Posts

Snowden

Insurance File: Glenn Greenwald’s Anger Is of More Use to Vladimir Putin than Edward Snowden’s Freedom

Glenn Greenwald risks making his own anger more valuable to Vladimir Putin than Edward Snowden’s freedom.

When WikiLeaks helped Snowden flee Hong Kong eight years ago, both WikiLeaks and Snowden had the explicit goal of using Snowden’s successful flight from prosecution to entice more leakers.

In his book, Snowden described that Sarah Harrison and Julian Assange’s goal in helping him flee Hong Kong was to provide a counterexample to the draconian sentence of Chelsea Manning.

People have long ascribed selfish motives to Assange’s desire to give me aid, but I believe he was genuinely invested in one thing above all—helping me evade capture. That doing so involved tweaking the US government was just a bonus for him, an ancillary benefit, not the goal. It’s true that Assange can be self-interested and vain, moody, and even bullying—after a sharp disagreement just a month after our first, text-based conversation, I never communicated with him again—but he also sincerely conceives of himself as a fighter in a historic battle for the public’s right to know, a battle he will do anything to win. It’s for this reason that I regard it as too reductive to interpret his assistance as merely an instance of scheming or self-promotion. More important to him, I believe, was the opportunity to establish a counterexample to the case of the organization’s most famous source, US Army Private Chelsea Manning, whose thirty-five-year prison sentence was historically unprecedented and a monstrous deterrent to whistleblowers everywhere. Though I never was, and never would be, a source for Assange, my situation gave him a chance to right a wrong. There was nothing he could have done to save Manning, but he seemed, through Sarah, determined to do everything he could to save me. That said, I was initially wary of Sarah’s involvement. But Laura told me that she was serious, competent, and, most important, independent: one of the few at WikiLeaks who dared to openly disagree with Assange. Despite my caution, I was in a difficult position, and as Hemingway once wrote, the way to make people trustworthy is to trust them.

[snip]

It was only once we’d entered Chinese airspace that I realized I wouldn’t be able to get any rest until I asked Sarah this question explicitly: “Why are you helping me?”

She flattened out her voice, as if trying to tamp down her passions, and told me that she wanted me to have a better outcome. She never said better than what outcome or whose, and I could only take that answer as a sign of her discretion and respect.

It’s not just Snowden’s impression, though, that WikiLeaks intended to make an example of him. The superseding indictment against Assange cites several times when Assange invoked WikiLeaks’ role in Snowden’s successful escape to encourage others (including CIA Systems Administrators like Joshua Schulte, who had a ticket to Mexico when the FBI first interviewed him and seized his passports) to go do what Snowden did. British Judge Vanessa Baraitser even included one of those speeches in paragraphs distinguishing what Assange is accused of from legal journalism. And as early as 2017, public reporting said that WikiLeaks’ assistance to Snowden was what changed how DOJ understood WikiLeaks and why it began to consider prosecuting Assange. It wasn’t Trump that led DOJ to stop treating Assange as a journalist, it was Snowden.

According to Snowden’s own words, he shared WikiLeaks’ goal of setting an example to inspire others. In an email that Snowden must have sent Bart Gellman weeks before the exchange between him and Harrison above, Snowden described steps he took to give other leakers (this may be Gellman’s paraphrase), “hope for a happy ending.”

In the Saturday night email, Snowden spelled it out. He had chosen to risk his freedom, he wrote, but he was not resigned to life in prison or worse. He preferred to set an example for “an entire class of potential whistleblowers” who might follow his lead. Ordinary citizens would not take impossible risks. They had to have some hope for a happy ending.

To effect this, I intend to apply for asylum (preferably somewhere with strong internet and press freedoms, e.g. Iceland, though the strength of the reaction will determine how choosy I can be). Given how tightly the U.S. surveils diplomatic outposts (I should know, I used to work in our U.N. spying shop), I cannot risk this until you have already gone to press, as it would immediately tip our hand. It would also be futile without proof of my claims—they’d have me committed—and I have no desire to provide raw source material to a foreign government. Post publication, the source document and cryptographic signature will allow me to immediately substantiate both the truth of my claim and the danger I am in without having to give anything up. . . . Give me the bottom line: when do you expect to go to print?

Citizenfour also quotes Snowden describing how he hoped that proof that his “methods work[]” would encourage others to leak.

If all ends well, perhaps the demonstration that our methods worked will embolden more to come forward.

Snowden’s “methods” don’t work — they certainly haven’t for Daniel Hale, Reality Winner, or Joshua Schulte. But for each, Snowden played at least some role (there is ambiguity about how Schulte really felt about Snowden) in inspiring them to ruin their lives with magical thinking and inadequate operational security.

One of Snowden’s “methods” appears to entail quitting an existing job and then picking another at an Intelligence Community contractor with the intent of obtaining documents to leak. Snowden did this at Booz Allen Hamilton, and his book at least suggests the possibility he did that with his earlier job in Hawaii.

The government justified the draconian sentence that it had negotiated with Winner’s lawyers, in part, by claiming that she premeditated her leak.

Around the same time the defendant took a job with Pluribus requiring a security clearance in February 2017, she was expressing contempt for the United States, mocking compromises of our national security, and making preparations to leak intelligence information

Along with evidence Winner researched The Intercept’s SecureDrop before starting at her new job, the government supported this claim by pointing to three references Winner made to Snowden as or shortly after she started at Pluribus, including texts in which Winner told her sister she was on Assange and Snowden’s side the day the Vault 7 leak was revealed. That was still two months before she took the files she would send to The Intercept.

Had Hale gone to trial, the government would have shown that Hale discussed serving as a source for Jeremy Scahill by May 30, 2013, the day before he left NSA, and discussed Snowden — and hanging out with the journalists reporting on him — the day Snowden came forward on June 9. Then, on July 25, Hale sent Scahill a resume showing he was looking for counterterrorism or counterintelligence jobs. In December, Hale started the the job at Leidos where he would print out the files he sent to The Intercept.

You can think these leaks were valuable and ethical without thinking it a good idea to leave a months-long trail of evidence showing premeditation on unencrypted texts and social media.

Similarly, one of Snowden’s “methods” was to claim he had expressed concerns internally, but was ignored, a wannabe whistleblower stymied by America’s admittedly failed support for whistleblowers, especially those at contractors.

In the weeks before Snowden left NSA, he made a stink about some legal issues and NSA’s training programs (about how FISA Section 702 interacted with EO 12333) that he subsequently pointed to as his basis for claiming to be a whistleblower. The complaint was legit, and one NSA department actually did take notice, but it was not a formal complaint; indeed, it was more a complaint about US law. But his complaint had nothing to do with the vast majority of the documents that have been published based off his files, to say nothing of the far greater set of documents he took. And he made the complaint long after having prepared for months to steal vast amounts of files.

Similarly, Joshua Schulte wrote two emails documenting purported concerns about CIA security, one to a colleague less than a month before he left, which he didn’t send, and then, on his final day, one to CIA’s Inspector General that he falsely claimed was unclassified, a copy of which he was seen taking with him when he packed up. In the first search warrant for Schulte’s house obtained on March 13, 2017, less than a week after the initial Vault 7 release, the FBI had already found those emails and deemed Schulte’s treatment of them as suspect. And when they found a copy of the classified letter to the IG stashed in his headboard, it gave them cause to seize Schulte’s passports on threat of arrest. Snowden’s “methods” didn’t deliver Schulte a “happy ending;” they made Schulte’s apprehension easier.

To the extent Schulte could be shown to be following Snowden’s “methods” (again, that question was not resolved at his first trial) it would be a fairly damning indictment of those methods, since this effort to create a paper trail as a whistleblower was such an obvious attempt to retroactively invent cover for leaks for which there was abundant evidence Schulte’s motivation was spite and revenge. Maybe that’s why someone close to Assange explicitly asked me to stop covering Schulte’s case.

Had Daniel Hale gone to trial, the government undoubtedly would have used the exhibits showing that Hale had never made any whistleblower claims in any of the series of government jobs where he had clearance as a way to push back on his claim of being a whistleblower, though Hale was outspoken about his criticisms of the drone program before he took most of the files he shared with The Intercept. Indeed, given the success of Hale’s earlier anti-drone activism, his case raises real questions about whether leaking was more effective than Hale’s frank, overt witness to the problems of the drone program.

Worse still, Snowden’s boasts about his “methods” appear to have made prosecutions more likely. An early, mostly-sealed filing in Hale’s case, reveals that the government set out to investigate whether Hale was The Intercept’s source because they were trying to figure out whom Snowden had “inspired” to leak.

Specifically, the FBI repeatedly characterized its investigation in this case as an attempt to identify leakers who had been “inspired” by a specific individual – one whose activity was designed to criticize the government by shedding light on perceived illegalities on the part of the Intelligence Community.

That explains why the government required Hale to allocute to being the author of an essay in a collection of Hale’s leaked documents involving Snowden: by doing so, they obtained sworn proof that Hale is the person Snowden and Glenn Greenwald were discussing, while the two were sitting in Moscow, in the closing sequence of Citizenfour. In the scene, Glenn flamboyantly wrote for Snowden how this new leaker and The Intercept’s journalist were communicating, what appears to be J-A-B-B-E-R. That stunt for the camera would have tipped the government off, in cinema release just two months after they had raided Hale’s home, to look for and reconstruct Hale’s Jabber communications with Jeremy Scahill, which they partly succeeded in doing.

Rather than being means to a “happy ending,” then, prosecutors have found Snowden’s “methods” useful to pursuing increasingly draconian prosecutions of people inspired by him.

And now, after Snowden and Greenwald failed to persuade Trump to pardon Snowden, Assange — and in a secondary effort — The Intercept’s sources (perhaps, like Assange, they find the association with Schulte counterproductive, because they didn’t even try to get him pardoned, even though Trump himself almost bolloxed that prosecution), Snowden is left demanding pardons on Twitter for the people he set out to convince leaking could have a “happy ending.”

By associating these leaks with someone being protected by Russia so that — in Snowden’s own words — he could encourage more leaks, Snowden only puts a target on these people’s back, making a justifiable commutation of Winner’s sentence less likely (Winner is due to get out on November 23, two days before the most likely time for Joe Biden to even consider commuting her sentence).

I’m grateful for Snowden’s sacrifices to release the NSA files, but his efforts to lead others to believe that leaking would be easy was bound to, and has, ended badly.

If Vladimir Putin agreed to protect Snowden in hopes that he would inspire more leakers to release files that help Russia evade US spying (as Schulte’s leak did, at a time when the US was trying to understand the full scope of what Russia had done in 2016), the US prosecutorial focus on Snowden-related leakers undermines his value to Putin, probably by design. As that happens, Snowden might reach the moment that observers of his case have long been dreading, the moment when Putin’s utilitarian protection of Snowden will give way to some other equally utilitarian goal.

