Posts

The Epistemology of Security Clearance Dick-Waving

As I disclosed last month, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

I really couldn’t be bothered to get hot and bothered about President Trump stripping John Brennan of his security clearance. Brennan himself has been involved in the politicization of security clearances (perhaps most directly in Jeffrey Sterling’s case), and to have David Petraeus, of all people, complain about politicized security clearances, discredits the pushback. I’m far more concerned about the loyalty policing at EPA, Interior, Department of Education, and on the DOJ team attacking ObamaCare than I am about Brennan, because the bullying of those more obscure people will have a tangible effect on Americans’ lives. Indeed, the fact that Trump issued a declaration stripping Brennan of his clearance on July 26 but we only learned about it on August 15 is a testament to how little impact this has, other than the posturing around it.

But it has led to dangerous politicization elsewhere.

After being stripped of his clearance, Brennan wrote this op-ed.

In it, Brennan spends six paragraphs setting up how deceitful are Russians generally and his former counterpart Alexander Bortnikov specifically, and how successfully they recruit targets, including Americans, leading from a description of Russian “perfidy” directly to deeming election tampering denials “hogwash.”

Brennan then turns to Trump. He leads his accusation that Trump “colluded” with Russia by describing how asking for Russian to find Hillary’s missing emails “openly authorized his followers to work” with Russians.

The already challenging work of the American intelligence and law enforcement communities was made more difficult in late July 2016, however, when Mr. Trump, then a presidential candidate, publicly called upon Russia to find the missing emails of Mrs. Clinton. By issuing such a statement, Mr. Trump was not only encouraging a foreign nation to collect intelligence against a United States citizen, but also openly authorizing his followers to work with our primary global adversary against his political opponent.

Brennan then points to what he has read in “the reporting of an open and free press” to declare Trump’s claims of no collusion — as he had just claimed Russia’s denials of election interference — to be “hogwash.”

Such a public clarion call certainly makes one wonder what Mr. Trump privately encouraged his advisers to do — and what they actually did — to win the election. While I had deep insight into Russian activities during the 2016 election, I now am aware — thanks to the reporting of an open and free press — of many more of the highly suspicious dalliances of some American citizens with people affiliated with the Russian intelligence services.

Mr. Trump’s claims of no collusion are, in a word, hogwash.

The only questions that remain are whether the collusion that took place constituted criminally liable conspiracy, whether obstruction of justice occurred to cover up any collusion or conspiracy, and how many members of “Trump Incorporated” attempted to defraud the government by laundering and concealing the movement of money into their pockets.

In response, Richard Burr issued this testy statement, defending Trump’s action of stripping the clearance of a former CIA Director with whom Burr got along splendidly when he was spying on Burr’s own separate branch of government oversight committee.

Director Brennan’s recent statements purport to know as fact that the Trump campaign colluded with a foreign power. If Director Brennan’s statement is based on intelligence he received while still leading the CIA, why didn’t he include it in the Intelligence Community Assessment released in 2017? If his statement is based on intelligence he has seen since leaving office, it constitutes an intelligence breach. If he has some other personal knowledge of or evidence of collusion, it should be disclosed to the Special Counsel, not The New York Times.

If, however, Director Brennan’s statement is purely political and based on conjecture, the president has full authority to revoke his security clearance as head of the Executive Branch.

I’m offended by Burr’s statement not just because it ignores the plain language of Brennan’s op-ed, which it links, but for the epistemology of the Russian investigation suggested by the Senate Intelligence Committee Chair. Here’s the logic of the statement:

1. Brennan “purports” to know Trump colluded with a foreign power

Here, Burr ignores how Brennan defines it — first “authorizing his followers to work” with Russia by calling on them to find Hillary’s missing emails, and then “highly suspicious dalliances of some American citizens with people affiliated with the Russian intelligence services” — stuff that’s public. He also ignores that Brennan himself says he doesn’t know whether the “collusion” involved constitutes a criminally liable conspiracy. That is, Brennan is defining collusion as something less than a criminal conspiracy to cooperate to cheat on the election, but Burr doesn’t care.

2. Why doesn’t Brennan’s claim show up in the Brennan-led Intelligence Community Assessment?

Again, Burr ignores Brennan’s description of becoming aware of this in the time period after he “had deep insight into Russian activities during the 2016 election” — so after he left the CIA — and taunts him that the ICA Brennan oversaw showed no evidence of collusion. The implication is Brennan’s ability to know if there were collusion ended on January 20, 2017. (Burr is also ignoring that there were two different investigations even while Brennan was in government — the intelligence investigation led by Brennan, which by law should not be targeting Americans, and the several parallel counterintelligence investigations at FBI, which could investigate Americans.)

Burr then presents three and only three possibilities for how Brennan might have knowledge of collusion, once again ignoring the free press that Brennan clearly attributes it to. First, either intelligence, or personal knowledge:

3. If Brennan has something called “intelligence” proving Trump’s collusion, then it must have come from an intelligence breach.

4. If he has something called “personal knowledge” of collusion, then it must only be shared with Mueller’s team, not with the NYT.

That’s it, according to the Senate Intelligence Chair, for real information about collusion. Either it’s intelligence to which Brennan is no longer entitled (assuming, of course, that Gina Haspel would have no reason to share intelligence about Russia with Brennan in some kind of consultation, which — if Brennan did then pass that on publicly, would be the only proper reason to strip his clearance). Or it’s “personal information,” usually called “evidence,” which may only be shared with Mueller and not with the press. “Intelligence,” which is the purview of the Intelligence Committee and the agencies it oversees. Or “evidence,” which is the purview of a DOJ investigation. Either/or.

That’s, of course, illogical, and not just because Burr’s own committee is investigating some of the same “evidence” that the FBI is, notably what happened on social media and what some witnesses have testified about, in secret, to the committee, and witnesses to both (like Rob Goldstone) have also commented publicly.

It’s illogical, too, because there are other ways to get real evidence of collusion. I believe I have evidence of collusion. I shared it with the FBI, sure. But after I revealed that I had provided information to the FBI in July, I also shared limited parts of it with some Republican Congressmen, in hopes of explaining to them how serious the investigation is and showing that entire parts of it don’t derive from Peter Strzok’s decisions. I’ve also discussed, prospectively, sharing it with some former top intelligence officials (unsurprisingly, not Brennan), in the interests of elucidating parts of the Russian attack they missed.

Yet even though his either/or proposition is false, Burr then uses it to proclaim Trump’s treatment of Brennan proper based on this remarkable statement:

5. “If, however, Director Brennan’s statement is purely political and based on conjecture, the president has full authority to revoke his security clearance as head of the Executive Branch.”

Having set up this false either/or proposition, Burr then suggests anything else must be “purely political” and “based on conjecture,” and — without showing the logical relation between the two clauses in this sentence — states that the President has the authority to revoke Brennan’s security clearance.

(If NOT (intelligence or evidence,) THEN political conjecture) THEN strip the damn clearance.

It is true that thus far the case law suggests that a President does have the authority to strip Brennan’s clearance (though a Brennan challenge, or even more easily, a Bruce Ohr challenge, might establish new limits to that authority). But that authority has no relationship to the claimed political or conjectural nature of Brennan’s comments. Not only does Burr suggest it does — suggest that stripping security clearances because of speech perceived to be political is not just proper — but by yoking these two clauses together in one sentence, Burr suggests punishing political speech is in some way intimately tied to the authority therein.

Plus, as Brad Heath noted, Burr’s statement argues that Trump was right to strip Brennan’s clearance on July 26 because of statements Brennan made on August 16.

The Chairman of the Intelligence Committee, mind you, made this statement.

But here’s the reason why I really care about this.

Back when he was CIA Director, I openly criticized Brennan for the way he worked the press to get the most hawkish read of the Russian attack into the press. But I didn’t think his efforts arose from partisanship. Rather, it was an effort to raise alarm bells about the attack in the last weeks of the Administration. Such use of the press happens all the time when Administration officials are trying to advance their favored policy decisions.

Burr, however, is using his position of authority to affirmatively tie security clearances to speech he (or the President) deems excessively political. He’s doing it even as he argues there are just two appropriate categories of weighing whether collusion happened or not, intelligence (his purview) or evidence (Mueller’s). And he’s doing it as his committee is leading what has, up to this point, been the only Congressional investigation not utterly discredited by partisan bickering.

