Posts

Why Roger Stone Threatened to Sue emptywheel!

Remember when Roger Stone threatened to sue me? It was in response to this post, in which I noted that Don McGahn had been helping Stone rat-fuck for Trump for years.

Well, it turns out that that’s the topic of something the government would like to introduce as evidence about why he lied to HPSCI.

As I noted, a debate over whether the government can introduce 404(b) evidence at trial — often used to show motive — has been going on under seal. But a snippet of the topic got aired in yesterday’s hearing on such issues. And one of the things the government wants to introduce under 404(b) is that, in addition to all the lies Stone told HPSCI laid out in his indictment, he also told further lies about his coordination with the Trump campaign.

Separately, Jackson also held off in ruling on Stone’s bid to block DOJ from talking about other alleged false statements he made before the House committee during the September 2017 testimony that led Mueller to press charges.

During Wednesday’s hearing she fretted that raising Stone’s statements could prolong the trial and confuse jurors over allegations that the government didn’t choose to prosecute.

DOJ attorney Michael Marando argued that the government’s allegations needs to be heard in the context of Stone’s overall motivations.

“He went in with a calculated plan to lie, to separate himself from the campaign in order to shield the lie about his connections to WikiLeaks. He had to create that space,” Marando said.

One of those lies pertains to Stone’s communication with the campaign about the activities of his PAC.

Assistant U.S. Attorney Michael J. Marando argued that Stone falsely denied communicating with Trump’s campaign about his political-action-committee-related activities, and that the lie revealed his calculated plan to cover up his ties to the campaign and obstruct the committee’s work.

Rogow disagreed, calling the allegation more prejudicial than revealing and saying that it would divert jurors into a matter that Stone was not charged with.

Note, this is likely why he wants to call Steve Bannon, which other news outlets are inexplicably quite surprised about; Stone asked Bannon for funding from Rebekah Mercer for this stuff. And, as I noted in the post in question, Don McGahn helped Stone avoid charges for voter intimidation for his PAC activities. So I guess Stone wanted to sue me because I laid out proof that he lied to HPSCI about something that served the larger purpose of distancing his rat-fucking from the campaign.

Amy Berman Jackson ruled on most of the motions in limine as follows:

Government motion to introduce two categories of 404(b) evidence: Under advisement

Government motion to introduce two newspaper articles related to such evidence: Denied, with the opportunity to submit redacted versions if the evidence is submitted

Government motion to exclude claims of prosecutorial misconduct: Granted, but Stone can introduce impeachment information

Government motion to exclude evidence of Russian interference: Granted

Stone motion to introduce evidence challenging claims that WikiLeaks obtained stolen documents from Russia: Denied

Stone motion to subpoena Crowdstrike for its reports to the DNC: Denied

Stone motion for a recording of his HPSCI testimony: Moot

Government motion to introduce upload dates for videos: Granted

Government motion to introduce an excerpt of Godfather II: Deferred

Government motion to partially redacted a grand jury transcript: Granted, along with permission to file a motion in limine to limit the same witnesses’ court testimony

ABJ ordered the two sides to figure out what portion of the HPSCI report they need to submit at trial, as well as what communications between Randy Credico and Stone should be excluded

DOJ Says It Never Offered Accused Vault 7 Leaker Joshua Schulte a Plea Deal

As the Joshua Schulte prosecution has inched along against the backdrop of the Julian Assange indictment, I’ve heard chatter about his plans: that the two sides might prosecute the child porn charges and leave the leak untried; that the government was trying to get him to cooperate against Assange.

In the former case, the opposite now seems more likely. Last week, Judge Paul Crotty granted Schulte’s motion to sever his child porn and copyright charges from his Espionage ones. But the minute order states that the Espionage charges will be tried first, in November, with the child porn charges tried some time after that. That’s true, even though the Espionage charges are far more complex to try than the child porn ones. If the government wanted to use the child porn charges to put Schulte away indefinitely and avoid the difficulties of an Espionage trial, they’d try those first. (Update: at the hearing where this was decided, the defense said they wanted the Espionage trial to go first, and all other parties agreed.)

As to the latter, Schulte himself has sown the belief he was being offered a plea deal. In one version of his “Presumption of Innocence” blog, for example, he claimed (falsely, given the warrants he himself released) the government never obtained any evidence implicating him in the leak, and was just pursuing the child pornography charges to “break” him so he’ll cooperate against WikiLeaks.

I’m arrested and charged with a crime that had nothing to do with the initial search warrant and that I was completely innocent. The U.S. Attorney unethically and immorally misleads the court regarding what the initial investigation was about, when they found the illicit materials, and the fact that they did not think I was involved for 5 months until their initial investigation came up empty. I’m denied bail and thrown into prison immediately and they use the situation as leverage telling my attorney every day that he can make this huge embarrassment and misunderstanding all go away if only I would agree to cooperate on the WikiLeaks investigation and admit to it. They admit, unabashedly that these entire charges are nothing more than a ruse, an attempt at leverage to break me.

A version of this claim was repeated in a piece the Intercept did yesterday claiming to track how (a select group of) leakers got identified by the FBI.

Of the four Espionage Act cases based on alleged leaks in the Trump era, the most unusual concerned Joshua Schulte, a former CIA software developer accused of leaking CIA documents and hacking tools known as the Vault 7 disclosures to WikiLeaks. Schulte’s case is different from the others because, after the FBI confiscated his desktop computer, phone, and other devices in a March 2017 raid, the government allegedly discovered over 10,000 images depicting child sexual abuse on his computer, as well as a file and chat server he ran that included logs of him discussing child sexual abuse images and screenshots of him using racist slurs. Prosecutors initially charged Schulte with several counts related to child pornography and later with sexual assault in a separate case, based on evidence from his phone. Only in June 2018, in a superseding indictment, did the government finally charge him under the Espionage Act for leaking the hacking tools. He has pleaded not guilty to all charges.

