Posts

Skull and Bones: The Proud Boys’ Non-Conspiratorial Secret Society?

The morning of January 5, according to the government sentencing memo for him, Proud Boy Nicholas Ochs texted Ethan Nordean to say that, in light of the arrest of Enrique Tarrio the day before, he and Nordean were, “senior leadership in DC till Enrique is sprung.”

Following Tarrio’s arrest, Ochs messaged Nordean the morning of January 5. He said, “I guess we’re senior leadership in DC till Enrique is sprung. I’ll be in today or tonight. Lemmie know anything relevant.” Nordean replied, “Ok will do,” and they traded cell phone numbers.

Och’s own sentencing memo addresses that comment, but doesn’t explain it.

[T]he government relies extensively on a single message by Mr. Ochs, where he offhandedly referred to himself as a leader, Dkt. 94, pg. 9, and a tasteless message in which Mr. Ochs states he is “pro-violence,” id., at 4, the government is unable to point to a single actual instance wherein Mr. Ochs actually performed the duties of a leader or acted out in violence during the January 6th riots.

He doesn’t explain what became of the message, if anything (there’s no mention of any calls between Ochs and Nordean, and Nordean’s phone was not operational during the riot).

At least on the surface, it looks like Nordean blew Ochs off.

Instead, and before that comment, Ochs makes a very strained comment — limited to before attending the rally and discussion about their planned activities for the day –about what he said to other Proud Boys on the day of January 6, while he and Nicholas DeCarlo were attending the Trump speech and most of the other the other Proud Boys were marching around DC.

On the morning on January 6, Mr. Ochs and DeCarlo went to the rally where the President was addressing the crowd. Mr. Ochs was dressed in normal civilian clothing and did not wear any special military or other riot gear—unlike the many others who attended the rally, dressed in military/assault garb, signaling their violent intentions. Mr. Ochs was armed only with a smartphone.

Before attending the rally, Mr. Ochs did not communicate with any other Proud Boy members regarding their planned activities for the day. Indeed, at no point during the rally or the resulting assault on the Capitol, did Mr. Ochs coordinate with other Proud Boy members. As is stated in the Statement of Facts, though Mr. Ochs did come across other Proud Boy members in Washington, these were chance encounters and not the result of any prior planning. During the rally itself, Mr. Ochs was unable to live stream the event because the local cellular system was overwhelmed, and given his physical location, he was unable to hear the president’s speech.

At the conclusion of the rally, after the President finished speaking on the Ellipse, Mr. Ochs began seeking out the larger crowd which had begun moving towards the Capitol building—the first of many bad decisions that day. [my emphasis]

Given the evidence, that’s a credible claim.

What’s not covered by Och’s narrow (albeit for sentencing, critical) denials was Ochs’ participation in some small member chat groups, including one, called Skull and Bones, that included Nordean and Enrique Tarrio.

Leading up to January 6, 2021, Ochs participated in several Proud Boys chats on an encrypted messaging application, including one called “Official Presidents’ Chat” and one called “Skull and Bones.” Skull and Bones consisted of a small group (approximately twelve) of the Proud Boys’ Elders, including Enrique Tarrio and Ethan Nordean, both of whom have been charged with seditious conspiracy and other crimes for their roles leading the Proud Boys on January 6. See United States v. Nordean et al., 21-cr-175 (TJK). Some of these chats ended and then were reconstituted (because of concerns about being “compromised”) in the days leading up to January 6.

Of some interest: while the Proud Boy Leaders prosecution used Och’s November 2020 advocacy to wait before embracing violence as a way to show the Proud Boys ratcheted up their willingness to embrace violence.

[A]s the defendants, their co-conspirators, and their tools got further from the election and closer to Inauguration, the language they used to discuss the transfer of power became more desperate and more reflective of a willingness to take matters into their own hands. See Ex. 1 (proposed trial exhibit referenced at 11/18 hearing, with Proud Boys “elder” counseling: “I’m pro violence but don’t blow your load too soon.”).

Here, the focus is on Ochs’ attempts to persuade others to await the Supreme Court, which he was sure would deliver victory to Trump.

In Skull and Bones, on November 7, 2020, the group reacted to Biden being declared the winner of the election. Tarrio said, “Dark times if it isn’t reversed…and if it’s reversed…civil war.” Another user commented, “It’s civil war either way.”

Ochs disagreed: “It’s really not. The odds are with us because of the Supreme Court boys. I’m pro violence but don’t blow your load too soon.” He continued, “Not to be an anti-murder buzzkill but I really think this ISN’T fucked. Once it is, let’s go wild.” Ochs advised the group, “Bush/gore ruling took till December…Trump has a MUCH stronger case.” Ochs said, “Americans are weak and don’t want to fight. Them more so than us, but what’s really going to matter to the common man is what the Supreme Court says. And it will say.”

Another member noted, “Interesting that Trump got that woman through just before this huh. Could be the ace up his sleeve.” Ochs agreed and reiterated his belief that the Supreme Court was the best option to overturn the election: “Don’t fuck up the ruling. It’s a better chance than fighting.” He advised the group not to turn violent yet: “Not till the law enforcement institutions [are] weakened or more on our side. We lose right now.” But he told the group: “I’ll still chimp out if I’m wrong about the Supreme Court tho…we just have to TIME IT RIGHT and DO IT SMART.” Another member proposed that “veterans with combat experience” should “form militias.”

Ochs also expressed optimism in Parler posts that the Supreme Court would overturn the election results, including an image of Justice Thomas as a video game character:

Tarrio and others discussed a conference call on December 19 after Trump announced the rally.

Ochs’ prediction that the Supreme Court would overturn the election results did not come true. Instead, courts rejected dozens of lawsuits challenging the election results. On December 19, 2020, then-President Trump invited his followers to Washington, D.C. for a “wild” protest. The Proud Boys’ chats soon filled with talk of what they would do there. The same day as Trump’s December 19 tweet, in the small-group Skull and Bones chat, one member said, “Trump is calling for proud boys to show up on the 6th.” Ochs, Tarrio, and others then discussed arranging a conference call.

But Ochs is only described as a participant in the larger 50 and 35 person Ministry of Self Defense chats leading up to the riot. His top-level access seems to have remained that Skull and Bones chat.

After cooperating witness Charles Donohoe — though he is not named — is described as attempting to reconstitute the main MOSD list after Tarrio’s arrest, Ochs suggests doing so on the Skull and Bones list (and elsewhere it says it was reconstructed).

