Posts

King Josh in Jail, Part One: The Informant

The testimony on accused Vault 7 leaker Joshua Schulte’s conduct in MCC raised more questions than answers. So I want to do a series of three or four posts to look more closely at it (I’m using the term “King Josh” because it was one of his passwords at the CIA).

In this post I want to look at the jail house informant who is the publicly acknowledged basis by which prosecutors discovered that Schulte had a phone in jail, Carlos Bentances Luna Mera.

Betances is a 41 year old citizen of the Dominican Republic who twice migrated to the US without documentation, the first time in 1996 (he was deported in 2001), and then again around 2008. At some point, Betances married and had children. During both periods, he began to work as a low level cog in narcotics trafficking.

Betances was arrested on March 15, 2018 in conjunction with the trafficking. The only federal complaint unsealed in the docket is for illegal reentry, and in that magistrates docket, proceedings were continued in both April and May 2018, something that would happen if Betances were forgoing indictment and moving directly to a plea. Given his testimony, there must be a sealed criminal docket showing a guilty plea on nine counts covering multiple narcotics trafficking and conspiracy counts, illegal reentry, identity fraud, mail fraud, and taking a phone into jail.

That suggests that Betances flipped almost immediately, perhaps, at first, to cooperate against his network of suppliers. That’s consistent with an answer Betances gave when Schulte’s lawyer, Sabrina Shroff, suggested that cooperation on using a phone in jail, “was the most valuable to the government,” more than on all his narcotics charges. Betances responded, “Well, may I remind you that I had been cooperating before I talked to them?”

According to the testimony, Betances didn’t start spying on Schulte until sometime in summer 2018, at least four months after he was jailed, and didn’t first meet with prosecutors until September 2018. So the public story is that Betances got busted and flipped, managed to play a role in smuggling and hiding phones in jail that put him in a key spot to interact with Schulte and his cellmate, Omar Amanat (I’ll look at Amanat and his brother in the next post), and only after that happened witnessed something that led him to start taking pictures and videos of Schulte’s phone use. That went on for maybe a month before — aware that something big was going to go down in the library — Betances sent a note to the guards, who thwarted it. Some days later, Schulte was thrown in the SHU and a big hunt started for the phones and Schulte’s other activities in jail.

That thing that led Betances to prepare to inform on Schulte (again, per the testimony) is that one day sometime in the summer, Schulte said he wanted Russia’s help.

[W]e were in Chino’s cell [Chino was also part of the cell phone smuggling and sharing network] and I heard Josh saying that Russia had to help in in the things that he was doing.

Here’s how Betances described it on cross (through a translator) to a very dubious Sabrina Shroff:

Shroff: So anyway, it’s you who walks in when Mr. Schulte and Omar are talking, correct?

Betances: Yes, correct.

Shroff: And you walk in to give them a heads-up that somebody’s coming, correct?

Betances: Yes, correct.

Shroff: And just as you walk in, you hear him say the word “Russia,” correct?

Betances: That’s correct, yes.

Shroff: And that’s what prompts fear into you to go cooperate with the United States Attorney’s Office?

Betances: It sounded interesting to me.

Shroff: Right.

Hearing Schulte mention Russia led Betances to do a remarkable amount of surveillance on Schulte’s phones, which he stored for him behind his cell locker.

He took two pictures of the apps Schulte loaded onto the phone, and — per his testimony — got Schulte and Amanat to explain the function of WhatsApp, Signal, Proton Mail, Orbot, Turbo VPN, and Secure Delete. Betances also got pictures of the things Schulte was writing on his phone, including the initial emails to Shane Harris that would form part of the basis for the Espionage Act charges on which the jury was hung.

He took several videos of Schulte using his phone.

After having taken these pictures on September 1, Betances waited around three weeks before he alerted the guards that something big was going down in the library, and then was removed from MCC when guards found at least some of these phones in his cell.

Shroff: And before you decided to cooperate, you simply decided to take photos, is that your testimony?

Betances: Just to be clear with the defense attorney’s question in deciding to cooperate, when they were working on sending whatever they were going to send from the library, that’s when I decided to cooperate.

Shroff: My only question was when did you take this photograph?

Betances: In the summer of 2018.

Shroff: Right. Months before you’re now saying that you decided to cooperate, right?

Betances: Could you repeat that question? You confused me.

Shroff: You took the photo before you decided to cooperate, according to you, correct?

Betances: Yes, yes.

Shroff: Right. And you’re saying you just decided to take these photos for no reason at all, right?

Betances: May I remind you that the reason I took it was because I head the conversation that I heard?

According to his testimony on redirect, Betances did all this without government instruction.

Karamarju: Now, all of the photographs that you testified about, did the government tell you to take any of those photographs?

Betances: No.

The remarkable coincidence that a jailhouse informant would end up first smuggling in and then guarding her client’s illegal phones and then taking pictures from them is not the only thing Shroff was skeptical about. She also doubted the circumstances by which Betances exposed his wife to the risk of smuggling phones into jail as well as his ability — with little English — to figure out what Schulte was doing, to the extent he did.

Still, all that is explicable if Betances’ attorney negotiated a plea deal with narcotics prosecutors and the attorney coached Betances through how to dramatically increase the value of his cooperation by catching Joshua Schulte attempting to leak classified information from his jail cell.

Betances’ surveillance was critical to obtaining the jail warrants that would lead to the discovery of Schulte’s very damning prison notebooks, several phones, three of the Proton Mail accounts he was using, and his Signal traffic. And that’s just what prosecutors revealed in this case.

Betances met with prosecutors in Schulte’s case a bunch of times: first in September 2018, then October and December 2018, several times in 2019, and then perhaps five times in 2019.

None of that means Betances made this stuff up. He certainly doesn’t have the English skills to write those emails to Shane Harris. And while the evidence regarding Schulte’s comments about Russia are contradictory, there is corroboration for it.

But it does present a number of remarkable coincidences that just ended up providing Schulte the means to communicate “securely” from his jail cell, only to have that activity thwarted at the moment he attempted to act.

Judge Crotty Declares a Mistrial in Joshua Schulte Case

This morning, Judge Paul Crotty declared a mistrial in the Joshua Schulte case. Jurors found Schulte guilty on the two least serious charges — false statements and contempt — but didn’t even find him guilty of obstruction, to say nothing of the Espionage and CFAA charges tied to his alleged theft of the CIA’s hacking tools. A sentence on those two charges would not even amount to the time he has already served since being jailed in December 2018.

This is an absolutely stunning rebuke for the government on the most serious Espionage case in years, and an unbelievable success for Schulte’s lawyers, especially Sabrina Shroff.

The two sides will have a conference on March 26 to decide what to do. The government will certainly push to retry Schulte; Sabrina Shroff asked for an extended deadline to file motions. She may try to do something further about the government’s late notice that Michael, a key witness, got put on paid leave last August (though the government has argued compellingly that Michael’s underlying lack of candor has been noticed to the defense throughout). She also may make yet another bid to get more access to the forensics, something I’ve argued that the government should have permitted in the first place.

That said, I think the government’s failure in this case stemmed largely from too much focus on the CIA and too little focus on the (abundant) evidence against Schulte. In addition, they do not appear to have shown — via the abundant evidence available to them — that Schulte is a compulsive liar, and that exhibits that show Schulte offering alternate theories of the theft all fall flat.

Plus, there were problems with two jurors, problems that I think Judge Crotty did not adequately manage.

That is, I think the government can learn from its failures in this case. I wouldn’t be surprised, either, if the vaunted SDNY is forced to add a cybersecurity prosecutor to their team, to ensure that the forensic case is presented more clearly to jurors.

I highly doubt Schulte can pull this off a second time. If he can, it will be a remarkable comment on the government’s ability to obtain justice against insider threats.

20 Questions (Plus 5): The Joshua Schulte Jury Is Lost, Possibly Hopelessly

According to InnerCity Press (virtually the only press covering the Schulte verdict watch), by end of day today the jurors had sent out 25 notes, most questions but also problems with two of the jurors. At the end of the day they told the Court they “aligned” on two of the charges, but were at an impasse on the other. Given that there’s slam dunk evidence that he committed the least serious crimes (false statements and contempt), that suggests at least some members of the jury have reasonable doubt that the guy who wrote a virtual signed confession to committing the most damaging leak in CIA history actually did so.

I wanted to collect the known questions from jurors to give a sense of what issues have driven this uncertainty.

Note 1: A request for a summary of exhibits

Note 2: A request for a transcript of the testimony of David, a CIA Sysadmin, particularly as regards what jurors may have mislabeled 1209-8 (David testified about Schulte’s failed attempt to access Altabackups with regards to exhibit 1202-8).

Note 3 asked 7 questions:

  1. What is included in Count Three? We aren’t sure what the purview is — articles, search warrants, tweets? This pertains to the Espionage Charge tied to posting classified information in one of his diaries, sending a diagram of CIA’s servers to WaPo reporter Shane Harris, and planning to reveal details about how a CIA hacking tool, Bartender, was used in the field (which certainly would expose CIA officers, and probably NOCs).
  2. In 2015, when DevLAN went down, was Schulte called to fix the problem? How did he fix it? Schulte’s lawyer, Sabrina Shroff, had made much of the fact that when Schulte was at a conference he got called about DevLAN going down. It’s not directly related to any of his charges.
  3. Can you please reread what was found on Schulte’s home computer? This would have focused on deleted materials (and the lack of classified information), but given that Juror 5 almost certainly knew about the child porn allegations and there was a focus on Schulte’s hosting of movies, this may have been what they were looking for.
  4. Did GX 809 reference Schulte’s taking a drug (“took my last piece”)? If so, what was it? Was it regular use? This refers to part of one page of his prison notebook in which he discusses  taking his “last piece” and envisioning himself as a Cardinal. It is entirely unrelated to his charges.
  5. Is it confirmed that Schulte’s been diagnosed with Aspergers Syndrome? One of the very senior CIA managers suggested to another that Schulte might have Asperbergers. It is entirely unrelated to his charges.
  6. For Count One, is Altabackups inclusive of Brutal Kangaroo? Is it inclusive of OSB libraries? The backup that Schulte is alleged to have stolen included both the libraries (which were not leaked) and Brutal Kangaroo (materials on which were leaked), but it included far more, but the parties did not answer this because they weren’t sure whether this was a network question or a charging one.
  7. Where were OSB libraries housed/where did they live? They were part of Stash.

