Posts

A Tale of Two National Security Advisors

As you no doubt heard, in addition to suing John Bolton for breach of contract over his Trump book, the Trump Administration has also asked for a Temporary Restraining Order against Bolton, purportedly with the goal of getting him to do things that are no longer in his control. At one level, the legal actions seem designed to make Bolton’s book even more popular than it would otherwise be — while starving him of any royalties for the book. Judge Royce Lamberth, who has a history of pushing back against Executive abuse (including claims involving classification) has been assigned the case; he scheduled a hearing for tomorrow.

I agree with the bulk of the analysis that these legal efforts will fail, to the extent they’re really trying to prevent Bolton from releasing the book. I also agree with analysis about the uphill climb Bolton faces to avoid having his profits seized.

That said, I can’t help but notice the way the filings set Bolton up — possibly, even for prosecution (which LAT reports remains under consideration), but also for a remarkable comparison with Trump’s first National Security Advisor, Mike Flynn.

Legally, the filings do what they need to do to seize Bolton’s profits, and will probably succeed (meaning you can buy the book and your money will go to the US Treasury). But, as noted, they’re not written to actually win an injunction, most especially against Bolton’s publisher, Simon & Schuster.

The filings do something else, though. They tell how Bolton apparently shared drafts of his manuscript before it had been cleared, which in turn got shared with the press.

35. On January 26, 2020, the New York Times published an article describing information purportedly “included in drafts of a manuscript” that Defendant, apparently without any protections for classified national security information, had “circulated in recent weeks to close associates.” The article set forth information allegedly contained in “dozens of pages” of the manuscript. A true and correct copy of this article is attached hereto as Exhibit F.

36. On information and belief, the January 26, 2020 article led to a tremendous surge in publicity for the pre-sales of the book, including hundreds of news articles, discussion on major television networks, statements by members of Congress, and widespread circulation of the article’s content on social media.

37. On January 27, 2020, the Washington Post published a separate article describing content contained in The Room Where it Happened, relying on the statements of “two people familiar with the book,” indicating, on information and belief, that Defendant had disclosed a draft of the manuscript to others without receiving prior written authorization from the U.S. Government. A true and correct copy of this article is attached hereto as Exhibit G.

38. Thus, notwithstanding this admonition, in late January 2020, prominent news outlets reported that drafts of Defendant’s manuscript had been circulated to associates of Defendant. These articles included reports from individuals supposedly familiar with the book, which indicates, on information and belief, that Defendant had already violated his non-disclosure agreements while purporting to comply with the prepublication review process. See supra ¶¶ 27, 29; see also Exhs. E & F

They lay out evidence that Bolton specifically knew the dangers of disclosing classified information, most ironically with a citation of his complaints about Edward Snowden (who also had his profits seized).

Defendant knows well the threat posed by disclosing classified information that might benefit the Nation’s adversaries. See John Bolton, “Edward Snowden’s leaks are a grave threat to US national security,” The Guardian, https://www.theguardian.com/commentisfree/2013/jun/18/edwardsnowden-leaks-grave-threat (June 18, 2013). Congress does as well, as reflected in its decision to criminalize the unauthorized disclosure of classified information. See, e.g., 18 U.S.C. §§ 641, 793, 794, 798, 952, 1924.

They provide multiple declarations — from Mike Ellis, the Trump hack who has politicized classified information in the past, from National Counterintelligence Director Bill Evanina claiming this is the kind of information our adversaries look for, from Director of NSA Paul Nakasone talking about the specific vulnerability of SIGINT, and from Director of National Intelligence John Ratcliffe, whose name the TRO misspells and whose experience looks exceedingly thin compared to the others, along with classified declaration from Ellis. Even though the declarations were obviously carefully curated by Ellis, these are nevertheless the kinds of things courts usually bow to, when the government makes claims about classification. While neither we nor Bolton or his lawyer will get to review the actual claims being made, such declarations are usually sufficient to get the desired recourse.

Perhaps notably, the filings include a letter from John Eisenberg (whose shenanigans regarding the Ukraine call Bolton made more significant), written on June 11, at a time when the White House already knew Bolton was moving to publish, accusing Bolton of publishing this information for financial gain.

