Posts

Scooter Libby, Whom Trump Pardoned, Serves as Precedent for the CIPA Challenge His Prosecution Presents

/61 Comments/in , /by

If and when former President Trump goes on trial, the Classified Information Procedures Act will govern what information gets submitted at trial and in what form. I wrote about CIPA in conjunction with the Igor Danchenko case here. Former National Security Division prosecutor David Aaron wrote about it the other day.

I’d like to give three examples of what documents that have gone through the CIPA process look like.

First, here’s one of the many CIA cables introduced at Jeffrey Sterling’s trial (here’s a larger set). Sterling was convicted of leaking details about a scheme to use a former Russian nuclear scientist to deal fake blueprints to Iran in an attempt to bollox their nuclear program. The cables would include substitutions for all the organizational details of how CIA works, as well as for the names of the Russian — Merlin — and all the covert CIA officers involved. Entire paragraphs that weren’t crucial to the meaning of the document were redacted.

This particular document was 15 years old when it was used at trial. Most if not all of the Sterling exhibits were classified Secret.

This exhibit includes the parts of Josh Schulte’s prison notebook introduced at trial. This was tied to the allegation that he was launching an Information War from jail, planning to leak further classified information to damage the CIA.

The government was able to substitute the name of a cybersecurity company that had IDed one of the CIA’s hacking tools, so as to avoid confirming that the tool referred to as Bartender in the WikiLeaks release was the malware discussed in the vendor report. But several other things were entirely redacted — such as details of the role that Schulte played at the CIA.

Some of these redactions cover other information — such as his privileged material or stuff that’s particularly inflammatory.

Schulte wrote these notes in 2018; they were first introduced for his 2020 trial, then again for his trial last year.

The case that may present the most analogous challenges to a trial against Trump is the Scooter Libby case, which — like the documents charged against Trump — involved a lot of classified communications to the White House. Here are the exhibits used in his 2nd Grand Jury appearance, at which he lied to cover up the orders Dick Cheney gave him.

Many of these are CIA documents from which the classification markings and entire sentenced were redacted. Like two of the exhibits charged against Trump, these have hand-written notes — sometimes Libby’s, sometimes Cheney’s — which were important to the case. One HUMINT report involving Joe Wilson redacted all the front-matter, including the classification marks (in this case, the notation of Wilson’s name was the important bit).

Even still, the vast majority of the documents introduced at trial were still just classified Secret, not Top Secret with compartments like most of the documents charged against Trump.

The exceptions were often Libby’s notes of Daily Briefings (including PDBs), which he used as part of a gray-mail campaign to try to make the case impossible to try. Though they didn’t have any classification marks (as is true of a document charged against Trump), they were treated as TS/SCI.

Here’s one example of from Libby’s own notes:

The vast majority of this had to be declassified because it was central to the defense Libby was mounting. Just the Foreign Leader and the US official were masked.

The Libby documents are similar to those charged against Trump in another way. These were just 4 years old when presented at trial. If Trump were to go to trial next year, the most recent documents, from 2020, would be four years old.

These cases are all in different circuits than Trump would be prosecuted in. Nevertheless, given the scant number of CIPA cases, it’s possible that the case of Josh Schulte — about whose case was one of the first times Trump shared classified information — and Scooter Libby, whom Trump pardoned, will serve as precedents for his prosecution.

The Known and Likely Content of Trump’s Search Warrant

/181 Comments/in , /by

Yesterday, Magistrate Judge Bruce Reinhart found that, “the Government has not met its burden of showing that the entire [Trump search warrant] affidavit should remain sealed.” He ordered DOJ to provide a sealed version of proposed redactions for the warrant affidavit for Trump’s search by August 25 at noon.

Two days after the search of Mar-a-Lago I did a post laying out the likely content of what’s in that search warrant (which pretty accurately predicted what we’ve seen since). Because a warrant affidavit is one of the best ways to show how DOJ and the FBI think of the events of the last 18 months, I wanted to do a second version including all the things we have learned since.

For comparison, here are the warrants for Reality Winner and Josh Schulte, both of which were also, at least in part, warrants for a 793 investigation. Here are warrants to search Roger Stone and Oath Keeper Jeremy Brown’s houses, both Federal searches in Florida related to investigations conducted in DC (the search of Brown’s house even found allegedly classified documents, albeit only at the Secret level). Stone’s showed probable cause for a different part of the obstruction statute. Here’s the warrant Robert Mueller’s team used to get Michael Cohen’s Trump Organization emails from Microsoft.

Cover Sheet to Warrant Application

[link]

This cover sheet shows that DOJ swore out the affidavit to Magistrate Judge Bruce Reinhart over WhatsApp, who signed it on August 5.

It describes applying for a warrant to search for evidence of crimes and for contraband (a reference to the illegally possessed Presidential records). It doesn’t permit the seizure of property used in the commission of a crime so, unsurprisingly, the FBI didn’t have authority to seize Mar-a-Lago.

The cover sheet describes the three crimes under investigation this way.

The Search Warrant

[link]

The search warrant notes the docket number 22-mj-8332 that the entire country has been watching for 10 days now.

The search warrant authorizes the FBI to conduct a search of 1100 S. Ocean Blvd., Palm Beach, FL.

It was signed by Reinhart, who was the Duty Magistrate, at 12:12PM on August 5.

The warrant gave the FBI two weeks, until August 19, to conduct the search and limited the search to daytime hours (defined as 6AM to 10PM, which Trumpsters often complain amounts to a pre-dawn raid).

Attachment A

[link]

Attachment A describes Mar-a-Lago as a “resort, club, and residence” with approximately 58 bedrooms and 33 bathrooms. The warrant permitted the FBI to search all parts of Mar-a-Lago accessible to Trump (whom they refer to as FPOTUS) and his staff, except those currently occupied (at the time of the search) by Members or guests. It mentioned the “45 Office” explicitly and storage rooms, but did not describe the storage room at the center of much reporting on the search.

Attachment B

[link]

Attachment B authorized the FBI to seize “documents and records constituting evidence, contraband, fruits of crime, or other items illegally possessed” in violation of 18 USC 793, 18 USC 2071, or 18 USC 1519.

This post describes the search protocol authorized in Attachment B, with nifty graphic.

Return

Search warrant forms have a return form (describing what was seized) included in them. But here, the FBI provided that list to Trump in the form of two receipts, one signed by a Supervisory Special Agent, and one signed by a Special Agent; I’ve dubbed the latter the “CLASS receipt,” because all the classified documents described are included on that one.

The receipt lists:

  • 27 boxes, one of which is described as leatherbound; 11 are described to contain documents marked classified
  • Executive grant of clemency for Roger Stone
  • Potential Presidential record
  • 2 binders of photos
  • Handwritten note
  • Other documents catalogued on the SSA receipt

See these two posts for more on the significance of the two different receipts.

Christina Bobb signed for both receipts at 6:19PM on August 8.

Affidavit

This would start with:

  • Several paragraphs describing the affiant’s background and training
  • An assertion that the affiant believed there was probable cause that the FBI would find evidence of violations of 18 USC 793, 18 USC 2071, and 18 USC 1519 at Mar-a-Lago.

Particularly given the novel legal issues implicating a search of the former President, I think there’s likely a section describing the statutes involved. It’s likely to include:

Note: If there’s a version of this statutory language, it may be among the things DOJ would acquiesce to releasing, particularly if it implied that Trump was under investigation for stealing nuclear documents. But they might be unwilling to do that if they’re not yet sure they’ve gotten all known nuclear documents back. 

Then there’d be a section describing who was involved (the Roger Stone warrant has such paragraphs). There will be a paragraph about Trump that looks like:

Donald J. Trump (Former President of the United States, FPOTUS) is a businessman who owns and resides at 1100 S. Ocean Blvd., Palm Beach, FL. From January 20, 2017 at 12:00PM until January 20, 2021 at 12:00PM, he was the President of the United States. He ceased exercising the constitutional authorities of the President at 12:00PM on January 20, 2021. On February 5, 2021, the current President of the United States, Joe Biden, discontinued classified briefings for FPOTUS.

In addition, there are likely descriptions of the National Archives and its statutory duties.

There may be descriptions of Patrick Philbin, Pat Cipollone, Mark Meadows (all of whom were involved in negotiations with NARA over retrieving the documents), anyone caught on surveillance video entering or exiting the storage closet, of Kash Patel and John Solomon (including past security concerns raised about both), and the Trump lawyers involved in the June meeting.

There may be a paragraph describing MAL in more depth. It might describe the SCIF used during Trump’s presidency and its apparent removal. It might describe the arrest and prosecution of Yujing Zhang, who breached MAL and might include other known foreign intelligence targeting of MAL. It might describe Trump’s refusal to use secure facilities at MAL, including a 2017 meeting with Shinzo Abe, though it would likely rely on public reports for this, not classified intelligence. It might describe the tunnels underneath and — and the public availability of historic diagrams of them. It might describe the known employees at MAL, including any foreign citizens. Finally, it might describe both the terms of membership and the ease with which others could access the golf club.

Timeline

The rest is probably a timeline of the investigation. The following known details are likely to appear.

On December 30, 2020, DOJ provided Trump a binder of material from the Russian investigation.

On January 8, 2021, Mike Ellis attempted to retain a compartmented NSA report for White House archives, initially refusing efforts to return it.

On January 14, 2021, the White House returned the compartmented NSA report to NSA.

On January 17, 2021, the FBI provided a list of continuing objections to Trump’s declassification of Crossfire Hurricane materials.

On January 19, 2021, via letter to Archivist of the United States David Ferriero, FPOTUS designated (among others) Pasquale (Pat) Cipollone and Patrick Philbin as his representatives with the NARA.

On January 19, 2021, FPOTUS wrote a letter authorizing the declassification of records pertaining to FBI’s investigation into Russian ties with FPOTUS’ campaign that had not yet been declassified. Patel later described the materials to include:

transcripts of intercepts made by the FBI of Trump aides, a declassified copy of the final FISA warrant approved by an intelligence court, and the tasking orders and debriefings of the two main confidential human sources, Christopher Steele and Stefan Halper, the bureau used to investigate whether Trump had colluded with Russia to steal the 2016 election.

Patel’s description appears to conflict with Trump’s order, which explicitly, “does not extend to materials that must be protected from disclosure pursuant to orders of the Foreign Intelligence Surveillance Court.”

On January 20, 2021, Meadows sent “The Attorney General” a memo, citing the January 19 order from FPOTUS, ordering “the Department must expeditiously conduct a Privacy Act review under the standards that the Department of Justice would normally apply, redact material appropriately, and release the remaining material with redactions applied.”

On January 20, 2021, FPOTUS ceased exercising the authorities of the President of the United States.

On January XX, records deemed to be the final production of Presidential Records arrived at NARA.

The affidavit would describe the inventorying process and then describe known documents that were not included.

  • Love letters from Kim Jong Un
  • Altered map of Hurricane Dorian

It would also include a description of evidence of document destruction, including any evidence those records pertained to a Congressional investigation, impeachment, or a criminal investigation.