This is all happening as Putin adjusts to dealing with Joe Biden rather than someone he could manipulate by (at the very least) feeding his narcissism, Donald Trump. It is happening in the wake of new sanctions on Russia, in response to which Putin put US Ambassador John Sullivan on a plane to deliver some message, in person, to Biden. It is happening as Biden’s response to the Colonial Pipeline attack, in which ransomware criminals harbored by Putin shut down US critical infrastructure for fun and profit, includes noting that he and Putin will meet in person soon, followed by the unexplained disabling of the perpetrators in the wake of the attack.

Meanwhile, even as Snowden is of less and less use to Putin, Glenn Greenwald’s utility continues to grow. Snowden, for example, continues to speak out about topics inconvenient to Putin, like privacy. The presence in Russia of someone like Snowden with his own platform and international credibility may become increasingly risky for Putin given the success of protests around Alexei Navalny.

Greenwald, by contrast, seems to have dropped all interest in surveillance and has instead turned many of his grievances — even his complaint that former NSA lawyer Susan Hennessey will get a job in DOJ’s National Security Division, against whom one can make a strong case on privacy grounds — into a defense of Russia. Greenwald spends most of his time arguing that a caricature that he labels “liberals” and another caricature that he labels “the [American] Deep State,” followed closely by another caricature he calls “the  [non-right wing propaganda] Media,” are the most malignant forces in American life. In his rush to attack “liberals,” “the Deep State,” and “the Media,” Greenwald has coddled the political forces that Putin has found useful, including outright racists and other right wing extremists. By the end of the Trump presidency, Greenwald was excusing virtually everything Trump did, up to and including his attempted coup based on the utter denigration of democratic processes. In short, Greenwald has become a loud and important voice in support of the illiberalism Putin favors, to say nothing of Greenwald’s use of a rhetoric unbound by facts.

That Greenwald spends most of his days deliberately inciting Twitter mobs is just an added benefit, to those who want to weaken America, to Greenwald’s defense of fascists.

Most of us who used to know Greenwald attribute his Russian denialism and his apologies for Trump at least partly to his desire to free Snowden from exile. Yet Greenwald’s tantrums, because of their value to Putin, may have the opposite effect.

Stoking Greenwald’s irrational furor over what he calls “liberals” and “the Deep State” and “the Media” would actually be a huge incentive for Putin to deal Snowden to the US, in maximally symbolic fashion. There is nothing that could light up Greenwald’s fury like Putin bringing Snowden to a summit with Biden, wrapped up like a present, to send back on Air Force One. (That’s an exaggerated scenario, but you get my point.)

Plus, if Putin played it right, such a ceremonial delivery of Snowden might just achieve the completion of the Snowden operation, the public release of all of the files Snowden stole, not just those that one or another journalist found to have news value.

The Intelligence Community has, over the years, said a bunch of things about Snowden that were outright bullshit or, at least, for which they did not yet have evidence. But one true thing they’ve said is that Snowden took a great many files that had no imaginable privacy value. Even from a brief period working in the full archive aiming to answer three very discrete questions about FISA, I believe that to be true. While some (including Assange) pressured Snowden and others to release all these files, Snowden instead ensured that journalists would serve a vetting role, and after some initial fumbling, The Intercept did a laudable job of keeping those files safe. So up to now, the fact that Snowden took far more files than any privacy concern — even privacy concerns divorced from all question of nationality — could justify may not have mattered.

But as far as I know there are still full copies out there and Russia would love to spin up Glenn Greenwald’s fury so much he would attempt to burn down his caricature of “The Deep State” in retaliation — much like Schulte succeeded in badly damaging the CIA — by releasing his set.

I believe Russia has been trying to do this since at least 2016.

To be very clear, I’m not claiming that Greenwald is taking money from or is any way controlled by Russia. I am very much not claiming that, in part because it wouldn’t be necessary. Why pay Greenwald for what you can get him to do for free?

And while I assume Greenwald would respect Snowden’s stated wishes and protect the files, like Trump, Greenwald’s narcissism and resentment are very, very easy buttons to push. Greenwald has been heading in this direction without pushing. It would be child’s play to have people friendly to Russia’s illiberal goals (people like Steve Bannon or Tucker Carlson) exacerbate Greenwald’s anger at “the Deep State” to turn it into the frenzy it has become.

Meanwhile, custody of Edward Snowden would be a very enticing dangle for Putin to offer Biden as a way to reset Russia’s relationship with the US. One cannot negotiate with Putin, one can only adjust the points of leverage over each other and hope to come to some stable place, and Snowden has always been at risk of becoming a bargaining chip in such a relationship. By turning Snowden over to the US to be martyred in a high profile trial, Putin might wring the last bit of value out of Snowden. All the better, from Putin’s standpoint, if Greenwald were to respond by releasing the full Snowden set.

For the past four years, Greenwald seems to have believed that if he sucked up to Putin and Trump, he’d win Snowden’s freedom, as if either man would ever deal in good faith. Instead, I think, that process has had the effect of making Greenwald more useful to Russia than Snowden is anymore. And at this point, Greenwald seems to have lost sight of the likelihood that his belligerent rants may well make Snowden less safe, not more.

DOJ’s Failures to Follow Media Guidelines on the WaPo Seizure

I wanted to add a few data points regarding the report that DOJ subpoenaed records from three WaPo journalists.

This post is premised on three pieces of well-justified speculation: that John Durham, after having been appointed Special Counsel, obtained these records, that Microsoft challenged a gag, and that Microsoft’s challenge was upheld in some way. I’m doing this post to lay out some questions that others should be asking about what happened.

An enterprise host (probably Microsoft) likely challenged a gag order

The report notes that DOJ did obtain the reporters’ phone records, and tried, but did not succeed, in obtaining their email records.

The Trump Justice Department secretly obtained Washington Post journalists’ phone records and tried to obtain their email records over reporting they did in the early months of the Trump administration on Russia’s role in the 2016 election, according to government letters and officials.

In three separate letters dated May 3 and addressed to Post reporters Ellen Nakashima and Greg Miller, and former Post reporter Adam Entous, the Justice Department wrote they were “hereby notified that pursuant to legal process the United States Department of Justice received toll records associated with the following telephone numbers for the period from April 15, 2017 to July 31, 2017.” The letters listed work, home or cellphone numbers covering that three-and-a-half-month period.

[snip]

The letters to the three reporters also noted that prosecutors got a court order to obtain “non content communication records” for the reporters’ work email accounts, but did not obtain such records. The email records sought would have indicated who emailed whom and when, but would not have included the contents of the emails. [my emphasis]

What likely happened is that DOJ tried to obtain a subpoena on Microsoft or Google (almost certainly the former, because the latter doesn’t care about privacy) as the enterprise host for the newspaper’s email service, and someone challenged or refused a request for a gag, which led DOJ to withdraw the request.

There’s important background to this.

Up until October 2017, when the government served a subpoena on a cloud company that hosts records for another, the cloud company was often gagged indefinitely from telling the companies whose email (or files) it hosted. By going to a cloud company, the government was effectively taking away businesses’ ability to challenge subpoenas themselves, which posed a problem for Microsoft’s ability to convince businesses to move everything to their cloud.

That’s actually how Robert Mueller obtained Michael Cohen’s Trump Organization emails — by first preserving, then obtaining them from Microsoft rather than asking Trump Organization (which was, at the same time, withholding the most damning materials when asked for the same materials by Congress). Given what we know about Trump Organization’s incomplete response to Congress, we can be certain that had Mueller gone to Trump Organization, he might never have learned about the Trump Tower Moscow deal.

In October 2017, in conjunction with a lawsuit settlement, Microsoft forced DOJ to adopt a new policy that gave it the right to inform customers when DOJ came to them for emails unless DOJ had a really good reason to prevent Microsoft from telling their enterprise customer.

Today marks another important step in ensuring that people’s privacy rights are protected when they store their personal information in the cloud. In response to concerns that Microsoft raised in a lawsuit we brought against the U.S. government in April 2016, and after months advocating for the United States Department of Justice to change its practices, the Department of Justice (DOJ) today established a new policy to address these issues. This new policy limits the overused practice of requiring providers to stay silent when the government accesses personal data stored in the cloud. It helps ensure that secrecy orders are used only when necessary and for defined periods of time. This is an important step for both privacy and free expression. It is an unequivocal win for our customers, and we’re pleased the DOJ has taken these steps to protect the constitutional rights of all Americans.

Until now, the government routinely sought and obtained orders requiring email providers to not tell our customers when the government takes their personal email or records. Sometimes these orders don’t include a fixed end date, effectively prohibiting us forever from telling our customers that the government has obtained their data.

[snip]

Until today, vague legal standards have allowed the government to get indefinite secrecy orders routinely, regardless of whether they were even based on the specifics of the investigation at hand. That will no longer be true. The binding policy issued today by the Deputy U.S. Attorney General should diminish the number of orders that have a secrecy order attached, end the practice of indefinite secrecy orders, and make sure that every application for a secrecy order is carefully and specifically tailored to the facts in the case.

Rod Rosenstein, then overseeing the Mueller investigation, approved the new policy on October 19, 2017.

The effect was clear. When various entities at DOJ wanted records from Trump Organization after that, DOJ did not approve the equivalent request approved just months earlier.

If DOJ withdrew a subpoena rather than have it disclosed, it was probably inconsistent with media guidelines

If I’m right that DOJ asked Microsoft for the reporters’ email records, but then withdrew the request rather than have Microsoft disclose the subpoena to WaPo, then the request itself likely violated DOJ’s media guidelines — at least as they were rewritten in 2015 after a series of similar incidents, including DOJ’s request for the phone records of 20 AP journalists in 2013.

DOJ’s media guidelines require the following:

  • Attorney General approval of any subpoena for call or email records
  • That the information be essential to the investigation
  • DOJ has taken reasonable attempts to obtain the information from alternate sources

Most importantly, DOJ’s media guidelines require notice and negotiation with the affected journalist, unless the Attorney General determines that doing so would “pose a clear and substantial threat to the integrity of the investigation.”

after negotiations with the affected member of the news media have been pursued and appropriate notice to the affected member of the news media has been provided, unless the Attorney General determines that, for compelling reasons, such negotiations or notice would pose a clear and substantial threat to the integrity of the investigation, risk grave harm to national security, or present an imminent risk of death or serious bodily harm.

But a judge can review the justifications for gags before issuing them (for all subpoenas, not just media ones).

Just as an example, the government obtained a gag on Twitter, Facebook, Instagram and Google when obtaining Reality Winner’s cloud-based communications a week after they had arrested her (at a time when she was in no position to delete her own content). After a few weeks, Twitter challenged the gag. A judge gave DOJ 180 days to sustain the gag, but in August 2017, DOJ lifted it.

That was a case where DOJ obtained the communications of an accused leaker, with possible unknown co-conspirators, so the gag at least made some sense.

Here, by contrast, the government would have been asking for records from journalists who were not alleged to have committed any crime. The ultimate subject of the investigation would have no ability to destroy WaPo’s records. The records — and the investigation — were over three years old. Whatever justification DOJ gave was likely obviously bullshit.