At 7:11 p.m., [Donohoe] posted a message in the MOSD Main chat, which read, “Hey have been instructed and listen to me real good! There is no planning of any sorts. I need to be put into whatever new thing is created. Everything is compromised and we can be looking at Gang charges.” The member then wrote, “Stop everything immediately” and then “This comes from the top.”

[snip]

Ochs asked if the Skull and Bones chat, which included Tarrio, should be deleted. Another user responded, “I did tell him to delete telegram off his phone right before he was arrested, so I’m hoping he listened to me.” Ochs sent two responses: “Yep. Smacc it off your phone if there’s trouble. Can always redownload no problem” and “*Fed has joined the chat*”

The sentencing memo describes Ochs getting the message to show up at the Washington Monument twice, on the Main MOSD chat and another unnamed one.

On January 5, in in a reconstituted version of the Main MOSD chat created the evening of January 4, another user sent a message with instructions for the next day: “Everyone needs to meet at the Washington Monument at 10am tomorrow morning! Do not be late! Do not wear colors! Details will be laid out at the pre meeting! Come out []as patriot!”6 ”

6 Ochs received a similar message in another Proud Boys encrypted chat involving approximately 33 members.

But he didn’t follow those directions; he went to the Ellipse speech with Nicholas DeCarlo instead.

But by 4:18PM, when the riot was still very much ongoing, Ochs was back on Skull and Bones in chats in which Tarrio also participated — including someone instructing Tarrio to tell Don Jr to stop condemning the violence.

In the Skull and Bones chat, at 4:18 p.m., another member reposted a photograph of Ochs and DeCarlo smoking cigarettes in the Crypt, and asked, “@Nick_Ochs you inside? Lol.” Ochs replied, “Yeehaw.” Soon after, one member said, “So what now,” and another (whose username indicated he was from the United Kingdom) said, “from our end it looks like Trump ain’t going peacefully.” Tarrio responded, “They’ll fear us doing it again…” When asked, “So what do we do now?” Tarrio replied, “Do it again.” Another user told Tarrio to “text your boy Don jr and tell him to stfu. This is PB country now.”

One explanation for this is that Ochs might have liked to be a more central player in the Proud Boys. But was not, and so he didn’t take part in the Nordean (and Joe Biggs-run) operation on the day of the riot.

And Nicholas DeCarlo joined him in not taking part.

DeCarlo goes even further attempting to distance himself from the Proud Boys — and the “nihilistic” behavior of those who were insufficiently insouciant while rioting.

As the Court can readily determine from both the agreed upon Statement of Facts in this case, as well as the photographic and video evidence, the defendant did not travel to the Capitol as a member of the Proud Boys, a group that he resigned from in 2019. He did not wear their distinctive clothing; he did not coordinate with other Proud Boy members (other than his co-defendant) prior to coming to Washington D.C.; and more importantly, he did not participate in any of the organized violence attributed to the group. In addition, while the Government argues that Mr. DeCarlo acted with “glee” during the riot, that adverb misapprehends the defendant’s intent. While Mr. DeCarlo’s insouciant/sarcastic nature and comments before, during, and after the events are blameworthy, he did not evince the angry, nihilistic demeanor displayed by a significant number of the other January 6 defendants.

The claim he wore no distinctive clothing is irrelevant, as that was what Proud Boys were ordered to do that day. And his complaint that he still bears a Proud Boy tattoo raises questions why he hasn’t removed it to limit the “lifelong” consequences of once having belonged to the group.

The defendant acknowledges that he became a member of the Proud Boys Dallas Fort Worth Chapter in in 2017, but he is adamant that resigned from the organization in 2019 because it was becoming “too political.” Mr. DeCarlo is well aware that his prior membership in the Proud Boys will have lifelong consequences; if nothing else, he had the words Proud Boys” tattooed on his left arm. The defendant is emphatic, however, that he left the Proud Boys in 2019 and the Government’s effort to connect him to the group thereafter is based upon nothing more than conjecture, suspicion, and innuendo and ought to be rejected by this Court. 1

And when disavowing the import of December calls with Tarrio and Gavin McInnes, DeCarlo doesn’t name McInnes.

1 The Government notes that the defendant stated he was “in contact” with Enrique Tarrio, the head of the Proud Boys, in December 2019. The Government has no idea whether the two men actually spoke and if so, what was the topic of conversation. Similarly, the prosecution states that based upon data collected from his cellular phone, Mr. DeCarlo “called” another Proud Boy leader the day that the former President announced that he would be speaking on the Mall on January 6, 2021. Again, the Government does not state if the data reveals the two men actually spoke and the prosecution makes no representation as to the nature of any such conversation. [my emphasis]

Here’s how DOJ described those claimed and real contacts.

DeCarlo flew from Texas and met with Ochs in Virginia, where they shared a hotel room. That night, DeCarlo posted a 15 minute “selfie” video stream titled BlackVill’d: Twas the Night Before Revolution!!! to the Murder the Media/ThunderdomeTV Facebook page. DeCarlo said he spoke to “Enrique,” “who isn’t even allowed in D.C.,” referring to Proud Boys leader Enrique Tarrio, who had been arrested the day before and ordered to stay out of Washington, D.C. 3 DeCarlo stated that they would be getting a “nice early interview” with Enrique the next day. He also said that he had “a lot of shit planned for tomorrow.”

[snip]

Evidence recovered from DeCarlo’s phone indicates that, on December 19, 2020, the same day that then-President Trump announced plans for a “wild” rally in Washington, D.C., DeCarlo called Gavin McInness, the founder of the Proud Boys.

There’s a lot unsaid here, and it goes further than DOJ’s choice not to name Donohoe and DeCarlo’s choice not to name McInnes. It may suggest a factionalism in the Proud Boys that has since grown more acute.

Remember, too, that after doing the mandatory FBI interview with Ochs, the government chose not to do one with DeCarlo. So on October 4, DeCarlo went and did one with the January 6 Committee instead (and is trying to claim credit for that).

October 4, 2022, the defendant participated in a virtual interview with staff members of the House Select Committee for several hours. Mr. DeCarlo gave them a narrative of the events that led to his presence at the Capitol on January 6, 2021 and responded to the Committee’s questions. He also voluntarily provided them with access to the contents of his electronic devices.

Again, there’s a lot that has been said and left unsaid.