That pisses me off for several reasons. First, Burr is in the same breath being a raging partisan and asserting that his committee is one of the only entities that can appropriately weigh whether Trump conspired with Russia to win the election. He’s putting a thumb on the scale at precisely the moment that he claims only he (and Mueller) get to decide whether collusion happened. This raises real questions in my mind about what would happen if and when SSCI came upon information that shows Trump conspired with Russia. It raises real doubts in my mind about whether SSCI is able to conduct their investigation.

More importantly, he’s wrong. He’s wrong for the obvious reason that journalists are discovering important threads of the Russia investigation. Indeed, the part of SSCI’s work they’re most proud about — Russia’s use of social media — came out of a lot of really good reporting on the topic.

He’s wrong because we’re a democracy and whether Trump conspired with Russia will one day be most critically decided in a political sphere. As we get closer to that day, the American public has every right to read these two data points together and consider whether they show Trump and the Russians conspiring.

“Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing. I think you will probably be rewarded mightily by our press.”

For example, on or about July 27, 2016, the Conspirators attempted after hours to spearphish for the first time email accounts at a domain hosted by a third-party provider and used by Clinton’s personal office. At or around the same time, they also targeted seventy-six email addresses at the domain for the Clinton Campaign.

And he’s wrong because none of the certified experts are getting the Russia story entirely right. As I said, I’ve had conversations in the last several months with Republican congressmen, former top intelligence officials, and a whole lot of experts on the Russian attack, including (but not limited to) top InfoSec people, other journalists, and some key witnesses. Even aside from the stuff I went to the FBI about (which might give me special insight to what happened, but also has made me admittedly blindered about other issues) all of those people, including me, have missed key things or gotten key details wrong. Just as one example, in conversations I’ve had with that ilk of people, every single person save one has either misread key parts of the GRU indictment or read in their prior assumptions (the one exception had the advantage of being a key witness behind at least two paragraphs of the indictment). That’s just one example, but it’s an example that suggests we need more honest discussion and less of Burr and Trump’s attempt to decertify democratic speech about what the President did.

The Chair of the Intelligence Committee, Richard Burr, effectively asserted that he is one of the few authorities with the right to say, based off what his committee does in private, whether Trump conspired with Russia or not, and that any citizen deigning to weigh in based off the public evidence may be properly disciplined by the President. The statement goes a long way to discredit the investigation his committee is doing, a real blow to his staffers’ success at bridging any partisan divide. Most importantly, because it so badly gets the epistemology of an attack that targeted all Americans wrong, it raises real questions about Burr’s understanding of the Russian attack at issue.

James Wolfe: The Distinction Between FBI’s Investigation of Leaking Classified versus Non-Public Information

There’s something about the James Wolfe case that has stuck with me. For an article published after Wolfe’s indictment was released, Ali Watkins’ lawyer, Mark MacDougall, tempered his concern about Watkins’ call records being seized by suggesting that the scope of charges might somehow legitimate it.

Watkins’ attorney, Mark MacDougall, had described the seizure as “disconcerting.”

“Whether it was really necessary here will depend on the nature of the investigation and the scope of any charges,” MacDougall said in a statement.

While MacDougall has gone silent since then, this comment suggested there might be a reasonable premise for DOJ to seize all of Watkins call records for her entire journalistic career, which is fairly shocking. FBI gets all the call records of someone, these days, to identify all the devices she uses to check that activity as much as they do so to identify specific calls made. There’s nothing revealed by the indictment that would justify that, and a lot (notably, the evidence they had ready access to Wolfe’s phone content) that suggests it wasn’t justified.

With that in mind, I want to look at some details about the known timeline of the investigation:

March 2017: Exec Branch provides SSCI “the Classified Document,” which includes both Secret and Top Secret information, with details pertaining to Page classified as Secret.

March 2, 2017: James Comey briefs HPSCI on counterintelligence investigations, with a briefing to SSCI at almost the same time.

March 17, 2017: 82 text messages between Wolfe and Watkins.

April 3, 2017: Watkins confirms that Carter Page is Male-1.

April 11, 2017: WaPo reports FBI obtained FISA order on Carter Page.

June 2017: End date of five communications with Reporter #1 via Wolfe’s SSCI email.

June 2017: Using pretext of serving as a source, CBP agent Jeffrey Rambo grills Watkins about her travel with Wolfe.

October 2017: Wolfe offers up to be anonymous source for Reporter #4 on Signal.

October 16, 2017: Wolfe Signals Reporter #3 about Page’s subepoena.

October 17, 2017: NBC reports Carter Page subpoena.

October 24, 2017: Wolfe informs Reporter #3 of timing of Page’s testimony.

October 30, 2017: FBI informs James Wolfe of investigation.

November 15, 2017: 90 days before DOJ informs Ali Watkins they’ve seized her call records.

December 14, 2017: FBI approaches Watkins about Wolfe.

Prior to December 15, 2017 interview: Wolfe writes text message to Watkins about his support for her career.

December 15, 2017: FBI interviews Wolfe.

February 13, 2018: DOJ informs Watkins they’ve seized her call records.

June 6, 2018: Senate votes to make official records available to DOJ.

That the Chairman and Vice Chairman of the Senate Select Committee on Intelligence, acting jointly, are authorized to provide to the United States Department of Justice copies of Committee records sought in connection with a pending investigation arising out of allegations of the unauthorized disclosure of information, except concerning matters for which a privilege should be asserted.

June 7, 2018: Grand jury indicts Wolfe.

June 7, 2018: Richard Burr and Mark Warner release a statement:

We are troubled to hear of the charges filed against a former member of the Committee staff. While the charges do not appear to include anything related to the mishandling of classified information, the Committee takes this matter extremely seriously. We were made aware of the investigation late last year, and have fully cooperated with the Federal Bureau of Investigation and the Department of Justice since then. Working through Senate Legal Counsel, and as noted in a Senate Resolution, the Committee has made certain official records available to the Justice Department.

June 13, 2018: Wolfe arraigned in DC. His lawyers move to prohibit claims he leaked classified information.

The indictment is quite clear: the investigation leading to Wolfe’s indictment started as an investigation into “multiple unauthorized disclosures of classified information” to the press. It’s clear from Burr and Warner’s statement that they were a bit surprised that the “charges do not appear to include anything related to the mishandling of classified information.” The indictment doesn’t charge Wolfe with leaking classified information.

And the timeline laid out in the indictment suggests that the document provided SSCI in March 2017 led to Watkins confirming that Page was Male-1 in the Victor Podobnyy complaint, the complaint itself is probably not classified. Nor would it, with its reference to Page as Male-1 (also used in this indictment!), be enough to ID Page as the guy Podobnyy was trying to recruit.

As I suggested in this post, for all the focus on Watkins, the indictment actually seemed to prioritize Reporter #1, including on the questionnaire the FBI gave Wolfe when they interviewed him in December. It first asked if Wolfe knew any of the reporters behind that still unidentified story, then asked a question that his relationship with Watkins would clearly refute, which agents contextualized even further by asking specific questions about details they had already confirmed about their relationship, including the international travel Rambo had identified as early as June. Then, after asking a question that would clearly pertain to Wolfe’s undeniable relationship with Watkins, the questionnaire asked whether he had given classified or unclassified documents to any of the journalists he might have admitted to contacting in Question 10, covering the basis for that Podobnyy story.

c. During the interview, FBI agents showed WOLFE a copy of a news article authored by three reporters, including REPORTER #1, about an individual (referred to herein as “MALE-l)”, that contained classified information that had been provided to the SSCI by the Executive Branch for official purposes.

d. Question 9 of the lnvestigative Questionnaire asked “Have you had any contact with” any of those three reporters. As to each reporter, WOLFE stated and checked “No.”

e. Question 10 of the Investigative Questionnaire asked, “Besides [the three named reporters], do you currently have or had any contact with any other reporters (professional, official, personal)?” Before answering this question, WOLFE stated orally to the FBI agents that although he had no official or professional contact with reporters, he saw reporters every day, and so to “feel comfortable” he would check “Yes.” He did so, and initialed this answer.

f. Question 10 of the Investigative Questionnaire further asked, “If yes, who and describe the relationship (professional, official, personal).” In the space provided, WOLFE hand wrote “Official – No” and “Professional – No.” WOLFE then orally volunteered that he certainly did not talk to reporters about anything SSCl-related. FBI agents orally asked WOLFE if he had traveled internationally with any reporter, gone to a baseball game or to the movies with a reporter, or had weekly or regular electronic communication with a reporter. To each question WOLFE verbally responded ‘No.” WOLFE then wrote “Personal – No” on the Investigative Questionnaire.

g. Question 11 of the lnvestigative Questionnaire asked, “If yes to question ten, did you discuss or disclose any official U.S. government information or documents whether classified or unclassified which is the property of the U.S. government without express authorization from the owner of the information?” WOLFE stated and checked “No” and initialed this answer.

