Posts

James Wolfe: The Distinction Between FBI’s Investigation of Leaking Classified versus Non-Public Information

There’s something about the James Wolfe case that has stuck with me. For an article published after Wolfe’s indictment was released, Ali Watkins’ lawyer, Mark MacDougall, tempered his concern about Watkins’ call records being seized by suggesting that the scope of charges might somehow legitimate it.

Watkins’ attorney, Mark MacDougall, had described the seizure as “disconcerting.”

“Whether it was really necessary here will depend on the nature of the investigation and the scope of any charges,” MacDougall said in a statement.

While MacDougall has gone silent since then, this comment suggested there might be a reasonable premise for DOJ to seize all of Watkins call records for her entire journalistic career, which is fairly shocking. FBI gets all the call records of someone, these days, to identify all the devices she uses to check that activity as much as they do so to identify specific calls made. There’s nothing revealed by the indictment that would justify that, and a lot (notably, the evidence they had ready access to Wolfe’s phone content) that suggests it wasn’t justified.

With that in mind, I want to look at some details about the known timeline of the investigation:

March 2017: Exec Branch provides SSCI “the Classified Document,” which includes both Secret and Top Secret information, with details pertaining to Page classified as Secret.

March 2, 2017: James Comey briefs HPSCI on counterintelligence investigations, with a briefing to SSCI at almost the same time.

March 17, 2017: 82 text messages between Wolfe and Watkins.

April 3, 2017: Watkins confirms that Carter Page is Male-1.

April 11, 2017: WaPo reports FBI obtained FISA order on Carter Page.

June 2017: End date of five communications with Reporter #1 via Wolfe’s SSCI email.

June 2017: Using pretext of serving as a source, CBP agent Jeffrey Rambo grills Watkins about her travel with Wolfe.

October 2017: Wolfe offers up to be anonymous source for Reporter #4 on Signal.

October 16, 2017: Wolfe Signals Reporter #3 about Page’s subepoena.

October 17, 2017: NBC reports Carter Page subpoena.

October 24, 2017: Wolfe informs Reporter #3 of timing of Page’s testimony.

October 30, 2017: FBI informs James Wolfe of investigation.

November 15, 2017: 90 days before DOJ informs Ali Watkins they’ve seized her call records.

December 14, 2017: FBI approaches Watkins about Wolfe.

Prior to December 15, 2017 interview: Wolfe writes text message to Watkins about his support for her career.

December 15, 2017: FBI interviews Wolfe.

February 13, 2018: DOJ informs Watkins they’ve seized her call records.

June 6, 2018: Senate votes to make official records available to DOJ.

That the Chairman and Vice Chairman of the Senate Select Committee on Intelligence, acting jointly, are authorized to provide to the United States Department of Justice copies of Committee records sought in connection with a pending investigation arising out of allegations of the unauthorized disclosure of information, except concerning matters for which a privilege should be asserted.

June 7, 2018: Grand jury indicts Wolfe.

June 7, 2018: Richard Burr and Mark Warner release a statement:

We are troubled to hear of the charges filed against a former member of the Committee staff. While the charges do not appear to include anything related to the mishandling of classified information, the Committee takes this matter extremely seriously. We were made aware of the investigation late last year, and have fully cooperated with the Federal Bureau of Investigation and the Department of Justice since then. Working through Senate Legal Counsel, and as noted in a Senate Resolution, the Committee has made certain official records available to the Justice Department.

June 13, 2018: Wolfe arraigned in DC. His lawyers move to prohibit claims he leaked classified information.

The indictment is quite clear: the investigation leading to Wolfe’s indictment started as an investigation into “multiple unauthorized disclosures of classified information” to the press. It’s clear from Burr and Warner’s statement that they were a bit surprised that the “charges do not appear to include anything related to the mishandling of classified information.” The indictment doesn’t charge Wolfe with leaking classified information.

And the timeline laid out in the indictment suggests that the document provided SSCI in March 2017 led to Watkins confirming that Page was Male-1 in the Victor Podobnyy complaint, the complaint itself is probably not classified. Nor would it, with its reference to Page as Male-1 (also used in this indictment!), be enough to ID Page as the guy Podobnyy was trying to recruit.

As I suggested in this post, for all the focus on Watkins, the indictment actually seemed to prioritize Reporter #1, including on the questionnaire the FBI gave Wolfe when they interviewed him in December. It first asked if Wolfe knew any of the reporters behind that still unidentified story, then asked a question that his relationship with Watkins would clearly refute, which agents contextualized even further by asking specific questions about details they had already confirmed about their relationship, including the international travel Rambo had identified as early as June. Then, after asking a question that would clearly pertain to Wolfe’s undeniable relationship with Watkins, the questionnaire asked whether he had given classified or unclassified documents to any of the journalists he might have admitted to contacting in Question 10, covering the basis for that Podobnyy story.

c. During the interview, FBI agents showed WOLFE a copy of a news article authored by three reporters, including REPORTER #1, about an individual (referred to herein as “MALE-l)”, that contained classified information that had been provided to the SSCI by the Executive Branch for official purposes.

d. Question 9 of the lnvestigative Questionnaire asked “Have you had any contact with” any of those three reporters. As to each reporter, WOLFE stated and checked “No.”

e. Question 10 of the Investigative Questionnaire asked, “Besides [the three named reporters], do you currently have or had any contact with any other reporters (professional, official, personal)?” Before answering this question, WOLFE stated orally to the FBI agents that although he had no official or professional contact with reporters, he saw reporters every day, and so to “feel comfortable” he would check “Yes.” He did so, and initialed this answer.

f. Question 10 of the Investigative Questionnaire further asked, “If yes, who and describe the relationship (professional, official, personal).” In the space provided, WOLFE hand wrote “Official – No” and “Professional – No.” WOLFE then orally volunteered that he certainly did not talk to reporters about anything SSCl-related. FBI agents orally asked WOLFE if he had traveled internationally with any reporter, gone to a baseball game or to the movies with a reporter, or had weekly or regular electronic communication with a reporter. To each question WOLFE verbally responded ‘No.” WOLFE then wrote “Personal – No” on the Investigative Questionnaire.

g. Question 11 of the lnvestigative Questionnaire asked, “If yes to question ten, did you discuss or disclose any official U.S. government information or documents whether classified or unclassified which is the property of the U.S. government without express authorization from the owner of the information?” WOLFE stated and checked “No” and initialed this answer.