Starting on May 6, 2021, NARA General Counsel Gary Stern communicated with Philbin regarding the missing records. [This will cite the date of each communication and quote anything that captures Trump’s refusal to return the documents.]

Having not secured identified records, starting in Fall 2021, Stern communicated with Trump attorney (probably Cipollone) to arrange turning over the records.

October 18, 2021: Trump sues to prevent the Archives from complying with January 6 Committee subpoena.

November 10, 2021: Judge Tanya Chutkan denies Trump’s motion for an injunction against NARA. (While it wouldn’t appear in the affidavit, in recent days Paul Sperry has claimed that Trump withheld documents to prevent NARA from turning them over to the January 6 Committee.)

On December XX, 2021, XX informed NARA certain missing records had been located.

December 9, 2021: DC Circuit upholds Judge Chutkan’s decision releasing Trump records to the January 6 Committee.

On January 17, 2022, NARA retrieved 15 boxes of Records from 1100 S. Ocean Blvd, Palm Beach, FL.

January 19, 2022: SCOTUS upholds Chutkan’s decision.

On January 31, 2022, NARA completed an initial inventory of the retrieved documents. It discovered over 100 documents with classification markings, comprising more than 700 pages. Some include the highest levels of classification, including Special Access Program (SAP) material.

On February xx (possibly February 8), 2022, NARA reported FPOTUS’ failures to comply with the Presidential Records Act to the Department of Justice and requested an investigation.

DOJ and FBI likely conducted interviews between February and May, which would be listed.

On April 11, 2022, Biden’s White House Counsel instructed NARA provide FBI access to the 15 boxes of materials returned from Mar-a-Lago.

On April 12, 2022, NARA instructed the Trump team of that decision, and informing him that the FBI would start to access the documents on April 18.

On April XX, Trump’s attorneys ask the White House counsel for more time before the review of the documents; Biden extends the date to April 29.

On May 5, 2022, Corcoran proposed reviewing the records at NARA.

On May 5, 2022, Kash Patel made public claims that the contents of materials returned to NARA had been declassified, describing that FPOTUS wanted to release,

information that Trump felt spoke to matters regarding everything from Russiagate to the Ukraine impeachment fiasco to major national security matters of great public importance — anything the president felt the American people had a right to know is in there and more.

FBI conducted early interviews during this period, likely including Philbin, Scott Gast, Derek Lyons, and Cipollone, and possibly Mark Meadows. Philbin and Cipollone would have described their own inspections of records, including their knowledge that identified missing records had been at MAL when they had conducted records searches.

FBI would include multiple interviews of people describing Trump saying the Presidential Records belonged to him.

On May 10, 2022, Acting Archivist informed Evan Corcoran the FBI would get access to the records on May 12.

On May 11, 2022, FBI subpoenaed Trump for documents remaining at Mar-a-Lago bearing classification marks.

On May 12, pursuant to a subpoena, FBI accessed the 15 boxes turned over in January.

From May 16-18, FBI conducted a preliminary review of. the documents and discovered:

  • 67 Confidential documents
  • 92 Secret documents
  • 25 Top Secret documents
  • Documents marked HCS, FISA, ORCON, NOFORN, and SI
  • Handwritten notes

On May XX, 2022, DOJ subpoenaed FPOTUS for any remaining documents bearing classification marks.

Surveillance video from this period, later obtained with a subpoena, showed people moving documents in and out of the storage room. The people and dates would be included.

On June 3, 2022, Jay Bratt and three investigators met with Evan Corcoran and Christina Bobb to collect the subpoenaed materials.

  • FPOTUS joined the meeting and acknowledged the effort to retrieve classified materials.
  • Bobb and Corcoran provided XX documents marked with classification marks.
  • One of the lawyers signed an attestation that all classified documents had been turned over.
  • Bratt informed Bobb and Corcoran all records covered by the Presidential and Federal Records Act were US government property.
  • Bratt informed Bobb and Corcoran about the regulations guiding storage of classified records.
  • Bratt and investigators inspect storage facility, find storage facility fails to meet required standards for storage.

On June 8, Bratt emailed Corcoran. He said, in part, that,

We ask that the room at Mar-a-Lago where the documents had been stored be secured and that all the boxes that were moved from the White House to Mar-a-Lago (along with any other items in that room) be preserved in that room in their current condition until further notice

It’s likely either at the meeting on June 3 or in the email, Bratt also informed Corcoran that the storage closet did not comply with CFR guidelines.

On June 9, Corcoran wrote saying only, “I write to acknowledge receipt of this letter.”

On June 19, FPOTUS sent a letter to NARA designating Patel and Solomon as representatives to access “Presidential records of my administration.”

NARA, possibly Gary Stern, likely informed DOJ of the designation of Patel and Solomon and (probably) Trump’s reference to “Presidential records,” generally, not records at NARA.

On June 22, DOJ subpoenaed surveillance video of the storage closet for a 60-day period. Analysis of the video showed uncleared people entering in and out of the storage closet.

DOJ likely had follow-up interviews after the Bratt meeting and the surveillance video return, in part to identify who had access to the storage closet and to identify documents believed to remain outstanding.

The affidavit would include a description of known documents that remain extant, including documents that were altered or mutilated (perhaps transcripts of Trump’s meetings with Russia) and known classified documents, including those pertaining to nuclear weapons. 

Finally, the affidavit would include a conclusion stating that all this amounts to probable cause that Trump was in possession of documents that were covered by the PRA, some subset of which were believed to be classified and some other subset of which had either been hidden or damaged in an effort to obstruct either this or other investigations.

emptywheel Trump Espionage coverage

Trump’s Timid (Non-Legal) Complaints about Attorney-Client Privilege

18 USC 793e in the Time of Shadow Brokers and Donald Trump

[from Rayne] Other Possible Classified Materials in Trump’s Safe

Trump’s Stolen Documents

John Solomon and Kash Patel May Be Implicated in the FBI’s Trump-Related Espionage Act Investigation

[from Peterr] Merrick Garland Preaches to an Overseas Audience

Three Ways Merrick Garland and DOJ Spoke of Trump as if He Might Be Indicted

The Legal and Political Significance of Nuclear Document[s] Trump Is Suspected to Have Stolen

Merrick Garland Calls Trump’s Bluff

Trump Keeps Using the Word “Cooperate.” I Do Not Think That Word Means What Trump Wants the Press To Think It Means

[from Rayne] Expected Response is Expected: Trump and Right-Wing DARVO

DOJ’s June Mar-a-Lago Trip Helps Prove 18 USC 793e

The Likely Content of a Trump Search Affidavit

All Republican Gang of Eight Members Condone Large-Scale Theft of Classified Information, Press Yawns

Some Likely Exacerbating Factors that Would Contribute to a Trump Search

FBI Executes a Search Warrant at 1100 S Ocean Blvd, Palm Beach, FL 33480

The ABCs (and Provisions e, f, and g) of the Espionage Act

Trump’s Latest Tirade Proves Any Temporary Restraining Order May Come Too Late

How Trump’s Search Worked, with Nifty Graphic

Pat Philbin Knows Why the Bodies Are Buried

Rule of Law: DOJ Obtained Trump’s Privilege-Waived Documents in May

The French President May Be Contained Inside the Roger Stone Clemency

Which of the Many Investigations Trump Has Obstructed Is DOJ Investigating?

The Known and Likely Content of Trump’s Search Warrant

DOJ’s June Mar-a-Lago Trip Helps Prove 18 USC 793e

/135 Comments/in /by

Everyone is squabbling over whether DOJ should release more information on the search of Mar-a-Lago, with entirely reasonable people saying they want DOJ to have to defend taking documents the government owns so we can learn more about what went down.

But we may get more clarity more easily than that. That’s because, if DOJ has any intention of actually charging Donald Trump for stealing classified information, then obtaining specific documents he stole may be one of the last things they need to do before charging him.

As I noted here and here, one of the statutes that’s likely on the table for the Former President is 18 USC 793(e), basically taking national defense information you’re not authorized to have and refusing to give it back.

Whoever having unauthorized possession of, access to, or control over any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note relating to the national defense, or information relating to the national defense which information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;

Regular readers of this site are familiar with this statute because I’ve covered tons of cases charging it: Reality Winner and Hal Martin and Joshua Schulte, among others.

But I went back and found some pattern jury instructions for the unlawful retention charge, and because of that meeting in June, DOJ has most of what they’d need to charge the Former President.

Here’s what jurors would be asked to decide:

Did the defendant, without authorization, have possession of, access to, or control over a document that was National Defense Information?

Yes. The Archives spent a year telling him he was not authorized to have it under the Presidential Records Act.

Did the document in question relate to the national defense?

We don’t know what the documents in question are, but given WaPo’s description in February, then absolutely.

Bonus fact: The jury decides if something was NDI, not the former Original Classification Authority (the fancy term for, “the President gets to decide whether something is classified or not”). So if the agency whose document Trump stole is still trying to protect it from hostile powers, if that agency still believes it is classified, if it remains secret, then a jury is likely to find that it’s NDI.

Did the defendant have reason to believe the information could be used to the injury of the United States or to the advantage of any foreign nation?

Trump is such a psychopath that the answer to this might normally be in question. After all, he routinely treated top secret intelligence like it was toilet paper or party favors for visiting Russians.

Except DOJ went to Trump’s residence in June and told him this information could harm the US. Then they wrote him a letter, saying that it could harm the US and could he please put a padlock on the basement room that had, up until that point, been accessible to all the suspected foreign assets who’ve paid the price of admission to Mar-a-Lago.

Did the defendant retain the above material and fail to deliver it to the officer or employee of the United States entitled to receive it?

Yes! The Archives asked and asked and asked. And then DOJ went to his home and asked again!

Did he keep this document willfully?

Yup. Again, DOJ asked and asked and asked. Trump exhibited awareness the Archives were asking. He stopped in to say “hi!” when Jay Bratt, the head of DOJ’s espionage section, came to visit. And he still hoarded the document.

This may be why Trump claims that nothing was in the hotel safe in his bridal suite, by the way. Keeping these documents at Mar-a-Lago was willful by itself. But keeping such documents in his safe would be proof that he, personally, was hoarding it.

If the FBI really did scoop up highly sensitive documents when they were at Mar-a-Lago the other day, then there may be relatively few steps left to charging him — aside from cataloging the 12 new boxes of stolen documents. DOJ may only need permission from the agencies that own these documents to make the declassifications required to prosecute it.

By going to Mar-a-Lago and asking for these documents in person on June 3, DOJ made it very easy to prove that Trump had been asked, but refused, to give any classified documents found in Trump’s possession on Monday back.

Update: Here’s an indictment from the 793 case that’s most similar to the evidence that may be present with Trump. Hal Martin kept taking highly classified documents home from CIA and NSA, just like Trump took documents home. In Martin’s case, they charged him for 20 documents out of the great swath of documents he stole. He ultimately pled guilty. With good behavior he might get released next April.

Snowden

Insurance File: Glenn Greenwald’s Anger Is of More Use to Vladimir Putin than Edward Snowden’s Freedom

/105 Comments/in , , , , /by

Glenn Greenwald risks making his own anger more valuable to Vladimir Putin than Edward Snowden’s freedom.

