. This is the first of these affidavits written by Patrick Myers, an FBI agent located in Pittsburgh.

*September 26, 2018: Mystery Twitter Account

*September 27, 2018: Mystery Facebook and Instagram Accounts

*September 27, 2018: Mystery Microsoft include Skype

*September 27, 2018: Mystery Google

On September 26 and 27, Mueller’s team obtained a bunch of new warrants. All were obtained by Myers, the Pittsburgh FBI agent. All included gags on the provider. Most entirely redact the description of why the FBI needed the accounts, suggesting these investigations are ongoing. They also invoke 951 and FARA in the sealing request.

*September 27, 2018: Mystery Twitter Accounts 2

Like the other warrants obtained on September 27, the explanation for targeting these Twitter accounts is sealed. Like them, Myers obtained the warrant. Like those, it includes a request for sealing that lists 18 USC 951 — acting as an unregistered foreign agent — and FARA. Unlike the other warrants from that day, the justification for sealing this one explains that “It does not appear that Stone is fully aware of the full scope of the ongoing FBI investigation.”

*September 27, 2018: Mystery Apple ends in R

Then there’s another odd September 27 warrant application. Like the other warrants obtained on September 27, Myers wrote the affidavit for this one, and it included a gag. Unlike the others, however, the explanation for targeting this account is not entirely redacted. The affidavit explains that,

  • On August 17, 2016, someone (Charles Ortel?) introduced Stone and R
  • Between that introduction and November 3, 2016, Stone and R were in contact 60 times
  • On October 7, R and Stone spoke during the time between when WaPo alerted him to the Access Hollywood Video and the time it dropped
  • On October 10, R and Stone probably met for pizza on the Upper East Side
  • On October 12, Stone claimed that he had met his intermediary, who traveled back and forth to London, on October 10

The list of information targeted includes an additional name, probably that of Charles Ortel.

*October 5, 2018: Mystery Multiple Googles

Like the September 27 warrants, the explanation for targeting these accounts remains entirely redacted. Like them, the affidavit was written by Myers and sealed under a Kyle Freeny request. Unlike those, however, this one does not list 951 and FARA in the request to seal. This affidavit also does not include the contacts with “R” in the narrative about October 7, suggesting that lead may have fizzled.

January 24, 2019: Stone’s NY property

January 24, 2019: Stone’s FL property

January 24, 2019: Stone’s FL office

February 13, 2019: Three of Stone’s devices

The warrants for the searches in conjunction with Stone’s arrest on January 24 are fairly similar (one agent wrote the one in NY, another did the two in FL), except for the descriptions of the premises, facilitated by how much media Stone has done at these locations.

The affidavits themselves largely track the indictment, though showing where the government had sourced the evidence that ultimately got introduced at evidence at trial. The affidavits add people named in the indictment — Rick Gates, Steve Bannon, and Erik Prince (whose description is redacted) — premised on the import of proving that Stone had lied about telling these people about his purported link to WikiLeaks. As compared to the earlier warrants, these affidavits have a closer focus on the release (and reliance, exclusively, on the Crowdstrike and GRU indictment attribution, which is something Stone litigated and which I may return to).

These warrants make it clear that one of the things the government was doing was searching Stone’s homes for all his electronic devices in hopes of getting texts from 2016 to 2017 he deleted and his encrypted communications, which include:

  • WhatsApp, downloaded on October 5, 2016 to talk to Erik Prince
  • Signal and ProtonMail downloaded on August 18, 2016; Stone used Signal to talk to Margaret Kunstler
  • Wickr downloaded on August 5, 2017

Update: One detail I forgot to add about the 2019 search warrants: They explain that Stone responded to a grand jury subpoena in November 2018 asking for the texts he had with Credico, after he told the press — specifically, Chuck Ross, for a credulous story that spun Stone’s like — that his attorney had them. It’s one of the most hilarious ways that Stone’s blathering to the press hurt him.

Update: One more detail about the 2019 search warrants. The FBI was specifically looking for a “file booklet” recording a meeting Stone had with Trump at Trump Tower during the 2016 election.

60. On or about May 8, 2018, a law enforcement interview of [redacted] was conducted. [redacted] was an employee of Stone’s from approximately June 2016 through approximately December 2016 and resided in Stone’s previous New York apartment for a period of time. [redacted] provided information technology support for Stone but was not formally trained to do so. [redacted] was aware that Stone communicated with Trump during the 2016 presidential campaign, and afterward, both in person and by telephone. [redacted] provided information about a meeting at Trump Tower between Trump and Stone during the time [redacted] worked for him, to which Stone carried a “file booklet” with him. Stone told [redacted] the file booklet was important and no one should touch it. [redacted] also said Stone maintained the file booklet in his closet.

61. On or about December 3,2018, law enforcement conducted an interview of an individual (“Person 2”) who previously had a professional relationship with a reporter who provided Person 2 with information about Stone. The reporter relayed to Person 2 that in or around January and February 2016, Stone and Trump were in constant communication and that Stone kept contemporaneous notes of the conversations. Stone’s purpose in keeping notes was to later provide a “post mortem of what went wrong.”

On June 24, 2016, WikiLeaks DMed Guccifer 2.0 about Celebrating Brexit

Among the Roger Stone-related warrants released last night is one, dated November 6, 2017, that obtained the WikiLeaks and Julian Assange Twitter accounts.

On or about June 24, 2016, Guccifer 2.0 wrote to Target Account 1, “How can we chat? Do u have jabber or something like that?” I know from my training and experience that “Jabber” is an instant messaging service. Target Account 1 wrote back, “Yes, we have everything. We’ ve been busy celebrating Brexit. You can also email an encrypted message to [email protected] They key is here.” 1 A web link was attached to the message. I know from my training and experience that an encryption “key” is a string of information created for scrambling and unscrambling data.

On July 6 — the day when WikiLeaks asked for Hillary materials — Guccifer 2.0 bitched about WikiLeaks’ slow submission process and claimed to have sent Brexit-related documents days earlier.

On or about July 6, 2016, Guccifer 2.0 wrote to Target Account 1, “have u received my parcel?” Target Account 1 responded, “Not unless it was very recent. [we haven’t checked in 24h].”2 Guccifer 2.0 replied, “I sent it yesterday, an archive of about 1 gb. via [website link]. [A]nd check your email.” Target Account 1 wrote back, “Wil[l] check, thanks.” Guccifer 2.0 responded, ” let me know the results.” Target Account 1 wrote back, “Please don’t make anything you send to us public. It’s a lot of work to go through it and the impact is severely reduced if we are not the first to publish.” Guccifer 2.0 replied, “agreed. How much time will it take?” Target Account 1 responded, ” likely sometime today.” Guccifer 2.0 wrote back, “will u announce a publication? and what about 3 docs [I] sent u earlier?” Target Account 1 responded, ” I don’t believe we received them. Nothing on ‘Brexit’ for example.” Guccifer 2.0 wrote back, “wow. have you checked ur mail?” Target Account 1 replied, “At least not as of 4 days ago . . . . For security reasons mail cannot be checked for some hours.” Guccifer 2.0 wrote back, “fuck, [I] sent 4 docs on brexit on jun 29, an archive in gpg[.] ur submission form is too fucking slow, [I] spent the whole day uploading 1 gb.”