Spy Versus Spy Amid the Proud Boys, Again

In the plea hearing for Nicholas Ochs and DeCarlo, Chief Judge Beryl Howell asked prosecutor Alexis Loeb whether the defendants had sat for the interview required by the standard plea deals. Loeb explained that, Ochs had but, for reasons pertaining to the ongoing investigation, FBI did not do such an interview with DeCarlo. I wondered, then, whether DOJ wanted to avoid discovery obligations to other Proud Boy defendants.

It’s something I had in mind as I read the various filings (Zach Rehl, Ethan Nordean, Enrique Tarrio, Joe Biggs, Nordean reply) that — NYT reported the other day — pertain to discovery about informants that the FBI had or developed among the Proud Boys. The gist of the complaints (as noted in the Biggs filing), which treat this as a Brady violation that merits dismissing the case, is that the FBI had records relating to Proud Boys who said they did not know of a plan to attack the Capitol in advance.

Biggs notes here on the open record that the Brady violations the parties continue to dispute — beginning with the dispute triggered by the Government’s late disclosure of a significant cache of Brady materials on August 13, 2021, or fifteen months ago — consistently go to a structural feature in all three of the Department of Justice’s superseding indictments in 21-cr-175. That feature and overarching issue is whether a Proud Boy conspiracy plan to obstruct the Biden-Harris vote certification or to commit sedition ever existed or could have existed. The Brady materials and discussions most at play now and since mid-2021 point up the increasing doubtfulness and high unlikelihood of the existence of a conspiracy. That is troublesome, and glaring. It continues to be the ‘elephant in the room’ of 21-cr-175.

It’s hard to know how seriously to take this. Some of these defense attorneys have been crying wolf from the start, claiming something turned over in timely fashion is exculpatory when it in fact shows really damning information.

In the August instance cited by Biggs, which NYT also wrote about, the informant was low-level and claimed to have shown up to insurrection late. Except Statements of Offense from members of the Kansas City suggest that the informant falsely told the FBI that violence had not come up in a meeting the night before the attack.

In the evening on January 5, 2021, defendant attended a meeting with co-defendants William Chrestman, Kuehne, and Ashlock, and others during which group safety was discussed. At some point during the meeting, another individual said that he did not come to Washington, D.C., to just march around and asked, “do we have patriots here willing to take it by force?” Defendant was shocked by this and understood that the individual was referring to using force against the government. Co-defendant Kuehne responded to the question by saying that he had his guns with him and, in essence, that he was ready to go. The individual who posed the question said that they should “go in there and take over.” [my emphasis]

That said, the statements of offense making such claims — here from Enrique Colon — come from defendants receiving really sweet plea deals in hte process, in multiple cases avoiding weapons charges or enhancements as well.

In the case of the two Nicks, they definitely coordinated with each other and premeditated a plan to stop the vote certification. But they appear not to have been part of any larger plan (they even attended Trump’s rally, which most Proud Boys did not). In other words, one thing that may be going on is that Biggs and Nordean implemented a plan developed along with Tarrio and some senior Proud Boys who weren’t in DC (such as the cooperating Jeremy Bertino), but didn’t tell the greater number of Proud Boys what that plan is in advance, something that makes the testimony of others appear exculpatory only because the Proud Boy leaders had kept a close hold on their plans.

According to Nordean’s reply to DOJ’s entirely sealed 21-page response, the government believes it was justified in withholding the documents under Rule 16(a)(2), which only requires sharing the documents if the pertinent witnesses testify.

The government argues that the sensitive materials were exempt from its discovery obligations under Rule 16(a)(2). ECF No. 538, p. 11. That is false because (1) the records at issue were not made by a government agent or attorney for the government in connection with investigating or prosecuting “the case,” i.e., United States v. Nordean, 21-cr-175, and (2) it is not just “internal government documents” Nordean seeks but the underlying information merely reproduced in government documents.

Nordean seems to be playing games about the bounds of “this” investigation here, and if the documents genuinely are not exculpatory, that would probably be a reasonable response. It’s a matter of whether this is an investigation into just the Proud Boy leaders, all the Proud Boys, or everyone involved in attacking the Capitol.

Separately, these are the files that (in a recent hearing), the defense attorneys were complaining about the heightened security procedures to access the documents, as Nordean lays out in his original filing.

[T]he government has made the extraordinary argument that these exculpatory materials cannot be produced directly to defense counsel. It has argued, successfully, that counsel must comply with the following procedure in order to access Brady information in this case:

(1) counsel must travel to an FBI office to review the materials in person;

(2) counsel may not receive copies of the materials but must take handwritten notes;

(3) counsel must then move the Court to produce the materials to the defendants, based on summary descriptions of the materials in their handwritten notes; and

(4) counsel must then file additional motions to secure this evidence for trial.

The complaint would be more convincing if the details of the earlier informant had not been published by the NYT, making it easy for investigators (and presumably all the other Proud Boys) to identify the informant. In the Oath Keeper case, too, the government is trying to hunt down which attorney(s), if any, sourced a NYT story about an Oath Keeper informant. (h/t Kyle Cheney)

Meanwhile, all this question about who is informing on whom leads me to return to the question of what happened to

Whallon Wolkind in all this (he’s the one top Proud Boy leader not known to have been charged or flipped), not to mention why Dominic Pezzola, alone among the remaining defendants in this case, didn’t join the challenge to access the informant files.

The usual suspects are wailing about how long this investigation is taking. Meanwhile, cases like this reveal the complexity of trying to prosecute key defendants while processing through a thousand others.

The State of the Five Now-Intersecting January 6 Militia Conspiracies

Paragraph 64 of a new conspiracy indictment including Proud Boys Ethan Nordean, Joe Biggs, and the newly arrested Proud Boys Zachary Rehl and Charles Donohoe includes a seemingly gratuitous reference to the Oath Keepers. The paragraph describes how Biggs, after having entered the Capitol once already from the northwest side, then moved to the opposite side of the building and forced his way in on the east side. He did so right in front of a group of Oath Keepers.

Thirty minutes after first entering the Capitol on the west side, BIGGS and two other members of the Proud boys, among others, forcibly re-entered the Capitol through the Columbus Doors on the east side of the Capitol, pushing past at least one law enforcement officer and entering the Capitol directly in front of a group of individuals affiliated with the Oath Keepers.

This would have been around 2:44 PM. The Oath Keeper “stack” went in the east side of the Capitol at around 2:40.

