Posts

Roger Stone Once Again Limits His Denials

In addition to the government showing that Roger Stone is a disorganized crime figure the other day, Roger Stone submitted a curious filing of his own, in yet another apparent attempt to feed denialist propaganda.

A week earlier, the government made a detailed argument that Stone, in his sustained bid to make his trial an attempt to challenge the government evidence that Russia hacked the DNC, misunderstood what the case was about. All that matters, the government argues, is whether Stone’s lies materially affected the House Intelligence investigation into the Russian tampering.

Stone’s false statements also had a natural tendency to (and in fact did) affect HPSCI’s investigative steps, priorities, and direction—regardless of Russia’s 2016 activities. See United States v. Safavian, 649 F.3d 688, 691-92 (D.C. Cir. 2011) (statements material if they “were capable of influencing the course of the FBI’s investigation”). For example, HPSCI did not subpoena the written communications that Stone claimed not to exist, and HPSCI did not investigate the other intermediary (Person 1) when Stone claimed that Person 2 was his sole intermediary. Moreover, Organization 1’s activities and coordination with Stone were relevant to evaluating the Intelligence Community’s work, to assessing any risks that Organization 1 may pose, and to considering any future actions that should be taken to deter coordination with state and non-state actors seeking to influence American elections. None of these understandings of materiality depends in any way on whether Russia in fact participated in the hacks or transmitted the hacked materials to Organization 1, and therefore Stone’s evidence on that subject is not relevant to the materiality inquiry.4

As part of that discussion, in a footnote, they engage in some counterfactuals to show how, even if some alternative scenarios, including the main one suggested by Stone, were true, his lies would still be material.

4 Even under Stone’s crabbed view of materiality and HPSCI’s investigation, Stone’s statements were still material, regardless of Russia’s exact role. Stone now primarily focuses only on evidence about whether Russia transferred the stolen files. But even if Organization 1 received the files elsewhere, it does not follow that Organization 1 has no connection to Russia’s election interference. For example, Organization 1 could theoretically have received the files from someone who received them from Russia; Russia could theoretically have coordinated its other election interference activities with Organization 1’s posting of stolen documents even if Russia was not Organization 1’s source; and individuals associated with the Trump Campaign could theoretically have played a role coordinating the two. Under any view, Stone’s communications with and about Organization 1 were material, regardless of Russia’s exact role.

As you read this “theoretical” scenario, remember that the campaign considered reaching out to WikiLeaks after the John Podesta files got released. And Roger Stone was — at least in 2018 — among those Trump flunkies who were trying to get Julian Assange a pardon.

The government presents this as theoretical, but it demonstrates, correctly, that WikiLeaks’ role in the operation matters whether or not the person who dealt them one or another set of files was a Russian intelligence officer.

Stone spends much of his response claiming (nonsensically) that because the government wants to introduce a Julian Assange video to establish dates for the public record surrounding certain details (in that case, when it was publicly knowable that WikiLeaks would release more files), it makes the issue of how Russia got the files to WikiLeaks central. In the hands of better lawyers — or at least, lawyers who weren’t playing for a pardon — this argument might have merit. In Stone’s case it doesn’t, in part because he failed to describe what evidence he wanted to introduce, and in part because he doesn’t understand what files Bill Binney, one of his intended witnesses, is talking about (they’re not the John Podesta emails, and so are irrelevant to Stone’s lies).

The government objects to Roger Stone presenting two witnesses who will testify, and demonstrate, that WikiLeaks did not receive the relevant DNC and DCCC data from the Russian state. That evidence will establish that the relevant data was “leaked” to WikiLeaks, not transferred to WikiLeaks by the Russian State. The government claims such evidence will be irrelevant, unfairly prejudicial, and cause delay and would turn the subject matter into a “mini-trial.” The government states: “If a person chooses to make false statements to the government, he or she takes the risk that the false statement is material.” (Motion at 14). But, the government takes the same risk: that the alleged false statements might be deemed immaterial by the jury. 1

Stone should be permitted to present evidence that his answers did not materially affect the congressional investigation because the Indictment makes clear that the investigation was of a “Russian state hack.”

But along the way, Stone includes his own footnote where he (perhaps in an effort to present a quote that denialists like Aaron Maté can quote without context, as Maté has done repeatedly as the useful idiot of both Stone and Concord Management) misrepresents the government’s theoretical as instead genuine curiosity.

1 The government wonders if the Russian state hacked and stole the relevant data and then someone else coordinated the delivery of the data to WikiLeaks. See Dkt. #172 n. 4. The government, nor the Mueller report proved or disproved this scenario. But if WikiLeaks did not receive the data from the Russian state then Stone’s communications with WikiLeaks were immaterial.

Stone is absolutely right that the government doesn’t prove or disprove this scenario. The Mueller Report notes explicitly that,

The Office cannot rule out that stolen documents were transferred to WikiLeaks through intermediaries who visited during the summer of 2016. For example, public reporting identified Andrew Müller-Maguhn as a WikiLeaks associate who may have assisted with the transfer of these stolen documents to WikiLeaks.

The prosecutors in his case aren’t tasked with answering that question. Indeed, if pressed, they could argue that Stone’s lies might well have served to hide firsthand knowledge of how the Podesta emails did get to WikiLeaks, which would make them even more material.

From a legal standpoint, Stone’s argument is unlikely to work, even if it were argued with more legal rigor.

What I’m interested in, however, is how Stone homes in on just one part of the scenario, the hand-off of files to WikiLeaks. The government actually laid out three parts to its theoretical: WikiLeaks got the files stolen by Russia from a cut-out, but also coordinated with Russia on “other election interference activities,” and individuals associated with the Trump campaign played a role coordinating the handoff of the files and WikiLeaks’ other coordination with Russia.

  • Organization 1 could theoretically have received the files from someone who received them from Russia;
  • Russia could theoretically have coordinated its other election interference activities with Organization 1’s posting of stolen documents even if Russia was not Organization 1’s source;
  • Individuals associated with the Trump Campaign could theoretically have played a role coordinating the two.

It’s a series of tantalizing hypotheticals! And while the first two (the second of which is pretty oblique) could independently be true, the last one implies the two would not be independent, but that, instead, someone “associated” with the Trump campaign coordinated the first two steps.

But of course, the government presents all this as a theoretical possibility, not (as Stone falsely claims) as a question they’re seeking, here, to answer.

Stone, however, only deals with the first part of that scenario: “the Russian state hacked and stole the relevant data and then someone else coordinated the delivery of the data to WikiLeaks.” He doesn’t address the possibility that WikiLeaks had some other kind of role. And he definitely doesn’t address the possibility that someone “associated” with the Trump campaign had a role in coordinating the two. In a gesture towards addressing a government hypothetical (in part) that some individual associated with the Trump campaign might have coordinated other election year activities, Stone suggests that the only way the communications of a Trump associate with WikiLeaks would be material would be if the communications involved actual transfer of emails.

This is something Stone has long been doing — making narrowly tailored denials that don’t address some tantalizing possibilities: in this case, that Stone had a role arranging something else with WikiLeaks.

And all the while, Stone drops a suggestion that overstates the uncertainty of what the government knows.

DOJ Says It Never Offered Accused Vault 7 Leaker Joshua Schulte a Plea Deal

As the Joshua Schulte prosecution has inched along against the backdrop of the Julian Assange indictment, I’ve heard chatter about his plans: that the two sides might prosecute the child porn charges and leave the leak untried; that the government was trying to get him to cooperate against Assange.