Hypothetical scenario: DOJ obtains cell phone records only to have a judge rule a gag inappropriate

Let me lay out how this might have worked to show why this might mean DOJ violated the media guidelines. Here’s one possible scenario for what could have happened:

  • In the wake of the election, John Durham subpoenaed the WaPo cell providers and Microsoft, asking for a gag
  • The cell provider turned over the records with no questions — neither AT&T nor Verizon care about their clients’ privacy
  • Microsoft challenged the gag and in response, a judge ruled against DOJ’s gag, meaning Microsoft would have been able to inform WaPo

That would mean that after DOJ, internally — Billy Barr and John Durham, in this speculative scenario — decided that warning journalists would create the same media stink we’re seeing today and make the records request untenable, a judge ruled that that a media stink over an investigation into a 3-year old leak wasn’t a good enough reason for a gag. If this happened, it would mean some judge ruled that Barr and Durham (if Durham is the one who made the request) invented a grave risk to the integrity of their investigation that a judge subsequently found implausible.

It would mean the request itself was dubious, to say nothing of the gag.

Once again, DOJ failed to meet its own notice requirements

And with respect to the gag, this request broke another one of the rules on obtaining records from reporters: that they get notice no later than 90 days after the subpoena. The Justice Manual says this about journalists whose records are seized:

  • Except as provided in 28 C.F.R. 50.10(e)(1), when the Attorney General has authorized the use of a subpoena, court order, or warrant to obtain from a third party communications records or business records of a member of the news media, the affected member of the news media shall be given reasonable and timely notice of the Attorney General’s determination before the use of the subpoena, court order, or warrant, unless the Attorney General determines that, for compelling reasons, such notice would pose a clear and substantial threat to the integrity of the investigation, risk grave harm to national security, or present an imminent risk of death or serious bodily harm. 28 C.F.R. 50.10(e)(2). The mere possibility that notice to the affected member of the news media, and potential judicial review, might delay the investigation is not, on its own, a compelling reason to delay notice. Id.
  • When the Attorney General has authorized the use of a subpoena, court order, or warrant to obtain communications records or business records of a member of the news media, and the affected member of the news media has not been given notice, pursuant to 28 C.F.R. 50.10(e)(2), of the Attorney General’s determination before the use of the subpoena, court order, or warrant, the United States Attorney or Assistant Attorney General responsible for the matter shall provide to the affected member of the news media notice of the subpoena, court order, or warrant as soon as it is determined that such notice will no longer pose a clear and substantial threat to the integrity of the investigation, risk grave harm to national security, or present an imminent risk of death or serious bodily harm. 28 C.F.R. 50.10(e)(3). In any event, such notice shall occur within 45 days of the government’s receipt of any return made pursuant to the subpoena, court order, or warrant, except that the Attorney General may authorize delay of notice for an additional 45 days if he or she determines that for compelling reasons, such notice would pose a clear and substantial threat to the integrity of the investigation, risk grave harm to national security, or present an imminent risk of death or serious bodily harm. Id. No further delays may be sought beyond the 90‐day period. Id. [emphasis original]

Journalists are supposed to get notice if their records are seized. They’re supposed to get notice no later than 90 days after the records were obtained. AT&T and Verizon would have provided records almost immediately and this happened in 2020, meaning the notice should have come by the end of March. But WaPo didn’t get notice until after Lisa Monaco was confirmed as Deputy Attorney General and, even then, it took several weeks.

DOJ’s silence about an Office of Public Affairs review

While it’s not required by guidelines, in general DOJ has involved the Office of Public Affairs in such matters, so someone who has to deal with the press can tell the Attorney General and the prosecutor that their balance of journalist equities is out of whack. At the time, this would have been Kerri Kupec, who was always instrumental in Billy Barr’s obstruction and politicization.

But it’s not clear whether that happened. I asked Acting Director of OPA Marc Raimondi (the guy who has defended what happened in the press; he was in National Security Division at the time of the request), twice, whether someone from OPA was involved. Both times he ignored my question.

The history of Special Counsels accessing sensitive records and testimony

There’s a history of DOJ obtaining things under Special Counsels they might not have obtained without the Special Counsel:

  • Pat Fitzgerald coerced multiple reporters’ testimony, going so far as to jail Judy Miller, in 2004
  • Robert Mueller obtained Michael Cohen’s records from Microsoft rather than Trump Organization
  • This case probably represents John Durham, having been made Special Counsel, obtaining records that DOJ did not obtain in 2017

There’s an irony here: Durham has long sought ways to incriminate Jim Comey, who is represented by Pat Fitzgerald and others. In 2004, as Acting Attorney General, Comey approved the subpoenas for Miller and others. That said, given the time frame on the records request, it is highly unlikely that he’s the target of this request.

Whoever sought these records, it is virtually certain that the prosecutor only obtained them after making decisions that DOJ chose not to make when these leaks were first investigated in 2017, after Jeff Sessions announced a war on media leaks in the wake of having his hidden meeting with Sergey Kislyak exposed.

That suggests that DOJ decided these records, and the investigation itself, were more important in 2020 than Jeff Sessions had considered them in 2017, when his behavior was probably one of the things disclosed in the leak.

The dubious claim that these records could have been necessary or uniquely valuable

Finally, consider one more detail of DOJ’s decision to obtain these records: their claims, necessary under the media policy, that 3-year old phone and email records were necessary to a leak investigation.

When these leaks were first investigated in 2017, DOJ undoubtedly identified everyone who had access to the Kislyak intercepts and used available means — including reviewing the government call records of the potential sources — to try to find the leakers. If they had a solid lead on someone who might be the leaker, the government would have obtained the person’s private communication records as well, as DOJ did do during the contemporaneous investigation into the leak of the Carter Page FISA warrant that ultimately led to SSCI security official James Wolfe’s prosecution.

Jeff Sessions had literally declared war within days of one of the likely leaks under investigation here, and would approve a long-term records request from Ali Watkins in the Wolfe investigation and a WhatsApp Pen Register implicating Jason Leopold in the Natalie Edwards case. After Bill Barr came in, he approved the use of a Title III wiretap to record calls involving journalists in the Henry Frese case.

For the two and a half years between the time Sessions first declared war on leaks and the time DOJ decided these records were critical to an investigation, DOJ had not previously considered them necessary, even at a time when Sessions was approving pretty aggressive tactics against leaks.

Worse still, DOJ would have had to claim they might be useful. These records, unlike the coerced testimony of Judy Miller, would not have revealed an actual source for the stories. These records, unlike the Michael Cohen records obtained via Microsoft would not be direct evidence of a crime.

All they would be would be leads — a list of all the phone numbers and email addresses these journalists communicated with via WaPo email or telephony calls or texts — for the period in question. It might return records of people (such as Andy McCabe) who could be sources but also had legal authority to communicate with journalists. It would probably return a bunch of records of inquiries the journalists made that were never returned. It would undoubtedly return records of people who were sources for other stories.

But it would return nothing for other means of communication, such as Signal texts or calls.

In other words, the most likely outcome from this request is that it would have a grave impact on the reporting equities of the journalists involved, with no certainty it would help in the investigation (and an equally high likelihood of returning a false positive, someone who was contacted but didn’t return the call).

And if it was Durham who made the request, he would have done so after having chased a series of claims — many of them outright conspiracy theories — around the globe, only to have all of those theories to come up empty. Given that after years of investigation Durham has literally found nothing new, there’s no reason to believe he had any new basis to think he could solve this leak investigation after DOJ had tried but failed in 2017. Likely, what made the difference is that his previous efforts to substantiate something had failed, and Barr needed to empower him to keep looking to placate Trump, and so Durham got to seize WaPo’s records.

Billy Barr has been hiding other legal process against journalists

Given the disclosure that Barr approved a request targeting the WaPo about five months ago and that under Barr DOJ used a Title III wiretap in a leak investigation (albeit targeting the known leaker), it’s worth noting one other piece of oversight that has lapsed under Barr.

In the wake of Jeff Sessions declaring war on leaks in 2017 (and, probably, the leak in question here), Ron Wyden asked Jeff Sessions whether the war on leaks reflected a change in the new media guidelines adopted in 2015.

Wyden asked Sessions to answer the following questions by November 10:

  1. For each of the past five years, how many times has DOJ used subpoenas, search warrants, national security letters, or any other form of legal process authorized by a court to target members of the news media in the United States and American journalists abroad to seek their (a) communications records, (b) geo-location information, or (c) the content of their communications? Please provide statistics for each form of legal process.
  2. Has DOJ revised the 2015 regulations, or made any other changes to internal procedures governing investigations of journalists since January 20, 2017? If yes, please provide me with a copy.

In response, DOJ started doing a summary of the use of legal process against journalists for each calendar year. For example, the 2016 report described the legal process used against Malheur propagandist Pete Santilli. The 2017 report shows that, in the year of my substantive interview with FBI, DOJ obtained approval for a voluntary interview with a journalist before the interview because they, “suspected the journalist may have committed an offense in the course of newsgathering activities” (while I have no idea if this is my interview, during the interview, the lead FBI agent also claimed to know the subject of a surveillance-related story I was working on that was unrelated to the subject of the interview, though neither he nor I disclosed what the story was about). The 2017 report also describes obtaining Ali Watkins’ phone records and DOJ’s belated notice to her. The 2018 report describes getting retroactive approval for the arrest of someone for harassing Ryan Zinke but who claimed to be media (I assume that precedent will be important for the many January 6 defendants who claimed to be media).

While I am virtually certain the reports — at least the 2018 one — are not comprehensive, the reports nevertheless are useful guidelines for the kinds of decision DOJ deems reasonable in a given year.

But as far as anyone knows, DOJ stopped issuing them under Barr. Indeed, when I asked Raimondi about them, he didn’t know they existed (he is checking if they were issued for 2019 and 2020).

So we don’t know what other investigative tactics Barr approved as Attorney General, even though we should.

The Intercept’s Silence about Edward Snowden’s Inclusion in Julian Assange’s Charges

Back in October, I beat up The Intercept’s Micah Lee for writing a post that purported to cover the “crumbling” hacking case against Julian Assange by working from an outdated indictment rather than the superseding one that added 50-some paragraphs to the overt acts alleged in the single count for conspiracy to hack. Micah made a half-assed and still factually inaccurate “correction” (without crediting me for pointing out the embarrassing error) that utterly misunderstands US conspiracy law, and claimed events since 2011 had tolled whereas the original password hacking attempt had not.

In the 2020 indictment, attempting to portray Assange as a hacker rather than a journalist, the government listed other instances of Assange allegedly directing hacking activity by people other than Manning — but did not add to the charges against him, prompting a discussion of whether the statute of limitations on the alleged new crimes had expired. Assange’s lawyers called the newest evidence “‘make weight’ allegations designed to bring all of this back within the limitation period.” It remains to be seen if the U.S. government will pursue this reaching strategy. At the moment it seems that these supplemental allegations are peripheral to the first, and only clearly chargeable, instance described by the government that could be conceived as a conspiracy to commit a computer crime — providing marginal support for a case which is, at its core, already weak.

In short, having been alerted to the superseding indictment, The Intercept’s resident expert on hacking utterly dodged the allegations made in that expanded charge, not so much as mentioning what they were.

At the time, I promised to return to Micah’s embarrassing piece after I finished some more pressing issues.