Schulte was identified as the suspect just like all the other people profiled in the story were: because he was one of the few people who had access to the files that got leaked and his Google searches mapped out a damning pattern of research involving the leak, among other things. In his case, WikiLeaks itself did several things to add to the evidence he was the source. It is true that Schulte was charged with the porn charges first and that it took 15 months for the government to ultimately charge the leak, but the theory of Schulte’s role in the leak has remained largely unchanged since a week after the first files were dropped.

Schulte again suggested he might get a plea deal in his lawsuit against then Attorney General Jeff Sessions for imposing Special Administrative Measures against him when he raised 5K1 letters that might allow someone to avoid mandatory minimum sentencing.

But in last week’s opposition to Schulte’s motion to suppress most of the warrants against him — including some on the grounds that they relied on poisonous fruit of attorney-client privileged material — the government denies ever offering a plea deal.

Schulte claims that the FBI read his thoughts on severance (which the Government has consented to) or a plea offer (which the Government has not made), but none of those “thoughts” are referenced in any subsequent search warrant.

The claim that the government left unredacted a reference to Schulte’s views on a plea deal does not appear in the unredacted version of Schulte’s motion to suppress, but given his lawyers’ claim that his journals were intended to be a discussion of his legal remedies, it may be an attempt to suppress the Presumption of Innocence notes cited above (even though Schulte made the same notes public).

Mr. Schulte’s narrative writings and diary entries contain information he “considered to be relevant to his potential legal remedies.”

There’s lot of room for a discussion short of a plea offer that might be true even given the government claim that “the Government has not made” any offer (such as that one of the series of attorneys who have represented Schulte has recommended that he seek a deal).

But the detail is particularly interesting given the timing of his trial and something the government claimed the last time Chelsea Manning and her lawyers tried to get her out of jail. It insisted they want Manning’s testimony for subjects and charges not included in Assange’s current indictment, and said the submission of the extradition request against Assange does not preclude future charges based on those offenses.

As the government’s ex parte submissions reflect, Manning’s testimony remains relevant and essential to an ongoing investigation into charges or targets that are not included in the superseding indictment. See Gov’t’s Ex Parte Mem. (May 23, 2019). The offenses that remain under investigation are not time barred, see id., and the submission of the government’s extradition request in the Assange case does not preclude future charges based on those offenses, see Gov’t’s Supplement to Ex Parte Mem. (June 14, 2019).

Barring a delay because of Classified Intelligence Protect Act proceedings, Schulte will face trial on the Espionage charges in November, three months before the next hearing in Assange’s extradition. And while there’s no hint in Schulte’s case that WikiLeaks played a role in the front end of Schulte’s alleged leak, there’s abundant evidence that they continued to cooperate with him in the aftermath and even in the initial release itself. Indeed, that’s some of the most damning evidence against Schulte.

Schulte seems to think he could cooperate against Assange and face lesser charges. If the government told the truth last week, he may have little prospect to diminish what would amount to a life sentence if he’s found guilty.

The Dance between Joshua Schulte and WikiLeaks

Way back when Joshua Schulte was first charged for leaking the CIA’s hacking tools to WikiLeaks, I noted a loose coincidence between WikiLeaks’ release, for the first time, of some of CIA’s hacking source code rather than just development notes and the activity on Tor that led to Schulte getting his bail revoked. Since then, however, court documents have laid out a number of other interactions between Schulte and WikiLeaks. This post lays all of those out.

The government currently maintains that Schulte stole the CIA’s hacking tools in late April 2016 and sent them (it’s unclear whether they believe he sent them directly to WikiLeaks or not), using Tails, in early May. In court documents (the most informative warrant affidavit starts at PDF 129, though the FBI would revise some of its understanding of events after that time), that timeline is based off the searches Schulte did in Google (!!!) mapping out his actions.

April 24, 2016: Schulte searches for a SATA adapter (which lets you connect a computer hard drive via a USB connection); Schulte searches how to partition a drive

April 28, 2016: Schulte searches, for a second time, on how to restrict other admins from seeing parts of a LAN

April 30, 2016: Schulte researches how to delete Google history, Western Digital disk wipe, and Samsung ssd wipe (the search of Schulte’s apartment would find both Western Digital and Samsung drives)

May 1, 2016, 3:20AM: Schulte searches on “how can I verify that a 1 tb file transferred correctly?”

May 4, 2016: Schulte searches on “can you use dban on ssd,” referring to a wiping software called Darik’s Boot and Nuke

May 6, 2016: Schulte researches Tor

May 8, 2016: Schulte researches how to set up a Tor bridge

In August 2016, Schulte for the first time started tracking WikiLeaks coverage via a number of Google searches, but without visiting the site. He also researched Tails for a second time, as well as throwaway email.

Schulte’s first trackable visit to the WikiLeaks site itself was on March 7, 2017, the day of the first Vault 7 release (though WikiLeaks had started hyping it earlier, starting in February 2017).

From that first release on March 7 through September 7, WikiLeaks would release another Vault 7 release fairly regularly, often every week, other times at two week intervals and, at one point in June, releasing files on consecutive days. WikiLeaks then released the one and only Vault 8 file — source code rather than development notes — on November 9.

In general, that rhythm of releases is not obviously remarkable, though of course it took place against the background of serial efforts to get Julian Assange a pardon in the US.

But it intersects with the investigation of Schulte laid out in search warrant applications and other filings in a few key ways. As I’ll show in a follow-up, it’s clear that Schulte provided WikiLeaks with a story about the files to offer a rationale for their publication, so it’s clear that he did more than provide the files as a dead drop. After the first files dropped, he realized he’d be the prime suspect. Court filings reveal that he contacted a number of his former colleagues (using Google!), trying to find out what they knew about the investigation, acknowledging that he would be a key suspect, and denying he had done the leak.