In the former case, the opposite now seems more likely. Last week, Judge Paul Crotty granted Schulte’s motion to sever his child porn and copyright charges from his Espionage ones. But the minute order states that the Espionage charges will be tried first, in November, with the child porn charges tried some time after that. That’s true, even though the Espionage charges are far more complex to try than the child porn ones. If the government wanted to use the child porn charges to put Schulte away indefinitely and avoid the difficulties of an Espionage trial, they’d try those first. (Update: at the hearing where this was decided, the defense said they wanted the Espionage trial to go first, and all other parties agreed.)

As to the latter, Schulte himself has sown the belief he was being offered a plea deal. In one version of his “Presumption of Innocence” blog, for example, he claimed (falsely, given the warrants he himself released) the government never obtained any evidence implicating him in the leak, and was just pursuing the child pornography charges to “break” him so he’ll cooperate against WikiLeaks.

I’m arrested and charged with a crime that had nothing to do with the initial search warrant and that I was completely innocent. The U.S. Attorney unethically and immorally misleads the court regarding what the initial investigation was about, when they found the illicit materials, and the fact that they did not think I was involved for 5 months until their initial investigation came up empty. I’m denied bail and thrown into prison immediately and they use the situation as leverage telling my attorney every day that he can make this huge embarrassment and misunderstanding all go away if only I would agree to cooperate on the WikiLeaks investigation and admit to it. They admit, unabashedly that these entire charges are nothing more than a ruse, an attempt at leverage to break me.

A version of this claim was repeated in a piece the Intercept did yesterday claiming to track how (a select group of) leakers got identified by the FBI.

Of the four Espionage Act cases based on alleged leaks in the Trump era, the most unusual concerned Joshua Schulte, a former CIA software developer accused of leaking CIA documents and hacking tools known as the Vault 7 disclosures to WikiLeaks. Schulte’s case is different from the others because, after the FBI confiscated his desktop computer, phone, and other devices in a March 2017 raid, the government allegedly discovered over 10,000 images depicting child sexual abuse on his computer, as well as a file and chat server he ran that included logs of him discussing child sexual abuse images and screenshots of him using racist slurs. Prosecutors initially charged Schulte with several counts related to child pornography and later with sexual assault in a separate case, based on evidence from his phone. Only in June 2018, in a superseding indictment, did the government finally charge him under the Espionage Act for leaking the hacking tools. He has pleaded not guilty to all charges.

Schulte was identified as the suspect just like all the other people profiled in the story were: because he was one of the few people who had access to the files that got leaked and his Google searches mapped out a damning pattern of research involving the leak, among other things. In his case, WikiLeaks itself did several things to add to the evidence he was the source. It is true that Schulte was charged with the porn charges first and that it took 15 months for the government to ultimately charge the leak, but the theory of Schulte’s role in the leak has remained largely unchanged since a week after the first files were dropped.

Schulte again suggested he might get a plea deal in his lawsuit against then Attorney General Jeff Sessions for imposing Special Administrative Measures against him when he raised 5K1 letters that might allow someone to avoid mandatory minimum sentencing.

But in last week’s opposition to Schulte’s motion to suppress most of the warrants against him — including some on the grounds that they relied on poisonous fruit of attorney-client privileged material — the government denies ever offering a plea deal.

Schulte claims that the FBI read his thoughts on severance (which the Government has consented to) or a plea offer (which the Government has not made), but none of those “thoughts” are referenced in any subsequent search warrant.

The claim that the government left unredacted a reference to Schulte’s views on a plea deal does not appear in the unredacted version of Schulte’s motion to suppress, but given his lawyers’ claim that his journals were intended to be a discussion of his legal remedies, it may be an attempt to suppress the Presumption of Innocence notes cited above (even though Schulte made the same notes public).

Mr. Schulte’s narrative writings and diary entries contain information he “considered to be relevant to his potential legal remedies.”

There’s lot of room for a discussion short of a plea offer that might be true even given the government claim that “the Government has not made” any offer (such as that one of the series of attorneys who have represented Schulte has recommended that he seek a deal).

But the detail is particularly interesting given the timing of his trial and something the government claimed the last time Chelsea Manning and her lawyers tried to get her out of jail. It insisted they want Manning’s testimony for subjects and charges not included in Assange’s current indictment, and said the submission of the extradition request against Assange does not preclude future charges based on those offenses.

As the government’s ex parte submissions reflect, Manning’s testimony remains relevant and essential to an ongoing investigation into charges or targets that are not included in the superseding indictment. See Gov’t’s Ex Parte Mem. (May 23, 2019). The offenses that remain under investigation are not time barred, see id., and the submission of the government’s extradition request in the Assange case does not preclude future charges based on those offenses, see Gov’t’s Supplement to Ex Parte Mem. (June 14, 2019).

Barring a delay because of Classified Intelligence Protect Act proceedings, Schulte will face trial on the Espionage charges in November, three months before the next hearing in Assange’s extradition. And while there’s no hint in Schulte’s case that WikiLeaks played a role in the front end of Schulte’s alleged leak, there’s abundant evidence that they continued to cooperate with him in the aftermath and even in the initial release itself. Indeed, that’s some of the most damning evidence against Schulte.

Schulte seems to think he could cooperate against Assange and face lesser charges. If the government told the truth last week, he may have little prospect to diminish what would amount to a life sentence if he’s found guilty.

On CNN’s WikiLeaks Exclusive: Remember the Other Document Dumps

CNN has a report on leaked security records describing some of the visitors and improved computer equipment Julian Assange got in 2016, as Russia was staging the election hack-and-leak. The story is a better expose of how increased pressure from the US and a change of president in Ecuador dramatically changed Assange’s freedom to operate in the Ecuadorian Embassy in London, with many details of the internal Ecuadorian politics, as it is proof of anything pertaining to the hack-and-leak.

As for the latter, the story itself insinuates ties between WikiLeaks and Russia’s hack-and-leak operation by matching the profile of Assange’s known (and dramatically increased number of) visitors in 2016 with the timing of those visits. Those people are:

  • A Russian national named Yana Maximova, about whom CNN states almost nothing is known, who visited at key moments in June 2016 (though CNN doesn’t provide the specific dates)
  • Five meetings in June 2016 with senior staffers from RT, including two visits from their London bureau chief, Nikolay Bogachikhin
  • German hacker Andrew Müller-Maguhn
  • German hacker Bernd Fix (who visited with Müller-Maguhn a few times)

These visitors have, in generally, been identified before, and with the exception of Müller-Maguhn, CNN doesn’t give the precise dates when people visited Assange, instead providing only screen shots of entry logs (which, CNN notes, key visitors wouldn’t be on). The exception is Müller-Maguhn, whose pre-election visits the TV version lists as:

  • February 19 and 20, 2016
  • March 14, 2016
  • May 8, 2016
  • May 23, 2016
  • July 7, 2016
  • July 14, 2016
  • July 28, 2016
  • August 3, 2016
  • August 24, 2016
  • September 1, 2016
  • September 19, 2016
  • October 21, 2016
  • October 31, 2016

And, yes, some of those visits match the known Russian hack-and-leak timeline in enticing ways, such as that Müller-Maguhn, who told WaPo that, “he was never in possession of the material before it was put online and that he did not transport it,” showed up the same day Mueller documents describe WikiLeaks obtaining an archive that had been uploaded (“put”) online and by that means transferred to WikiLeaks.

But that would be entirely consistent with Müller-Maguhn helping to process the emails — something the Mueller team determined did not violate US law — not serving as a mule. Not that Müller-Maguhn would be best used as a mule in any case.

The descriptions of the changes in computer and other gear are more interesting: with Assange bumping up his resources on June 19, a masked visitor dropping off a package outside the embassy on July 18, and exempt WikiLeaks personnel removing a ton of equipment on October 18, as Ecuador finally threatened to shut WikiLeaks down.