Now consider the vote to release official SSCI documents to DOJ, which DOJ appears to have needed before they presented the indictment to the grand jury the next day, but which DOJ knew enough about to already be prepped to indict. That is, DOJ surely already knew what those records showed; what the vote did was permit DOJ to use the records in a prosecution. There are surely records pertaining to the SSCI SCIF that DOJ wanted, including the specific treatment of the Classified Document delivered to SSCI in March 2017.

On or about March 17,2017,the Classified Document was transported to the SSCI. As Director of Security, WOLFE received, maintained, and managed the Classified Document on behalf of the SSCI.

It’s also possible (though unlikely) that SSCI, and not the Executive Branch, counts as custodian of Wolfe’s Non-Disclosure Agreements.

But the only actual SSCI record described in the indictment is the email account he used to communicate with Reporter #1, as well as emails that Page sent to the committee to complain about leaks.

For example, between in or around December 2015 and in or around June 2017, WOLFE and REPORTER #1 communicated at least five times using his SSCI email account.

[snip]

26. On or about October 18, 2011, MALE-1 sent an email to the SSCI, complaining that the news organization had published REPORTER #3’s news article of the previous day, reporting that he had been subpoenaed.

27. On or about October 24,2017, at 7:00 a.m., WOLFE informed REPORTER #3, using Signal, that MALE-1 would testify in closed hearing before the SSCI “this week.” At 9:58 a.m., REPORTER #3 sent an email to MALE-I, asking him to confirm that he would be ‘paying a visit to Senate Intelligence staffers this week.” At 9:23 p.m., MALE-I sent an email to the SSCI, forwarding the email he had received from REPORTER #3, and complaining that the details of his appearance had been leaked to the press.

So it’s possible that, having had SSCI’s cooperation since the time FBI was interviewing Wolfe, DOJ only needed to ensure it could access these email records. It’s possible that DOJ believes convicting Wolfe of false statements charges, and avoiding the hassle of exposing classified information at a trial charging that he leaked classified information, is sufficient punishment.

Or it’s possible that this indictment is just the next step in an investigative process that aims to get confirmation — public or tacit, the latter obtained via a guilty plea with cooperation — regarding the source for that other, still unidentified story that incorporated classified information. I also think FBI may be particularly interested that Wolfe was approaching journalists offering to be a source, as he did in October with Reporter #4, and not vice-versa.

The Psy-Group Presentation Suggests Online Trolls Swung Richard Burr’s State of North Carolina

The WSJ reports that Mueller’s team has obtained an analytical document from Psy-Group, the company of Joel Zamel, that was offering to help the Trump campaign both before and after the election.

Special counsel Robert Mueller’s investigators have obtained a presentation prepared by an Israel-based private intelligence firm that outlines ways in which Donald Trump’s 2016 election was helped by fake news and fake social-media accounts, according to people familiar with the presentation and documents reviewed by The Wall Street Journal.

[snip]

Psy-Group’s founder, Joel Zamel, is under scrutiny from U.S. investigators because of his close relationship with the government of the United Arab Emirates and his involvement in a meeting with Mr. Trump’s eldest son shortly before election day, the Journal has reported.

Mr. Zamel met with Donald Trump Jr. at Trump Tower in the weeks before the 2016 election along with George Nader, a top adviser to the crown prince of the United Arab Emirates, to discuss an offer to help boost the campaign, according to people familiar with the matter. Erik Prince, a U.S. defense contractor who specializes in the Middle East and had close ties to the campaign, attended the meeting, the Journal previously reported. People involved in the meeting say nothing came of it and the Psy-Group didn’t perform any work for the Trump campaign.

The presentation the Special Counsel is apparently scrutinizing is 9 pages; most pages describe generically how to seed bots to later swing opinion. But there’s one page that purports to show how this works in a swing state. That swing state in North Carolina.

While we can’t measure Psy-Group’s claims without a script, it seems that the group claims social media helped Trump turn a 7 point deficit in the wake of the Access Hollywood tape to a 4 point win on election day.

NC is an interesting choice because Trump also benefitted from the most aggressive voter suppression drive in the state. And because it’s the state for which Russian hacking — of VR Systems and, possibly, of poll books in disproportionately democratic precincts — may have actually affected the election.

It’s interesting for one more reason: it’s the state of Senate Intelligence Committee Chair (and Trump NatSec advisor, during the election) Richard Burr. Burr won his race by more than Trump did, but still within the scope of the swing mapped out by Psy-Group.

As I noted, the election tampering report generated by Burr’s committee, largely failed to address the vulnerability and importance of vendors like VR Systems.

Obviously, if trolls made the difference in NC, they also made the difference in PA, MI, and WI.

But we might not find that out, because the guy in charge of the purportedly responsible investigation of such things has scoped the investigation in such a way that his own re-election could not be questioned.

The Gaping Holes in the SSCI Voting Security Report: Vendors and Mitch McConnell

The Senate Intelligence Committee released a 6-page report, titled “Russian Targeting of Election Infrastructure During the 2016 Election: Summary of Initial Findings and Recommendations,” on how to secure elections last night.

While it is carefully hedged (noting that states may have missed forensic evidence and new evidence may become available), it confirms that “cyber actors affiliated with the Russian Government” conducted the operation and that no “vote tallies were manipulated or [] voter registration information was deleted or modified.” It says the intrusions were “part of a larger campaign to prepare to undermine confidence in the voting process,” but in its admission that, “the Committee does not know whether the Russian government-affiliated actors intended to exploit vulnerabilities during the 2016 elections and decided against taking action,” doesn’t explain that the reason Russia would have decided against action was because Trump won.

The report is laudable for the care with which it describes the various levels of intrusion: scan, malicious access attempts, and successful access attempts. As it concludes, in a small number of states (which must be six or fewer), hackers could have changed registration data, but could not have changed vote totals.

In a small number of states, Russian-affiliated cyber actors were able to gain access to restricted elements of election infrastructure. In a small number of states, these cyber actors were in a position to, at a minimum, alter or delete voter registration data; however, they did not appear to be in a position to manipulate individual votes or aggregate vote totals.

Among its recommendations, the report suggests that,

Election experts, security officials, cybersecurity experts, and the media should develop a common set of precise and well-defined election security terms to improve communication.

This would avoid shitty NBC reporting that falsely leads voters to believe over 20 states were successfully hacked.

Ultimately, though, this report offers weak suggestions, using the word “should” 18 times, never once calling on Congress to fulfill some of its recommendations (such as providing resources to states), and simply suggesting that the Executive warn of consequences for further attacks.

U.S. Government should clearly communicate to adversaries that an attack on our election infrastructure is a hostile act, and we will respond accordingly.

Predictably (especially coming from a Chair whose own reelection in 2016 is due, in part, to his party’s abuse of North Carolina’s administration of elections, the report affirms the importance of states remaining in charge.

States should remain firmly in the lead on running elections, and the Federal government should ensure they receive the necessary resources and information.

I guess Richard Burr would like the Federal government to give his colleagues more money to disenfranchise brown people.

But it’s not just in its weak suggestions that the report falls short. There are two significant silences that discredit the report as a whole: Mitch McConnell, and vendors.

For example, in a long section discussing laying out why DHS’ warnings in 2016 were insufficient, the report complains that the October 7, 2016 statement was not adequate warning.

