Posts

Rat-Fucker Rashomon: Four Stories about Roger Stone (Introduction)

As background for some other things and because I’m a former scholar of narrative, I want to lay out the four different stories that have been told of Roger Stone’s actions in 2016 and after:

One day there might be a fifth story, the investigative records, but those are still so redacted (and the subjects were such committed liars) to be of limited use right now, so while I will integrate them and other public records into this series, I won’t treat them as a separate story.

I observed in this post that a September 2018 affidavit revealed that the Stone indictment and trial were, in part, investigative steps in a larger investigation, an investigation that Bill Barr appears to have since substantially killed. The affidavit asked for (and received) a gag because, it explained, investigators were trying to keep Stone from learning that the investigation into him was broader than he thought.

It does not appear that Stone is currently aware of the full nature and scope of the ongoing FBI investigation. Disclosure of this warrant to Stone could lead him to destroy evidence or notify others who may delete information relevant to the investigation.

Partly, the larger investigation must have been an effort to determine — and if possible, obtain proof beyond a reasonable doubt — of how Stone optimized the release of (at least) the Podesta emails. I think the evidence shows Stone did partly optimize the release, though I also believe doing so served as much to compromise Stone and others as to help Trump get elected. In an unreliable Paul Manafort interview, Trump’s former campaign chair describes a conversation (this may have taken place in spring 2018, during a period when Manafort unconvincingly claims he was not engaged in concocting a cover story with his lifelong buddy) where Stone clarified that he was just a conduit in the process of optimizing the Podesta release, not the decision maker.

Stone said to Manafort that he was not the decision maker or the controller of the information. Stone said he may have had advance knowledge, but he was not the decision maker. Stone was making clear to Manafort that he did not control the emails or make decisions about them. Stone said he received information about the Podesta emails but was a conduit, not someone in a position to get them released.

That’s Stone and Manafort’s less damning explanation, that Stone did have advance knowledge but didn’t control the process! It may also be true, though Stone likely believed he was controlling things in real time, when he was making stupid promises. Being a reckless rat-fucker can make a guy vulnerable to rat-fuckery himself.

I also believe that prosecutors did confirm how Stone got (information on) the emails and what stupid promises he had to make to get them, though not until after Stone was charged in his cover-up and probably not beyond a reasonable doubt. But, likely for a variety of reasons, they never told us that in any of the four stories that have been released about Stone.

So I want to examine what story each of the four narratives tell, because what an author withholds [wink] is always at least as interesting as what storyline the author uses to engage her readers.

The Mueller Report

All these stories are constrained, in part, by their genre.

For example, legally, the Mueller Report fulfills a requirement of the regulation under which Mueller was appointed.

Closing documentation. At the conclusion of the Special Counsel’s work, he or she shall provide the Attorney General with a confidential report explaining the prosecution or declination decisions reached by the Special Counsel.

You finish your work, and you tell the Attorney General overseeing your work whom you charged, whom you didn’t, and why. The Mueller Report, consisting of two volumes and some appendices laying out referrals from the investigation itself, therefore had to tell a story to support these decisions:

  • To charge a bunch of IRA trolls but none of the Americans unwittingly cooperating with them
  • To charge a bunch of Russian intelligence officers but not WikiLeaks or Roger Stone (though note that Rod Rosenstein has said the WikiLeaks investigation always remained at EDVA)
  • Not to charge Don Jr and Stone for accepting or soliciting illegal campaign donations from foreigners
  • Not to charge a bunch of Trumpsters for their sleazy influence peddling
  • To charge a bunch of Trumpsters with lying and (in the case of Manafort and Gates) various kinds of financial fraud, but not to charge other Trumpsters for equally obvious lying
  • Effectively (and this is my opinion), to refer Trump to Congress for impeachment
  • To refer a bunch of other matters, ranging from Trumpsters’ financial fraud, George Nader’s child porn (though given the releases from the other day, it’s not clear that’s formally in the report), and a number of counterintelligence matters, for further investigation

That’s not all. Technically, one investigation into someone either close to or Trump himself wasn’t even done at the time Mueller finished. Documents show a campaign finance investigation–AKA bribery–involving a bank owned by a foreign country was ongoing; Bill Barr has recently publicly bitched about the legal theory behind the investigation (one SCOTUS approved) and it has been closed. And, significantly, for the purpose of this series, Mueller had not obtained Stone aide Andrew Miller’s testimony when the Report got written either, though at the minute Miller agreed to testify, Mueller was giving a presser closing up shop, presumably (though not definitely) making Miller’s testimony part of the ongoing investigation related to Stone.

Aside from those two details, the story the Mueller Report has to tell has to explain those prosecutorial decisions. For the sake of this series, then, the story has to tell why Stone wasn’t charged for soliciting illegal campaign donations from WikiLeaks, why he was charged for lying to obscure who his go-between was and whether he had discussed all that with Trump and others on the campaign, and why Trump should be impeached for his promises to pardon Stone (among others) for covering up what really happened in 2016.

Significantly for this story, Stone was not charged because he lied about having a go-between (he lied to Congress to cover up who it was), nor was he charged for any actions he took with his go-between to get advance information. I’m not certain, but such charges may actually not be precluded by double jeopardy; if not, this story may have been written to ensure no double jeopardy attached. In any case, we shouldn’t expect details of his go-between to be fully aired in the report (or encompassed by it), because it was not a prosecutorial decision that needed to be explained.

The timeline of the Stone part of this story starts in early June 2016, and (for the main part of his story) ends the day the Podesta emails got released, October 7, leaving out a bunch of Stone activities that were key prongs of the investigation.

The Stone prosecution

The story told by the Stone prosecution unsurprisingly adopts the same general scope as the Mueller Report.

As noted above, the government took a number of investigative steps in 2018 that they kept secret from Stone, explicitly because they wanted Stone to continue to believe he was only under investigation for his lies about his claims about having a go-between with WikiLeaks. Because of that, I think the story the Stone prosecution told is best understood as a way to use the prosecution to advance a larger investigation, without compromising the rest of it. As such, it makes the way in which prosecutors controlled this narrative all the more interesting. That dual objective — advancing the larger investigation but keeping secrets –meant that prosecutors needed to provide enough detail to win the case — possibly even to get testimony about specific details to achieve other objectives in their investigation — but not disclose details that would give away the rest or require unreliable witnesses.

The Stone prosecutors provided us a handy timeline to show the scope of its story, split into two sections. The first starts with Assange’s promise of additional Hillary files on June 12, 2016 and ends on October 7, 2016.

While Rick Gates did testify that Stone predicted a WikiLeaks drop even before June 12, his testimony focused far more closely on discussions they had in the wake of the June 14 DNC announcement they’d been hacked. So the prosecution left out interesting details about what Stone was up to in spring 2016.

By ending the earlier, election-related timeline on October 7, prosecutors didn’t include a presumed Stone meeting with Trump on October 8 or the evidence that he and Corsi had advance knowledge of certain Podesta files, which became clear around October 13, to say nothing of what happened in the days after the election.

Then, the prosecution adopted a later timeline covering obstruction and witness tampering. It starts on January 6, 2017 and — at least on this timeline — goes through January 28, 2018 (though FBI Agent Michelle Taylor introduced evidence and Randy Credico testified to events that took place after that date).

That’s the scope of the story: an abbreviated version of 2016, starting after Stone first starting claiming to have advance warning of the email dumps, and ending well before things started to get interesting in the lead-up to and aftermath of the election.

A simplified version of the plot this story tells is how Stone used Credico to make sure no one would look too closely at what he had been up to with Corsi.

The SSCI Report

As I said, most of these stories were dictated, in part, by genre and a specific goal. Prosecutors writing the Mueller Report could only tell a story that explained prosecutorial decisions, and in this case, they had an ongoing investigation to protect (which Barr appears to have since substantially killed). Prosecutors scoping the Stone prosecution only had to present enough evidence to get their guilty verdict, and presumably didn’t want to produce evidence that would disclose the secrets they were trying to keep or expose a weakness in an otherwise airtight case. As for the warrants, every affidavit an FBI agent writes notes that they are including only as much as required to show probable cause. With a caveat laid out below, the FBI agents wouldn’t want to include too much for fear of giving defendants reason to challenge the warrants in the future. So the Stone affidavits, like all probable cause affidavits, are an exercise in careful narrative, telling a story but not telling too much.

Thus, the SSCI Report (clocking in at almost 1,000 pages) is the only one of these four stories that even pretends to be revealing all it knows. But it also didn’t try to tell the whole story. It limited the scope of the investigation in various ways (most notably, by refusing to investigate Trump’s financial vulnerabilities to Russia). And over and over again, the SSCI Report pulled punches to avoid concluding that the President is a glaring counterintelligence risk. The imperative of protecting the President (and getting Republican votes in Committee to actually release it) affected the way SSCI told its story in very tangible ways.

Because it is a SSCI Report, this story has a ton of footnotes which are (as they are in most SSCI Reports) a goldmine of detail. But the decision of what to put in the main body of a story and what to relegate to a footnote is also a narrative question.

Importantly, SSCI had outside limitations on its investigation — and therefore its story — that the FBI did not have. Rick Gates, Jerome Corsi, and Paul Manafort largely invoked the Fifth Amendment. Stone refused to testify. SSCI only received a limited subset of Mueller’s 302s, and none pertaining to the GRU investigation. SSCI had limited ability to demand the content of communications. The White House and the Trump Org withheld documents, even some documents they otherwise provided to Mueller. Plus, the version of the report we have is heavily redacted (including much of the discussion about WikiLeaks), sometimes for classified reasons but also sometimes (if you trust Ron Wyden’s additional views) to protect the President. That means we don’t even get the full story SSCI told.

Nevertheless, while SSCI left out parts of the story that the FBI seems to have considered important, the SSCI Report also includes a lot that DOJ and FBI had to have known, but for reasons that likely stem, in part, from the stories they wanted or were obligated to tell, they chose not to disclose. That makes the SSCI Report really useful to identify what must be intentional gaps in the other stories.

Like the Mueller Report (in part because it relied heavily on it), the story that the SSCI Report tells about Stone adopts an uneven timeline, narrowly focusing on Stone’s election season activities even while for others it adopts a broader timeframe. More generally, though, the SSCI Report tells a story about the dangerous counterintelligence threats surrounding the President, while stopping short of fully considering how he is himself a counterintelligence threat.

The warrant affidavits

As noted, FBI warrants deliberately and explicitly try to find a sweet spot, establishing probable cause but not including stuff that either might be challenged later or might give away investigative secrets. That said, Andrew Weissmann’s book reveals that Mueller’s team included more detail than needed in affidavits to provide a road map if they all got fired.