Shortly after WikiLeaks established contact with the Russian online personas, Assange asked his hosts to beef up his internet connection. The embassy granted his request on June 19, providing him with technical support “for data transmission” and helping install new equipment, the documents said.

[snip]

Days later, on July 18, while the Republican National Convention kicked off in Cleveland, an embassy security guard broke protocol by abandoning his post to receive a package outside the embassy from a man in disguise. The man covered his face with a mask and sunglasses and was wearing a backpack, according to surveillance images obtained by CNN.

[snip]

The security documents lay out a critical sequence of events on the night of October 18. Around 10 p.m., Assange got into a heated argument with then-Ecuadorian Ambassador Carlos Abad Ortiz. Just before midnight, Abad banned any non-diplomatic visitors to the embassy and left the building. Behind the scenes, Assange communicated with the foreign minister in Quito.

Within an hour of Abad’s departure, he called the embassy and reversed the ban.

By 1 a.m., two WikiLeaks personnel arrived at the embassy and started removing computer equipment as well as a large box containing “about 100 hard drives,” according to the documents.

Security officials on site wanted to examine the hard drives, but their hands were tied. The Assange associates who removed the boxes were on the special list of people who couldn’t be searched. The security team sent a memo back to Quito raising red flags about this late-night maneuver and said it heightened their suspicions about Assange’s intentions.

Again, none of that proves a knowing tie with Russian intelligence. But it does show an interesting rhythm during that year.

But this schedule doesn’t consider the other things going on with WikiLeaks in 2016. At almost the same time that WikiLeaks released the DNC emails, after all, they also released the AKP email archive.

More interesting still, according to the government’s current allegations about Joshua Schulte’s actions in leaking the CIA’s hacking tools to WikiLeaks, he made a copy of the CIA’s backup server on April 20, then transmitted the files from it to … someone (I suspect these may not have gone directly to WikiLeaks) … in late April to early May.

But then for some reason, on August 4, Schulte for the first time ever started conducting Google searches on WikiLeaks, without visiting the WikiLeaks site until the first release of the Vault 7 leaks.

Meanwhile, WikiLeaks claimed in August 2016  — and ShadowBrokers invoked that claim, in January 2017 — that WikiLeaks had obtained a copy of the original ShadowBrokers files released on August 13, 2016. A Twitter account claiming to be ShadowBrokers reiterated this claim late last year.

Consider the continued presence of highly skilled hackers at the Embassy and the removal of tons of computer equipment as Ecuador cracked down from the viewpoint of what happened to all of NSA and CIA’s hacking tools, rather than what happened with John Podesta’s risotto recipe. Add in the fact that the government seems to think Schulte altered the air gap tool he allegedly wrote for CIA outside of CIA.

To the extent they provide these dates (again, they do so with specificity only for Müller-Maguhn, and only before the election; not to mention, his emails appear to fit a fairly regular twice-monthly pattern), a few of them are quite intriguing. But there was a whole lot else going on with WikiLeaks that year that might be even more important for describing the true nature of WikiLeaks.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The Gina Haspel Honorary 2020 Intelligence Authorization Might Criminalize Linked In Resumes

The Intelligence Authorization for 2018-2020 is actually not named after CIA Director Gina Haspel. But it might as well be for the way it bears the marks of the first female head of an Intelligence Agency. It offers 12 weeks of paid parental leave for Intelligence personnel (a good thing!) and it also imposes a new rule prohibiting someone nominated to a Senate-confirmed position from making classification determinations about information needed to assess the nominees record, as Haspel did when she hid information on her role in the torture program during her own confirmation process.

But the Haspel related part of the authorization that has (rightly) gotten the most attention — such as in this NYT piece — is a move designed to dramatically expand the types of people covered under the Intelligence Identities Protection Act, which currently prohibits sharing the identities of classified intelligence officers who’ve spent time overseas in the last five years, to cover everyone — past or present — whose relationship with US intelligence is classified.

Most of the concern about the measure focuses — as highlighted in Ron Wyden’s concerns laid out in the bill report — on avoiding accountability for torture (his comment implicitly applies to both Haspel and torture architects Mitchell and Jessen).

I am concerned about a new provision related to the Intelligence Identities Protection Act (IIPA). In 2010, I
worked to pass legislation to increase the penalties for violations of the IIPA. This bill, however, expands the bill so that it applies indefinitely, including to individuals who have been in the United States for decades and have become senior management or have retired. I am not yet convinced this expansion is necessary and am concerned that it will be employed to avoid accountability. The CIA’s request that the Committee include this provision, which invoked “incidents related to past Agency programs, such as the RDI [Rendition, Detention and Interrogation] investigation,” underscores my concerns.

While I agree with Wyden that the intent of this measure is about shielding the CIA from accountability, I think the measure would have two other unintended consequences.

First, I think it more likely that Julian Assange will beat some of the charges against him. (Let me be very clear, for the charges this would affect — which I lay out under Theory Three here — I think this is a good thing.) The justification for the change liberated by Charlie Savage actually mentions WikiLeaks by name.

Undercover Agency officers face ever-evolving threats, including cyber threats. Particularly with the lengths organizations such as WikiLeaksare willing to go to obtain and release sensitive national security information, as well as incidents related to past Agency programs, such as the RDI investigation, the original congressional reasoning mentioned above for a narrow definition of “covert agent” no longer remains valid.

This language raises real questions for me about whether CIA really understands WikiLeaks, not least because WikiLeaks is not going to greater lengths than other media outlets to facilitate the sharing of information (what happens before and after that is another issue).

But one way or another, if this bill were to pass, it would pass after Assange got charged with disclosing databases of sensitive identities. (The timing on this is rather suspect: SSCI passed the authorization on May 14, Burr reported it to the full Senate on May 22, and Assange’s superseding indictment was approved by the grand jury on May 23.) It would be child’s play for Assange’s attorneys (and he has very good attorneys) to argue that the timing is proof that disclosing the identities of most of the people in those databases — who were sources rather than CIA officers — was not illegal at either the time he did it or the time he was charged for it. In addition, passing this bill would reiterate Congress’ belief, now in 2019, that it believes only US citizens should be protected in this way; Assange is accused of disclosing the identities of foreigners, not Americans.

So this law, if it passes, would likely make it easier for Assange to beat these charges, but make anyone else doing it — even if for good reasons and after considering the risk — a criminal.

It’s the other presumably unintended consequence of this bill that I think is even more problematic. It would criminalize all sorts of ways that former intelligence officials publicly identify themselves. The current law includes an exception for those who identify themselves as covert agents, meaning the expanded definition should not be used to prevent people from disclosing their own past affiliation with the agency (to the extent their Non-Disclosure Agreements don’t prohibit it).

It shall not be an offense under section 601 for an individual to disclose information that solely identifies himself as a covert agent.

It also generally requires malice on the part of the person releasing identities. Nevertheless, given the way that the government already uses past classified work to restrict people for the rest of their life, it is not inconceivable that the government would come to use this law to punish others who provide platforms for former intelligence personnel to talk about that openly, like Linked In. Imagine a situation, for example, where the IC deems making it easier for former intelligence professionals to find better paying jobs in the private sector to be, “a pattern of activities intended to identify and expose covert agents and with reason to believe that such activities would impair or impede the foreign intelligence
activities of the United States.” In such a situation, Linked In might be charged under a newly expanded IIPA.

Given the vast number of former intelligence personnel who move into the private sector and the degree to which it has become commonplace to discuss those past affiliations openly, the criminalization of sharing of those identities poses a particular risk. That’s definitely not the point of this bill. But by lowering the bar for who counts as covert and making covert status permanent, it certainly could be used for such ends in the future.