DHS’s notifications in the summer of 2016 and the public statement by DHS and the ODNI in October 2016 were not sufficient warning.

The report remains utterly silent about Mitch McConnell’s refusal to back a more forceful statement (and, as I’ve noted, Burr and fellow Trump advisor Devin Nunes himself never joined any statement about the attacks).

In other words, while this report talks about gaps and is happy to blame DHS, it doesn’t consider the past and proposed role of top members of Congress.

The other big gap in this report has to do with the vendors on which our election system relies. To be sure, the report does, twice, acknowledge the importance of private sector companies in counting our vote, first when it describes that the vendors would are enticing targets that might need to be bound by more than voluntary guidelines.

Vendors of election software and equipment play a critical role in the U.S. election system, and the Committee continues to be concerned that vendors represent an enticing target or malicious cyber actors. State local, territorial, tribal, and federal government authorities have very little insight into the cyber security practices of many of these vendors, and while the Election Assistance Commission issues guidelines for Security, abiding by those guidelines is currently voluntary.

As a solution, it said that state and local officials should perform risk assessments for election infrastructure vendors, not that they should do so themselves (or be held to any mandated standards).

Perform risk assessments for any current or potential third-party vendors to ensure they are meeting the necessary cyber security standards in protecting their election systems.

Not all  states and almost no local officials are going to have the ability to do this risk assessment, and there’s no reason why it should be done over and over again across the country.

That’s particularly true given the fact that (as the report addresses the vulnerability posed by, but provides no remedy) the election vendor market has gotten increasingly concentrated.

Voting systems across the United States are outdated, and many do not have a paper record of votes as a backup counting system that can be reliably audited, should there be allegations of machine manipulation. In addition, the number of vendors selling machines is shrinking, raising concerns about supply chain vulnerability.

The report also suggests that DHS educate vendors.

DHS should work with vendors to educate them about the potential vulnerabilities of both voting machines and the supply chains.

But in a report that acknowledges the key role played by vendors in administering our elections, the report remains silent about Russian efforts to compromise them in 2016. Indeed, in its accounting of how many states were affected, the report admits its numbers don’t include vendors.

In addition, the numbers do not include any potential attacks on third-party vendors.

And yet — thanks in large part to Reality Winner — we know Russia did target vendors. Not only did they target them, but they appear to have succeeded, and succeeded in a way that may have affected the vote in North Carolina, Burr’s state.

In short, the report leaves a key aspect of known Russian efforts to target the vote completely unexamined, and it doesn’t consider the many ways that by compromising vendors in ways beyond cyberattacks might affect the vote.

Perhaps the report is silent about vendors precisely because of Winner’s pending case, to avoid publicly mentioning in unclassified form the attacks that the document she is accused of leaking. Or perhaps the committee just did an inadequate job of reviewing what happened in 2016.

Whichever it is, it’s unacceptable.

2018 Senate Intelligence Global Threat Hearing Takeaways

Today was the annual Senate Intelligence Committee Global Threat Hearing, traditionally the hearing where Ron Wyden gets an Agency head to lie on the record.

That didn’t happen this time.

Instead, Wyden gave FBI Director Christopher Wray the opportunity to lay out the warnings the FBI had given the White House about Rob Porter’s spousal abuse problems, which should have led to Porter’s termination or at least loss of access to classified information.

The FBI submitted a partial report on the investigation in question in March. And then a completed background investigation in late July. That, soon thereafter, we received request for follow-up inquiry. And we did that follow-up and provided that information in November. Then we administratively closed the file in January. And then earlier this month we received some additional information and we passed that on as well.

That, of course, is the big takeaway the press got from the hearing.

A follow-up from Martin Heinrich shortly after Wyden’s question suggested he had reason to know of similar “areas of concern” involving Jared Kushner (which, considering the President’s son-in-law is under investigation in the Russian investigation, is not that surprising). Wray deferred that answer to closed session, so the committee will presumably learn some details of Kushner’s clearance woes by the end of the day.

Wray twice described the increasing reliance on “non-traditional collectors” in spying against the US, the second time in response to a Marco Rubio question about the role of Chinese graduate students in universities. Rubio thought the risk was from the Confucius centers that China uses to spin Chinese culture in universities. But not only did Wray say universities are showing less enthusiasm for Confucius centers of late, but made it clear he was talking about “professors, scientists, and students.” This is one of the reasons I keep pointing to the disproportionate impact of Section 702 on Chinese-Americans, because of this focus on academics from the FBI.

Susan Collins asked Mike Pompeo about the reports in The Intercept and NYT on CIA’s attempts to buy back Shadow Brokers tools. Pompeo claimed that James Risen and Matt Rosenberg were “swindled” when they got proffered the story, but along the way confirmed that the CIA was trying to buy stuff that “might have been stolen from the US government,” but that “it was unrelated to this idea of kompromat that appears in each of those two articles.” That’s actually a confirmation of the stories, not a refutation of them.

There was a fascinating exchange between Pompeo and Angus King, after the latter complained that, “until we have some deterrent capacity we are going to continue to be attacked” and then said right now there are now repercussions for Russia’s attack on the US.

Pompeo: I can’t say much in this setting I would argue that your statement that we have done nothing does not reflect the responses that, frankly, some of us at this table have engaged in or that this government has been engaged in both before and after, excuse me, both during and before this Administration.

King: But deterrence doesn’t work unless the other side knows it. The Doomsday Machine in Dr. Strangelove didn’t work because the Russians hadn’t told us about it.

Pompeo: It’s true. It’s important that the adversary know. It is not a requirement that the whole world know it.

King: And the adversary does know it, in your view?

Pompeo: I’d prefer to save that for another forum.

Pompeo later interjected himself into a Kamala Harris discussion about the Trump Administration’s refusal to impose sanctions by suggesting that the issue is Russia’s response to cumulative responses. He definitely went to some effort to spin the Administration’s response to Russia as more credible than it looks.

Tom Cotton made two comments about the dossier that Director Wray deferred answering to closed session.

First, he asked about Christopher Steele’s ties to Oleg Deripaska, something I first raised here and laid out in more detail in this Chuck Grassley letter to Deripaska’s British lawyer Paul Hauser. When Cotton asked if Steele worked for Deripaska, Wray said, “that’s not something I can answer.” When asked if they could discuss it in a classified setting, Wray said, “there might be more we could say there.”

Cotton then asked if the FBI position on the Steele dossier remains that it is “salacious and unverified” as he (misleadingly) quoted Comey as saying last year. Wray responded, “I think there’s maybe more we can talk about this afternoon on that.” It’s an interesting answer given that, in Chuck Grassley’s January 4 referral, he describes a “lack of corroboration for [Steele’s dossier] claims, at least at the time they were included in the FISA applications,” suggesting that Grassley might know of corroboration since. Yet in an interview by the even better informed Mark Warner published 25 days later, Warner mused that “so little of that dossier has either been fully proven or conversely, disproven.” Yesterday, FP reported that BuzzFeed had hired a former FBI cybersecurity official Anthony Ferrante to try to chase down the dossier in support of the Webzilla and Alfa bank suits against the outlet, so it’s possible that focused attention (and subpoena power tied to the lawsuit) may have netted some confirmation.

Finally, Richard Burr ended the hearing by describing what the committee was doing with regards to the Russian investigation. He (and Warner) described an effort to bring out an overview on ways to make elections more secure. But Burr also explained that SSCI will release a review of the ICA report on the 2016 hacks.

In addition to that, our review of the ICA, the Intel Committee Assessment, which was done in the F–December of 06, 16–we have reviewed in great detail, and we hope to report on what we found to support the findings where it’s appropriate, to be critical if in fact we found areas where we found came up short. We intend to make that public. Overview to begin with, none of this would be without a declassification process but we will have a public version as quickly as we can.

Finally, in the last dregs of the hearing, Burr suggested they would report on who colluded during the election.

We will continue to work towards conclusions  on any cooperation or collusion by any individual, campaign, or company with efforts to influence elections or create societal chaos in the United States.

My impression during the hearing was that this might refer to Cambridge Analytica, which tried to help Wikileaks organize hacked emails — and it might well refer to that. But I wonder if there’s not another company he has in mind.

