Posts

Did Some Republican in Congress Leak Details of the Mueller Report to Roger Stone?

There’s a passage from a recent Roger Stone filing I’ve been puzzling over. In a motion asking for discovery on selective prosecution — an effort that started out by arguing no one else had been prosecuted for false statements to Congress before that became ridiculous — Stone claims that

Yet, he was ruled out as a conspirator with the Russian state and WikiLeaks before his transcript from HPSCI was transmitted.

This effort parallels an effort to get the whole Mueller Report and this motion asks for all the declination memos on top of that.

Prosecuting Stone because of his arbitrary classification requires discovery, including the declination memos sent to the Attorney General, so that it may be determined who the government thinks lied to Congress or the Special Counsel, but were not prosecuted.

The claim that Stone was ruled out as a co-conspirator with Russia or WikiLeaks is probably true (though not necessarily all that helpful for his case). I’m just trying to figure out how he knows that, if he does. It seems there are four possibilities:

  1. His lawyers, who are fairly careless and who have made false claims in other briefs, are just making this up
  2. He got something in discovery that makes this clear
  3. He’s basing this off Jerome Corsi’s public claims
  4. Someone who has seen an unredacted copy of the Mueller Report (which currently includes the White House and at least 7 of the 8 Republicans who had been given an opportunity to read it before yesterday) told him what those passages of the report say
  5. He learned of this decision in real time, via reporting to the White House and then some channel from the White House

As noted, his lawyers have not been above making shit up, so it’s possible this is what this claim is. But it feels too specific for that.

It’s also possible he got something in discovery to support this claim, except the prosecutors are fighting to provide precisely this kind of information to him in their fight against releasing the Mueller Report.

Such an assertion could be intuited from Jerome Corsi’s crazed rants. Corsi has said that he believes the true source of his/their knowledge that WikiLeaks would release John Podesta’s emails was the cornerstone to Mueller’s “collusion” case (though of course he was assessing conspiracy, as Stone correctly notes here.

It’s certainly possible this is reflected in the less redacted Mueller Report, which would explaining the timing of this claim, which by my reading is new in this filing. Republicans in Congress have tampered with the criminal cases against Trump’s people on at least two occasions (when Richard Burr told the White House who had been targeted, and whoever reached out to Mike Flynn to discourage his cooperation). Given DOJ’s warnings about how sensitive the report is, it would be fairly damning if one of just 5 Republicans who had seen it already ran to Stone to tell him what’s in it. (Those 5 are: Mitch McConnell, Richard Burr, Lindsey Graham, Kevin McCarthy, and Doug Collins; it’s not clear whether Devin Nunes has reviewed the report yet.)

I’m most interested whether Stone learned in real time — perhaps last fall — that Mueller had decided not to charge him in a conspiracy with WikiLeaks and Russia. That would be particularly interesting given that Paul Manafort actually told what resembles the truth about the campaign’s outreach, through Stone, to WikiLeaks.

Amy Berman Jackson currently has unredacted parts of the Mueller Report pertaining to Stone, so if this information does come from leaks about the Mueller Report, she may recognize that.

As I said, even if Mueller decided not to charge Stone in a conspiracy because, with the witness tampering charges, he may face the same kind of sentence without some of the evidentiary hurdles, it doesn’t amount to selective prosecution.

But Stone sure seems to have a specific idea of what he’s looking for, even if it only helps his (and Trump’s) political case, not his criminal one.

Update: Corrected the number of Republicans known to have reviewed the report to 5.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Surveillance Whack-a-Mole, Section 215 to Section 702 Edition

As it happens, I and others covered the report that NSA purportedly has not restarted its use of the Section 215 CDR program in the wake of finding serious over-collection on the same day that I Con the Record released another Semiannual report on 702, the one completed in October 2018, which covers December 2016 to May 2017.

In my post on the Section 215 CDR claim, I suggested that function probably hasn’t shut down, but likely moved instead to a different authority, probably EO 12333.

The NSA almost never gives up a function they like. Instead, they make sure they don’t have any adverse court rulings telling them they’ve broken the law, and move the function some place else. Given that the government withdrew several applications last year after FISC threatened to appoint an amicus, and given that the government now has broadened 12333 sharing, they may have just moved something legally problematic somewhere else.

In Ellen Nakashima’s report on the 215 CDR shutdown, she suggested that NSA may not longer need the 215 CDR function because “terrorists” (this program was never just about terrorists) increasingly use secure apps which “don’t always create metadata.”

But these days, terrorists generally are not coordinating via phone calls or standard text messages, but communicate by using secure apps that don’t always create metadata trails, analysts said.

That is, the suggestion is that because “terrorists” are using encrypted apps like Signal and WhatsApp rather than AT&T or Verizon’s own SMS apps, getting the latter via the CDR program is not as useful.

But perhaps that explains the over-collection issue behind all this.

From the start of the USA Freedom Act debate, I have noted that the definition used in the law — session identifier — did not match the intent of most members of Congress: that is, to track telephony contacts. Telephony contacts are just an increasingly minimal subset of the session identifiers than any mobile phone user will generate. And in the age of super-cookies, providers increasingly track these other session identifiers. If providers collect it, spooks and law enforcement will try to use it, and the expanded universe of session identifiers is no exception.

One of several likely explanations for the over-collection that led the government to destroy all its records last year is that the FISA Court wrote something that distinguished between the two (basically, establishing a precedent that made fudging the issue legally problematic), leading NSA to “discover” the over-collection and quickly start deleting records before any overseer found the proof that it was no accident.