Joshua Schulte Keeps Digging: His Defensible Legal Defense Continues to Make a Public Case He’s Guilty

To defend him against charges of leaking the CIA’s hacking tools to WikiLeaks, Sabrina Shroff has made it clear that Joshua Schulte is the author of the CIA’s lies about its own hacking.

In a motion to suppress all the earliest warrants against Schulte submitted yesterday, Shroff makes an unintentionally ironic argument. In general, Shroff (unpersuasively) argues some things the government admitted in a Brady letter sent last September are evidence of recklessness on the part of the affiant on those earliest warrants, FBI Agent Jeff Donaldson. She includes most of the items corrected in the Brady letter, including an assertion Donaldson made, on March 13, 2017, that Schulte’s name did not appear among those published by WikiLeaks: “The username used by the defendant was published by WikiLeaks,” the prosecutors corrected the record in September 2018. To support a claim of recklessness, Schroff asserted in the motion that someone would just have to search on that username on the WikiLeaks site to disprove the initial claim.

Finally, the Brady letter explained that a key aspect of the affidavit’s narrative—that Mr. Schulte was the likely culprit because WikiLeaks suspiciously did not publicly disclose his identity—was false. Mr. Schulte’s identity (specifically, his computer username “SchulJo”) was mentioned numerous times by WikiLeaks, as a simple word-search of the WikiLeaks publication would have shown. See Shroff Decl. Exh. F at 7

If you do that search on his username — SchulJo — it only readily shows up in one file, the Marble Framework source code.

That file was not released until March 31, 2017. So the claim that Schulte’s name did not appear in the WikiLeaks releases was correct when Donaldson made it on March 13. That claim — like most of the ones in the Brady letter — reflect the incomplete knowledge of an ongoing investigation, not recklessness or incompetence (Schulte has written elsewhere that he believed the FBI acted rashly to prevent him from traveling to Mexico, which given other details of this case — including that he hadn’t returned his CIA diplomatic passport and snuck it out of his apartment when the FBI searched his place, they were right to do).

By sending her reader to discover that Schulte’s name appears as the author of the Marble Framework, she makes his “signature” that of obfuscation — hiding who actually did a hack.

Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

Marble does this by hiding (“obfuscating”) text fragments used in CIA malware from visual inspection.

[snip]

The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, — but there are other possibilities, such as hiding fake error messages.

Marble was one of the files WikiLeaks — and DNC hack denialists — would point to to suggest that CIA had done hacks (including the DNC one) and then blamed them on Russia. In other words, in her attempt (again, it is unpersuasive) to claim that FBI’s initial suspicions did not reach probable cause, she identifies Schulte publicly not just with obfuscation about a breach’s true culprits, but with the way in which the Vault 7 leak — ostensibly done out of a whistleblower’s concern for CIA’s proliferation of weapons — instead has served as one prong of the propaganda covering Russia’s role in the election year hack.

That’s just an ironic effect of Shroff’s argument, not one of the details in yesterday’s releases that — while they may legally serve to undermine parts of the case against her client — nevertheless add to the public evidence that he’s not only very likely indeed the Vault 7 culprit, but not a terribly sympathetic one at that.

Back when FBI first got a warrant on Schulte on March 13, 2017, they had — based on whatever advanced notice they got from Julian Assange’s efforts to use the files to extort a pardon from the US government and the week of time since WikiLeaks had released the first and to that date only set of files on March 7 — developed a theory that he was the culprit. The government still maintains these core details of that theory to be true (this Bill of Particulars Schulte’s team released yesterday gives a summary of the government’s theory of the case as of April 29):

  • The files shared with WikiLeaks likely came from the server backing up the CIA’s hacking tools, given that the files included multiple versions, by date, of the files WikiLeaks released
  • Not that many people had access to that server
  • Schulte did have access
  • Not only had Schulte left the CIA in a huff six months before the WikiLeaks release — the only  person known to have had access to the backup server at the time who had since left — but he had been caught during the period the files were likely stolen restoring his own administrator privileges to part of the server after they had been removed

But, after it conducted further investigation and WikiLeaks published more stolen files, the government came to understand that several other things that incriminated Schulte were not true.

[T]he government appears to have abandoned the central themes of the March 13 affidavit: namely, that the CIA information was likely stolen on March 7–8, 2016, that Mr. Schulte was essentially “one of only three people” across the entire CIA who could have taken it, and that WikiLeaks’s supposed effort to conceal his identity was telltale evidence of his culpability

There’s no indication, however, that Donaldson was wrong to believe what he did when he first obtained the affidavit; Shroff claims recklessness, but never deals with the fact that the FBI obtained new evidence. Moreover, for two of the allegations that the government later corrected — the date the files were stolen and the number of people who had access to the server, Donaldson admitted those were preliminary conclusions in his initial affidavit (which Shroff doesn’t acknowledge):

It is of course possible that the Classified Information was copied later than March 8, 2016, even though the creation/modification dates associated with it appear to end on March 7, 2016.

[snip]

Because the most recent timestamp on the Classified Information reflects a date of March 7, 2016, preliminary analysis indicates that the Classified Information was likely copied between the end of the day on March 7 and the end of the day on March 8.

[snip]

It is, of course, possible that an employee who was not a designated Systems Administrator could find a way to gain access to the Back-Up Server. For example, such an employee could steal and use–without legitimate authorization–the username and password of a designated Systems Administrator. Or an employee lacking Systems Administrator access could, at least theoretically, gain access to the Back-Up Server by finding a “back- door” into the Back-Up Server.

Between the two corrections, the revised information increases the number of possible suspects from two to five, out of 200 people who would have regular access to the files. A footnote to a later affidavit (PDF 138) describes that on April 5, 2017, FBI received information that suggested the number might be higher or lower. (I suspect Schulte argued in a classified filing submitted yesterday that even more people could have accessed it, not least because he has been arguing that in his various writings posted to dockets and other things,)

But, even though the Brady letter corrects the dates on which Schulte reinstated his administrator privileges for the Back-Up server slightly (he restored his own access on April 11, not April 14, which is when his managers discovered he had done so), Shroff only addresses his loss of privileges as innocent, without addressing that he got that access back on his own improperly.

More importantly, the motion doesn’t address, at all, that Schulte kicked everyone else off one of his programs, the Brutal Kangaroo tool used to hack air gapped networks using thumb drives. Nor does it address allegations against Schulte made in August 2016 as part of his clearance review, including that his demeanor changed for the worse around February 2016, he might be “subject to outside coercion,” and he tended not to abide by “guidelines concerning when and what kinds of media or data (such as external drives) could be connected or uploaded to CIA computer systems.” There are other details in the affidavit — such as Schulte’s attempt to learn what his former colleagues knew of the investigation — that support probable cause too (these may be among the things Shroff addresses in a classified filing).

That is, the probable cause that Schulte was the culprit was pretty strong even with the errors in the original affidavit, and none of the errors suggests malice or incompetence or even the recklessness Shroff alleges.

Shroff is right that the March 13 affidavit doesn’t offer as much probable cause to tie Schulte’s home to the crime; but that’s the magistrate’s fault and fairly standard for computer crimes, not the FBI’s. Shroff obscures the effect of FBI obtaining a second warrant to actually search the 150 storage media and computer devices they found in his home (a list of what they seized starts on PDF 116), as well as a second warrant to obtain child porn.