Later that day, amid an ongoing discussion about how to best target Clinton, including WikiLeaks’ request for Clinton Foundation documents, Guccifer 2.0 wrote back and claimed to have sent Brexit documents successfully.

On or about that same day, Guccifer 2.0 sent Target Account 1 a message reading, “sent brexit docs successfully.”

The affidavit, as whole, provides more details about how WikiLeaks and Guccifer 2.0 communicated. But it also suggests that, in addition to playing to their mutual loathing for Hillary Clinton, Guccifer 2.0 also tried to appeal to WikiLeaks’ claimed support for Brexit.

Seven Days after Julian Assange Helped Trump Win, Roger Stone Started Working on a Pardon

Last night, the government released a slew of warrants associated with but not limited to Roger Stone. I’ll have much more to say about them going forward. But I’d like to focus on what they say about discussions of a pardon for Julian Assange.

I have previously noted that there was an effort — including but not limited to Stone — to get Assange a pardon from 2017 through early 2018. Randy Credico’s sworn testimony at Stone’s trial made it clear this effort started in 2016 (which is one reason WikiLeaks’ efforts to pretend pardon discussions only occurred later in 2017 are so cynical). Indeed, Credico’s hope of getting a pardon for Assange is one of the reasons Stone’s threats against him worked as long as they did.

As a number of people have observed, the affidavits against Stone incorporate a paragraph explaining that, on June 10, 2017, Stone DMed Assange about a pardon.

On Saturday, June 10, 2017, @RogerJStoneJr sent a direct message to @JulianAssange, reading: “I am doing everything possible to address the issues at the highest level of Government. Fed treatment of you and WikiLeaks is an outrage. Must be circumspect as experience demonstrates it is monitored. Best regards R.”

But this effort started much earlier than that.

When Credico testified about introducing Stone to Kunstler in 2016 at trial (Stone would have known Kunstler was close to Credico because Credico bcc’ed Stone on an email he sent to the lawyer), he was vague about when that happened.

Q. What did you write to Mr. Stone on May 21st, 2018?

A. “Go right ahead. She’s not Assange’s lawyer.”

Q. I’m sorry. Below that. Let’s start at the first message, “You should have.” All the way at the bottom.

A. Where? Where am I? Here, “You should have.”

“You should have just been honest with the House Intel Committee. You’ve opened yourself up to perjury charges like an idiot. You have different versions. Maybe you need to get into rehab and get that memory straight.”

Q. What did Mr. Stone respond?

A. I don’t see it here.

Q. Just above that, do you see —

A. Oh, yes. “You are so full of S-H-I-T. You got nothing. Keep running your mouth and I’ll file a bar complaint against your friend Margaret.”

Q. And when he says “your friend Margaret,” who is he referring to?

A. Margaret Ratner Kunstler.

Q. Had you put Mr. Stone directly in touch with Ms. Kunstler after the election?

A. Yes, I did.

Q. And why had you done that?

A. Well, sometime after the election, he wanted me to contact Mrs. Kunstler. He called me up and said that he had spoken to Judge Napolitano about getting Julian Assange a pardon and needed to talk to Mrs. Kunstler about it. So I said, Okay. And I sat on it. And I told her–I told her–she didn’t act on it. And then, eventually, she did, and they had a conversation.

Credico didn’t even admit, at trial, that this happened before the end of 2016. But it appears to have started immediately after the election.

A warrant the government obtained to search the devices they seized when they searched Stone’s home reveals that on November 14, 2016, Stone switched from using an iPhone 5s to an iPhone 7.

The next day, Stone started communicating using Signal with Margaret Kunstler.

According to records from Stone’s iCloud account, a copy of the Signal application was downloaded to an iPhone registered to Stone on or about August 18, 2016. Additionally, text messages recovered from Stone’s iCloud account revealed that on or about November 15, 2016, Stone sent an attorney with the ability to contact Julian Assange a link to download the Signal application. 15 Approximately fifteen minutes after sending the link, Stone texted the attorney, “I’m on signal just dial my number.” The attorney responded, “I’ll call you.”

15 This attorney was a close friend of Credico’s and was the same friend Credico emailed on or about September 20, 2016 to pass along Stone’s request to Assange for emails connected to the allegations against then-candidate Clinton related to her service as Secretary of State.

Stone deleted a year of texts from this phone.

Finally, one more detail that’s in the generic affidavit. The investigation into Stone focused closely on whether, after getting a heads up from WaPo about the imminent Access Hollywood video story, Stone got WikiLeaks to drop the Podesta emails (Mueller’s team appears to have gotten an understanding of whether and how this happened in September 2018, which I’ll return to). Certainly, Steve Bannon gave Stone credit; his executive assistant, Alexandra Preate, commended Stone’s “well done” hours later.

What these warrants reveal, however, are that Stone had an unexpected lunch meeting with Trump the next day, October 8, 2016, that forced him to reschedule a meeting with Jerome Corsi.

On or about October 8, 2016, STONE, using Target Account 3, messaged CORSI, “Lunch postponed-have to go see T.” CORSI responded to STONE, “Ok. I understand.”

One of the things that Bill Barr’s DOJ has withheld thus far in the the release of Mueller-related 302s are the ones in which Mike Flynn explained that, in the wake of the Podesta release, the campaign considered reaching out to WikiLeaks.

The defendant also provided useful information concerning discussions within the campaign about WikiLeaks’ release of emails. WikiLeaks is an important subject of the SCO’s investigation because a Russian intelligence service used WikiLeaks to release emails the intelligence service stole during the 2016 presidential campaign. On July 22, 2016, WikiLeaks released emails stolen from the Democratic National Committee. Beginning on October 7, 2016, WikiLeaks released emails stolen from John Podesta, the chairman of Hillary Clinton’s 2016 presidential campaign. The defendant relayed to the government statements made in 2016 by senior campaign officials about WikiLeaks to which only a select few people were privy. For example, the defendant recalled conversations with senior campaign officials after the release of the Podesta emails, during which the prospect of reaching out to WikiLeaks was discussed.

Around the same time the campaign was having this discussion, then, Stone met personally with Trump.

So, yes, in June 2017 Stone DMed Assange about a pardon.

But more interesting is that the day after the Podesta releases, Stone met with Trump. And then, just days after Assange helped Trump win, Stone reached out to one of Assange’s lawyers.

Chelsea Manning’s Release May Not Be the End of Her Troubles

When I wrote this post noting that Judge Anthony Trenga had ordered Chelsea Manning be released, I admitted, I don’t know what it means. I was hoping that when her lawyers released a statement it would bring more clarity. But that statement — released hours after the release — offered no such clarity (though it does make it clear that right now her focus is on recovering from the suicide attempt and malign effects of incarceration, not any celebration of her freedom). It attributed her release to “the apparent conclusion” of the grand jury.

Judge Anthony Trenga today ordered Chelsea Manning’s release from confinement, after the apparent conclusion of the grand jury to which she had been subpoenaed, and before which she refused to testify. He further ordered that she pay $256,000 in fines which accrued each day she refused to cooperate with the grand jury.

Needless to say we are relieved and ask that you respect her privacy while she gets on her feet.