Feinstein’s Homework Assignments

While Devin Nunes has been getting all the headlines for trying to muck up the Mueller investigation, Chuck Grassley and Dianne Feinstein are increasingly at odds, as well. First there was the Grassley-Lindsey Graham bogus referral of Christopher Steele (I say it’s bogus not because I doubt his sworn statements have been inconsistent — they have been — but because FBI doesn’t need a referral for statements made to FBI itself). Then Feinstein released, and then apologized for, releasing the Glenn Simpson transcript. Grassley used that to invent the story that Jared Kushner was spooked and so wouldn’t sit for an interview with the Senate Judiciary Committee (we know that’s bullshit because Kushner released his own statement before giving it to the Senate Intelligence Committee, which “spooked” Richard Burr). Still, in response to a Sheldon Whitehouse and Richard Blumenthal request that Don Jr’s transcript be shared with FBI (because he likely lied in it), Grassley suggested he’d release the transcripts of all the interviews pertaining to the June 9 meeting.

So now both are continuing to collect evidence on their own, at least in part to generate headlines rather than investigative leads. But the most recent requests, both sent out yesterday, provide some insight into what they believe might have happened and what they know (or still don’t know).

In this post, I’ll look at whom Feinstein is requesting information from. In a follow-up I’ll comment on Grassley’s latest request.

Who Feinstein wants to talk to and who represents them

Some of Feinstein’s requests are immediately understandable, including the following people (thoughout this post, I’ve noted the lawyer’s name if the letter was sent to one):

As for the others, the explanation for why the Committee is seeking information explains any connection understood to the investigation. Most of this is open source information to footnoted reporting (click through to see those sources). Where that’s not the case, I’ve bolded it, as that presumably reflects still classified information the Committee received.

Michael Caputo (Dennis Vacco):

You joined the presidential campaign of Donald Trump as a communications advisor upon the recommendation of Paul Manafort, and it has been reported you have close ties to campaign advisor Roger Stone. It also has been reported that you have deep ties to Russia, including having worked for the Kremlin and Russian energy conglomerate Gazprom.

Paul Erickson (sent to him directly):

In May 2016, you were involved in efforts to broker a meeting between Alexander Torshin — someone you described as “President Putin’s emissary” — and top officials for the Trump campaign. In your communications with the Trump campaign about this meeting, you said that you had been “cultivating a back-channel to President Putin’s Kremlin” and that the “Kremlin believes htat the only possibility of a true reset in this relationship would be with a new Republican White House.”

Robert Foresman (sent to him directly):

As a long-time investment banker in Russia, you have developed relationships with senior Kremlin officials and have expressed your passion for private diplomacy to help foster improved U.S.-Russia relations. The Committee has reason to believe you sought to engage the Trump campaign in discussions concerning outreach from senior Kremlin officials.

Rhona Graff (Alan Futerfas, who is also representing Don Jr):

As a senior vice president in the Trump Organization and longtime assistant to Donald Trump, you are likely familiar with the President’s communications and schedule, particularly during the 2016 presidential campaign. For example, Roger Stone and Paul Manafort, [sic] have said they contact you to get access to President Trump. And when Rob Goldstone emailed Donald Trump Jr. about setting up the June 9, 2016 meeting between the Trump campaign and a Russian lawyer, he noted, “I can also send this info to your father via Rhona, but it is ultra sensitive so wanted to send to you first.”

Philip Griffin (sent directly to his email):

You have been a longstanding associate of former Trump campaign manager Paul Manafort and served, reportedly at his request, as an advisor to the Trump campaign during the Republican National Convention in Cleveland in July 2016.

[snip]

You have been a longtime of [sic] associate of Manafort, and you hired Konstantin Kiliminik [sic] to work with you and Manafort in Ukraine. In 2014, you were named in a lawsuit filed by Russian oligarch Oleg Deripaska as a “ley” partner, along with Manafort, Gates, and Kilimnik, in an investment fund that Deripaska contends stole nearly $19 million from him. In 2016, while Manafort was serving as the Trump campaign manager, Kilimnik reportedly emailed Manafort about reporting on Manafort’s role in the campaign with Deripaska, which Manafort suggested might be used to “get whole.”

David Keene (sent directly to him):

In spring 2016, Russian banker Alexander Torshin and Russian national Maria Butina were reportedly involved in efforts to arrange a meeting between Mr. Torshin and then-candidate Donald Trump or his campaign. Mr. Torshin is a “senior Russian official who claimed to be acting at the behest of President Vladimir V. Putin of Russia.” Ms. Butina is the founder of the Russian group known as the Right to Bear Arms and has described herself as a “representative of the Russian Federation” and a “connection between Team Trump and Russia.” You reportedly were introduced to Mr. Torshin in 2011, and were invited by Mr. Torshin and Ms. Butina to speak at the 2013 annual meeting in Moscow for the Right to Bear Arms. Ms. Butina was your guest at the NRA’s 2014 annual meeting, and you traveled along with Trump campaign surrogate Sheriff David Clarke to Moscow in December 2015 for another meeting with Ms. Butina’s organization.

Joseph Keith Kellogg, Jr. (sent directly to him):

As a member of the Trump campaign’s foreign policy team, you worked alongside George Papadopoulos and Carter Page, both of whom had multiple contacts with Russian officials (or their surrogates) that they reported back to the campaign. You also worked on the Trump transition team before joining the National Security Council and served as Chief of Staff under Lt. General Michael Flynn until his removal.

[snip]

You served as Chief of Staff on the National Security Council during the period when General Flynn lied to administration officials about his Russian contacts. It has been reported that, once the White House learned of those lies from Acting Attorney General Sally Yates, you started participating in the President’s daily security briefings, and — once General Flynn was removed — you served as the President’s interim national security advisor.

John Mashburn (sent to him at the White House):

As the Trump campaign policy director, you worked alongside members of the foreign policy team who had multiple contacts with Russian officials (or their surrogates). For example, Rick Dearborn, another senior policy aide, who reportedly shared a May 2016 request from Alexander Torshin, a senior Russian official with close ties to Vladimir Putin, to meet then-candidate Trump or other top campaign officials at the National Rifle Association’s 2016 annual convention. It also has been reported that JD Gordon informed you about pro-Russian changes to the Republican party platform that were championed by the Trump campaign. You role as senior advisor on the transition team, and now White House Deputy Cabinet Secretary, also has given you a firsthand look at other significant events affecting the Trump administration, including the removals of National Security Advisor Michael Flynn and FBI Director James Comey.

Frank Mermoud (sent via email directly to him):

You served as an advisor to the Trump campaign during the Republican National Convention in Cleveland in July 2016, running the program for ambassadors and foreign delegations — a post that you reportedly held at the recommendation of former Trump campaign manager Paul Manafort. Because of your role at the convention, longstanding relationship with Mr. Manafort, and deep business ties to Ukraine,

Amanda Miller (Alan Futerfas, who also represents Don Jr):

As a vice president for marketing at the Trump Organization, you are likely intimately familiar with President Donald Trump and the inner workings of the Trump Organization. For example, you have made public statements on behalf of the Trump Organization regarding the Trump Organization’s efforts to build a Trump Tower in Moscow. In addition, the Committee has reason to believe that you may have information on other Trump business ties to Russia.

Feinstein wants to know who lied to David Ignatius

In general, the items requested are not the surprising. I am, however, interested that Kellogg, Miller, and Spicer were asked about,

All communications concerning the story written by David Ignatius that appeared in the Washington Post on January 12, 2017, titled, “Why did Obama dawdle on Russia’s hacking?

Note, before the story, the transition team did not comment, but after it revealed that Flynn had phoned Sergei Kislyak several times on December 29, two aides called Ignatius and told what we now know are lies.

The Trump transition team did not respond Thursday night to a request for comment. But two team members called with information Friday morning. A first Trump official confirmed that Flynn had spoken with Kislyak by phone, but said the calls were before sanctions were announced and didn’t cover that topic. This official later added that Flynn’s initial call was to express condolences to Kislyak after the terrorist killing of the Russian ambassador to Ankara Dec. 19, and that Flynn made a second call Dec. 28 to express condolences for the shoot-down of a Russian plane carrying a choir to Syria. In that second call, Flynn also discussed plans for a Trump-Putin conversation sometime after the inauguration. In addition, a second Trump official said the Dec. 28 call included an invitation from Kislyak for a Trump administration official to visit Kazakhstan for a conference in late January.