That reference, along with the common use of the Zello application, brings two parallel conspiracies laid out over a month ago closer together, arguably intersecting. As of right now, DOJ has charged 25 people in five different conspiracy indictments, four of which share precisely the same goal: to stop, delay, and hinder Congress’s certification of the Electoral College vote, with many similar means and methods. Three conspiracy indictments also share roughly the same goal of obstructing law enforcement. Those indictments are:

Here’s what a simplified version of the five different conspiracies looks like:

This is not the end of it: there are three Oath Keepers not included in that conspiracy, and a random bunch of Proud Boys who might eventually be included, as well as anyone else who coordinated this effort [wink]. But these conspiracy indictments will remain separate only for prosecutorial ease. They are, for all intents and purposes, now-intersecting conspiracies.

Update: Last night, NYT’s visual team released new videos showing that the Oath Keepers Stack was involved in forcing entry into the East entrance of the Capitol. These videos depict what happened moments after Biggs reentered the Capitol, as described above.

Update: To see how the other pieces of any coordinated action fit, I will list the other Oath Keepers and Proud Boys that have played a part in this operation.

Oath Keepers

Stewart Rhodes: The Oath Keeper President. He is not charged, but implicated in the existing Oath Keepers indictment and the Minuta complaint.

Roberto Minuta: Minuta was arrested on March 8. An SDNY Magistrate judge released him on bail (he almost put up silver bars for his security, but ended up coming up with the money itself), ignoring the government request he stay the order. Minuta’s arrest affidavit–which was written 12 days before James’ but executed roughly the same day–focuses primarily on Minuta’s harassment of cops. It doesn’t mention, as James’ affidavit does, Minuta’s role in providing security, including for Roger Stone. Minuta also deleted his Facebook account on January 13, for which he was charged with obstruction.

Joshua James: James was arrested on March 9 and held without bail (in part because of a past arrest associated with claiming to be a military police officer in 2011). His arrest affidavit makes it clear he was a close contact with Minuta as well as Kelly Meggs. The affidavit repeatedly describes James offering security to VIPs we know to include Roger Stone. According to public reporting, James received payment for his “security” services on January 6, which Stone was publicly fundraising for in advance (then denied spending).

Jon Ryan Schaffer: The front man for the heavy metal band Iced Earth and an Oath Keeper lifetime member, Schaffer was arrested for spraying some police with bear spray. But two months after his arrest and detention, he has not been (publicly) indicted and only arrived in DC on March 17. The government has not publicly responded to his motion to dismiss his case on Speedy Trial grounds. All of which suggests there’s something more there that we can’t see.

Person Four: The James affidavit refers to Minuta as “Person Five.” It uses that number, it says, because “Persons Two [Caldwell’s spouse], Three [the NC-based Oath Keeper who might serve as a Quick Reaction Force], and Four are not included in this affidavit, but are already-numbered individuals associated with United States v. Thomas Caldwell, et al, Case No. 21-cr-28 (APM). To maintain consistent nomenclature, the referenced individual here will be defined as ‘Person Five.'” I haven’t been able to find the reference to Person Four (though it might be Watkins’ partner, references to whom are inconsistent).

Three more Stack participants and four others who operated with Minuta and James on January 6: This image, from James’ complaint, identifies three other Stack members (the second, third, and last yellow arrow) and four others who interacted with James and Minuta during the day on January 6.

Proud Boys

Enrique Tarrio: Tarrio is the head of the Proud Boys, but got arrested as he entered DC on January 4 on charges relating to vandalizing a Black church in December, onto which possession charges were added. He is referred to in all the Proud Boy conspiracies, repeatedly in the Leader one (because they scrambled to figure out what to do after his arrest). While it’s unlikely he was on the Telegram channels used to organize the insurrection, he was in touch with members via other, thus far unidentified channels.

Joshua Pruitt: Pruitt was arrested for a curfew violation on the night of the insurrection. He told the FBI he hadn’t engaged in any unlawful activity and was just trying to deescalate the situation. But he was indicted on his own weeks later for obstructing the vote count and interfering with cops, and abetting the destruction of property, along with trespassing. The Nordean conspiracy indictment notes that he went in the West entrance shortly after Dominic Pezzola breached it (suggesting the government may now know he was part of a cell with Pezzola). Pruitt is being prosecuted by the same prosecutor as on most Proud Boy cases, Christopher Berridge, and before the same judge, Timothy Kelly.

Gabriel Garcia: Garcia, a former Army Captain, appears to have originally been identified by the Facebook order showing who livestreamed from the Capitol. It’s possible his livestreams were intended to serve as live reporting for those coordinating outside (he catches the names of cops, the size of the crowd, and instructs, “keep ’em coming.” He incites a big push through a line of cops. Later, he calls for “Nancy” to “come out and play” and calls to “Free Enrique” [Tarrio]. He was charged by complaint on January 16 and by indictment on February 16 with obstruction and resisting cops during civil disorder. The Nordean conspiracy indictment notes he went in the West entrance shortly after Pezzola breached it.

Christopher Worrell: The government originally charged Worrell, a committed Proud Boy who traveled to DC in vans of Proud Boys paid for by someone else and wore comms equipment, with trespass crimes on March 10. Among his criminal background, he pretended to be a cop to intimidate a woman. He lied in his first interview with the FBI, hiding that he sprayed pepper spray on some police who were the last line of defense on the West side of the Capitol. According to a witness who knows him, he also directed other likely Proud Boys. After first being released, he was subsequently detained and is awaiting indictment on what the government suggests are likely to be assault charges.

Robert Gieswein: Ethan Nordean spoke to Giswein shortly before he and Pezzola launched the attack on the Capitol suggesting that Gieswein, who had known ties to the 3% movement, was coordinating with the Proud Boys that day. Over the course of breaking into the Capitol, he allegedly assaulted 3 cops with a bat or pepper spray, and broke a window to break in. He was first charged on January 16, indicted on January 27. His docket shows none of the normal proceedings, such as a protective order, but his magistrate’s docket shows two sealed documents placed there in recent weeks.

Ryan Samsel: There’s no indication I know of that ties Samsel to the Proud Boys. But he marched with them and initiated the assault on the West side of the Capitol with Dominic Pezzola and William Pepe. He was charged with assault and obstruction on January 29 and arrested on February 3. In his case, he allegedly did so by assaulting a cop at the first line of barriers, knocking her out. He and the government are in talks for a guilty plea.

Ryan Bennett: Bennett was IDed off his own Facebook livestreaming, while wearing a Proud Boys hat, of the event, including his direct witness to the shooting of Ashli Bennett, with his voice yelling “Break it down!” in the background. He was arrested on January 26 and charged in a still-sealed March 17 indictment over which James Boasberg will preside.