It turns out, the problem at The Intercept is broader than just Micah’s piece.

A recent post from Charles Glass suggests that if President Biden were to “remove the Espionage Act charges against Assange,” it would amount to the withdrawal of his extradition application entirely.

WHEN JOE BIDEN becomes president of the United States on January 20, a historic opportunity awaits him to demonstrate America’s commitment to the First Amendment. He can, in a stroke, reverse four years of White House persecution of journalism by withdrawing the application to extradite Julian Assange from Britain to the U.S.

[snip]

By removing the 1917 Espionage Act charges against Assange, Biden would be adhering to the precedent established by the administration in which he served for eight years as vice president. President Barack Obama’s Department of Justice investigated Assange and WikiLeaks for three years until 2013 before deciding, in the words of University of Maryland journalism professor Mark Feldstein, “to follow established precedent and not bring charges against Assange or any of the newspapers that published the documents.” Equal application of the law would have required the DOJ to prosecute media outlets, including the New York Times, that had as large a hand in publicizing war crimes as did Assange himself. If prosecutors put all the editors, publishers, and scholars who disseminated WikiLeaks materials in the dock, there would not be a courtroom anywhere in America big enough to hold the trial. Obama decided against it, knowing it would represent an unprecedented assault on freedoms Americans hold dear.

Glass went on to repeat the grossly erroneous claims about the history of Assange’s prosecution made at the extradition hearing by journalism history professor Mark Feldstein, who literally submitted a filing to the hearing admitting he wasn’t familiar with what the public record actually says about it.

That Glass ignored the hacking charge against Assange is remarkable given that, along with the erroneous piece from Micah, an earlier post from him is one of the few that addressed the (now superseded) CFAA count.

In addition, The Intercept did a Deconstructed show on the hearing in October. It, too, adopted the erroneous fairy tale about why the Trump Administration charged Assange when the Obama Administration did not. And while it introduced the allegation that Assange is a hacker, it then reverted to the so-called New York Times test, suggesting that if the publishing activities of Assange cannot be distinguished from the NYT’s, then it means Assange cannot and should not be prosecuted.

RG: Supporters of the prosecution of Assange make a number of arguments: That Assange is not a “real” journalist. He’s a hacker. He’s a traitor. He recklessly endangered lives and so he deserves no protection as a journalist. All of this is wrong.

The First Amendment isn’t worth the parchment it’s written on if it’s not respected, and defended, in the broader culture of the United States. People have to support it. Once that support erodes, it tends not to come back. That’s why authoritarians, when they want to curtail a particular freedom, usually find the most unsympathetic target they can, hoping nobody will come to his defense. Then once a new precedent is established, all bets are off. With Assange, Trump and Barr think they’ve found just such a man. It’s up to us not to take the bait.

[snip]

Kevin Gosztola: I think the key thing about Trevor Tim[m]’s testimony is destigmatizing the work of WikiLeaks, or even demystifying it. Because what you have through the U.S. government’s targeting of Wikileaks over the past decade is a concerted effort to make it seem like what WikiLeaks does is not journalism. And so the counter to that through the defense’s case is to make it abundantly clear that this is not reasonable; that in fact, everything that WikiLeaks does, from when it accepts the documents, when it tries to authenticate them, to when it makes media partnerships, to also make sure that names are redacted, to make sure that sensitive details are understood fully before the documents are published. And I think you see that this is the way to keep investigative journalism robust in the 21st century.

RG: I thought Trevor’s point was interesting that The New York Times does not get a press badge from the U.S. government. You know, it isn’t, and it shouldn’t be, up to the U.S. government to decide who is and who is not a journalist.

And the idea of who is or is not a responsible journalist is different from what is illegal or legal conduct, which I also thought was important because the prosecution wants to say: Well, he’s an irresponsible person, so therefore, he doesn’t have these protections. And the counter is no, it’s not up to the government to say what’s responsible or irresponsible journalism. You know, the government creates laws, and if the laws are violated, then you can start your prosecution. But if not, you can’t. And it’s never been against the law to publish classified information. It’s against the law to leak it, if you have access to it. But it’s not against the law to publish it.

As I have said over and over, I agree that the Espionage Act charges against Assange, as charged, pose a real threat to journalism (though so do the Trump DOJ’s other prosecutions of Espionage as a conspiracy, including the Henry Kyle Frese case where DOJ used a Title III wiretap to obtain evidence, and the Natalie Sours Edwards case where the Treasury Department attempted to achieve prior restraint on Jason Leopold, prosecutions that have gotten far less attention).

But I also think the sheer amount of shitty propaganda and outright lies people are telling in service of Julian Assange do their own damage to journalism. It is possible to discuss the risk that Assange’s prosecution on the Espionage charges poses without ignoring large swaths of the public record or even, as The Intercept has done in these three pieces and much of their earlier coverage, the actual charges.

The Intercept’s silence on the superseding indictment is all the more notable because of the way its founding act plays a part.

As I laid out here and here, the superseding charge incorporates a number of other overt acts in the CFAA conspiracy, going through 2015 (and seemingly setting up another superseding indictment that covers publications from 2015 through 2017). The new overt acts include a number of things that absolutely distinguish Assange and WikiLeaks from journalists and publishers. Of particular note, they allege that Julian Assange:

  • Entered into an agreement with individuals involved in Gnosis and Lulzsec before those individuals carried out the hack of Stratfor and remained in the agreement during and after the hack. This is a case where five of the people Assange allegedly entered into a conspiracy with have already pled guilty, in both the UK and US (as well as Ireland), making the primary proof required at trial that Assange did enter into agreement with the other co-conspirators, not that the hack occurred.
  • Directed Siggi to hack a WikiLeaks dissident to destroy incriminating evidence implicating Assange. While I’m less certain whether Siggi took steps to advance this conspiracy (and Siggi has credibility problems as a witness), I know of multiple different allegations that dissidents, sources, and competing outlets were similarly targeted for surveillance, with one WikiLeaks dissident claiming to have been hacked and threatened after a political split with the group.
  • Helped Edward Snowden flee, both by sending Sarah Harrison to facilitate his flight and creating distractions, and then using WikiLeaks’ assistance as a means to recruit further hackers and leakers.

The last one seems particularly irresponsible for The Intercept to suppress as they have, particularly given four other details:

  • Snowden’s description of setting up Tor bridges for Iranians with other Tor volunteers in the extended Arab Spring, making it highly likely he had a relationship with Jake Appelbaum before he took his NSA job in Hawaii.
  • Bart Gellman’s description of how Snowden worked to “optimize” his own outcome to encourage others to leak, mirroring Harrison’s stated motive for helping him flee.
  • The government’s suggestion that Daniel Everette Hale — Jeremy Scahill’s alleged source for his drone reporting — was inspired to leak by Snowden.
  • Snowden’s own (recent) treatment of three Intercept sources — along with Hale, Reality Winner and Terry Albury — as a group meriting a Trump pardon, something that will likely make Hale’s defense at trial next year more difficult.

The government’s theory about Snowden as a recruitment tool is really problematic (though I suspect the government plans to make it a lot more specific after inauguration, even before Hale’s trial next year). But it is also the case that publishers don’t usually help their sources flee as a way to ensure they’ll recruit future leakers and hackers (indeed, in his book, Gellman talked at length about how careful he was to avoid crossing that line when Snowden tried to trick him into it).

One can argue that WikiLeaks was heroic for doing so. One can argue that the US empire has what’s coming to it and so WikiLeaks was right to help Snowden flee. But one can’t argue that the overt acts alleged in the CFAA count of the superseding indictment are things that journalists routinely do. And, if proven, that gets the government well beyond the New York Times test.

Importantly, if you’re engaging in a debate about Assange’s fate but ignoring credible allegations that Assange did a bunch of things that journalists do not do, you should not, at the same time, claim you’re serving journalism. You’re serving propaganda (particularly if you’re also telling a fairy tale about what changed in 2016 and 2017).

All the more so if you’re The Intercept. The government has alleged that one thing that distinguishes Julian Assange from journalists — and they’re right — is that he sent someone halfway around the world to save the guy who created the opportunity to create The Intercept in the first place. Unless Assange is pardoned before Trump leaves (and maybe even then, since many of the acts Assange is charged with are more obviously illegal in the UK), this allegation is going to remain out there.

The founding possibility for The Intercept has now been included as an overt act in a hacking indictment. One way or another, it seems The Intercept needs to address that.

Snowden

Snowden Lies about Outreach about a Pardon and Puts a Target on Daniel Everette Hale’s Back

I’m going to make three observations about this Edward Snowden interview, to mark it.

The interview was filmed live, Friday night US time, September 11, as the other clip indicates.

In it, Snowden repeatedly and categorically denied any outreach to the US government for a pardon.

Williams: Have you had any contact with the Administration. Did you initiate any? Have they initiated any? Have you sought a pardon from the United States?

Snowden: I have not. And this is something people have actually forgotten. There was a pardon campaign back during the Obama Administration. But I at no point actually asked for pardon myself. It was tremendously gratifying to have this level of support. But as I said, my condition for return is simply a fair trial. Now we didn’t see the Obama Administration talking about a pardon in this way and I think Trump has commented again since then that he thought treatment was very unfair, or could be. And there’s been a lot of speculation that’s come from this. But there’s been no contact. I was as surprised as anyone else to see this. But it’s very interesting to see this President thinking pardoning what a lot of people would consider [laughs] one of the big names in this new war on whistleblowers. And that’s something that we should all support seeing come to an end.

Williams: So no representative for you has done any outreach. No representative for you or you yourself has heard anything from the White House, the Administration, any government types?

Snowden: No. By hook or by crook, there’s been nothing. No contact, anything like that. I think [laughs] if that were happening, it would be certainly news that we would hear through other channels.

Williams: Let’s use plain English. The price for pardons appears to be lavish praise for this President after the fact. Is that something you’re willing to do?

Snowden: Certainly not. I don’t think a pardon is — or should be — conditioned on anything. When you look at the pardon power, it’s constitutionally derived. It’s Article II Section 2. A pardon is not a contract. A pardon is not something that you accept or reject. And it certainly shouldn’t be used as a political tool. And this is why, while I haven’t asked for pardon from the President, I will ask for A Pardon for others. When I mentioned the war on whistleblowers, this is an ongoing and continuing thing. The reason pardon is even being considered, even being debated, the fact that comments from the Attorney General are even hitting the news are because everyone who has followed these cases know, being charged under the Espionage Act as a whistleblower means no fair trial is permitted. And there are people in the United States today, serving time in prison for doing the right thing. And this is why we should see Donald Trump — or any President — end the war on whistleblowers. He should pardon Reality Winner for trying to expose election interference. He should pardon Daniel Hale for revealing abuses in the drone program. Or Terry Albury for trying to expose systemic racism within the FBI. And these are all people who are deserving of pardon. But this, when we look at pardon, pardon is intended to ameliorate unfairness, to fix fundamental flaws in our system of laws or the way they’re being applied. And there’s nowhere this is more clear right now than in the prosecution of whistleblowers under the Espionage Act.