Then, between the first and the second Vault 7 release, on March 15, the FBI interviewed Schulte as they were searching his apartment. As part of that interview, Schulte lied to the FBI so as to be able to leave his apartment with the CIA diplomatic passport he had never returned (he had plane tickets to leave the country the following day). When he left his apartment, he told FBI Agents he’d be back in roughly an hour. He went to Bloomberg (where he still worked), stashed his passports there, and got on his work computer. 45 minutes after the time he said he’d return, the FBI found him leaving the lobby of Bloomberg, and on threat of arrest, got him to surrender his passports. After all this happened, Bloomberg did an analysis of what Schulte had done on his work computer and phones in this period; FBI seized his work hard drive in May 2017. If Schulte had on-going communications with WikiLeaks, this would have provided an opportunity to reach out to them to tell them he was under imminent threat of arrest.

From that point forward, the FBI asked Schulte new questions based off what had been released by WikiLeaks. Most notably, on June 29, they asked Schulte whether he altered Brutal Kangaroo, a file released by WikiLeaks just a week earlier, outside the CIA.

The rhythm of WikiLeaks’ regular releases continued through August 24, when Schulte was arrested for child porn, with a file released that day, and another file released on September 7, while he was in jail. But after Schulte was released on bail after a September 13 hearing, WikiLeaks released no more Vault 7 files.

An April 2019 Bill of Particulars released last month strongly suggests there may be a tie between Schulte’s Tor activities starting on November 16, 2017. The document suggests that Schulte may have met with someone on November 8, 2017, then lied to the FBI or prosecutors about it 8 days later. Among the four lies the government described to substantiate False Statements and Obstruction charges in his indictment, it explains,

On or about November 16, 2017, Schulte falsely described his trip to a court appearance from the vicinity of Grand Central Terminal to the vicinity of the courthouse, and also falsely claimed to have been approached on the way to that court appearance by an unknown male who allegedly stated, in substance and in part, that he knew that Schulte had been betrayed and bankrupted by the U.S. Government.

This incident almost certainly happened on November 8. As noted, he was arrested on August 24, 2017. He was denied bail at first (so remained in jail). But when he was arraigned on the first (child porn) indictment on September 13, he was granted bail, including house arrest. While he would have had to check in with Parole Officers, the next “court appearance” he had (because the first status hearing got delayed a few times) — and the only court appearance before November 16 — was on November 8. He’d have gone to his first and second arraignment from jail; he was only out on bail to travel to a court appearance from his home for that first status conference.

It seems likely that an FBI surveillance team tracked Schulte on that day doing something suspect between the time he left his home and arrived at the courthouse. The mention of Grand Central suggests he may have met someone there, though that’s not dispositive because his apartment was just a few blocks away. But Schulte’s description of meeting a man he didn’t know, which the government alleges is false, seems like the kind of lie you’d tell if you were covering for meeting a man you did know. As noted, that probably happened on November 8.

On November 9, WikiLeaks released their single Vault 8 file.

Then, Schulte was asked, by some “law enforcement agents and/or prosecutor[] at the U.S. Attorney’s Office” about the incident on November 16.

That same day that he was interviewed about the incident on the way to the courthouse, November 16, he got on Tor for the first of five times, as laid out in his detention memo.

Separately, since the defendant was released on bail, the Government has obtained evidence that he has been using the Internet. First, the Government has obtained data from the service provider for the defendant’s email account (the “Schulte Email Account”), which shows that the account has regularly been logged into and out of since the defendant was released on bail, most recently on the evening of December 6, 2017. Notably, the IP address used to access the Schulte Email Account is almost always the same IP address associated with the broadband internet account for the defendant’s apartment (the “Broadband Account”)—i.e., the account used by Schulte in the apartment to access the Internet via a Wi-Fi network. Moreover, data from the Broadband Account shows that on November 16, 2017, the Broadband Account was used to access the “TOR” network, that is, a network that allows for anonymous communications on the Internet via a worldwide network of linked computer servers, and multiple layers of data encryption. The Broadband Account shows that additional TOR connections were made again on November 17, 26, 30, and December 5.

[snip]

First, there is clear and convincing evidence that the defendant has violated a release condition—namely, the condition that he shall not use the Internet without express authorization from Pretrial Services to do so. As explained above, data obtained from the Schulte Email Account and the Broadband Account strongly suggests that the defendant has been using the Internet since shortly after his release on bail. Especially troubling is the defendant’s apparent use on five occasions of the TOR network.

When it ultimately came time to explain away this use of Tor, Schulte pointed to a series of posts that would form part of what the government claims Schulte called an “information war” attempting to discredit the US government. That was first made broadly available when WikiLeaks posted it on June 19, 2018, the day after Schulte was charged with leaking the Vault 7 files.

The government alleges that a copy posted to Facebook later that year, on September 25, 2018, was posted by Schulte from his jail cell himself, using a contraband cell phone, which makes the WikiLeaks tweet part of Schulte’s deliberate information campaign from jail.

And around the same time Schulte posted his diaries from jail, the government claims, Schulte was prepping to send Wikileaks materials from a fake FBI agent attesting that the Bureau had framed Schulte by planting child porn on his computer.

iii. A document that appears to be an article for release by WikiLeaks.org (“WikiLeaks”), in which a purported FBI “whistleblower” claimed to have provided the discovery in this case to WikiLeaks and that the FBI had planted evidence of child pornography on Schulte’s computer to frame him (the “Fake FBI Document”).