That tells us no more than Trenga’s opinion revealed and arguably shifts the emphasis from “the business of” the grand jury to the grand jury itself. There’s no reason to believe this grand jury expired (it was understood to be a newly seated one last May, which should mean it would have two more months). Rather, written two days after the grand jury appearance scheduled, Trenga’s opinion says the grand jury is done with whatever it was doing.

That’s one of the reasons I focused so closely on what prosecutors told Jeremy Hammond Tuesday, when he also refused to testify before the grand jury. They asserted that Julian Assange is a Russian spy.

“What could the United States government do that could get you to change your mind and obey the law here? Cause you know” — he basically says — “I know you think you’re doing the honorable thing here, you’re very smart, but Julian Assange, he’s not worth it for you, he’s not worth your sacrifice, you know he’s a Russian spy, you know.”

[snip]

He implied that all options are on the table, they could press for — he didn’t say it directly, but he said they could press for criminal contempt. … Then he implies that you could still look like you disobeyed but we could keep it a secret — “nobody has to know I just want to know about Julian Assange … I don’t know why you’re defending this guy, he’s a Russian spy. He fucking helped Trump win the election.”

Amid suggestions that prosecutors were considering further legal means against Hammond, one of them used the example of Bartleby the Scrivener — whose example Hammond had followed in the grand jury in preferring not to answer questions — to remind that refusing to answer questions led Bartleby to die in prison.

Let me be clear, I’m not saying I agree with that observation, nor am I ceding that prosecutors definitely have proof that Assange is a Russian spy. But unless you believe that Hammond entirely made up these two exchanges, then everyone on all sides of the WikiLeaks divide would do well to take note of it. Julian Assange’s prosecutors are asserting to a witness that he is a Russian spy, which is far more than they’ve put into any indictment, yet.

Hammond suggested that when prosecutors “implied that all options are on the table,” he took that to mean he might be held in criminal contempt. Manning’s camp was expressing similar concerns before the grand jury appointment on Tuesday, that they believed the government might respond to her bid to be released by ratcheting up her legal exposure. But if prosecutors really do believe Assange is a Russian spy, it would give them tools far beyond criminal contempt.

It is a crime by itself in the US to refuse to tell authorities about espionage. As Ron Wyden’s bill to fix the Espionage Act makes clear, prosecutors can charge someone under the Espionage Act for conspiracy, aiding and abetting, accessory after the fact, or misprision of a felony. Misprision is effectively not telling a court or other authority about what you know as soon as possible.

Whoever, having knowledge of the actual commission of a felony cognizable by a court of the United States, conceals and does not as soon as possible make known the same to some judge or other person in civil or military authority under the United States, shall be fined under this title or imprisoned not more than three years

And under the Espionage Act statute Assange has already been charged under as well as 18 USC § 794 (sharing defense information with a foreign government like Russia), such conspiracy language exposes the person found conspiring not to just three years, but to the same punishments as the person himself. If Julian Assange shared with Russia some of the information Manning shared with him, for example, that may expose her for his acts.

This is why I focused so intently on the language that prosecutors in the Joshua Schulte case were using, treating WikiLeaks as a criminal organization. If the federal government currently conceives of WikiLeaks in these terms, it means Hammond and Manning’s silence may expose them far more than they or their current advisors seem to be envisioning. And that was based off language describing WikiLeaks like an organized crime entity, not someone led by (as prosecutors claimed the other day) a Russian spy.

Again, I am not defending this stance. I’m not saying I agree with it. I’m making an observation that people on all sides of the WikiLeaks divide — but especially those caught in the spell of the lies that Assange’s people are telling to combat extradition — would do well to note.

The government is using language that is far, far more serious than virtually anyone seems to be accounting for, including Manning and Hammond. Prosecutors may well have been blowing smoke to try to cow Hammond into cooperating. Or they may have been putting Hammond on notice of the stakes he was facing.

Hours before She Attempted to Kill Herself, Prosecutors May Have Told Chelsea Manning that Julian Assange Is a Russian Spy

Back when the government first subpoenaed Chelsea Manning, I laid out why that was likely to be counterproductive.

[U]nless there’s a really good legal reason for the government to pursue its own of evolving theory of WikiLeaks’ activities, it doesn’t make sense to rush where former WikiLeaks supporters are headed on their own. In virtually all venues, activists’ reversed understanding of WikiLeaks is bound to have more credibility (and almost certainly more nuanced understanding) than anything the government can offer. Indeed, that would likely be especially true, internationally, in discussions of Assange’s asylum claim.

A charge against Assange in conjunction with Vault 7 or the 2016 election operation might accelerate that process, without foreclosing the government’s opportunity to present any evolved understanding of WikiLeaks’ role in the future (especially if tied to conspiracy charges including the 2016 and 2017 activities).

But getting into a subpoena fight with Chelsea Manning is likely to have the opposite effect.

That’s true, in part, because post-commutation a lot of people worry about the impact renewed pressure from the government against Manning will have, regardless of the legal soundness of it. The government wanted Aaron Swartz to become an informant when they ratcheted up the pressure on him between 2011 and 2013. They didn’t get that information. And his suicide has become a key symbol of the reasons to distrust law enforcement and its ham-handed legal tactics.

Yesterday, Manning tried to kill herself. While the statement released by her lawyers notes that she has a hearing tomorrow on whether she should be freed because no amount of coercion will make her cooperate with the grand jury, the statement is silent about the fact that she was brought before the grand jury yesterday, hours before the suicide attempt.

I know of no account of what happened in that grand jury appearance. But Jeremy Hammond was also brought before the grand jury in advance of a hearing, also on Friday, in a bid to be freed (in Hammond’s case, he’d be released back into federal prison to serve out his sentence for hacking Stratfor). He gave an account of the appearance in an interview yesterday (the part about the grand jury starts after 41:20). Hammond described how, before entering the grand jury, the prosecutor asked whether there was anything the government could do to get him to change his mind about not testifying.

“What could the United States government do that could get you to change your mind and obey the law here? Cause you know” — he basically says — “I know you think you’re doing the honorable thing here, you’re very smart, but Julian Assange, he’s not worth it for you, he’s not worth your sacrifice, you know he’s a Russian spy, you know.”

The questions he was asked in the grand jury were apparently no surprise: the prosecutor asked whether Assange asked Hammond to hack any websites. Hammond describes the questions as the same as were asked in his last appearance, in September. Because Hammond decided to answer in the same way Bartleby the Scrivener answered questions — by saying he preferred not to answer — the prosecutor afterwards tried to chat up Hammond about world literature. He even reminded that Bartleby died in prison. The prosecutor then repeated that Assange is a Russian spy.

He implied that all options are on the table, they could press for — he didn’t say it directly, but he said they could press for criminal contempt. … Then he implies that you could still look like you disobeyed but we could keep it a secret — “nobody has to know I just want to know about Julian Assange … I don’t know why you’re defending this guy, he’s a Russian spy. He fucking helped Trump win the election.”

Hammond asked why Assange wasn’t charged in the 2016 operation, and the prosecutor appears to have responded that the extradition would take a long time. One of the prosecutors reminded Hammond that one of his Anonymous co-defendants was now a professor in the UK. One asked whether Hammond would discuss Sabu, which surprised him. Hammond said that Sabu was the only one who asked him to hack into any websites. The FBI officer in the room pulled out a notebook and started taking notes.