Bryan Betancur: Betancur was busted by his Maryland Probation Officer, to whom he had lied about distributing Bibles to get permission to go to DC. He wore a Proud Boys shirt to the insurrection and is a known white supremacist who espouses violence. He was charged with misdemeanor trespass charges. His defense attorney is already discussing a guilty plea.

Daniel Goodwyn: Goodwyn’s online identity is closely associated with the Proud Boys. He was identified via an interview he did with Baked Alaska during the insurrection and texts sent to an associate; he was arrested on January 29. He was originally charged with trespass, with obstruction added in his indictment on February 24. Charles Berridge was originally the prosecutor on this case but has been replaced on it.

Christopher Kelly: Kelly revealed on Facebook before he headed to DC that he would be going with, “ex NYPD and some proud boys.” While inside, he bragged that they had “stopped the hearing, they are all headed to the basement.” He was originally charged with trespass and obstruction on January 20; he has yet to be (publicly) indicted yet. He has the same defense attorney, Edward McMahon, as Nicholas Ochs.

Around 40 other people who used the Proud Boys “Boots on the Ground” Telegram channel: As I noted here, the government must have at least monikers for — and likely email and/or device identifiers — for around 40 people who used the organizing channel set up less than a day before the operation. It will be interesting to see if they attempt to track all of them down.

Rolling Updates:

Marc Bru, a Proud Boy with ties to Nordean, was charged on March 9.

Paul Rae, a Proud Boy from Florida who trailed Biggs both times he entered the Capitol.

Arthur Jackman: a Proud Boy from Florida who trailed Biggs both times he entered the Capitol, including into the Senate.

 

Journalists May Be Most at Risk (as Described) from a Presumed January 6 GeoFence Warrant

On February 22, the Intercept had a thinly sourced story reporting (heavily relying on one “recently retired senior FBI official” whose motive and access weren’t explained and one other even less-defined source) on methods used in the January 6 investigation. It started by describing something unsurprising (some of which had been previously reported): that the FBI was using emergency legal authorities to conduct an investigation in the wake of an insurrection.

Using special emergency powers and other measures, the FBI has collected reams of private cellphone data and communications that go beyond the videos that rioters shared widely on social media, according to two sources with knowledge of the collection effort.

In the hours and days after the Capitol riot, the FBI relied in some cases on emergency orders that do not require court authorization in order to quickly secure actual communications from people who were identified at the crime scene. Investigators have also relied on data “dumps” from cellphone towers in the area to provide a map of who was there, allowing them to trace call records — but not content — from the phones.

From there, the story made conclusions that were not borne out by the evidence presented (which is not to say that such conclusions won’t one day be supported).

In particular, the story suggested that these investigative methods were used to investigate Congress, and likewise suggested that the involvement of Public Integrity prosecutors must mean members of Congress are already the focus of the investigation and further suggesting that the location data collection tied to the investigation of members of Congress.

The cellphone data includes many records from the members of Congress and staff members who were at the Capitol that day to certify President Joe Biden’s election victory.

[snip]

The Justice Department has publicly said that its task force includes senior public corruption officials. That involvement “indicates a focus on public officials, i.e. Capitol Police and members of Congress,” the retired FBI official said.

To make the insinuation, the story misstates the intent of a Sheldon Whitehouse statement aiming to use Congressional authorities to remove coup sympathizers from committees of jurisdiction (and ignores Whitehouse’s earlier statement that calls for the kind of data collection described in the story).

On January 11, Sen. Sheldon Whitehouse, D-R.I., released a statement warning against the Justice Department getting involved in the investigation of the attack, at least regarding members of Congress, asserting that the Senate should oversee the matter.

Thus far, the story seems tailor-made to get Congress — the Republican members of which are already trying to sabotage the investigation — to start tampering with it.

Far down in the story, it also describes the orders used with more specificity — but not yet enough specificity to substantiate the claims made earlier in it.

Federal authorities have used the emergency orders in combination with signed court orders under the so-called pen/trap exception to the Stored Communications Act to try to determine who was present at the time that the Capitol was breached, the source said. In some cases, the Justice Department has used these and other “hybrid” court orders to collect actual content from cellphones, like text messages and other communications, in building cases against the rioters.

At the time I suggested the story’s conclusions went well beyond the evidence included in it. I had several concerns about the story.

First, it didn’t address the granularity of location data collected, explaining whether the data collection focused just on the Capitol building or (as the story claimed) “in the area” generally. The Capitol is, according to multiple experts, incredibly wired up, meaning that one can obtain a great deal of data specific to the Capitol building itself. That matters here, because as soon as Trump insurrectionists entered the Capitol building, they committed the trespass crimes charged against virtually all the defendants. And the people legally in the Capitol that day were largely victims and/or law enforcement. It’s not an exaggeration to say that anyone collected off location collection narrowly targeted to the Capitol building itself is either a criminal, a witness, or a victim (and often some mix of the three).

If location collection was focused on the Capitol building itself (we don’t know whether it was or not, and the reports of collection aiming to the find the person who left pipe-bombs in the neighborhood on January 5 do pose real cause for concern), it mitigates some of the concerns normally raised by the use of IMSI-catchers at public events and protests, which is that such location collection would include a large number of people who were just engaging in protected speech, as many of the people outside the Capitol were. Similarly, unlike with most geofence warrants or tower dumps, which are used to find possible leads for a crime, here, FBI had an overwhelming list of suspects from its mass of tips and video evidence already: it wasn’t relying on location data to find suspects. Plus, with normal geofence warrants and tower dumps, the vast majority of the data obtained comes from uninvolved people, posing a risk that those unrelated people could become false positives who, as a result, would get investigated closely. Here, again, anyone collected from location data inside the Capitol was by definition associated with the crime, either as witness, victim, or perpetrator.

Finally, the story not only didn’t rely on, but showed little familiarity with the hundreds of arrest affidavits released so far, which provide some explanation (albeit undoubtedly parallel constructed) for how the FBI built cases against those hundreds of people.

Well before The Intercept article was written, there were a few interesting techniques revealed in the affidavits. Perhaps the most interesting (and not specifically covered in The Intercept article, unless as a hybrid order) described identifying Christopher Spencer from the livestreams on Facebook he posted from inside the Capitol.

The government received information as part of a search warrant return that Facebook UID 100047172724820 was livestreaming video in the Capitol during these events. The government also received subscriber information for Facebook UID 100047172724820 in response to legal process served on Facebook. Facebook UID 100047172724820 is registered to Chris Spencer (“SPENCER”). SPENCER provided subscriber information, including a date of birth; current city/state, and a phone number to Facebook to create the account.