Fourth, your self-serving insinuations that the NSC review process has been directed at anything other than a good faith effort to protect national security information is offensive. Your client has taken classified information, including some that he himself classified, and sold it to the highest bidder in an attempt to make a personal profit from information that he held in trust as a public servant–and has done so without regard for the harm it would do to the national security of the United States.

Effectively, this package of filings does nothing to prevent the book from coming out. But it very carefully lays a record to meet the elements of an Espionage charge. Given this notice, the government would be in a position to point to the publication of the book (that Bolton couldn’t stop now if he wanted) and prove that Bolton had an obligation to keep these things secret, he knew the damage that not doing so could cause, and yet nevetheless published the information.

Whether they will prosecute or not is unclear. But these filings make it far easier to do so.

The White House is preparing to claim that John Bolton is akin to Edward Snowden, solely because he aired Trump’s dirt in a book.

This all comes at the same time as the government is making extraordinary efforts to prevent Mike Flynn from being punished for secretly working for a frenemy country while getting classified briefings, and calling up the country that just attacked us in 2016 and discussing how Russia and the Trump Administration had mutual interests in undermining Obama’s policies.

The same DOJ that is magnifying Bolton’s risk for an Espionage prosecution found nothing inappropriate in Flynn calling up the country that had just attacked the US and teaming with that hostile country against the current government of the United States.

Nor was anything said on the calls themselves to indicate an inappropriate relationship between Mr. Flynn and a foreign power. Indeed, Mr. Flynn’s request that Russia avoid “escalating” tensions in response to U.S. sanctions in an effort to mollify geopolitical tensions was consistent with him advocating for, not against, the interests of the United States. At bottom, the arms-length communications gave no indication that Mr. Flynn was being “directed and controlled by … the Russian federation,” much less in a manner that “threat[ened] … national security.” Ex. 1 at 2, Ex. 2 at 2.

Indeed, the Attorney General even claimed the call was “laudable,” even while lying that it didn’t conflict with Obama’s policies.

But it’s not just in the courts where DOJ is working hard to protect the guy who really did harm the US. In an effort to sow the propaganda case for Mike Flynn, the Trump Administration has been on a declassification spree, including — by Ratcliffe — the transcripts of some (but not all) of Flynn’s calls with Sergey Kislyak, something that has never been done before. Significantly, the claims that Nakasone and Ratcliffe make in their declarations in the Bolton case, especially with regards to disclosing SIGINT burns the collection going forward, were clearly violated when Ratcliffe declassified the transcripts.

To be honest, I won’t weep if Bolton is prosecuted. He would have had more legal protection had he testified during the impeachment inquiry, which would have done more good for the country. It would be an abuse, but such abuse has been directed against far more vulnerable and admirable people.

But the comparison of the claims Mike Ellis is making about Trump’s third National Security Advisor with the treatment given his first — the guy who actively sold out his country rather than did so with his inaction — only serves to emphasize how Trump subjects what traditionally gets called national security to loyalty.

The greatest “national security” sin a Trump Administration official can commit, this comparison shows, is disloyalty to Donald Trump.

Of over 40 Potential Unmaskings of Mike Flynn During the Transition, Just One Led to Criminal Charges

Chuck Grassley and Ron Johnson have just posted what they seem to think is a list of people who may have unmasked Mike Flynn’s identity in the transcripts of his conversations on December 29 and 31 with Sergey Kislyak.

As a threshold matter, what it actually shows, is that over 40 recipients of intelligence may have unmasked Mike Flynn’s identity in a finished NSA intelligence product between the 2016 election and inauguration. If they did, they did it by the book, with NSA approval per the accompanying letter from Paul Nakasone. And even if they unmasked Flynn’s identity, the person who did so may not have read it.

The implication is that one of these unmaskings was the one (or were the ones) that led to the discovery that Mike Flynn had secretly called up the Russian Ambassador and undermined US foreign policy, acting without specific orders from Trump (at least as the public record currently stands).