When WikiLeaks helped Snowden flee Hong Kong eight years ago, both WikiLeaks and Snowden had the explicit goal of using Snowden’s successful flight from prosecution to entice more leakers.

In his book, Snowden described that Sarah Harrison and Julian Assange’s goal in helping him flee Hong Kong was to provide a counterexample to the draconian sentence of Chelsea Manning.

People have long ascribed selfish motives to Assange’s desire to give me aid, but I believe he was genuinely invested in one thing above all—helping me evade capture. That doing so involved tweaking the US government was just a bonus for him, an ancillary benefit, not the goal. It’s true that Assange can be self-interested and vain, moody, and even bullying—after a sharp disagreement just a month after our first, text-based conversation, I never communicated with him again—but he also sincerely conceives of himself as a fighter in a historic battle for the public’s right to know, a battle he will do anything to win. It’s for this reason that I regard it as too reductive to interpret his assistance as merely an instance of scheming or self-promotion. More important to him, I believe, was the opportunity to establish a counterexample to the case of the organization’s most famous source, US Army Private Chelsea Manning, whose thirty-five-year prison sentence was historically unprecedented and a monstrous deterrent to whistleblowers everywhere. Though I never was, and never would be, a source for Assange, my situation gave him a chance to right a wrong. There was nothing he could have done to save Manning, but he seemed, through Sarah, determined to do everything he could to save me. That said, I was initially wary of Sarah’s involvement. But Laura told me that she was serious, competent, and, most important, independent: one of the few at WikiLeaks who dared to openly disagree with Assange. Despite my caution, I was in a difficult position, and as Hemingway once wrote, the way to make people trustworthy is to trust them.

[snip]

It was only once we’d entered Chinese airspace that I realized I wouldn’t be able to get any rest until I asked Sarah this question explicitly: “Why are you helping me?”

She flattened out her voice, as if trying to tamp down her passions, and told me that she wanted me to have a better outcome. She never said better than what outcome or whose, and I could only take that answer as a sign of her discretion and respect.

It’s not just Snowden’s impression, though, that WikiLeaks intended to make an example of him. The superseding indictment against Assange cites several times when Assange invoked WikiLeaks’ role in Snowden’s successful escape to encourage others (including CIA Systems Administrators like Joshua Schulte, who had a ticket to Mexico when the FBI first interviewed him and seized his passports) to go do what Snowden did. British Judge Vanessa Baraitser even included one of those speeches in paragraphs distinguishing what Assange is accused of from legal journalism. And as early as 2017, public reporting said that WikiLeaks’ assistance to Snowden was what changed how DOJ understood WikiLeaks and why it began to consider prosecuting Assange. It wasn’t Trump that led DOJ to stop treating Assange as a journalist, it was Snowden.

According to Snowden’s own words, he shared WikiLeaks’ goal of setting an example to inspire others. In an email that Snowden must have sent Bart Gellman weeks before the exchange between him and Harrison above, Snowden described steps he took to give other leakers (this may be Gellman’s paraphrase), “hope for a happy ending.”

In the Saturday night email, Snowden spelled it out. He had chosen to risk his freedom, he wrote, but he was not resigned to life in prison or worse. He preferred to set an example for “an entire class of potential whistleblowers” who might follow his lead. Ordinary citizens would not take impossible risks. They had to have some hope for a happy ending.

To effect this, I intend to apply for asylum (preferably somewhere with strong internet and press freedoms, e.g. Iceland, though the strength of the reaction will determine how choosy I can be). Given how tightly the U.S. surveils diplomatic outposts (I should know, I used to work in our U.N. spying shop), I cannot risk this until you have already gone to press, as it would immediately tip our hand. It would also be futile without proof of my claims—they’d have me committed—and I have no desire to provide raw source material to a foreign government. Post publication, the source document and cryptographic signature will allow me to immediately substantiate both the truth of my claim and the danger I am in without having to give anything up. . . . Give me the bottom line: when do you expect to go to print?

Citizenfour also quotes Snowden describing how he hoped that proof that his “methods work[]” would encourage others to leak.

If all ends well, perhaps the demonstration that our methods worked will embolden more to come forward.

Snowden’s “methods” don’t work — they certainly haven’t for Daniel Hale, Reality Winner, or Joshua Schulte. But for each, Snowden played at least some role (there is ambiguity about how Schulte really felt about Snowden) in inspiring them to ruin their lives with magical thinking and inadequate operational security.

One of Snowden’s “methods” appears to entail quitting an existing job and then picking another at an Intelligence Community contractor with the intent of obtaining documents to leak. Snowden did this at Booz Allen Hamilton, and his book at least suggests the possibility he did that with his earlier job in Hawaii.

The government justified the draconian sentence that it had negotiated with Winner’s lawyers, in part, by claiming that she premeditated her leak.

Around the same time the defendant took a job with Pluribus requiring a security clearance in February 2017, she was expressing contempt for the United States, mocking compromises of our national security, and making preparations to leak intelligence information

Along with evidence Winner researched The Intercept’s SecureDrop before starting at her new job, the government supported this claim by pointing to three references Winner made to Snowden as or shortly after she started at Pluribus, including texts in which Winner told her sister she was on Assange and Snowden’s side the day the Vault 7 leak was revealed. That was still two months before she took the files she would send to The Intercept.

Had Hale gone to trial, the government would have shown that Hale discussed serving as a source for Jeremy Scahill by May 30, 2013, the day before he left NSA, and discussed Snowden — and hanging out with the journalists reporting on him — the day Snowden came forward on June 9. Then, on July 25, Hale sent Scahill a resume showing he was looking for counterterrorism or counterintelligence jobs. In December, Hale started the the job at Leidos where he would print out the files he sent to The Intercept.

You can think these leaks were valuable and ethical without thinking it a good idea to leave a months-long trail of evidence showing premeditation on unencrypted texts and social media.

Similarly, one of Snowden’s “methods” was to claim he had expressed concerns internally, but was ignored, a wannabe whistleblower stymied by America’s admittedly failed support for whistleblowers, especially those at contractors.

In the weeks before Snowden left NSA, he made a stink about some legal issues and NSA’s training programs (about how FISA Section 702 interacted with EO 12333) that he subsequently pointed to as his basis for claiming to be a whistleblower. The complaint was legit, and one NSA department actually did take notice, but it was not a formal complaint; indeed, it was more a complaint about US law. But his complaint had nothing to do with the vast majority of the documents that have been published based off his files, to say nothing of the far greater set of documents he took. And he made the complaint long after having prepared for months to steal vast amounts of files.

Similarly, Joshua Schulte wrote two emails documenting purported concerns about CIA security, one to a colleague less than a month before he left, which he didn’t send, and then, on his final day, one to CIA’s Inspector General that he falsely claimed was unclassified, a copy of which he was seen taking with him when he packed up. In the first search warrant for Schulte’s house obtained on March 13, 2017, less than a week after the initial Vault 7 release, the FBI had already found those emails and deemed Schulte’s treatment of them as suspect. And when they found a copy of the classified letter to the IG stashed in his headboard, it gave them cause to seize Schulte’s passports on threat of arrest. Snowden’s “methods” didn’t deliver Schulte a “happy ending;” they made Schulte’s apprehension easier.

To the extent Schulte could be shown to be following Snowden’s “methods” (again, that question was not resolved at his first trial) it would be a fairly damning indictment of those methods, since this effort to create a paper trail as a whistleblower was such an obvious attempt to retroactively invent cover for leaks for which there was abundant evidence Schulte’s motivation was spite and revenge. Maybe that’s why someone close to Assange explicitly asked me to stop covering Schulte’s case.

Had Daniel Hale gone to trial, the government undoubtedly would have used the exhibits showing that Hale had never made any whistleblower claims in any of the series of government jobs where he had clearance as a way to push back on his claim of being a whistleblower, though Hale was outspoken about his criticisms of the drone program before he took most of the files he shared with The Intercept. Indeed, given the success of Hale’s earlier anti-drone activism, his case raises real questions about whether leaking was more effective than Hale’s frank, overt witness to the problems of the drone program.

Worse still, Snowden’s boasts about his “methods” appear to have made prosecutions more likely. An early, mostly-sealed filing in Hale’s case, reveals that the government set out to investigate whether Hale was The Intercept’s source because they were trying to figure out whom Snowden had “inspired” to leak.

Specifically, the FBI repeatedly characterized its investigation in this case as an attempt to identify leakers who had been “inspired” by a specific individual – one whose activity was designed to criticize the government by shedding light on perceived illegalities on the part of the Intelligence Community.

That explains why the government required Hale to allocute to being the author of an essay in a collection of Hale’s leaked documents involving Snowden: by doing so, they obtained sworn proof that Hale is the person Snowden and Glenn Greenwald were discussing, while the two were sitting in Moscow, in the closing sequence of Citizenfour. In the scene, Glenn flamboyantly wrote for Snowden how this new leaker and The Intercept’s journalist were communicating, what appears to be J-A-B-B-E-R. That stunt for the camera would have tipped the government off, in cinema release just two months after they had raided Hale’s home, to look for and reconstruct Hale’s Jabber communications with Jeremy Scahill, which they partly succeeded in doing.

Rather than being means to a “happy ending,” then, prosecutors have found Snowden’s “methods” useful to pursuing increasingly draconian prosecutions of people inspired by him.

And now, after Snowden and Greenwald failed to persuade Trump to pardon Snowden, Assange — and in a secondary effort — The Intercept’s sources (perhaps, like Assange, they find the association with Schulte counterproductive, because they didn’t even try to get him pardoned, even though Trump himself almost bolloxed that prosecution), Snowden is left demanding pardons on Twitter for the people he set out to convince leaking could have a “happy ending.”

By associating these leaks with someone being protected by Russia so that — in Snowden’s own words — he could encourage more leaks, Snowden only puts a target on these people’s back, making a justifiable commutation of Winner’s sentence less likely (Winner is due to get out on November 23, two days before the most likely time for Joe Biden to even consider commuting her sentence).

I’m grateful for Snowden’s sacrifices to release the NSA files, but his efforts to lead others to believe that leaking would be easy was bound to, and has, ended badly.

If Vladimir Putin agreed to protect Snowden in hopes that he would inspire more leakers to release files that help Russia evade US spying (as Schulte’s leak did, at a time when the US was trying to understand the full scope of what Russia had done in 2016), the US prosecutorial focus on Snowden-related leakers undermines his value to Putin, probably by design. As that happens, Snowden might reach the moment that observers of his case have long been dreading, the moment when Putin’s utilitarian protection of Snowden will give way to some other equally utilitarian goal.

This is all happening as Putin adjusts to dealing with Joe Biden rather than someone he could manipulate by (at the very least) feeding his narcissism, Donald Trump. It is happening in the wake of new sanctions on Russia, in response to which Putin put US Ambassador John Sullivan on a plane to deliver some message, in person, to Biden. It is happening as Biden’s response to the Colonial Pipeline attack, in which ransomware criminals harbored by Putin shut down US critical infrastructure for fun and profit, includes noting that he and Putin will meet in person soon, followed by the unexplained disabling of the perpetrators in the wake of the attack.