Note Four: Can we please have simplified badge times/formats for Schulte on 4/20/16 in a format similar to GX 115. One piece of evidence that Schulte did the reversion during which the backup sent to WikiLeaks was stolen was that he was the only one in his SCIF with his computer during the time the commands doing the reversion were entered into it. The badge records would show that. Jurors did get simplified badge records.

Note Five: In Exhibit GX 107, what does lock/unlock computer mean in columns Source and Type? Is the computer locking itself? What is someone unlocking? This pertains to something tracked on CIA badge records and was not explained in testimony.

Note Six includes four questions:

  1. Is there evidence that April 18 and 20 were the only two times in 2016 that Schulte left the vault last? April 18, the day Schulte allegedly conducted reconnaissance on the backup files, and April 20, the day he allegedly stole him were the only two days he was the last person in his SCIF at RDB (the time period for which may include just the last seven months he worked at CIA).
  2. What does mount the Altabackups mean? This refers to how the CIA networks were set up, and Schulte’s role in doing that.
  3. What does create data store mean? This pertains to testimony about one attempt Schulte made to regain access to files he had been booted from.
  4. When someone logs out of a virtual machine, what happens to the log files from that session? There was no testimony on this point (jurors likely asked it to try to assess whether Schulte’s buddy Michael could have stolen the files).

Note Seven (Exhibits 16-17, I think) asked for the transcripts of Michael Berger (the FBI forensics expert who presented evidence of Schulte’s efforts to wipe evidence at home) and Michael (Schulte’s buddy who took a screen cap of him deleting logs).

Note Eight: Jurors complained that one of the jurors, Juror 4, was not deliberating with the rest of the jury and coming in late.

Note Nine included two questions:

  1. Can we please have testimony from Richard Evanchec. Evanchec is one of the FBI agents that interviewed Schulte and searched his home, and so is central to the false statements charges.
  2. What testimonies covered GX 1305-8 and GX 1305-9. Can we please have transcripts about that. These are Schulte’s Google records, which Evanchec also testified about.

Note Ten: Juror five has prior information, probably including details of Schulte’s child porn charges. She also looked up one of the lawyers. It became clear in a later sidebar that this is the juror who had said something inappropriate to another juror, possibly about deliberations, on February 13, during the trial.

Note Eleven included two questions:

  1. What happened to Schulte’s computers and workstation after he went to Bloomberg (after November 10)? This is likely a question testing a theory about whether someone — possibly Michael? — could have altered logs on Schulte’s computer after he left on November 10, 2016.
  2. When and where was Rufus’s SSH key found? Was it found in the home directory or was it found forensically? Schulte had stored the key of someone, Rufus, who had had Admin access but left, on his home directory. He used it when he was deleting logs on April 20. Sabrina Shroff had gotten one witness to testify that it was very easy to access other people’s home drives, so this is likely another effort to test an alternate culprit theory.

There were two more questions today (which I’ll update on Monday when that transcript is released):

  • Something about the CFAA charge, suggesting jurors are not treating the reversion as a hack, but might be treating Schulte booting his colleague off Brutal Kangaroo as one.
  • Something about unanimity on charges, possibly relating to the leaks from jail.

And then jurors told the court that they’re only in agreement on two charges, but stuck on the others.

For the reasons I laid out here — as well as the two problem jurors — I’m not surprised about that. And given the questions, it seems clear that the extended focus on Schulte’s employment disputes at the CIA made at least some of the jurors sympathetic to the idea that someone at CIA framed Schulte. Keep in mind, too, that Schulte adopted the moniker Jason Bourne in prison, so he fed that idea. And — as Shroff noted in her close — there was no good reason to focus on the continued employment disputes that extended two months after Schulte allegedly stole the files.

When the CIA puts its formers on trial, in my opinion, it believes the general population will be as outraged by a violation of CIA’s sacred trust as they themselves are. That may be why prosecutors aired that entire nasty employment dispute. But that’s generally not the case outside of EDVA, especially not in SDNY.

Between that, and the forensic complexity of this case, it appears the jury is lost.

Reminder; Calyx Institute and other donors sprung for the transcripts of this trial.

The Joshua Schulte Jury Is Falling Apart

Even before Judge Paul Crotty dismissed a juror today for reading outside information and sharing it with another juror, it was clear that the jury was a mess. Going all the way back to February 13, a juror had said something to another juror that concerned him.

THE COURT: Okay. I got a note from a juror, and it deals with an incident that occurred on Thursday late in the day. He then left the courthouse. We asked him to put the report that he made to David on Thursday in writing, which he did on Tuesday morning. This is the note. I’m going to mark it as Court Exhibit 1. I made copies. So I don’t think we can resolve this now. But I wanted to call it to your attention right away.

[snip]

MS. SHROFF: It’s her belief. She’s not saying she can’t be impartial. She’s not deliberated. She’s voicing an opinion. And she also notes that that was a different — I mean, she’s saying she is a different kind of citizen. That’s what we want. A jury of peers.

Judge Crotty discussed that incident with the two sides on February 19.

Then, on the first day of deliberations Tuesday, the jurors sent a bunch of notes, including one with seven questions, several of them (the questions about the DevLAN outage, drugs, and Aspergers) entirely unrelated to Schulte’s guilt or innocence:

Message: What is included in Count Three? We aren’t sure what the purview is — articles, search warrants, tweets? (2) In 2015, when DevLAN went down, was Schulte called to fix the problem? How did he fix it? (3) Can you please reread what was found on Schulte’s home computer? (4) Did GX 809 reference Schulte’s taking a drug (“took my last piece”)? If so, what was it? Was it regular use? (5) Is it confirmed that Schulte’s been diagnosed with Aspergers Syndrome? (6) For Count One, is Altabackups inclusive of Brutal Kangaroo? Is it inclusive of OSB libraries? (7) Where were OSB libraries housed/where did they live?

While a number of the questions made sense, it was also clear that the jurors are confused about the forensic evidence, including multiple threads of evidence that show Schulte was at his computer typing in the commands that reverted the backup on the date the files were stolen.

But today, according to a note from Schulte’s lawyers, Juror 1 told the Court that Juror 5 had shared outside information with him.

The defense respectfully requests that the Court halt jury deliberations temporarily and conduct an individual voir dire of jurors 2–11 to ensure that they were not exposed to prejudicial extra-record information from former Juror 5. Such an inquiry is necessary because the Court currently only has the information received in the robing room from Juror 1 and former Juror 5.

The juror who got booted spoke to the press. She seems to believe Schulte did restore his own access to certain files (given her description, she seems focused on Brutal Kangaroo), but does not believe he is guilty of the most serious charges.

“Was he a naughty boy? Yes,” Wiesenberg said. “But did he do the final click? I don’t have evidence. I want solid proof that I wasn’t given by the parties. I don’t think he did it — the most serious charges.”

[snip]

The five-week trial established that Schulte improperly reinstated his administrative privileges to access secret information he’d been told to stay away from, according to Wiesenberg, who lives in the West Village.

“He felt entitled. This was his tool — he created it,” Wiesenberg said, referring to some of the hacking tools. But that didn’t make Schulte guilty of the most serious of 11 charged counts, she added.

Note that, given how little coverage of this case there has been, she probably would have had to go looking for outside information.

In their close, prosecutors didn’t point jurors to where, in the pile of evidence they’ve been presented over the last month, the details are that might prove each of the charges against Schulte (the evidence is there, but it’s highly technical). It’s unsurprising they’re confused. And now Schulte’s lawyers want to know what other outside information on the trial has gotten into jurors.

Update: The booted juror told they Post there are others who doubt Schulte’s guilt on the most serious charges.

Wiesenberg said the Schutle jury is divided, with people like her who believe the former CIA programmer to be not guilty of the worst leak in the spy agency’s history.

With One Dropped Charge and a Major Screw-up, Government in Remarkably Weak Position against Joshua Schulte

The outcome of the Joshua Schulte trial will be unresolved until closing arguments Monday and deliberation next week.

While parts of the case are circumstantial — because Schulte allegedly used TAILS, there’s no smoking gun showing him sharing stolen files with WikiLeaks — in my opinion the case against him is quite strong, particularly given really damning details from his prison notebooks talking about leaking to WikiLeaks.

But the government, having rested and rebutted the scant defense case, is in remarkably weak position right now.

That’s true, first of all, because the government has spent over two weeks trying to recover from an own goal, prosecutors’ failure to provide Schulte with advance notice that one of his closest buddies at the CIA, Michael, got put on paid leave last August because the CIA no longer trusts the developer because of his closeness to and lack of candor about Schulte. In reality, Michael should have been a key witness for prosecutors, providing proof that Schulte was at his computer and logged in when the reversion and copy of the files likely shared with WikiLeaks was accomplished. But because prosecutors didn’t fully disclose the report in real time, Schulte has flipped that on its head. The trial ended with the guy who wrote that report testifying on rebuttal about how this is still all about Schulte — effectively providing emphasis that the CIA maintains that Schulte is the culprit — but it interrupted the narrative arch of the government case.

Add that to the pace of the trial, which feels like a nasty employment dispute to which the massive breach of the CIA’s hacking tools became just a side-dispute. That’s often true of CIA trials — it certainly was for Jeffrey Sterling. But the long parade of CIA witnesses — Schulte’s buddy, two other colleagues, his boss, his boss’s boss, his boss’s boss’s boss, her boss, and then yet another boss, plus a CIA SysAdmin and a security guy — all describing a series of disputes escalating from a nerf gun fight to WikiLeaks burning the CIA’s hacking capabilities to the ground refocused the trial onto whether Schulte’s complaints had merit and not on what the forensic evidence showed.

