Posts

Trump Transition Team Outraged To Be Treated as Transition Team!!

This is a general post on the GOP claim Mueller improperly obtained emails from ~13 Transition officials, updated as new news comes available. This post explains what is really going on: the Transition appears to have withheld emails — including the KT McFarland one referring to the election as having been “thrown” — and Mueller obtained proof they were withholding things. 

Both Fox News and Axios have pieces reflecting the outrage!!! among Trump people that they got asked questions about emails they thought they had hidden from Mueller’s investigation. Axios reveals that Mueller obtained the full contents of 12 accounts (Reuters says 13), one including 7,000 emails, from people on the “political leadership” and “foreign-policy team;” it says it includes “sensitive emails of Jared Kushner.”

Fox reveals that a transition lawyer wrote Congress today claiming that it was unlawful for government employees to turn over emails hosted on government servers for a criminal investigation.

A lawyer for the Trump presidential transition team is accusing Special Counsel Robert Mueller’s office of inappropriately obtaining transition documents as part of its Russia probe, including confidential attorney-client communications and privileged communications.

In a letter obtained by Fox News and sent to House and Senate committees on Saturday, the transition team’s attorney alleges “unlawful conduct” by the career staff at the General Services Administration in handing over transition documents to the special counsel’s office.

Officials familiar with the case argue Mueller could have a problem relating to the 4th Amendment – which protects against unreasonable searches and seizures.

Kory Langhofer, the counsel to Trump for America, wrote in the letter that the the GSA “did not own or control the records in question.”

But, Langhofer says, Mueller’s team has “extensively used the materials in question, including portions that are susceptible to claims of privilege.”

And Axios explains that the Trump people actually sorted through this stuff. “The sources say that transition officials assumed that Mueller would come calling, and had sifted through the emails and separated the ones they considered privileged.”

I’m really looking forward to hearing the full story about this, rather than just this partisan spin. For example, I’m interested in whether Mueller realized via some means (perhaps from someone like Reince Priebus or Sean Spicer — update, or George Papadopoulos) that the White House had withheld stuff that was clearly responsive to his requests, so he used that to ask GSA to turn over the full set.

I’m also interested in how they’ll claim any of this was privileged. The top 13 political and foreign policy people on the Trump team might include (asterisks mark people confirmed to be among those whose accounts were obtained):

  1. Pence
  2. Bannon
  3. Jared*
  4. Flynn*
  5. KT McFarland
  6. Spicer
  7. Priebus
  8. Nunes
  9. Sessions
  10. Seb Gorka
  11. Stephen Miller
  12. Hope Hicks
  13. Ivanka
  14. Don Jr
  15. Rebekah Mercer
  16. Kelly Anne Conway
  17. Rudy Giuliani
  18. Steven Mnuchin
  19. Rick Gates
  20. Corey Lewandowski
  21. Tom Bossert

Just one of those people — Sessions — is a practicing lawyer (and he wasn’t, then), and he wasn’t playing a legal role in the transition (though both Sessions and Nunes may have been using their congressional email, in which case Mueller likely would show far more deference; update: I’ve added Rudy 911 to the list, and he’d obviously qualify as a practicing lawyer). Though I suppose they might have been talking with a lawyer. But I would bet Mueller’s legal whiz, Michael Dreeben, would point to the Clinton White House Counsel precedent and say that transition lawyers don’t get privilege.

Furthermore, Trump wasn’t President yet! This has come up repeatedly in congressional hearings. You don’t get privilege until after you’re president, in part to prevent you from doing things like — say — undermining existing foreign policy efforts of the actually still serving President. So even if these people were repeating things Trump said, it wouldn’t be entitled to privilege yet.

Finally, consider that some of these people were testifying to the grand jury months and months ago. But we’re only seeing this complaint today. That’s probably true for two reasons. One, because Mueller used the emails in question (most notably, the emails between McFarland and Flynn from December 29 where they discussed Russian sanctions) to obtain a guilty plea from Flynn. And, second, because Republicans are pushing to get Trump to fire Mueller.

Update: I’ve added Pence, Don Jr., Ivanka, Hope Hicks, Kelly Anne Conway, Rudy Giuliani, Steven Mnuchin back in here.

Update: Here’s more from Reuters.

Langhofer, the Trump transition team lawyer, wrote in his letter that the GSA’s transfer of materials was discovered on Dec. 12 and 13.

The FBI had requested the materials from GSA staff last Aug. 23, asking for copies of the emails, laptops, cell phones and other materials associated with nine members of the Trump transition team response for national security and policy matters, the letter said.

On Aug. 30, the FBI requested the materials of four additional senior members of the Trump transition team, it said.

The GSA transfer may only have been discovered this week (probably as a result of Congress’ investigation). But the witnesses had to have known these emails went beyond the scope of what the transition turned over. And the request date definitely is late enough for Mueller to have discovered not everything got turned over, perhaps even from George Papadopoulos, who flipped in late July.

Update: One more thing. Remember that there were worries that transition officials were copying files out of a SCIF. That, by itself, would create an Insider Threat concern that would merit FBI obtaining these emails directly.

Update: Here’s a report dated June 15 on a transition lawyer instructing aides and volunteers to save anything relating to Russia, Ukraine, or known targets (Flynn, Manafort, Page, Gates, and Stone).

Update: AP reports that Flynn was (unsurprisingly) among those whose email was obtained.