Burck’s clients get different treatment

Also as I noted above, Feinstein staff treated the letter to the two William Burck clients differently. Bannon’s was sent to him, but care of Burck.

But McGahn’s was addressed to Burck.

Unless I missed it, McGahn’s is the only letter treated this way. Which is one reason I suspect the blizzard of stories about what a hero McGahn was in June after he had done clearly obstructive things in May and earlier may have more to do with McGahn’s legal jeopardy than Trump’s.

Update: This Politico piece (h/t PINC) says that McGahn hired Burck last May, right after he had done some really stupid things with respect to the Jim Comey firing.

McGahn came calling in May amid the fallout from Trump’s decision to fire Comey from his post as FBI director — an explosive move that prompted Mueller’s appointment.

The Increasing Panic Surrounding Devin Nunes’ “Extraordinarily Reckless” Plan to Release Memo

I thought I’d chronicle the increasingly senior panic surrounding Devin Nunes’ plan — reportedly backed by Trump — to release the Nunes memo without first letting FBI and DOJ review it. Clearly, there’s concern this will burn underlying sources for the FISA application(s) described in the report. I don’t rule our the belated revelation of something I’ve been hearing for at least six months — that the Dutch passed on intelligence in real time of APT 29 hacking US targets and had an inside view of the operations — isn’t meant as a warning of what will happen if the US further burns the Dutch.

I’m also interested in AAG Stephen Boyd’s emphasis that Nunes delegated his review of these documents to Trey Gowdy, perhaps suggesting both will have some kind of liability for any damage that will result from this game of telephone.

Sunday, January 21: FBI denied a copy of Nunes’ memo.

“The FBI has requested to receive a copy of the memo in order to evaluate the information and take appropriate steps if necessary. To date, the request has been declined,” said Andrew Ames, a spokesperson for the FBI.

Wednesday, January 24: Richard Burr’s Senate Intelligence Committee staffers denied a copy of the memo.

Senate Intelligence Committee Chairman Richard Burr’s staff has not been given access to a classified memo drafted by House Intelligence Committee Chairman Devin Nunes, a sign of how closely House Republicans are guarding allegations of Justice Department wrongdoing over surveillance activities in the Russia investigation.

According to three sources familiar with the matter, Burr’s staff requested a copy of the memo and has been denied, just as the FBI and Justice Department have also been denied reviewing a copy of the document.

Wednesday, January 24: Trump’s Assistant Attorney General for Legislative Affairs Stephen Boyd writes letter noting that releasing memo will violate agreement.

Recent news reports indicate a classified memorandum prepared by House Permanent Select Committee on Intelligence (HPSCI or Committee) staff alleges abuses at the Department of Justice (Department) and the Federal Bureau of Investigation (FBI) in the FISA process. We understand many members of the House of Representatives have views this memorandum and that it has raised concerns.

As you know, we have provided HPSCI with more than 1,000 pages of classified documents relating to the FBI’s relationship, if any, with a source and its reliance, if any, on information provided by that source. Media reports indicate that the Committee’s memorandum contains highly classified material confidentially provided by the Department to the Committee in a secure facility.1

[snip]

In addition, we have also heard that HPSCI is considering making the classified memorandum available to the public and the media, an unprecedented action. We believe it would be extraordinarily reckless for the Committee to disclose such information publicly without giving the Department and the FBI the opportunity to review the memorandum and to advise the HPSCI of the risk of harm to national security and to ongoing investigations that could come from public release. Indeed, we do not understand why the Committee would possibly seek to disclose classified and law enforcement sensitive information without first consulting with the relevant members of the Intelligence Community.

Seeking Committee approval of public release would require HPSCI committee members to vote on a staff-drafted memorandum that purports to be based on classified source materials that neither you nor most of them have seen. Given HPSCI’s important role in overseeing the nation’s intelligence community, you well understand the damaging impact that the release of classified material could have on our national security and our ability to share and receive sensitive information from friendly foreign governments.

[snip]

Additionally, we believe that wider distribution of the classified information presumably contained within your memorandum would represent a significant deviation from the terms of access granted in good faith by the Department, HPSCI, and the Office of Speaker Paul Ryan.

The Department renews its request — as previously made in a personal appeal by the Director of the FBI — for an opportunity to review the memorandum in question so that it may respond to the Committee before any vote on public release.

1 To date, the Department has provided detailed briefings and made available to HPSCI documents requested as part of its investigation into Russian influence in the 2016 election. The terms of access stipulated that review of the documents would be limited to the Chairman or his designee, the Ranking Member or his designee, and two staff members each. (Mr. Gowdy reviewed the documents for the majority. Mr. Schiff reviewed the documents for the minority.) Other committees of jurisdiction — the Senate Select Committee on Intelligence, the Senate Committee on the Judiciary, and the House Committee on the Judiciary — have accepted similar procedural safeguards to protect against improper dissemination of information.

Thursday, January 25: DOJ spox (and close Jeff Sessions ally) Sarah Isgur Flores goes on Fox to argue DOJ should get to look at the memo first,

Let us see it first. At this point, nobody in the Senate or the White House or the Department of Justice or FBI has seen this document, and a number of Congressmen have expressed a lot of concern about it. So we would like to see it. Well, I think we’d certainly want to see any evidence of wrong-doing and take action upon that if there is wrong-doing going on. And then, I think we’d want to discuss, I mean, this is classified material for a reason. It has national security implications. It may have implications for our allies or others in the intelligence community.

Thursday, January 25: Majority Whip and SSCI member John Cornyn says Nunes should let DOJ review the memo.

Cornyn, who has been briefed on Nunes memo, suggests Nunes should listen to DOJ concerns. “We all should pay attention to what the Justice Department’s concerns are, and I’m sure the chairman will. It’s always good when we communicate and consult with one another,” he told me

Thursday, January 25: James Lankford says Nunes should follow “proper declassification procedures.”

Update: First, I fixed the dates.

Second, I wasn’t aware of this statement from Paul Ryan’s spox, sometime in the last day. (h/t Maestro)

A spokesman for Ryan pushed back at the DOJ’s characterization of the negotiations.

“As previously reported, the speaker’s only message to the Department was that it needed to comply with oversight requests and there were no terms set for its compliance,” Doug Andres, the spokesman, said in a statement.

This is fairly breathtaking, as it suggests Ryan (and by association Nunes) are not agreeing to abide by any of the security precautions imposed on the access to highly sensitive case files Nunes obtained.

With the Corey Lewandowski Interview, Devin Nunes Confirms He’s No More Than Trump’s Mole

In the wake of Michael Wolff’s publication of Steve Bannon’s insistence that Donald Trump met with the attendees at the June 9, 2016 Trump Tower meeting, we got word that Bannon — who claims never to have interviewed with Robert Mueller’s team — has hired the same lawyer representing Reince Priebus and Don McGahn for an interview this week with the House Intelligence Committee.

Two sources tell us Burck is helping Bannon prepare for an interview with the House intelligence committee, which is currently scheduled for next week. Sources also said Bannon plans to “fully cooperate” with investigators.

Burck also represents White House Counsel Don McGahn and former Chief of Staff Reince Priebus for the purposes of the Russia probe, as Law360 reported last September.

It is not unheard of for one attorney to represent more than one client on the same matter. But the fact that several key players with Trump administration ties have the same lawyer could irk investigators.

Then, yesterday, news broke that Corey Lewandowski will interview with HPSCI this week. He, too, claims he has never interviewed with Mueller’s team.

Former Trump campaign manager Corey Lewandowski says that he has yet to be contacted by Special Counsel Robert Mueller as part of the ongoing Russia investigation.

Lewandowski, who was interviewed by WABC’s Rita Cosby on Sunday, also confirmed reports that he will be interviewed on either Wednesday or Thursday by the House Intelligence Committee as part of its Russia probe.

“I have nothing to hide. I didn’t collude or cooperate or coordinate with any Russian, Russian agency, Russian government or anybody else, to try and impact this election,” Lewandowski says he plans to tell the House panel.