And Sabrina Shroff did a superb job of defending not the forensic case (indeed, defense expert Steve Bellovin did not take the stand to float any of the alternate theories that Schulte has been offering for two years, and in so doing will leave Shroff to claim Michael could have accessed the backup without prosecutors having gotten him to admit that wouldn’t have worked), but instead arguing that her client was maligned by the entire CIA. The boss, the boss’s boss, the boss’s boss’s boss, the boss’s boss’s boss’s boss, and then the senior-most boss are all lined up against Schulte for being an asshole. She even defused utterly damning notes about working with Russia (which I’ll return to). From the transcripts, it seemed like Shroff rattled a good many government witnesses, too, and a number of them (one of the FBI agents and the classification expert, especially) seemed to come off as unresponsive as a result.

And on a potentially significant point, FBI Agent Evan James Schlessinger’s unresponsiveness deprived the government of an opportunity to rebut something the defense will do in its close. The defense entered a stipulation that Schulte had been thrown into the SHU on October 1, 2018, before the Bureau of Prisons found the phone he allegedly used to leak classified information to Shane Harris. The phone continued to be used, probably by Schulte’s roommate Omar Amanat, for whom Schulte was writing an expert report. Somebody–again, probably Amanat–sent a Signal text to Harris on October 2, saying “Hi Shane, the anon email is down since Sunday evening Can you resend your questions to [email protected] thanks.” That text seems to be proof that no one besides Schulte had the password to the other email account, [email protected], but the FBI Agent didn’t take this point head on when he could have.

Two weeks ago, one juror apparently complained about another, suggesting she was already making up her mind. Whatever the complaint, the defense seemed to welcome it, which given the focus on the employment dispute may mean the juror sees that dispute as contested.

Finally, the government dropped one of its charges today, eliminating the Illegal Transmission of Lawfully Possessed National Defense Information (Count Two in the superseding indictment). The government dropped it to avoid confusing the jury about whether Schulte had legal access to the files that he stole. But the discussion about it leads me to think the defense could argue that Schulte had legal access to some of the files he sent to WikiLeaks, thereby getting off on that charge. If the jury convicts, that dropped charge won’t much matter in the grand scheme of things. And even an acquittal would not spring Schulte from jail, because he still faces child porn charges.

Still, I have to applaud the job that Shroff and Schulte’s other attorneys did, because she did a remarkable job with one of the most nightmarish clients. She certainly put a lot out there that might lead jurors to find there is a reasonable doubt about this.

And much of that comes from the government being dickish.

The State of Play: Joshua Schulte and Julian Assange

Last year, it looked like the Joshua Schulte trial, rescheduled in the fall to start January 13, would be done before the extradition hearing for Julian Assange started. Two things changed since then: Schulte got a delay until February 3, and then last month, Assange convinced Judge Vanessa Baraitser to split his extradition hearing into two, the first part lasting a week starting Monday, and then resuming on May 18 for three more weeks.

As a result, both men are in court during the same week, intersecting in interesting ways.

Thus far, Assange’s argument is threefold:

  1. His prosecution is hopelessly political, merely retaliation by the hated President that Assange helped elect, Donald Trump
  2. The evidence in the case against Assange is so weak as to be abusive
  3. A person cannot be extradited for political crimes like the Espionage Act

The first argument is a load of horseshit covering up the fact that the timing of the treatment of WikiLeaks as a non-state hostile intelligence service, the increased surveillance of Assange, and the initial December 21, 2017 charge all stem from WikiLeaks’ burning the CIA by publishing all its hacking tools. It’s horseshit, but it garners a lot of enthusiasm among WikiLeaks supporters who like to conveniently forget that, whatever Assange’s motivations were in 2010 (when he engaged in the acts he is charged with), he nevertheless helped Russia help Trump get elected. That said, even though the claims about what changed in 2017 are horseshit, it doesn’t change that the existing charges against Assange pose a real danger to journalism.

The second argument is far stronger. For each of the theories of prosecution under which Assange is charged — attempting to help Chelsea Manning crack a password, soliciting certain files via WikiLeaks’ wish list, and publishing a bunch of files in which the names of US and British sources were later revealed — Assange has at least a credible defense. Assange never succeeded, and could not have succeeded, in cracking that password. Manning didn’t leak the precise files that WikiLeaks had on its wish list (though did leak some of the same sets). WikiLeaks originally went to some effort to redact the names of sources, only to have a Guardian journalist release the password revealing them. Mind you, the extradition hearing is not the trial itself, so for these defenses to be relevant, WikiLeaks has to prove that the case against Assange is abusively weak.

The third argument, which is being argued today, is a more interesting legal question. Assange claims that the existing Anglo-US extradition treaty, passed in 2003, still prohibits extradition for political offenses like theEspionage Act. The US argues that Assange’s extradition is governed by the Extradition Act of 2003, which did not include such a bar (and also disagrees that these are political crimes). The lawyers are even arguing about the Magna Carta! Judge Vanessa Baraitser seems inclined to side with the US on this point, but the question will surely be appealed. Mind you, one of the charges against Assange, CFAA, is in no way a political offense, and the UK has not barred its own citizens, much less foreign citizens hanging out in foreign embassies, from being extradited on the charge (though several hackers, most recently Lauri Love, have challenged their extradition to the US for CFAA on other grounds).

Yesterday, Assange’s defense spent a good deal of time making the second argument. The US didn’t respond. Rather, it said it would deal with those issues in the May hearing.

Meanwhile, the Schulte trial is wrapping up, with Schulte doing little to mount a defense, but instead preparing an appeal. Yesterday, Schulte asked that an instruction on the defendant not testifying be added to the jury instructions (normally, these are included from the start, but Schulte has been claiming he would testify all this time). Today, Schulte told the court that Steve Bellovin won’t testify because he never got access to all the data Judge Paul Crotty ruled he couldn’t have access to (not mentioning, however, that the restrictions stemmed from Crotty’s own CIPA judgment).

I’m still unclear on the status of the witness, Michael. Schulte is trying to submit his CIA investigative report in lieu of finishing cross-examination (which is where things had left off). But it still seems possible that Crotty would require his testimony to be resumed, giving the government another opportunity to redirect his testimony. This is all likely happening today, but given that there’s so little coverage of the trial, we won’t know until Thursday.

Before all this happened, however, the jailhouse informant provided very damning testimony against Schulte, not only describing how Schulte obtained a phone (swapping an iPhone for a Samsung that he could load all the apps he wanted on it), but also claiming that Schulte said, “Russia had to help him with what he was doing,” launching an information war.” I had learned of similar allegations of ties or willingness to forge them with Russia via several sources in the past. And Schulte’s own jailroom notebooks include hints of the same, such as a bullet point describing how Russia could help the US “destroy itself.”

And his final plan — which the informant alerted his handlers to just before Schulte launched it — included some “Russia pieces.”

As part of the same plan to get fellow SysAdmins to leak all their secrets to WikiLeaks, then, Joshua Schulte was also hoping to encourage Russia to attack the US.

I’ve long said the Vault 7 case, if it were ever added to Julian Assange’s charges (including an extortion charge, which would also not be a political crime), would be far more damning and defensible than the ones currently charged. Filings from November suggested that the government had come to think of Schulte’s leaks to WikiLeaks as the last overt act in an ongoing conspiracy against the United States.

And by 2018, Schulte had come to see leaking to WikiLeaks as part of the same plan encouraging Russian attacks on the US, precisely the allegation WikiLeaks has spent years trying to deny, especially in the wake of Assange’s cooperation in Russia’s election year operation.

It’s not clear whether the US will add any evidence to the original 2010 charges against Assange before May (though Alexa O’Brien has pointed to where additional evidence might be), but the statement they’re waiting until then to rebut the solid defense that WikiLeaks is now offering suggests they might. That might reflect a hope that more coercion against Chelsea Manning will produce that additional evidence (she has renewed her bid to be released, arguing that such coercion has obviously failed). Or it might suggest they’ve got plans to lay out a broader conspiracy if and when Schulte is convicted.

Assange’s lawyers pushed for the delay to May in the first place. If the US government uses the extra time to add charges related to Vault 7, though, the delay may make a significant difference in the posture of the case.

Steve Bellovin Weighs in on the Schulte Mistrial Request

Steve Bellovin, who for the reasons I laid out in this post, has impeccable credibility, has now weighed in on accused Vault 7 leaker Joshua Schulte’s bid for a mistrial. Bellovin is Schulte’s technical expert, and lost a bid last August to get direct forensic access to the workstation and servers at issue in his case.

The current bid for a mistrial is based on two complaints: first, DOJ withheld notice that the CIA had put Schulte’s buddy, Michael, on paid administrative leave last August until the day Michael testified. In addition, Schulte argued they had gotten inadequate forensic discovery to challenge the government’s case.

Ultimately, I think this bid — even with Bellovin’s renewed request — will likely not work. With regards to the forensics demand, this is really a complaint about a decision Judge Paul Crotty made under the Classified Information Procedures Act last summer, which Schulte renewed based off unpersuasive claims about the scope of one of the testimony of one of the government’s expert witness, Patrick Leedom, at trial. Schulte certainly can and no doubt will appeal Crotty’s decision, but the government claimed in its response that the defense didn’t make the more tailored requests for information that were permitted under Crotty’s order.

While the defendant has maintained his stubborn insistence on full forensic images, he has failed to actually make use of the information the Government provided, such as the data on the Standalone, to explain why the discovery produced by the Government was inadequate, or to take the Court up on its repeated invitation to the defense to make more narrow requests. In United States v. Hill, the court did order the Government to produce two mirror images of hard drives containing child pornography to the defense. See 322 F. Supp. 2d 1081, 1091 (C.D. Cal. 2004). Hill, however, does not involve the requested disclosure of an unprecedented and staggering amount of classified information without a showing that the information would be both “relevant and helpful,” as required by CIPA.2

With regards to the late notice about Michael’s paid leave, I think (though am not certain) that this is actually a Jencks issue, and I think (though am not certain) the government did comply with the letter of the law even if withholding the report was dickish and unnecessary.