[snip]

What appears to be a “to-do” list dated September 12, 2018, in which Schulte wrote that on September 17 and 18, he would “DL Disc. UL WL,” and.that on September 19, 20, and 21, he would “schedule tweets[.]” I believe that here, “DL Disc. UL WL” means that Schulte planned to download his discovery (”DL Disc.”) from the Schulte Laptop and upload that discovery to WikiLeaks (“UL WL”). As noted above, in another place in the Schulte Cell Documents, Schulte drafted the Fake FBI Document, a purported statement by a supposed FBI “whistleblower” who provided Schulte’s discovery to WikiLeaks and claimed that the FBI had planted evidence of child pornography on Schulte’s computer.

As I’ll show, Schulte gave WikiLeaks several claims it used to introduce the series in March 2017.

Then, several key events — an incident that probably occurred on November 8 which the government accuses Schulte of trying to cover up, WikiLeaks’ sole release of source code from the CIA, the interview at which Schulte allegedly lied about the November 8 incident, and some activity on Tor — makes it more likely the events are more than a coincidence.

And then WikiLeaks contributed early to Schulte’s “Information War,” and Schulte may have expected he could get WikiLeaks to cooperate again, with even more blatant disinformation.

That’s a fairly remarkable degree of coordination at a time when WikiLeaks was trying to coerce an Assange pardon and Schulte was (according to the government) trying to lie his way out of a great deal of legal trouble.

The Parts of the Mueller Report withheld from Roger Stone Show the Centrality of His WikiLeaks Activities to Trump’s Obstruction

Along with denying most of Roger Stone’s frivolous challenges to his prosecution, Amy Berman Jackson also partly granted his motion to get some of the redacted Mueller Report. As she laid out, she permitted the government to withhold grand jury information, sources and methods, stuff that would harm the reputation of others, and prosecutorial deliberations.

But the Court was of the view that the Report of the Special Counsel should receive separate consideration since a great deal of deliberative material within the Report had already been released to the public.

[snip]

Having considered the defendant’s motion, the government’s response and supplemental submissions, and the Report itself, the Court has determined that the defense should have the limited access he requested to some, but not all, of the redacted material.32 Insofar as defendant’s motion to compel seeks any material that was redacted from the public report on the basis that its release would infringe upon the personal privacy of third parties or cause them reputational harm; pursuant to Federal Rule of Criminal Procedure 6(e); or on the basis of national security or law enforcement concerns, including information that if revealed, could potentially compromise sensitive information gathering sources, methods, or techniques or harm ongoing intelligence or law enforcement activities, the Court will deny the motion.33 With respect to material that was withheld solely on the basis that its release could affect the ongoing prosecution of this case, the Court has concluded that the material to be specified in the order issued with this opinion should be provided to counsel for the defendant subject to the terms and conditions of the Protective Order in this case.

As she described, the government “submit[ed] unredacted portions of the Report that relate to defendant ‘and/or “the dissemination of hacked materials.”‘” Then she and the government conducted a sealed discussion about what could be released to Stone. In addition to her opinion, she submitted an order describing which specific pages must now be released to Stone.

We can compare what the government identified as fitting her order — this includes anything that fits the order, whether redacted or not — with what she has ordered released to Stone (note, the government either did not include Appendix D, showing referrals, or ABJ didn’t mention it, because in addition to an unredacted reference to Stone, there are referrals that the FOIA copies show to be related to Stone; nor did it include questions to Trump).

ABJ has not ordered the government to turn over anything pertaining to how GRU got stolen documents to WikiLeaks. This is precisely the kind of thing Stone is trying to get with his demands for Crowdstrike reports; after ABJ pointed out if they really wanted the reports, they would have tried subpoenaing Crowdstrike and they are now launching an attempt to do that. That ABJ has not ordered the government to turn this material over does not bode well for Stone’s plans to make this trial about the hack-and-leak rather than his lies. I would not be surprised if Stone made a second effort to get this information.

She has permitted the government to withhold all the prosecutorial decisions covered by her order except the one pertaining to Stone’s own lies. In addition, she let the government withhold one line about how they hadn’t determined whether or not Stone and Corsi had managed to optimize the release of the Podesta emails in October (though she did give Stone the more detailed discussion of that).

But ABJ has not included any of the references in the main part of Volume II in her order (presumably to protect Trump’s reputation!). That Volume includes three references to Trump and the campaign’s enthusiasm for or attempts to optimize the WikiLeaks releases through Stone, the reference to Richard Burr leaking news of the targets of the investigation (including Stone) to the White House before Jim Comey got fired, and three instances describing Trump floating pardons to Stone or otherwise encouraging him to remain silent.

It also includes the page on which this passage appears:

After Flynn was forced to resign, the press raised questions about why the President waited more than two weeks after the DOJ notification to remove Flynn and whether the President had known about Flynn’s contacts with Kislyak before the DOJ notification.244 The press also continued to raise questions about connections between Russia and the President’s campaign.245 On February 15, 2017, the President told reporters, “General Flynn is a wonderful man. I think he’s been treated very, very unfairly by the media.”246 On February 16, 2017, the President held a press conference and said that he removed Flynn because Flynn “didn’t tell the Vice President of the United States the facts, and then he didn’t remember. And that just wasn’t acceptable to me.” 247 The President said he did not direct Flynn to discuss sanctions with Kislyak, but “it certainly would have been okay with me if he did. I would have directed him to do it if I thought he wasn’t doing it. I didn’t direct him, but I would have directed him because that’s his job.”248 In listing the reasons for terminating Flynn, the President did not say that Flynn had lied to him.249 The President also denied having any connection to Russia, stating, “I have nothing to do with Russia. I told you, I have no deals there. I have no anything.”250 The President also said he “had nothing to do with” WikiLeaks’s publication of information hacked from the Clinton campaign.251 [my emphasis]

Clearly, it was included for Trump’s public denials — at the moment he fired Flynn in an attempt to stop the Russian investigation — of having anything to do with WikiLeaks’ publication of materials stolen from Hillary’s campaign. It is, on its face, a reference to the publication of the stolen emails, and as such qualifies under ABJ’s order. At that level, it is unremarkable.