Now consider the vote to release official SSCI documents to DOJ, which DOJ appears to have needed before they presented the indictment to the grand jury the next day, but which DOJ knew enough about to already be prepped to indict. That is, DOJ surely already knew what those records showed; what the vote did was permit DOJ to use the records in a prosecution. There are surely records pertaining to the SSCI SCIF that DOJ wanted, including the specific treatment of the Classified Document delivered to SSCI in March 2017.

On or about March 17,2017,the Classified Document was transported to the SSCI. As Director of Security, WOLFE received, maintained, and managed the Classified Document on behalf of the SSCI.

It’s also possible (though unlikely) that SSCI, and not the Executive Branch, counts as custodian of Wolfe’s Non-Disclosure Agreements.

But the only actual SSCI record described in the indictment is the email account he used to communicate with Reporter #1, as well as emails that Page sent to the committee to complain about leaks.

For example, between in or around December 2015 and in or around June 2017, WOLFE and REPORTER #1 communicated at least five times using his SSCI email account.

[snip]

26. On or about October 18, 2011, MALE-1 sent an email to the SSCI, complaining that the news organization had published REPORTER #3’s news article of the previous day, reporting that he had been subpoenaed.

27. On or about October 24,2017, at 7:00 a.m., WOLFE informed REPORTER #3, using Signal, that MALE-1 would testify in closed hearing before the SSCI “this week.” At 9:58 a.m., REPORTER #3 sent an email to MALE-I, asking him to confirm that he would be ‘paying a visit to Senate Intelligence staffers this week.” At 9:23 p.m., MALE-I sent an email to the SSCI, forwarding the email he had received from REPORTER #3, and complaining that the details of his appearance had been leaked to the press.

So it’s possible that, having had SSCI’s cooperation since the time FBI was interviewing Wolfe, DOJ only needed to ensure it could access these email records. It’s possible that DOJ believes convicting Wolfe of false statements charges, and avoiding the hassle of exposing classified information at a trial charging that he leaked classified information, is sufficient punishment.

Or it’s possible that this indictment is just the next step in an investigative process that aims to get confirmation — public or tacit, the latter obtained via a guilty plea with cooperation — regarding the source for that other, still unidentified story that incorporated classified information. I also think FBI may be particularly interested that Wolfe was approaching journalists offering to be a source, as he did in October with Reporter #4, and not vice-versa.

Gina Haspel’s Fluid Moral Compass

I expected to dislike Gina Haspel, but be impressed with her competence (the same view I always had about John Brennan). But she did not come off as competent in her confirmation hearing, in large part because the lies surrounding her career cannot be sustained.

Let’s start with the questions she didn’t answer (usually offering a non-responsive rehearsed answer instead). She refused to say:

  • Whether she believes, with the benefit of hindsight, torture was immoral.
  • If a terrorist tortured a CIA officer, whether that would be immoral.
  • Whether the torture program was consistent with American values.
  • Whether she oversaw the torture of Abd al Rahim al-Nashiri.
  • Whether she was in a role supervising torture before she became Jose Rodriguez’ Chief of Staff.
  • Whether she pushed to keep the torture program between 2005 and 2007 (see that question here).
  • Whether she would recuse from declassification decisions relating to her nomination.
  • Whether Dan Coats should oversee declassification decisions regarding her nomination.
  • Whether she has been alone with President Trump.
  • Whether she would tell Congress if he asked her for a loyalty oath.

She also answered that she didn’t think torture worked, but then hedged and said she couldn’t say that because we got evidence from it.

She did answer one question that went to the core of her abuse when she participated in the destruction of the torture tapes. She said she would consider it insubordination today if an officer bypassed her for something as substantive as destroying the tapes, as Jose Rodriguez did. But she as much as said she would have destroyed the tape much earlier, because of the security risk they posed to the officers who appeared in the videos.

Then there was the logical inconsistency of her presentation. Several Senators, including Mark Warner, Dianne Feinstein, Ron Wyden, and Kamala Harris, complained about the selective declassification of information surrounding her confirmation. Haspel explained that she had to abide by the rules of classification just like everyone else. Not only was that transparent bullshit on its face (as Harris noted, the CIA released a great deal of information that revealed details of her operations), during the course of the hearing she provided details about her first meeting with an asset, Jennifer Matthews’ life and assignments, and a counter-drug program that also must be classified, and yet she was willing to simply blurt them out.

Perhaps most remarkable, though, is a key claim she made to excuse the destruction of the torture tape.

She claimed she did not recall which of the long list of entities that opposed the destruction of the torture tape she knew about at the time. That includes a move by Carl Levin to form a congressional commission to investigate torture. But on several occasions, she said that because the torture was covered in cable traffic, no other evidence needed to be kept.

That assumes, of course, that both the specific CIA cable and CIA cables generally are a fair rendition of any event CIA does (it’s not; in this case, and some videos were destroyed before the reviews finding them to match).

But when the Senate Intelligence Committee did a 6.700 page report based on the cables CIA used to describe their own torture, CIA wailed because SSCI didn’t interview the individual officers. Haspel effectively suggested that cables, in the absence of the torture tapes, would be sufficient for a congressional commission. Yet when Congress used cables to do an investigation of torture, CIA then claimed that was invalid.

When asked whether torture was moral, Haspel instead repeatedly insisted she has a sound moral compass. Except what her testimony made clear is that her idea of moral compass has everything to do with what is good for the CIA and its officers. It has absolutely nothing to do with traditional moral values. That’s not actually surprising. That’s what we ask of clandestine CIA officers: to break the rules normal people adhere to, in the name of serving our country, and to remain absolutely loyal to those whose lives are exposed in doing so.

Except today, Haspel proved unable to move beyond the fluid moral compass of a CIA officer to adopt a more stringent moral code of an official serving a democracy.

2018 Senate Intelligence Global Threat Hearing Takeaways

Today was the annual Senate Intelligence Committee Global Threat Hearing, traditionally the hearing where Ron Wyden gets an Agency head to lie on the record.

That didn’t happen this time.

Instead, Wyden gave FBI Director Christopher Wray the opportunity to lay out the warnings the FBI had given the White House about Rob Porter’s spousal abuse problems, which should have led to Porter’s termination or at least loss of access to classified information.