Meanwhile, even as Snowden is of less and less use to Putin, Glenn Greenwald’s utility continues to grow. Snowden, for example, continues to speak out about topics inconvenient to Putin, like privacy. The presence in Russia of someone like Snowden with his own platform and international credibility may become increasingly risky for Putin given the success of protests around Alexei Navalny.

Greenwald, by contrast, seems to have dropped all interest in surveillance and has instead turned many of his grievances — even his complaint that former NSA lawyer Susan Hennessey will get a job in DOJ’s National Security Division, against whom one can make a strong case on privacy grounds — into a defense of Russia. Greenwald spends most of his time arguing that a caricature that he labels “liberals” and another caricature that he labels “the [American] Deep State,” followed closely by another caricature he calls “the  [non-right wing propaganda] Media,” are the most malignant forces in American life. In his rush to attack “liberals,” “the Deep State,” and “the Media,” Greenwald has coddled the political forces that Putin has found useful, including outright racists and other right wing extremists. By the end of the Trump presidency, Greenwald was excusing virtually everything Trump did, up to and including his attempted coup based on the utter denigration of democratic processes. In short, Greenwald has become a loud and important voice in support of the illiberalism Putin favors, to say nothing of Greenwald’s use of a rhetoric unbound by facts.

That Greenwald spends most of his days deliberately inciting Twitter mobs is just an added benefit, to those who want to weaken America, to Greenwald’s defense of fascists.

Most of us who used to know Greenwald attribute his Russian denialism and his apologies for Trump at least partly to his desire to free Snowden from exile. Yet Greenwald’s tantrums, because of their value to Putin, may have the opposite effect.

Stoking Greenwald’s irrational furor over what he calls “liberals” and “the Deep State” and “the Media” would actually be a huge incentive for Putin to deal Snowden to the US, in maximally symbolic fashion. There is nothing that could light up Greenwald’s fury like Putin bringing Snowden to a summit with Biden, wrapped up like a present, to send back on Air Force One. (That’s an exaggerated scenario, but you get my point.)

Plus, if Putin played it right, such a ceremonial delivery of Snowden might just achieve the completion of the Snowden operation, the public release of all of the files Snowden stole, not just those that one or another journalist found to have news value.

The Intelligence Community has, over the years, said a bunch of things about Snowden that were outright bullshit or, at least, for which they did not yet have evidence. But one true thing they’ve said is that Snowden took a great many files that had no imaginable privacy value. Even from a brief period working in the full archive aiming to answer three very discrete questions about FISA, I believe that to be true. While some (including Assange) pressured Snowden and others to release all these files, Snowden instead ensured that journalists would serve a vetting role, and after some initial fumbling, The Intercept did a laudable job of keeping those files safe. So up to now, the fact that Snowden took far more files than any privacy concern — even privacy concerns divorced from all question of nationality — could justify may not have mattered.

But as far as I know there are still full copies out there and Russia would love to spin up Glenn Greenwald’s fury so much he would attempt to burn down his caricature of “The Deep State” in retaliation — much like Schulte succeeded in badly damaging the CIA — by releasing his set.

I believe Russia has been trying to do this since at least 2016.

To be very clear, I’m not claiming that Greenwald is taking money from or is any way controlled by Russia. I am very much not claiming that, in part because it wouldn’t be necessary. Why pay Greenwald for what you can get him to do for free?

And while I assume Greenwald would respect Snowden’s stated wishes and protect the files, like Trump, Greenwald’s narcissism and resentment are very, very easy buttons to push. Greenwald has been heading in this direction without pushing. It would be child’s play to have people friendly to Russia’s illiberal goals (people like Steve Bannon or Tucker Carlson) exacerbate Greenwald’s anger at “the Deep State” to turn it into the frenzy it has become.

Meanwhile, custody of Edward Snowden would be a very enticing dangle for Putin to offer Biden as a way to reset Russia’s relationship with the US. One cannot negotiate with Putin, one can only adjust the points of leverage over each other and hope to come to some stable place, and Snowden has always been at risk of becoming a bargaining chip in such a relationship. By turning Snowden over to the US to be martyred in a high profile trial, Putin might wring the last bit of value out of Snowden. All the better, from Putin’s standpoint, if Greenwald were to respond by releasing the full Snowden set.

For the past four years, Greenwald seems to have believed that if he sucked up to Putin and Trump, he’d win Snowden’s freedom, as if either man would ever deal in good faith. Instead, I think, that process has had the effect of making Greenwald more useful to Russia than Snowden is anymore. And at this point, Greenwald seems to have lost sight of the likelihood that his belligerent rants may well make Snowden less safe, not more.

Update: According to the government sentencing memo for Hale, they didn’t write up the statement of offense, Hale did.

Hale pled guilty without any plea agreement, and submitted his own Statement of Facts. Def.’s Statement of Facts, Dkt. 197 (“SOF”).

DOJ’s Failures to Follow Media Guidelines on the WaPo Seizure

/30 Comments/in , , /by

I wanted to add a few data points regarding the report that DOJ subpoenaed records from three WaPo journalists.

This post is premised on three pieces of well-justified speculation: that John Durham, after having been appointed Special Counsel, obtained these records, that Microsoft challenged a gag, and that Microsoft’s challenge was upheld in some way. I’m doing this post to lay out some questions that others should be asking about what happened.

An enterprise host (probably Microsoft) likely challenged a gag order

The report notes that DOJ did obtain the reporters’ phone records, and tried, but did not succeed, in obtaining their email records.

The Trump Justice Department secretly obtained Washington Post journalists’ phone records and tried to obtain their email records over reporting they did in the early months of the Trump administration on Russia’s role in the 2016 election, according to government letters and officials.

In three separate letters dated May 3 and addressed to Post reporters Ellen Nakashima and Greg Miller, and former Post reporter Adam Entous, the Justice Department wrote they were “hereby notified that pursuant to legal process the United States Department of Justice received toll records associated with the following telephone numbers for the period from April 15, 2017 to July 31, 2017.” The letters listed work, home or cellphone numbers covering that three-and-a-half-month period.

[snip]

The letters to the three reporters also noted that prosecutors got a court order to obtain “non content communication records” for the reporters’ work email accounts, but did not obtain such records. The email records sought would have indicated who emailed whom and when, but would not have included the contents of the emails. [my emphasis]

What likely happened is that DOJ tried to obtain a subpoena on Microsoft or Google (almost certainly the former, because the latter doesn’t care about privacy) as the enterprise host for the newspaper’s email service, and someone challenged or refused a request for a gag, which led DOJ to withdraw the request.

There’s important background to this.

Up until October 2017, when the government served a subpoena on a cloud company that hosts records for another, the cloud company was often gagged indefinitely from telling the companies whose email (or files) it hosted. By going to a cloud company, the government was effectively taking away businesses’ ability to challenge subpoenas themselves, which posed a problem for Microsoft’s ability to convince businesses to move everything to their cloud.

That’s actually how Robert Mueller obtained Michael Cohen’s Trump Organization emails — by first preserving, then obtaining them from Microsoft rather than asking Trump Organization (which was, at the same time, withholding the most damning materials when asked for the same materials by Congress). Given what we know about Trump Organization’s incomplete response to Congress, we can be certain that had Mueller gone to Trump Organization, he might never have learned about the Trump Tower Moscow deal.

In October 2017, in conjunction with a lawsuit settlement, Microsoft forced DOJ to adopt a new policy that gave it the right to inform customers when DOJ came to them for emails unless DOJ had a really good reason to prevent Microsoft from telling their enterprise customer.

Today marks another important step in ensuring that people’s privacy rights are protected when they store their personal information in the cloud. In response to concerns that Microsoft raised in a lawsuit we brought against the U.S. government in April 2016, and after months advocating for the United States Department of Justice to change its practices, the Department of Justice (DOJ) today established a new policy to address these issues. This new policy limits the overused practice of requiring providers to stay silent when the government accesses personal data stored in the cloud. It helps ensure that secrecy orders are used only when necessary and for defined periods of time. This is an important step for both privacy and free expression. It is an unequivocal win for our customers, and we’re pleased the DOJ has taken these steps to protect the constitutional rights of all Americans.

Until now, the government routinely sought and obtained orders requiring email providers to not tell our customers when the government takes their personal email or records. Sometimes these orders don’t include a fixed end date, effectively prohibiting us forever from telling our customers that the government has obtained their data.

[snip]

Until today, vague legal standards have allowed the government to get indefinite secrecy orders routinely, regardless of whether they were even based on the specifics of the investigation at hand. That will no longer be true. The binding policy issued today by the Deputy U.S. Attorney General should diminish the number of orders that have a secrecy order attached, end the practice of indefinite secrecy orders, and make sure that every application for a secrecy order is carefully and specifically tailored to the facts in the case.

Rod Rosenstein, then overseeing the Mueller investigation, approved the new policy on October 19, 2017.

The effect was clear. When various entities at DOJ wanted records from Trump Organization after that, DOJ did not approve the equivalent request approved just months earlier.

If DOJ withdrew a subpoena rather than have it disclosed, it was probably inconsistent with media guidelines

If I’m right that DOJ asked Microsoft for the reporters’ email records, but then withdrew the request rather than have Microsoft disclose the subpoena to WaPo, then the request itself likely violated DOJ’s media guidelines — at least as they were rewritten in 2015 after a series of similar incidents, including DOJ’s request for the phone records of 20 AP journalists in 2013.

DOJ’s media guidelines require the following:

  • Attorney General approval of any subpoena for call or email records
  • That the information be essential to the investigation
  • DOJ has taken reasonable attempts to obtain the information from alternate sources

Most importantly, DOJ’s media guidelines require notice and negotiation with the affected journalist, unless the Attorney General determines that doing so would “pose a clear and substantial threat to the integrity of the investigation.”

after negotiations with the affected member of the news media have been pursued and appropriate notice to the affected member of the news media has been provided, unless the Attorney General determines that, for compelling reasons, such negotiations or notice would pose a clear and substantial threat to the integrity of the investigation, risk grave harm to national security, or present an imminent risk of death or serious bodily harm.

But a judge can review the justifications for gags before issuing them (for all subpoenas, not just media ones).

Just as an example, the government obtained a gag on Twitter, Facebook, Instagram and Google when obtaining Reality Winner’s cloud-based communications a week after they had arrested her (at a time when she was in no position to delete her own content). After a few weeks, Twitter challenged the gag. A judge gave DOJ 180 days to sustain the gag, but in August 2017, DOJ lifted it.

That was a case where DOJ obtained the communications of an accused leaker, with possible unknown co-conspirators, so the gag at least made some sense.

Here, by contrast, the government would have been asking for records from journalists who were not alleged to have committed any crime. The ultimate subject of the investigation would have no ability to destroy WaPo’s records. The records — and the investigation — were over three years old. Whatever justification DOJ gave was likely obviously bullshit.