[snip]

The government received three livestream videos from SPENCER’s Facebook UID 100047172724820 as part of a search warrant return. At different times during the videos, Spencer either used the rear facing camera to show himself talking, or turned the phone toward his face. Your affiant would note that the camera is capturing a reversed image of SPENCER in two of these sections of video as evidenced by the text on SPENCER’s hat. As such, reversed images are also provided below the original screenshot [my emphasis]

The first mention of the Facebook return appears before a paragraph describing an associate of Spencer’s who had seen the videos and recognized his wife, and the later paragraph describes the associate sharing a phone number for Spencer that the FBI seemed to have already received from Facebook. As written (and this structure is matched in the affidavit for Spencer’s wife, Jenny) the narrative may indicate that the FBI obtained the Facebook return before the tip and identified Spencer from the Facebook return even before receiving the tip. This is one of the strongest pieces of evidence that the FBI used data obtained from location-based collection in the Capitol from any social media source to identify an unknown subject. But, as described, it also has some protections built in. The data was obtained with a warrant, not PRTT or d-order. That means the FBI would have had to show probable cause to obtain the content (but, for the reasons I explained above, most people in the Capitol live-streaming were committing a crime). There’s also no indication here that this video was privately posted (though with a warrant the FBI would be able to obtain such videos).

All this is a read of what this paragraph might suggest about data collection. It doesn’t describe whether the data was obtained via a particularized warrant (targeting just Spencer), or whether the FBI asked Facebook to provide all live-streaming posted from within the Capitol during the insurrection (there are other early affidavits that targeted the content of Facebook via individualized warrants). In Spencer’s case, I suspect it’s the latter (there’s nothing that remarkable about Spencer’s video, except he was outside Speaker Pelosi’s office). Even so, for most people, posting from inside the Capitol during the insurrection would amount to probable cause the person was trespassing.

Even before The Intercept piece was posted I had also pointed to the affidavit for the Kansas cell of the Proud Boys. It uses location data to place one after another of the suspects “in or around” the Capitol during the insurrection: cell site data showed that the phones of Christopher Kuehne, Louis Colon, Felicia Konold were “in or around” the Capitol during the insurrection. That of Cory Konold, Felicia’s brother, was not shown to be, but,

Lawfully-obtained cell site records indicated that the FELICIA KONOLD cell called a number associated with CORY KONOLD while in or around the Capitol on January 6, 2021.

The most interesting detail in that affidavit pertained to William Chrestman. His phone wasn’t IDed off a cell site. Rather, it was IDed by connecting to Google services “in or around” the Capitol.

According to records produced by CHRESTMAN’s wireless cell phone provider in response to legal process, CHRESTMAN is listed as the owner of a cell phone number (“CHRESTMAN cell”). Lawfully-obtained Google records show that a Google account associated with the CHRESTMAN cell number was connected to Google services and was present in or around the U.S. Capitol on January 6, 2021.

A more recent document — the complaint against the southern Oath Keepers obtained on February 11 but unsealed long after that — describes the phones of those suspects in an area “includ[ing]” (but not necessarily limited to) the interior of the Capitol.

having utilized a cell site consistent with providing service to the geographic area that includes the interior of the United States Capitol building.

Unlike Spencer, the use of location data in the Proud Boys and Oath Keeper complaints seems to be used to establish probable cause. In both the militia group cases, the individuals appear to have been identified via different means (unsurprisingly, given their flamboyantly coordinated actions), with the location data being used in the affidavit to flesh out probable cause. (Undoubtedly, the FBI exploited this information far more thoroughly in an effort to map out other co-conspirators, but it is equally without doubt that the FBI had adequate probable cause to do so.)

The other day, DOJ unsealed an affidavit — that of Jeremy Groseclose — that provides more detail about the location collection at the Capitol. The FBI describes identifying Groseclose off of two tips, both on January 7, from people who had seen him post about being in the Capitol on Facebook (and in one case, remove his Facebook posts after he posted them).

Groseclose wore a gas mask for much of the time he was inside the Capitol (though wore the same clothes as he had outside), which undoubtedly made it more difficult to prove he was the person illegally inside the Capitol preventing cops from ousting the rioters.

The FBI affidavit describes times when Groseclose appears on security footage from inside the Capitol without the gas mask, but doesn’t include it. To substantiate his presence in the Capitol, the FBI included three paragraphs describing what must be a Google geofence warrant showing the device identifiers for everyone within a certain geographic area.

According to records obtained through a search warrant served on Google, a mobile device associated with [my redaction]@gmail.com was present at the U.S. Capitol on January 6, 2021. Google estimates device location using sources including GPS data and information about nearby Wi-Fi access points and Bluetooth beacons. This location data varies in its accuracy, depending on the source(s) of the data. As a result, Google assigns a “maps display radius” for each location data point. Thus, where Google estimates that its location data is accurate to within 10 meters, Google assigns a “maps display radius” of 10 meters to the location data point. Finally, Google reports that its “maps display radius” reflects the actual location of the covered device approximately 68% of the time. In this case, Google location data shows that a device associated with [my redaction]@gmail.com was within the U.S. Capitol at coordinates associated with the center of the Capitol Building, which I know includes the Rotunda, at 2:56 p.m. Google records show that the “maps display radius” for this location data was 34 meters.

Law enforcement officers, to the best of their ability, have compiled a list (the “Exclusion List”) of any Identification Numbers, related devices, and information related to individuals who were authorized to be inside the U.S. Capitol during the events of January 6, 2021, described above. Such authorized individuals include: Congressional Members and Staffers, responding law enforcement agents and officers, Secret Service Protectees, otherwise authorized governmental employees, and responding medical staff. The mobile device associated with [my redaction]@gmail.com is not on the Exclusion List. Accordingly, I believe that the individual possessing this device was not authorized to be within the U.S. Capitol Building on January 6, 2021. Furthermore, surveillance footage from the Rotunda, time-stamped within a minute of 2:56 p.m., shows GROSECLOSE, in his distinctive clothing, using his cell phone in an apparent attempt to take a picture.

Records provided by Google revealed that the mobile device associated with [my redaction]@gmail.com belonged to a Google account registered in the name of “Jeremy Groseclose.” The Google account also lists a recovery SMS phone number that matches [my redaction]. The recovery email address for this account appears to be in the name of GROSECLOSE’s significant other, with whom he has two children in common. Additionally, I have reviewed subscriber records from U.S. Cellular, related to the phone number [my redaction]. This number, along with another, are connected to an account in the name of GROSECLOSE’s significant other. The billing address for this account is [my redaction]. One of GROSECLOSE’s neighbors identified [my redaction] as GROSECLOSE’s address.