Daily Caller is right — it’s odd that Mueller hasn’t interviewed Lewandowski, given that he had these critically timed interactions with George Papadopoulos.

April 27: Papadopoulos to Corey Lewandowski

“to discuss Russia’s interest in hosting Mr. Trump. Have been receiving a lot of calls over the last month about Putin wanting to host him and the team when the time is right.”

April 27: Papadopoulos authored speech that he tells Timofeev is “the signal to meet”

[snip]

May 4, Papadopoulos to Lewandowski (forwarding Timofeev email):

“What do you think? Is this something we want to move forward with?”

May 14, Papadopoulos to Lewandowski:

“Russian govemment[] ha[s] also relayed to me that they are interested in hostingMr. Trump.”

[snip]

June 19: Papadopoulos to Lewandowski

“New message from Russia”: “The Russian ministry of foreign affairs messaged and said that if Mr. Trump is unable to make it to Russia, if campaign rep (me or someone else) can make it for meetings? I am willing to make the trip off the record if it’s in the interest of Mr. Trump and the campaign to meet specific people.”

The decision to call two key Trump people whom Mueller hasn’t met happens in the wake of events that haven’t gotten sufficient attention. On January 3, Rod Rosenstein and Christopher Wray met with Paul Ryan to request that he limit the documents Nunes had requested from FBI. Ryan backed Nunes, which led Rosenstein and Wray to agree to show a bunch of highly sensitive documents to HPSCI investigators, as well as agree to interviews with the FBI and DOJ people who had either touched the Steele dossier or been witnesses to Jim Comey’s claims that Trump demanded loyalty from him.

At Wednesday’s meeting — initiated at Rosenstein’s request — Rosenstein and Wray tried to gauge where they stood with the House speaker in light of the looming potential contempt of Congress showdown and Nunes’ outstanding subpoena demands, sources said. CNN is told the discussion did not involve details of the separate Russia investigation being led by special counsel Robert Mueller.

While Ryan had already been in contact with Rosenstein for months about the dispute over documents, Rosenstein and Wray wanted to make one last effort to persuade him to support their position. The documents in dispute were mostly FBI investigative documents that are considered law enforcement sensitive and are rarely released or shared outside the bureau.

During the meeting, however, it became clear that Ryan wasn’t moved and the officials wouldn’t have his support if they proceeded to resist Nunes’ remaining highly classified requests, according to multiple sources with knowledge of the meeting.

Sources also told CNN that the Justice Department and the FBI also had learned recently that the White House wasn’t going to assert executive privilege or otherwise intervene to try to stop Nunes.

The focus on all the reporting has been on the dossier; indeed, one of CNN’s sources says Mueller’s investigation didn’t come up. It’s not clear that makes sense, given the implication that Trump might claim executive privilege over something being discussed, unless the privilege claim pertained to the two-page summary of the dossier given to him and Obama.

Moreover, the letter memorializing what Nunes forced Rosenstein and Wray to give up suggests the discussion involved all “investigative documents that relate to the Committee’s investigations into (a) Russian involvement in the 2016 Presidential election,” as well as its efforts to find evidence of politicization at DOJ.

As agreed, designated Committee investigators and staff will be provided access to all remaining investigative documents, in unredacted form, for review at DOJ on Friday, January 5, 2018. The documents to be reviewed will include all FBI Form-1023s and all remaining FBI Form FD-302s responsive to the Committee’s August 24, 2017 subpoenas. The only agreed-upon exception pertains to a single FD-302, which, due to national security interests, will be shown separately by Director Wray to myself and my senior investigators during the week of January 8, 2018.

You further confirmed that there are no other extant investigative documents that relate to the Committee’s investigations into (a) Russian involvement in the 2016 Presidential election or (b) other investigatory documents germane to the Committee’s investigations regardless of form and/or title. If, somehow, “new” or “other” responsive documents are discovered, as discussed, you will notify me immediately and allow my senior investigators to review them shortly thereafter.

[snip]

It was further agreed that all documents made available to the Committee will also be available for review by the minority Ranking Member and designated staff.

If that’s right — if the document requests pertain to both the Steele dossier and the Mueller investigation, then on January 5, HPSCI would have been able to determine everyone who had been interviewed and what they had said (which is a good way to ensure that witnesses not cooperate with Mueller). And last week, Nunes, would have been able to review a 302 (the forms FBI uses to report their interviews with witnesses) that, for some reason, was even more sensitive than the FISA orders and confidential human source reports they had reviewed the previous Friday. From his language, it’s not clear whether Adam Schiff would have been included in that review.

Last Wednesday, Wray and Rosenstein gave briefings to Adam Schiff, reportedly by himself, and Richard Burr and Mark Warner together. If Schiff wasn’t included in the review of that 302, then that may explain what the briefing pertained to.

Just last month, Nunes was digging in and refusing to let Democrats call obvious witnesses. So the news that HPSCI will interview two key Trump people with whom Mueller has not yet met makes it clear — if it wasn’t already — that Nunes is trying to identify everything that Mueller might learn, so that he can then give Trump a clean bill of health and insist the entire investigation was just a political stunt drummed up from the Steele dossier (which is what Paul Manafort seems to have recommended last year).

And as all these machinations have gone on, Trump has vacillated about whether or not he’ll submit to an interview with Mueller. Perhaps Nunes has told him that the one thing that might make Mueller’s case is either a confirmation or denial from the President whether he knew or attended that June 9 meeting?

Eleven (or Thirteen) Senators Are Cool with Using Section 702 to Spy on Americans

The Senate Intelligence Committee report on its version of Section 702 “reform” is out. It makes it clear that my concerns raised here and here are merited.

In this post, I’ll examine what the report — particularly taken in conjunction with the Wyden-Paul reform — reveals about the use of Section 702 for domestic spying.

The first clue is Senator Wyden’s effort to prohibit collection of domestic communications — the issue about which he and Director of National Intelligence Dan Coats have been fighting about since June.

By a vote of four ayes to eleven noes, the Committee rejected an amendment by Senator Wyden that would have prohibited acquisition under Section 702 of communications known to be entirely domestic under authority to target certain persons outside of the United States. The votes in person or by proxy were as follows: Chairman Burr—no; Senator Risch—no; Senator Rubio—no; Senator Collins—no; Senator Blunt—no; Senator Lankford—no; Senator Cotton—no; Senator Cornyn—no; Vice Chairman Warner—no; Senator Feinstein—aye; Senator Wyden—aye; Senator Heinrich— aye; Senator King—no; Senator Manchin—no; and Senator Harris—aye.

It tells us that the government collects entirely domestic communications, a practice that Wyden tried to prohibit in his own bill, which added this language to Section 702.

(F) may not acquire communications known to be entirely domestic;

This would effectively close the 2014 exception, which permitted the NSA to continue to collect on a facility even after it had identified that Americans also used it. As I have explained is used to collect Tor (and probably VPN) traffic to obtain foreigners’ data. I suspect that detail is what Wyden had in mind when, in his comments in the report, he said the report itself “omit[s] key information about the scope of authorities granted the government” (though there are likely other things this report hides).

I have concerns about this report. By omitting key information about the scope of authorities granted the government, the Committee is itself contributing to the continuing corrosive problem of secret law

As the bill report lays out, Senators Burr, Risch, Rubio, Collins, Blunt, Lankford, Cotton, Cornyn, Warner, King, and Manchin are all cool using a foreign surveillance program to spy on their constituents, especially given that Burr has hidden precisely the impact of that spying in this report.

Any bets on whether they might have voted differently if we all got to know what kind of spying on us this bill authorized.

That, of course, is only eleven senators who are cool with treating their constituents (or at least those using location obscuring techniques) like foreigners.

But I’m throwing Feinstein and Harris in with that group, because they voted against a Wyden amendment that would have limited how the government could use 702 collected data in investigations.

By a vote of two ayes to thirteen noes, the Committee rejected an amendment by Senator Wyden that would have imposed further restrictions on use of Section 702-derived information in investigations and legal proceedings. The votes in person or by proxy were as follows: Chairman Burr—no; Senator Risch—no; Senator Rubio—no; Senator Collins—no; Senator Blunt—no; Senator Lankford—no; Senator Cotton—no; Senator Cornyn—no; Vice Chairman Warner—no; Senator Feinstein—no; Senator Wyden— aye; Senator Heinrich—aye; Senator King—no; Senator Manchin— no; and Senator Harris—no.