We also realized we could use the courts as a kind of external hard drive to back up our work. The applications for search warrants we filed with the court only had to set out a minimum of facts from which the court could find probable cause—a fairly low standard. But by packing those documents with up-to-date details of our investigation, we could create a separate record of our activities—one that would be deposited securely in the judicial system, beyond the reach of the Department of Justice, the White House, or Congress. (Putting such a substantial record before the court had the added benefit of eliciting quick rulings on our applications and demonstrating that we were not tacking too close to the line in establishing the necessary probable cause.)

The affidavits in the Stone case — written by at least 5 different FBI agents — actually tell two stories: The first is a narrative of how allegations were made and then removed, often for emphasis but also, probably in some cases, because suspicions were answered. The second is an evolving narrative of some of the core pieces of evidence that Stone did have advance notice of the releases, and so may have had legal liability — either as a co-conspirator, or someone who abetted the operation — for the hack-and-leak. It came to double in on itself, investigating Stone’s extensive efforts to thwart the investigation. Near the end of the investigation, that story came to incorporate Foreign Agent charges (though it’s not entirely sure how much Stone, or other people like Assange, are the target of those warrants, and virtually all that story is redacted). I lay out how these two narratives intersect here.

For some of the investigation, the affidavits adopted a timeline starting in June 2015 (when Stone worked on the Trump campaign) and continuing through the election, but ultimately that timeline extended through to the present in 2018 and 2019, ostensibly to support the obstruction investigation.

The gaps

The differences between the stories may be easiest to identify by observing what each leaves out. Each of these stories leaves out some pieces of evidence of one or more of the following:

  • The extent and nature of Stone’s provable interactions about WikiLeaks with Trump: While all of these stories do include evidence that Stone kept Trump apprised of his efforts to optimize the Podesta release, the SSCI Report — completed without Trump’s phone records or those of many others, with a very limited set of witness 302s, and limited power to access evidence of its own — describes damning interactions that none of the other stories do.
  • The extent to which either Corsi or Stone succeeded in dictating the release of the Podesta emails on October 7, 2016 and why: Several stories consider only whether Corsi managed to get WikiLeaks to drown out the Access Hollywood video, without considering whether Stone did.
  • What Stone and Corsi did with advance knowledge that WikiLeaks would release information on John Podesta’s ties with Joule holdings: Manafort’s unreliable testimony (and a bunch of other evidence) seems to confirm that Stone and Corsi had at least advance notice of, if not documents themselves, on Podesta’s ties with Joule Holdings that were later released by WikiLeaks. Only one of these four stories — the affidavits — include this process as a central story line, but it’s one way to show that the rat-fucker and the hoaxster did have advance knowledge (and show what their fevered little brains thought they were doing with it).
  • Proof that Stone had foreknowledge: While much of this is inconclusive, the affidavits make it clear that investigators believed Stone’s knowledge went beyond and long preceded what Corsi obtained in early August 2016. Once you establish that foreknowledge, then all question of Corsi versus Credico is substantially meaningless window-dressing (albeit convenient window dressing if you’re trying to hide a larger investigation).
  • Steve Bannon’s knowledge of and possible participation in Stone’s schemes shortly after he came on as campaign manager: The government almost certainly has grand jury testimony laying this out. But we’ve only seen glimpses of what happened after Stone wrote Bannon and floated a way to win the election the day he came onto the campaign, and not all of these stories were even curious about what happened.
  • Stone’s social media efforts to undermine the Russian attribution: I’m agnostic at this point about the significance of investigators’ focus on Stone’s efforts to undermine the Russian attribution for the operation, but some stories cover it and others ignore it conspicuously.
  • Stone’s extended effort to get a pardon for Julian Assange: It is a fact that Stone pursued a pardon for Julian Assange after Trump won. While it’s not yet proven whether Stone reached out to WikiLeaks on or even before November 9 or waited until days later, several of these stories incorporate details of that effort. Others ignore it.
  • Stone’s interactions with Guccifer 2.0: This story is virtually identical, albeit with additive bits, in three of the four stories. It is — almost — entirely absent from the prosecution.

The Manafort-Stone connection

One other detail to consider as you look at the different stories told here: Not a single one of them treats Manafort and Stone as a unit or a team. Partly this is just convenience. It’s hard to tell a story with two villains, and there is so much dirt on both Manafort and Stone, there’s more than enough material for one story for each. We also know that from the very beginning of the investigation, the Mueller team largely kept these strands separate, a team led by Andrew Weissmann focusing on Manafort and a team led by Jeannie Rhee focusing on Russian outreach (though 302s and other documents show that Rhee definitely participated in both, and Weissmann describes working closely with Rhee in his book).

But Roger Stone played a key role in getting Manafort hired by the Trump campaign. They were friends from way back. They used each other to retain a presence on the campaign after they got booted. Stone made reckless efforts to obtain the Podesta files partly in a bid to save Manafort. So while it’s easy to tell a story that keeps the Manafort corruption and the Stone cheating separate, that may not be the correct cognitive approach to understand what happened.

None of these stories tell the complete story. Most deliberately avoid doing so, and the one that tried, the SSCI Report, stopped short of telling all that’s public and didn’t have access to much that remains secret. Reading them together may point to what really happened.

Links to all posts in the series

Billy Barr Released Someone with a History of Conspiring from Prison to Home Confinement

One thing the Senate Intelligence Committee Report on Russia does is confirm there’s a continuity between the efforts to carve up Ukraine pitched to Paul Manafort on August 2, 2016 — at a meeting where he also discussed how he would win Michigan — and the propaganda efforts implicating Ukraine that got the President impeached.

The report has a forty page section describing “Manafort’s Activities After the Election.”

The narrative starts with Kilimnik attempting to leverage his ties to Manafort (in part exploiting Sam Patten). It then describes some of the events described in the Mueller Report: the December 8, 2016 foldered email, a heavily redacted description of his meeting in Madrid with Georgiy Oganov, Konstantin Kilimnik’s trip to the inauguration where he had a meeting with Manafort he kept secret from Patten, a second meeting in Madrid — this time with Kilimnik — where they discussed how to undermine the narrative about Russia.

Then it takes a seeming deviation, spending sixteen pages describing Russia’s efforts — significantly led by Kilimnik — to undermine investigations into Russian interference. Much of this is unredacted. But a section describing Kilimnik’s follow-up contact with US Government officials and including descriptions of John Solomon’s propaganda is heavily redacted.

Then the narrative returns to Manafort and Kilimnik’s joint efforts to carve up Ukraine for Russia. The SSCI Report introduces an eight page section — which is almost entirely redacted save two mentions of Andrii Telizhenko’s role in the effort — by describing Kilimnik’s parallel efforts to blame Ukraine for the 2016 interference and to bring back Yanukovych.

Kilimnik, however, continued efforts to reestablish Yanukovych as part of a peace settlement. Kilimnik worked with associates inside Russia, Ukraine, and elsewhere to affect U.S. perceptions of the conflict in Ukraine. These plans blended Kilimnik’s efforts to bring about Yanukovych’s return-including his exoneration related to the violence in the Maydan in February 2014—with the aforementioned themes promoting the narrative that Ukraine, not Russia, had interfered in the 2016 U.S. elections .

The inclusion of Telizhenko and Solomon in this discussion — right in the middle of a long discussion of Manafort’s ties to Kilimnik — definitively tie the events leading up to impeachment and Ron Johnson’s current efforts to spew Russian disinformation to Manafort’s efforts with Kilimnik.

This is part of a section that Ron Wyden complained, in his separate views on the report, was overly classified.

(U) Unfortunately, significant aspects of this story remain hidden from the American public. Information related to Manafort’s interactions with Kilimnik, particularly in April 2016, are the subject of extensive redactions. Evidence connecting Kilimnik to the GRU’s hack-and- . . leak operations are likewise redacted, as are indications of Manafort’s own connections to those operations. There are redactions to important new information with regard to Manafort’s meeting in Madrid with a representative of Oleg Deripaska. The report also includes extensive information on Deripaska, a proxy for Russian intelligence and an associate of Manafort. Unfortunately, much of that information is redacted as well.

(U) The report is of urgent concern to the American people, in part due to its relevance to the 2020 election and Russia’s ongoing influence activities. The public version of the report details how Kilimnik disseminated propaganda claiming Ukrainian interference in the 2016 election, beginning even before that election and continuing into late 2019. [redacted sentence] And the report includes information on the role of other Russian government proxies and personas in spreading false narratives about Ukrainian interference in the U.S. election. This propaganda, pushed by a Russian intelligence officer and other Russian proxies, was the basis on which Donald Trump sought to extort the current government of Ukraine into providing assistance to his reelection efforts and was at the center of Trump’s impeachment and Senate trial. That is one of the reasons why the extensive redactions in this section of the report are so deeply problematic. Only when the American people are informed about the role of an adversary in concocting and disseminating disinformation can they make democratic choices free of foreign interference.

(U) As the Committee stressed .in Volume 3 of its investigation, the public must be informed as soon as possible about ongoing foreign influence campaigns. The American people are not served by aggressive redactions to a narrative describing the continuity of Russian interference before and after the 2016 election. The American people also deserve better than a double standard in which information related to Russian interference in U.S. elections remains heavily redacted while information that might cast doubton investigations into that interference is released wholesale.

After a short description of Manafort’s discussions of the investigations with Rick Gates, the Report begins an entirely new, thirty-some page section detailing Manafort’s ties — through Deripaska — to Russian intelligence, specifically GRU. That’s another section that Wyden complained was overly redacted.

I’m not aware of any place where the Report describes a document, seemingly titled with the date, August 27, 2018 (but with a last modification date of May 15, 2018), describing “Info.”

The document was revealed as part of Manafort’s breach determination Judge Amy Berman Jackson has been mulling how much of this to unseal for over a month.

In any case, Paula Manafort and Konstantin Kilimnik appear to have been planning something for August 27, 2018.

Which is interesting, given something disclosed in the last two Mueller FOIA releases. On August 21, 2018, Marshals at the Alexandria jail informed the Sheriff that a laptop provided to Paul Manafort for legal review had had its administrative password changed. That same day, per the Sheriff’s office, someone brought Manafort two USB drives. One — marked “Blank” — had a bunch of hidden files in its trash folder.

The day a jury found Manafort guilty of his VA crimes, someone helped sneak files to Manafort. That also happens to be just a week before whatever event Manafort had been planning back in May was scheduled.

And for some reason, even though they learned he was still conspiring from jail, Mueller’s team went ahead and signed a cooperation agreement with the guy.

And yet, after multiple instances where Manafort’s jailers discovered he was communicating covertly from prison, Bill Barr’s DOJ used COVID as an excuse to release him from a prison with no COVID cases, and put him in home confinement. It’s not just that Billy Barr has made sure that Manafort won’t face his full punishment for money laundering and cheating on his taxes. It’s that Barr has made it easier for a guy with abundant ties to Russian intelligence to continue communicating with Russian intelligence.