The FBI submitted a partial report on the investigation in question in March. And then a completed background investigation in late July. That, soon thereafter, we received request for follow-up inquiry. And we did that follow-up and provided that information in November. Then we administratively closed the file in January. And then earlier this month we received some additional information and we passed that on as well.

That, of course, is the big takeaway the press got from the hearing.

A follow-up from Martin Heinrich shortly after Wyden’s question suggested he had reason to know of similar “areas of concern” involving Jared Kushner (which, considering the President’s son-in-law is under investigation in the Russian investigation, is not that surprising). Wray deferred that answer to closed session, so the committee will presumably learn some details of Kushner’s clearance woes by the end of the day.

Wray twice described the increasing reliance on “non-traditional collectors” in spying against the US, the second time in response to a Marco Rubio question about the role of Chinese graduate students in universities. Rubio thought the risk was from the Confucius centers that China uses to spin Chinese culture in universities. But not only did Wray say universities are showing less enthusiasm for Confucius centers of late, but made it clear he was talking about “professors, scientists, and students.” This is one of the reasons I keep pointing to the disproportionate impact of Section 702 on Chinese-Americans, because of this focus on academics from the FBI.

Susan Collins asked Mike Pompeo about the reports in The Intercept and NYT on CIA’s attempts to buy back Shadow Brokers tools. Pompeo claimed that James Risen and Matt Rosenberg were “swindled” when they got proffered the story, but along the way confirmed that the CIA was trying to buy stuff that “might have been stolen from the US government,” but that “it was unrelated to this idea of kompromat that appears in each of those two articles.” That’s actually a confirmation of the stories, not a refutation of them.

There was a fascinating exchange between Pompeo and Angus King, after the latter complained that, “until we have some deterrent capacity we are going to continue to be attacked” and then said right now there are now repercussions for Russia’s attack on the US.

Pompeo: I can’t say much in this setting I would argue that your statement that we have done nothing does not reflect the responses that, frankly, some of us at this table have engaged in or that this government has been engaged in both before and after, excuse me, both during and before this Administration.

King: But deterrence doesn’t work unless the other side knows it. The Doomsday Machine in Dr. Strangelove didn’t work because the Russians hadn’t told us about it.

Pompeo: It’s true. It’s important that the adversary know. It is not a requirement that the whole world know it.

King: And the adversary does know it, in your view?

Pompeo: I’d prefer to save that for another forum.

Pompeo later interjected himself into a Kamala Harris discussion about the Trump Administration’s refusal to impose sanctions by suggesting that the issue is Russia’s response to cumulative responses. He definitely went to some effort to spin the Administration’s response to Russia as more credible than it looks.

Tom Cotton made two comments about the dossier that Director Wray deferred answering to closed session.

First, he asked about Christopher Steele’s ties to Oleg Deripaska, something I first raised here and laid out in more detail in this Chuck Grassley letter to Deripaska’s British lawyer Paul Hauser. When Cotton asked if Steele worked for Deripaska, Wray said, “that’s not something I can answer.” When asked if they could discuss it in a classified setting, Wray said, “there might be more we could say there.”

Cotton then asked if the FBI position on the Steele dossier remains that it is “salacious and unverified” as he (misleadingly) quoted Comey as saying last year. Wray responded, “I think there’s maybe more we can talk about this afternoon on that.” It’s an interesting answer given that, in Chuck Grassley’s January 4 referral, he describes a “lack of corroboration for [Steele’s dossier] claims, at least at the time they were included in the FISA applications,” suggesting that Grassley might know of corroboration since. Yet in an interview by the even better informed Mark Warner published 25 days later, Warner mused that “so little of that dossier has either been fully proven or conversely, disproven.” Yesterday, FP reported that BuzzFeed had hired a former FBI cybersecurity official Anthony Ferrante to try to chase down the dossier in support of the Webzilla and Alfa bank suits against the outlet, so it’s possible that focused attention (and subpoena power tied to the lawsuit) may have netted some confirmation.

Finally, Richard Burr ended the hearing by describing what the committee was doing with regards to the Russian investigation. He (and Warner) described an effort to bring out an overview on ways to make elections more secure. But Burr also explained that SSCI will release a review of the ICA report on the 2016 hacks.

In addition to that, our review of the ICA, the Intel Committee Assessment, which was done in the F–December of 06, 16–we have reviewed in great detail, and we hope to report on what we found to support the findings where it’s appropriate, to be critical if in fact we found areas where we found came up short. We intend to make that public. Overview to begin with, none of this would be without a declassification process but we will have a public version as quickly as we can.

Finally, in the last dregs of the hearing, Burr suggested they would report on who colluded during the election.

We will continue to work towards conclusions  on any cooperation or collusion by any individual, campaign, or company with efforts to influence elections or create societal chaos in the United States.

My impression during the hearing was that this might refer to Cambridge Analytica, which tried to help Wikileaks organize hacked emails — and it might well refer to that. But I wonder if there’s not another company he has in mind.

In Which Mark Warner Refuses to Repeat His Comment That He Hadn’t Seen Evidence of “Collusion”

Mark Warner did a long interview with Politico a few weeks ago. I wanted to pull this exchange because it hasn’t gotten a lot of attention.

Glasser: A number of months ago, you and other Senate Democrats said, “Well, we hadn’t seen any definitive evidence yet of collusion between the Trump team and the Russians.” Has that changed?

Warner: I’m not going to be able to comment on that.

Glasser: But you can’t say no right now? You’re not saying, “No, I haven’t seen”—

Warner: I said a year ago when I started this that I thought it was maybe the most important thing I might ever work on. A year later, a lot more informed and somewhat frustrated at the slow pace, I still believe it will probably end up being the most important thing I ever work on.

Elsewhere in the interview, he describes receiving new documents

Glasser: Well, that’s right. So have there been genuine revelations? You talked about how we’re now a year into the investigations. So one question I think a lot of people have is what is the Senate Intelligence Committee doing as separate, but certainly parallel to, the Mueller investigation. Do you feel like you know significant new facts that have been placed onto the record of your investigation even if they’re not public yet that we didn’t know six months ago?

Warner: I believe I’ve seen, particularly in the document area, extraordinarily important new documents that I had not seen six months ago.

[snip]

Warner: These are just kind of in effect, the next wave. Because there are—let me say this the right way. It appears that Mr. Nunes’ claims may be related to some of the documents that were received late last year. Now, obviously, we would have received the same documents so the fact that some of the end-of-the-year document dumps were very significant.