Hypothetical scenario: DOJ obtains cell phone records only to have a judge rule a gag inappropriate

Let me lay out how this might have worked to show why this might mean DOJ violated the media guidelines. Here’s one possible scenario for what could have happened:

  • In the wake of the election, John Durham subpoenaed the WaPo cell providers and Microsoft, asking for a gag
  • The cell provider turned over the records with no questions — neither AT&T nor Verizon care about their clients’ privacy
  • Microsoft challenged the gag and in response, a judge ruled against DOJ’s gag, meaning Microsoft would have been able to inform WaPo

That would mean that after DOJ, internally — Billy Barr and John Durham, in this speculative scenario — decided that warning journalists would create the same media stink we’re seeing today and make the records request untenable, a judge ruled that that a media stink over an investigation into a 3-year old leak wasn’t a good enough reason for a gag. If this happened, it would mean some judge ruled that Barr and Durham (if Durham is the one who made the request) invented a grave risk to the integrity of their investigation that a judge subsequently found implausible.

It would mean the request itself was dubious, to say nothing of the gag.

Once again, DOJ failed to meet its own notice requirements

And with respect to the gag, this request broke another one of the rules on obtaining records from reporters: that they get notice no later than 90 days after the subpoena. The Justice Manual says this about journalists whose records are seized:

  • Except as provided in 28 C.F.R. 50.10(e)(1), when the Attorney General has authorized the use of a subpoena, court order, or warrant to obtain from a third party communications records or business records of a member of the news media, the affected member of the news media shall be given reasonable and timely notice of the Attorney General’s determination before the use of the subpoena, court order, or warrant, unless the Attorney General determines that, for compelling reasons, such notice would pose a clear and substantial threat to the integrity of the investigation, risk grave harm to national security, or present an imminent risk of death or serious bodily harm. 28 C.F.R. 50.10(e)(2). The mere possibility that notice to the affected member of the news media, and potential judicial review, might delay the investigation is not, on its own, a compelling reason to delay notice. Id.
  • When the Attorney General has authorized the use of a subpoena, court order, or warrant to obtain communications records or business records of a member of the news media, and the affected member of the news media has not been given notice, pursuant to 28 C.F.R. 50.10(e)(2), of the Attorney General’s determination before the use of the subpoena, court order, or warrant, the United States Attorney or Assistant Attorney General responsible for the matter shall provide to the affected member of the news media notice of the subpoena, court order, or warrant as soon as it is determined that such notice will no longer pose a clear and substantial threat to the integrity of the investigation, risk grave harm to national security, or present an imminent risk of death or serious bodily harm. 28 C.F.R. 50.10(e)(3). In any event, such notice shall occur within 45 days of the government’s receipt of any return made pursuant to the subpoena, court order, or warrant, except that the Attorney General may authorize delay of notice for an additional 45 days if he or she determines that for compelling reasons, such notice would pose a clear and substantial threat to the integrity of the investigation, risk grave harm to national security, or present an imminent risk of death or serious bodily harm. Id. No further delays may be sought beyond the 90‐day period. Id. [emphasis original]

Journalists are supposed to get notice if their records are seized. They’re supposed to get notice no later than 90 days after the records were obtained. AT&T and Verizon would have provided records almost immediately and this happened in 2020, meaning the notice should have come by the end of March. But WaPo didn’t get notice until after Lisa Monaco was confirmed as Deputy Attorney General and, even then, it took several weeks.

DOJ’s silence about an Office of Public Affairs review

While it’s not required by guidelines, in general DOJ has involved the Office of Public Affairs in such matters, so someone who has to deal with the press can tell the Attorney General and the prosecutor that their balance of journalist equities is out of whack. At the time, this would have been Kerri Kupec, who was always instrumental in Billy Barr’s obstruction and politicization.

But it’s not clear whether that happened. I asked Acting Director of OPA Marc Raimondi (the guy who has defended what happened in the press; he was in National Security Division at the time of the request), twice, whether someone from OPA was involved. Both times he ignored my question.

The history of Special Counsels accessing sensitive records and testimony

There’s a history of DOJ obtaining things under Special Counsels they might not have obtained without the Special Counsel:

  • Pat Fitzgerald coerced multiple reporters’ testimony, going so far as to jail Judy Miller, in 2004
  • Robert Mueller obtained Michael Cohen’s records from Microsoft rather than Trump Organization
  • This case probably represents John Durham, having been made Special Counsel, obtaining records that DOJ did not obtain in 2017

There’s an irony here: Durham has long sought ways to incriminate Jim Comey, who is represented by Pat Fitzgerald and others. In 2004, as Acting Attorney General, Comey approved the subpoenas for Miller and others. That said, given the time frame on the records request, it is highly unlikely that he’s the target of this request.

Whoever sought these records, it is virtually certain that the prosecutor only obtained them after making decisions that DOJ chose not to make when these leaks were first investigated in 2017, after Jeff Sessions announced a war on media leaks in the wake of having his hidden meeting with Sergey Kislyak exposed.

That suggests that DOJ decided these records, and the investigation itself, were more important in 2020 than Jeff Sessions had considered them in 2017, when his behavior was probably one of the things disclosed in the leak.

The dubious claim that these records could have been necessary or uniquely valuable

Finally, consider one more detail of DOJ’s decision to obtain these records: their claims, necessary under the media policy, that 3-year old phone and email records were necessary to a leak investigation.

When these leaks were first investigated in 2017, DOJ undoubtedly identified everyone who had access to the Kislyak intercepts and used available means — including reviewing the government call records of the potential sources — to try to find the leakers. If they had a solid lead on someone who might be the leaker, the government would have obtained the person’s private communication records as well, as DOJ did do during the contemporaneous investigation into the leak of the Carter Page FISA warrant that ultimately led to SSCI security official James Wolfe’s prosecution.

Jeff Sessions had literally declared war within days of one of the likely leaks under investigation here, and would approve a long-term records request from Ali Watkins in the Wolfe investigation and a WhatsApp Pen Register implicating Jason Leopold in the Natalie Edwards case. After Bill Barr came in, he approved the use of a Title III wiretap to record calls involving journalists in the Henry Frese case.

For the two and a half years between the time Sessions first declared war on leaks and the time DOJ decided these records were critical to an investigation, DOJ had not previously considered them necessary, even at a time when Sessions was approving pretty aggressive tactics against leaks.

Worse still, DOJ would have had to claim they might be useful. These records, unlike the coerced testimony of Judy Miller, would not have revealed an actual source for the stories. These records, unlike the Michael Cohen records obtained via Microsoft would not be direct evidence of a crime.

All they would be would be leads — a list of all the phone numbers and email addresses these journalists communicated with via WaPo email or telephony calls or texts — for the period in question. It might return records of people (such as Andy McCabe) who could be sources but also had legal authority to communicate with journalists. It would probably return a bunch of records of inquiries the journalists made that were never returned. It would undoubtedly return records of people who were sources for other stories.

But it would return nothing for other means of communication, such as Signal texts or calls.

In other words, the most likely outcome from this request is that it would have a grave impact on the reporting equities of the journalists involved, with no certainty it would help in the investigation (and an equally high likelihood of returning a false positive, someone who was contacted but didn’t return the call).

And if it was Durham who made the request, he would have done so after having chased a series of claims — many of them outright conspiracy theories — around the globe, only to have all of those theories to come up empty. Given that after years of investigation Durham has literally found nothing new, there’s no reason to believe he had any new basis to think he could solve this leak investigation after DOJ had tried but failed in 2017. Likely, what made the difference is that his previous efforts to substantiate something had failed, and Barr needed to empower him to keep looking to placate Trump, and so Durham got to seize WaPo’s records.

Billy Barr has been hiding other legal process against journalists

Given the disclosure that Barr approved a request targeting the WaPo about five months ago and that under Barr DOJ used a Title III wiretap in a leak investigation (albeit targeting the known leaker), it’s worth noting one other piece of oversight that has lapsed under Barr.

In the wake of Jeff Sessions declaring war on leaks in 2017 (and, probably, the leak in question here), Ron Wyden asked Jeff Sessions whether the war on leaks reflected a change in the new media guidelines adopted in 2015.

Wyden asked Sessions to answer the following questions by November 10:

  1. For each of the past five years, how many times has DOJ used subpoenas, search warrants, national security letters, or any other form of legal process authorized by a court to target members of the news media in the United States and American journalists abroad to seek their (a) communications records, (b) geo-location information, or (c) the content of their communications? Please provide statistics for each form of legal process.
  2. Has DOJ revised the 2015 regulations, or made any other changes to internal procedures governing investigations of journalists since January 20, 2017? If yes, please provide me with a copy.

In response, DOJ started doing a summary of the use of legal process against journalists for each calendar year. For example, the 2016 report described the legal process used against Malheur propagandist Pete Santilli. The 2017 report shows that, in the year of my substantive interview with FBI, DOJ obtained approval for a voluntary interview with a journalist before the interview because they, “suspected the journalist may have committed an offense in the course of newsgathering activities” (while I have no idea if this is my interview, during the interview, the lead FBI agent also claimed to know the subject of a surveillance-related story I was working on that was unrelated to the subject of the interview, though neither he nor I disclosed what the story was about). The 2017 report also describes obtaining Ali Watkins’ phone records and DOJ’s belated notice to her. The 2018 report describes getting retroactive approval for the arrest of someone for harassing Ryan Zinke but who claimed to be media (I assume that precedent will be important for the many January 6 defendants who claimed to be media).

While I am virtually certain the reports — at least the 2018 one — are not comprehensive, the reports nevertheless are useful guidelines for the kinds of decision DOJ deems reasonable in a given year.

But as far as anyone knows, DOJ stopped issuing them under Barr. Indeed, when I asked Raimondi about them, he didn’t know they existed (he is checking if they were issued for 2019 and 2020).

So we don’t know what other investigative tactics Barr approved as Attorney General, even though we should.

The Intercept’s Silence about Edward Snowden’s Inclusion in Julian Assange’s Charges

/12 Comments/in , /by

Back in October, I beat up The Intercept’s Micah Lee for writing a post that purported to cover the “crumbling” hacking case against Julian Assange by working from an outdated indictment rather than the superseding one that added 50-some paragraphs to the overt acts alleged in the single count for conspiracy to hack. Micah made a half-assed and still factually inaccurate “correction” (without crediting me for pointing out the embarrassing error) that utterly misunderstands US conspiracy law, and claimed events since 2011 had tolled whereas the original password hacking attempt had not.

In the 2020 indictment, attempting to portray Assange as a hacker rather than a journalist, the government listed other instances of Assange allegedly directing hacking activity by people other than Manning — but did not add to the charges against him, prompting a discussion of whether the statute of limitations on the alleged new crimes had expired. Assange’s lawyers called the newest evidence “‘make weight’ allegations designed to bring all of this back within the limitation period.” It remains to be seen if the U.S. government will pursue this reaching strategy. At the moment it seems that these supplemental allegations are peripheral to the first, and only clearly chargeable, instance described by the government that could be conceived as a conspiracy to commit a computer crime — providing marginal support for a case which is, at its core, already weak.