Mind you, almost all of them could not be. Only 8 of them post-date the calls between Flynn and Kislyak:

  • US Ambassador to the UN Samantha Power (1/11/17)
  • DNI James Clapper (1/7/2017)
  • Secretary of the Treasury Jacob Lew (1/12/17)
  • White House Chief of Staff Denis McDonough (1/5/17)
  • DDNI Michael Dempsey (1/7/17)
  • PDDNI Stephanie O’Sullivan (1/7/17)
  • CIA/CTMC 1/10/17
  • Vice President Joe Biden 1/12/17

And of those, only the McDonough unmasking corresponds even remotely to the time the IC discovered Flynn’s call, except we know FBI had already discovered it on January 4. Which is to say zero of these unmaskings could be the original one. A few people could be someone reading a transcript from the calls after the fact.

Except that some of these — such as the January 11 unmasking — are believed to relate to Mohammed bin Zayed’s secret trip to the US to meet Flynn and Steve Bannon and Jared Kushner, and so are of another intercept.

There’s probably a very good reason why the original unmasking doesn’t show up on this list, which reflects only NSA products and only finished intelligence reports. According to Jim Comey’s testimony, the FBI found the Kislyak-Flynn calls, not the NSA.

And so the last couple days of December and the first couple days of January, all the Intelligence Community was trying to figure out, so what is going on here? Why is this — why have the Russians reacted the way they did, which confused us? And so we were all tasked to find out, do you have anything [redacted] that might reflect on this? That turned up these calls at the end of December, beginning of January. And then I briefed it to the Director of National Intelligence, and Director Clapper asked me for copies [redacted], which I shared with him.

That’s consistent with Mary McCord’s testimony, which made it clear no one had to refer this transcript to the FBI, because it was the FBI’s.

Also on page 2 of her notes, McCord noted mention of a “referral,” and noted that ultimately no referral was required, as the FBI maintained the information and would not refer a matter to themselves.

Plus, Jim Comey says this never became a finished intelligence product, even while he admitted that the FBI unmasked his identity.

We did not disseminate this [redacted] in any finished intelligence, although our people judged was appropriate, for reasons that I hope are obvious, to have Mr. Flynn’s name unmasked. We kept this very close hold, and it was shared just as I described.

So if this transcript was an FBI intercept that never made it into a finalized intelligence product, then it wouldn’t show up in a list of finalized NSA products.

All of which is to say this list — which Politico is running with as if it’s the Holy Grail — most likely has nothing to do with Flynn’s conversations with Sergey Kislyak, and shows that the Deep State picked up Mike Flynn during the transition in a good deal of reporting, with reports that more than 40 people had a glimpse at. But only one recording launched an investigation.

There Were Two Dick-Waggings Directed at Iran This Week

By all appearances President Trump casually released highly classified information yesterday, as he has done repeatedly in the past.

Within hours of this tweet, CNBC confirmed that this image comes from one of Trump’s intelligence briefings, which led experts to assume Trump had been careless.

A U.S. defense official told CNBC that the picture in Trump’s tweet, which appeared to be a snapshot of a physical copy of the satellite image, was included in a Friday intelligence briefing.

[snip]

But the quality of the photograph quickly raised the eyebrows of national security experts, who say that images this clear are rarely made public.

“I’m not supposed to see stuff this good. He’s not supposed to share it. I’ve honestly never seen an image this sharp,” said Melissa Hanham, deputy director of the Open Nuclear Network and director of the Datayo Project at the One Earth Future Foundation.

Hanham suspected the shot was taken from a high-altitude aerial vehicle using tracking technology, such as an RC-135S Cobra Ball or a similar aircraft.

“This will have global repercussions,” said Joshua Pollack, a nuclear proliferation expert and editor of the Nonproliferation Review.

“The utter carelessness of it all,” Pollack said. “So reckless.”

Even before the NYT weighed in last night, I had my doubts whether this was reckless, or whether it was a calculated decision to dick-wag over the sabotage of a missile program the Iranians deny.

First, the tweet was almost certainly not written by Trump. It has no grammatical errors or typographical anomalies. It uses technical terms and consists of full sentences.

In other words, the tweet has none of the hallmarks of Trump’s reflexive tweeting. Someone helped him tweet this out.