Glasser: From the FBI?

Warner: I’m not going to, again, go into sources. But they opened a lot of new questions.

Glasser: And so when you referenced earlier in our conversation, you said you have reviewed documents that have raised new questions to you. Is this the same sort of revelations that you’re referring—

Warner: Well, this is—

Glasser: These are things that we don’t really know anything about on the public record, right?

Warner: There are—

Glasser: It’s not more information about the Trump Tower meeting?

Warner: I’m not going to make any—good try. There is more information coming. I wish some of this information should have come earlier to us but we’ve had new information that raises more questions.

He also refers to text messages — not emails — from the visitors to Trump Tower.

Warner: Yes, whether it was offers made in terms of at least—there were at least text messages from the group that sat down with Donald Trump Jr.

Meanwhile, he says this about the Steele dossier.

In my mind, one of the most amazing things is whether Mr. Trump or his campaign colluded or not, the fact that there is this explosive dossier that’s been in the public realm for a year-plus and whether enormous scrutiny from the press or for that matter, work of the American government, that so little of that dossier has either been fully proven or conversely, disproven.

The Timing of Mark Warner’s PseudoScandal Texts

By now, you’ve heard about Fox News’ scoop that Mark Warner made efforts last year to obtain testimony from two key figures in the Senate Intelligence Committee investigation into Russia’s involvement in the 2016 election via DC fixer Adam Waldman: Christopher Steele and Oleg Deripaska. (In my opinion, the news buried at the bottom of the story that Deripaska agreed to provide testimony if he could get immunity, but did not get it, is far more interesting than the rest of this, but I’m not a Fox News editor.)

“We have so much to discuss u need to be careful but we can help our country,” Warner texted the lobbyist, Adam Waldman, on March 22, 2017.

“I’m in,” Waldman, whose firm has ties to Hillary Clinton, texted back to Warner.

The story also includes this paragraph, which also has gotten less attention.

Warner began texting with Waldman in February 2017 about the possibility of helping to broker a deal with the Justice Department to get the WikiLeaks founder Julian Assange to the United States to potentially face criminal charges. That went nowhere, though a Warner aide told Fox News that the senator shared his previously undisclosed private conversations about WikiLeaks with the FBI.

Interestingly, the Fox story relies on texts that Warner and Richard Burr jointly requested in June (targeting Waldman’s phone, not Warner’s, apparently), and then turned over to the committee in October. I look forward to seeing how the notoriously anti-leak Burr deals with the apparent leak of committee sensitive materials to the right wing press.

Even while the story links to texts from SSCI, it comes a week after a woman duped the famously paranoid Julian Assange into exchanging texts with her fake Sean Hannity account promising news on Mark Warner.

[Dell] Gilliam, a technical writer from Texas, was bored with the flu when she created @SeanHannity__ early Saturday morning. The Fox News host’s real account was temporarily deleted after cryptically tweeting the phrase “Form Submission 1649 | #Hannity” on Friday night. Twitter said the account had been “briefly compromised,” according to a statement provided to The Daily Beast, and was back up on Sunday morning.

[snip]

Just minutes after @SeanHannity disappeared, several accounts quickly sprung up posing as the real Hannity, shouting from Twitter exile. None were as successful as Gilliam’s @SeanHannity__ account, which has since amassed over 24,000 followers.

Gilliam then used her newfound prominence to direct message Assange as Hannity within hours.

“I can’t believe this is happening. I mean… I can. It’s crazy. Nothing can be put past people,” Gilliam, posing as Hannity, wrote to Assange. “I’m exhausted from the whole night. What about you, though? You doing ok?”

“I’m happy as long as there is a fight!” Assange responded.

Gilliam reassured Assange that she, or Hannity, was also “definitely up for a fight” and set up a call for 9:30 a.m. Eastern, about six hours later.

“You can send me messages on other channels,” said Assange, the second reference to “other channels” he made since their conversation began.

“Have some news about Warner.”

With that in mind, I want to look at the timing of some security issues last year.

While the texts turned over to Congress date to February 14, the conversation pertaining to Steele started around March 22. That puts it not long after news of a massive hack involving T-Mobile, first reported March 16.

An unusual amount of highly suspicious cellphone activity in the Washington, D.C., region is fueling concerns that a rogue entity is surveying the communications of numerous individuals, likely including U.S. government officials and foreign diplomats, according to documents viewed by the Washington Free Beacon and conversations with security insiders.

A large spike in suspicious activity on a major U.S. cellular carrier has raised red flags in the Department of Homeland Security and prompted concerns that cellphones in the region are being tracked. Such activity could allow pernicious actors to clone devices and other mobile equipment used by civilians and government insiders, according to information obtained by the Free Beacon.

It remains unclear who is behind the attacks, but the sophistication and amount of time indicates it could be a foreign nation, sources said.

I would hope to hell that former cell company mogul and current Ranking Member on the Senate Intelligence Committee running an important counterintelligence investigation Mark Warner would be aware of the security problems with mobile phones. But what do I know? [Update: Not much. Looking more closely it looks like he was using Signal.] In the last several months we’ve learned that FBI’s investigators discuss the even more sensitive aspects of the more important side of counterintelligence investigation on SMS texts on their Samsung cell phones.

¯\_(ツ)_/¯

But who knows what Waldman (who apparently chats a lot with spies, mobbed up Russian oligarchs, and — as Mike Pompeo deemed Wikileaks — non-state hostile intelligence services) knows about cell phone security?

In any case, the day before that was reported publicly, Ron Wyden and Ted Lieu sent a letter to John Kelly (who, as a reminder, in spite of or because he ran DHS for a while, had his own cell phone compromised), stating in part,

We are also concerned that the government has not adequately considered the counterintelligence threat posed by SS7-enabled surveillance.

[snip]

What resources has DHS allocated to identifying and addressing SS7-related threats? Are these resources sufficient to protect U.S. government officials and the private sector.

If the government started considering such issues in March, they might have gotten around to discovering what kinds of problems were created by the T-Mobile hack in June, when Warner and Burr moved to get the texts for SSCI.

In any case, at around that point in time, APT 28 (one of the entities blamed for hacking the DNC the previous year) started a phishing campaign targeting the Senate’s email server.