There’s one other detail in the SSCI Report that makes all of this much more interesting: Just before Manafort snuck off to meet with Kilimnik on August 2, 2016 to share his campaign strategy and discuss carving up Ukraine to Russia’s liking, Manafort had a meeting at Trump Tower with Rudy Giuliani and Donald Trump.

Both Rod Rosenstein and Richard Burr Chose Not to Investigate Trump’s Biggest Counterintelligence Vulnerability

Mike Schmidt has a story describing that Rod Rosenstein led Andrew McCabe to believe that the Deputy Attorney General had tasked Robert Mueller to investigate the counterintelligence risk posed by Trump’s financial vulnerabilities, even though Rosenstein told Mueller to limit his own investigation to criminal matters.

The Justice Department secretly took steps in 2017 to narrow the investigation into Russian election interference and any links to the Trump campaign, according to former law enforcement officials, keeping investigators from completing an examination of President Trump’s decades-long personal and business ties to Russia.

[snip]

Mr. Rosenstein concluded the F.B.I. lacked sufficient reason to conduct an investigation into the president’s links to a foreign adversary. Mr. Rosenstein determined that the investigators were acting too hastily in response to the firing days earlier of James B. Comey as F.B.I. director, and he suspected that the acting bureau director who approved the opening of the inquiry, Andrew G. McCabe, had conflicts of interest.

Mr. Rosenstein never told Mr. McCabe about his decision, leaving the F.B.I. with the impression that the special counsel would take on the investigation into the president as part of his broader duties. Mr. McCabe said in an interview that had he known Mr. Mueller would not continue the inquiry, he would have had the F.B.I. perform it.

“We opened this case in May 2017 because we had information that indicated a national security threat might exist, specifically a counterintelligence threat involving the president and Russia,” Mr. McCabe said. “I expected that issue and issues related to it would be fully examined by the special counsel team. If a decision was made not to investigate those issues, I am surprised and disappointed. I was not aware of that.”

The story is infuriating — except it also raises a number of questions it doesn’t answer, especially coming from a journalist who himself set Trump’s red line of a financial investigation just weeks after these decisions apparently took place.

Schmidt — who has obviously been fed stories by Andrew McCabe in the past — describes Rosenstein telling Mueller not to do a counterintelligence investigation.

But privately, Mr. Rosenstein instructed Mr. Mueller to conduct only a criminal investigation into whether anyone broke the law in connection with Russia’s 2016 election interference, former law enforcement officials said.

Except he doesn’t explain how that — or continued ignorance on the part of the FBI that Rosenstein had bracketed off such an investigation — is consistent with this passage from the Mueller Report:

From its inception, the Office recognized that its investigation could identify foreign intelligence and counterintelligence information relevant to the FBI’s broader national security mission. FBI personnel who assisted the Office established procedures to identify and convey such information to the FBI. The FBI’s Counterintelligence Division met with the Office regularly for that purpose for most of the Office’s tenure. For more than the past year, the FBI also embedded personnel at the Office who did not work on the Special Counsel’s investigation, but whose purpose was to review the results of the investigation and to send-in writing-summaries of foreign intelligence and counterintelligence information to FBIHQ and FBI Field Offices. Those communications and other correspondence between the Office and the FBI contain information derived from the investigation, not all of which is contained in this Volume.

Sometime before March 2018, a period that may entirely post-date McCabe’s resignation on January 29, 2018, Mueller embedded FBI Agents into his team who knew what he was and wasn’t doing on counterintelligence. It seems impossible that FBI had no idea about the scope of Mueller’s counterintelligence investigation after that point. I’m not suggesting that Schmidt is wrong (he must be right, because Adam Schiff has been saying the same thing). I’m suggesting this narrative (at least as presented in the NYT version of the story), has some gaps.

One gap appears in this passage, suggesting SSCI was simply helpless in the face of legal obstacles in obtaining information on Trump’s finances.

A bipartisan report by the Republican-led Senate Intelligence Committee released this month came the closest to an examination of the president’s links to Russia. Senators depicted extensive ties between Trump associates and Russia, identified a close associate of a former Trump campaign chairman as a Russian intelligence officer and outlined how allegations about Mr. Trump’s encounters with women during trips to Moscow could be used to compromise him. But the senators acknowledged they lacked access to the full picture, particularly any insight into Mr. Trump’s finances.

The single thing in the known scope of the SSCI Report that wasn’t also included in the Mueller Report — with the possible except of an investigation into several other allegations that Trump had been sexually compromised by Russia — is Aleksandr Torshin’s efforts to reach out to Trump via the NRA (but SSCI itself limited its investigation into NRA, and in a few cases wouldn’t have obtained material had Ron Wyden not obtained it on the Finance Committee). One weakness of the SSCI Report is an almost juvenile suggestion that sexual kompromat would the only kind of compromising information Russia had on Trump.

But to some degree, SSCI chose not to include Trump’s financial ties to Russia in their report — that was the most persistent complaint from most Democrats on the committee.

[T]he Committee did not cover all areas of concern. For example, the Committee’s investigation, for a variety of reasons, did not seek, and was not able to review, records regarding Donald Trump’s finance’s and the numerous areas where those financial interests appear to have overlapped with Russia. In tum, the reader should not interpret the Report’s absence of information on this topic to indicate that nothing of interest was found. Rather, it should be acknowledged that this was a potentially meaningful area that the Committee did not probe. [my emphasis]

BuzzFeed reported in 2018 that Richard Burr didn’t think Trump’s financial ties to be relevant.

Burr has dismissed Wyden’s complaints. “Whether every member has chosen to come and actually spend the time to go through [the documents] is a whole other question. I’m tired of hearing the fact that we don’t follow [the money],” Burr said. “We are investigating every avenue that gives us clarity into what the mission is of this investigation, but that’s not to fall outside the mission of the investigation. I could care less how they financed a deal 20 years ago somewhere because I don’t think it’s relevant.”

An earlier report described that Treasury was providing SARs to SSCI’s investigators; it just hadn’t been asked for those pertaining to Trump and his family.

Rod Rosenstein’s decision not to investigate Trump’s vulnerability to Russian compromise is one thing. Richard Burr’s decision to similarly constrain his investigation is another. Indeed, Burr’s decision is in many ways less defensible; as a co-equal branch, it is Congress’ job to ensure that the President doesn’t betray the country.

The fact that both men — who stayed on good terms with Trump while seeming to oversee an aggressive investigation into him — chose not to look into the most obvious source of compromise suggests that someone knows what they would find.

Update: Fixed timing of Mueller Report completion and McCabe resignation as Deputy Director.

Update:  On Twitter, Andrew Weissmann says key parts of the NYT story — the ones I raised questions about — are wrong.

NYT story today is wrong re alleged secret DOJ order prohibiting a counterintelligence investigation by Mueller, “without telling the bureau.” Dozens of FBI agents/analysts were embedded in Special Counsel’s Office and we were never told to keep anything from them.

Also erroneous is NYT claim “Rosenstein concluded the F.B.I. lacked sufficient reason to conduct an investigation into the president’s links to a foreign adversary.” See DOJ Special Counsel Appointment Order, para. (b)(i).

SSCI’s Timidity on Trump Tower Moscow

The SSCI Report on Russia is better, in some ways, than I expected (though weak in others).

But on a key issue — the multiple Trump Tower deals floated during the course of the election — it is inexcusably timid.

The report lays out the three offers we know from the Mueller Report:

  • A Trump Tower deal negotiated through Felix Sater, involving sanctioned banks and GRU-linked middle men and the involvement of people close to Putin
  • A deal brokered by Georgian-American Giorgi Rtskhiladze that included buy-off from the Mayor of Moscow
  • Outreach — in which Ivanka was a party — from the Director of a large energy company, Dmitry Klokov, which was tied to a meeting with Putin

Along the way, the report notes that Felix Sater (whose colorful background it lays out) was not entirely forthcoming even in his April 4, 2018 interview, long after he appears to have cleaned up some discrepancies with the Mueller team (though his later Mueller 302s have been withheld, in part for source endangerment issues, and it’s not clear the committee obtained them). Specifically, Sater was not clear who was involved in scheduling a possible trip for Cohen in December 2015, Felix Shmykov (who had ties to GRU) or Felix Dvoskin (who had ties to FSB and ran a bank operating in Crimea).

Sater told the Committee that although he never had direct communication with Kostin, Kostin was indirectly contacted about the project “through people in Moscow.”2719 Sater recalled that a contact in Moscow, whom he identified only as “Danny,” “indicated that he [Danny] spoke to people at VTB and that they would be on board.”2720 Sater also told the Committee that he used Evgeny Shmykov, the former Russian intelligence officer, as a conduit to VTB.2721

[snip]

On December 19, 2015, Sater emailed and sent a text message to Cohen requesting that Cohen call him because he had “Evgeny on the other line.”2778 Sater told the Committee in his interview prior to the release of the SCO Report that his references to Evgeny were, to his recollection, Evgeny Shmykov. According to the SCO, however, Sater’s reference to “Evgeny” on the December 19 message was a reference to Evgeny Dvoskin, who at the time was associated with a Russian bank operating in Crimea.2779 Through counsel, Sater later represented to the Committee that he may have used both Shmykov and Dvoskin at varying times.2780 As a result, while·this particular outreach appears to involve Dvoskin, the identity behind Sater’s other references to “Evgeny” remains unclear.

(U) Dvoskin is strongly connected to Russian organized crime and the Russian intelligence services, particularly the FSB.2781

There’s no unredacted discussion of whether Cohen was asked about the wisdom of pitching real estate deals with people involved in Russian intelligence. He was, however, asked about the wisdom of pitching real estate deals with sanctioned banks.

He didn’t much care.

As noted infra, both VTB Bank and GenBank were sanctioned by the U.S. Government under its Ukraine-related sanctions program targeting Russian government-connected entities. Cohen was unaware of these sanctions targeting either bank, and stated that, in addition, it “didn’t matter to me” whether the banks were sanctioned. Cohen explained that he believed the Russian developer, not the Trump Organization, would be responsible for financing the deal, and thus Cohen did not think that any sanctions “would have been a problem.”

And while the report twice laid out that the committee did not receive key emails showing high level Russian involvement in the deal, it didn’t chase down Cohen’s claim that Trump Organization managed that document request, not even when the report elsewhere admits that other documents were withheld from Trump Organization.