In his declaration, Bellovin makes a frivolous point about Michael as an excuse to complain about both issues raised in the mistrial motion: that there was a common password to Confluence that Michael could have used to access the backup files from which Schulte allegedly stole the files.

The government makes a number of specific assertions that are misleading or simply false. For example, the government states that certain FBI reports “make clear that Michael never had Atlassian administrator privileges and thus did not have the ability to access or copy the Altabackups (from which the Vault 7 information was stolen).” Gov’t Opp. at 8. As a simple factual matter, this statement is untrue. The possession of “Atlassian administrator privileges” had nothing to do with the ability to access or copy the Altabackup files. Rather, what was needed was log-in access, i.e., a working user name and password, to the Confluence Virtual Machine (or “VM”). Michael certainly had such log-in access. As shown in Leedom Slide 60 (GX 1207-10 and GX 1207-11), which is described as “April 16, 2016 Confluence Backup— password and shadow files,” a user name called “confluence” is listed (Slide 60, GX 1207-11, third line from the bottom). The password for this user name was listed on a web page that was accessible to all OSB members, including Michael, and was used for many other log-ins throughout the organization. See GX 1202-5 (listing one commonly used password as “123ABCdef.”). This password was valid both before and after April 16, 2016. So if Michael had simply typed that password into the Confluence VM on April 20, 2016, along with the user name “confluence,” he would have had access to the Altabackup files from which the Vault 7 information was allegedly taken.

Not only has the defense known this for over a year, I even pointed to the availability of root passwords days after the initial leak in March 2017. So nothing about the late notice on Michael prevented Schulte from arguing this from the start. Moreover, this is something the government already addressed in their response.

 Finally, the defense complains that he should have been able to examine the Confluence virtual machine to determine whether another user had “root” access, such as Michael. Again, the defendant’s argument fails. Initially, the defendant has been on notice since December 10, 2018 that Michael had “root” access to the ESXi Server, given that that fact was referenced in three different 302s produced to the defense at that time. Moreover, the defense has been provided with the available ESXi Server logs in discovery, such that he could have tried to determine whether any other user was logged in using the “root” password (there was not any such other user logged in during the reversion). Furthermore, to extent the defendant is complaining about the Confluence log files specifically, his assertion fails for two reasons. First, the Confluence log files of the activity on the Confluence virtual machine were deleted when the defendant reversed the reversion. Second, the Government produced to the defense the remaining Confluence application logs from April 7, 2016 through April 25, 2016 on June 14, 2019.

I remain sympathetic to Bellovin’s request in principle, but doubt that it will work legally in this instance. Plus, given Sabrina Shroff’s strategy on everything else, it seems they didn’t make the expanded requests earlier to leave open this opportunity to complain now.

What happens on appeal is a different issue though, one that goes to the heart of how CIPA gets applied in a computer hacking case like this. The government has, successfully, argued that the forensics of this case amount to classified information that must first qualify under the CIPA requirement that evidence is both relevant and helpful to the defense. I’m reasonably comfortable that the government has given Schulte enough forensics to test their theory of the case — that is, to test whether Schulte did revert backups on April 20, 2016 and access — and so presumably copy — the backup copy of the files published by WikiLeaks. But there are two questions they didn’t provide enough forensics to answer.

The first pertains to whether anyone else ever used the weak protections of these servers to do anything suspicious.

It’s clear that one prong of whatever defense Schulte will offer (and therefore what Bellovin will do in his testimony) is that CIA’s security was woefully inadequate, both in their physical space (Schulte was able to bring in thumb drives on at least two occasions and, the prosecution’s case suggests, even two hard drives) and digitally. Schulte’s lawyers have already brought out aspects of this on cross. What Bellovin won’t be able to do (aside from pointing to a time someone swapped the cables accessing the Internet, which resulted in a massive effort to clean up any data pollution of the CIA network) is point to any damage from real security incidents, aside from Schulte’s. And while that’s not necessary to rebut the government’s theory of the case, it is a part of arguing that Schulte was concerned about security himself (a claim that multiple witnesses have already credibly debunked) but also that the government was not making sufficient efforts to keep this National Defense Information secure, which is an element of the Espionage Act charges.

A far more interesting question pertains to the evidence against Schulte. Schulte is accused of stealing both the “Confluence” files — which are development notes — and “Stash” — which includes source code and user guides. The entirety of the Confluence files were posted on WikiLeaks on March 7, 2017, whereas a bunch of files from Stash were published, drip by drip, until November 2017.

The government has presented a compelling case that Schulte accessed a March 3, 2016 copy of Confluence and made a copy, based on existing logs of that back-up.

But it has not been able to do the same with Stash, I believe because the log files were deleted after the reversions that Schulte did on April 20, 2016, as elicited in cross-examination of “Dave,” the SysAdmin witness.

Q. That was confusing, you saying “yes,” me saying “okay.” Let’s talk about these missing Stash logs, okay? You said that you never would have in a security system or in a secure system lose logs, correct? A. Correct.

Q. And you were asked about missing logs, correct, missing logs from January 14 to April 21, correct? You remember that?

A. I’m sorry, I apologize, not really. But if it’s in the report, I may have talked about it.

Q. Let’s look at 3515-09. Page four. You were asked about missing logs from January 14 to April 21, 2016. Correct?

A. Is this — which exhibit is this? I apologize. I don’t have the right — do I have the right one?

The government has instead tracked file sizes and a copy date range to suggest that Schulte copied those files on that same date, here in testimony from expert witness Michael Berger.

Q. So what was your conclusion as to when the data, the range for the data?

A. For Stash we identified the range of data being from February 26, 2016, at 9:36 a.m., and March 4, 2016, at 9:45 a.m.

Q. Can you remind us, was there an identical hash for the marble file at March 1st?

A. Yes, there was.

Q. Was there a reason why you didn’t use March 1st here instead of February 26?

A. Yes.

Q. What’s that?

A. The reason is because that the files were identical, we didn’t want to assume that the data had to have come after March 1st. We took a more conservative approach and we slid our date back to being as possibly coming from after February 26 instead.

[snip]

Q. Let’s move on to the next. What does this reflect?

A. This reflects both the Stash and Confluence analysis. Looking at Stash, we can see that the data that was on WikiLeaks corresponds to the data from between February 26, at 9:36 a.m. and March 4, at 9:45 a.m. Looking at the Confluence data points, we’re able to get a smaller window that shows between March 2, 3:58 p.m. and March 3, at 6:47 a.m.

To some degree this doesn’t matter: leaking Confluence by itself would be a violation of the Espionage Act and so sufficient for guilty verdicts. But absent that evidence, the defense will be able to point to other questions about the Stash back-up made during the change in privileges on April 18, 2016, notably that the SysAdmin who changed privileges to the network on April 18, 2016, Dave, kept one copy on his desk and one copy on a hard drive he subsequently misplaced.

Q. You never told the FBI, did you, that you ever moved it to a locked compartment in your desk, correct?

A. Correct.

Q. And you also said that you actually couldn’t even recall if you had wiped the information about Stash off of that hard drive, correct?

A. Correct.

Q. And sitting here today, you have not a clue as to where that hard drive is, correct?

A. No, I don’t.

I don’t rule out Schulte using someone else’s privileges to delete the Stash logs (for example, he had and used the credentials of “Rufus,” a guy who was supposed to work in SysAdmin but moved on after a short period, in his April 20 hack). But the government hasn’t shown that, perhaps because doing so would implicate one of their key witnesses.

Given the cross of Patrick Leedom, I think it quite likely Schulte’s team knows what happened and plans to unveil it to maximal advantage during their defense.

Q. And according to you and the government, shortly afterward, during this reversion period, the theory is that he also accessed the Stash backup file, correct?

A. That would be correct.

Bellovin may have a very good idea of where such evidence would be — I’m particularly intrigued by this request, because the government doesn’t appear to understand why Bellovin asked for it — and may even know, via Schulte (who spent a lot of time on obfuscation) that it would look exculpatory (but that’s based on the government’s response, not any understanding of what this might show).

The defendant argues that he could not test the vulnerability of the “DS00 file system,” without access to the mirror image of the NetApp Server. The defendant does not explain why this forensic artifact would demonstrate any vulnerabilities or how any part of Mr. Leedom’s testimony-which did not reference the file system-implicated this assertion. Therefore, the defendant has not established that a mistrial is required based on this claim.

Then there’s a far more interesting question. As of the date of completion of a WikiLeaks Task Force Report on October 17, 2017, as brought in via the testimony of Sean Roche, the CIA had only moderate confidence that WikiLeaks hadn’t obtained the “gold repository” of finished exploits.

Q. Right. All you know is, in 2017, WikiLeaks published it, correct?

A. That’s correct.

Q. And did you by any chance learn that even after 2017 publication, the CIA still did not know whether or not WikiLeaks had the information from the gold repository?

MR. DENTON: Objection.

THE COURT: Overruled.

A. Could you repeat that, please, ma’am.

Q. Sure. Is it fair to say, sir, that the CIA slash you still don’t know if WikiLeaks has the gold repository?

THE COURT: Rebecca, could you read the question back, please. (The record was read)

A. I believe that represents the last conversation I had on what is called the gold repository.

Q. So I’m correct.

A. Yes.

Q. CIA still doesn’t know?

A. I don’t know that, ma’am. I don’t work there anymore.

Q. You know what the WikiLeaks task force report is?

A. Yes, I do.

Q. Could you pull that up for this gentleman, please. Are you happier with a paper copy or the screen?

A. We can do this.

Q. Could we just go to page 45. Could you just focus on the actual text. You see that line, “However we now assess with moderate confidence”?

A. Yes.

Q. Right. “Moderate confidence that WikiLeaks does not possess the gold folder,” correct?

A. Correct.

This is clearly testimony prosecutor David Denton did not want to come in.

That moderate confidence judgment appears to be based on Leedom’s analysis of what privileges Schulte himself had.

Q. You see there a folder at the bottom, “source code and binary gold copies”?

A. Yes.

Q. What are those?

A. These are the delivered completed tools from the work at EDG.

[snip]

Q: Would the defendant have been able to copy the gold source folders?