Beginning in June 2017, phishing sites were set up mimicking the ADFS (Active Directory Federation Services) of the U.S. Senate. By looking at the digital fingerprints of these phishing sites and comparing them with a large data set that spans almost five years, we can uniquely relate them to a couple of Pawn Storm incidents in 2016 and 2017. The real ADFS server of the U.S. Senate is not reachable on the open internet, however phishing of users’ credentials on an ADFS server that is behind a firewall still makes sense. In case an actor already has a foothold in an organization after compromising one user account, credential phishing could help him get closer to high profile users of interest.

Reporting at the time suggested this was an effort in advance of the 2018 election (which aside from minimizing the damage Russia might do in the interim, ignores the fact that staffers are ostensibly prohibited from using Senate resources for election related activities). But it always seemed to me it would more profitably target policy.

Or, maybe the only reasonable work Congress is doing to investigate the Russians?

Whether there’s a connection between these two compromises last year or not, and Julian Assange, and this Mark Warner story, it’s clear that DC remains ill-prepared to address the counterintelligence problems they’re faced with.

With the Corey Lewandowski Interview, Devin Nunes Confirms He’s No More Than Trump’s Mole

In the wake of Michael Wolff’s publication of Steve Bannon’s insistence that Donald Trump met with the attendees at the June 9, 2016 Trump Tower meeting, we got word that Bannon — who claims never to have interviewed with Robert Mueller’s team — has hired the same lawyer representing Reince Priebus and Don McGahn for an interview this week with the House Intelligence Committee.

Two sources tell us Burck is helping Bannon prepare for an interview with the House intelligence committee, which is currently scheduled for next week. Sources also said Bannon plans to “fully cooperate” with investigators.

Burck also represents White House Counsel Don McGahn and former Chief of Staff Reince Priebus for the purposes of the Russia probe, as Law360 reported last September.

It is not unheard of for one attorney to represent more than one client on the same matter. But the fact that several key players with Trump administration ties have the same lawyer could irk investigators.

Then, yesterday, news broke that Corey Lewandowski will interview with HPSCI this week. He, too, claims he has never interviewed with Mueller’s team.

Former Trump campaign manager Corey Lewandowski says that he has yet to be contacted by Special Counsel Robert Mueller as part of the ongoing Russia investigation.

Lewandowski, who was interviewed by WABC’s Rita Cosby on Sunday, also confirmed reports that he will be interviewed on either Wednesday or Thursday by the House Intelligence Committee as part of its Russia probe.

“I have nothing to hide. I didn’t collude or cooperate or coordinate with any Russian, Russian agency, Russian government or anybody else, to try and impact this election,” Lewandowski says he plans to tell the House panel.

Daily Caller is right — it’s odd that Mueller hasn’t interviewed Lewandowski, given that he had these critically timed interactions with George Papadopoulos.

April 27: Papadopoulos to Corey Lewandowski

“to discuss Russia’s interest in hosting Mr. Trump. Have been receiving a lot of calls over the last month about Putin wanting to host him and the team when the time is right.”

April 27: Papadopoulos authored speech that he tells Timofeev is “the signal to meet”

[snip]

May 4, Papadopoulos to Lewandowski (forwarding Timofeev email):

“What do you think? Is this something we want to move forward with?”

May 14, Papadopoulos to Lewandowski:

“Russian govemment[] ha[s] also relayed to me that they are interested in hostingMr. Trump.”

[snip]

June 19: Papadopoulos to Lewandowski

“New message from Russia”: “The Russian ministry of foreign affairs messaged and said that if Mr. Trump is unable to make it to Russia, if campaign rep (me or someone else) can make it for meetings? I am willing to make the trip off the record if it’s in the interest of Mr. Trump and the campaign to meet specific people.”

The decision to call two key Trump people whom Mueller hasn’t met happens in the wake of events that haven’t gotten sufficient attention. On January 3, Rod Rosenstein and Christopher Wray met with Paul Ryan to request that he limit the documents Nunes had requested from FBI. Ryan backed Nunes, which led Rosenstein and Wray to agree to show a bunch of highly sensitive documents to HPSCI investigators, as well as agree to interviews with the FBI and DOJ people who had either touched the Steele dossier or been witnesses to Jim Comey’s claims that Trump demanded loyalty from him.

At Wednesday’s meeting — initiated at Rosenstein’s request — Rosenstein and Wray tried to gauge where they stood with the House speaker in light of the looming potential contempt of Congress showdown and Nunes’ outstanding subpoena demands, sources said. CNN is told the discussion did not involve details of the separate Russia investigation being led by special counsel Robert Mueller.

While Ryan had already been in contact with Rosenstein for months about the dispute over documents, Rosenstein and Wray wanted to make one last effort to persuade him to support their position. The documents in dispute were mostly FBI investigative documents that are considered law enforcement sensitive and are rarely released or shared outside the bureau.

During the meeting, however, it became clear that Ryan wasn’t moved and the officials wouldn’t have his support if they proceeded to resist Nunes’ remaining highly classified requests, according to multiple sources with knowledge of the meeting.

Sources also told CNN that the Justice Department and the FBI also had learned recently that the White House wasn’t going to assert executive privilege or otherwise intervene to try to stop Nunes.

The focus on all the reporting has been on the dossier; indeed, one of CNN’s sources says Mueller’s investigation didn’t come up. It’s not clear that makes sense, given the implication that Trump might claim executive privilege over something being discussed, unless the privilege claim pertained to the two-page summary of the dossier given to him and Obama.

Moreover, the letter memorializing what Nunes forced Rosenstein and Wray to give up suggests the discussion involved all “investigative documents that relate to the Committee’s investigations into (a) Russian involvement in the 2016 Presidential election,” as well as its efforts to find evidence of politicization at DOJ.

As agreed, designated Committee investigators and staff will be provided access to all remaining investigative documents, in unredacted form, for review at DOJ on Friday, January 5, 2018. The documents to be reviewed will include all FBI Form-1023s and all remaining FBI Form FD-302s responsive to the Committee’s August 24, 2017 subpoenas. The only agreed-upon exception pertains to a single FD-302, which, due to national security interests, will be shown separately by Director Wray to myself and my senior investigators during the week of January 8, 2018.

You further confirmed that there are no other extant investigative documents that relate to the Committee’s investigations into (a) Russian involvement in the 2016 Presidential election or (b) other investigatory documents germane to the Committee’s investigations regardless of form and/or title. If, somehow, “new” or “other” responsive documents are discovered, as discussed, you will notify me immediately and allow my senior investigators to review them shortly thereafter.