But the government is treating it not as Trump making empty denials, but instead to make a claim specifically disavowing any involvement in WikiLeaks’ publication of stolen emails. Mueller’s team put the claim right next to a claim we know to be false, a claim designed to hide his Trump Tower deals. And he put all that amid a discussion of why he first did not, and then did, fire Mike Flynn.

Now consider something else: While it doesn’t appear in the Mueller Report at all, one thing Flynn told prosecutors was that after WikiLeaks started dumping John Podesta’s emails, he took part in conversations during which the campaign discussed reaching out to WikiLeaks.

The defendant also provided useful information concerning discussions within the campaign about WikiLeaks’ release of emails. WikiLeaks is an important subject of the SCO’s investigation because a Russian intelligence service used WikiLeaks to release emails the intelligence service stole during the 2016 presidential campaign. On July 22, 2016, WikiLeaks released emails stolen from the Democratic National Committee. Beginning on October 7, 2016, WikiLeaks released emails stolen from John Podesta, the chairman of Hillary Clinton’s 2016 presidential campaign. The defendant relayed to the government statements made in 2016 by senior campaign officials about WikiLeaks to which only a select few people were privy. For example, the defendant recalled conversations with senior campaign officials after the release of the Podesta emails, during which the prospect of reaching out to WikiLeaks was discussed.

There’s nothing in the public record that suggests Flynn knew of Trump’s efforts, during the campaign, to build a Trump Tower. But he did know about Trump’s efforts to optimize WikiLeaks’ releases of stolen emails. And Trump would have known that when he considered the impact of Flynn’s ties to Russia being investigated by the FBI.

And the treatment of that references as a real denial — as Trump evincing guilt even as he fired Flynn — sure makes the Flynn firing more interesting.

Federal Judge Destroys the Hopes of RICO Salvation in DNC Lawsuit

Yesterday, Clinton-appointed Judge John Koeltl dismissed with prejudice the DNC’s lawsuit against Russia, Trump’s flunkies, and WikiLeaks alleging they conspired against the party in 2016. He also ruled against a Republican demand to sanction the DNC for sustaining their claim in the wake of Robert Mueller finding that he “did not establish” a conspiracy between Trump and Russia. Koeltl’s decision is unsurprising. But his decision is interesting nevertheless for what it reveals about his legal assessment of the events of 2016, not least because of the ways it does and does not parallel Mueller’s own decisions.

The scope of the two analyses is different: The Democrats alleged RICO and some wiretapping charges, as well as the theft of trade secrets; Mueller considered campaign finance crimes and a quid pro quo. A short version of the difference and similarity in outcome is that:

  1. Mueller charged the GRU officers who hacked the DNC for the hack (which DOJ has been doing for five years, but which has never been contested by a state-hacker defendant); by contrast, Judge Koeltl ruled that Russia’s hackers could not be sued under the Foreign Sovereign Immunities Act (which is what the Mystery Appellant tried to use to avoid responding to a subpoena); notably, Elliot Broidy’s attempt to blame Qatar for his hack serves as precedent here. For the DNC, this meant the key players in any claimed conspiracy could not be sued.
  2. While Democrats made a bid towards arguing that such a conspiracy went beyond getting Trump elected to getting Trump to enact policies that would benefit Russia, Koeltl treated any Trump role as just that, attempting to get Trump elected. This meant that (for example) Stone’s alleged criminal obstruction after Trump got elected was not deemed part of any conspiracy.
  3. As Mueller did with both the hack-and-leak itself but also with any campaign finance violation associated with getting hacked documents as assistance to a campaign, Koeltl ruled that the Supreme Court’s decision in Bartnicki meant the First Amendment protected everyone besides the Russians from liability for dissemination of the stolen documents.
  4. DNC’s RICO fails because, while the Trump campaign itself was an association, the DNC claim that there was an Association in Fact under RICO fails because the ties between individuals were too scattered and their goals were not the same. Moreover, the goal of the Trump associates — to get Trump elected — is in no way illegal.

The most important part of the decision — both for how it protects journalism, what it says about the EDVA charges against Julian Assange, and what it means for similar hack-and-leak dumps going forward — is Koeltl’s First Amendment analysis, in which he argued that even WikiLeaks could not be held liable for publishing documents, even if they knew they were stolen.

Like the defendant in Bartinicki, WikiLeaks did not play any role in the theft of the documents and it is undisputed that the stolen materials involve matters of public concern. However, the DNC argues that this case is distinguishable from Bartnicki because WikiLeaks solicited the documents from the GRU knowing that they were stolen and coordinated with the GRU and the Campaign to disseminate  the documents at times favorable to the Trump Campaign. The DNC argues that WikiLeaks should be considered an after-the-fact coconspirator for the theft based on its coordination to obtain and distribute the stolen materials.

As an initial matter, it is constitutionally insignificant that WikiLeaks knew the Russian Federation had stolen the documents when it published them. Indeed, in Bartnicki the Supreme Court noted that the radio host either did know, or at least had reason to know, that the communication at issue was unlawfully intercepted.

[snip]

And, contrary to the DNC’s argument, it is also irrelevant that WikiLeaks solicited the stolen documents from Russian agents. A person is entitled [sic] publish stolen documents that the publisher request from a source so long as the publisher did not participate in the theft. … Indeed, the DNC acknowledges that this is a common journalistic practice.