A: No, he would not have had access to it with his DevLAN account.

But given Schulte’s own behavior, it’s not clear this analysis can rule out the possibility Schulte took the gold repository.

One of the last events in Schulte’s never-ending escalation of grievances came when he sent an email on June 28, 2016 to Meroe Park, the CIA Executive Director (the #3 ranking official at CIA), Andrew Hallmen, who was then the Director of the Directorate of Digital Innovation (and just got ousted as Deputy Director of National Intelligence in the purge of ODNI last week), and Sean Roche, the Deputy Director of DDI. This came in the wake of Schulte first obtaining privileges to his old project, Brutal Kangaroo, and then booting all the other developers off it. In response to the email, as laid in Roche’s testimony, Roche first responded immediately via email and then had a meeting with Schulte on June 30, 2016. In the meeting with the senior most official Schulte met with, he insinuated he still might get his administrator privileges back.

Q. What did you mean when you say you asked him about permissions?

A. On the system that he was working on, an agency network, his — he had — his permissions had been changed, and when his management explained to him, he went back in and changed his permissions back to get access again, and they had issued a letter of warning to him explaining how serious that was and that that behavior is not acceptable.

Q. Why was that something you discussed with him?

A. Because of how serious the nature of that is. Activity on any system that holds agency data, agency tools, things that we call sources and methods, is — is — it is very, very important that we not have a doubt about what people have access to and maintain the integrity and the protection of that information.

Q. What did you discuss with him about his permission changes?

A. I said to him something to the effect of in the post-Edward Snowden era, you don’t do something like that. That’s going to draw attention that you certainly don’t want. It’s really serious, and you cannot be taking that kind of action.

Q. And how did he respond?

A. He talked a little bit about the project that he had been working on and some new work that he had been given, and he was not pleased with it. But at one point, he stopped and he looked at me and said, You know, I could get back on it if I wanted to, something to — that’s not — I won’t say that’s the exact quote, but it’s pretty darn close.

Q. Now, when he said that, did you understand him to be raising a security concern about the network?

A. No. What I, what I realized — it was a striking comment because, to me, it illustrated that after everything that had happened, all the warnings, all of this formal process, that he was determined to undermine the controls on the network.

Brutal Kangaroo is a USB-based tool to exfiltrate from air-gapped machines. Schulte unsuccessfully attempted to delete the copy of Brutal Kangaroo he had worked on at home on April 28, 2016. But he regained access at CIA in June. He also had worked on serious obfuscation tools.

Given the state of the CIA networks, it’s not impossible that Schulte made good on that threat using tools built by the CIA to make it difficult for the CIA to discover if it happened.

Not long after, in August 2016, according to warrant affidavits the substance of which have not yet been entered into evidence at the trial (they’re likely to come in early this week via an FBI Agent laying out the evidence of the rest of the charges, including obstruction and lies in FBI interviews as well as the MCC charges), Schulte started getting really interested in WikiLeaks and Shadow Brokers and Edward Snowden.

Schulte stuck around months after he allegedly first stole data from the CIA, and he threatened a very senior official that he might regain access that would allow him to do so again.

Having access to logs that might suggest that had or had not happened wouldn’t help Bellovin refute the case against him. But it might hide details of still worse compromise that the CIA would like to keep quiet.

I think Schulte can — and will attempt to, on appeal — argue that the forensics behind a hack are a different kind of classified evidence than intelligence itself (that is, information about what the intelligence community knows), both because it is neutral data about potential compromise and because you can’t just substitute a name like you can for other intelligence. In this case, it goes to the heart of a dispute about whether the CIA was really doing what it needed to do to keep these files safe. The evidence doesn’t suggest that Schulte gave a damn about all that; on the contrary, he clearly exploited it. But it’s evidence he can make a claim to need to rebut the Espionage Act charges against him.

But I also wonder whether the CIA refused to grant Bellovin access in this case (who, as I’ve noted, has been trusted by the government in other programmatic ways, including as the technical advisor to PCLOB) not because of any exculpatory evidence they were hiding, but because of inculpatory evidence.

Update: Yikes. The government submitted a scathing “correction” of Bellovin’s declaration.

The Bellovin Affidavit asserts that the log files from the ESXi server produced by the Government in discovery were “demonstrably damaged” as a “result of prior forensic examination.” However, on or about June 14, 2019, in response to the defense’s request, the Government produced unmodified copies in their original format of both log files and unallocated space from the ESXi server.

The Bellovin Affidavit also asserts that the Government only provided “heavily redacted” versions of the Confluence databases, and not “a full copy of the SQL file.” On or about November 5, 2019, the Government provided defense counsel and the defendant’s expert access to a standalone computer at the CCI Office containing, among other things, (1) complete, unredacted copies of the March 2 and 3, 2016 Confluence databases (i.e., a “full copy of the SQL file”) and all of the Confluence data points used by Michael Berger, one of the Government’s expert witnesses, to conduct his timing analysis; (2) complete, unredacted copies of the Stash repositories for the tools for which source code had been released by WikiLeaks; (3) complete, unredacted copies of all Stash documentation released by WikiLeaks; and (4) all commit logs for all projects released by WikiLeaks, redacting only usernames. The Government understands that Dr. Bellovin examined the standalone computer at the CCI Office in December 2019.

It also suggests that Bellovin’s assertion that the Confluence root password would give Michael access to the backups is wrong, but won’t explain why until Bellovin takes the stand.

Finally, the Government does not address Dr. Bellovin’s incorrect assertions regarding Michael’s access to the Altabackups in this letter. Should Dr. Bellovin testify, the Government will cross-examine him regarding, among others, those substantive matters (using information that has already been produced to the defense in discovery). The Government notes, however, that, to assert incorrectly that Michael had access to the Altabackups, Dr. Bellovin relies on information that has been available to him since well before trial, such as the screenshot taken by Michael on April 20, 2016, which was produced by the Government to the defense in December 2018, and data for the Confluence virtual machine, which was produced by the Government to the defense by July 2019, and not on any information disclosed by the Government regarding Michael’s administrative leave status during trial.

Schulte may be yanking Bellovin’s chain on this claim.

CIA Put Joshua Schulte’s Buddy on Administrative Leave Last August

Update, 2/21/20: This post has been updated reflecting the DOJ response to Schulte’s bid for a mistrial based on this dispute. The response makes quite clear that the administrative leave pertains only to concerns about Michael’s candor regarding Schulte’s behavior.

Neither the Government nor the CIA believes anyone else was involved, and the defendant’s claims otherwise are based on a distorted reading of the CIA memorandum placing Michael on administrative leave (the “CIA Memorandum”). The CIA Memorandum explicitly states that Michael was placed on leave because of concerns he was not providing information about the defendant (not that he is a suspect in the theft); the Government has confirmed with the author of that memorandum that the memorandum was not intended to suggest that it was Michael rather than the defendant who stole the Vault 7 Information; and, in any event, the defendant has had all of the relevant information underlying the CIA Memorandum for months in advance of trial.

There was some drama at the end of last week’s testimony in the trial of accused Vault 7 leaker, Joshua Schulte. Schulte’s lawyers forced the government to admit that Schulte’s buddy, testifying under the name, “Michael,” is on paid leave from the CIA for lack of candor.

It turns out “Michael” got put on paid leave in August 2019, shortly after his seventh interview as part of the investigation (his interview dates, based DOJ’s response off Shroff’s cross-examination, were March 16, 2017, June 1, 2017, June 2, 2017, June 6, 2017, August 30, 2017, March 8, 2018, August 16, 2019, and January 13, 2020).

While prosecutors provided Schulte the underlying interview reports (the last one wasn’t even a 302 because prosecutors led the interview, with just one FBI agent present, possibly as part of pre-trial prep), they withheld documents explaining the personnel change until providing part of the documentation the night before Michael’s testimony starting on February 12. Technically, that late notice probably complied with Jencks, but once Judge Paul Crotty realized what documentation had been shared with whom, he granted the defense request for a continuance of Michael’s testimony so they could better understand the implications. Withholding the information was a dickish move on the part of the prosecutors.

The question is, why prosecutors did this, why they withheld information that might be deemed key to a fair trial.

I don’t think defense counsel Sabrina Shroff’s seeming take — that the government tried to hide Michael’s personnel status to hide that they were (purportedly) coercing him to get his story “to morph a little,” to testify in the way he had on threat of false statements charges and certain firing from the CIA — makes sense. That’s because, on the two key issues he testified about, Michael testified in roughly the same way in court as he did in FBI interviews in the wake of the Vault 7 disclosure.

On the stand under direct examination, Michael explained how he told his and Schulte’s colleague, Jeremy Weber, to take away Schulte’s access because he feared Schulte would respond to losing access to his own projects by restoring that access, which would lead to significant trouble.

Q. Did you ever speak with Mr. Weber about the defendant’s anger?

A. Yes.

Q. What did you talk about?

A. We didn’t talk about his anger per se. But, I told Jeremy that he should remove all of Josh’s admin accesses.

Q. Why did you ask Mr. Weber to do that?

A. I felt like Jeremy was kind of, like, setting him up. I knew that Josh was mad at Jeremy, and that he was putting him in a position where Josh had the ability or the access to change permissions on the project in question. And that he would do that because he didn’t respect Jeremy’s authority.

As Shroff elicited on cross-examination, Michael told the FBI something very similar on August 30, 2017.

Q. And it is in this meeting, if you remember, that you told the FBI that, in your opinion, Mr. Weber was setting Mr. Schulte up. Do you remember that?

A. I remember feeling that way.

Q. Okay. By that you mean that you thought Mr. Weber was setting Mr. Schulte up to fail at his job at the CIA, right?

A. I thought he was — baiting him into using his accesses, for a lack of a better word.

[snip]

A. Yeah, I thought he was setting — he was creating circumstances where he knew that Josh had access to change permissions on the server, Josh was an admin. He was telling Josh you cannot do this. But Josh technically could do that, right, he had the technical capability to do that. So, Josh was going to do that.