[snip]

It was further agreed that all documents made available to the Committee will also be available for review by the minority Ranking Member and designated staff.

If that’s right — if the document requests pertain to both the Steele dossier and the Mueller investigation, then on January 5, HPSCI would have been able to determine everyone who had been interviewed and what they had said (which is a good way to ensure that witnesses not cooperate with Mueller). And last week, Nunes, would have been able to review a 302 (the forms FBI uses to report their interviews with witnesses) that, for some reason, was even more sensitive than the FISA orders and confidential human source reports they had reviewed the previous Friday. From his language, it’s not clear whether Adam Schiff would have been included in that review.

Last Wednesday, Wray and Rosenstein gave briefings to Adam Schiff, reportedly by himself, and Richard Burr and Mark Warner together. If Schiff wasn’t included in the review of that 302, then that may explain what the briefing pertained to.

Just last month, Nunes was digging in and refusing to let Democrats call obvious witnesses. So the news that HPSCI will interview two key Trump people with whom Mueller has not yet met makes it clear — if it wasn’t already — that Nunes is trying to identify everything that Mueller might learn, so that he can then give Trump a clean bill of health and insist the entire investigation was just a political stunt drummed up from the Steele dossier (which is what Paul Manafort seems to have recommended last year).

And as all these machinations have gone on, Trump has vacillated about whether or not he’ll submit to an interview with Mueller. Perhaps Nunes has told him that the one thing that might make Mueller’s case is either a confirmation or denial from the President whether he knew or attended that June 9 meeting?

Eleven (or Thirteen) Senators Are Cool with Using Section 702 to Spy on Americans

The Senate Intelligence Committee report on its version of Section 702 “reform” is out. It makes it clear that my concerns raised here and here are merited.

In this post, I’ll examine what the report — particularly taken in conjunction with the Wyden-Paul reform — reveals about the use of Section 702 for domestic spying.

The first clue is Senator Wyden’s effort to prohibit collection of domestic communications — the issue about which he and Director of National Intelligence Dan Coats have been fighting about since June.

By a vote of four ayes to eleven noes, the Committee rejected an amendment by Senator Wyden that would have prohibited acquisition under Section 702 of communications known to be entirely domestic under authority to target certain persons outside of the United States. The votes in person or by proxy were as follows: Chairman Burr—no; Senator Risch—no; Senator Rubio—no; Senator Collins—no; Senator Blunt—no; Senator Lankford—no; Senator Cotton—no; Senator Cornyn—no; Vice Chairman Warner—no; Senator Feinstein—aye; Senator Wyden—aye; Senator Heinrich— aye; Senator King—no; Senator Manchin—no; and Senator Harris—aye.

It tells us that the government collects entirely domestic communications, a practice that Wyden tried to prohibit in his own bill, which added this language to Section 702.

(F) may not acquire communications known to be entirely domestic;

This would effectively close the 2014 exception, which permitted the NSA to continue to collect on a facility even after it had identified that Americans also used it. As I have explained is used to collect Tor (and probably VPN) traffic to obtain foreigners’ data. I suspect that detail is what Wyden had in mind when, in his comments in the report, he said the report itself “omit[s] key information about the scope of authorities granted the government” (though there are likely other things this report hides).

I have concerns about this report. By omitting key information about the scope of authorities granted the government, the Committee is itself contributing to the continuing corrosive problem of secret law

As the bill report lays out, Senators Burr, Risch, Rubio, Collins, Blunt, Lankford, Cotton, Cornyn, Warner, King, and Manchin are all cool using a foreign surveillance program to spy on their constituents, especially given that Burr has hidden precisely the impact of that spying in this report.

Any bets on whether they might have voted differently if we all got to know what kind of spying on us this bill authorized.

That, of course, is only eleven senators who are cool with treating their constituents (or at least those using location obscuring techniques) like foreigners.

But I’m throwing Feinstein and Harris in with that group, because they voted against a Wyden amendment that would have limited how the government could use 702 collected data in investigations.

By a vote of two ayes to thirteen noes, the Committee rejected an amendment by Senator Wyden that would have imposed further restrictions on use of Section 702-derived information in investigations and legal proceedings. The votes in person or by proxy were as follows: Chairman Burr—no; Senator Risch—no; Senator Rubio—no; Senator Collins—no; Senator Blunt—no; Senator Lankford—no; Senator Cotton—no; Senator Cornyn—no; Vice Chairman Warner—no; Senator Feinstein—no; Senator Wyden— aye; Senator Heinrich—aye; Senator King—no; Senator Manchin— no; and Senator Harris—no.

While we don’t have the language of this amendment, I assume it does what this language in Wyden’s bill does, which is to limit the use of Section 702 data for purposes laid out in the known certificates (foreign government including nation-state hacking, counterproliferation, and counterterrorism — though this language makes me wonder if there’s a Critical Infrastructure certificate or whether it only depends on the permission to do so in the FBI minimization procedures, and the force protection language reminds me of the concerns raised by a recent HRW FOIA permitting the use of 12333 language to do so).

(B) in a proceeding or investigation in which the information is directly related to and necessary to address a specific threat of—

(i) terrorism (as defined in clauses (i) through (iii) of section 2332(g)(5)(B) of title 18, United States Code);

(ii) espionage (as used in chapter 37 of title 18, United States Code);

(iii) proliferation or use of a weapon of mass destruction (as defined in section 2332a(c) of title 18, United States Code);

(iv) a cybersecurity threat from a foreign country;

(v) incapacitation or destruction of critical infrastructure (as defined in section 1016(e) of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001 (42 U.S.C. 5195c(e))); or

(vi) a threat to the armed forces of the United States or an ally of the United States or to other personnel of the United States Government or a government of an ally of the United States.