There’s no indication that prosecutors said the same things to Manning as they did to Hammond, though this is the same grand jury and same prosecutors and both are obviously being asked about Assange.

Which means it is likely that hours before Manning attempted to kill herself, prosecutors tried to get her to answer questions about the man she sent entire databases of secrets to by claiming he is a Russian spy. They may well now have evidence of that — but if they used that tack, they were basically asking Manning to testify that the understanding she has of her own actions are entirely wrong and that the sacrifices she made were for a purpose other than the one she believed in.

Sadly, if Hammond is any indication, Manning is also getting a distorted view of the extradition fight over Assange. As I have noted, WikiLeaks supporters are telling at least three outright lies by:

  • Pretending that discussions of a pardon only started in August 2017, in exchange for testimony claiming that Russia didn’t hack the DNC, rather than started well before the FBI investigation into Trump’s campaign was public, as either an implicit or explicit payoff for election assistance
  • Claiming that Mike Pompeo’s designation of WikiLeaks as a non-state hostile intelligence agency was part of the larger attack on the press that formally started four months afterwards and presenting his claim that the First Amendment doesn’t protect someone stealing American secrets solely to destroy America out of context
  • Distorting the timing of UC Global’s increased surveillance of Assange to hide that it followed the Vault 7 publication

These are cynical, transparent lies being spread by a bunch of people claiming to support journalism. Probably, WikiLeaks supporters are also lying about how Assange repeatedly got tipped off to prosecutorial steps against him, presenting that as proof of Trump’s hostility against Assange.

Earlier in yesterday’s interview, Hammond adopted the distorted claim about Pompeo as “proof” that Assange’s prosecution is political and also that Trump has hostility to the guy who helped him get elected. I doubt whether having an accurate understanding of this would have changed Hammond’s decision not to testify, but he does, apparently, believe the lies.

And I doubt whatever prosecutors told Manning yesterday was the sole cause of yesterday’s attempt. Her attorneys had tried unsuccessfully to prevent yesterday’s testimony, which doesn’t make sense in the context of this week’s hearing unless they believed that even appearing before the grand jury would cause Manning a great deal of stress.

I have no idea what Assange’s relationship with Russia is — that’s presumably the entire point of the grand jury. There’s no doubt there were Russians in chat rooms where the Stratfor hack happened and that Assange was in discussions during the hacks. Obviously, Assange played a key role in the 2016 Russian operation as well as efforts after the fact to invent hoaxes to disclaim Russian involvement. And Joshua Schulte expressed (sometimes contradictory) willingness to seek Russian help after he allegedly sent CIA’s hacking tools to WikiLeaks.

But making such claims amid the stress of a grand jury appearance — if they, in fact, did so — isn’t going to help someone who has a history of self-harm.

When Julian Assange Testified before a Nation-State Investigation of a Suspected Spy…

Back on December 20, 2019, Julian Assange testified in a nation-state’s investigation of someone suspected of spying for another nation-state. He testified pursuant to international legal process that got challenged on jurisdictional grounds, but ultimately upheld. While El País provided a report of his testimony, the testimony itself was not open to the press.

As he testified, Chelsea Manning and Jeremy Hammond sat in jail in Alexandria, VA, being held in contempt for refusing to testify, under a grant of immunity, in their own nation-state’s investigation of someone suspected of working with the intelligence services of another nation-state. Related charges are being challenged on jurisdictional issues. Manning, at least, claims she won’t testify because any hearing — like the one Assange testified in — would not be public. Tomorrow, prosecutors in EDVA will bring Manning before the grand jury again, in a third attempt to get her to testify before a hearing on Friday over her motion to be released based on an assertion the coercion of contempt will never bring her to testify.

This is just one irony about the way WikiLeaks supporters are treating the investigation of David Morales, the owner of a security contractor that provided the security for Ecuador’s embassy until 2018. Morales is accused of spying for the CIA — that is, spying for a third country’s intelligence service.

There are some problems or obvious alternative explanations for the accusations against Morales, but even assuming the allegations are true, there is little that separates what Morales would have done from what Assange did on at least one occasion: work as a willing participant in a third country’s intelligence service operation compromising the privacy of private citizens. Indeed, there are allegations of Russian involvement in two other WikiLeaks-related publications: there were Russians active in Stratfor hack chat rooms, and Joshua Schulte allegedly expressed an interest in Russian help (though the allegations are contradictory and post-date the initial leak to WikiLeaks, which I’ll return to).

You might argue that Morales’ surveillance of Assange — on whoever’s authority — constituted a far more serious privacy violation than those WikiLeaks has committed by publishing the private emails of John Podesta and the private information of Turkish, Saudi, and third party citizens. That might be true in first instance, but since some of the people exposed by WikiLeaks’ publications live in authoritarian countries, the secondary effects of WikiLeaks’ publication of details about private individuals might not be.

(I have heard, directly and indirectly, multiple consistent allegations about WikiLeaks itself engaging in practices that constitute privacy violations of the sort implicated by the surveillance of Assange, but it would take a law enforcement investigation to substantiate such claims, most of the affected parties would never want to involve law enforcement, and some investigations would be barred by privilege protections.)

Ultimately, though, Spain’s investigation into UC Global is the same thing the US investigation into WikiLeaks is: a properly predicated nation-state investigation into someone suspected of engaging in espionage-related activities with a foreign intelligence service. There are legitimate reasons why those who respect privacy might support both investigations.

WikiLeaks supporters might argue that it’s different because it’s the United States. That’s a perfectly justifiable stance, but if it’s the basis of supporting one investigation and another, should be admitted explicitly. WikiLeaks supporters might argue it’s different because Assange is the alleged victim, but that doesn’t change that there are victims (and not just spy agencies) that the US is trying to protect with its investigation.

Manning and Hammond say they are refusing to testify because they object to American grand jury practices. That amounts to civil disobedience, which is certainly their prerogative. They are paying a steep price for that civil disobedience (as both already paid with their decisions not to cooperate after pleading guilty). But when WikiLeaks supporters complain about the treatment Manning is suffering for her stance, they might think about the fact that — when it came to testifying in an equivalent inquiry — Julian Assange had none of the objections to testifying.

How the Wyden/Khanna Espionage Act Fix Works (But Not for Julian Assange)

Last week, Ron Wyden and Ro Khanna released a bill that they say will eliminate much of the risk of prosecution that people without clearance would face under they Espionage Act. They claim the bill would limit the risk that:

  • Whistleblowers won’t be able to share information with appropriate authorities
  • Those appropriate authorities (including Congress) won’t be able to do anything with that information
  • National security journalists will be prosecuted for publishing classified information
  • Security researchers will be prosecuted for identifying and publishing vulnerabilities

I want to look at how the bill would do that. But I want to do so against the background of claims about how the bill would affect the ability to prosecute Julian Assange.

After explaining that under the bill Edward Snowden could still be prosecuted, the summary of the bill states in no uncertain terms that the government could still prosecute Julian Assange under the bill.

Q: How would this bill impact the government’s prosecution of Julian Assange?

A: The government would still be able to prosecute Julian Assange.

It doesn’t say how, but immediately after that question, it explains that the government could still prosecute hackers who steal government secrets.