Update: Here’s the letter. I unpacked it here. It’s a load of — I believe this is the technical term — shite. First, it stakes everything on PTT not being an agency. That doesn’t matter at all for a criminal investigation — Robert Mueller was no FOIAing this stuff. It then later invokes a bunch of privileges (the exception is the attorney client one) that only come with the consequent responsibilities. It then complains that Mueller’s team didn’t use a taint team.

Perhaps the craziest thing is they call for a law that would only permit someone to access such emails for a national security purpose — as if an espionage related investigation isn’t national security purpose!

Update: Chris Geidner got GSA’s side of the story. Turns out they claim the now dead cover up GC didn’t make the agreement the TFA lawyer says he did. In any case, GSA device users agreed their devices could be monitored.

“Beckler never made that commitment,” he said of the claim that any requests for transition records would be routed to the Trump campaign’s counsel.

Specifically, Loewentritt said, “in using our devices,” transition team members were informed that materials “would not be held back in any law enforcement” actions.

Loewentritt read to BuzzFeed News a series of agreements that anyone had to agree to when using GSA materials during the transition, including that there could be monitoring and auditing of devices and that, “Therefore, no expectation of privacy can be assumed.”

Update: Mueller’s spox, Peter Carr, issued a statement saying, “When we have obtained emails in the course of our ongoing criminal investigation, we have secured either the account owner’s consent or appropriate criminal process.”

Why Did Tom Bossert Claim WannaCry Was Spread Via Phishing?

Writing this post made me look more closely at what Trump’s Homeland Security Czar Tom Bossert said in a briefing on WannaCry on Monday, May 15.

He claimed, having just gotten off the phone with his British counterpart and in spite of evidence to the contrary, that there had been minimal disruption to care in Britain’s DHS.

The UK National Health Care Service announced 48 of its organizations were affected, and that resulted in inaccessible computers and telephone service, but an extremely minimal effect on disruption to patient care.

[snip]

And from the British perspective, I thought it was important to pass along from them two points — one, that they thought it was an extremely small number of patients that might have been inconvenienced and not necessarily a disruption to their clinical care, as opposed to their administrative processes.  And two, that they felt that some of those reports might have been misstated or overblown given how they had gotten themselves into a position of patching.

 

Of course, this may be an issue in the upcoming election, so I can see why Theresa May’s government might want to downplay any impact on patient care, especially since the Tories have long been ignoring IT problems at DHS.

He dodged a follow-up question about whether there might be more tools in the Shadow Brokers haul that would lead to similar attacks in the future, by pointing to our Vulnerabilities Equities Process.

Q    I guess a shorter way to put it would be is there more out there that you’re worried about that would lead to more attacks in the future?

MR. BOSSERT:  I actually think that the United States, more than probably any other country, is extremely careful with their processes about how they handle any vulnerabilities that they’re aware of.  That’s something that we do when we know of the vulnerability, not when we know we lost a vulnerability.  I think that’s a key distinction between us and other countries — and other adversaries that don’t provide any such consideration to their people, customers, or industry.

Obviously, the VEP did not prevent this attack. More importantly, someone in government really needs to start answering what the NSA and CIA (and FBI, if it ever happens) do when their hacking tools get stolen, an issue which Bossert totally ignored.

But I’m most interested in something Bossert said during the original exchange on NSA’s role in all this.

Q    So this is one episode of malware or ransomware.  Do you know from the documents and the cyber hacking tools that were stolen from NSA if there are potentially more out there?

MR. BOSSERT:  So there’s a little bit of a double question there.  Part of that has to do with the underlying vulnerability exploit here used.  I think if I could, I’d rather, instead of directly answering that, and can’t speak to how we do or don’t do our business as a government in that regard, I’d like to instead point out that this was a vulnerability exploit as one part of a much larger tool that was put together by the culpable parties and not by the U.S. government.

So this was not a tool developed by the NSA to hold ransom data.  This was a tool developed by culpable parties, potentially criminals of foreign nation states, that was put together in such a way so to deliver it with phishing emails, put it into embedded documents, and cause an infection in encryption and locking. [my emphasis]

Three days into the WannaCry attack, having spent the weekend consulting with DHS and NSA, Bossert asserted that WannaCry was spread via phishing.

That is a claim that was reported in the press. But even by Monday, I was seeing security researchers persistently question the claim. Over and over they kept looking and failing to find any infections via phishing. And I had already seen several demonstrations showing it didn’t spread via phishing.

Now, Bossert is one of the grown-ups in the Trump Administration. His appointment — and the cybersecurity policy continuity with Obama’s policy — was regarded with relief when it was made, as laid out in this Wired profile.

“People that follow cybersecurity issues will be happy that Tom is involved in those discussions as one of the reasoned voices,” Healey says.

“Frankly, he’s an unusual figure in this White House. He’s not a Bannon. He’s not even a Priebus,” says one former senior Obama administration official who asked to remain unnamed, contrasting Bossert with Trump’s top advisers Stephen Bannon and Reince Priebus. “He has a lot of credibility. He’s very straightforward and level-headed.”

And (as the rest of the profile makes clear) he does know cybersecurity.

So I’m wondering why Bossert was stating that this attack spread by phishing at a time when open source investigation had already largely undermined that hasty claim.

There are at least three possibilities. Perhaps Bossert simply mistated here, accidentally blaming the vector we’ve grown used to blaming. Possibly (though this would be shocking) the best SIGINT agency in the world still hadn’t figured out what a bunch of people on Twitter already had.

Or, perhaps there were some phished infections, which quickly got flooded as the infection spread via SMB. Though that’s unlikely, because the certainty that it didn’t spread via email has only grown since Monday.

So assuming Bossert was, in fact, incorrect when he made this claim, why did have this faulty information?