Compare this list with the one included in the bill, which codifies the use of 702 data for issues that,

“Affects, involves, or is related to” the national security of the United States (which will include proceedings used to flip informants on top of whatever terrorism, proliferation, or espionage and hacking crimes that would more directly fall under national security) or involves,

  • Death
  • Kidnapping
  • Serious bodily injury
  • Specified offense against a minor
  • Incapacitation or destruction of critical infrastructure (critical infrastructure can include even campgrounds!)
  • Cybersecurity, including violations of CFAA
  • Transnational crime, including transnational narcotics trafficking
  • Human trafficking (which, especially dissociated from transnational crime, is often used as a ploy to prosecute prostitution; the government also includes assisting undocumented migration to be human trafficking)

[snip]

Importantly, the bill does not permit judicial review on whether the determination that something “affects, involves, or is related to” national security. Meaning Attorney General Jeff Sessions could decide tomorrow that it can collect the Tor traffic of BLM or BDS activists, and no judge can rule that’s an inappropriate use of a foreign intelligence program.

The bill report’s description of this section makes it clear that — in spite of its use of the word “restriction,” — this is really about providing affirmative “permission.”

Section 6 provides restrictions on the Federal Bureau of Investigation’s (FBI’s) use of Section 702-derived information, so that the FBI can use the information as evidence only in court proceedings [my emphasis]

That is, Wyden would restrict the use of 702 data to purposes the FISC has affirmatively approved, rather than the list of 702 purposes expanded to include the most problematic uses of Tor: all hacking, dark markets, and child porn.

So while Feinstein and Harris voted against the use of 702 to collect known domestic communications, they’re still okay using domestic Tor commuincations they say they don’t want to let NSA collect to prosecute Americans (which is actually not surprising given their past actions on sex workers).

Again, they’re counting on the fact that the bill report is written such that their constituents won’t know that this is going on. Unless they read me.

Look, I get the need to collect on Tor traffic to go after its worst uses. But if you’re going to do that, stop pretending this is a foreign surveillance bill, and instead either call it a secret court bill (one that effectively evades warrant requirements for all Tor wiretapping in this country), or admit you’re doing that collection and put review of it back into criminal courts where it belongs.

The Senate Intelligence Committee 702 Bill Is a Domestic Spying Bill

Richard Burr has released his draft Section 702 bill.

Contrary to what you’re reading about it not “reforming” 702, the SSCI bill makes dramatic changes to 702. Effectively, it makes 702 a domestic spying program.

The SSCI expands the kinds of criminal prosecutions with which it can use Section 702 data

It does so in Section 5, in what is cynically called “End Use Restriction,” but which is in reality a vast expansion of the uses to which Section 702 data may be used (affirmatively codifying, effectively, a move the IC made in 2015). It permits the use of 702 data in any criminal proceeding that “Affects, involves, or is related to” the national security of the United States (which will include proceedings used to flip informants on top of whatever terrorism, proliferation, or espionage and hacking crimes that would more directly fall under national security) or involves,

  • Death
  • Kidnapping
  • Serious bodily injury
  • Specified offense against a minor
  • Incapacitation or destruction of critical infrastructure (critical infrastructure can include even campgrounds!)
  • Cybersecurity, including violations of CFAA
  • Transnational crime, including transnational narcotics trafficking
  • Human trafficking (which, especially dissociated from transnational crime, is often used as a ploy to prosecute prostitution; the government also includes assisting undocumented migration to be human trafficking)

This effectively gives affirmative approval to the list of crimes for which the IC can use 702 information laid out by Bob Litt in 2015 (in the wake of the 2014 approval).

Importantly, the bill does not permit judicial review on whether the determination that something “affects, involves, or is related to” national security. Meaning Attorney General Jeff Sessions could decide tomorrow that it can collect the Tor traffic of BLM or BDS activists, and no judge can rule that’s an inappropriate use of a foreign intelligence program.

“So what?” you might ask, this is a foreign surveillance program. So what if they find evidence of child porn in the course of spying on designated foreign targets, and in the process turn it over to the FBI?

The reason this is a domestic spying program is because of two obscure parts of 702 precedent.

The 2014 exception permits NSA to collect Tor traffic — including the traffic of 430,000 Americans

First, there’s the 2014 exception.

In 2014, the FISC approved an exception to the rule that the NSA must detask from a facility when it discovers that a US person was using it. I laid out the case that the facilities in question were VPNs (collected in the same way PRISM would be) and Tor (probably collected via upstream collection). I suggested then that it was informed speculation, but it was more than that: the 2014 exception is about Tor (though I haven’t been able to confirm the technical details of it).

NSA is collecting Tor traffic, including the traffic of the 430,000 Americans each day who use Tor.

One way to understand how NSA gets away with this is to consider how the use of upstream surveillance with cybersecurity works. As was reported in 2015, NSA can use upstream for cybersecurity purposes, but only if that use is tied to known indicators of compromise of a foreign government hacking group.

On December 29 of last year, the Intelligence Community released a Joint Analysis Report on the hack of the DNC that was considered — for cybersecurity purposes — an utter shitshow. Most confusing at the time was why the IC labeled 367 Tor exit nodes as Russian state hacker indicators of compromise.

But once you realize the NSA can collect on indicators of compromise that it has associated with a nation-state hacking group, and once you realize NSA can collect on Tor traffic under that 2014 exception, then it all begins to make sense. By declaring those nodes indicators of compromise of Russian state hackers, NSA got the ability to collect off of them.

NSA’s minimization procedures permit it to retain domestic communications that are evidence of a crime

The FISC approved the 2014 exception based on the understanding that NSA would purge any domestic communications collected via the exception in post-tasking process. But NSA’s minimization procedures permit the retention of domestic communications if the communication was properly targeted (under targeting procedures that include the 2014 exception) and the communication 1) includes significant foreign intelligence information, 2) the communication includes technical database information (which includes the use of encryption), 3) contains information pertaining to an imminent threat of serious harm to life or property OR,

Such domestic communication does not contain foreign intelligence information but is reasonably believed to contain evidence of a crime that has been, is being, or is about to be committed. Such domestic communication may be disseminated  (including United States person identities) to appropriate law enforcement authorities, in accordance with 50 U.S.C. § 1806(b) and 1825(c), Executive Order No 12333, and, where applicable, the crimes reporting procedures set out in the August 1995 “Memorandum of Understanding: Reporting of Information Concerning Federal Crimes,” or any successor document.

So they get the data via the 2014 exception permitting NSA to collect from Tor (and VPNs). And they keep it and hand it off to FBI via the exception on NSA’s destruction requirements.

In other words, what Richard Burr’s bill does is affirmatively approve the use of Section 702 to collect Tor traffic and use it to prosecute a range of crimes, some of them potentially quite minor.