Q: What about hackers who break into government systems and steal our secrets?

A: The Espionage Act is not necessary to punish hackers who break into U.S. government systems. Congress included a special espionage offense (U.S.C § 1030(a)(1)) in the Computer Fraud and Abuse Act, which specifically criminalizes this.

Khanna, in an interview with The Intercept, seems to confirm that explanation — that Assange could still be prosecuted under CFAA.

Khanna told The Intercept that the new bill wouldn’t stop the prosecution of Assange for his alleged role in hacking a government computer system, but would make it impossible for the government to use the Espionage Act to charge anyone solely for publishing classified information.

Indeed, that is sort of what Charge 18 against Assange is, conspiracy to commit computer intrusion, though, as written, it invokes the Espionage Act and theft of government secrets as part of the conspiracy (the Wyden/Khanna bill would limit the theft of government property bill in useful ways). Never mind that as charged it’s a weak charge for evidentiary reasons (though that may change in Assange’s May extradition hearing); it would still be available, if not provable given existing charged facts, under this bill.

But given the claims the US government makes about Assange, that may not be the only way he could be prosecuted under this bill. That’s because the bill works in two ways: first, by generally limiting its application to “covered persons,” who are people who’ve been authorized to access classified or national defense information by an Original Classification Authority. Then, it defines “foreign agent” using the definition in FISA (though carving out foreign political organizations) and says that anyone who is not a foreign agent “shall not be subject to prosecution” under the Espionage Act unless they commit a felony under the act — by aiding, abetting, or conspiring in the act — or pays for the information and wants to harm the US. The bill further carves out providing advice (for example, on operational security) or an electronic communication or remote computing service (such as a secure drop box) to the public.

So:

  • If you don’t have clearance or are sharing information not obtained illegally or via your clearance and
  • If you aren’t an agent of a foreign power and
  • If you’re not otherwise paying for, conspiring or aiding and abetting in some way beyond offering operational security and drop boxes with the specific intent to harm the US or help another government

Then you shouldn’t be prosecuted under the Espionage Act.

Below, I’ve written up how 18 USC §793 and 18 USC §798 would change under the bill, with changes italicized (18 USC §794 already includes the foreign government language added by this bill so would not change).

In the wake of the 2016 election operation, where Julian Assange helped a Russian operation hiding behind thin denials, Assange might well meet the definition of “foreign agent.” Three of WikiLeaks’ operations — the Stratfor hack (in which Russians were involved in the chat rooms), the 2016 election year operation, and Vault 7 (in which Joshua Schulte, between the initial leak and the alleged attempts to leak from jail, evinced an interest in Russia’s help) — involved some Russian activity.

And it’s not clear how Congress’ resolution — passed in last year’s NDAA — that WikiLeaks is a non-state hostile intelligence service often abetted by state actors would affect Assange’s potential treatment as a foreign agent.

It is the sense of Congress that WikiLeaks and the senior leadership of WikiLeaks resemble a nonstate hostile intelligence service often abetted by state actors and should be treated as such a service by the United States.

But even with all the new protections for those who don’t have clearance, this bill specifically envisions applying it to someone like Assange. That’s because it explicitly incorporates aiding and abetting (18 USC § 2) — which is how Assange is currently charged in Counts 2-14 — as well as accessory after the fact (18 USC § 3), and misprison of a felony (18 USC § 4) into the bill. That’s on top of the conspiracy to commit an offense against the US (18 USC § 371), which is already implicitly incorporated in 18 USC § 793(g), which is Count 1 in the Assange indictment. Arguably, explicitly adding the accessory after the fact and misprison of a felony would make it easier to prosecute Assange for assistance that WikiLeaks and associated entities routinely provide sources after the fact, such as publicity and legal representation, to say nothing of the help that Sarah Harrison gave Edward Snowden to flee to Russia.

And those charges don’t require someone formally fit the definition of agent of a foreign power so long as the person has “the specific intent to harm the national security of the United States or benefit any foreign government to the detriment of the United States.” (I’ve bolded this language below.) That’s a mens rea requirement that might otherwise be hard to meet — but not in the case of Assange, even before you get into any non-public statements the US government might have in hand.

This is a bill from Ron Wyden, remember. Back in 2017, when he first spoke out when SSCI first moved to declare WikiLeaks a non-state hostile intelligence service, he expressed concerns about the lack of clarity in such a designation.

I have reservations about Section 623, which establishes a Sense of Congress that WikiLeaks and the senior leadership of WikiLeaks resemble a non-state hostile intelligence service. The Committee’s bill offers no definition of “non-state hostile intelligence service” to clarify what this term is and is not. Section 623 also directs the United States to treat WikiLeaks as such a service, without offering further clarity.

To be clear, I am no supporter of WikiLeaks, and believe that the organization and its leadership have done considerable harm to this country. This issue needs to be addressed. However, the ambiguity in the bill is dangerous because it fails to draw a bright line between WikiLeaks and legitimate journalistic organizations that play a vital role in our democracy.

I supported efforts to remove this language in Committee and look forward to working with my colleagues as the bill proceeds to address my concerns.

While this bill does much to protect journalists (and in a way that doesn’t create a special class for journalists or InfoSec researchers that would violate the First Amendment), it provides the clarity that would enable charging Assange, even for things he did after the fact to encourage leakers.

Update: Two more points on this. First, as I understand it, the explicit references to 18 USC §§ 2-4 are designed to protect reporters, meaning the protections apply to those as well.

I also meant to note that the way this bill is written — which is clearly meant to allow for prosecution of people working at state-owned media outlets (Russia, China, and Iran all use their outlets as cover for spies) — would then by design not protect reporters at the BBC or Al Jazeera, both of which have done reporting on stories implicating US classified information in the past.


18 USC § 793

(a) Whoever, for the purpose of obtaining information respecting the national defense with intent or reason to believe that the information is to be used to the injury of the United States, or to the advantage of any foreign nation, goes upon, enters, flies over, or otherwise unlawfully obtains nonpublic information concerning any vessel, aircraft, work of defense, navy yard, naval station, submarine base, fueling station, fort, battery, torpedo station, dockyard, canal, railroad, arsenal, camp, factory, mine, telegraph, telephone, wireless, or signal station, building, office, research laboratory or station or other place connected with the national defense owned or constructed, or in progress of construction by the United States or under the control of the United States, or of any of its officers, departments, or agencies, or within the exclusive jurisdiction of the United States, or any place in which any vessel, aircraft, arms, munitions, or other materials or instruments for use in time of war are being made, prepared, repaired, stored, or are the subject of research or development, under any contract or agreement with the United States, or any department or agency thereof, or with any person on behalf of the United States, or otherwise on behalf of the United States, or any prohibited place so designated by the President by proclamation in time of war or in case of national emergency in which anything for the use of the Army, Navy, or Air Force is being prepared or constructed or stored, information as to which prohibited place the President has determined would be prejudicial to the national defense; or

(b) An individual who, while a covered person, for the purpose aforesaid, and with like intent or reason to believe, copies, takes, makes, or obtains, or attempts to copy, take, make, or obtain, any sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, document, writing, or note of anything connected with the national defense; or