It is also true, as the defense argues, that the evidence to search for child porn was thin. But given that the government had a warrant to search the computer in question, and given precedents about child porn, that may not matter (though I think it is more likely to succeed than the rest of this). In any case, by the time of the main searches on child porn, three different magistrates had signed off on these searches.

This is a totally understandable attempt to get some of this evidence suppressed. But along the way the affidavits released yesterday provide a slew of damaging new details such as:

  • Schulte conducted a ton of searches on Google in April 2016 about detecting USB insertion, copying big files, deleting files, preventing other admins from seeing what someone was doing on a LAN
  • Schulte made a snapshot of (part of?) the LAN on April 20, 2016
  • In early May, Schulte researched how to use Tor and Tails, which the government alleges he used to send the files
  • On August 4, 2016 — the day after Snowden sent this tweet — Schulte did a Google search for WikiLeaks for the first time ever (note, I believe the Snowden tweet may have been preparation for the misleading IG report on him released the following month)

  • Between then and March 7, Schulte searched on WikiLeaks over 20 more times, reading hundreds of articles on it; but he didn’t visit WikiLeaks for the first time until March 7, 2017, the first day the files posted; he also searched for that Snowden tweet

In short, just Schulte’s Google searches alone provide very strong evidence that he’s the Vault 7 leaker. Which explains why his attorneys are making what will probably be an unsuccessful attempt to claim the Google searches were overly broad and lacked probable cause (something Schulte wrote elsewhere seems to reflect that he has been told this will be treated under a Good Faith exception).

Schulte has been trying to disclose all these materials for over a year. But they really don’t help his case.

Questions for Robert Mueller (and His Prosecutors) that Go Beyond the Show

I generally loathe the questions that people are drafting for Robert Mueller’s July 17 testimony before the House Judiciary and Intelligence Committees, largely because those questions are designed for a circus and not to learn information that’s useful for understanding the Mueller investigation. Here are the questions I’d ask instead (I’ll update these before Mueller testifies).

  1. Can you describe how you chose which “links between the Russian government and individuals associated with the campaign of President Donald Trump” to focus your investigation on?
  2. The warrants released in Michael Cohen’s case and other public materials show that your grand jury conducted investigations of people before Rod Rosenstein formally expanded the scope to include them in October 2017. Can you explain the relationship between investigative steps and the Rosenstein scope memos?
  3. Lisa Page has explained that in its initial phase, the investigation into Trump’s aides was separate from the larger investigation(s) into Russian interference. But ultimately, your office indicted Russians in both the trolling and the hack-and-leak conspiracies. How and when did those parts of DOJ’s investigation get integrated under SCO?
  4. An FD-302 memorializing a July 19, 2017 interview with Peter Strzok was released as part of Mike Flynn’s sentencing. Can you describe what the purpose of this interview was? How did the disclosure of Strzok’s texts with Lisa Page affect the recording (or perceived credibility) of this interview? Strzok was interviewed before that disclosure, but the 302 was not finalized until he had been removed from your team. Did his removal cause any delay in finalizing this 302?
  5. At the beginning of the investigation, your team investigated the criminal conduct of subjects unrelated to ties with Russia (for example, Paul Manafort’s ties with Ukraine, Mike Flynn’s ties to Turkey). Did the approach of the investigation change later in the process to immediately refer such issues to other offices (for example, Michael Cohen’s hush payments and graft)? If the approach changed, did your team or Rod Rosenstein drive this change? Is the Mystery Appellant related to a country other than Russia?
  6. Did your integration of other prosecutors (generally from DC USAO) into your prosecution teams stem from a resourcing issue or a desire to ensure continuity? What was the role of the three prosecutors who were just detailees to your team?
  7. Your report describes how FBI personnel shared foreign intelligence and counterintelligence information with the rest of FBI. For more than a year, FBI agents were embedded with your team for this purpose. Were these agents focused just on Russian activities, or did their focus include the actions of other countries and Americans? If their focus included Americans, did it include Trump associates? Did it include Trump himself?
  8. Can you describe the relationship between your GRU indictment and the WDPA one focused on the WADA hacks, and the relationship between your IRA indictment and the complaint against a Yevgeniy Prigozhin employee in EDVA? Can you describe the relationship between the Maria Butina prosecution and your investigation?
  9. Do you regret charging Concord Management in the IRA indictment? Do you have any insight on how indictments against Russian and other state targets should best be used?
  10. In discussions of Paul Manafort’s plea deal that took place as part of his breach hearing, Andrew Weissmann revealed that prosecutors didn’t vet his testimony as they would other cooperators. What led to this lack of vetting? Did the timing of the election and the potential impact Manafort’s DC trial might have play into the decision?
  11. What communication did you receive from whom in response to the BuzzFeed story on Trump’s role in Michael Cohen’s false testimony? How big an impact did that communication have on the decision to issue a correction?
  12. Did Matt Whitaker prevent you from describing Donald Trump specifically in Roger Stone’s indictment? Did you receive any feedback — from Whitaker or anyone else — for including a description of Trump in the Michael Cohen plea?
  13. Did Whitaker, Bill Barr, or Rosenstein weigh in on whether Trump should or could be subpoenaed? If so what did they say? Did any of the three impose time constraints that would have prevented you from subpoenaing the President?
  14. Multiple public reports describe Trump allies (possibly including Mike Flynn or his son) expressing certainty that Barr would shut down your investigation once he was confirmed. Did this happen? Can you describe what happened at the March 5, 2019 meeting where Barr was first briefed? Was that meeting really the first time you informed Rosenstein you would not make a determination on obstruction?
  15. You “ended” your investigation on March 22, at a time when at least two subpoena fights (Andrew Miller and Mystery Appellant) were ongoing. You finally resigned just minutes before Andrew Miller agreed to cooperate on May 29. Were these subpoenas for information critical to your investigation?
  16. If Don Jr told you he would invoke the Fifth if subpoenaed by the grand jury, would that fact be protected by grand jury secrecy? Are you aware of evidence you received involving the President’s son that would lead him to be less willing to testify to your prosecutors than to congressional committees? Can congressional committees obtain that information?
  17. Emin Agalarov canceled a concert tour to avoid subpoena in your investigation. Can you explain efforts to obtain testimony from this key player in the June 9 meeting? What other people did you try to obtain testimony from regarding the June 9 meeting?
  18. Did your investigation consider policy actions taken while Trump was President, such as Trump’s efforts to overturn Russian sanctions or his half-hearted efforts to comply with Congressional mandates to impose new ones?
  19. Can you describe how you treated actions authorized by Article II authority — such as the conduct of foreign policy, including sanctions, and the awarding of pardons — in your considerations of any criminal actions by the President?
  20. The President did not answer any questions about sanctions, even the one regarding discussions during the period of the election. Do you have unanswered questions about the role of sanctions relief and the Russian interference effort?
  21. Your report doesn’t include several of the most alarming interactions between Trump and Russia. It mentions how he told Sergey Lavrov and Sergey Kislyak he had fired Comey because of the Russian investigation, but did not mention that he shared classified Israeli intelligence at the meeting. Your report doesn’t mention the conversations Trump had with Vladimir Putin at the G-20 in Hamburg, including one pertaining to “adoptions,” while he was working on the June 9 meeting. The report doesn’t mention the Helsinki meeting. Did your investigation consider these interactions with Russia? If not, are you aware of another part of the government that did scrutinize these events?
  22. Why did you include Trump’s efforts to mislead the public about the June 9 meeting when it didn’t fit your team’s own terms for obstructive acts?
  23. You generally do not name the Trump lawyers who had discussions, including about pardons, with subjects of the investigation. How many different lawyers are described in your report to have had such discussions?
  24. You asked — but the President provided only a partial answer — whether he had considered issuing a pardon for Julian Assange prior to the inauguration. Did you investigate the public efforts — including by Roger Stone — to pardon Assange during Trump’s Administration?
  25. The cooperation addendum in Mike Flynn’s case reveals that he participated in discussions about reaching out to WikiLeaks in the wake of the October 7 Podesta releases. But that does not appear in the unredacted parts of your report. Is the entire scope of the campaign’s interactions with WikiLeaks covered in the Roger Stone indictment?
  26. Hope Hicks has claimed to be unaware of a strategy to coordinate the WikiLeaks releases, yet even the unredacted parts of the report make it clear there was a concerted effort to optimize the releases. Is this a difference in vocabulary? Does it reflect unreliability on the part of Hicks’ testimony? Or did discussions of WikiLeaks remain partially segregated from the communications staff of the campaign?
  27. How many witnesses confirmed knowing of conversations between Roger Stone and Donald Trump about WikiLeaks’ upcoming releases?
  28. The President’s answers regarding the Trump Tower Moscow match the false story for which Michael Cohen pled guilty, meaning the President, in his sworn answers, provided responses you have determined was a false story. After Cohen pled guilty, the President and his lawyer made public claims that are wholly inconsistent with his sworn written answer to you. You offered him an opportunity to clean up his sworn answer, but he did not. Do you consider the President’s current answer on this topic to be a lie?
  29. Did Trump Organization provide all the emails pertaining to the Trump Tower Moscow deal before you subpoenaed the organization in early 2018? Did they provide those emails in response to that subpoena?
  30. In his answers to your questions, President Trump claimed that you received “an email from a Sergei Prikhodko, who identified himself as Deputy Prime Minister of the Russian Federation … inviting me to participate in the St. Petersburg International Economic Forum.” But the footnotes to your discussion of that exchange describe no email. Did your team receive any email? Does the public record — showing that Trump never signed the declination letter to that investigation — show that Trump did not decline that invitation?