Then there’s the fact that, earlier this week, the US dick-wagged about another successful operation against Iran, a cyberattack that took out the IRGC database that they were using to target western shipping.

The head of United States Cyber Command, Army Gen. Paul M. Nakasone, describes his strategy as “persistent engagement” against adversaries. Operatives for the United States and for various adversaries are carrying out constant low-level digital attacks, said the senior defense official. The American operations are calibrated to stay well below the threshold of war, the official added.

The strike on the Revolutionary Guards’ intelligence group diminished Iran’s ability to conduct covert attacks, said a senior official.

The United States government obtained intelligence that officials said showed that the Revolutionary Guards were behind the limpet mine attacks that disabled oil tankers in the Gulf in attacks in May and June, although other governments did not directly blame Iran. The military’s Central Command showed some of its evidence against Iran one day before the cyberstrike.

[snip]

The database targeted in the cyberattacks, according to the senior official, helped Tehran choose which tankers to target and where. No tankers have been targeted in significant covert attacks since the June 20 cyberoperation, although Tehran did seize a British tanker in retaliation for the detention of one of its own vessels.

Though the effects of the June 20 cyberoperation were always designed to be temporary, they have lasted longer than expected and Iran is still trying to repair critical communications systems and has not recovered the data lost in the attack, officials said.

Officials have not publicly outlined details of the operation. Air defense and missile systems were not targeted, the senior defense official said, calling media reports citing those targets inaccurate.

In the aftermath of the strike, some American officials have privately questioned its impact, saying they did not believe it was worth the cost. Iran probably learned critical information about the United States Cyber Command’s capabilities from it, one midlevel official said.

That story described the views of CyberCommand head General Nakasone, who did some dick-wagging in February over CyberCommand’s role in thwarting Russia’s efforts to tamper in the elections.

Whatever else Nakasone has done with his command, he seems to have made a conscious decision that taking credit for successful operations adds to its effectiveness. There certainly was some debate, both within the NYT story and in discussions of it, whether he’s right. But Nakasone is undoubtedly a professional who, when stories boasting of successful CyberCommand operations get released, has surely thought through the implications of it.

But as I said, last night NYT weighed in on the destroyed missile launch, with a story by long-standing scribes for the intelligence community, David Sanger and William Broad and — listed at the end in the actual story but given equal billing in Sanger’s tweet of it — Julian Barnes, the guy who broke Nakasone’s dick-wagging earlier in the week. It’s a funny story — as it was bound to be, given that virtually no one reported on the explosion itself and while this spends a line doing that, it’s really a story exploring what kind of denial this is.

Trump Denies U.S. Responsibility in Iranian Missile Base Explosion

[snip]

As pictures from commercial satellites of a rocket’s smoking remains began to circulate, President Trump denied Friday on Twitter that the United States was involved.

[snip]

Mr. Trump also included in his tweet a high-resolution image of the disaster, immediately raising questions about whether he had plucked a classified image from his morning intelligence briefing to troll the Iranians. The president seemed to resolve the question on Friday night on his way to Camp David when he told reporters, “We had a photo and I released it, which I have the absolute right to do.”

There is no denying that, even if it runs the risk of alerting adversaries to American abilities to spy from high over foreign territory. And there is precedent for doing so in more calculated scenarios: President John F. Kennedy declassified photographs of Soviet missile sites during the Cuban Missile Crisis in 1962, and President George W. Bush declassified pictures of Iraq in 2003 to support the faulty case that Saddam Hussein was producing nuclear and chemical weapons.

[snip]

Mr. Trump’s denial and the satellite image he released seemed meant to maximize Iran’s embarrassment over the episode.

[snip]

If the accident was linked to a covert action by the United States — one that Mr. Trump would have been required to authorize in a presidential “finding” — he and other American officials would be required by law to deny involvement.

The laws governing covert actions, which stretch back to the Truman administration, focus on obscuring who was responsible for the act, not covering up the action itself. Most American presidents have fulfilled that requirement by staying silent about such episodes, but Mr. Trump does not operate by ordinary rules — and may have decided that an outright denial was his best course. [my emphasis]

Not everyone agrees with the claim that Trump would be required by law to deny a covert operation. He’s the President. He can do what he wants with classified information.