[snip]

WikiLeaks and its amici argue that holding WikiLeaks liable in this situation would also threaten freedom of the press. The DNC responds that this case does not threaten freedom of the press because WikiLeaks did not engage in normal journalistic practices by, for example, “asking foreign intelligence services to steal ‘new material’ from American targets.” … The DNC’s argument misconstrues its own allegations in the Second Amended Complaint. In the Second Amended Complaint, the DNC states that “WikiLeaks sent GRU operatives using the screenname Guccifer 2.0 a private message asking the operatives to ‘[s]end any new material (stolen from the DNC] her for us to review.'” … This was not a solicitation to steal documents but a request for material that had been stolen. [citations removed]

Koeltl analyzes whether the Democratic claim that GRU also stole trade secrets — such as their donors and voter engagement strategies — changes the calculus, but judges that because those things were newsworthy, “that would impermissibly elevate a purely private privacy interest to override the First Amendment interest in the publication of matters of the highest public concern.”

Koeltl goes on to note that the analysis would be the same for Trump’s associates, even though they make no claim (as WikiLeaks does) to being part of the media.

[E]ven if the documents had been provided directly to the Campaign, the Campaign defendants, the Agalarovs, Stone, and Mifsud, they could  have published the documents themselves without liability because they did not participate in the theft and the documents are of public concern. … Therefore, the DNC cannot hold these defendants liable for aiding and abetting publication when they would have been entitled to publish the stolen documents themselves without liability. [citations removed]

That analysis is absolutely right, and even while Democrats might hate this outcome and be dismayed by what this might portend about a repeat going forward, it is also how this country treats the First Amendment, both for those claiming to be journalists and those making no such claim.

All that said, there are several aspects of this analysis worth noting.

This is a DNC suit, not a suit by all harmed Democrats

First, this is a suit by the DNC. Neither Hillary nor John Podesta are parties. “Podesta’s emails had been stolen in a different cyberattack,” Koeltl said, “there is not allegation they were taken from the DNC’s servers.” Had they been, they would have had to have been prepared to submit to discovery by Trump and his associates.

Including Podesta might have changed the calculus somewhat, though Koeltl does not deal with them (though he does suggest they would not have changed his calculus).

They might change the calculus, however, because (as Emma Best has noted) WikiLeaks did solicit something — the transcripts of Hillary’s speeches — that was subsequently obtained in the Podesta hack. The DNC did not include that in their complaint and that might have changed Koeltl’s analysis or, at a minimum, tested one of the theories the government is currently using in the Assange prosecution.

Similarly, while there is now evidence in the record that suggests Stone may have had advanced knowledge even of the July 2016 DNC dump, the allegations that would show him having had an impact on the release of documents pertains to the release of the Podesta emails. Jerome Corsi (who was added in the DNC’s second complaint but not as a conspirator) claimed that he had helped Stone optimize the Podesta release in an attempt to drown out the Access Hollywood video, but Mueller was not able to corroborate that.

More tantalizingly, a filing in Stone’s case shows that in at least one warrant application, the government cited some conversation in which he and others — possibly Corsi and Ted Malloch — were discussing “phishing with John Podesta.” That’s not something that will be public for some time. But even if it suggested that Stone may have had more knowledge of the Podesta hack then let on, it would be meaningless in a suit brought by the DNC.

No one knows why Manafort shared polling data and his plans to win the Rust Belt (indirectly) with Oleg Deripaska

The second DNC complaint mentions, but does not explain, that Paul Manafort had Rick Gates send polling data to Konstantin Kilimnik intended to  be share with oligarchs including Oleg Deripaska.

At some point during the runup to the 2016 election, Manafort “shar[ed] polling data . . . related to the 2016 presidential campaign” with an individual connected to Russian military intelligence. This data could have helped Russia assess the most effective ways to interfere in the election, including how best to use stolen Democratic party materials to influence voters.

[snip]

In March 2016, the Trump Campaign also hired Manafort. As noted above, Manafort was millions of dollars in debt to Deripaska at the time. He was also broke.55 Yet he agreed to work for the Trump Campaign for free. A few days after he joined the Trump Campaign, Manafort emailed Kilimnik to discuss how they could use Manafort’s “media coverage” to settle his debt with Deripaska.56 Manafort had multiple discussions with Kilimnik in the runup to the 2016 election, including one in which Manafort “shar[ed] polling data . . . related to the 2016 presidential campaign.”57 This data could have helped Russia assess the most effective ways to interfere in the election, for instance, by helping it determine how best to utilize information stolen from the DNC .

[snip]

Manafort lied about sharing polling data with Kilimnik related to Trump’s 2016 campaign.226

The Mueller Report’s further details on the sharing, including Manafort’s review of his strategy to win the Rust Belt, came too late for the complaint. And as such, Koeltl doesn’t really deal with that allegation (which would likely require naming others as conspirators in any case), and instead treats any conspiracy as limited to the hack-and-leak.

Thus, he does not treat the hints of further coordination, nor is there currently enough public evidence for the DNC to get very far with that allegation. This is a ruling about an alleged hack-and-leak conspiracy, not a ruling about any wider cooperation to help Trump win the election.

No one knows what happened to the stolen DNC analytics

Finally, while the DNC complaint extensively described the September hack of its analytics hosted on AWS servers — a hack that took place after Stone scoffed at the analytics released to date by Guccifer 2.0 — Koeltl doesn’t treat that part of the hack in detail because it was never publicly shared with anyone.

The Second Amended Complaint does not allege that any materials from the September 2016 hack were disseminated to the public and counsel for the DNC acknowledged at the argument of the current motions that there is no such allegation.

The DNC included the analytics in their trade secret discussion, but given that Russia had FSIA immunity, and given that the GOP is not known to have received any of this, Koeltl did not consider the later theft (which is not known to have had the same public interest value as the claimed trade secrets that got leaked).