(U) On other matters, multiple emails between Michael Cohen and Russian government officials-which were responsive to the Committee’s document request-were never produced to the Committee. The withheld emails included outreach to the Kremlin’s press office seeking to speak with Putin’s chief of staff, Sergei Ivanov, as well as a response from Dmitri Peskov’ s assistant seeking to discuss the Trump Moscow project. During Cohen’s initial interview, , Cohen’s then-counsel Stephen Ryan told the Committee that Cohen was not involved in the production of documents to the Committee.3009 Ryan stated that Cohen’s emails from his Trump Organization account were produced to Cohen and his counsel by the Trump Organization “off the Trump [Organization] server.”3010 During that same interview, Cohen made false statements to the Committee about these communications with Russian government officials.3011 Cohen also transmitted his false statements about his outreach to the Kremlin on the project to the press and to the public generally; giving the false impression that Cohen had not communicated in a substantive way with the Russian government regarding the project.3012

(U) Cohen eventually pleaded guilty to making intentionally false statements to this Committee and to the HPSCI related to the Trump Tower project.3013 Cohen eventually admitted to receiving an email response from a Russian government employee; ultimately, he admitted contacting her and conducting a substantive conversation about the Trump Moscow project in January 2016.3014 Cohen told the Committee that the email response, which he never produced to the Committee, was never provided to him by the Trump Organization, another member of the alleged JDA.3015 The Committee was unable to determine the accuracy of this claim. However, if true, this lends support to the conclusion that Cohen’s initial false statements to the Committee were aided by other members of the alleged IDA, namely the Trump Organization.

The report also doesn’t address (as it does in the WikiLeaks section) Trump’s demonstrable lies about Trump Tower, even though those lies are even more clear cut than his lies on WikiLeaks. After Trump claimed to have no recollection of any of this, he went out to the press and said stuff that made it clear he had very clear recollections about the real estate deals he was negotiating while running for President.

In addition to the three well known deals, the SSCI Report describes a fourth, one pitched by Boris Epshteyn to Eric Trump.

Virtually the entire description of this deal is redacted in the report, suggesting either that it’s something Trump has ongoing interest in covering up or it’s something that the Intelligence Community believes has sensitive counterintelligence import.

In addition to the Epshteyn to Eric Trump channel, however, three details are not redacted:

Like the Rtskhiladze pitch, this one included involvement from the Moscow city government.

In the spring of 2016, Epshteyn received the proposal from contacts he had in the Moscow city government, and shared it with Eric Trump, with whom Epshteyn had long been friends.

[snip]

In early 2016, these same individuals affiliated with the Moscow city government reengaged Epshteyn about a potential Trump deal in Russia, ultimately sending him blueprints for a hotel.2998 According to the email chain produced by Epshteyn, the blueprints originated with a secretary for Cheremin in April 2016. Cheremin’s secretary forwarded the plans to an email address that included the name Shutenko, likely affiliated with Oleg Shutenko, Cheremin’s deputy in the Moscow city government.2999

According to a heavily redacted bullet, it appears to involve two people thrown out of the US in 2018 as part of sanctions imposed after the Skripal assassinations, which may suggest they were believed to be spies.

Finally, the deal had some tie to Rossotrudnichestvo, an NGO implicated in the false claims about a Michael Cohen meeting in Prague.

The Rossotrudnichestvo reference came in the last and most inflammatory dossier report:

[redacted] provided further details of these meeting/s and associated anti-CLINTON/Democratic Party operations. COHEN had been accompanied to Prague by 3 colleagues and the timing of the visit was either in the last week of August or the first week of September. One of their main Russian interlocutores was Oleg SOLODUKHIN, operating under Rossotrudnichestvo cover. According to [redacted], the agenda comprised questions on how deniable cash payments were to be made to hackers who had worked in Europe under Kremlin direction against the CLINTON campaign and various contingencies for covering up these operations and Moscow’s secret liaison with the TRUMP team more generally.

This doesn’t mean the Cohen reference is true!! But it is another tidbit that suggests that, to the extent the dossier was filled with disinformation, it served to muddle actual events that happened.

According to the SSCI Report, Eric Trump wasn’t all that enticed by this offer (which appears to have had none of the improbable grandeur of the Sater deal).

Except they didn’t bother to get him on the record saying that personally. It relied exclusively on Epshteyn’s representation of the deal.

(U) Epshteyn recalled sharing these blueprints with Eric Trump and discussing the offer with him. 3000 According to Epshteyn, Eric Trump said that he would “take a look” and that the opportunity “[c]ould be interesting,” but that his overall reaction was “extremely tepid.”3001 Epshteyn claimed that nothing ever came of the offer.3002

(U) The Committee did not seek to interview Eric Trump. The Committee does not have further information related to what action, if any, was taken by the Trump Organization on the proposal.

And it did so even though it had evidence that Trump Organization was part of an organized effort to lie to the committee about a different Russian real estate deal, in part by withholding responsive documents.

So it’s not, just, that SSCI declined to explain why it was so problematic from a counterintelligence standpoint that a Presidential candidate kept entertaining the kind of real estate deal in Russia he had been chasing for over a decade during the election, and at least two of those deals involved Russian intelligence operatives.

It’s that for one of the deals — a deal that, if the redactions are any indication, poses significant counterintelligence concern — SSCI just didn’t bother checking.

Ron Wyden has complained that the committee refused to follow the money of any of this. And with this fourth Trump Tower deal, they weren’t even willing to demand they got the paper trail.

Adam Schiff Makes Clear FBI Is Using Section 215 Like the 2014 Exception

For months, Congress has been debating the reauthorization of Section 215 of the PATRIOT Act. The House passed a compromise bill before COVID shut-downs really halted everything in Congress, though did so in such a way as to prevent Zoe Lofgren from offering any amendments. After the Senate failed to act, the provision (and two related ones lapsed). Then, a few weeks ago, the Senate passed a version that added an amendment from Mike Lee and Patrick Leahy that strengthened the amicus to the previously passed House bill. But an amendment offered by Ron Wyden and Steve Daines failed by one vote after Tom Carper said that Pelosi had warned him its passage would gut FISA (and after Bernie Sanders and Patty Murray didn’t make it for the vote). The operative language of their amendment read,

(C) An application under paragraph (1) may not seek an order authorizing or requiring the production of internet website browsing information or internet search history information.

Zoe Lofgren and Warren Davidson tried to pass that amendment in the House. Over a weekend of heated negotiations, they limited the Wyden-Daines language to apply just to US persons.

(C) An application under paragraph (1) may not seek an order authorizing or requiring the production of internet website browsing information or internet search history information of United States persons.

At first, Wyden endorsed the Lofgren-Davidson language. Except then Adam Schiff gave Charlie Savage a statement that suggested the amendment would only prevent the government from seeking to obtain Americans’ internet information, not prevent it altogether.

But in his own statement, Mr. Schiff put forward a narrower emphasis. Stressing the continued need to investigate foreign threats, he described the compromise as banning the use of such orders “to seek to obtain” an American’s internet information.

That led Ron Wyden to withdraw his support. Leadership withdrew that amendment from the Rule.

Schiff’s ploy seems to suggest one way the government is using Section 215.

Wyden had previously asked how each of three applications for Section 215 would appear in counts:

  • An order in which an IP address used by multiple people is the target
  • An order collecting all the people who visit a particular website
  • An order collecting all the web browsing and internet searches of a single user

I’ve argued in the past that the FBI wouldn’t go to the trouble of a Section 215 order for a person who was not otherwise targeted, the last bullet. Schiff’s willingness to limit collection to foreigners is consistent with that (because targeting non-US persons has a lower probable cause level), meaning that’s not the function the government is so intent on preserving.

Which leaves Wyden’s IP address used by multiple people and a website, what I have suggested might be VPNs and WikiLeaks. Those are the applications that Schiff (and Pelosi) are going to the mat to protect.

That makes something that happened in 2014 important. That year, FISC permitted the government to remain tasked on a selector under 702 (which can only target foreigners) even after finding that Americans were using the selector, provided the US person content was purged after the fact. Except ODNI made a list of enumerated crimes — virtually all of which exploit the Dark Web — that Section 702 content could be used to prosecute. Richard Burr codified that principle when the law was reauthorized in 2017.

Schiff has invoked the same principle — allowing the FBI to target a URL or IP, and in the name of obtaining foreign intelligence, obtaining the US person activity as well. Because this is not treated as “content,” the government may not be limited to instances where the US person activity is location obscured (though it’s possible this is just about obtaining VPN traffic, and not something like WikiLeaks).

Wyden called the resulting practice (remember, this is status quo), as “dragnet surveillance.”

“It is now clear that there is no agreement with the House Intelligence Committee to enact true protections for Americans’ rights against dragnet collection of online activity, which is why I must oppose this amendment, along with the underlying bill, and urge the House to vote on the original Wyden-Daines amendment,” Wyden said.

So once again — still — the government is using a foreign targeted law to obtain leads of Americans to investigate. That, apparently, is what Pelosi considers the key part of FISA: honey pots to identify Americans to investigate.

Meanwhile, DOJ doesn’t even like the changes Lee and Leahy implemented, falsely claiming that the law — which requires DOJ to meet the standards laid out voluntarily by FBI’s response to the DOJ IG Report — does nothing to address the problems identified by the IG Report.

The Department worked closely with House leaders on both sides of the aisle to draft legislation to reauthorize three national security authorities in the U.S.A. Freedom Act while also imposing reforms to other aspects of FISA designed to address issues identified by the DOJ Inspector General. Although that legislation was approved with a large, bipartisan House majority, the Senate thereafter made significant changes that the Department opposed because they would unacceptably impair our ability to pursue terrorists and spies. We have proposed specific fixes to the most significant problems created by the changes the Senate made. Instead of addressing those issues, the House is now poised to further amend the legislation in a manner that will weaken national security tools while doing nothing to address the abuses identified by the DOJ Inspector General.

Accordingly, the Department opposes the Senate-passed bill in its current form and also opposes the Lofgren amendment in the House. Given the cumulative negative effect of these legislative changes on the Department’s ability to identify and track terrorists and spies, the Department must oppose the legislation now under consideration in the House. If passed, the Attorney General would recommend that the President veto the legislation.

Trump, meanwhile, is opposing the bill because it doesn’t go far enough.

WARRANTLESS SURVEILLANCE OF AMERICANS IS WRONG!

Republicans are inventing reasons to oppose it after supporting it in March.

Back in March, Billy Barr said he could do what he needed to with EO 12333. It’s unclear how he’d coerce providers.

But Schiff’s efforts to defeat Wyden make it clear this is a function designed to identify Americans.

Update: I had thought a current vote was on FISA, but is on China sanctions, so I’ve deleted.

Ron Wyden Hints at How the Intelligence Community Hides Its Web Tracking Under Section 215

Ron Wyden had an amendment to Section 215 that would have limited the use of that provision to obtain web traffic information that fell one vote short in the Senate, partly because Nancy Pelosi whipped Tom Carper against it and partly because two Senators (Bernie Sanders and Patty Murray) didn’t get back for a vote. In an effort to resuscitate the amendment in the House under Zoe Lofgren and Warren Davidson’s leadership (which would surely pass if Section 215 got bounced back to the Senate), Ron Wyden released a letter to Ric Grenell trying to force some transparency about how the IC hides the scope of the use of Section 215 to get web search and Internet traffic information.