While we don’t have the language of this amendment, I assume it does what this language in Wyden’s bill does, which is to limit the use of Section 702 data for purposes laid out in the known certificates (foreign government including nation-state hacking, counterproliferation, and counterterrorism — though this language makes me wonder if there’s a Critical Infrastructure certificate or whether it only depends on the permission to do so in the FBI minimization procedures, and the force protection language reminds me of the concerns raised by a recent HRW FOIA permitting the use of 12333 language to do so).

(B) in a proceeding or investigation in which the information is directly related to and necessary to address a specific threat of—

(i) terrorism (as defined in clauses (i) through (iii) of section 2332(g)(5)(B) of title 18, United States Code);

(ii) espionage (as used in chapter 37 of title 18, United States Code);

(iii) proliferation or use of a weapon of mass destruction (as defined in section 2332a(c) of title 18, United States Code);

(iv) a cybersecurity threat from a foreign country;

(v) incapacitation or destruction of critical infrastructure (as defined in section 1016(e) of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001 (42 U.S.C. 5195c(e))); or

(vi) a threat to the armed forces of the United States or an ally of the United States or to other personnel of the United States Government or a government of an ally of the United States.

Compare this list with the one included in the bill, which codifies the use of 702 data for issues that,

“Affects, involves, or is related to” the national security of the United States (which will include proceedings used to flip informants on top of whatever terrorism, proliferation, or espionage and hacking crimes that would more directly fall under national security) or involves,

  • Death
  • Kidnapping
  • Serious bodily injury
  • Specified offense against a minor
  • Incapacitation or destruction of critical infrastructure (critical infrastructure can include even campgrounds!)
  • Cybersecurity, including violations of CFAA
  • Transnational crime, including transnational narcotics trafficking
  • Human trafficking (which, especially dissociated from transnational crime, is often used as a ploy to prosecute prostitution; the government also includes assisting undocumented migration to be human trafficking)

[snip]

Importantly, the bill does not permit judicial review on whether the determination that something “affects, involves, or is related to” national security. Meaning Attorney General Jeff Sessions could decide tomorrow that it can collect the Tor traffic of BLM or BDS activists, and no judge can rule that’s an inappropriate use of a foreign intelligence program.

The bill report’s description of this section makes it clear that — in spite of its use of the word “restriction,” — this is really about providing affirmative “permission.”

Section 6 provides restrictions on the Federal Bureau of Investigation’s (FBI’s) use of Section 702-derived information, so that the FBI can use the information as evidence only in court proceedings [my emphasis]

That is, Wyden would restrict the use of 702 data to purposes the FISC has affirmatively approved, rather than the list of 702 purposes expanded to include the most problematic uses of Tor: all hacking, dark markets, and child porn.

So while Feinstein and Harris voted against the use of 702 to collect known domestic communications, they’re still okay using domestic Tor commuincations they say they don’t want to let NSA collect to prosecute Americans (which is actually not surprising given their past actions on sex workers).

Again, they’re counting on the fact that the bill report is written such that their constituents won’t know that this is going on. Unless they read me.

Look, I get the need to collect on Tor traffic to go after its worst uses. But if you’re going to do that, stop pretending this is a foreign surveillance bill, and instead either call it a secret court bill (one that effectively evades warrant requirements for all Tor wiretapping in this country), or admit you’re doing that collection and put review of it back into criminal courts where it belongs.

The Senate Intelligence Committee 702 Bill Is a Domestic Spying Bill

Richard Burr has released his draft Section 702 bill.

Contrary to what you’re reading about it not “reforming” 702, the SSCI bill makes dramatic changes to 702. Effectively, it makes 702 a domestic spying program.

The SSCI expands the kinds of criminal prosecutions with which it can use Section 702 data

It does so in Section 5, in what is cynically called “End Use Restriction,” but which is in reality a vast expansion of the uses to which Section 702 data may be used (affirmatively codifying, effectively, a move the IC made in 2015). It permits the use of 702 data in any criminal proceeding that “Affects, involves, or is related to” the national security of the United States (which will include proceedings used to flip informants on top of whatever terrorism, proliferation, or espionage and hacking crimes that would more directly fall under national security) or involves,

  • Death
  • Kidnapping
  • Serious bodily injury
  • Specified offense against a minor
  • Incapacitation or destruction of critical infrastructure (critical infrastructure can include even campgrounds!)
  • Cybersecurity, including violations of CFAA
  • Transnational crime, including transnational narcotics trafficking
  • Human trafficking (which, especially dissociated from transnational crime, is often used as a ploy to prosecute prostitution; the government also includes assisting undocumented migration to be human trafficking)

This effectively gives affirmative approval to the list of crimes for which the IC can use 702 information laid out by Bob Litt in 2015 (in the wake of the 2014 approval).

Importantly, the bill does not permit judicial review on whether the determination that something “affects, involves, or is related to” national security. Meaning Attorney General Jeff Sessions could decide tomorrow that it can collect the Tor traffic of BLM or BDS activists, and no judge can rule that’s an inappropriate use of a foreign intelligence program.

“So what?” you might ask, this is a foreign surveillance program. So what if they find evidence of child porn in the course of spying on designated foreign targets, and in the process turn it over to the FBI?

The reason this is a domestic spying program is because of two obscure parts of 702 precedent.

The 2014 exception permits NSA to collect Tor traffic — including the traffic of 430,000 Americans

First, there’s the 2014 exception.

In 2014, the FISC approved an exception to the rule that the NSA must detask from a facility when it discovers that a US person was using it. I laid out the case that the facilities in question were VPNs (collected in the same way PRISM would be) and Tor (probably collected via upstream collection). I suggested then that it was informed speculation, but it was more than that: the 2014 exception is about Tor (though I haven’t been able to confirm the technical details of it).

NSA is collecting Tor traffic, including the traffic of the 430,000 Americans each day who use Tor.

One way to understand how NSA gets away with this is to consider how the use of upstream surveillance with cybersecurity works. As was reported in 2015, NSA can use upstream for cybersecurity purposes, but only if that use is tied to known indicators of compromise of a foreign government hacking group.

On December 29 of last year, the Intelligence Community released a Joint Analysis Report on the hack of the DNC that was considered — for cybersecurity purposes — an utter shitshow. Most confusing at the time was why the IC labeled 367 Tor exit nodes as Russian state hacker indicators of compromise.

But once you realize the NSA can collect on indicators of compromise that it has associated with a nation-state hacking group, and once you realize NSA can collect on Tor traffic under that 2014 exception, then it all begins to make sense. By declaring those nodes indicators of compromise of Russian state hackers, NSA got the ability to collect off of them.

NSA’s minimization procedures permit it to retain domestic communications that are evidence of a crime

The FISC approved the 2014 exception based on the understanding that NSA would purge any domestic communications collected via the exception in post-tasking process. But NSA’s minimization procedures permit the retention of domestic communications if the communication was properly targeted (under targeting procedures that include the 2014 exception) and the communication 1) includes significant foreign intelligence information, 2) the communication includes technical database information (which includes the use of encryption), 3) contains information pertaining to an imminent threat of serious harm to life or property OR,

Such domestic communication does not contain foreign intelligence information but is reasonably believed to contain evidence of a crime that has been, is being, or is about to be committed. Such domestic communication may be disseminated  (including United States person identities) to appropriate law enforcement authorities, in accordance with 50 U.S.C. § 1806(b) and 1825(c), Executive Order No 12333, and, where applicable, the crimes reporting procedures set out in the August 1995 “Memorandum of Understanding: Reporting of Information Concerning Federal Crimes,” or any successor document.

So they get the data via the 2014 exception permitting NSA to collect from Tor (and VPNs). And they keep it and hand it off to FBI via the exception on NSA’s destruction requirements.

In other words, what Richard Burr’s bill does is affirmatively approve the use of Section 702 to collect Tor traffic and use it to prosecute a range of crimes, some of them potentially quite minor.