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Roger Stone Describes 67% of the Content of Sealed Warrant Affidavits for His Co-Conspirators

One of the reasons I believe Roger Stone knows he’s getting a pardon is because, in spite of the fact that he’s got six named attorneys on his team, his filings are unbelievably sloppy, as if the lawyers are letting their children submit them.

I’m just now reading a second one he submitted last Friday (it’s bolloxed in PACER but that may not be Stone’s fault), a reply on his request to have all his search warrants suppressed based on Bill Binney’s bogus claim that a document that is entirely unrelated to the charges against Stone was copied onto a thumb drive, and even if it were would be irrelevant to the question of whether Russia hacked the DNC.

The filing couldn’t have been reviewed before submission, because it gets key dates wrong:

This is especially so since Stone did not possess any of the stolen information, all of which these communications occurred well after June 22nd, 2016 – the first dissemination of the DNC emails on Wikileaks. [this should be July]

And includes sentence fragments:

Congress did not subpoena any documents regardless of form from Stone. But left it to Stone to determine which documents he should turn over that were not “widely available” or that “reasonably could lead to the discovery of any facts within the investigations publicly-announced parameters.”

[snip]

Comments about “friends at the embassy” by Corsi were made up. Speculation about an anticipated upcoming data dump was wrong.

And includes grammatical mishmash:

Even with knowledge of its early dissemination, is not a crime.

[snip]

The FBI has stated that they has conducted no direct research, nor collected any evidence of the DNC breach directly, which was confirmed by thenFBI director James Comey.

And a reference to paragraphs in exhibits that don’t list the paragraphs:

(Doc. 100 Ex. 17),

(Doc. 100 Ex. 18).

In short, the filing — like a number submitted beforehand in this case — shows utter contempt for the process.

But along the way, Stone describes at least 67% of the paragraphs of one of the affidavits (Exhibit 1) laying out probable cause for a CFAA change.

  • ¶¶1-7: Gap
  • ¶8: Jerome Corsi, Ted Malloch, Julian Assange, and Roger Stone “speak to each other about politics WikiLeaks, and ‘about phishing with John Podesta,'”
  • ¶¶9-19: Description of WikiLeaks receiving DNC data from Russian state.
  • ¶¶20-25: Gap
  • ¶26: Stone and he are friends, Manafort resigned as Chairman of the Trump Campaign, Manafort worked in for Washington, D.C. lobbying firms to influence U.S. policy toward Ukraine.
  • ¶¶27-37: Gap
  • ¶38: Stone and Assange were not really communicating about anything of relevance or consequence.
  • ¶¶39-40: Gap
  • ¶¶41-57: Corsi, Malloch, and Stone discussion what WikiLeaks is going to publish.
    • ¶47: Claim to Sam Nunberg that Stone had dinner with Assange.
    • ¶¶54-56: Description of Corsi’s “friends at the embassy” comment.
  • ¶¶58-65: References the infamous outtake footage from “Access Hollywood.” … Corsi and Stone spoke.
    • ¶65: Charles Ortel sent an email written to Stone and Stone sent it to Corsi after WikiLeaks disseminated Podesta’s emails. The email was titled “WikiLeaks – The Podesta Emails.”
  • ¶¶66-79: Stone is accused of having advanced knowledge of Podesta’s emails.
  • ¶¶80-81: Post-Podesta’s July 2016 [sic] release by WikiLeaks, Malloch said he would connect Corsi with Assange.
  • ¶¶82-83: Gap
  • ¶¶84-85: Corsi took credit for predicting the release of Podesta’s emails.
  • Unknown: Stone had Facebook accounts that he used to perpetuate his political writings including the writings about Podesta.

Included in that virtual recitation of what a document that remains under seal and covered by a protective order says, Stone makes it clear that the government obtained evidence of Stone talking with someone (it’s not clear who!) about John Podesta being phished, which Stone excuses this way:

They speak to each other about politics WikiLeaks, and “about phishing with John Podesta,” which may imply Podesta was phishing, or that Assange or Malloch were phishing Podesta, but clearly neither seem to be the point of the allegation. Doc. 100-1, ¶8.

In short, this is not a filing intended to win the argument in court (which is lucky for Stone, because legally the filing is crap). Rather, it is a disguised attempt to communicate with some potentially unidentified co-conspirator what the government actually knows about Stone’s knowledge of the phishing of John Podesta.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Detaining Chelsea Manning: Other People, Times, and Patterns

Friday, the government responded to Chelsea Manning’s request to be freed in light of Julian Assange’s superseding indictment, in which she argued the grand jury couldn’t use any of her testimony to shore up the existing indictment against Assange.

The government has now indicted Mr. Assange on 18 very serious counts, without the benefit of or apparent need for Ms. Manning’s testimony. The government’s extradition packet must be submitted in finalized form very soon. Any investigation of him after that point will be nugatory. United States v. Moss, 756 F.2d 329, 331-32 (4th Cir. 1985), see also United States v. Kirschner, 823 F. Supp. 2d 665, 667 (E.D. Mich. 2010)(finding that posti-ndictment questioning about the same conduct but different charges than those in the indictment was permissible, but questioning leading only to further information about the same charges would be impermissible). Any further investigation of unindicted targets will likewise be futile, as charges would be time-barred, and in any case, it is perfectly understood that Ms. Manning has no useful information about any parties other than the person behind the online handle “pressassociation.” She is not possessed of any that is not equally available to them, and in any case, her absence has posed no obstacle to indictment and superseding indictment.

The government response suggests this assertion — that there are no charges that they need Manning’s testimony for — is incorrect.