This seems to confirm that FBI obtained a geofence warrant from Google, but — at least as described — it was focused on those at the Capitol, perhaps focused on the Rotunda and anything 100 feet from it. This is the kind of granularity that will exclude most uninvolved people. They may have used it (or included it in the affidavit) because by wearing a gas mask, Groseclose made it difficult to show his face in the existing film of the attack.

The affidavit suggests that the Google geofence relied not just on GPS data of users’ phones, but also Wi-Fi access points (there’s another affidavit where the suspect’s phone triggered the Capitol Wi-Fi) and Bluetooth beacons. Again, given how wired the Capitol is, this would offer a granularity to the data that wouldn’t exist in most geofence warrants.

Finally, and most interestingly, this affidavit (obtained on the same day as the The Intercept story and so presumably after the Intercept called for comment) describes that the FBI has an “Exclusion List” of everyone who had a known legal right to be in the Capitol that day. That suggests that, after such time as the FBI completed this list, they could identify which of those present in the Capitol were probably there illegally.

There are concerns about FBI putting together a list like this. After all, Members of Congress might have good Separation of Power reasons to want to keep their personal phone numbers private. That said, there’s reason to believe that the FBI has used this method of separating out congressional identifiers and creating a white list in the past (including with the Section 215 phone dragnet), with congressional approval.

The concern arises in FBI’s definition of how it describes those legally present:

  • Members of Congress
  • Congressional staffers
  • Law enforcement responding to the insurrection (as distinct from law enforcement joining in it)
  • Secret Service Protectees (AKA, Mike Pence and his family)
  • Other government employees (like custodial staff)
  • Medical staff

Not on this list? Journalists, not even those journalists holding valid congressional credentials covering the vote certification.

Already, there have been several cases where suspects have claimed to be present as media, only to be charged both because of their comments while present and the fact that they don’t have congressional credentials. Three are:

  • Provocateur John Sullivan, who filmed the riot and sold the footage to multiple media outlets and “claimed to be an activist and journalist that filmed protests and riots, but admitted that he did not have any press credentials.”
  • Nick DeCarlo, who told the LA Times he and Nicholas Ochs were there as journalists but who FBI noted, “is not listed as a credentialed reporter with the House Periodical Press Gallery or the U.S. Senate Press Gallery, the organizations that credential Congressional correspondents.”
  • Brian McCreary, who on his own sent the video he took on his phone while inside the Capitol, but who later admitted to the FBI that entering the Capitol “might not have been legal” and also described admitting to cops present that he was not a member of the media.

If the FBI is going to use official credentials to distinguish journalists from trespassers, then it could also use those credentialing lists to white list journalists present at the Capitol. But to do that, the journalists in question would have to be willing to share identifying information for all the devices that were turned on at the Capitol, something they might have good reasons not to want to do.

Plus, I suspect there are a number of journalists without Congressional credentials who were covering the events outside the Capitol and, as the rally turned into a riot, entered the Capitol to cover it. Those journalists risked their lives and provided some of the most important early information about the riot and did so in ways that in no way glorified it. But in doing so, their devices may be in an FBI database relating to the attack.

There is clear evidence that the FBI obtained location data from the Capitol as part of its investigation, including Google and almost certainly Facebook. Thus far, the available evidence suggests that the ability to target that collection narrowly limits the typical concerns about tower dumps and geofence warrants (again, any similar data collection outside the Capitol in an effort to find the person who left the pipe bombs is another issue). Moreover, almost all those legal present in the Capitol appear to be whitelisted.

But not all. And the exception, journalists, include those who have the most at stake not having their devices identified and investigated by the FBI.

All that said, perhaps a similarly controversial question pertains to preservation orders. The Intercept describes a letter from Mark Warner calling on carriers to preserve data (and rightly questioning his legal authority to make such a request), then suggests the carriers have done so on their own.

Some of the telecommunications providers questioned whether Warner has the authority to make such a request, but a number of them appear to have been preserving data from the event anyway because of the large scale of violence, the source said.

The story doesn’t consider the — by far — most likely explanation, which is that FBI served very broad preservation orders on social media companies (though some key ones, such as Facebook, would keep data for a period even after insurrectionists attempted to delete it in the days after the attack as normal practice). In any case, broad preservation orders on social media companies would be solidly within existing precedent. But I suspect it may be one of the more interesting legal questions that will come out of this investigation.

Update March 7: Added McCreary.

Mike Lee Provides Key Evidence Implicating Trump in the Existing Criminal Conspiracy

Because Donald Trump’s Personal Injury lawyer, Michael Van der Veen, made a specious argument about the First Amendment to successfully give 43 Republicans cover to vote to acquit the Former President in his impeachment trial, the discussion about Trump’s potential criminal exposure for January 6 (which according to CNN he is concerned about) has largely focused on incitement charges.

That’s true even though the trial led Mike Lee to offer up evidence implicating Trump in the same conspiracy charges already charged against 10 defendants: conspiring to delay Congress’ official proceeding to certify the electoral college vote. As I have noted, DOJ has started mapping out conspiracy charges against both the Oath Keepers and the Proud Boys:

While there are differences in the scope of the conspiracy and overt acts involved, all three charging documents charge defendants with conspiring “to stop, delay, and hinder Congress’ certification of the Electoral College vote,” effectively conspiring to commit 18 USC 1512, tampering with the official procedure of certifying the electoral college vote, an official procedure laid out in the Constitution.

And in spite of their votes to acquit the Former President last night, both Tommy Tuberville and Mike Lee provided evidence that the FBI might use to investigate Trump in that conspiracy. As I noted days after the attack, during the attack, Trump twice attempted to reach out to Tuberville to ask him to delay the count. The second time, Rudy Giuliani even left a message specifically asking for a delay as such, precisely the object of the already charged conspiracy charges.

I know they’re reconvening at 8 tonight, but it … the only strategy we can follow is to object to numerous states and raise issues so that we get ourselves into tomorrow—ideally until the end of tomorrow.

I know McConnell is doing everything he can to rush it, which is kind of a kick in the head because it’s one thing to oppose us, it’s another thing not to give us a fair opportunity to contest it. And he wants to try to get it down to only three states that we contest. But there are 10 states that we contest, not three. So if you could object to every state and, along with a congressman, get a hearing for every state, I know we would delay you a lot, but it would give us the opportunity to get the legislators who are very, very close to pulling their vote, particularly after what McConnell did today. [snip]

Over the last few days, both Tuberville and Lee offered up more details on the earlier call. Tuberville confirmed the content of the call, including that he told the President that his Vice President had been evacuated.