In short, having been alerted to the superseding indictment, The Intercept’s resident expert on hacking utterly dodged the allegations made in that expanded charge, not so much as mentioning what they were.

At the time, I promised to return to Micah’s embarrassing piece after I finished some more pressing issues.

It turns out, the problem at The Intercept is broader than just Micah’s piece.

A recent post from Charles Glass suggests that if President Biden were to “remove the Espionage Act charges against Assange,” it would amount to the withdrawal of his extradition application entirely.

WHEN JOE BIDEN becomes president of the United States on January 20, a historic opportunity awaits him to demonstrate America’s commitment to the First Amendment. He can, in a stroke, reverse four years of White House persecution of journalism by withdrawing the application to extradite Julian Assange from Britain to the U.S.

[snip]

By removing the 1917 Espionage Act charges against Assange, Biden would be adhering to the precedent established by the administration in which he served for eight years as vice president. President Barack Obama’s Department of Justice investigated Assange and WikiLeaks for three years until 2013 before deciding, in the words of University of Maryland journalism professor Mark Feldstein, “to follow established precedent and not bring charges against Assange or any of the newspapers that published the documents.” Equal application of the law would have required the DOJ to prosecute media outlets, including the New York Times, that had as large a hand in publicizing war crimes as did Assange himself. If prosecutors put all the editors, publishers, and scholars who disseminated WikiLeaks materials in the dock, there would not be a courtroom anywhere in America big enough to hold the trial. Obama decided against it, knowing it would represent an unprecedented assault on freedoms Americans hold dear.

Glass went on to repeat the grossly erroneous claims about the history of Assange’s prosecution made at the extradition hearing by journalism history professor Mark Feldstein, who literally submitted a filing to the hearing admitting he wasn’t familiar with what the public record actually says about it.

That Glass ignored the hacking charge against Assange is remarkable given that, along with the erroneous piece from Micah, an earlier post from him is one of the few that addressed the (now superseded) CFAA count.

In addition, The Intercept did a Deconstructed show on the hearing in October. It, too, adopted the erroneous fairy tale about why the Trump Administration charged Assange when the Obama Administration did not. And while it introduced the allegation that Assange is a hacker, it then reverted to the so-called New York Times test, suggesting that if the publishing activities of Assange cannot be distinguished from the NYT’s, then it means Assange cannot and should not be prosecuted.

RG: Supporters of the prosecution of Assange make a number of arguments: That Assange is not a “real” journalist. He’s a hacker. He’s a traitor. He recklessly endangered lives and so he deserves no protection as a journalist. All of this is wrong.

The First Amendment isn’t worth the parchment it’s written on if it’s not respected, and defended, in the broader culture of the United States. People have to support it. Once that support erodes, it tends not to come back. That’s why authoritarians, when they want to curtail a particular freedom, usually find the most unsympathetic target they can, hoping nobody will come to his defense. Then once a new precedent is established, all bets are off. With Assange, Trump and Barr think they’ve found just such a man. It’s up to us not to take the bait.

[snip]

Kevin Gosztola: I think the key thing about Trevor Tim[m]’s testimony is destigmatizing the work of WikiLeaks, or even demystifying it. Because what you have through the U.S. government’s targeting of Wikileaks over the past decade is a concerted effort to make it seem like what WikiLeaks does is not journalism. And so the counter to that through the defense’s case is to make it abundantly clear that this is not reasonable; that in fact, everything that WikiLeaks does, from when it accepts the documents, when it tries to authenticate them, to when it makes media partnerships, to also make sure that names are redacted, to make sure that sensitive details are understood fully before the documents are published. And I think you see that this is the way to keep investigative journalism robust in the 21st century.

RG: I thought Trevor’s point was interesting that The New York Times does not get a press badge from the U.S. government. You know, it isn’t, and it shouldn’t be, up to the U.S. government to decide who is and who is not a journalist.

And the idea of who is or is not a responsible journalist is different from what is illegal or legal conduct, which I also thought was important because the prosecution wants to say: Well, he’s an irresponsible person, so therefore, he doesn’t have these protections. And the counter is no, it’s not up to the government to say what’s responsible or irresponsible journalism. You know, the government creates laws, and if the laws are violated, then you can start your prosecution. But if not, you can’t. And it’s never been against the law to publish classified information. It’s against the law to leak it, if you have access to it. But it’s not against the law to publish it.

As I have said over and over, I agree that the Espionage Act charges against Assange, as charged, pose a real threat to journalism (though so do the Trump DOJ’s other prosecutions of Espionage as a conspiracy, including the Henry Kyle Frese case where DOJ used a Title III wiretap to obtain evidence, and the Natalie Sours Edwards case where the Treasury Department attempted to achieve prior restraint on Jason Leopold, prosecutions that have gotten far less attention).

But I also think the sheer amount of shitty propaganda and outright lies people are telling in service of Julian Assange do their own damage to journalism. It is possible to discuss the risk that Assange’s prosecution on the Espionage charges poses without ignoring large swaths of the public record or even, as The Intercept has done in these three pieces and much of their earlier coverage, the actual charges.

The Intercept’s silence on the superseding indictment is all the more notable because of the way its founding act plays a part.

As I laid out here and here, the superseding charge incorporates a number of other overt acts in the CFAA conspiracy, going through 2015 (and seemingly setting up another superseding indictment that covers publications from 2015 through 2017). The new overt acts include a number of things that absolutely distinguish Assange and WikiLeaks from journalists and publishers. Of particular note, they allege that Julian Assange:

  • Entered into an agreement with individuals involved in Gnosis and Lulzsec before those individuals carried out the hack of Stratfor and remained in the agreement during and after the hack. This is a case where five of the people Assange allegedly entered into a conspiracy with have already pled guilty, in both the UK and US (as well as Ireland), making the primary proof required at trial that Assange did enter into agreement with the other co-conspirators, not that the hack occurred.
  • Directed Siggi to hack a WikiLeaks dissident to destroy incriminating evidence implicating Assange. While I’m less certain whether Siggi took steps to advance this conspiracy (and Siggi has credibility problems as a witness), I know of multiple different allegations that dissidents, sources, and competing outlets were similarly targeted for surveillance, with one WikiLeaks dissident claiming to have been hacked and threatened after a political split with the group.
  • Helped Edward Snowden flee, both by sending Sarah Harrison to facilitate his flight and creating distractions, and then using WikiLeaks’ assistance as a means to recruit further hackers and leakers.

The last one seems particularly irresponsible for The Intercept to suppress as they have, particularly given four other details:

  • Snowden’s description of setting up Tor bridges for Iranians with other Tor volunteers in the extended Arab Spring, making it highly likely he had a relationship with Jake Appelbaum before he took his NSA job in Hawaii.
  • Bart Gellman’s description of how Snowden worked to “optimize” his own outcome to encourage others to leak, mirroring Harrison’s stated motive for helping him flee.
  • The government’s suggestion that Daniel Everette Hale — Jeremy Scahill’s alleged source for his drone reporting — was inspired to leak by Snowden.
  • Snowden’s own (recent) treatment of three Intercept sources — along with Hale, Reality Winner and Terry Albury — as a group meriting a Trump pardon, something that will likely make Hale’s defense at trial next year more difficult.

The government’s theory about Snowden as a recruitment tool is really problematic (though I suspect the government plans to make it a lot more specific after inauguration, even before Hale’s trial next year). But it is also the case that publishers don’t usually help their sources flee as a way to ensure they’ll recruit future leakers and hackers (indeed, in his book, Gellman talked at length about how careful he was to avoid crossing that line when Snowden tried to trick him into it).

One can argue that WikiLeaks was heroic for doing so. One can argue that the US empire has what’s coming to it and so WikiLeaks was right to help Snowden flee. But one can’t argue that the overt acts alleged in the CFAA count of the superseding indictment are things that journalists routinely do. And, if proven, that gets the government well beyond the New York Times test.

Importantly, if you’re engaging in a debate about Assange’s fate but ignoring credible allegations that Assange did a bunch of things that journalists do not do, you should not, at the same time, claim you’re serving journalism. You’re serving propaganda (particularly if you’re also telling a fairy tale about what changed in 2016 and 2017).

All the more so if you’re The Intercept. The government has alleged that one thing that distinguishes Julian Assange from journalists — and they’re right — is that he sent someone halfway around the world to save the guy who created the opportunity to create The Intercept in the first place. Unless Assange is pardoned before Trump leaves (and maybe even then, since many of the acts Assange is charged with are more obviously illegal in the UK), this allegation is going to remain out there.

The founding possibility for The Intercept has now been included as an overt act in a hacking indictment. One way or another, it seems The Intercept needs to address that.

Snowden

Snowden Lies about Outreach about a Pardon and Puts a Target on Daniel Everette Hale’s Back

/26 Comments/in /by

I’m going to make three observations about this Edward Snowden interview, to mark it.

The interview was filmed live, Friday night US time, September 11, as the other clip indicates.

In it, Snowden repeatedly and categorically denied any outreach to the US government for a pardon.

Williams: Have you had any contact with the Administration. Did you initiate any? Have they initiated any? Have you sought a pardon from the United States?

Snowden: I have not. And this is something people have actually forgotten. There was a pardon campaign back during the Obama Administration. But I at no point actually asked for pardon myself. It was tremendously gratifying to have this level of support. But as I said, my condition for return is simply a fair trial. Now we didn’t see the Obama Administration talking about a pardon in this way and I think Trump has commented again since then that he thought treatment was very unfair, or could be. And there’s been a lot of speculation that’s come from this. But there’s been no contact. I was as surprised as anyone else to see this. But it’s very interesting to see this President thinking pardoning what a lot of people would consider [laughs] one of the big names in this new war on whistleblowers. And that’s something that we should all support seeing come to an end.

Williams: So no representative for you has done any outreach. No representative for you or you yourself has heard anything from the White House, the Administration, any government types?

Snowden: No. By hook or by crook, there’s been nothing. No contact, anything like that. I think [laughs] if that were happening, it would be certainly news that we would hear through other channels.

Williams: Let’s use plain English. The price for pardons appears to be lavish praise for this President after the fact. Is that something you’re willing to do?

Snowden: Certainly not. I don’t think a pardon is — or should be — conditioned on anything. When you look at the pardon power, it’s constitutionally derived. It’s Article II Section 2. A pardon is not a contract. A pardon is not something that you accept or reject. And it certainly shouldn’t be used as a political tool. And this is why, while I haven’t asked for pardon from the President, I will ask for A Pardon for others. When I mentioned the war on whistleblowers, this is an ongoing and continuing thing. The reason pardon is even being considered, even being debated, the fact that comments from the Attorney General are even hitting the news are because everyone who has followed these cases know, being charged under the Espionage Act as a whistleblower means no fair trial is permitted. And there are people in the United States today, serving time in prison for doing the right thing. And this is why we should see Donald Trump — or any President — end the war on whistleblowers. He should pardon Reality Winner for trying to expose election interference. He should pardon Daniel Hale for revealing abuses in the drone program. Or Terry Albury for trying to expose systemic racism within the FBI. And these are all people who are deserving of pardon. But this, when we look at pardon, pardon is intended to ameliorate unfairness, to fix fundamental flaws in our system of laws or the way they’re being applied. And there’s nowhere this is more clear right now than in the prosecution of whistleblowers under the Espionage Act.