As the government’s ex parte submissions reflect, Manning’s testimony remains relevant and essential to an ongoing investigation into charges or targets that are not included in the superseding indictment. See Gov’t’s Ex Parte Mem. (May 23, 2019). The offenses that remain under investigation are not time barred, see id., and the submission of the government’s extradition request in the Assange case does not preclude future charges based on those offenses, see Gov’t’s Supplement to Ex Parte Mem. (June 14, 2019). Manning’s speculations about the direction of the grand-jury investigation, the purpose of her testimony, and the need for it are insufficient to show otherwise. [My emphasis]

The formulation here is curious, for the reasons laid out below.

Not time barred: Assange was first indicted on March 6, 2018, two days short of the 8-year anniversary of the alleged attempt to crack a password that was the basis for the conspiracy to violate CFAA charge. That suggests they were relying on the claim that the international character of the alleged CFAA charge extended the SOL to eight years, though they could also claim the conspiracy was ongoing if both Manning and Assange were believed to continue to engage in a conspiracy (though given that the conspiracy was defined as hacking, it would seem to be limited to the time until Manning’s arrest on May 27, 2010). I think — but am not sure — that if further charges are not time-barred, the government is either relying on a continued conspiracy, perhaps based off the conspiracy to receive national defense information in the superseding indictment, which because it was charged under espionage has a ten year statute of limitations, or arguing that the conspiracy to violate CFAA extended to other people.

Possibility of additional charges “based on those offenses”: To continue to coerce Manning for charges pertaining to Assange, the government has to argue (and claims it has, in two ex parte filings) that it is seeking additional charges. If I understand how the UK’s extradition process works, unless it gets a waiver, the US government can’t add additional crimes against Assange on top of what it already charged in the extradition packet, but some people say it’s possible to add on instances of the same charges until such time as he’s extradited. That may mean it wants to lard on espionage charges.

Targets not included in the superseding indictment: Manning claims she only has information about “pressassociation” — that is, Assange. But the government may believe there are other people involved in this. It would be unsurprising if the government were homing on other key WikiLeaks figures (I’ve had people wonder whether the government would go after Jake Appelbaum, for example, and there’s another figure people have been chatting about). Recall, too, that the government interviewed David House during this process, extending the time frame and the actions to publicity to supporting Manning that would extend into the period when she was jailed and prosecuted.

Charges not included in the superseding indictment: If there are other people the government is targeting for crimes the statutes of limitation for which haven’t expired (or as part of the conspiracy including Assange and Manning in any kind of continuation), then the government could just charge them.

All that said, there’s something funny with the timing. Manning’s request suggested that Assange was charged sometime between May 14 and 16 — which would put it after she got the subpoena from the new grand jury but before a court hearing on May 16.

Some time between May 14 and May 16, 2019, Julian Assange was charged in a superseding indictment with 17 Counts relating to offenses under the Espionage Act. This indictment was also obtained without the benefit of or apparent need for Ms. Manning’s testimony.

The government corrected that in their response.

Manning claims that Assange was charged in the superseding indictment at some point “between May 14 and May 16, 2019.” Mot. to Reconsider Sanctions 2. That representation is inaccurate. The face of the indictment reflects that it was returned in open court on May 23, 2019, and the signature page bears the same date. See Superseding Indictment, United States v. Julian Paul Assange, No. 1:18-cr-111-CMH (E.D. Va. May 23, 2019) (Dkt. No. 31) (Exhibit B).

Meanwhile — perhaps to show that it had briefed Judge Anthony Trenga about the ongoing investigation before he approved the current contempt finding — the government also unsealed a bench memo submitted back on May 15. That memo also argued they still needed Manning’s testimony — but it was based on the 1-count indictment against Assange.

This indictment against Assange does not affect Manning’s obligation to appear and testify before the grand jury. Under the law, the government cannot use grand jury proceedings for the ‘sole or dominant purpose’ of preparing for trial on an already pending indictment.” United States v. Alvarado,840 F.3d I E4, lE9 (4th Cn. 2016) (quoting United States v. Moss,756 F.2d329,332 (4th Cir. l9E5)). Yet it is equally well settled that, even after returning an indictment, the grand jury may continue investigating new charges or targets that are related to the pending indictment, See id at I89-90; United States v. Bros. Co$t/. Co. of Ohio,2l9 F.3d 300, 314 (4th Cir. 20OO); Moss,7 56 F .2d at 332. At the same time it files this memorandum, the government is filing an ex parte pleading that describes the nature of the grand jury’s ongoing investigation in this matter. See Gov’t’s Ex Parte Submission Regarding Nature of Grand-Jury Investigation (May 14, 2019). As that filing reflects, Manning has testimony that is directly relevant and important to an ongoing investigation into charges or targets that arc not included in the pending indictment. See id. Thus, the recently unsealed indictment against Assange does not provide Manning with just cause for refusing to comply with the Court’s order to testify in front of the grand jury.

That said, they’ve updated that argument in sealed form. As bolded above, though, the government has briefed the court three times on why it still needs Manning’s testimony:

  • May 14, 2019 (not noted in the docket, but possibly docket 3)
  • May 23, 2019 (docket #10)
  • June 14, 2019 (docket #22)

On the day of Assange’s superseding indictment, the government explained to Judge Trenga that the “charges or targets” they were still investigating were “not included in the superseding indictment” and also said they weren’t time-barred. On the day of Friday’s extradition hearing, the government told Trenga that “the government’s extradition request in the Assange case does not preclude future charges based on those offenses.”

All of which might conflict with the public reports that the government will not charge Assange with any further charges. Or it might mean that there are other people that the government wants to weave into these conspiracy charges.

One final point. In the May 15 bench memo, the government discounts Manning’s objections to grand juries (appealing to how they’re supposed to work rather than how they do), and then insinuates she’s refusing to testify out of self-interest.

In addition to their description of what happened when she went before the grand jury, their description of what they deem her self-interested motive not to testify is the only other part of the narrative that remains redacted.

Which is to say the government has some notion of Manning’s motives that — aside from being placed amid a discussion that demonstrably fails to understand her claims about grand juries — they imagine she’s doing all this to benefit herself. That may be true. It may be, for example, that testifying about what she now understands to have happened nine years ago would change the public understanding of what she did. But the government is not willing to share what that is.

The Congressional Research Service’s (Dated) Take on Julian Assange’s Indictment: DOJ May Argue He Aided Russian Spying

Project on Government Secrecy just released a Congressional Research Service report, which was originally written on April 22, on Julian Assange’s arrest.

It’s a fairly balanced and thorough document, including quotes from The Intercept. But it’s dated, with the body of the report integrating neither his superseding indictment (though an update does note it happened) nor Sweden’s stance — reopening but not asking for extradition on — the rape investigation.

There’s one big thing that the report misses, which is relevant for its analysis, even dated as it is. It describes, correctly, that Assange was originally indicted in March 2018. But it doesn’t note that the complaint was obtained on December 21, 2017. That seems particularly pertinent given that it happened on the same day as (and therefore may be the legal reason why) the UK denied Ecuador’s attempt to make Assange a diplomat.

Ecuador previously had been unsuccessful in its attempts secure arrangements for Assange to leave the embassy through legal channels. In 2017, the country made Assange an Ecuadorian citizen. Later that year, Ecuador’s foreign minister designated Assange as a diplomat in what observers interpreted to be an effort to confer the VCDR’s personal diplomatic protections on Assange, allowing him to leave the embassy and take up a diplomatic post in Russia without fear of arrest during his travel. But U.K. officials denied Assange diplomatic accreditation, and Ecuador withdrew its diplomatic designation shortly thereafter. Ecuador also suspended Assange’s citizenship as part of its decision to allow his arrest.