Sen. Tommy Tuberville revealed late Wednesday that he spoke to Donald Trump on Jan. 6, just as a violent mob closed in on the the Senate, and informed the then-president directly that Vice President Mike Pence had just been evacuated from the chamber.

“I said ‘Mr. President, they just took the vice president out, I’ve got to go,’” Tuberville (R-Ala.) told POLITICO on Capitol Hill on Wednesday night, saying he cut the phone call short amid the chaos.

And Lee — who twice demanded that references to this call be removed from the Congressional record — ultimately provided phone records showing that even after Pence had been publicly rushed to safety, Trump was still working on delaying the vote rather than addressing the danger. Trump tweeted about Pence at 2:24, specifically complaining that Pence hadn’t given states a chance to “correct” facts, effectively a complaint that Pence had not disrupted the orderly counting of the vote.

Mike Pence didn’t have the courage to do what should have been done to protect our Country and our Constitution, giving States a chance to certify a corrected set of facts, not the fraudulent or inaccurate ones which they were asked to previously certify. USA demands the truth!

And then, two minutes later, Trump attempted to call Tuberville and, after Lee turned over his phone to the former coach, spoke to him for four minutes. It matters that Tuberville told Trump about the evacuations, though it is highly unlikely he had not been informed both informally and formally at that point. But it matters just as much that even after the insurrectionists had breached the building, Trump took two overt acts to attempt to delay the vote.

A Trump defense might argue — as his Personal Injury Lawyer did this week — that he was just trying to count the votes, but Trump had already made an unconstitutional request of Mike Pence, something Trump’s team provided no defense for. And that’s before you consider the evidence that Rudy, at least, was in direct contact with James Sullivan, who is affiliated with the group, the Proud Boys, that has already been accused of conspiring to breach the Capitol (indeed, another conspiracy case, against Proud Boys Dominic Pezzola and William Pepe, charges that they conspired to interfere with cops trying to keep protestors out of the Capitol, and the Chrestman indictment also includes that as a separate conspiracy).

I’m not saying this will definitely happen. The bar to charging a Former President remains high.

But DOJ has already charged ten people for doing what Trump was also demonstrably doing that day. And, partly because of Mike Lee’s desperate effort to avoid having the record of him implicating Trump in the congressional record, Lee ended up making the timeline of the events public without the FBI having to breach speech and debate concerns to obtain it. By doing so, Lee made it easier for the FBI to make a case against Trump if they ever attempt to do so.

Mike Lee may have helped prevent Trump from being barred from running for President again. But Mike Lee also made it easier to prosecute Trump for those very same acts.

Update: NYT just posted a story showing that six of the Oath Keepers Roger Stone was palling around with leading up to the attack entered the Capitol on January 6.

DOJ Moves Towards Parallel Conspiracy Prosecutions of the Oath Keepers and Proud Boys

As noted, on January 27, DOJ indicted three Oath Keepers, Thomas Edward Caldwell, Donovan Ray Crowl, and Jessica Marie Watkins, in a conspiracy to hinder Congress’ certification of the Electoral College vote. FBI seems to be working on identifying the other people who were marching in formation with Watkins and Crowl on January 6, as well as building out a larger prosecution team (which includes, among others, one of the women who worked the Russian side of the Mueller cases).

Meanwhile, yesterday, DOJ announced the arrest of yet another Proud Boy — Ethan Nordean — and the indictment of two other Proud Boys, Nicholas DeCarlo and Nicholas Ochs, in a conspiracy to hinder Congress’ certification of the Electoral College vote. Of particular note, in DOJ’s request for detention with Nordean, they invoked the list of crimes that can merit a terrorist enhancement. (h/t FM)

They don’t say which of the terrorist enhancement crimes they have in mind, but several are possibilities:

  • 351 (relating to congressional, cabinet, and Supreme Court assassination and kidnaping)
  • 844(f)(2) or (3) (relating to arson and bombing of Government property risking or causing death)
  • 930(c) (relating to killing or attempted killing during an attack on a Federal facility with a dangerous weapon)
  • 1114 (relating to killing or attempted killing of officers and employees of the United States)
  • 1203 (relating to hostage taking)
  • 1751(a), (b), (c), or (d) (relating to Presidential and Presidential staff assassination and kidnaping)
  • 2332f (relating to bombing of public places and facilities)

Update, 2/6: The detention memo for Nordean explains they’re using his 1361 charge to apply the terrorism enhancement.

That rebuttable presumption applies to Defendant because 18 U.S.C. § 1361 is specifically enumerated in 18 U.S.C. § 2332b(g)(5)(B) and carries a maximum sentence of ten years in prison where, as here, damage or attempted damage to property exceeds $1,000.

All of which is to say the government is treating Nordean’s arrest like he’s part of a terrorist group.

As suggested above, the DeCarlo and Ochs conspiracy indictment parallels the one obtained against the Oath Keepers.

The Object of the conspiracy is the same: “to stop, delay, and hinder Congress’ certification of the Electoral College vote.” And several of the overt means are the same: agreeing to participate in a January 6 operation, taking planning steps together, and forcibly storming past the police barricades to enter the Capitol.

The conspiracy indictment of Dominic Pezzola and William Pepe effectively charged they conspired to achieve one of the means in the DeCarlo and Ochs indictment, to,

obstruct, influence, impede, and interfere with law enforcement officers engaged in their official duties in protecting the U.S. Capitol and its grounds during the demonstrations planned for January 6, 2021.

The government has not, yet, charged Pepe with 18 USC 1512, obstructing an official proceeding (meaning the vote certification).

Meanwhile, the Nordean complaint cites the charges against Pezzola, Joe Biggs, and Robert Gieswein, tying all their actions together without (yet) claiming an agreement to act together.

But you can see where this is heading: to two parallel conspiracy prosecutions, each sharing the same object — to halt the vote certification — and each also sharing several of the same overt acts.

These conspiracy indictments are, for now, based off personal communication between the co-conspirators, for example the Zello communications that Watkins sent. But as I noted in the Oath Keepers post, there is someone with whom both these groups agreed with and pursued some of the same steps as: Donald Trump. These conspiracy indictments may build little by little based off what each group has done among themselves, but the framework for a much broader conspiracy is already in place.