Q. Okay. You told Mr. Weber your concern?

A. Yes.

Q. And Mr. Weber said butt out, correct?

A. Yes, in summary. Mr. Weber said butt out.

Likewise, last week the government got Michael to explain how, on April 20, 2016 (the day the government alleges Schulte stole the Vault 7 files) Schulte first invited Michael to work out at the gym as they normally would, but then didn’t respond for an hour, at which point Michael witnessed — and took a screen cap of — Schulte deleting log files, which means Schulte’s buddy documented in real time as his buddy stole the files.

Q. It is a little difficult, so let’s blow up the left side of the screen. Do you recognize what we’re looking at?

A. Yes.

Q. How do you recognize it?

A. It is a screenshot I took.

Q. What is it a screenshot of?

A. It a screenshot of, in the bottom you can see a VM being reverted and then a snapshot removed.

Q. It is a screenshot of a computer screen?

A. Yes, of my computer screen.

Q. What date and time did you take this screenshot?

A. The date was April 20, and time was 6:56 p.m.

Q. What year was that?

A. 2016.

Michael explained his past testimony to the FBI to Shroff using much the same story (though she used a different screen cap that may be of import).

Q. Uh-huh.

A. I believe I was trying to dig into what the screenshot meant. I was unsure. You know, I took the screenshot because I was concerned, and then I tried to validate those concerns by determining did a person do these reverts, or was this a system action? This is me trying to dig into that. I have debug view open to see if there was any debug messages about reverting the VMs or something. That could have been there already. I don’t know. But specifically this command prompt here that you see, this black-and-white text, the command prompt, I was looking at IP addresses.

Q. And did you do that on the same day, or you did this later?

[snip]

Q. And you don’t see anything before the start time of 6:55?

A. Yeah. I don’t see anything before 6:55 — or I see 6:51.

Q. Right, but you’re saying that even though your vSphere was running, you didn’t see any April 16 snapshot?

A. Yeah. I don’t see an April 16 snapshot.

On redirect prosecutors will have Michael make it clear that the reason he didn’t see an April 16 snapshot is because it had been deleted, making this a damning admission, not a helpful one.

So knowing that the CIA has concerns that Michael isn’t telling the truth about all this doesn’t help Shroff rebut the most damning details of Michael’s testimony: that one of Schulte’s closest friends at CIA tried to intervene to prevent Schulte from doing something stupid before it happened, and the same friend happened to get online and capture proof of it happening in real time.

Nor does it help her rebut another damning detail from Michael’s testimony, a description of how a rubber band fight between him and Schulte led to Michael hitting Schulte physically.

Q. Could you just describe generally what happened.

A. Sure. On that day, Josh hit me with a rubber band, I hit him back with a rubber band. This went back and forth until late at night. I hit him with a rubber band and then ran away before he could hit me back. He trashed my desk. I trashed his desk. And then I was backed up against Jeremy’s desk and Josh was looking at me, kind of coming towards me. And something came over me and I just hit him.

This might seem, if you’re the NYT trying to cull the trial record for glimpses of the banality of CIA cubicle life, like an innocuous detail. But it’s not. Schulte’s defense, such as he has offered one so far, is that he had a real gripe with a colleague, Amol, which escalated into both being moved, him losing his SysAdmin access, which led to his retaliation against the CIA. But what Amol did was take Schulte’s Nerf darts away when they landed on his desk and make verbal — but never physical — attacks against Schulte. Yet Schulte obtained a restraining order against Amol, not against Michael, the guy who really had physically hit him. This rubber band fight with Michael, as juvenile as it seems, actually undermines Schulte’s claim that his complaint against Amol made sense.

Meanwhile, Shroff herself seems to have brought out the detail that led to CIA’s personnel action (and which Judge Crotty argued prosecutors had withheld by not sharing the full CIA notice). On direct, Michael told prosecutor Sidhardha Kamaraju that he stopped digging to find out what had happened because he remembered that he was using a regular user account that — he couldn’t remember — might not have the right permissions to view logs.

Q. Did that seem strange to you that there were no log files there?

A. Yes. At first this was strange to me.

Q. Why did you think it was strange at first?

A. Just because, a system managing this many VMs should have lots of logs.

Q. Did you try to find out why there weren’t any log files there?

A. I did some more digging, yes.

Q. What did you think as a result of your digging?

A. I remembered that this account that I was using was a regular user account, and I couldn’t remember if the regular user accounts had administrative permissions to view logs.

But as Shroff had him explain on cross, Michael told the FBI that Schulte had given him “pseudo creds” to one of his virtual machines. He told them that almost three months before the FBI first asked him about the screen cap showing Schulte delete logs.

Q. No, it’s not correct? What is it then?

A. This is a VM that he would have run on his DevLAN machine.

Q. So it is a virtual machine that he ran on his own DevLAN, correct?

A. Yes.

Q. Okay. So it says “Josh.” Correct?

A. Yes.

Q. Then it says “Michael,” correct?

A. Yes.

Q. And then it says “other,” correct?

A. Yes.

Q. And they asked you about this document, correct?

A. Yes.

Q. And you told them, did you not, that Josh had given you what you turned as a phrase “pseudo creds,” correct?

A. I don’t remember specific wording but, yes. I believe he gave me pseudo accesses to this VM.

[snip]

Q. And then you told them that you probably had root access to the machine to do with it what you wanted, correct?

A. Yes. If I had pseudo creds, then that’s true.

Q. They asked you if you were surprised to find out that you shared a VM with Josh, and you said no, correct?

This is a reference to “sudo” credentials, which is root access. The government response makes it clear that Michael had administrative access, using the “root” password, to the ESXi server, but did not have admin access to the Atlassian suite, which is what Schulte alleged used to steal the documents.

Michael’s “system administrator” privileges were well-documented in the reports of the FBI interviews. Indeed, Michael’s “system administrator privileges” were discussed in at least three different interviews, one of Michael and the other two of Mr. Weber:

  • In a March 22, 2017 interview, Weber stated that “Michael, [the defendant], [Weber], and [Matt] had administrative access to the ESXi server …. A root password was required to directly log into the ESXi server and this password was shared on OSB’s Confluence page that all of OSB had access to.” CLASSIFIED JAS _ 001318 – 001320 ( emphasis added).
  • In a May 26, 2017 interview, Weber stated that he “believed that [Matt] and [Michael] were possibly added as [ESXi] administrators later.” CLASSIFIED JAS 010153 – 010159.
  • In a March 8, 2018 interview, Michael explained the relevant distinction in administrative privileges: “There is a difference between being considered an Atlassian administrator and having the root password for the ESXi server. The root password for the ESXi server was likely needed to create and control VMs, which are frequently used by developers for testing. [Michael] believed he used the ESXi root password to create VMs. The status of being an Atlassian administrator is reflected in the user’s domain credentials. [Michael] is not aware of how to get access to Atlassian as an administrator.” CLASSIFIED JAS _ O I 0514 ( emphasis added).

These reports make clear that Michael never had Atlassian administrator privileges, and thus did not have the ability to access or copy the Altabackups (from which the Vault 7 Information was stolen).

Still, that part of his testimony hasn’t changed. And CIA would have known about all this by August 2017, two years before they put Michael on administrative leave.

And curiously, having had this information for quite some time, Schulte never tried to suggest that Michael could have conducted the theft while using Schulte’s credentials.

Thus far, it looks like the CIA moved Michael to administrative leave not to change his pre-August 2019 testimony — because that hasn’t changed — but out of concern that Michael learned about Schulte’s actions in real time but didn’t tell anyone, not in 2016 when the CIA could have done something about it, nor immediately after the Vault 7 publication. It wasn’t until the FBI discovered the screen cap and asked Michael about it in August 2017 that he told this story.

Q. Is it fair to say, sir, by the time the FBI showed it to you, you had forgotten about the screenshot?

A. Yes.

Q. You had taken it on April 20, 2016, right?

A. Yes.

Michael similarly did not offer up to the FBI that Schulte contacted him after the first Vault 7 publication (presumably in March) until it came up in June 2017.

Q. It was during this meeting that you told them about Mr. Schulte reaching out to you after the leaks had become public; correct? Do you remember that?

A. I remember telling them about him reaching out to me. I don’t remember if it was this specific meeting.

Q. Okay. Take a look at the highlighted portion on page one, okay?

A. Okay.

Q. You told the FBI, did you not, that Mr. Schulte had sounded upset to you that people thought it was he who had done the leaks, correct?

A. Yes. I believe the word was he seemed concerned.

Q. Right. You would be concerned too if somebody accused you of something you didn’t do, correct?

A. Yes.

Q. And you also told them that you essentially blew him off, correct? You didn’t want to engage and talk to him, correct?

A. Yes, I ignored the initial text messages. And then in the phone call, I didn’t want to talk about that subject.

Q. Okay. And at first you didn’t report the fact that Mr. Schulte contacted you, correct?

A. Correct.

Q. And then somehow or the other, the deputy chief of EDG said if somebody’s contacted you, report it. And then you reported it, correct?

A. Correct.

The most likely explanation for CIA’s change in Michael’s personnel status, then (but not the timing), is that Michael did not alert security when he had the opportunity, and then when he discovered that his buddy was the lead suspect for a huge theft of CIA tools, he tried to downplay his knowledge, perhaps hoping to avoid suspicion himself (which, if true, backfired). As Michael said himself in one of his FBI interviews, it sucks when you’re the single guy the prime suspect for a crime has given credentials to his VM, by name.

Q. And then you kind of added that it kind of sucked that your name was on this VM, correct?

A. I don’t remember that.

Q. Take a look at the first paragraph, page two of eight. It sucks. I don’t mean to be rude, but that’s the word it says, “suck,” right?

A. Yes.

Q. That your name was on the virtual machine, correct?

A. Correct.

Q. And that you understood from the FBI that that put you under the microscope, correct?

A. Correct.

So, again, the most likely implication of all this is just that the CIA believes Michael had information about a data breach in real time that he offered unconvincing (and, possibly, technically false) explanations for why he didn’t alert anyone.

But, particularly given the delay in putting him on administrative leave, I wonder whether there’s not something more.