(c) A foreign agent who, for the purpose aforesaid, and with like intent or reason to believe, receives or obtains or agrees or attempts to receive or obtain from any person, or from any source whatever, any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note, of anything connected with the national defense, knowing or having reason to believe, at the time the foreign agent receives or obtains, or agrees or attempts to receive or obtain it, that it has been or will be obtained, taken, made, or disposed of by any person contrary to the provisions of this chapter; or

(d) Whoever, lawfully having possession of, access to, control over, or being entrusted with any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note, or information relating to the national defense, which document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, note, or information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits or causes to be communicated, delivered, or transmitted or attempts to communicate, deliver, transmit or cause to be communicated, delivered or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it on demand to the officer or employee of the United States entitled to receive it; or

(e) An individual who—

(1) while a covered person, gains unauthorized possession of, access to, or control over any non public document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note of anything connected with the national defense; and

(2)(A) with reason to believe such information could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit, or cause to be communicated, delivered, or transmitted, the same to any person not entitled to receive it; or

(B) willfully—

(i) retains the same at an unauthorized location; and

(ii) fails to deliver the same to the officer or employee of the United States entitled to receive it; or’

(f) Whoever, being entrusted with or having lawful possession or control of any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance,  (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed, and fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer—

Shall be fined under this title or imprisoned not more than ten years, or both.

(g)(1) A foreign agent who—

(A) aids, abets, counsels, commands, induces, or procures the commission of an offense under this section shall be subject to prosecution under this section by virtue of section 2 of this title;

(B) knowing that an offense under this section has been committed by another person, receives, relieves, comforts, or assists such other person in order to hinder or prevent the apprehension, trial, or punishment of such other person shall be subject to prosecution under section 3 of this title;

(C) having knowledge of the actual commission of an offense under this section, conceals and does not as soon as possible make known the same to some judge or other person in civil or military authority under the United States shall be subject to prosecution under section 4 of this title; or

(D) conspires to commit an offense under this section shall be subject to prosecution under section 371 of this title.

(2) Any person who is not a foreign agent shall not be subject to prosecution under this section by virtue of section 2 of this title or under section 3, 4, or 371 of this 7 title, unless the person—

(A) commits a felony under Federal law in the course of committing an offense under this section (by virtue of section 2 of this title) or under section 3, 4, or 371 of this title;

(B) was a covered person at the time of the 13 offense; or

(C) subject to paragraph (3), directly and materially aids, or procures in exchange for anything of monetary value, the commission of an offense under this section with the specific intent to—

(i) harm the national security of the United States; or

(ii) benefit any foreign government to the detriment of the United States.

(3) Paragraph (2)(C) shall not apply to direct and material aid that consists of—

(A) counseling, education, or other speech activity; or

(B) providing an electronic communication service to the public or a remote computing service (as such terms are defined in section 2510 and 2711, respectively).

(h)

(1)Any person convicted of a violation of this section shall forfeit to the United States, irrespective of any provision of State law, any property constituting, or derived from, any proceeds the person obtained, directly or indirectly, from any foreign government, or any faction or party or military or naval force within a foreign country, whether recognized or unrecognized by the United States, as the result of such violation. For the purposes of this subsection, the term “State” includes a State of the United States, the District of Columbia, and any commonwealth, territory, or possession of the United States.

(2)The court, in imposing sentence on a defendant for a conviction of a violation of this section, shall order that the defendant forfeit to the United States all property described in paragraph (1) of this subsection.

(3)The provisions of subsections (b), (c), and (e) through (p) of section 413 of the Comprehensive Drug Abuse Prevention and Control Act of 1970 (21 U.S.C. 853(b), (c), and (e)–(p)) shall apply to—

(A)property subject to forfeiture under this subsection;

(B)any seizure or disposition of such property; and

(C)any administrative or judicial proceeding in relation to such property, if not inconsistent with this subsection.

(4)Notwithstanding section 524(c) of title 28, there shall be deposited in the Crime Victims Fund in the Treasury all amounts from the forfeiture of property under this subsection remaining after the payment of expenses for forfeiture and sale authorized by law.

(i) In this section—

(1) the term “covered person” means an individual who—

(A) receives official access to classified information granted by the United States Government;

(B) signs a nondisclosure agreement with regard to such classified information; and

(C) is authorized to receive documents, writings, code books, signal books, sketches, photographs, photographic negatives, blueprints, plans, maps, models, instruments, appliances, or notes of anything connected with the national defense by—

(i) by the President; or

(ii) the head of a department or agency of the United States Government which is expressly designated by the President to engage in activities relating to the national defense; and

(2) the term “foreign agent”—

(A) has the meaning given the term “agent of a foreign power” under section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801); and

(B) does not include a person who is an agent of a foreign power (as so defined) with respect to a foreign power described in section 101(a)(5) of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801(a)(5)).

18 USC §798

(a)Any individual who knowingly and willfully communicates, furnishes, transmits, or otherwise makes available to an unauthorized person, or publishes, or uses in any manner prejudicial to the safety or interest of the United States or for the benefit of any foreign government to the detriment of the United States any classified information obtained by the individual while the individual was a covered person and acting within the scope of his or her activities as a covered person

(1) concerning the nature, preparation, or use of any code, cipher, or cryptographic system of the United States or any foreign government; or

(2) concerning the design, construction, use, maintenance, or repair of any device, apparatus, or appliance used or prepared or planned for use by the United States or any foreign government for cryptographic or communication intelligence purposes; or

(3) concerning the communication intelligence activities of the United States or any foreign government; or

(4) obtained by the processes of communication intelligence from the communications of any foreign government, knowing the same to have been obtained by such processes—

Shall be fined under this title or imprisoned not more than ten years, or both.

(b)As used in subsection (a) of this section:

(1) The term ‘classified information’—

(A) means information which, at the time of a violation of this section, is known to the person violating this section to be, for reasons of national security, specifically designated by a United States Government Agency for limited or restricted dissemination or distribution and;

(B) does not include any information that is specifically designated as ‘Unclassified’ under any Executive Order, Act of Congress, or action by a committee of Congress in accordance with the rules of its House of Congress.

(2) The terms ‘code’, ‘cipher’, and ‘cryptographic system’ include in their meanings, in addition to their usual meanings, any method of secret writing and any mechanical or electrical device or method used for the purpose of disguising or concealing the contents, significance, or meanings of communications.

(3) The term “communication intelligence” means all procedures and methods used in the interception of communications and the obtaining of information from such communications by other than the intended recipients.

(4) The term ‘covered person’ means an individual who—

(A) receives official access to classified information granted by the United States Government;

(B) signs a nondisclosure agreement with regard to such classified information; and

(C) is authorized to receive information of the categories set forth in subsection (a) of this section—

(i) by the President; or

(ii) the head of a department or agency of the United States Government which is expressly designated by the President to engage in communication intelligence activities for the United States

(5) The term “foreign government” includes in its meaning any person or persons acting or purporting to act for or on behalf of any faction, party, department, agency, bureau, or military force of or within a foreign country, or for or on behalf of any government or any person or persons purporting to act as a government within a foreign country, whether or not such government is recognized by the United States.