 

After the Ad Hominem Approach to Surveillance Reauthorization Fails, Spooks Now Revert to Secrecy

As I have noted, thus far the surveillance boosters’ favored approach to Section 702 reauthorization has been to engage in ad hominem attacks against people engaging in good faith in the legislative process (even while they, themselves, make what would most charitably be called significant errors). Even when people make a concerted effort to avoid such sloppy attacks — as FBI Director Christopher Wray did at a recent appearance — they still accuse others of believing in myths while ignoring their own myth-making.

But now Richard Burr and the spooks he caters to are adopting another approach: legislating in secret.

The SSCI is reportedly moving to mark up their own version of Section 702 reauthorization this week — a bill crafted by Senators Burr, Warner, Feinstein, and Cornyn. The make-up of the team is key: because Cornyn and Feinstein are also on Senate Judiciary, they can sink any alternate bill that moves through that committee (something Feinstein has been doing since at least 2009).

As Wyden says in a letter objecting to the secret mark-up,

Section 702 has been the subject of extensive public testimony, while relevant FISA Court orders, minimization procedures and other documents have been declassified and released to the public. In this context, the public is right to expect that Congress debate the reauthorization of this authority in the open. Indeed, a transparent legislative process is a fundamental hallmark of our democracy.

A bunch of NGOs have also called on Burr to make this mark-up public.

There are several likely reasons why Burr and the spooks want to craft their legislation in secret.

Perhaps most importantly, by holding a closed session, you delay by about a month and a half what happened in the session, what the cleared Senators debated, and the tactical means the Chair (in this case Burr) used to shut down reform suggestions. That’s what happened in 2012, when Feinstein delayed the release of the bill report for about that long, hiding details about Ron Wyden’s attempt to get a count of US persons affected by 702 (see these three posts — one, two, three — for details, though Wyden did manage to call Feinstein out for lying about FISC always finding the collection to be constitutional).

Indeed, I’d bet a lot of money that one reason Burr wants to have a secret mark-up is to the very same thing Feinstein did four years ago: hide the government’s lies about their alleged inability to do a count of how many Americans get sucked up as part of 702, and how.

But the other reason Burr and the spooks likely want to have a mark-up in secret is precisely because of the transparency won since 2013, they don’t have winning arguments anymore. While courts, because of the secrecy reviewing cases without any adversarial process and often not getting a full picture of how 702 works, have found 702 itself constitutional (though the Ninth Circuit largely dodged the question of back door searches), as more and more people understand how it works (and as white men watching the Mike Flynn case come to understand how fragile life can get for those picked up incidentally), the program seems problematic.

And even those who believe 702 in its current form serves an irreplaceable role in our surveillance system can see the need for no-nonsense reforms, such as requiring an amicus help review yearly reauthorization.

In other words, by hiding this mark-up, Burr is conceding that he can’t win this legislative battle democratically. He, and the spooks, have to cheat. And they’re willing to do so, to codify parts of this program that likely wouldn’t pass court review if done in a real adversarial process.

We are at a critical tipping point with surveillance in this country, as the government chips away at the technologies that allow individuals to retain some kind of privacy. And to ensure we slide over that tipping point and down the dangerous slope on the other side, a bunch of spooks and their servants are cowering from democracy.

Richard Burr’s Tacit Warning to Christopher Steele

I’m just now catching up to Richard Burr and Mark Warner’s press conference on the Russia investigation yesterday. I saw some folks questioning why they did the presser, which surprises me. The answer seems obvious. They did the presser to release and apply pressure from specific areas of the investigation. For example, Burr exonerated those involved in the Mayflower Hotel meetings on April 2016 and further argued that the GOP platform was not changed to let Russia off the hook for Ukraine (I think the latter conclusion, in any case, is correct; I’m less persuaded about the first). Warner used the presser to push for Facebook to release the ads sold to Russia.

A particularly instance of this — one that I believe has been misunderstood by those who’ve reported it thus far — pertains to the Steele dossier. Here’s what Burr said about it, working off of prepared remarks (meaning issuing this tacit warning was one purpose of the presser; after 16:00):

As it relates to the Steele dossier: unfortunately the committee has hit a wall. We have on several occasions made attempts to contact Mr. Steele, to meet with Mr. Steele, to include, personally, the Vice Chairman and myself as two individuals, of making that connection. Those offers have gone unaccepted. The committee cannot really decide the credibility of the dossier without understanding things like who paid for it? who are your sources and sub-sources? We’re investigating a very expansive Russian network of interference in US elections. And though we have been incredibly enlightened at our ability to rebuild backwards, the Steele dossier up to a certain date, getting past that point has been somewhat impossible. And I say this because I don’t think we’re going to find any intelligence products that unlock that key to pre-June of ’16. My hope is that Mr. Steele will make a decision to meet with either Mark and I or the committee or both, so that we can hear his side of it, versus for us to depict in our findings what his intent or what his actions were. And I say that to you but I also say that to Chris Steele.

People seem to interpret this to mean SSCI hasn’t been able to corroborate the dossier — a point on which Burr is ambiguous. He references intelligence products that might unlock secrets of the dossier, which might suggest the committee has found intelligence products from later in the process that either confirms or doesn’t the events as the dossier as produced.

More important, however, is his reference to June 2016. While it seems like Burr might be suggesting the committee has found no evidence on collusion dating to before that date, that would seem to be inconsistent with the committee having received information on Michael Cohen’s discussions of financial dealings from before June (though given Burr’s exoneration of the Mayflower attendees, he may deem the earlier activities to be inconclusive).

So it seems more likely Burr raised the June 2016, along with his question about how paid for the report, to suggest he has real questions about whether its findings served as a partisan effort to taint Trump, paid for by a still undisclosed Hillary backer.

If Christopher Steele won’t talk about what intelligence he had on Trump before the time when, in June 2016, he reported on Russia providing kompromat (though not, at that point, hacked emails) on Hillary to Trump’s team, Burr seems to be saying, then it will be far easier to question his motivations and the conclusions of the report. And frankly, given some of the details on the Steele dossier — especially Steele’s briefings to journalists and his claim that the customers for the brief never read it — Burr is right to question that.

In other words, one point of the presser, it seems to me, was for Burr to warn Steele that his dossier will not be treated as a credible piece of work unless and until the committee gets more details about the background to it.

Update: Apparently, Steele responded to Burr’s comments by informing the committee he is willing to meet with Burr and Warner.