That said, the story may be an attempt to use official scribes to reframe this disclosure to make it closer to the way the intelligence community likes to engage in plausible deniability, with a lot of wink wink and smirking. Amid all the discussion of deny deny deny, after all, the NYT points to several pieces of evidence that this explosion was part of a successful program to sabotage Iran’s missile capabilities.

Two previous attempts at launching satellites — on Jan. 15 and on Feb. 5 — failed. More than two-thirds of Iran’s satellite launches have failed over the past 11 years, a remarkably high number compared with the 5 percent failure rate worldwide.

[snip]

It was the third disaster to befall a rocket launching attempt this year at the Iranian space center, a desert complex east of Tehran named for the nation’s first supreme leader. The site specializes in rocket launchings meant put satellites into orbit.

Tehran announced its January rocket failure but said nothing the one in February that was picked up by American intelligence officials. It has also said nothing officially about Thursday’s blast. Like many closed societies, Iran tends to hide its failures and exaggerate its successes.

The NYT also helpfully links earlier stories on on Iran’s missile program, including one from February by Sanger and Broad that states as fact that the US has accelerated a program to sabotage Iran’s missile program.

The Trump White House has accelerated a secret American program to sabotage Iran’s missiles and rockets, according to current and former administration officials, who described it as part of an expanding campaign by the United States to undercut Tehran’s military and isolate its economy.

Officials said it was impossible to measure precisely the success of the classified program, which has never been publicly acknowledged. But in the past month alone, two Iranian attempts to launch satellites have failed within minutes.

Those two rocket failures — one that Iran announced on Jan. 15 and the other, an unacknowledged attempt, on Feb. 5 — were part of a pattern over the past 11 years. In that time, 67 percent of Iranian orbital launches have failed, an astonishingly high number compared to a 5 percent failure rate worldwide for similar space launches.

Every astute reader who read the earlier Sanger and Broad story would have assumed this explosion was part of the American operation they described. Trump’s tweet would not have changed the extent to which the US could plausibly deny its sabotage operation.

Which means, among all the coyness and winking, this is the most interesting line of the NYT story.

It was unclear if Mr. Trump was using the explosion and the lurking suspicions among Iranians that the United States was again deep inside their nuclear and missile programs to force a negotiation or to undermine one.

Not discussed, however, is the other risk to Trump’s tweet: it has effectively given Iran and our other adversaries a sense of what kind of imagery capabilities we’ve got. That’s what some of the proliferation experts are most troubled by, the possibility that by tweeting out the image, Trump will make it easier for others to evade our surveillance.

But that should be discussed in the same breath as the earlier dick-wagging. While Iran surely suspected the database strike was US work, the earlier NYT story confirms it.

Yes, it’s clear that Trump’s tweet yesterday was dick-wagging. But so was the earlier report on the database hack. So this could reflect a broader change in the US approach to deniability.

Dan Coats Still Refusing to Provide the Evidence that Russia Didn’t Affect the Election

Last month, I noted a troubling exchange between Martin Heinrich, Dan Coats, and Richard Burr in the Global Threats Hearing.

Martin Heinrich then asked Coats why ODNI had not shared the report on election tampering even with the Senate Intelligence Committee.

Heinrich: Director Coats, I want to come back to you for a moment. Your office issued a statement recently announcing that you had submitted the intelligence community’s report assessing the threats to the 2018 mid-term elections to the President and to appropriate Executive Agencies. Our committee has not seen this report. And despite committee requests following the election that the ODNI brief the committee on any identified threats, it took ODNI two months to get a simple oral briefing and no written assessment has yet been provided. Can you explain to me why we haven’t been kept more fully and currently informed about those Russian activities in the 2018–

Chairman Richard Burr interrupts to say that, in fact, he and Vice Chair Mark Warner have seen the report.

Burr: Before you respond, let me just acknowledge to the members that the Vice Chairman and I have both been briefed on the report and it’s my understanding that the report at some point will be available.

Coats then gives a lame excuse about the deadlines, 45 days, then 45 days.