It is, of course, a blatant lie that there has been no outreach.

Just hours earlier (I think about three?), Glenn Greenwald went onto Tucker Carlson’s show — a show that has repeatedly served as a platform for people to pitch pardons — and argued that Trump should pardon Snowden and Julian Assange. Though Glenn had promised he would be talking about journalism, he instead pitched the pardon as a good way for Trump to stick it to the Deep State. Glenn’s pitch was not only premeditated (it had been rescheduled days earlier), but it was delivered to fit Tucker’s 3 minute time slot.

So Glenn lied about defending journalism (rather than just damaging the Deep State), and Snowden lied about there being no outreach. Snowden also, in the other clip, lied about Putin taking no interest in him.

There was one truth told. When Snowden said, “if that [outreach about a pardon] were happening, it would be certainly news that we would hear through other channels,” he was effectively telling the truth. This was news on another channel: Glenn Greenwald, appearing on Fox News, just hours earlier, pitched Trump on a pardon.

Snowden, in turn, suggested that Trump was thinking of ending the “war on whistleblowers” and — at a time when Trump is ending the careers of people who make legal whistleblowing claims upholding democracy, with glee — claimed that there is no place where unfairness is more clear than the prosecution of whistleblowers under the Espionage Act.

I’ll spot Snowden that one for his own self-interest.

Then Snowden calls for a pardon for three others he suggests are serving time in prison. Reality Winner and Terry Albury are serving time. But Daniel Hale is not. He’s out on bail awaiting trial. In other words, Snowden is actually just calling to pardon everyone who leaked to The Intercept.

In fact, unless Trump decides to pardon Hale, who doesn’t have anyone lobbying him on Tucker Carlson’s show, Snowden just made Hale’s life worse.

That’s because the government believes that Hale was “inspired” by Snowden.

Moreover, as argued in more detail in Defendant’s Reply in support of his Motion to Dismiss for Selective or Vindictive Prosecution (filed provisionally as classified), it appears that arbitrary enforcement – one of the risks of a vague criminal prohibition – is exactly what occurred here. Specifically, the FBI repeatedly characterized its investigation in this case as an attempt to identify leakers who had been “inspired” by a specific individual – one whose activity was designed to criticize the government by shedding light on perceived illegalities on the part of the Intelligence Community. In approximately the same timeframe, other leakers reportedly divulged classified information to make the government look good – by, for example, unlawfully divulging classified information about the search for Osama Bin Laden to the makers of the film Zero Dark Thirty, resulting in two separate Inspector General investigations.3 Yet the investigation in this case was not described as a search for leakers generally, or as a search for leakers who tried to glorify the work of the Intelligence Community. Rather, it was described as a search for those who disclosed classified information because they had been “inspired” to divulge improprieties in the intelligence community.

That is, Snowden — who with WikiLeaks’ Sarah Harrison made sure to avoid capture so he could be an inspiration to others to follow — effectively just confirmed what the government has only alleged, and in secret, that there is a tie between him and Hale. In so doing, he has also confirmed an allegation in the superseding Assange indictment.

Between them, Snowden and Glenn are feigning that Trump would pardon anyone out of any concern for journalism or whistleblowing. Both claims are utterly absurd.

And in so doing, they’re going to make sure that any pardon Snowden gets is not because Trump cares about journalism or even wants to rein in spying (he has done the opposite, on both counts), but is done exclusively in the name of damaging the Deep State.

The Government Prepares to Argue that Transmitting Information *To* WikiLeaks Makes the Vault 7 Leak Different

In a long motion in limine yesterday, the government suggested that if Joshua Schulte had just been given a “prestigious desk with a window,” he might not have leaked all of CIA’s hacking tools in retaliation and caused what the government calls “catastrophic” damage to national security.

Schulte grew angrier at what he perceived was his management’s indifference to his claim that Employee-1 had threatened him. Schulte also began to complain about what, according to him, amounted to favoritism toward Employee-1, claiming, for example, that while the investigation was ongoing, Schulte was moved to an “intern desk,” while Employee-1 had been moved to a “prestigious desk with a window.”

[snip]

The Leaks are the largest illegal disclosure of CIA information in the agency’s history and, as noted above, caused catastrophic damage to national security.

Along the way, the motion provides the most detailed description to date about how the government believes Schulte stole the Vault 7 files from CIA. It portrays him as an arrogant racist at the beginning of this process, and describes how he got increasingly belligerent with this colleagues at CIA leading up to his alleged theft of the CIA’s hacking files, leading his supervisors to recognize the threat he might pose, only to bollox up their efforts to restrict his access to CIA’s servers.

The motion, along with several other submitted yesterday, suggests that the government would like to argue that leaking to WikiLeaks heightens the damage that might be expected to the United States.

Along with laying out that it intends to argue that the CIA charges (stealing the files and leaking them to WikiLeaks) are intertwined with the MCC charges (conducting “information war” against the government from a jail cell in the Metropolitan Correction Center; I explained why the government wants to do so here), the government makes the case that cybersecurity expert Paul Rosenzweig should testify as a witness about WikiLeaks.

Rosenzweig will testify about (i) WikiLeaks’s history, technical and organizational structure, goals, and objectives; (ii) in general terms, prior leaks through WikiLeaks, in order to explain WikiLeaks’s typical practices with regard to receiving leaked classified information, its practices or lack thereof regarding the review and redaction of sensitive information contained in classified leaks, and certain well-publicized harms to the United States that have occurred as a result of disclosures by WikiLeaks; and (iii) certain public statements by WikiLeaks regarding the Classified Information at issue in this case.

Rosenzweig’s testimony would come in addition to that of classification experts (probably for both sides) and forensic experts (again, for both sides; Steve Bellovin is Schulte’s expert).

The expert witnesses were allowed to testify as to the background of the organization Wikileaks; how the U.S. Government uses certain markings and designations to identify information that requires special protection in the interests of national security; the meaning of certain computer commands and what they would do; how various computers, servers, and networks work; how data is stored and transferred by various computer programs and commands; and the examination of data that is stored on computers and other electronics.

The only motion in limine Schulte submitted yesterday objected to Rosenzweig’s testimony. Schulte argues that the government’s expert notice neither provides sufficient explanation about Rosenzweig’s intended testimony nor proves he’s an expert on WikiLeaks. More interesting is Schulte’s  argument that Rosenzweig’s testimony would be prejudicial. It insinuates that Rosenzweig’s testimony would serve to substitute for a lack of proof about how Schulte sent the CIA files to WikiLeaks (Schulte is alleged to have used Tor and Tails to transmit the files, which would leave no forensic trace).

In Mr. Schulte’s case, the government has no reliable evidence of how much information was taken from the CIA, how it was taken, or when it was provided to WikiLeaks. The government cannot overcome a lack of relevant evidence by introducing evidence from other cases about how much information was leaked or how information was leaked in unrelated contexts. The practices of WikiLeaks in other contexts and any testimony about alleged damage from other entirely unrelated leaks is completely irrelevant.

Schulte’s claimed lack of evidence regarding transfer notwithstanding, that’s not how the government says they want to use Rosenzweig’s testimony. They say they want to use his testimony to help prove that Schulte intended to injure the US.

The Government is entitled to argue that Schulte intended to harm the United States, by transmitting the stolen information to WikiLeaks, because he knew or had reason to know what WikiLeaks would do with the information. The fact that WikiLeaks’ prior conduct has harmed the United States and has been widely publicized is powerful evidence that Schulte intended or had reason to believe that “injury [to] the United States” was the likely result of his actions—particularly given that the Government will introduce evidence that demonstrates Schulte’s knowledge of earlier WikiLeaks disclosures, including his own statements.

It does so by invoking WikiLeaks’ past leaks and the damage those leaks have done.

Accordingly, proof that it was foreseeable to Schulte that disclosure of classified information to WikiLeaks could cause “injury [to] the United States” is a critical element in this case. Indeed, the Senate Select Committee on Intelligence has explicitly stated “that WikiLeaks and its senior leadership resemble a non-state hostile intelligence service.” S. Rep. 115-151 p. 10. In order to evaluate evidence related to this topic, the jury will need to understand what WikiLeaks is, how it operates, and the fact that WikiLeaks’ previous disclosures have caused injury to the United States. The Government is entitled to argue that Schulte intended to harm the United States, by transmitting the stolen information to WikiLeaks, because he knew or had reason to know what WikiLeaks would do with the information.

Notably, the government motion invokes the Senate’s recognition that WikiLeaks resembles “a non-state hostile intelligence service.” That may well backfire in spectacular fashion. That statement didn’t come until over a year after Schulte is alleged to have stolen the files. And the statement was a follow-up to Mike Pompeo’s similar claim, which was a direct response to Schulte’s leak. If I were Schulte, I’d be preparing a subpoena to call Pompeo to testify about why, after the date when Schulte allegedly stole the CIA files, on July 24, 2016, he was still hailing the purported value of WikiLeaks’ releases.

The thing is, showing that the specific nature of the intended recipient of a leak is an element of the offense has never been required in Espionage leak cases before. Indeed, the government’s proposed jury instructions are based off the instruction in the Jeffrey Sterling case. While the government flirted with naming James Risen an unindicted co-conspirator in that case, they did not make any case that leaking to Risen posed unique harm.

Moreover, even before getting into Schulte’s statements about WikiLeaks (most of which have not yet been made public, as far as I’m aware), by arguing the CIA and MCC charges together, the government will have significant evidence not just about Schulte’s understanding of WikiLeaks, but his belief and that they would lie to harm the US. The government also has evidence that Schulte knew that WikiLeaks’ pretense to minimizing harm with the Vault 7 files was false, and that instead WikiLeaks did selective harm in its releases, though it doesn’t want to introduce that evidence at trial.

In other words, this seems unnecessary, superfluous to what the government has done in past Espionage cases, and a dangerous precedent (particularly given the way the government suggested that leaking to The Intercept was especially suspect in the Terry Albury and Reality Winner cases).

That’s effectively what Schulte argues: that the government is trying to argue that leaking to WikiLeaks is particularly harmful, and that if such testimony goes in, it would be forced to call its own witnesses to testify about how past WikiLeaks releases have shown government malfeasance.

This testimony could also suggest that the mere fact that information was released by WikiLeaks necessarily means that it was intended to—and did—cause harm to the United States. These are not valid evidentiary objectives. Instead, this type of testimony would create confusion and force a trial within a trial on the morality of WikiLeaks and the extent of damage caused by prior leaks. If the government is allowed to introduce this evidence, the defense will necessarily have to respond with testimony about how WikiLeaks is a non-profit news organization, that it has previously released information from government whistle-blowers that was vital to the public understanding of government malfeasance, and that any assertion of damages in the press is not reliable evidence.

The government, in a show of reasonableness, anticipates Schulte’s argument about the prejudice this will cause by stating that it will limit its discussion of prior WikiLeaks releases to a select few.