(6) The term “unauthorized person” means any person who, or agency which, is not authorized to receive information of the categories set forth in sub10 section (a) of this section by—

(A) the President;

(B) the head of a department or agency of the United States Government which is expressly designated by the President to engage in communication intelligence activities for the United States; or

(C) an Act of Congress.

(c)Nothing in this section shall prohibit the furnishing of information to—

(1) any Member of the Senate or the House of Representatives;

(2) a Federal court, in accordance with such procedures as the court may establish;

(3) the inspector general of an element of the intelligence community (as defined in section 3 of the National Security Act of 1947 (50 U.S.C. 3003)), including the Inspector General of the Intelligence Community;

(4) the Chairman or a member of the Privacy and Civil Liberties Oversight Board or any employee of the Board designated by the Board, in accordance with such procedures as the Board may establish;

(5) the Chairman or a commissioner of the Federal Trade Commission or any employee of the Commission designated by the Commission, in accordance with such procedures as the Commission may establish;

(6) the Chairman or a commissioner of the Federal Communications Commission or any employee of the Commission designated by the Com2 mission, in accordance with such procedures as the Commission may establish; or

(7) any other person or entity authorized to receive disclosures containing classified information pursuant to any applicable law, regulation, or executive order regarding the protection of whistleblowers.

(d)

(1) In this subsection, the term ‘foreign agent’—

(A) has the meaning given the term “agent of a foreign power” under section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801); and

(B) does not include a person who is an agent of a foreign power (as so defined) with respect to a foreign power described in section 101(a)(5) of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801(a)(5)).

(2) A foreign agent who—

(A) aids, abets, counsels, commands, induces, or procures the commission of an offense under this section shall be subject to prosecution under this section by virtue of section 2 of this title;

(B) knowing that an offense under this section has been committed by another person, receives, relieves, comforts, or assists such other person in order to hinder or prevent the apprehension, trial, or punishment of such other person shall be subject to prosecution under section 3 of this title;

(C) having knowledge of the actual commission of an offense under this section, conceals and does not as soon as possible make known the same to some judge or other person in civil or military authority under the United States shall be subject to  prosecution under section 4 of this title; or

(D) conspires to commit an offense under this section shall be subject to prosecution under section 371 of this title.

(3) Any person who is not a foreign agent shall not be subject to prosecution under this section by virtue of section 2 of this title or under section 3, 4, or 371 of this title, unless the person—

(A) commits a felony under Federal law in the course of committing an offense under this section (by virtue of section 2 of this title) or under section 3, 4, or 371 of this title;

(B) was a covered person at the time of the offense; or

(C) subject to paragraph (4), directly and materially aids, or procures in exchange for anything of monetary value, the commission of an offense under this section with the specific intent to—

(i) harm the national security of the United States; or

(ii) benefit any foreign government to the detriment of the United States.

(4) Paragraph (3)(C) shall not apply to direct and material aid that consists of—

(A) counseling, education, or other speech activity; or

(B) providing an electronic communication service to the public or a remote computing service (as such terms are defined in section 2510 and 2711, respectively)

(e)

(1)Any person convicted of a violation of this section shall forfeit to the United States irrespective of any provision of State law—

(A)any property constituting, or derived from, any proceeds the person obtained, directly or indirectly, as the result of such violation; and

(B)any of the person’s property used, or intended to be used, in any manner or part, to commit, or to facilitate the commission of, such violation.

(2)The court, in imposing sentence on a defendant for a conviction of a violation of this section, shall order that the defendant forfeit to the United States all property described in paragraph (1).

(3)Except as provided in paragraph (4), the provisions of subsections (b), (c), and (e) through (p) of section 413 of the Comprehensive Drug Abuse Prevention and Control Act of 1970 (21 U.S.C. 853(b), (c), and (e)–(p)), shall apply to

(A)property subject to forfeiture under this subsection;

(B)any seizure or disposition of such property; and

(C)any administrative or judicial proceeding in relation to such property,
if not inconsistent with this subsection.

(4)Notwithstanding section 524(c) of title 28, there shall be deposited in the Crime Victims Fund established under section 1402 of the Victims of Crime Act of 1984 (42 U.S.C. 10601) [1] all amounts from the forfeiture of property under this subsection remaining after the payment of expenses for forfeiture and sale authorized by law.

(5)As used in this subsection, the term “State” means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any territory or possession of the United States.

The State of Play: Joshua Schulte and Julian Assange

Last year, it looked like the Joshua Schulte trial, rescheduled in the fall to start January 13, would be done before the extradition hearing for Julian Assange started. Two things changed since then: Schulte got a delay until February 3, and then last month, Assange convinced Judge Vanessa Baraitser to split his extradition hearing into two, the first part lasting a week starting Monday, and then resuming on May 18 for three more weeks.

As a result, both men are in court during the same week, intersecting in interesting ways.

Thus far, Assange’s argument is threefold:

  1. His prosecution is hopelessly political, merely retaliation by the hated President that Assange helped elect, Donald Trump
  2. The evidence in the case against Assange is so weak as to be abusive
  3. A person cannot be extradited for political crimes like the Espionage Act

The first argument is a load of horseshit covering up the fact that the timing of the treatment of WikiLeaks as a non-state hostile intelligence service, the increased surveillance of Assange, and the initial December 21, 2017 charge all stem from WikiLeaks’ burning the CIA by publishing all its hacking tools. It’s horseshit, but it garners a lot of enthusiasm among WikiLeaks supporters who like to conveniently forget that, whatever Assange’s motivations were in 2010 (when he engaged in the acts he is charged with), he nevertheless helped Russia help Trump get elected. That said, even though the claims about what changed in 2017 are horseshit, it doesn’t change that the existing charges against Assange pose a real danger to journalism.

The second argument is far stronger. For each of the theories of prosecution under which Assange is charged — attempting to help Chelsea Manning crack a password, soliciting certain files via WikiLeaks’ wish list, and publishing a bunch of files in which the names of US and British sources were later revealed — Assange has at least a credible defense. Assange never succeeded, and could not have succeeded, in cracking that password. Manning didn’t leak the precise files that WikiLeaks had on its wish list (though did leak some of the same sets). WikiLeaks originally went to some effort to redact the names of sources, only to have a Guardian journalist release the password revealing them. Mind you, the extradition hearing is not the trial itself, so for these defenses to be relevant, WikiLeaks has to prove that the case against Assange is abusively weak.

The third argument, which is being argued today, is a more interesting legal question. Assange claims that the existing Anglo-US extradition treaty, passed in 2003, still prohibits extradition for political offenses like theEspionage Act. The US argues that Assange’s extradition is governed by the Extradition Act of 2003, which did not include such a bar (and also disagrees that these are political crimes). The lawyers are even arguing about the Magna Carta! Judge Vanessa Baraitser seems inclined to side with the US on this point, but the question will surely be appealed. Mind you, one of the charges against Assange, CFAA, is in no way a political offense, and the UK has not barred its own citizens, much less foreign citizens hanging out in foreign embassies, from being extradited on the charge (though several hackers, most recently Lauri Love, have challenged their extradition to the US for CFAA on other grounds).

Yesterday, Assange’s defense spent a good deal of time making the second argument. The US didn’t respond. Rather, it said it would deal with those issues in the May hearing.