The letter asks Grenell to explain how Section 215 orders served on IP addresses, rather than email addresses, might get counted in transparency provisions.

How would the government apply the public reporting requirements for Section 215 to web browsing and internet searches? In this context, would the target or “unique identifier” be an IP address?

If the target or “unique identifier” is an IP address, would the government differentiate among multiple individuals using the same IP address, such as family members and roommates using the same Wi-Fi network, or could numerous users appear as a single target or “unique identifier”?

If the government were to collect web browsing information about everyone who visited a particular website, would those visitors be considered targets or “unique identifiers” for purposes of the public reporting? Would the public reporting data capture every internet user whose access to that website was collected by the government?

If the government were to collect web browsing and internet searches associated with a single user, would the public reporting requirement capture the scope of the collection? In other words, how would the public reporting requirement distinguish between the government collecting information about a single visit to a website or a single search by one person and a month or a year of a person’s internet use?

Wyden here lays out three use cases for how the IC might (one should assume does) use Section 215 to get web traffic.

  • An order in which an IP address used by multiple people is the target
  • An order collecting all the people who visit a particular website
  • An order collecting all the web browsing and internet searches of a single user

The government is required to report:

(5)the total number of orders issued pursuant to applications made under section 1861(b)(2)(B) of this title and a good faith estimate of—

(A)the number of targets of such orders; and

(B)the number of unique identifiers used to communicate information collected pursuant to such orders;

Taking each of his three scenarios, here’s what I believe the government would report.

An order in which an IP address used by multiple people is the target

In the first scenario, the government is trying to obtain everyone who “uses” a particular IP address. The scenario laid out by Wyden is a WiFi router used by family or friends, but both because the House Report prohibited such things in 2015 and because DOJ IG has raised questions about targeting everyone who uses a Friends and Family plan, I doubt that’s what the IC really does.

Rather, I suspect this is about VPNs and other servers that facilitate operational security. The government could hypothetically obtain four orders a year getting “VPNs,” requiring providers of each of the 10 major VPNs in the country to provide the IP addresses of all the incoming traffic, which would show the IP addresses of everyone who was using their location obscuring traffic.

In such a case, the targeted VPN IP addresses wouldn’t be communicating information at all. The users would get no information back. Therefore, the IC would only report the number of targets of such orders. If the “target” were defined as VPN, the number would be reported as 4 (for each of the 4 orders); if the “target” were defined as the specific VPN providers, the number of targets would be reported as 10.

The IC would entirely hide the number of individual Americans affected.

An order collecting all the people who visit a particular website

This application would seek to learn who visited a particular website. The classic case would be Inspire magazine, the AQAP propaganda. But I could also see how the IC might want to collect people who visit WikiLeaks’ submission page, or any number of sites that would offer information of interest to foreign spies (even DNI’s report on surveillance collection!). In such a use case, the government might ask not for the information provided to the user, but instead the incoming IP addresses of every request to the website. Again, this would not reflect a communication of information (and certainly not to the end user), so would not be reported under 5B.

If the targets were defined as “AQAP propaganda sites,” Inspire and all its affiliates might be reported as just one target (or might even be counted on a more generalized 215 order targeting AQAP or WikiLeaks, and so not as a unique 215 order at all).

The end users here would, again, not be counted if the collection request deliberately asked for something that did not “communicate information,” though I’m not sure precisely what technical language the government would use to accomplish this.

An order collecting all the web browsing and internet searches of a single user

This use case would ask how a 215 order targeting an individualized target (like Carter Page) shows up in transparency reports. If this were an order served on Google targeting a single account identifier for Google (say, Page’s Gmail account), the government might treat that Gmail identifier as the unique identifier, even though the government was getting information on every time this unique identifier obtained information.

Even in the criminal context, prosecutors don’t always target Google histories (for example, they did not with Joshua Schulte, and so got Google searches going back to before he joined the CIA). In the intelligence context, the FBI is given even more leeway to obtain everything, based off the logic that it’s harder to find clandestine activity.

In other words, Wyden has pointed to three use cases, all of which the IC is surely using, which existing transparency reporting requirements would entirely obscure the impact of.

After Years of Squealing about “FISA Abuse,” Trump’s DNI Nominee Won’t Rule Out Warrantless Wiretapping

As I noted earlier, in his confirmation hearing to be Director of National Intelligence, John Ratcliffe made it crystal clear he will lie to protect Trump by stating that he believed Trump has always accurately conveyed the threat of COVID-19.

Ratcliffe made some other alarming comments. For example:

  • He repeatedly said that Russia had not changed any votes in 2016. The Intelligence Community did not review that issue and Ratcliffe has no basis to make that claim.
  • Ratcliffe also repeatedly refused to back SSCI’s unanimous conclusion that Russia intervened to help Trump.
  • He dodged when Warner asked him to promise to brief the committee even if Russia were trying to help Trump.
  • When asked whether he supported Inspectors General, Ratcliffe said that he supported Michael Horowitz when others attacked him but then suggested he disagreed with Horowitz’ “opinion,” making it clear he does not accept Horowitz’ conclusions that he found no evidence that bias affected the investigation into Trump’s flunkies.
  • Ratcliffe claimed he didn’t have enough information to address Michael Atkinson’s firing.
  • When Dianne Feinstein read his quotes about the Ukraine whistleblower to him, Ratcliffe pretended those quotes were about something they weren’t.
  • He might not provide intelligence on COVID-19 that showed how Trump blew it off.
  • He suggested that if only the IC had reviewed open source data, they might have warned of the dangers of COVID-19, which they did warn of using both OSINT and classified intelligence.
  • He refused to answer whether he thought there was a Deep State in the IC, and later suggested a few members of the IC were Deep State.
  • Ratcliffe refused to agree to release a report showing that Mohammed bin Salman had Jamal Khashoggi executed and chopped into bits, as required by last year’s Defense Authorization. He suggested that it might have been properly classified; as DNI, he would be the Original Classification Authority to make that decision.
  • He refused to answer clearly on whether Trump’s policies on North Korea and Iran have worked.
  • He later suggested he might not share intelligence if it were too sensitive, again ignoring that as OCA he gets to decide whether it’s really classified.
  • After saying he would appear for a Global Threats hearing, he then dodged when later asked whether he would appear before the committee generally.

Ratcliffe made several comments to make it clear he would side with expansive Unitary Executive interpretations holding that:

  • There are limits to whistleblower protection.
  • If torture were deemed legal it would okay to do it.
  • The executive can use warrantless wiretapping.

There were a few additional hints about stuff going on right now:

  • Mark Warner said that intelligence professionals have been pressured to limit information they share with Congress.
  • Warner also said that Ric Grenell was undermining the IC’s election security group.
  • Both Warner and Richard Burr seemed concerned that the DNI would not declassify their 1000-page Volume V of their Report on Russia’s 2016 election interference (I’m not sure whether this assess the Steele dossier or lays out whether and how Trump “colluded” during 2016).
  • Martin Heinrich made it clear that Grenell is reorganizing the IC, without any consultation or approval from Congress.

It’s not just unqualified, he’s a sycophant. But it seems like there’s so much that Grenell is already screwing up, Republicans on the committee, at least, prefer Ratcliffe.

Update: Here are Ratcliffe’s Questions for the Record. They’re particularly troubling on sharing with Congress.

He twice refused to say that he wouldn’t impose loyalty tests.

QUESTION 39: Personnel decisions can affect analytic integrity and objectivity. A. Would you consider an individual’s personal political preferences, to include “loyalty” to the President, in making a decision to hire, fire, or promote an individual?

Answer: Personnel decisions should be based on qualifications, skills, merit, and other standards which demonstrate the ability, dedication and integrity required to support the central IC mission of providing unvarnished intelligence to policymakers.

B. Do you commit to exclusively consider professional qualifications in IC personnel decisions, without consideration of partisan or political factors?

Answer: Personnel decisions should be based on qualifications, skills, merit, and other standards that demonstrate the ability, dedication and integrity required to support the central IC mission of providing unvarnished intelligence to policymakers.

He refused to promise to keep the Election Threats Executive Office open.

QUESTION 45: Would you commit to keep the Election Threats Executive Office in place to ensure continuity of efforts, and build on the successes of the 2018 midterms?

Answer: If confirmed, I will work with IC leaders and ODNI officials to ensure the IC is well-positioned to address the election security threats facing our Nation.

He refused to promise to notify Congress if Russia starts helping Trump again.

QUESTION 53: Do you commit to immediately notifying policymakers and the public of Russian attempts to meddle in U.S. democratic processes, to include our elections?

Answer: If confirmed, I would work with the Committee to accommodate its legitimate oversight needs while safeguarding the confidentiality interests of the Executive Branch, including the protection from unauthorized disclosure of classified intelligence sources and methods

He suggested he had no problem with Section 215 being used to access someone’s browsing records.

QUESTION 7: Do you believe that Section 215 of the USA PATRIOT Act should be used to collect Americans’ web browsing and internet search history? If yes, do you believe there are or should be any limitations to “digital tracking” of Americans without a warrant, in terms of length of time, the amount of information collected, or the nature of the information collected (e.g., whether particular kinds of websites raise special privacy concerns)?

Answer: I believe it is important for the Intelligence Community to use its authorities appropriately against valid intelligence targets. The amendments to Title V of FISA made by Section 215 of the USA PATRIOT Act expired on March 15, 2020 and, to date, have not been reauthorized.

Ratcliffe dodged several questions about whether FISA was exclusive means to collect

Extra-Statutory Collection

QUESTION 9: Title 50, section 1812 provides for exclusive means by which electronic surveillance and interception of certain communications may be conducted. Do you agree that this provision of law is binding on the President?

Answer: If confirmed, I would work with the Attorney General to ensure that IC activities are carried out in accordance with the Constitution and applicable federal law.

QUESTION 10: Do you believe that the intelligence surveillance and collection activities covered by FISA can be conducted outside the FISA framework? If yes, please specify which intelligence surveillance and collection activities, the limits (if any) on extra-statutory collection activities, and the legal authorities you believe would authorize those activities.

Answer: If confirmed, I would work with the Attorney General and the heads of IC elements, as well as the General Counsels throughout the IC, to ensure that intelligence activities are conducted in accordance with the Constitution and applicable federal law. As set forth in Section 112 of FISA, with limited exceptions, FISA constitutes the exclusive statutory means by which electronic surveillance, as defined in FISA, and the interception of domestic wire, oral, or electric communications for foreign intelligence purposes may be conducted.

QUESTION 11: What would you do if the IC was requested or directed to conduct such collection activities outside the FISA framework? Would you notify the full congressional intelligence activities?