DOJ and CIA clearly suspect Michael is being less than forthcoming about what he witnessed in real time. That doesn’t undermine his value as a witness to having taken the screen shot, but it does raise questions about his trustworthiness to retain clearance at CIA. It does undermine his claims to the FBI, which Shroff portrayed as largely unique among CIA witnesses, that Schulte wasn’t the culprit (which he hasn’t yet explained in the presence of the jury).

That may, however, raise questions about his candor on other answers asked by the FBI, answers that may speak to how Schulte came to steal CIA’s hacking tools in the first place or even whether Michael knew more about it than he knows.

For example, the FBI asked Michael repeatedly about Schulte’s League of Legends habit.

Q. He played a lot of League of Legends or something?

A. Yes.

Q. Some kind of game?

A. Yes, it’s a video game.

Q. A lot of men, people play it; is that right?

A. It has a large user base.

Q. It is some kind of online game where you pretend to have avatars and kill each other online or something like that? Is that right, basically?

A. Yes.

Q. And you played that game, did you not, with Mr. Schulte? A. Yes.

In recent years the government has come to regard gaming communications systems as a means to communicate covertly (which Schulte would have known because his hacking tools targeted terrorists).

They also asked Michael whether Schulte was a “vigilante hacker” by night, and about his Tor usage (which, according to Michael, Schulte didn’t hide).

Q. You remember the FBI asking you if Mr. Schulte was a vigilante hacker by night? Do you remember that phrase they used?

A. I think I do actually, yes.

Q. You told them, no, you didn’t know him to be a vigilante hacker at night?

A. Correct.

Q. You in fact did not know him to be a vigilante hacker at night.

A. Correct. I did not know him to be a vigilante hacker.

This question is particularly relevant given Schulte’s claim, in communicating with a journalist from jail, that he had been involved with Anonymous.

The FBI asked Michael how he came to buy two hard drives for Schulte from Amazon, the same place Schulte bought a SATA adapter they think he used in the theft.

A. I only ever bought him hard drives this one time. But the reason, like, I wouldn’t normally just buy him hard drives, I would have told him to buy it himself. But the reason was there was some deal going on, and so he’s like, if I buy it and then you buy it, we all get the deal and I’ll just pay you back.

Q. Right. It’s normal, right?

A. Yeah.

Q. Yeah. Amazon had a cap on the sale, like everyone could only get two, and he wanted four or something like that?

A. Yes, it was something along those lines.

Of the hard drives the FBI seized from Schulte’s home in March 2017 (PDF 116), the ones he owned the most copies of — the 1TB Western Digital drives — are the ones they suspect were used in the theft because they were overwritten.

The FBI asked about a time when Michael worked over a weekend, when Schulte also happened to be working. Michael first explained he had been working on his performance review, but when he subsequently checked his records, discovered that couldn’t be right. Even though he recognized how unusual it was for him to be working the same weekend as Schulte without knowing Schulte was there, he concluded (like he had about the deleted log files) that it was normal.

Q. They asked you about that weekend because Mr. Schulte also happened to be working that weekend?

A. They mentioned that, yes.

Q. Did you think it was odd that Mr. Schulte was working that weekend or did the FBI think it was odd that Mr. Schulte was working that weekend or both?

A. At first I thought it was odd.

Q. Okay.

A. Just because —

Q. Go ahead.

A. Just because, you know, although it was normal to come in on the weekend, it was less common — rare, I would say, to come in on the weekend. One of us probably would have told each other, you know, we were going to come in on the weekend. But then I looked at my situation, I was like, well, I didn’t tell him I was coming in, so I guess this is normal.

The government may still be trying to figure out precisely when Schulte removed the files on hard drives from CIA — they also asked Michael about that repeatedly — which is why these questions are so important. Among the reasons CIA put him on leave, per the government response, is that he and Schulte left together that night; if Schulte had carried out hard drives that night Michael may have seen them.

The FBI asked about Michael’s role — apparently unplanned — in helping Schulte move to New York.

Q. Then they talked to you about your involvement in helping him move from Virginia to New York, correct?

A. Yes.

Q. They asked you a whole series of questions as to how you came about to help him move, correct?

A. Yes.

Q. And they asked you why you helped him move, correct?

A. I don’t remember specific questions, but I do remember questions about helping him move.

Q. And you explained to them that it was like a coincidence, right? You’d already planned a trip with another friend, he was moving at the same time, he needed help loading up luggage and moving stuff, correct?

A. Yes.

Q. It was not preplanned, right? It just happened, right?

A. Yeah.

Q. You told them that you had already planned to do this with another friend, right?

A. Yes.

Q. And then they asked you about that friend, correct? They asked you what the name of the friend was, correct?

A. Yes.

Q. Then they asked you for your friend’s number, correct?

A. I don’t remember specifically what information they asked for.

The FBI also asked Michael about the stuff he left with him when he moved to New York, which Michael explained was just furniture, though a lot of it.

Q. We’ll come back to that if we need to. Let’s move to the next point. They then asked you if Mr. Schulte had left any stuff with you, correct?

A. Yes.

Q. You told them that he had, correct?

A. Yes.

Q. It was normal, everyday stuff he left with you, correct?

A. I wouldn’t say it’s normal. It was a lot of furniture. So I don’t think that’s normal.

Again, it may well be that, two years after the FBI would have had real questions about Michael’s candor, the CIA concluded they had to reconsider his employment because he could have prevented the theft but did not.

But I wonder whether, by the time DOJ posed these questions anew in August 2019 (which, if I’ve got his interview dates correct, was the only interview he had after the time that Schulte had been formally charged with the theft), their doubts about his other answers had taken on greater significance.

Update: Clarified that the “pseudo” credentials in the transcript are a reference to “sudo” root access.

Update: In a letter opposing any order to share the CIA’s determination to put Michael on paid leave, the government explains the basis for it:

  • Adverse polygraph results
  • His relationship with Schulte
  • His close proximity to the theft of the data and (what appears to be) reason to believe he witnessed more anomalies at the time Schulte was stealing it
  • “Recent inquiries” suggesting Michael may still be hiding information about the theft
  • His “unwillingness to cooperate with a CIA security investigation into his physical altercation with the defendant”

That is, the speculation above seems to be born out. The three questions that leaves are”

  • Why did they put him on leave rather than fire him?
  • Which of the questions above do they think he was not truthful about?
  • Why did they wait until August 2019 to put him on leave?

Joshua Schulte’s Human Graymail Campaign Targets Mike Pompeo

“Graymail” is a term used to describe when a defendant attempts to make a prosecution involving classified information too difficult for the government to pursue by demanding reams of classified evidence that the government either has to water down to make admissible at trial or argue is not helpful to the defense.

As an example, Scooter Libby employed a defense that he didn’t lie to the grand jury about his efforts to expose Valerie Plame, but rather forgot about those efforts, because he was so distracted by everything scary he reviewed in daily Presidential Daily Briefs. He forced the government to substitute a great deal of information from PDBs and almost upended the trial as a result.

It has been clear for some time that accused Vault 7 leaker Joshua Schulte was employing such a strategy, but with a twist. He obviously has been trying to release as much classified information from the CIA as possible, both through legitimate means and via leaking it. But starting last fall, there was a dispute about how Schulte could serve trial subpoenas on CIA witnesses and whether he had to work through prosecutors to do so; Schulte argued the government was trying to learn his defensive strategy by vetting his subpoenas.

The dispute just surfaced again in the form of a government motion in limine to exclude 3 CIA witnesses and require Schulte to provide justifications for a slew of other CIA witnesses he has subpoenaed. At least 63 CIA witnesses have informed the CIA that he has subpoenaed them, and that’s just the ones who have informed the agency.

The Government understands that the defendant has served at least 69 current or former CIA employees with subpoenas in this case. This includes subpoenas for 23 individuals identified in a preliminary witness list the Government provided to the defense as a courtesy on August 16, 2019, which the Court authorized in an Order dated November 26, 2019 (Dkt. 200), and at least 46 additional subpoenas since then. That number reflects those recipients who have informed the CIA’s Office of General Counsel of the latest subpoenas, as required by CIA regulations.1

1 The Government does not know the precise number of subpoenas that the defendant has issued because the Government is only aware of the subpoenas issued to individuals who have reported receiving them to the CIA’s Office of General Counsel.

With respect to this slew of witnesses, the government asks just that Schulte be required to show that they have firsthand knowledge that is relevant to the trial that would not be cumulative.

But with respect to three, the government offers specific objections. The government’s objections to two — a covert field officer and the Center for Cyber Intelligence’s Chief Counsel — seem utterly reasonable. But the government’s objection to a third — Mike Pompeo, who was CIA Director when WikiLeaks published the leaks — is more dubious.

To the extent it’s discernible given redactions in the government’s motion, here are the objections to those three witnesses.

Lisa: Schulte has subpoenaed a woman pseudonymed “Lisa,” a “high up” customer of CIA’s hacking tools. Schulte argues that because CIA officers did not “warn” her about Schulte, it’s proof of his innocence. The government argues that Schulte is trying to call “Lisa” to testify in part to admit into evidence statements that he made to her, which would be hearsay designed to avoid taking the stand himself.

Erin: Schulte wants to call the Chief Counsel of CCI to testify about things she said in an FBI interview about other potential leads to find the culprit behind the theft. Apparently, she raised an off-site event that took place between March 8-10, 2016 that might play a role. According to the original theory of the case, Schulte used an opportunity when everyone else was gone from the office, possibly during that event, to steal these files. But, as the government points out, Schulte didn’t ask “Jeremy Weber” anything about this event when he was on the stand, even though Weber attended it personally. They note Schulte instead wants to ask someone who wasn’t there — Erin — about it. Plus, as the government notes, Erin is the counsel for the victim of this crime, and as such is protected by attorney-client privilege.

Mike Pompeo: Finally, Schulte wants to call Mike Pompeo. The government wants to exclude Pompeo because, during the period when he was a CIA employee as its Director, he had no direct knowledge of the theft.