For a document meant to provide Congress a balanced report on his arrest, it seems pertinent to suggest that Ecuador may have failed in its efforts to secure this diplomatic solution because the US intervened quickly.

And that, in turn, seems relevant to the one point that I haven’t seen discussed in other coverage of Assange’s arrest: whether DOJ got around cautions against indicting journalists in its media policy by relying on the language that such cautions do not apply when there are reasonable grounds to believe that the media person in question is aiding, abetting, or conspiring in illegal activities with a foreign power.

The news media policy also provides that it does not apply when there are reasonable grounds to believe that a person is a foreign power, agent of a foreign power, or is aiding, abetting, or conspiring in illegal activities with a foreign power or its agent. The U.S. Intelligence Community’s assessment that Russian state-controlled actors coordinated with Wikileaks in 2016 may have implicated this exclusion and other portions of the news media policy, although that conduct occurred years after the events for which Assange was indicted. The fact that Ecuador conferred diplomatic status on Assange, and that this diplomatic status was in place at the time DOJ filed its criminal complaint, may also have been relevant. Finally, even if the Attorney General concluded that the news media policy applied to Assange, the Attorney General may have decided that intervening events since the end of the Obama Administration shifted the balance of interests to favor prosecution. Whether the Attorney General or DOJ will publicly describe the impact of the news media policy is unclear.

That is, CRS suspects that DOJ may have gotten around cautions against arresting members of the media by using the exception in AG Guidelines,

(ii) The protections of the policy do not extend to any individual or entity where there are reasonable grounds to believe that the individual or entity is –

(A) A foreign power or agent of a foreign power, as those terms are defined in section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801);

Which would in effect mean they were arguing that Assange fulfills this language from FISA.

(B) acts for or on behalf of a foreign power which engages in clandestine intelligence activities in the United States contrary to the interests of the United States, when the circumstances indicate that such person may engage in such activities, or when such person knowingly aids or abets any person in the conduct of such activities or knowingly conspires with any person to engage in such activities;

It would be unsurprising to see DOJ argue that for Assange’s activities in 2016. After all, they’ve described him in terms often used with co-conspirators in the GRU indictment (though didn’t obtain that indictment until long after Assange was charged and indicted). They similarly describe WikiLeaks as the recipient of Vault 7 documents in the Joshua Schulte superseding indictments; but while that gets perilously close to alleging Schulte was leaking documents on behalf of a foreign power, they don’t charge that (and, again, that superseding indictment was obtained months after the Assange one).

None of that means Assange was acting as — or abetting — the actions of a foreign power in 2010. That may ultimately be what they want to argue, that he was conspiring with Russia way back in 2010. But they haven’t charged or alleged that yet. Indeed, even Mike Pompeo’s accusations from 2017 — that WikiLeaks was a non-state intelligence service — don’t seem to reach the language in these exceptions.

And none of that makes this language any less dangerous for journalists. A lot of journalists published documents stolen from the DNC in 2016 long after it was broadly accepted that Russia had stolen them. That would mean any of those journalists might be accused of knowingly abetting Russia’s election year efforts.

In other words, prosecuting Assange because he knowingly abetted Russian efforts (especially if DOJ can only prove that for 2016, not the 2010 actions they’ve charged him with) still doesn’t pass the “New York Times” test.

On Joshua Schulte and Julian Assange’s 10 Year Old Charges

The WaPo has confirmed what Natasha Bertrand earlier reported: the extradition package for Julian Assange will only include the 10 year old charges related to the publication of Chelsea Manning’s leaks, not any of WikiLeaks more controversially handled charges. I’ve been meaning to write a post on how this is the stupidest available approach, which will satisfy neither those who regard him as a villain, will expose other journalists to similarly dangerous charges, and possibly even fuck up the security establishment’s entire effort to exact some revenge against Assange. I hope to return to that when I get some deadlines and travel done, but suffice it to say this is a big hot mess.

To be clear, I actually think it’s not eleven-dimensional chess on the part of Bill Barr to save Trump some embarrassment once Roger Stone’s trial reveals the extent to which Trump’s campaign tried to “collude” with WikiLeaks (though it will not only have that effect, but make it harder for DNC to sustain its lawsuit against the GOP and WikiLeaks for their actions in the 2016 election). Rather, I think this is an attempt to prosecute Assange with the least cost on the security establishment, being run by people who are utterly tone deaf to the costs it will incur elsewhere.

But I do want to say several things about why and how DOJ is not charging Assange in the Vault 7 leak.

Bertrand noted that I thought that the EDVA charges would be related to Vault 7.

Still, just several months ago, numerous experts felt confident that prosecutors would also hit Assange with charges over Vault 7. Prominent national security journalist Marcy Wheeler predicted in Februarythat DOJ would “very clearly go after Assange” for the Vault 7 disclosure, and that a sealed indictment against him in the Eastern District of Virginia was likely related to that leak — the CIA is, after all, headquartered in Virginia, as ABC noted. Assange himselfreportedly expressed concern that prosecutors would charge him with crimes related to Vault 7.

She didn’t provide even the full context of my tweet, much less my post, arguing that Assange’s efforts to extort a pardon using the Vault 7 files would be something obviously unconnected to journalism. The superseding indictment does mention Assange’s use of “insurance files” to ensure his ability to publish documents in his possession, but no charges were attached to that, which later uses of the tactic and the Vault 7 pardon effort would have supported.

Which is to say the government could have charged Assange for something specifically excluded from Bartnicki’s protection of the publication of stolen materials, but did not. Again, the government has chosen to go about this in the stupidest way possible.

That said, I’m not surprised they’re not going after Assange for the Vault 7 leak itself.

As it is, the CIA has been inexcusably uncooperative with Joshua Schulte’s discovery efforts. At times. some pretty aggressive prosecutors have seemed almost apologetic about it. Schulte has staked a lot on trying to expose details of his initial warrants, and while his later behavior seems to suggest there was something to their targeting of him (or, at the very least, his post-indictment behavior has been self-destructive), at the very least the CIA may have participated in some epically bad parallel construction. They may be trying to hide that as much as the actual details of CIA’s hacking program.

Meanwhile, the government and Schulte have been discussing severing his charges from last year — which include one charge of contempt and a charge of attempted leak of classified information — from everything else.

As the Court is aware, trial in this matter is currently set for April 8, 2019. (See Minute Entry for August 8, 2018 Conference). To afford the parties sufficient time to prepare the necessary pretrial motions, including suppression motions and motions pursuant to the Classified Information Procedures Act (“CIPA”), the parties respectfully request that the Court adjourn the trial until November 4, 2019. The parties are also discussing a potential agreement concerning severance, as well as the order of the potentially severed trials. The parties will update the Court on severance and a pretrial motion schedule at or before the conference scheduled for April 10, 2019.

That might be something they tried to base a plea off of: they’d have video evidence to back their case, so it might avoid the CIPA process CIA is unwilling to engage in.

Back in May, Schulte’s team submitted a motion to vacate his SAMs (Special Administrative Measures limit a prisoner’s communication with others). It was based off the case the government made prior to his superseding indictment and left out all the allegations the government made about the 13 email and social media accounts Schulte was allegedly running from his jail cell, and as such deliberately understated why the government wanted the SAMs. The government asked for and got an extension to respond until Monday — notably, after all decisions about Assange would have had to have been made. Any response (unless it’s sealed) will have to provide more details about what happened last fall, so if they’re trying to get a plea deal, it might come this week in lieu of that SAMs response.

But the question would be what that plea agreement would look like.

Finally, the government is going to have to provide some explanation for why Chelsea Manning remains in jail for contempt. Unless they can claim they’re going after other people related to WikiLeaks, they should not be able to keep her jailed.