Answer: Consistent with the requirements of the National Security Act, I would keep the congressional intelligence committees informed of the intelligence activities of the United States, including any illegal intelligence activities. As you know, not all intelligence activities are governed by FISA.

If confirmed, I would work with the Attorney General and the heads of IC elements, as well as the General Counsels throughout the IC, to ensure that intelligence activities are conducted in accordance with the Constitution and applicable federal law.

Senator Wyden asked a question about the IC purchasing stuff they otherwise would need a warrant for.

QUESTION 12: Do you believe the IC can purchase information related to U.S. persons if the compelled production of that information would be covered by FISA? If yes, what rules and guidelines would apply to the type and quantity of the information purchased and to the use, retention and dissemination of that information? Should the congressional intelligence committees be briefed on any such collection activities?

Answer: Elements of the IC are authorized to collect, retain, or disseminate information concerning U.S. persons only in accordance with procedures approved by the Attorney General. As you know, not all intelligence activities are governed by FISA, and it is my understanding that in appropriate circumstances elements of the IC may lawfully purchase information from the private sector in furtherance of their authorized missions. Nonetheless, any intelligence activity not governed by FISA would be regulated by the Attorney General-approved procedures that govern the intelligence activities of that IC element. Consistent with the requirements of the National Security Act, if confirmed, I would keep the congressional intelligence committees informed of the intelligence activities of the United States.

 

How the Wyden/Khanna Espionage Act Fix Works (But Not for Julian Assange)

Last week, Ron Wyden and Ro Khanna released a bill that they say will eliminate much of the risk of prosecution that people without clearance would face under they Espionage Act. They claim the bill would limit the risk that:

  • Whistleblowers won’t be able to share information with appropriate authorities
  • Those appropriate authorities (including Congress) won’t be able to do anything with that information
  • National security journalists will be prosecuted for publishing classified information
  • Security researchers will be prosecuted for identifying and publishing vulnerabilities

I want to look at how the bill would do that. But I want to do so against the background of claims about how the bill would affect the ability to prosecute Julian Assange.

After explaining that under the bill Edward Snowden could still be prosecuted, the summary of the bill states in no uncertain terms that the government could still prosecute Julian Assange under the bill.

Q: How would this bill impact the government’s prosecution of Julian Assange?

A: The government would still be able to prosecute Julian Assange.

It doesn’t say how, but immediately after that question, it explains that the government could still prosecute hackers who steal government secrets.

Q: What about hackers who break into government systems and steal our secrets?

A: The Espionage Act is not necessary to punish hackers who break into U.S. government systems. Congress included a special espionage offense (U.S.C § 1030(a)(1)) in the Computer Fraud and Abuse Act, which specifically criminalizes this.

Khanna, in an interview with The Intercept, seems to confirm that explanation — that Assange could still be prosecuted under CFAA.

Khanna told The Intercept that the new bill wouldn’t stop the prosecution of Assange for his alleged role in hacking a government computer system, but would make it impossible for the government to use the Espionage Act to charge anyone solely for publishing classified information.

Indeed, that is sort of what Charge 18 against Assange is, conspiracy to commit computer intrusion, though, as written, it invokes the Espionage Act and theft of government secrets as part of the conspiracy (the Wyden/Khanna bill would limit the theft of government property bill in useful ways). Never mind that as charged it’s a weak charge for evidentiary reasons (though that may change in Assange’s May extradition hearing); it would still be available, if not provable given existing charged facts, under this bill.

But given the claims the US government makes about Assange, that may not be the only way he could be prosecuted under this bill. That’s because the bill works in two ways: first, by generally limiting its application to “covered persons,” who are people who’ve been authorized to access classified or national defense information by an Original Classification Authority. Then, it defines “foreign agent” using the definition in FISA (though carving out foreign political organizations) and says that anyone who is not a foreign agent “shall not be subject to prosecution” under the Espionage Act unless they commit a felony under the act — by aiding, abetting, or conspiring in the act — or pays for the information and wants to harm the US. The bill further carves out providing advice (for example, on operational security) or an electronic communication or remote computing service (such as a secure drop box) to the public.

So:

  • If you don’t have clearance or are sharing information not obtained illegally or via your clearance and
  • If you aren’t an agent of a foreign power and
  • If you’re not otherwise paying for, conspiring or aiding and abetting in some way beyond offering operational security and drop boxes with the specific intent to harm the US or help another government

Then you shouldn’t be prosecuted under the Espionage Act.

Below, I’ve written up how 18 USC §793 and 18 USC §798 would change under the bill, with changes italicized (18 USC §794 already includes the foreign government language added by this bill so would not change).

In the wake of the 2016 election operation, where Julian Assange helped a Russian operation hiding behind thin denials, Assange might well meet the definition of “foreign agent.” Three of WikiLeaks’ operations — the Stratfor hack (in which Russians were involved in the chat rooms), the 2016 election year operation, and Vault 7 (in which Joshua Schulte, between the initial leak and the alleged attempts to leak from jail, evinced an interest in Russia’s help) — involved some Russian activity.

And it’s not clear how Congress’ resolution — passed in last year’s NDAA — that WikiLeaks is a non-state hostile intelligence service often abetted by state actors would affect Assange’s potential treatment as a foreign agent.

It is the sense of Congress that WikiLeaks and the senior leadership of WikiLeaks resemble a nonstate hostile intelligence service often abetted by state actors and should be treated as such a service by the United States.

But even with all the new protections for those who don’t have clearance, this bill specifically envisions applying it to someone like Assange. That’s because it explicitly incorporates aiding and abetting (18 USC § 2) — which is how Assange is currently charged in Counts 2-14 — as well as accessory after the fact (18 USC § 3), and misprison of a felony (18 USC § 4) into the bill. That’s on top of the conspiracy to commit an offense against the US (18 USC § 371), which is already implicitly incorporated in 18 USC § 793(g), which is Count 1 in the Assange indictment. Arguably, explicitly adding the accessory after the fact and misprison of a felony would make it easier to prosecute Assange for assistance that WikiLeaks and associated entities routinely provide sources after the fact, such as publicity and legal representation, to say nothing of the help that Sarah Harrison gave Edward Snowden to flee to Russia.

And those charges don’t require someone formally fit the definition of agent of a foreign power so long as the person has “the specific intent to harm the national security of the United States or benefit any foreign government to the detriment of the United States.” (I’ve bolded this language below.) That’s a mens rea requirement that might otherwise be hard to meet — but not in the case of Assange, even before you get into any non-public statements the US government might have in hand.

This is a bill from Ron Wyden, remember. Back in 2017, when he first spoke out when SSCI first moved to declare WikiLeaks a non-state hostile intelligence service, he expressed concerns about the lack of clarity in such a designation.

I have reservations about Section 623, which establishes a Sense of Congress that WikiLeaks and the senior leadership of WikiLeaks resemble a non-state hostile intelligence service. The Committee’s bill offers no definition of “non-state hostile intelligence service” to clarify what this term is and is not. Section 623 also directs the United States to treat WikiLeaks as such a service, without offering further clarity.

To be clear, I am no supporter of WikiLeaks, and believe that the organization and its leadership have done considerable harm to this country. This issue needs to be addressed. However, the ambiguity in the bill is dangerous because it fails to draw a bright line between WikiLeaks and legitimate journalistic organizations that play a vital role in our democracy.

I supported efforts to remove this language in Committee and look forward to working with my colleagues as the bill proceeds to address my concerns.

While this bill does much to protect journalists (and in a way that doesn’t create a special class for journalists or InfoSec researchers that would violate the First Amendment), it provides the clarity that would enable charging Assange, even for things he did after the fact to encourage leakers.

Update: Two more points on this. First, as I understand it, the explicit references to 18 USC §§ 2-4 are designed to protect reporters, meaning the protections apply to those as well.

I also meant to note that the way this bill is written — which is clearly meant to allow for prosecution of people working at state-owned media outlets (Russia, China, and Iran all use their outlets as cover for spies) — would then by design not protect reporters at the BBC or Al Jazeera, both of which have done reporting on stories implicating US classified information in the past.


18 USC § 793

(a) Whoever, for the purpose of obtaining information respecting the national defense with intent or reason to believe that the information is to be used to the injury of the United States, or to the advantage of any foreign nation, goes upon, enters, flies over, or otherwise unlawfully obtains nonpublic information concerning any vessel, aircraft, work of defense, navy yard, naval station, submarine base, fueling station, fort, battery, torpedo station, dockyard, canal, railroad, arsenal, camp, factory, mine, telegraph, telephone, wireless, or signal station, building, office, research laboratory or station or other place connected with the national defense owned or constructed, or in progress of construction by the United States or under the control of the United States, or of any of its officers, departments, or agencies, or within the exclusive jurisdiction of the United States, or any place in which any vessel, aircraft, arms, munitions, or other materials or instruments for use in time of war are being made, prepared, repaired, stored, or are the subject of research or development, under any contract or agreement with the United States, or any department or agency thereof, or with any person on behalf of the United States, or otherwise on behalf of the United States, or any prohibited place so designated by the President by proclamation in time of war or in case of national emergency in which anything for the use of the Army, Navy, or Air Force is being prepared or constructed or stored, information as to which prohibited place the President has determined would be prejudicial to the national defense; or

(b) An individual who, while a covered person, for the purpose aforesaid, and with like intent or reason to believe, copies, takes, makes, or obtains, or attempts to copy, take, make, or obtain, any sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, document, writing, or note of anything connected with the national defense; or

(c) A foreign agent who, for the purpose aforesaid, and with like intent or reason to believe, receives or obtains or agrees or attempts to receive or obtain from any person, or from any source whatever, any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note, of anything connected with the national defense, knowing or having reason to believe, at the time the foreign agent receives or obtains, or agrees or attempts to receive or obtain it, that it has been or will be obtained, taken, made, or disposed of by any person contrary to the provisions of this chapter; or

(d) Whoever, lawfully having possession of, access to, control over, or being entrusted with any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note, or information relating to the national defense, which document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, note, or information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits or causes to be communicated, delivered, or transmitted or attempts to communicate, deliver, transmit or cause to be communicated, delivered or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it on demand to the officer or employee of the United States entitled to receive it; or

(e) An individual who—

(1) while a covered person, gains unauthorized possession of, access to, or control over any non public document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note of anything connected with the national defense; and

(2)(A) with reason to believe such information could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit, or cause to be communicated, delivered, or transmitted, the same to any person not entitled to receive it; or

(B) willfully—

(i) retains the same at an unauthorized location; and

(ii) fails to deliver the same to the officer or employee of the United States entitled to receive it; or’

(f) Whoever, being entrusted with or having lawful possession or control of any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance,  (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed, and fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer—

Shall be fined under this title or imprisoned not more than ten years, or both.