At least, that same pattern has happened numerous times before.

Anyway, back to surveillance whack-a-mole.

When this has happened in the past, the NSA didn’t actually shut down the function. It instead moved it to another authority, preferably one with less court oversight. Of particular note, when NSA shut down the PRTT dragnet in 2011, it moved some of that function to EO 12333 (NSA had resumed a practice shut down during the Stellar Wind shutdown allowing the agency to chain on Americans) and Section 702.

That’s why I want to point to something in the most recent Section 702 Semiannual Report (which, remember, reflects really dated reviews of Section 702 use. On top of being really dated, the report is, as all of these are, heavily redacted and largely boilerplate. Nevertheless, a close read of it (I do think I’m the only one who actually reads these!) can point to trends that can sometimes help identify problems on the same timeline that NSA’s Inspector General does.

And this most recent Semiannual report, from the period mid-way into implementation of the new USAF CDR function, has this passage (which — I believe — includes a typo).

This passage is not reporting a decrease, as the last clause of the paragraph claims; it is reporting an increase in the number of times Section 702 data appears in serialized (that is, finished) reports. The typo appears to be the result of retaining the claim that this is “the first and only decrease of for these ten reporting periods” from the prior report.

What is likely true of this passage, however, is that it is reporting a new trend: “expanded use of Section 702” for some function.

There are several likely candidates for the time period (early 2017). The increasing use of the 2014 exception, the ongoing shift of the old PRTT function (obtaining email metadata) are two.

But another would be to use 702 — such that it is technically feasible — to obtain what metadata exists for encrypted apps. Notably, during precisely this period, Facebook was moving to more closely integrate WhatsApp with its platform generally. And this would give it access (but not content) of chats. Since then, it has probably become easier for Verizon and AT&T to identify who is using Signal by matching the individual keys generated for each contact (just as an example, you can set Verizon to show this or not, meaning they’ve got visibility onto it one way or another). Using 702 to get encrypted app metadata would only give you one degree of separation from a foreign target. But you’d get it with far less oversight than NSA undergoes with Section 215.

Here’s the dirty secret about FISA. It is far easier for NSA to use Section 702 to get content and metadata than it is for NSA to use Section 215 to get just session identifiers.

Section 702 couldn’t replace all of what Section 215 — if it were collecting on the session identifiers associated with encrypted chat apps — gets. But what it could get might be far more voluminous than the 500 million session identifiers collected in 2017.

Update: Bobby Chesney — who seems to know more than he’s letting on — weighs in on the news here.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Lawfare “Breaks” News: NSA Hasn’t Restarted the Section 215 CDR Function

Last week, Lawfare’s podcast had on Luke Murry, National Security Advisor to Republican House Minority Leader Kevin McCarthy, and Daniel Silverberg, National Security Advisor to Democratic House Majority Leader Steny Hoyer.

At 5:10, in response to a question from Margaret Taylor about what kind of oversight Congress will exercise in this Congress, one of them says,

I think my mind goes to the must-pass things. Let’s use that as lowest common denominator. One which may be must-pass, may actually not be must-pass, is Section 215 of USA Freedom Act, where you have this bulk collection of, basically metadata on telephone conversations — not the actual content of the conversations but we’re talking about length of call, time of call, who’s calling — and that expires at the end of this year. But the Administration actually hasn’t been using it for the past six months because of problems with the way in which that information was collected, and possibly collecting on US citizens, in the way it was transferred from private companies to the Administration after they got FISA court approval. So, if the Administration does ask on that, that’s inherently a very sensitive subject. And we’ve seen that sensitivity be true in other areas of USA Freedom Act so I think that’s going to be a real challenge for Congress. But I’m not actually certain that the Administration will want to start that back up given where they’ve been in the last six months.

The staffer seems a bit confused by what he’s talking about.

By description — the description of this being metadata turned over by providers — this must be the Call Detail Record of USA Freedom Act, not all of Section 215. It appears to be public confirmation that the government never resumed the CDR program after it announced that it had destroyed all its records last June (though that works out to be 8 months, not just 6).

That, in turn, suggests that the problem with the records may not be the volume or the content turned over, but some problem created either by the specific language of the law or (more likely) the House Report on it or by the Carpenter decision. Carpenter came out on June 22, so technically after the NSA claims to have started deleting records on May 23. It also may be that the the NSA realized something was non-compliant with its collection just as it was submitting the 6th set of 180-day applications, and didn’t want to admit to the FISC that it had been breaking the law (which is precisely what happened in 2011 when the government deleted all its PRTT records).

Just as an example, I long worried that the government would ask providers to use location data to match phones. Under the law, so long as the government just got the phone number of a new phone that had been geolocated, it might qualify as a CDR under the law, but would absolutely be a violation of the intent of the law. Such an application — which is something that AT&T has long offered law enforcement — might explain what we’ve seen since.

One other thing, though: The NSA almost never gives up a function they like. Instead, they make sure they don’t have any adverse court rulings telling them they’ve broken the law, and move the function some place else. Given that the government withdrew several applications last year after FISC threatened to appoint an amicus, and given that the government now has broadened 12333 sharing, they may have just moved something legally problematic somewhere else.

In any case, there’s no follow-up on the podcast, which might at least clarify the obvious parts of this revelation, to say nothing of asking for the underlying detail. So it will take some work to figure out what really happened.