The Government recognizes the need to avoid undue prejudice, and will therefore limit Mr. Rosenzweig’s testimony to prior WikiLeaks leaks that have a direct relationship with particular aspects of the conduct relevant to this case, for example by linking specific harms caused by WikiLeaks in the past to Schulte’s own statements of his intent to cause similar harms to the United States or conduct. Those leaks include (i) the 2010 disclosure of documents provided to WikiLeaks illegally by Chelsea Manning; (ii) the 2010 disclosure of U.S. diplomatic cables; (iii) the 2012 disclosure of files stolen from the intelligence firm Stratfor; and (iv) the 2016 disclosure of emails stolen from a server operated by the Democratic National Committee.

The selected cases are notable, as all of them (with Manning’s leaks seemingly listed twice) involve cases the government either certainly (with the EDVA grand jury seeking Manning and Jeremy Hammond’s testimony) or likely (with ongoing investigations into Roger Stone) currently has ongoing investigations into.

As a reminder: absent an unforeseen delay, this trial will start January 13, 2020 and presumably finish in the weeks leading up to the beginning of Julian Assange’s formal extradition process on February 25. The government has maintained it can add charges up until that point, and US prosecutors told British courts it won’t provide the evidence against Assange until two months before the hearing (so around Christmas).

Schulte’s trial, then, appears to be the opening act for that extradition, an opening act that will undermine the claims WikiLeaks supporters have been making about the journalistic integrity of the organization in an attempt to block Assange’s extradition. Rosenzweig’s testimony seems designed, in part, to heighten that effect.

Which may be why this instruction appears among the government’s proposed instructions.

Some of the people who may have been involved in the events leading to this trial are not on trial. This does not matter. There is no requirement that everyone involved in a crime be charged and prosecuted, or tried together, in the same proceeding.

You may not draw any inference, favorable or unfavorable, towards the Government or the defendant from the fact that certain persons, other than the defendant, were not named as defendants in the Indictment. Do not speculate as to the reasons why other persons were not named. Those matters are wholly outside your concern and have no bearing on your function as jurors.

Whether a person should be named as a co-conspirator, or indicted as a defendant in this case or another separate case, is a matter within the sole discretion of the United States Attorney and the Grand Jury.

As noted, a number of different WikiLeaks supporters have admitted to me that they’re grateful Assange has not (yet) been charged in conjunction with the Vault 7 case, because even before you get to his attempt to extort a pardon with the files, there’s little journalistic justification for what it did, and even more reason to criticize WikiLeaks’ actions as the case against Schulte proceeded.

Yet the obscure proceedings before the EDVA grand jury suggests the government may be pursuing a conspiracy case that starts in 2010 and continues through the Vault 7 releases, with the same variety of Espionage and CFAA charges continuing through that period.

By arguing the CIA and MCC charges in tandem, the government can pretty compellingly make the case that WikiLeaks’ activities went well beyond journalism in this case. But it seems to want to use Rosenzweig’s testimony to make the case more broadly.

DOJ Holds Big Presser to Make It Clear It Will Use Title III Wiretaps to Prosecute Leaks

John Demers, the Assistant Attorney General who did not think Donald Trump’s extortion by using congressionally appropriated security funding to pressure Ukraine into providing him with campaign propaganda merited an investigation, just had a big press conference to announce the arrest of Henry Kyle Frese, a DIA counterterrorism analyst accused of leaking information about a specific country’s weapons systems to two journalists who work at related media outlets (NBC is one outlet that would fit the presumed arrangement, but there are surely others; Update–it appears this is one of the stories). It sounds like a journalist Freese lived with asked him first to help a more senior journalist from the related outlet, then published a story herself, based off the allegedly leaked materials.

The leak doesn’t sound all that serious, in the grand scheme of things.

What was serious is the warning this press conference was meant to send to journalists. Demers bragged about the sentence imposed on Reality Winner, and boasted of the 6 people the Trump DOJ has prosecuted for leaks. He raised the Jeff Sessions’ speech announcing DOJ would target leaks.

When asked if DOJ was considering prosecuting the two journalists, the speakers on the press conference deferred, as they did about any ongoing investigation. That is, they may well be intending to do so.

Perhaps one of the bigger pieces of news about this arrest is not that DOJ arrested an analyst trying to do a favor for his girlfriend. Rather, it’s that DOJ decided to use a Title III wiretap to intercept Freese’s calls to the journalists, something that would be more proportional to the mob, not journalists.

But that’s where the national security priorities of Trump’s DOJ are. Not investigating him, or at least his personal lawyer, for schemes that obviously make our country less safe. But instead to use wiretaps to go after journalism.

The Other Servers and Laptops FBI Never Investigated: VR Systems and North Carolina Polling Books

Ron Wyden had a lot to say in his minority views to the SSCI Report on election security released yesterday, mostly arguing that there need to be national standards and assistance and that no one can make any conclusions about the effects of Russia’s efforts in 2016 because no one collected the data to make such conclusions.

But there’s one line in his section raising questions about the 2016 conclusions I find particularly interesting, pertaining to VR Systems (which he doesn’t name).

Assessments about Russian attacks on the administration of elections are also complicated by newly public information about the infiltration of an election technology company.

Since the Mueller Report came out, Wyden has been trying to chase down this reference in the report to the VR Systems hack.

Unit 74455 also sent spear-phishing emails to public officials involved in election administration and personnel a~ involved in voting technology. In August 2016, GRU officers targeted employees of [redacted; VR Systems], a voting technology company that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network.

In May, he sent a letter to VR Systems President Mindy Perkins, asking how the company could claim, in March 2018, that it had not experienced a security breach when the report said it had been infected with malware in August 2016. In response, the company told Wyden (according to a letter he and Amy Klobuchar sent FBI Director Chris Wray) that they had alerted the FBI that they found suspicious IPs in their logs in real time, but that FBI had never explained the significance of that.

In a May 16, 2019, letter to Senator Wyden, VR Systems described how it participated in an August 2016 conference call with law enforcement. Participants in that call were apparently asked by the FBI to “be on the lookout for certain suspicious IP addresses.” According to VR Systems, the company examined its website logs, “found that several of the IP addresses had, in fact, visited our website” and as a result, the company “notified the FBI as we had been directed to do.” VR Systems indicates they did not know that these IP addresses were part of a larger pattern until 2017, which suggests the FBI may not have followed up with VR Systems in 2016 about the nature of the threat they faced.

The implication from Wyden’s letters is that VR Systems only hired FireEye to conduct an assessment of what happened after Reality Winner leaked an NSA document making it clear they had been targeted by GRU in 2017. [Update: Kim Zetter actually reported this here.]

In their June 12 letter, Wyden and Klobuchar asked Wray whether the FBI followed up on VR Systems’ report.

  1. What steps, if any, did the FBI take to examine VR Systems’ servers for evidence of a successful cyber breach after the company alerted the FBI, in August of 2016, to the presence of suspicious IP addresses in its website logs? If the FBI did not examine VR Systems’ servers or request access to those servers, please explain why.
  2. Several months after VR Systems first contacted the FBI, electronic pollbooks made by the company malfunctioned during the November 8 general election in Durham County, North Carolina. In the two and a half years since that incident in Durham County, has the FBI requested access to the pollbooks that malfunctioned, and the computers used to configure them, in order to examine them for evidence of hacking? If not, please explain why.
  3. VR Systems contracted FireEye to perform a forensic examination of its systems in the summer of 2017. Has the FBI reviewed FireEye’s conclusions? If so, what were its key findings?

It’s unclear how Wray answered (or didn’t). But just before Wyden sent this letter, the WaPo reported that no one had yet conducted a forensic examination of the laptops used in the VR Systems polling books in North Carolina. After Democrats took over control, they finally persisted in getting DHS to agree to check the laptops.

On Tuesday, the Department of Homeland Security told The Washington Post it will conduct a forensic analysis of the laptops used in Durham County elections in 2016. Lawson said North Carolina first asked the department to conduct such a review more than 18 months ago, though he added that DHS has generally been a “good partner” on election security.

“We appreciate the Department of Homeland Security’s willingness to make this a priority so the lingering questions from 2016 can be addressed in advance of 2020,” said Karen Brinson Bell, the newly appointed executive director of the State Board of Elections.

After the election, Durham County hired a firm called Protus3 to dig into what happened. The security consultant said it appeared the problems were caused by user error but ended its 12-page report with a list of recommendations that included examining computers in a lab setting and interviewing more election workers.

Durham County elections director Derek Bowens said he is comfortable with the report’s conclusions. Even so, in 2017, the county switched to electronic poll books created by the state. Bowens said in an interview that the state’s software would save money and is, in his view, better.

But for North Carolina officials, concerns resurfaced in June 2017 when the website Intercept posted a leaked National Security Agency report referencing “cyber espionage operations against a . . . U.S. company in August 2016.” The NSA report said that “it was likely that at least one account was compromised.”

VR Systems soon acknowledged that hackers had targeted the company but insisted that its network had not been breached.

North Carolina officials weren’t so sure.

“This was the first leak that indicated anything like a nation-state actor targeting a voting systems vendor,” Lawson said.

The state elections board soon launched its own investigation, seizing 40 laptops from Durham in July. And it suspended the certification that allowed more than 20 North Carolina counties to use VR Systems’ poll books during elections, an action that would later land in court. “Over the past few months there has been a considerable change in the election security landscape and the level of scrutiny we receive,” the board wrote in a letter explaining its decision to VR Systems.

No one working for the board had the technical expertise to do a forensic examination of the machines for signs of intrusion. Staffers asked DHS for technical help but did not get a substantive answer for a year and a half, Lawson said.

As noted, FireEye appears to have done an assessment at VR Systems itself in the wake of the Winner disclosure. The WaPo reports that FireEye declared VR Systems hadn’t been hacked, but wouldn’t share any information with Wyden or–apparently–DHS.

VR Systems said a cybersecurity firm it hired to review its computer network in 2017 found no evidence of a hack. A subsequent review by DHS also found no issues, the company said. VR Systems declined to give Wyden documentation of those reviews, citing the need to protect proprietary information.

Wyden in a statement to The Post accused VR Systems of “stonewalling congressional oversight.”

A senior U.S. official confirmed DHS’s review of VR Systems’s network to The Post and noted that by the time agency investigators arrived, a commercial vendor had already “swept” the networks. “I can’t tell you what happened before the commercial vendor came in there,” the official said, speaking on the condition of anonymity to discuss a sensitive matter.

The same day as the WaPo report, Kim Zetter reported that VR Systems used remote updates for their software, opening up a possible point of compromise for hackers.

For two years, GRU hack denialists have thought it was the most important thing that the DNC provided FBI Crowdstrike’s forensic images of the hacked laptops, rather than providing the servers themselves.

But that step has, apparently, not been done yet with VR Systems. And the laptops that failed on election day are only now being forensically examined.  Which is why, I presume, that Wyden believes it’s premature to claim no vote totals were affected on election day 2016.

Hal Martin Manages to Obtain a Better Legal Outcome than Reality Winner, But It Likely Doesn’t Matter

I’d like to comment on what I understand happened in a Hal Martin order issued earlier this month. In it, Judge Richard Bennett denied two requests from Martin to throw out the warrants for the search of his house and cell site tracking on his location, but granted an effort to throw out his FBI interrogation conducted the day they raided his house.