Meanwhile, the Schulte trial is wrapping up, with Schulte doing little to mount a defense, but instead preparing an appeal. Yesterday, Schulte asked that an instruction on the defendant not testifying be added to the jury instructions (normally, these are included from the start, but Schulte has been claiming he would testify all this time). Today, Schulte told the court that Steve Bellovin won’t testify because he never got access to all the data Judge Paul Crotty ruled he couldn’t have access to (not mentioning, however, that the restrictions stemmed from Crotty’s own CIPA judgment).

I’m still unclear on the status of the witness, Michael. Schulte is trying to submit his CIA investigative report in lieu of finishing cross-examination (which is where things had left off). But it still seems possible that Crotty would require his testimony to be resumed, giving the government another opportunity to redirect his testimony. This is all likely happening today, but given that there’s so little coverage of the trial, we won’t know until Thursday.

Before all this happened, however, the jailhouse informant provided very damning testimony against Schulte, not only describing how Schulte obtained a phone (swapping an iPhone for a Samsung that he could load all the apps he wanted on it), but also claiming that Schulte said, “Russia had to help him with what he was doing,” launching an information war.” I had learned of similar allegations of ties or willingness to forge them with Russia via several sources in the past. And Schulte’s own jailroom notebooks include hints of the same, such as a bullet point describing how Russia could help the US “destroy itself.”

And his final plan — which the informant alerted his handlers to just before Schulte launched it — included some “Russia pieces.”

As part of the same plan to get fellow SysAdmins to leak all their secrets to WikiLeaks, then, Joshua Schulte was also hoping to encourage Russia to attack the US.

I’ve long said the Vault 7 case, if it were ever added to Julian Assange’s charges (including an extortion charge, which would also not be a political crime), would be far more damning and defensible than the ones currently charged. Filings from November suggested that the government had come to think of Schulte’s leaks to WikiLeaks as the last overt act in an ongoing conspiracy against the United States.

And by 2018, Schulte had come to see leaking to WikiLeaks as part of the same plan encouraging Russian attacks on the US, precisely the allegation WikiLeaks has spent years trying to deny, especially in the wake of Assange’s cooperation in Russia’s election year operation.

It’s not clear whether the US will add any evidence to the original 2010 charges against Assange before May (though Alexa O’Brien has pointed to where additional evidence might be), but the statement they’re waiting until then to rebut the solid defense that WikiLeaks is now offering suggests they might. That might reflect a hope that more coercion against Chelsea Manning will produce that additional evidence (she has renewed her bid to be released, arguing that such coercion has obviously failed). Or it might suggest they’ve got plans to lay out a broader conspiracy if and when Schulte is convicted.

Assange’s lawyers pushed for the delay to May in the first place. If the US government uses the extra time to add charges related to Vault 7, though, the delay may make a significant difference in the posture of the case.

Hot and Cold Running Mike Pompeo and Other Ridiculous WikiLeaks Defense Claims

Today is the first day of Julian Assange’s fight to avoid extradition. In addition to legitimate First Amendment concerns about extraditing Assange on the charges as written, Assange is challenging the extradition with some very selective story-telling to pretend that he’s being prosecuted for political reasons.

For example, WikiLeaks is pointing to the Dana Rohrabacher pardon discussion in August 2017 to suggest that Trump was extorting Assange, demanding he provide certain details about the 2016 hack (details that are consistent with the lies that Assange told consistently about Russia’s role in the hack-and-leak) or else he would prosecute him. Unsurprisingly, WikiLeaks did not mention that discussions of a pardon started at least as early as December 2016 as payback for his role in the election, and continued in February 2017 as Assange tried to use the Vault 7 files to extort a pardon. If you can believe Roger Stone, pardon discussions continued even after DOJ first charged Assange in December 2017until early January 2018 (though that may have been an attempt to silence Randy Credico and thereby keep details of what really happened in 2016 secret).

WikiLeaks is also misrepresenting the timing of the increased surveillance by UC Global in December 2017 to suggest Assange was always being surveilled that heavily.

I will pass over the intervening period during which Julian Assange continued to have his conversations with his lawyers and family constantly monitored and recorded by a private agency acting on the instructions of US intelligence and for their benefit.

As slides from Andrew Müller-Maguhn make clear, the surveillance only began to really ratchet up in December 2017, after Assange had helped Joshua Schulte burn CIA to the ground (and at a time when WikiLeaks remained in communication with Schulte).

Assange’s team then mis-states when Trump’s war on journalists began, suggesting it preceded the April 2017 targeting of Assange, rather than came in August 2017.

That temporal slight is necessary because Assange’s team is claiming that Mike Pompeo decided to attack WikiLeaks in April 2017 out of the blue, out of some kind of retaliation.

That is why the prosecution of Mr. Assange, based on no new evidence, was now pursued and advocated by the Trump administration, led by spokesman such as Mike Pompeo of the CIA and Attorney General Sessions. They began by denouncing him in April 2017. I refer you to the following:

i. Firstly, the statements of Mr. Pompeo, as director of the CIA, on 13 April 2017, denouncing Julian Assange and WikiLeaks as “a non-state hostile intelligence agency“. [Feldstein, tab 18, p19 and K10] On the same occasion, Pompeo also stated that Julian Assange as a foreigner had no First Amendment rights (See Guardian article, bundle K)

ii. Then there was the political statement of Attorney General Sessions on 20 April 2017 that the arrest of Julian Assange was now a priority and that ‘if a case can be made, we will seek to put some people in jail‘ [Feldstein quoting Washington Post article of Ellen Nakashima, tab 18, at page 19]

That’s thoroughly absurd. Pompeo’s speech was entirely about CIA’s response to have been burned to the ground by WikiLeaks. This passage makes clear that, in his prepared speech at least, Pompeo’s comments about the First Amendment don’t pertain to him being a foreigner at all (I’m going to pull the video).

No, Julian Assange and his kind are not the slightest bit interested in improving civil liberties or enhancing personal freedom. They have pretended that America’s First Amendment freedoms shield them from justice. They may have believed that, but they are wrong.

[snip]

Third, we have to recognize that we can no longer allow Assange and his colleagues the latitude to use free speech values against us. To give them the space to crush us with misappropriated secrets is a perversion of what our great Constitution stands for. It ends now.

Here’s what he said in questions:

DIRECTOR POMPEO: Yeah, First Amendment freedoms. What I was speaking to there was, as – was a little less constitutional law and a lot more of a philosophical understanding. Julian Assange has no First Amendment freedoms. He’s sitting in an embassy in London. He’s not a U.S. citizen. So I wasn’t speaking to our Constitution.

What I was speaking to is an understanding that these are not reporters don’t good work to try to keep you – the American government honest. These are people who are actively recruiting agents to steal American secrets with the sole intent of destroying the American way of life. That is fundamentally different than a First Amendment activity, as I understand them, and I think as most Americans understand them. So that’s what I was really getting to.

We’ve had administrations before that have been squeamish about going after these folks under some concept of this right-to-publish. No one has the right to actively engage in the threat of secrets from America with the intent to do harm to it.

Mike Pompeo is and always will be a problematic figure to make this argument.

But all the evidence shows that Assange’s surveillance and prosecution arose in response to the Vault 7 leaks, not Trump innate hatred for journalists.

Update: Here are the Prosecution’s Opening Statement and Skeleton Argument.