It is, of course, a blatant lie that there has been no outreach.

Just hours earlier (I think about three?), Glenn Greenwald went onto Tucker Carlson’s show — a show that has repeatedly served as a platform for people to pitch pardons — and argued that Trump should pardon Snowden and Julian Assange. Though Glenn had promised he would be talking about journalism, he instead pitched the pardon as a good way for Trump to stick it to the Deep State. Glenn’s pitch was not only premeditated (it had been rescheduled days earlier), but it was delivered to fit Tucker’s 3 minute time slot.

So Glenn lied about defending journalism (rather than just damaging the Deep State), and Snowden lied about there being no outreach. Snowden also, in the other clip, lied about Putin taking no interest in him.

There was one truth told. When Snowden said, “if that [outreach about a pardon] were happening, it would be certainly news that we would hear through other channels,” he was effectively telling the truth. This was news on another channel: Glenn Greenwald, appearing on Fox News, just hours earlier, pitched Trump on a pardon.

Snowden, in turn, suggested that Trump was thinking of ending the “war on whistleblowers” and — at a time when Trump is ending the careers of people who make legal whistleblowing claims upholding democracy, with glee — claimed that there is no place where unfairness is more clear than the prosecution of whistleblowers under the Espionage Act.

I’ll spot Snowden that one for his own self-interest.

Then Snowden calls for a pardon for three others he suggests are serving time in prison. Reality Winner and Terry Albury are serving time. But Daniel Hale is not. He’s out on bail awaiting trial. In other words, Snowden is actually just calling to pardon everyone who leaked to The Intercept.

In fact, unless Trump decides to pardon Hale, who doesn’t have anyone lobbying him on Tucker Carlson’s show, Snowden just made Hale’s life worse.

That’s because the government believes that Hale was “inspired” by Snowden.

Moreover, as argued in more detail in Defendant’s Reply in support of his Motion to Dismiss for Selective or Vindictive Prosecution (filed provisionally as classified), it appears that arbitrary enforcement – one of the risks of a vague criminal prohibition – is exactly what occurred here. Specifically, the FBI repeatedly characterized its investigation in this case as an attempt to identify leakers who had been “inspired” by a specific individual – one whose activity was designed to criticize the government by shedding light on perceived illegalities on the part of the Intelligence Community. In approximately the same timeframe, other leakers reportedly divulged classified information to make the government look good – by, for example, unlawfully divulging classified information about the search for Osama Bin Laden to the makers of the film Zero Dark Thirty, resulting in two separate Inspector General investigations.3 Yet the investigation in this case was not described as a search for leakers generally, or as a search for leakers who tried to glorify the work of the Intelligence Community. Rather, it was described as a search for those who disclosed classified information because they had been “inspired” to divulge improprieties in the intelligence community.

That is, Snowden — who with WikiLeaks’ Sarah Harrison made sure to avoid capture so he could be an inspiration to others to follow — effectively just confirmed what the government has only alleged, and in secret, that there is a tie between him and Hale. In so doing, he has also confirmed an allegation in the superseding Assange indictment.

Between them, Snowden and Glenn are feigning that Trump would pardon anyone out of any concern for journalism or whistleblowing. Both claims are utterly absurd.

And in so doing, they’re going to make sure that any pardon Snowden gets is not because Trump cares about journalism or even wants to rein in spying (he has done the opposite, on both counts), but is done exclusively in the name of damaging the Deep State.

The Government Prepares to Argue that Transmitting Information *To* WikiLeaks Makes the Vault 7 Leak Different

/19 Comments/in , , , /by

In a long motion in limine yesterday, the government suggested that if Joshua Schulte had just been given a “prestigious desk with a window,” he might not have leaked all of CIA’s hacking tools in retaliation and caused what the government calls “catastrophic” damage to national security.

Schulte grew angrier at what he perceived was his management’s indifference to his claim that Employee-1 had threatened him. Schulte also began to complain about what, according to him, amounted to favoritism toward Employee-1, claiming, for example, that while the investigation was ongoing, Schulte was moved to an “intern desk,” while Employee-1 had been moved to a “prestigious desk with a window.”

[snip]

The Leaks are the largest illegal disclosure of CIA information in the agency’s history and, as noted above, caused catastrophic damage to national security.

Along the way, the motion provides the most detailed description to date about how the government believes Schulte stole the Vault 7 files from CIA. It portrays him as an arrogant racist at the beginning of this process, and describes how he got increasingly belligerent with this colleagues at CIA leading up to his alleged theft of the CIA’s hacking files, leading his supervisors to recognize the threat he might pose, only to bollox up their efforts to restrict his access to CIA’s servers.

The motion, along with several other submitted yesterday, suggests that the government would like to argue that leaking to WikiLeaks heightens the damage that might be expected to the United States.

Along with laying out that it intends to argue that the CIA charges (stealing the files and leaking them to WikiLeaks) are intertwined with the MCC charges (conducting “information war” against the government from a jail cell in the Metropolitan Correction Center; I explained why the government wants to do so here), the government makes the case that cybersecurity expert Paul Rosenzweig should testify as a witness about WikiLeaks.

Rosenzweig will testify about (i) WikiLeaks’s history, technical and organizational structure, goals, and objectives; (ii) in general terms, prior leaks through WikiLeaks, in order to explain WikiLeaks’s typical practices with regard to receiving leaked classified information, its practices or lack thereof regarding the review and redaction of sensitive information contained in classified leaks, and certain well-publicized harms to the United States that have occurred as a result of disclosures by WikiLeaks; and (iii) certain public statements by WikiLeaks regarding the Classified Information at issue in this case.

Rosenzweig’s testimony would come in addition to that of classification experts (probably for both sides) and forensic experts (again, for both sides; Steve Bellovin is Schulte’s expert).

The expert witnesses were allowed to testify as to the background of the organization Wikileaks; how the U.S. Government uses certain markings and designations to identify information that requires special protection in the interests of national security; the meaning of certain computer commands and what they would do; how various computers, servers, and networks work; how data is stored and transferred by various computer programs and commands; and the examination of data that is stored on computers and other electronics.

The only motion in limine Schulte submitted yesterday objected to Rosenzweig’s testimony. Schulte argues that the government’s expert notice neither provides sufficient explanation about Rosenzweig’s intended testimony nor proves he’s an expert on WikiLeaks. More interesting is Schulte’s  argument that Rosenzweig’s testimony would be prejudicial. It insinuates that Rosenzweig’s testimony would serve to substitute for a lack of proof about how Schulte sent the CIA files to WikiLeaks (Schulte is alleged to have used Tor and Tails to transmit the files, which would leave no forensic trace).

In Mr. Schulte’s case, the government has no reliable evidence of how much information was taken from the CIA, how it was taken, or when it was provided to WikiLeaks. The government cannot overcome a lack of relevant evidence by introducing evidence from other cases about how much information was leaked or how information was leaked in unrelated contexts. The practices of WikiLeaks in other contexts and any testimony about alleged damage from other entirely unrelated leaks is completely irrelevant.

Schulte’s claimed lack of evidence regarding transfer notwithstanding, that’s not how the government says they want to use Rosenzweig’s testimony. They say they want to use his testimony to help prove that Schulte intended to injure the US.

The Government is entitled to argue that Schulte intended to harm the United States, by transmitting the stolen information to WikiLeaks, because he knew or had reason to know what WikiLeaks would do with the information. The fact that WikiLeaks’ prior conduct has harmed the United States and has been widely publicized is powerful evidence that Schulte intended or had reason to believe that “injury [to] the United States” was the likely result of his actions—particularly given that the Government will introduce evidence that demonstrates Schulte’s knowledge of earlier WikiLeaks disclosures, including his own statements.

It does so by invoking WikiLeaks’ past leaks and the damage those leaks have done.

Accordingly, proof that it was foreseeable to Schulte that disclosure of classified information to WikiLeaks could cause “injury [to] the United States” is a critical element in this case. Indeed, the Senate Select Committee on Intelligence has explicitly stated “that WikiLeaks and its senior leadership resemble a non-state hostile intelligence service.” S. Rep. 115-151 p. 10. In order to evaluate evidence related to this topic, the jury will need to understand what WikiLeaks is, how it operates, and the fact that WikiLeaks’ previous disclosures have caused injury to the United States. The Government is entitled to argue that Schulte intended to harm the United States, by transmitting the stolen information to WikiLeaks, because he knew or had reason to know what WikiLeaks would do with the information.

Notably, the government motion invokes the Senate’s recognition that WikiLeaks resembles “a non-state hostile intelligence service.” That may well backfire in spectacular fashion. That statement didn’t come until over a year after Schulte is alleged to have stolen the files. And the statement was a follow-up to Mike Pompeo’s similar claim, which was a direct response to Schulte’s leak. If I were Schulte, I’d be preparing a subpoena to call Pompeo to testify about why, after the date when Schulte allegedly stole the CIA files, on July 24, 2016, he was still hailing the purported value of WikiLeaks’ releases.

The thing is, showing that the specific nature of the intended recipient of a leak is an element of the offense has never been required in Espionage leak cases before. Indeed, the government’s proposed jury instructions are based off the instruction in the Jeffrey Sterling case. While the government flirted with naming James Risen an unindicted co-conspirator in that case, they did not make any case that leaking to Risen posed unique harm.

Moreover, even before getting into Schulte’s statements about WikiLeaks (most of which have not yet been made public, as far as I’m aware), by arguing the CIA and MCC charges together, the government will have significant evidence not just about Schulte’s understanding of WikiLeaks, but his belief and that they would lie to harm the US. The government also has evidence that Schulte knew that WikiLeaks’ pretense to minimizing harm with the Vault 7 files was false, and that instead WikiLeaks did selective harm in its releases, though it doesn’t want to introduce that evidence at trial.

In other words, this seems unnecessary, superfluous to what the government has done in past Espionage cases, and a dangerous precedent (particularly given the way the government suggested that leaking to The Intercept was especially suspect in the Terry Albury and Reality Winner cases).

That’s effectively what Schulte argues: that the government is trying to argue that leaking to WikiLeaks is particularly harmful, and that if such testimony goes in, it would be forced to call its own witnesses to testify about how past WikiLeaks releases have shown government malfeasance.

This testimony could also suggest that the mere fact that information was released by WikiLeaks necessarily means that it was intended to—and did—cause harm to the United States. These are not valid evidentiary objectives. Instead, this type of testimony would create confusion and force a trial within a trial on the morality of WikiLeaks and the extent of damage caused by prior leaks. If the government is allowed to introduce this evidence, the defense will necessarily have to respond with testimony about how WikiLeaks is a non-profit news organization, that it has previously released information from government whistle-blowers that was vital to the public understanding of government malfeasance, and that any assertion of damages in the press is not reliable evidence.

The government, in a show of reasonableness, anticipates Schulte’s argument about the prejudice this will cause by stating that it will limit its discussion of prior WikiLeaks releases to a select few.