(g)(1) A foreign agent who—

(A) aids, abets, counsels, commands, induces, or procures the commission of an offense under this section shall be subject to prosecution under this section by virtue of section 2 of this title;

(B) knowing that an offense under this section has been committed by another person, receives, relieves, comforts, or assists such other person in order to hinder or prevent the apprehension, trial, or punishment of such other person shall be subject to prosecution under section 3 of this title;

(C) having knowledge of the actual commission of an offense under this section, conceals and does not as soon as possible make known the same to some judge or other person in civil or military authority under the United States shall be subject to prosecution under section 4 of this title; or

(D) conspires to commit an offense under this section shall be subject to prosecution under section 371 of this title.

(2) Any person who is not a foreign agent shall not be subject to prosecution under this section by virtue of section 2 of this title or under section 3, 4, or 371 of this 7 title, unless the person—

(A) commits a felony under Federal law in the course of committing an offense under this section (by virtue of section 2 of this title) or under section 3, 4, or 371 of this title;

(B) was a covered person at the time of the 13 offense; or

(C) subject to paragraph (3), directly and materially aids, or procures in exchange for anything of monetary value, the commission of an offense under this section with the specific intent to—

(i) harm the national security of the United States; or

(ii) benefit any foreign government to the detriment of the United States.

(3) Paragraph (2)(C) shall not apply to direct and material aid that consists of—

(A) counseling, education, or other speech activity; or

(B) providing an electronic communication service to the public or a remote computing service (as such terms are defined in section 2510 and 2711, respectively).

(h)

(1)Any person convicted of a violation of this section shall forfeit to the United States, irrespective of any provision of State law, any property constituting, or derived from, any proceeds the person obtained, directly or indirectly, from any foreign government, or any faction or party or military or naval force within a foreign country, whether recognized or unrecognized by the United States, as the result of such violation. For the purposes of this subsection, the term “State” includes a State of the United States, the District of Columbia, and any commonwealth, territory, or possession of the United States.

(2)The court, in imposing sentence on a defendant for a conviction of a violation of this section, shall order that the defendant forfeit to the United States all property described in paragraph (1) of this subsection.

(3)The provisions of subsections (b), (c), and (e) through (p) of section 413 of the Comprehensive Drug Abuse Prevention and Control Act of 1970 (21 U.S.C. 853(b), (c), and (e)–(p)) shall apply to—

(A)property subject to forfeiture under this subsection;

(B)any seizure or disposition of such property; and

(C)any administrative or judicial proceeding in relation to such property, if not inconsistent with this subsection.

(4)Notwithstanding section 524(c) of title 28, there shall be deposited in the Crime Victims Fund in the Treasury all amounts from the forfeiture of property under this subsection remaining after the payment of expenses for forfeiture and sale authorized by law.

(i) In this section—

(1) the term “covered person” means an individual who—

(A) receives official access to classified information granted by the United States Government;

(B) signs a nondisclosure agreement with regard to such classified information; and

(C) is authorized to receive documents, writings, code books, signal books, sketches, photographs, photographic negatives, blueprints, plans, maps, models, instruments, appliances, or notes of anything connected with the national defense by—

(i) by the President; or

(ii) the head of a department or agency of the United States Government which is expressly designated by the President to engage in activities relating to the national defense; and

(2) the term “foreign agent”—

(A) has the meaning given the term “agent of a foreign power” under section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801); and

(B) does not include a person who is an agent of a foreign power (as so defined) with respect to a foreign power described in section 101(a)(5) of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801(a)(5)).

18 USC §798

(a)Any individual who knowingly and willfully communicates, furnishes, transmits, or otherwise makes available to an unauthorized person, or publishes, or uses in any manner prejudicial to the safety or interest of the United States or for the benefit of any foreign government to the detriment of the United States any classified information obtained by the individual while the individual was a covered person and acting within the scope of his or her activities as a covered person

(1) concerning the nature, preparation, or use of any code, cipher, or cryptographic system of the United States or any foreign government; or

(2) concerning the design, construction, use, maintenance, or repair of any device, apparatus, or appliance used or prepared or planned for use by the United States or any foreign government for cryptographic or communication intelligence purposes; or

(3) concerning the communication intelligence activities of the United States or any foreign government; or

(4) obtained by the processes of communication intelligence from the communications of any foreign government, knowing the same to have been obtained by such processes—

Shall be fined under this title or imprisoned not more than ten years, or both.

(b)As used in subsection (a) of this section:

(1) The term ‘classified information’—

(A) means information which, at the time of a violation of this section, is known to the person violating this section to be, for reasons of national security, specifically designated by a United States Government Agency for limited or restricted dissemination or distribution and;

(B) does not include any information that is specifically designated as ‘Unclassified’ under any Executive Order, Act of Congress, or action by a committee of Congress in accordance with the rules of its House of Congress.

(2) The terms ‘code’, ‘cipher’, and ‘cryptographic system’ include in their meanings, in addition to their usual meanings, any method of secret writing and any mechanical or electrical device or method used for the purpose of disguising or concealing the contents, significance, or meanings of communications.

(3) The term “communication intelligence” means all procedures and methods used in the interception of communications and the obtaining of information from such communications by other than the intended recipients.

(4) The term ‘covered person’ means an individual who—

(A) receives official access to classified information granted by the United States Government;

(B) signs a nondisclosure agreement with regard to such classified information; and

(C) is authorized to receive information of the categories set forth in subsection (a) of this section—

(i) by the President; or

(ii) the head of a department or agency of the United States Government which is expressly designated by the President to engage in communication intelligence activities for the United States

(5) The term “foreign government” includes in its meaning any person or persons acting or purporting to act for or on behalf of any faction, party, department, agency, bureau, or military force of or within a foreign country, or for or on behalf of any government or any person or persons purporting to act as a government within a foreign country, whether or not such government is recognized by the United States.

(6) The term “unauthorized person” means any person who, or agency which, is not authorized to receive information of the categories set forth in sub10 section (a) of this section by—

(A) the President;

(B) the head of a department or agency of the United States Government which is expressly designated by the President to engage in communication intelligence activities for the United States; or

(C) an Act of Congress.

(c)Nothing in this section shall prohibit the furnishing of information to—

(1) any Member of the Senate or the House of Representatives;

(2) a Federal court, in accordance with such procedures as the court may establish;

(3) the inspector general of an element of the intelligence community (as defined in section 3 of the National Security Act of 1947 (50 U.S.C. 3003)), including the Inspector General of the Intelligence Community;

(4) the Chairman or a member of the Privacy and Civil Liberties Oversight Board or any employee of the Board designated by the Board, in accordance with such procedures as the Board may establish;

(5) the Chairman or a commissioner of the Federal Trade Commission or any employee of the Commission designated by the Commission, in accordance with such procedures as the Commission may establish;

(6) the Chairman or a commissioner of the Federal Communications Commission or any employee of the Commission designated by the Com2 mission, in accordance with such procedures as the Commission may establish; or

(7) any other person or entity authorized to receive disclosures containing classified information pursuant to any applicable law, regulation, or executive order regarding the protection of whistleblowers.

(d)

(1) In this subsection, the term ‘foreign agent’—

(A) has the meaning given the term “agent of a foreign power” under section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801); and

(B) does not include a person who is an agent of a foreign power (as so defined) with respect to a foreign power described in section 101(a)(5) of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801(a)(5)).

(2) A foreign agent who—

(A) aids, abets, counsels, commands, induces, or procures the commission of an offense under this section shall be subject to prosecution under this section by virtue of section 2 of this title;

(B) knowing that an offense under this section has been committed by another person, receives, relieves, comforts, or assists such other person in order to hinder or prevent the apprehension, trial, or punishment of such other person shall be subject to prosecution under section 3 of this title;

(C) having knowledge of the actual commission of an offense under this section, conceals and does not as soon as possible make known the same to some judge or other person in civil or military authority under the United States shall be subject to  prosecution under section 4 of this title; or

(D) conspires to commit an offense under this section shall be subject to prosecution under section 371 of this title.

(3) Any person who is not a foreign agent shall not be subject to prosecution under this section by virtue of section 2 of this title or under section 3, 4, or 371 of this title, unless the person—

(A) commits a felony under Federal law in the course of committing an offense under this section (by virtue of section 2 of this title) or under section 3, 4, or 371 of this title;

(B) was a covered person at the time of the offense; or

(C) subject to paragraph (4), directly and materially aids, or procures in exchange for anything of monetary value, the commission of an offense under this section with the specific intent to—

(i) harm the national security of the United States; or

(ii) benefit any foreign government to the detriment of the United States.

(4) Paragraph (3)(C) shall not apply to direct and material aid that consists of—

(A) counseling, education, or other speech activity; or

(B) providing an electronic communication service to the public or a remote computing service (as such terms are defined in section 2510 and 2711, respectively)

(e)

(1)Any person convicted of a violation of this section shall forfeit to the United States irrespective of any provision of State law—

(A)any property constituting, or derived from, any proceeds the person obtained, directly or indirectly, as the result of such violation; and

(B)any of the person’s property used, or intended to be used, in any manner or part, to commit, or to facilitate the commission of, such violation.

(2)The court, in imposing sentence on a defendant for a conviction of a violation of this section, shall order that the defendant forfeit to the United States all property described in paragraph (1).

(3)Except as provided in paragraph (4), the provisions of subsections (b), (c), and (e) through (p) of section 413 of the Comprehensive Drug Abuse Prevention and Control Act of 1970 (21 U.S.C. 853(b), (c), and (e)–(p)), shall apply to

(A)property subject to forfeiture under this subsection;

(B)any seizure or disposition of such property; and

(C)any administrative or judicial proceeding in relation to such property,
if not inconsistent with this subsection.

(4)Notwithstanding section 524(c) of title 28, there shall be deposited in the Crime Victims Fund established under section 1402 of the Victims of Crime Act of 1984 (42 U.S.C. 10601) [1] all amounts from the forfeiture of property under this subsection remaining after the payment of expenses for forfeiture and sale authorized by law.

(5)As used in this subsection, the term “State” means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any territory or possession of the United States.

Is Bill Barr Picking a Fight with Apple to Distract from the Failure of Trump’s Social Media Vetting?

To some degree, recent disclosures about Ahmed Mohammed al-Shamrani’s killing of three sailors in Pensacola make it seem like a mirror of the San Bernardino attack in 2015 in 2015. A man, steeped in Islamic propaganda, used a moment of vulnerability to attack Americans. He is killed in the attack, but not before he destroys a phone. At first, DOJ asks Apple for help getting the easier things from the phone, such as the materials stored in the iCloud account. Then, after a delay makes the most obvious work-arounds impossible, DOJ asks Apple to hack the phone, which would thereby make not just that phone accessible to law enforcement, but all iPhones vulnerable to cops, authoritarian governments, and criminals.