The SAC asserts: “The GRU could have derived significant economic value from the theft of the DNC’s data by, among other possibilities, selling the data to the highest bidder.” There is no allegation that the Russian Federation did in fact sell the DNC’s data, and any claims against the Russian Federation under the federal and state statutes prohibiting trade secret theft are barred by the FSIA.

Finally, given that it was not released publicly Koeltl does not consider how the GRU hack of analytics after Stone’s discussion of analytics with Guccifer 2.0 might change the analysis on whether Stone was involved prior to any hacks.

Similarly, Stone is alleged to have contacted WikiLeaks through Corsi for the first time on July 25, 2016 and spoke to GRU officers in August 2016 — months after the April 2016 hack. Stone is not alleged to have discussed stealing the DNC’s documents in any of these communications, or to have been aware of the hacks until after they took place.

[snip]

DNC does not raise a factual allegation that suggests that any of the defendants were even aware that the Russian Federation was planning to hack the DNC’s computers until after it had already done so.

Again, there’s too little know about the purpose of this part of the hack (which virtually no one is aware of, but which would have been particularly damaging for the Democrats), and as such the DNC would not be in a position to allege it in any case. But it is a key part of the hack that shifts the timeline Koeltl addressed.

Which ultimately leaves Koeltl’s final judgment about the DNC attempt to obtain some kind of remedy for having Trump welcome and capitalize on a foreign state’s actions to tamper in the election. “Relief from the alleged activities of the Russian Federation,” Koeltl said, “should be sought from the political branches of the Government and not from the courts.”

One of the few ways to do that is to impeach.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Accused Vault 7 Leaker Joshua Schulte Planned to Have WikiLeaks Publish Disinformation to Help His Defense

When WikiLeaks announced its publication of the CIA’s hacking tools in March 2017, the first tool it highlighted was an effort called Umbrage, which it claimed the CIA used to “misdirect attribution.”

UMBRAGE

The CIA’s hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a “fingerprint” that can be used by forensic investigators to attribute multiple different attacks to the same entity.

This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.

The CIA’s Remote Devices Branch‘s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

Experts noted at the time that Umbrage served mostly to save time by reusing existing code. Nevertheless, the representation that the CIA would sometimes use other nation’s tools was immediately integrated into conspiracy theories denying that Russia carried out the 2016 hacks on Democrats. Because the CIA sometimes obscured its own hacks, denialists have said since, the CIA must have been behind the 2016 hacks, part of a Deep State operation to frame Russia and in so doing, undermine Trump.

Documents released this week reveal that Joshua Schulte, who is accused of leaking those documents to WikiLeaks, believed he could get WikiLeaks to publish disinformation to help his case.

Several documents submitted this week provide much more clarity on Schulte’s case. On Monday, the government responded to a Schulte effort to have his communications restrictions (SAMs) removed; their brief not only admitted — for what I believe to be the first time in writing — that the CIA is the victim agency, but described an Information War Schulte attempted to conduct from jail using contraband phones and a slew of social media accounts.

Yesterday, in addition to requesting that Schulte’s child porn charges be severed from his Espionage ones, his defense team moved to suppress the warrants used to investigate his communication activities in jail based on a claim the FBI violated Schulte’s attorney-client privilege. During the initial search, agents reviewed notebooks marked attorney-client with sufficient attention to find non-privileged materials covered by the search warrant, and only then got a privilege team to go through the notebooks in more detail. The privilege team confirmed that 65% of the contents of the notebooks was privileged. In support of the suppression motion, Schulte’s lawyers released most of the warrants used to conduct those searches, including the downstream one used to access three ProtonMail accounts discovered by the government and another downstream one used to access his ten social media accounts (see below for a list of all of Schulte’s accounts). Effectively, they’re arguing that the FBI would have never found this unbelievably incriminating communications activity, which will make it fairly easy for the government to prove that Schulte is the Vault 7 leaker without relying on classified information, without accessing those notebooks marked privileged.

But along the way, the documents released this week show that the guy accused of leaking that Umbrage file that denialists have relied on to claim the 2016 hack was a false flag operation framing Russia himself planned false flag activities to proclaim his innocence.

The government’s SAMs response describes in cursory fashion and the affidavits for the warrants as a whole describe in more detail how Schulte planned to adopt two fake identities — a CIA officer and an FBI Agent — to proclaim his innocence. The idea behind the latter was to corroborate two claims Schulte posted on his JoshSchulte WordPress sites on October 1, 2018 — that the FBI had planted the child porn discovered on his computer.

i. “I now believe the government planted the CP after their search warrants turned up empty-not only to save their jobs and investigation, but also to target and decimate my reputation considering my involvement in significant information operations and covert action.”

As noted above, in the Fake FBI Document in the Schulte Cell Documents, a purported FBI “whistleblower” claimed that the FBI had placed child pornography on Schulte’s computer after its initial searches of the device were unsuccessful in recovering evidence. See supra~ 14(a)(iii).

ii. “So who’s responsible for Vault 7? The CIA’s own version of the FBI’s Peter Strzok and Lisa Page,”

As noted above, in the September Tweet in the Schulte Cell Documents, a purported former CIA colleague of Schulte (but who was in fact simply Schulte himself) claimed that two other CIA former colleagues, one of whom Schulte described as the “Peter Strzok of the CIA,” had conspired to blame Schulte for Vault 7, WikiLeaks’ disclosure of the CIA material.

As noted above, two of the documents found in Schulte’s cell mixed in with the attorney-client material show how Schulte planned to create false identities to spread the same stories. One was an article he planned to send to WikiLeaks, claiming to be from an FBI whistleblower describing how Schulte was framed.

iii. A document that appears to be an article for release by WikiLeaks.org (“WikiLeaks”), in which a purported FBI “whistleblower” claimed to have provided the discovery in this case to WikiLeaks and that the FBI had planted evidence of child pornography on Schulte’s computer to frame him (the “Fake FBI Document”).