The Government recognizes the need to avoid undue prejudice, and will therefore limit Mr. Rosenzweig’s testimony to prior WikiLeaks leaks that have a direct relationship with particular aspects of the conduct relevant to this case, for example by linking specific harms caused by WikiLeaks in the past to Schulte’s own statements of his intent to cause similar harms to the United States or conduct. Those leaks include (i) the 2010 disclosure of documents provided to WikiLeaks illegally by Chelsea Manning; (ii) the 2010 disclosure of U.S. diplomatic cables; (iii) the 2012 disclosure of files stolen from the intelligence firm Stratfor; and (iv) the 2016 disclosure of emails stolen from a server operated by the Democratic National Committee.

The selected cases are notable, as all of them (with Manning’s leaks seemingly listed twice) involve cases the government either certainly (with the EDVA grand jury seeking Manning and Jeremy Hammond’s testimony) or likely (with ongoing investigations into Roger Stone) currently has ongoing investigations into.

As a reminder: absent an unforeseen delay, this trial will start January 13, 2020 and presumably finish in the weeks leading up to the beginning of Julian Assange’s formal extradition process on February 25. The government has maintained it can add charges up until that point, and US prosecutors told British courts it won’t provide the evidence against Assange until two months before the hearing (so around Christmas).

Schulte’s trial, then, appears to be the opening act for that extradition, an opening act that will undermine the claims WikiLeaks supporters have been making about the journalistic integrity of the organization in an attempt to block Assange’s extradition. Rosenzweig’s testimony seems designed, in part, to heighten that effect.

Which may be why this instruction appears among the government’s proposed instructions.

Some of the people who may have been involved in the events leading to this trial are not on trial. This does not matter. There is no requirement that everyone involved in a crime be charged and prosecuted, or tried together, in the same proceeding.

You may not draw any inference, favorable or unfavorable, towards the Government or the defendant from the fact that certain persons, other than the defendant, were not named as defendants in the Indictment. Do not speculate as to the reasons why other persons were not named. Those matters are wholly outside your concern and have no bearing on your function as jurors.

Whether a person should be named as a co-conspirator, or indicted as a defendant in this case or another separate case, is a matter within the sole discretion of the United States Attorney and the Grand Jury.

As noted, a number of different WikiLeaks supporters have admitted to me that they’re grateful Assange has not (yet) been charged in conjunction with the Vault 7 case, because even before you get to his attempt to extort a pardon with the files, there’s little journalistic justification for what it did, and even more reason to criticize WikiLeaks’ actions as the case against Schulte proceeded.

Yet the obscure proceedings before the EDVA grand jury suggests the government may be pursuing a conspiracy case that starts in 2010 and continues through the Vault 7 releases, with the same variety of Espionage and CFAA charges continuing through that period.

By arguing the CIA and MCC charges in tandem, the government can pretty compellingly make the case that WikiLeaks’ activities went well beyond journalism in this case. But it seems to want to use Rosenzweig’s testimony to make the case more broadly.

DOJ Holds Big Presser to Make It Clear It Will Use Title III Wiretaps to Prosecute Leaks

/10 Comments/in /by

John Demers, the Assistant Attorney General who did not think Donald Trump’s extortion by using congressionally appropriated security funding to pressure Ukraine into providing him with campaign propaganda merited an investigation, just had a big press conference to announce the arrest of Henry Kyle Frese, a DIA counterterrorism analyst accused of leaking information about a specific country’s weapons systems to two journalists who work at related media outlets (NBC is one outlet that would fit the presumed arrangement, but there are surely others; Update–it appears this is one of the stories). It sounds like a journalist Freese lived with asked him first to help a more senior journalist from the related outlet, then published a story herself, based off the allegedly leaked materials.

The leak doesn’t sound all that serious, in the grand scheme of things.

What was serious is the warning this press conference was meant to send to journalists. Demers bragged about the sentence imposed on Reality Winner, and boasted of the 6 people the Trump DOJ has prosecuted for leaks. He raised the Jeff Sessions’ speech announcing DOJ would target leaks.

When asked if DOJ was considering prosecuting the two journalists, the speakers on the press conference deferred, as they did about any ongoing investigation. That is, they may well be intending to do so.

Perhaps one of the bigger pieces of news about this arrest is not that DOJ arrested an analyst trying to do a favor for his girlfriend. Rather, it’s that DOJ decided to use a Title III wiretap to intercept Freese’s calls to the journalists, something that would be more proportional to the mob, not journalists.

But that’s where the national security priorities of Trump’s DOJ are. Not investigating him, or at least his personal lawyer, for schemes that obviously make our country less safe. But instead to use wiretaps to go after journalism.

The Other Servers and Laptops FBI Never Investigated: VR Systems and North Carolina Polling Books

/40 Comments/in /by

Ron Wyden had a lot to say in his minority views to the SSCI Report on election security released yesterday, mostly arguing that there need to be national standards and assistance and that no one can make any conclusions about the effects of Russia’s efforts in 2016 because no one collected the data to make such conclusions.

But there’s one line in his section raising questions about the 2016 conclusions I find particularly interesting, pertaining to VR Systems (which he doesn’t name).

Assessments about Russian attacks on the administration of elections are also complicated by newly public information about the infiltration of an election technology company.

Since the Mueller Report came out, Wyden has been trying to chase down this reference in the report to the VR Systems hack.

Unit 74455 also sent spear-phishing emails to public officials involved in election administration and personnel a~ involved in voting technology. In August 2016, GRU officers targeted employees of [redacted; VR Systems], a voting technology company that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network.

In May, he sent a letter to VR Systems President Mindy Perkins, asking how the company could claim, in March 2018, that it had not experienced a security breach when the report said it had been infected with malware in August 2016. In response, the company told Wyden (according to a letter he and Amy Klobuchar sent FBI Director Chris Wray) that they had alerted the FBI that they found suspicious IPs in their logs in real time, but that FBI had never explained the significance of that.

In a May 16, 2019, letter to Senator Wyden, VR Systems described how it participated in an August 2016 conference call with law enforcement. Participants in that call were apparently asked by the FBI to “be on the lookout for certain suspicious IP addresses.” According to VR Systems, the company examined its website logs, “found that several of the IP addresses had, in fact, visited our website” and as a result, the company “notified the FBI as we had been directed to do.” VR Systems indicates they did not know that these IP addresses were part of a larger pattern until 2017, which suggests the FBI may not have followed up with VR Systems in 2016 about the nature of the threat they faced.

The implication from Wyden’s letters is that VR Systems only hired FireEye to conduct an assessment of what happened after Reality Winner leaked an NSA document making it clear they had been targeted by GRU in 2017. [Update: Kim Zetter actually reported this here.]

In their June 12 letter, Wyden and Klobuchar asked Wray whether the FBI followed up on VR Systems’ report.

  1. What steps, if any, did the FBI take to examine VR Systems’ servers for evidence of a successful cyber breach after the company alerted the FBI, in August of 2016, to the presence of suspicious IP addresses in its website logs? If the FBI did not examine VR Systems’ servers or request access to those servers, please explain why.
  2. Several months after VR Systems first contacted the FBI, electronic pollbooks made by the company malfunctioned during the November 8 general election in Durham County, North Carolina. In the two and a half years since that incident in Durham County, has the FBI requested access to the pollbooks that malfunctioned, and the computers used to configure them, in order to examine them for evidence of hacking? If not, please explain why.
  3. VR Systems contracted FireEye to perform a forensic examination of its systems in the summer of 2017. Has the FBI reviewed FireEye’s conclusions? If so, what were its key findings?

It’s unclear how Wray answered (or didn’t). But just before Wyden sent this letter, the WaPo reported that no one had yet conducted a forensic examination of the laptops used in the VR Systems polling books in North Carolina. After Democrats took over control, they finally persisted in getting DHS to agree to check the laptops.

On Tuesday, the Department of Homeland Security told The Washington Post it will conduct a forensic analysis of the laptops used in Durham County elections in 2016. Lawson said North Carolina first asked the department to conduct such a review more than 18 months ago, though he added that DHS has generally been a “good partner” on election security.

“We appreciate the Department of Homeland Security’s willingness to make this a priority so the lingering questions from 2016 can be addressed in advance of 2020,” said Karen Brinson Bell, the newly appointed executive director of the State Board of Elections.

After the election, Durham County hired a firm called Protus3 to dig into what happened. The security consultant said it appeared the problems were caused by user error but ended its 12-page report with a list of recommendations that included examining computers in a lab setting and interviewing more election workers.

Durham County elections director Derek Bowens said he is comfortable with the report’s conclusions. Even so, in 2017, the county switched to electronic poll books created by the state. Bowens said in an interview that the state’s software would save money and is, in his view, better.

But for North Carolina officials, concerns resurfaced in June 2017 when the website Intercept posted a leaked National Security Agency report referencing “cyber espionage operations against a . . . U.S. company in August 2016.” The NSA report said that “it was likely that at least one account was compromised.”

VR Systems soon acknowledged that hackers had targeted the company but insisted that its network had not been breached.

North Carolina officials weren’t so sure.

“This was the first leak that indicated anything like a nation-state actor targeting a voting systems vendor,” Lawson said.

The state elections board soon launched its own investigation, seizing 40 laptops from Durham in July. And it suspended the certification that allowed more than 20 North Carolina counties to use VR Systems’ poll books during elections, an action that would later land in court. “Over the past few months there has been a considerable change in the election security landscape and the level of scrutiny we receive,” the board wrote in a letter explaining its decision to VR Systems.

No one working for the board had the technical expertise to do a forensic examination of the machines for signs of intrusion. Staffers asked DHS for technical help but did not get a substantive answer for a year and a half, Lawson said.

As noted, FireEye appears to have done an assessment at VR Systems itself in the wake of the Winner disclosure. The WaPo reports that FireEye declared VR Systems hadn’t been hacked, but wouldn’t share any information with Wyden or–apparently–DHS.

VR Systems said a cybersecurity firm it hired to review its computer network in 2017 found no evidence of a hack. A subsequent review by DHS also found no issues, the company said. VR Systems declined to give Wyden documentation of those reviews, citing the need to protect proprietary information.

Wyden in a statement to The Post accused VR Systems of “stonewalling congressional oversight.”

A senior U.S. official confirmed DHS’s review of VR Systems’s network to The Post and noted that by the time agency investigators arrived, a commercial vendor had already “swept” the networks. “I can’t tell you what happened before the commercial vendor came in there,” the official said, speaking on the condition of anonymity to discuss a sensitive matter.

The same day as the WaPo report, Kim Zetter reported that VR Systems used remote updates for their software, opening up a possible point of compromise for hackers.

For two years, GRU hack denialists have thought it was the most important thing that the DNC provided FBI Crowdstrike’s forensic images of the hacked laptops, rather than providing the servers themselves.

But that step has, apparently, not been done yet with VR Systems. And the laptops that failed on election day are only now being forensically examined.  Which is why, I presume, that Wyden believes it’s premature to claim no vote totals were affected on election day 2016.