There’s even some reason to believe that the law enforcement officer grandstanding to use a terrorist attack as an opportunity to force Apple to weaken its products is lying both about what Apple and DOJ have respectively done, but about how certain it is that Apple is the only available option.

But investigators have been stymied in trying to access two key pieces of evidence — the gunman’s iPhones. Standing before giant photographs of two severely damaged devices, the attorney general publicly urged Apple to act.

“So far, Apple has not given us any substantive assistance,” Barr said, though aides later clarified that Apple had, in fact, given investigators access to cloud data linked to the gunman. “This situation perfectly illustrates why it is critical that investigators be able to get access to digital evidence once they have obtained a court order.”

[snip]

In a lengthy statement, Apple disputed the attorney general’s description of its role, saying the company began responding within hours of the first FBI request on Dec. 6, and has turned over “many gigabytes” of data in the case.

“Our responses to their many requests since the attack have been timely, thorough and are ongoing,” the company said. “The FBI only notified us on January 6th that they needed additional assistance — a month after the attack occurred. . . . Early outreach is critical to accessing information and finding additional options.”

[snip]

Asked Monday whether the FBI’s technical experts on cellphones had agreed with the decision to send the letter pressing Apple to open the phones, Bowdich said he did not know.

An FBI spokesperson later said the bureau’s “technical experts — as well as those consulted outside of the organization — have played an integral role in this investigation. The consensus was reached, after all efforts to access the shooter’s phones had been unsuccessful, that the next step was to reach out to start a conversation with Apple.”

But the more important comparison may pertain to the role of social media in the attack.

Almost immediately after the 2015 attack, the FBI discovered that the woman involved in the attack, Tashfeen Malik, had pledged loyalty to Abu Bakr al-Baghdadi just before the attack. That led Congress to suggest the Obama Administration hadn’t vetted Malik’s immigration processing closely enough, even though nothing in place at the time would have identified her past extremist writing.

In response, Customs and Border Patrol started laying the groundwork for a policy that seemed like dangerous overkill at the time, but that Trump nevertheless adopted: requiring visa applicants to list their social media handles so their social media activity can be vetted.

Somehow, in spite of that requirement, 17 Saudis in the US for military training were found to have jihadist material on their social media accounts, on top of al-Shamrani, and 15 of them had child porn on their social media accounts.

Barr said investigators had found evidence that 17 Saudis had through social media shared ­jihadist or anti-American material and 15 — including some of those who had shared anti-American material — were found to have had contact with or possessed child pornography.

It’s one thing for CBP to have missed Malik’s Facebook comments before they used social media to vet visa applicants.

It’s an entirely different thing to institute social media vetting, but then somehow miss that 18 people admitted onto our military bases to be trained are anti-American or pro-jihadist. All the more so given that Trump’s Muslim ban excluded Saudi Arabia — the origin of most of the 9/11 hijackers and other attempted terrorists since — even while focusing closely on Muslims from country without a history of terrorism against the US.

Plus, in spite of Barr’s vague comments explaining how a “US Attorney” reviewed child porn engaged well beyond that which George Nader pled guilty to yesterday and decided that person could return home to Saudi Arabia.

Barr said only one of those people had a “significant number” of [CP] images, and U.S. attorneys had reviewed each case and determined such people would not normally be charged with federal crimes. He said 21 cadets from Saudi Arabia had been disenrolled from their training and would be returning to the kingdom later Monday. Justice Department officials said 12 were from the Pensacola base, and nine were from other military bases.

[snip]

U.S. attorneys had independently determined the child porn did not warrant charges. Justice Department officials said the most significant case involved a cadet who possessed more than 100 images of child porn and had searched terms for child porn, according to his browser history — but even that fell below the normal threshold for a case deemed worthy of prosecution by a U.S. attorney’s office.

This seems to be part of a pattern that Ron Wyden has already complained about, the serial impunity of Saudi students who commit crimes in this country.

Normally, I oppose politicizing the response to terrorist attacks. You can’t prevent all terrorism, and the drive to do so has eroded our civil liberties.

But if you’re going to erode our civil liberties, then you better be damn sure you’re doing so for a reason. And it seems like CBP (and DOD) failed to ensure we weren’t inviting Saudis to our country to train them to be better terrorists against us in the future.

Barr wants this to be about Apple. First, however, he should be asked why the vetting Trump championed failed to work in this case.

If DOJ is going to complain that Apple isn’t degrading security, it should first explain why the last policy it took that traded privacy for security failed.

The Other Servers and Laptops FBI Never Investigated: VR Systems and North Carolina Polling Books

Ron Wyden had a lot to say in his minority views to the SSCI Report on election security released yesterday, mostly arguing that there need to be national standards and assistance and that no one can make any conclusions about the effects of Russia’s efforts in 2016 because no one collected the data to make such conclusions.

But there’s one line in his section raising questions about the 2016 conclusions I find particularly interesting, pertaining to VR Systems (which he doesn’t name).

Assessments about Russian attacks on the administration of elections are also complicated by newly public information about the infiltration of an election technology company.

Since the Mueller Report came out, Wyden has been trying to chase down this reference in the report to the VR Systems hack.

Unit 74455 also sent spear-phishing emails to public officials involved in election administration and personnel a~ involved in voting technology. In August 2016, GRU officers targeted employees of [redacted; VR Systems], a voting technology company that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network.

In May, he sent a letter to VR Systems President Mindy Perkins, asking how the company could claim, in March 2018, that it had not experienced a security breach when the report said it had been infected with malware in August 2016. In response, the company told Wyden (according to a letter he and Amy Klobuchar sent FBI Director Chris Wray) that they had alerted the FBI that they found suspicious IPs in their logs in real time, but that FBI had never explained the significance of that.

In a May 16, 2019, letter to Senator Wyden, VR Systems described how it participated in an August 2016 conference call with law enforcement. Participants in that call were apparently asked by the FBI to “be on the lookout for certain suspicious IP addresses.” According to VR Systems, the company examined its website logs, “found that several of the IP addresses had, in fact, visited our website” and as a result, the company “notified the FBI as we had been directed to do.” VR Systems indicates they did not know that these IP addresses were part of a larger pattern until 2017, which suggests the FBI may not have followed up with VR Systems in 2016 about the nature of the threat they faced.

The implication from Wyden’s letters is that VR Systems only hired FireEye to conduct an assessment of what happened after Reality Winner leaked an NSA document making it clear they had been targeted by GRU in 2017. [Update: Kim Zetter actually reported this here.]

In their June 12 letter, Wyden and Klobuchar asked Wray whether the FBI followed up on VR Systems’ report.

  1. What steps, if any, did the FBI take to examine VR Systems’ servers for evidence of a successful cyber breach after the company alerted the FBI, in August of 2016, to the presence of suspicious IP addresses in its website logs? If the FBI did not examine VR Systems’ servers or request access to those servers, please explain why.
  2. Several months after VR Systems first contacted the FBI, electronic pollbooks made by the company malfunctioned during the November 8 general election in Durham County, North Carolina. In the two and a half years since that incident in Durham County, has the FBI requested access to the pollbooks that malfunctioned, and the computers used to configure them, in order to examine them for evidence of hacking? If not, please explain why.
  3. VR Systems contracted FireEye to perform a forensic examination of its systems in the summer of 2017. Has the FBI reviewed FireEye’s conclusions? If so, what were its key findings?

It’s unclear how Wray answered (or didn’t). But just before Wyden sent this letter, the WaPo reported that no one had yet conducted a forensic examination of the laptops used in the VR Systems polling books in North Carolina. After Democrats took over control, they finally persisted in getting DHS to agree to check the laptops.

On Tuesday, the Department of Homeland Security told The Washington Post it will conduct a forensic analysis of the laptops used in Durham County elections in 2016. Lawson said North Carolina first asked the department to conduct such a review more than 18 months ago, though he added that DHS has generally been a “good partner” on election security.

“We appreciate the Department of Homeland Security’s willingness to make this a priority so the lingering questions from 2016 can be addressed in advance of 2020,” said Karen Brinson Bell, the newly appointed executive director of the State Board of Elections.

After the election, Durham County hired a firm called Protus3 to dig into what happened. The security consultant said it appeared the problems were caused by user error but ended its 12-page report with a list of recommendations that included examining computers in a lab setting and interviewing more election workers.

Durham County elections director Derek Bowens said he is comfortable with the report’s conclusions. Even so, in 2017, the county switched to electronic poll books created by the state. Bowens said in an interview that the state’s software would save money and is, in his view, better.

But for North Carolina officials, concerns resurfaced in June 2017 when the website Intercept posted a leaked National Security Agency report referencing “cyber espionage operations against a . . . U.S. company in August 2016.” The NSA report said that “it was likely that at least one account was compromised.”

VR Systems soon acknowledged that hackers had targeted the company but insisted that its network had not been breached.

North Carolina officials weren’t so sure.

“This was the first leak that indicated anything like a nation-state actor targeting a voting systems vendor,” Lawson said.

The state elections board soon launched its own investigation, seizing 40 laptops from Durham in July. And it suspended the certification that allowed more than 20 North Carolina counties to use VR Systems’ poll books during elections, an action that would later land in court. “Over the past few months there has been a considerable change in the election security landscape and the level of scrutiny we receive,” the board wrote in a letter explaining its decision to VR Systems.

No one working for the board had the technical expertise to do a forensic examination of the machines for signs of intrusion. Staffers asked DHS for technical help but did not get a substantive answer for a year and a half, Lawson said.

As noted, FireEye appears to have done an assessment at VR Systems itself in the wake of the Winner disclosure. The WaPo reports that FireEye declared VR Systems hadn’t been hacked, but wouldn’t share any information with Wyden or–apparently–DHS.

VR Systems said a cybersecurity firm it hired to review its computer network in 2017 found no evidence of a hack. A subsequent review by DHS also found no issues, the company said. VR Systems declined to give Wyden documentation of those reviews, citing the need to protect proprietary information.

Wyden in a statement to The Post accused VR Systems of “stonewalling congressional oversight.”

A senior U.S. official confirmed DHS’s review of VR Systems’s network to The Post and noted that by the time agency investigators arrived, a commercial vendor had already “swept” the networks. “I can’t tell you what happened before the commercial vendor came in there,” the official said, speaking on the condition of anonymity to discuss a sensitive matter.

The same day as the WaPo report, Kim Zetter reported that VR Systems used remote updates for their software, opening up a possible point of compromise for hackers.

For two years, GRU hack denialists have thought it was the most important thing that the DNC provided FBI Crowdstrike’s forensic images of the hacked laptops, rather than providing the servers themselves.

But that step has, apparently, not been done yet with VR Systems. And the laptops that failed on election day are only now being forensically examined.  Which is why, I presume, that Wyden believes it’s premature to claim no vote totals were affected on election day 2016.