Hal Martin did not tweet to Shadow Brokers

The filing has received a bit of attention because of a redaction that reveals how the government focused on Martin so quickly: a Tweet (apparently a DM) he had sent hours before the Shadow Brokers files were first dropped on August 13, 2016.

The passage has been taken to suggest that Martin DMed with Shadow Brokers before he published any files.

That’s impossible, for two reasons.

First, it is inconsistent with Shadow Brokers’ known timeline. Shadow Brokers didn’t set up a Twitter account until after the first batch of files were initially posted. And both the Martin warrant — dated August 25 — and the search — which took place the afternoon of August 27 — preceded the next dump from Shadow Brokers on August 28.

But it’s also impossible for how Bennett ruled.

While the underlying motion remains sealed (like virtually everything else in this case), Martin was arguing the warrant used to obtain his Twitter content and later search his house was totally unreasonable under the Fourth Amendment. It’s clear from a letter Martin sent the judge asking for his social media accounts as they actually appeared that he believes the FBI read the content of his Tweet out of context. And the judge actually considered the argument that the search was unreasonable to have merit, and in ruling that the FBI did have substantial basis for the search warrant, conceded that in another context the Tweet would not appear to be so damning.

Significantly, the Fourth Amendment exclusionary rule does not bar the admission of evidence obtained by officers acting in reasonable reliance on a search warrant issued by a magistrate later,found to be invalid. United States v. Leon, 468 U.S. 897,913-14 (1984). The evidence will be suppressed only if (1) the issuing judge was misled by information that the affiant knew or should have known was false, (2) the judge “wholly abandoned” her neutral role, (3) the affidavit was “so lacking in indicia of probable cause as to render official belief in its existence entirely unreasonable,” or (4) the warrant is so facially deficient that no reasonable officer could presume it to be valid. !d. at 923 (citations omitted).

[snip]

In this case, there was a substantial basis for the Magistrate’s fInding of probable cause to issue the search warrant for information associated with the Defendant’s Twitter account. See Upton, 466 U.S. at 728. The affIdavit provides that the Defendant’s Twitter messages [redacted] in which he requested a meeting [redacted] and stated “shelf life, three weeks” – were sent just hours before what was purported to be stolen government property was advertised and posted on multiple online content-sharing sites, including Twitter. (ECF No. 140-1 ~~ 14-23.) Further, and signifIcantly,the affIant averred that the Defendant was a former government contractor who had accessto the information that appeared to be what was purported to be stolen government property that was publicly posted on the Internet. (Id. ~~ 25-27.) Thus, although the Defendant’s Twitter messages could have had any number of innocuous meanings in another setting, these allegations regarding the context of Defendant’s messages provide a substantial basis for the Magistrate’s conclusion that there was a “fair probability” that evidence of the crime of Theft of Government Property, in violation of 18 U.S.c. ~ 641, would be found in information associated with the Defendant’s Twitter account. See Gates, 462 U.S. at 238.

You would never see language like this if Martin really were tweeting with Shadow Brokers, particularly not given the timeline (as it would suggest that he knew of Shadow Brokers before he ever posted). The warrant would, in that case, not be a close call at all. Indeed, the language is inconsistent with Martin’s interlocutor having anything to do with Shadow Brokers.

What appears to have happened is that the FBI totally misunderstood what it was looking at (assuming, as the context seems to suggest, that this is a DM, it would be an account they were already monitoring closely), and panicked, thinking they had to stop Martin before he dropped more NSA files.

Hal Martin got a similar FBI interrogation to Reality Winner’s thrown out

The sheer extent of FBI’s panic is probably what made Martin’s effort to get his FBI interrogation thrown out more successful than Reality Winner’s effort.

Their interrogations were similar. Ten FBI Agents came to Winner’s house, whereas nine SWAT team members, plus eight other FBI Agents, and a few Maryland State Troopers came to Martin’s. In both cases, the FBI segregated the NSA contractors in their home while Agents conducted a search. In Winner’s case, they also segregated her from her pets. In Martin’s case, they segregated him from his partner, Deborah Shaw, and when they did finally let him talk to her, they told Martin “you can’t touch her or any of that stuff.” When the NSA contractors wanted to get something from another part of their home, the FBI accompanied them.

Aside from the even greater number of FBI Agents and that Martin had a partner to be separated from, the biggest difference in Martin’s case is that that they set off a flash-bang device to disorient Martin, and the FBI originally put him face down on the ground and handcuffed him. Those factors, Bennett judged, meant it was reasonable for Martin to believe he was under arrest, and therefore the FBI should have given him a Miranda warning.

That is, on the afternoon of the interrogation, approximately 17-20 law enforcement officers swarmed the Defendant’s property. The Defendant was initially approached by nine armed SWAT agents, handcuffed, and forced to lay on the ground. During the four-hour interrogation, the Defendant was isolated from his partner, his freedom of movement was significantly restricted, and he was confronted with incriminating evidence discovered on his property. In this police dominated environment, a reasonable person in the Defendant’s position would have believed he was not free to leave, notwithstanding the agents’ statements to the contrary.

So unlike Winner, Martin will have his interrogation (in which he admitted to taking files home from his job as a contractor and explained how he did so) thrown out.

But it probably won’t matter.

As a reminder, the FBI charged Martin with taking home 20 highly classified files in February 2017, but they included no allegation that he (willfully) served as a source for Shadow Brokers. It’s possible they know he was an inadvertent source for Shadow Brokers (unlike Nghia Pho, who was likely also a source for Shadow Brokers, they charged Martin for 20 files, larding on the legal exposure; they charged Pho with taking home just one file, while getting him to admit that he could have been charged for each individually). But an earlier opinion in this case ruled that the government only has to prove that by taking hordes of files from of his employers that included National Defense Information, he knowingly possessed the ones he got charged for.

In any case, Martin has already been in jail for 28 months, almost half the amount of time that Pho will serve for doing the same thing, and his trial is not due to start on June 17, a full 34 months after he was arrested. As with Winner, the delay stems from the Classified Information Protection Act process, which ensures that — once the government successfully argues that the secrets in your head make it impossible to release you on bail for fear a foreign intelligence agency will steal those secrets — you serve the equivalent of a sentence before the government even has to prove your guilt.

Again, it may be that Martin unwittingly served as a source for Shadow Brokers. But if he didn’t, then the heavy hand they’re taking with him appears to stem from sheer embarrassment at fucking up with the initial panicked pursuit of him.

Update: Corrected the post to reflect that the search actually preceded the August 28 dump.

The Two Legitimacy Problems with the Nghia Pho Sentence

Nghia Pho was sentenced to 5 years and 6 months yesterday. He is presumed to have been one of the sources for the files released by Shadow Brokers (though I have been told he couldn’t be the sole source).

The government had asked for 8 years, just a month short of the top of the guidelines for the crime to which he pled guilty (though the government could have charged him much more aggressively and gotten far more time). In sentencing Pho, however, Judge George Russell seemed persuaded by Pho attorney Robert Bonsib’s point that David Petraeus did no jail time for what actually would have been a worse offense had he also been charged with sharing with his mistress the code word intelligence he mishandled and then lying about both to the FBI, as well as if the government admitted that the information Petraeus shared actually did show up in Paula Broadwell’s hagiography of the general.

Russell seemed particularly perturbed that former CIA Director David Petraeus managed to get probation after admitting he kept highly classified information in his home without permission, shared it with his girlfriend and lied to investigators.

“Did he do one day in prison?” the clearly frustrated judge asked. “Not one day. … What happened there? I don’t know. The powerful win over the powerless? … The people at the top can, like, do whatever they want to do and walk away.”

Admittedly, the unstated presumption that Pho’s mishandling of NSA’s hacking tools led to first their leak then the downstream malware attacks tied to them seems to justify the government’s call for a harsh sentence and is reflected in statements from both Russell and prosecutor.

Russell called Pho’s actions “extraordinarily serious.” He also rejected claims that it was an isolated mistake, noting that Pho took the top-secret material to his home for years.

[snip]

Little was said at Tuesday’s hearing about what information may have escaped Pho’s control or where it wound up, although Windom used very strong language about the impact of Pho’s actions, calling it “devastating.”

And it also explains the language of Pho’s remorse — denying the things that might have been suspected of the release.

“I admit it but I do not betray the U.S.A.,” the white-haired, glasses-wearing engineer said in broken English. “I do not betray this country. … I do not send anything to anybody or on the internet. I do not make profit on this information. … I cannot damage this country.”

It also might explain the terms of the plea agreement, one part of which remains sealed.

There’s something that remains unexplained, however — at least not credibly. Pho continues to claim that he brought the NSA’s hacking tools home because he needed them to write his Employee Performance Assessments. (h/t Josh Gerstein for obtaining the documents)

I need extra times and information about what I worked on, cut and paste, to create a good EPA at home and hope that I will have a chance to be promoted this time hence I received a good high-three average salaries before I go to the retirement in next four years (2019) when my clearance will be expired.

I was devoted to EPA promotion, encircle by EPA/promotion and the last high-three salaries that made me blind to violate the security policy of the Agency.

But as the government noted in their sentencing memo, this was not a one-off in advance of writing a yearly EPA. Rather, Pho continued doing this over the course of five years, and did so with materials unrelated to his work.

For a period of at least five years, the defendant removed Top Secret and Sensitive Compartmented Information (“SCI”) from secure space at the National Security Agency (“NSA”) and retained it in his home–an unsecure residence.

[snip]

This assertion [that he did this solely for EPAs] is belied by the facts. The defendant did not take home and retain classified information consistently for five years to work on an annual performance review. This argument especially does not apply to the classified material found in his home that was unrelated to his work or any personnel evaluation. [citations removed]

The government also notes that Pho knew better than to load these materials onto his computer (as a guy who coded malware, that should be all the more true).

The defendant claims that he stored massive troves of classified information at his home without the intention of placing national security at risk. The defendant goes so far as to say, directly, that he “did handle the information with care.” His actions speak to his intentions, and the facts do not support his contentions. For years, the defendant received training on how and where to store classified information and on why such precautions were critical to protecting national security. The defendant well knew that the mere removal of classified information from secure spaces, in itself, could endanger national security, and that retaining classified information in an unsecure location compounded this danger. Indeed, in his plea agreement, the defendant admitted that his extensive training informed him that “unauthorized removal of classified materials and transportation and storage of those materials in unauthorized locations risked disclosure and transmission of those materials, and therefore could endanger the national security of the United States and the safety of its citizens.

This is a point that Admiral Rogers repeated in his (March 5) letter on the sentencing.

Mind you, even a year after Pho was discovered, it was still possible for even a translator to stick thumb drives into Top Secret computers at Fort Meade, as evidenced by Reality Winner’s actions (actions that were not charged). In the same way that Pho knew well that putting hacking tools on a computer attached to the Internet would be colossally stupid, the government itself has known the risks of leaving computers accessible to removable media since before Chelsea Manning’s leaks. They’re not exactly in a position to lecture.