While Sec. Pompeo was undoubtedly kept informed about the consequences of the defendant’s crimes and the CIA’s response to secure its systems going forward, he–like virtually all similarly situated high-ranking government officials–received that information through briefings and summaries provided by others, which is quintessential inadmissible hearsay, rather than first-hand knowledge of the facts.

Except that’s probably not why Schulte wants to call him. In fact, I predicted Schulte would call Pompeo back in November.

Notably, the government motion invokes the Senate’s recognition that WikiLeaks resembles “a non-state hostile intelligence service.” That may well backfire in spectacular fashion. That statement didn’t come until over a year after Schulte is alleged to have stolen the files. And the statement was a follow-up to Mike Pompeo’s similar claim, which was a direct response to Schulte’s leak. If I were Schulte, I’d be preparing a subpoena to call Pompeo to testify about why, after the date when Schulte allegedly stole the CIA files, on July 24, 2016, he was still hailing the purported value of WikiLeaks’ releases.

Because of the way the government has argued that Schulte’s choice to leak to WikiLeaks is proof he intended to harm the US, it makes then House Intelligence Chair Mike Pompeo’s celebration of WikiLeaks’ publication of the stolen DNC emails — a celebration that took place months after Schulte is alleged to have sent the emails to WikiLeaks — a pertinent issue.

Given what the government has argued, Pompeo might be required to take the stand and admit that he was just being an asshole who was happy to damage the US if it meant his party would benefit when he celebrated the WikiLeaks publication of stolen DNC emails in July 2016. Of course, that’s the last thing he wants to do — and if he did, his boss, who got elected by cheering such damage, might well fire him. Pompeo’s view of WikiLeaks in July 2016 is all the more relevant given that the government appears to be planning to make … something of the Schulte’s response to these very same leaks.

Schulte is clearly engaged in human graymail with this larger request, and I expect Judge Paul Crotty will agree to the government’s demand that Schulte show some particularized value to each of these CIA witnesses.

But given their efforts to treat WikiLeaks as a particularly damaging kind of leak recipient, I think Schulte may be able to make a compelling argument that Pompeo should have to explain his past enthusiasm for WikiLeaks’ publications.

Joshua Schulte’s Hot and Cold Snowden Views

I’ve been tracking the government’s claims that the Vault 7 leaks “relate” to earlier WikiLeaks leaks — including Chelsea Manning’s and Anonymous‘ — Edward Snowden, and Shadow Brokers.

With respect to Snowden, specifically, in a warrant application submitted in 2017 (PDF 150) the government cited Schulte’s search for a specific Snowden tweet on August 4, 2016, just as he started searching for WikiLeaks information.

In a November filing laying out their theory of the crime, the government cited his searches on WikiLeaks and “related” topics in that same time period.

Around this time, Schulte also began regularly to search for information about WikiLeaks. In the approximately six years leading to August 2016, Schulte had conducted one Google search for WikiLeaks. Beginning on or about August 4, 2016 (approximately three months after he stole the Classified Information), Schulte conducted numerous Google searches for WikiLeaks and related terms and visited hundreds of pages that appear to have resulted from those searches. For example, in addition to searching for information about WikiLeaks and Julian Assange, its primary leader, Schulte also conducted searches using the search terms “narcissist snowden,” “wikileaks code,” “wikileaks 2017,” “shadow brokers,” and “shadow broker’s auction bitcoin.” “Snowden” was presumably a reference to Edward Snowden, the former NSA contractor who disclosed information about a purported NSA surveillance program, and “Shadow Brokers” was a reference to a group of hackers who disclosed online computer code that they purportedly obtained from the NSA, beginning in or about August 2016. Indeed, in contrast to the period before August 4, 2016, between that date and March 2017 (when the first of the Leaks occurred), Schulte conducted searches for Wikileaks and related information on at least 30 separate days.

Many of these searches, particularly the Snowden ones, could have been innocuous.

When Schulte’s lawyers tried to complain that Paul Rosenzweig’s inclusion of Manning, Anonymous, and Snowden in his expert testimony on WikiLeaks falsely assumed that Schulte knew of those earlier leaks, the government revealed that in contemporaneous chats, Schulte had commented on both Manning and Snowden.

Moreover, even setting aside the dubious assertion that a member of the U.S. intelligence community could have been completely unaware of WikiLeaks’ serial disclosures of classified and sensitive information and the resulting harm, the Government’s proof at trial will include evidence that the defendant himself was well aware of WikiLeaks’ actions and the harms it caused. For example, WikiLeaks began to disclose classified information Manning provided to the organization beginning in or about April 2010, including purported information about the United States’ activities in Afghanistan. In electronic chats stored on the defendant’s server, the defendant discussed these disclosures. For example, on August 10, 2010, the defendant wrote in a chat “you didn’t read the wikileaks documents did you?” and, after that “al qaeda still has a lot of control in Afghanistan.” In addition, on October 18, 2010, the defendant had another exchange in which he discussed Manning’s disclosures, including the fact that the information provided was classified, came from U.S. military holdings, and that (according to the defendant) it was easy for Manning to steal the classified information and provide it to WikiLeaks. Similarly, in a June 9, 2013 exchange, the defendant compared Manning to Edward Snowden, the contractor who leaked classified information from the National Security Agency, and stated, in substance and in part, that Snowden, unlike Manning, “didnt endanger in [sic] people.”

As I noted, that exchange the very day Snowden came forward might suggest Schulte had a much less critical view of Snowden’s leak than Manning’s.

But that’s not what he told his former CIA colleague, who testified this week under the pseudonym Jeremy Weber. To Weber, Schulte condemned Snowden’s behavior in the strongest terms, arguing Snowden was a traitor who should be executed.

A. I don’t believe so, no.

Q. You don’t remember him ever discussing leakers with you?

A. I, I do remember talking about leakers.

Q. Okay. What do you recall?

A. There was discussion around Snowden.

Q. Okay. And?

A. Schulte felt that Snowden was a — had betrayed his country.

Q. That doesn’t, you know, he seems to have strong opinions on everything. You sure he didn’t say more?

A. He probably would have call him a traitor. Said he should be executed for sure. I don’t remember specific verbiage, but he did express his typical strong opinions.

Q. Right. Then he had those same opinions about Chelsea Manning, correct?

A. Possibly. I don’t remember conversations about Chelsea Manning.

Q. And when he was talking about Snowden, it was clear to you that he strongly believed in the mission of the CIA, correct?

A. Yes.

Q. And he strongly believed that you should do nothing against America, correct?

A. Yes.

Q. And he thought Snowden should be executed, correct?

A. I believe I recall specifically him saying that.

Remarkably, Schulte’s lawyer Sabrina Shroff didn’t seem to expect this answer, even though she made much of the prior interviews Weber had had with what she called prosecutors, but which instead probably reflects having gotten 16 302s for Weber, many of them probably interviews with just FBI agents conducting early interviews as part of the investigation.

Q. You met with each one of these prosecutors, correct?

A. I don’t know if I talked to all of them, but, yes.

Q. You’ve talked to them somewhere between 11 and 15 times?

A. I have no idea what the number was.

Q. March 22, 2017, March 27, April 5, May 8th, May 22, June 1st, August 31. This was all in 2017.

A. Okay.

Q. Do you have any idea how many hours you spent with them in 2017?

A. No, I don’t.

Q. 2018, you met with them on January 12, June 1st, June 11, August 6, November 12, December 12, Any idea how many hours you spent with them?

MR. LAROCHE: Objection.

A. No.

THE COURT: Overruled.

Q. Then you met with them in January. Correct?

A. Yes.

Q. January 14, January 21, and January 29. Correct?

A. Possibly, yes.

Still, if Shroff has 16 302s from Weber and she didn’t know how he would answer this question, whether he and Schulte had ever spoken about Snowden’s leaks, it suggests the FBI and prosecutors never thought to ask someone who had worked side by side with Schulte for 6 years, starting around the same time as the Manning leaks and continuing through the Snowden leaks. Which is pretty remarkable.

The government responded by getting Weber to read from Schulte’s prison notebook where he seemingly advocated for sending top secret documents to WikiLeaks.

Q. Can you please read what the defendant wrote here?

A. “This is a huge wake-up call to U.S. intelligence officers. The Constitution you fight to defend will be” —

MS. SHROFF: Denied.

A. — “denied to you if, God forbid, you are ever accused of a crime. If your government has no allegiance in you, why do you have any allegiance towards your government or associates provided info to the NYT.”

MR. LAROCHE: Can we go up to the next, to the top of this page, please.

Q. Again, is this the defendant’s handwriting?

A. Yes.

Q. Can you please read what the defendant wrote?

A. “Your service in” — defense, maybe, “in” — I don’t recognize that word — “security investigations and pristine criminal history can’t even get you bail. As Joshua Schulte has said, you are denied a presumption of innocence. Ironic, you do your country’s dirty work, but when you — when your country accuses you of a crime, you are arrested and presumed guilty. And” — I don’t — “and” something, “your service. Send all of your secrets here: WikiLeaks.”

The chats from 2013 are not yet in evidence, so the government simply relied on what they had already entered with Weber based off his familiarity with Schulte’s handwriting.

But Shroff will — and already has — argued that you can’t argue the views Schulte expressed after he had been in jail for months were the same ones that motivated his actions in 2016, when he allegedly stole all these files. Weber couldn’t place his conversations about Snowden in time, so his views could have also changed before he leaked the files. But the 2018 prison notebooks cannot be said to reflect Schulte’s views in 2016.

The government seems intent on using Snowden et al to prove a level of mens rea that’s more than they need to prove to get convictions on the Espionage Act charges — that Schulte intended to do harm rather than had reason to know, based off his understanding of classification and the import of those hacking tools, that it would do harm. The varying things Schulte has said about Snowden and others may or may not support that, at least for the Espionage charges tied to the 2016 leaks.

That said, if and when Schulte is sentenced for all this, the testimony that he once claimed to believe leakers like Snowden should be executed may not help him avoid a life sentence.

Calyx Institute has generously funded obtaining these Schulte trial transcripts. Please consider a tax deductible donation to support that effort.