Coats: The process that we’re going through are two 45 day periods, one for the IC to assess whether there was anything that resulted in a change of the vote or anything with machines, uh, what the influence efforts were and so forth. So we collected all of that, and the second 45 days — which we then provided to the Chairman and Vice Chairman. And the second 45 days is with DHS looking, and DOJ, looking at whether there’s information enough there to take — to determine what kind of response they might take. We’re waiting for that final information to come in.

After Coats dodges his question about sharing the report with the Committee, Heinrich then turns to Burr to figure out when they’re going to get the information. Burr at least hints that the Executive might try to withhold this report, but it hasn’t gotten to that yet.

Heinrich: So the rest of us can look forward — so the rest of us can then look forward to reading the report?

Coats: I think we will be informing the Chairman and the Vice Chairman of that, of their decisions.

Heinrich: That’s not what I asked. Will the rest of the Committee have access to that report, Mr. Chairman?

[pause]

Heinrich: Chairman Burr?

Burr; Well, let me say to members we’re sort of in unchartered ground. But I make the same commitment I always do, that anything that the Vice Chairman and myself are exposed to, we’ll make every request to open the aperture so that all members will be able to read I think it’s vitally important, especially on this one, we’re not to a point where we’ve been denied or we’re not to a point that negotiations need to start. So it’s my hope that, once the final 45-day window is up that is a report that will be made available, probably to members only.

Coming as it did in a hearing where it became clear that Trump’s spooks are helpless in keeping Trump from pursuing policies that damage the country, this exchange got very little attention. But it should!

DOJ missed its 45 day plus 45 day deadline of reporting whether any election tampering had had an effect. But just by one day. The day after their deadline, the Big Dick Toilet Salesman Matt Whitaker and serial liar Kirstjen Nielsen gave Trump a report claiming that any tampering had not had any impact on the election.

Although the specific conclusions within the joint report must remain classified, the Departments have concluded there is no evidence to date that any identified activities of a foreign government or foreign agent had a material impact on the integrity or security of election infrastructure or political/campaign infrastructure used in the 2018 midterm elections for the United States Congress. This finding was informed by a report prepared by the Office of the Director of National Intelligence (ODNI) pursuant to the same Executive Order and is consistent with what was indicated by the U.S. government after the 2018 elections.

While the report remains classified, its findings will help drive future efforts to protect election and political/campaign infrastructure from foreign interference.

Then, today, CyberComm boasted that that they had helped deter Russia during the midterms.

Senators from both political parties on Thursday praised the military’s cyber force for helping secure last year’s midterm elections, with one suggesting it was largely due to U.S. Cyber Command that the Russians failed to affect the 2018 vote.

“Would it be fair to say that it is not a coincidence that this election went off without a hitch and the fact that you were actively involved in the protection of very important infrastructure?” Sen. Mike Rounds (R-S.D.) asked Gen. Paul Nakasone, the command’s leader, at a hearing of the Senate Armed Services Committee.

Military officials have said new authorities, approved over the last year, enabled CyberCom to be more aggressive — and effective — in what they privately say was an apparent success. Nakasone, who also heads the National Security Agency, stopped short of saying it was CyberCom that made the difference, telling Rounds that safeguarding the election was the agencies’ “number-one priority.”

But ODNI is still not providing SSCI — the people who are supposed to see such evidence — proof. Heinrich wrote Dan Coats a letter, signed by every member of SSCI,

Your office a statement in December that you had submitted the Intelligence Committee’s report assessing threats to the 2018 elections to the president and appropriate executive agencies. This month, the acting Attorney General and the Secretary of Homeland Security announced they had submitted their joint report evaluating the impact of any foreign interference on election infrastructure for the infrastructure of political organizations during the midterm elections.

While the agencies provided brief unclassified summaries of the reports’ findings, the Select Committee on Intelligence has not been provided either report. We request that you provide to all Committee Members and cleared staff both classified reports required by EO 13848 as soon as possible. Those reports are necessary for the Committee to meet its mission and charter to conduct vigorous oversight over the intelligence and intelligence-related activities of the United States Government.

They’re clearly hiding something. The question is whether it’s that Trump didn’t try to prevent tampering, or that some of the efforts — included the known effort to hack Claire McCaskill — actually did have an effect.