That said, there’s something that still doesn’t add up about this and Pho’s claimed motive for it, which may be why when this story first broke, three different theories for why he brought the files home got leaked to the press. Maybe it was just ego fed by resentment that he (as reported in his letter) wasn’t getting promotions at the same rate as his colleagues, which doesn’t make for a very good excuse to having exposed the NSA’s crown jewels.

 

The Frothy Right Is Furious that Peter Strzok Pursued the Guy Leaking about Carter Page

Close to midnight on June 3, 2017, Lisa Page texted Peter Strzok to let him know that Reality Winner was in custody. Page used the same shorthand she and Strzok (and presumably, those around them) consistently use to describe leak investigations, ML, media leaks.

They used the term elsewhere, as when Strzok said “media leaks and what I do for a living” when responding to the first reports that Mueller was investigating Trump (and hypothesizing about who the WaPo’s likely sources were).

Significantly, they used the term on April 10, 2017, when trying to figure out how to respond to DOJ’s effort to increasingly politicize leak investigations.

Indeed, Strzok’s lawyer has issued a statement confirming this is how Strzok and Page used the term.

The term ‘media leak strategy’ in Mr. Strzok’s text refers to a Department-wide initiative to detect and stop leaks to the media. The President and his enablers are once again peddling unfounded conspiracy theories to mislead the American People.

In spite of all that context, Mark Meadows has the entire frothy right, from Sara Carter to Fox News to Don Jr to his dad, worked up about two newly produced texts, based on this letter to Rod Rosenstein, which gets just about every thing wrong.

Before I explain how wrong Mark Meadows’ letter is, let me point out two things.

Michael Horowitz has already investigated a media leak text and found no misconduct

First, Michael Horowitz is (with the possible exception of DOD’s Glenn Fine) the best Inspector General in government. His office spent over a year investigating the work of Peter Strzok and Lisa Page; he wrote a 500-page report on it. And when he found evidence that even looked like impropriety, acted on it immediately and then formally, leading to Strzok’s firing. He has also spent a year investigating whatever calls went between FBI lines and reporters covering Hillary or Trump. He even drew pretty pictures showing each one of concern.

As part of both investigations, he examined a text in the series Meadows is concerned about (the April 10 one, above). And in spite of examining Page and Strzok, including a relevant text, at such length, Horowitz found no impropriety with the discussions about how to investigate leaks to the media.

We know the likely culprit for the leak the frothy right is blaming on Page and Strzok

The punchline of Meadows’ letter — as fed via the always-wrong Sara Carter — is a claim that Strzok and Page were the source for the WaPo story revealing that FBI obtained a FISA order on Carter Page.

The review of the documents suggests that the FBI and DOJ coordinated efforts to get information to the press that would potentially be “harmful to President Trump’s administration.” Those leaks pertained to information regarding the Foreign Intelligence Surveillance Court warrant used to spy on short-term campaign volunteer Carter Page.

Aside from how fucking stupid you’d have to be to believe that Strzok would go to great lengths to get a FISA order on Page and then tell the entire world about it, there’s another reason that the frothy right should know this is wrong: because we know the likely culprit for it.

As I noted in my first post on the James Wolfe indictment, that investigation appears to have started to (and focused on) finding the source for the WaPo story the frothy right now blames on Strzok and Page.

The government lays out clear proof Wolfe lied about conversations with three reporters. With Watkins and another, they point to stories about Carter Page to do so. The Watkins story is this one, confirming he is the person identified in the Evgeny Buryakov indictment. Another must be one of two stories revealing Page was subpoenaed for testimony by the Senate Intelligence Committee — either this one or this one.

I’m most interested, however, in this reference to a story the FBI raised with Wolfe in its interview, a story for which (unlike the others) the indictment never confirms whether Wolfe is the source.

During the interview, FBI agents showed WOLFE a copy of a news article authored by three reporters, including REPORTER #1, about an individual (referred to herein as “MALE-l), that contained classified information that had been provided to the SSCI by the Executive Branch for official purposes

The story suggests they don’t have content for the communications between Wolfe and Reporter #1, and the call records they’re interested in ended last June (meaning the story must precede it).

For example, between in or around December 2015 and in or around June 2017, WOLFE and REPORTER #1 communicated at least five times using his SSCI email account.

For that reason, I suspect this is the story they asked about — whether Wolfe is a source for the original credible story on Carter Page’s FISA order. The focus on Page generally in the indictment suggests this investigation started as an investigation into who leaked the fact that Page had been targeted under FISA, and continued to look at the stories that revealed classified details about the investigative focus on him (stories which he rightly complained to SSCI about).

The government didn’t charge Wolfe for that story — they just (appear to have) included his lies about whether he knew the reporters behind it among the lies they charged him for. But that’s a common strategy for FBI when dealing with a leak investigation the direct prosecution of which would require declassifying information, particularly with someone like Wolfe who could easily graymail the government. Moreover, the docket in his case has the look of one where the defense is considering a plea to avoid more serious charges.

Now consider how they got Wolfe. Not only did the government go after a trusted employee, not only did they very publicly access his Signal and WhatsApp texts, not only did they get Congress to waive speech and debate (which very rarely happens), but they also obtained years of Ali Watkins’ call records, both directly and via Temple University.

In other words, the prosecution of James Wolfe pushed prior protocols on leak investigations on a number of fronts: going after favored insiders, going after encrypted comms, going after employees of Congress, and going far more aggressively after a journalist and a college student than would seem necessary. That’s precisely the kind of thing that FBI and DOJ would debate as part of revising their strategy to more aggressively pursue media leaks.

So the James Wolfe case not only provides a likely culprit for the leak, but probably even evidence that shifts in the media leak strategy did happen, shifts resulting in far more aggressive pursuit of leaks than happened at the end of the Obama Administration.

Mark Meadows dangerously wrong

Which brings us, finally, to the many errors of Mark Meadows’ letter to Rosenstein. Once again, the premise of the letter is that two next texts (one of which obviously relates the one I posted above) create grave new concerns.

As you may know, we recently received a new production of documents from the Department providing greater insight into FBI and DOJ activity during the 2016 election and the early stages of the Trump administration. Our review of these new documents raises grave concerns regarding an apparent systemic culture of media leaking by high-ranking officials at the FBI and DOJ related to ongoing investigations.

Review of these new documents suggests a coordinated effort on the part of the FBI and DOJ to release information in the public domain potentially harmful to President Donald Trump’s administration. For example, the following text exchange should lead a reasonable person to question whether there was a since desire to investigate wrongdoing or to place derogatory information in the media to justify a continued probe.

April 10, 2017: Peter Strozk [sic] contacts Lisa Page to discuss a “media leak strategy.” Specifically, the text says: “I had literally just gone to find this phone to tell you I want to talk to you about media leak strategy with DOJ before you go.”

April 12, 2017: Peter Strozk [sic] congratulates Lisa Page on a job well done while referring to two derogatory articles about Carter Page. In the text, Strzok warns Page two articles are coming out, one which his “worse” than the other about Lisa’s “namesake.” [see update below] Strzok added: “Well done, Page.”

Meadows goes on to cite the WaPo story revealing Page’s FISA order and Andrew Weissman’s meeting with the AP (in which, per court testimony from the Manafort trial, the AP provided information useful to the investigation into Manafort, but which — significantly — led to the warrant on Manafort’s condo which may have led to the discovery of information that implicates Trump).

Meadows is just wrong. Both texts he already has and the Wolfe case “should lead a reasonable person” to understand that the same people who had long pursued leak investigations still were doing so, doing so in an increasingly politicized environment, but doing so with results that would employ more aggressive techniques and would find the likely culprit behind the WaPo story in question (not to mention send Reality Winner to prison for five years).

But all that’s just a premise to claim that because he imagines, fancifully, that Page and Strzok were leaking about ongoing investigations to the press (when in fact they were investigating such leaks), he should be able to get the FBI to talk about ongoing investigations.

During our interviews with Peter Strozk [sic] and Lisa Page, FBI attorneys consistently suggested witnesses could not answer questions due to the US Attorneys’ Manual’s policy for ongoing investigations. However, documents strongly suggest that these same witnesses discussed the ongoing investigations multiple times with individuals outside of the investigative team on a regular basis.

Not only is Meadows almost certainly wrong in his accusations against Strzok and Page, but he’s also ignoring that there are two ongoing investigations being protected here — both the general Russian investigation, but also the prosecution of Wolfe for behavior that likely includes the story he’s bitching about.

Meadows then uses what he even seems to admit are authorized media contacts as a transition paragraph.

Our task force continues to receive troubling evidence that the practice of coordinated media interactions continues to exist within the DOJ and FBI. While this activity may be authorized and not part of the inappropriate behavior highlighted above, it fails to advance the private march to justice, and as such, warrants your attention to end this practice.

The transition paragraph — which I’ll return to — leads to the whole point of the letter, Meadows’ demand that, because he has trumped up a false accusation against Strzok and Page, he should be able to interview FBI agents he believes will undermine the investigation into Donald Trump.

In light of the new information, our task force is requesting to review text messages, emails, and written communication from FBI and DOJ officials Stu Evans, Mike Kortan, and Joe Pientka between June 2016 to June 2017. To be clear, we are not suggesting wrongdoing on the part of Evans, Kortan, and Pientka–and, in fact, previously reviewed documents suggest that some of these individuals may share the committees’ same concerns. However, these additional documents, with an emphasis on communications between the aforementioned individuals and Peter Strozk [sic], Andrew McCabe, Lisa Page, Bruce Ohr and Andrew Weissman, would provide critical insight into the backdrop of the Russian investigation.

Meadows is looking, among other things, testimony that says Pientka didn’t believe Mike Flynn lied when he interviewed Trump’s National Security Advisor with Strzok. But he’s doing so specifically for a time period that ends before the evidence showing that Flynn did lie came into FBI (in part, when Mueller obtained Transition emails showing Trump closely directed Flynn’s conversations with Sergei Kislyak.

Now back to authorized media interactions. I happen to know something about how they work. I had a conversation with the FBI that pertained, in part, to whether there was a tie between Russian criminals and the President, one that also pertained to my perception of possible threats. Apparently Meadows thinks that such a conversation “fails to advance the private march to justice,” though it’s not clear what he means by that.  I mean, thus far, I have been very circumspect about the content of such conversations; is Meadows really asking me to air details before the midterms? I have thus far hesitated to share suspicions I had, believing it would be inappropriate for anyone besides Mueller and the FBI to air such things publicly, until they had corroborated my suspicions. But Meadows apparently believes it important to air investigative details before the election.

The better option — one that would put the rule of law and the security of the nation ahead of partisan obstruction — would be for Meadows to stop inciting hoaxes among the frothy right. Or maybe, at least, the frothy right can recognize that Meadows has serially embarrassed them as they credulously repeat whatever hoax he floats?

Update: After Jerrold Nadler and Elijah Cummings released a response noting some of Meadows’ errors, he fixed just one of the errors in his letter, admitting that the “well done, Page” language was actually from an April 22, 2017 text that reads, “article is out! Well done, Page,” and which obviously refers to this story on Jim Comey.

As I disclosed July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.