The documents also include his plans to release a fake CIA tweet claiming he was framed for the Vault 7 leak.

iv. Drafts of a tweet (the “Fake CIA Tweet”) that appear to have been drafted around August 30, 2018,3 in which Schulte pretending to be a former CIA colleague claimed that two other former CIA colleagues, both of whom Schulte referred to by full name and one of whom he described as the “Peter Strzok of the CIA,” had “set up” Schulte and used him as a “scapegoat” for “Vault 7,” which is the name of WikiLeaks serial disclosures of CIA material that began on or about March 7, 2017 and which forms the basis of some of the current charges against Schulte. On the following page of the Schulte Cell Documents appears the text “Just to authenticate me fast” followed by other apparent draft tweets that discussed the CIA’s alleged activities and methods, some of which appear to be classified (the “Fake Authentication Tweets”).4 . . I believe that Schulte planned to potentially publish the Fake Authentication Tweet before the Fake CIA Tweet in an effort to purportedly verify the author’s employment with the CIA and knowledge of the information in the Fake CIA Tweet.

Finally, the FBI also found Schulte’s to do list of how he planned to share both the fake FBI document and his discovery with WikiLeaks.

What appears to be a “to-do” list dated September 12, 2018, in which Schulte wrote that on September 17 and 18, he would “DL Disc. UL WL,” and.that on September 19, 20, and 21, he would “schedule tweets[.]” I believe that here, “DL Disc. UL WL” means that Schulte planned to download his discovery (”DL Disc.”) from the Schulte Laptop and upload that discovery to WikiLeaks (“UL WL”). As noted above, in another place in the Schulte Cell Documents, Schulte drafted the Fake FBI Document, a purported statement by a supposed FBI “whistleblower” who provided Schulte’s discovery to WikiLeaks and claimed that the FBI had planted evidence of child pornography on Schulte’s computer.

From a legal standpoint, Schulte’s lawyers have disclosed all these warrant materials in an urgent effort to suppress everything the government found after first accessing his notebooks from jail. The FBI investigation proceeded from those notebooks to the WordPress site showing him claiming something identical to disinformation he was packaging up to share with WikiLeaks. They also got from those notebooks to ProtonMail accounts where Schulte offered to share what may or may not be classified information with a journalist. The reason why the defense is pushing to suppress this — one of the only challenges they’re making in his prosecution thus far — is because the stuff Schulte did in prison is utterly damning and seems to confirm both his familiarity with WikiLeaks and his belief that he needed to create disinformation to claim to be innocent.

We’ll see whether this Fourth and Sixth Amendment challenge works.

But along the way, the defense has released information — the provenance of which they’re not disputing in the least — that shows that Schulte planned to use WikiLeaks to conduct a disinformation campaign. But it wouldn’t be the first time Schulte had gotten WikiLeaks to carry out his messaging. A year ago today — in the wake of Schulte being charged with the Vault 7 leak — WikiLeaks linked to the diaries that Schulte was writing and posting from his jail cell, possibly showing that Schulte continued to communicate with WikiLeaks — either via a family member or directly — even after he had been put in jail. Those diaries are among the things seized in the search.

In a follow-up, I think I can show that Schulte did succeed in using WikiLeaks as part a disinformation campaign.

Social media accounts Joshua Schulte accessed from jail

ProtonMail: annon1204, presumedguilty, freejasonbourne

Twitter: @freejasonbourne (created September 1, 2018 and used through October 2, 2018)

Buffer (used to schedule social media posts): (created September 3, 2018, used through September 7, 2018)

WordPress: joshschulte.wordpress.com, presumptionofslavery.wordpress.com, presumptionofinnocence.net (all created August 14, 2018)

Gmail: [email protected], [email protected] (created April 15, 2018), [email protected].com,

Outlook: [email protected]

Facebook: ‘who is JOHN GALT? (created April 17, 2018)

Update: The government also believed at the time that an account in the name Conj Khyas was used by Schulte to receive classified information at his annon1204 account. It was not listed in these warrants, but would amount to a 14th account.

The Congressional Research Service’s (Dated) Take on Julian Assange’s Indictment: DOJ May Argue He Aided Russian Spying

Project on Government Secrecy just released a Congressional Research Service report, which was originally written on April 22, on Julian Assange’s arrest.

It’s a fairly balanced and thorough document, including quotes from The Intercept. But it’s dated, with the body of the report integrating neither his superseding indictment (though an update does note it happened) nor Sweden’s stance — reopening but not asking for extradition on — the rape investigation.

There’s one big thing that the report misses, which is relevant for its analysis, even dated as it is. It describes, correctly, that Assange was originally indicted in March 2018. But it doesn’t note that the complaint was obtained on December 21, 2017. That seems particularly pertinent given that it happened on the same day as (and therefore may be the legal reason why) the UK denied Ecuador’s attempt to make Assange a diplomat.

Ecuador previously had been unsuccessful in its attempts secure arrangements for Assange to leave the embassy through legal channels. In 2017, the country made Assange an Ecuadorian citizen. Later that year, Ecuador’s foreign minister designated Assange as a diplomat in what observers interpreted to be an effort to confer the VCDR’s personal diplomatic protections on Assange, allowing him to leave the embassy and take up a diplomatic post in Russia without fear of arrest during his travel. But U.K. officials denied Assange diplomatic accreditation, and Ecuador withdrew its diplomatic designation shortly thereafter. Ecuador also suspended Assange’s citizenship as part of its decision to allow his arrest.

For a document meant to provide Congress a balanced report on his arrest, it seems pertinent to suggest that Ecuador may have failed in its efforts to secure this diplomatic solution because the US intervened quickly.

And that, in turn, seems relevant to the one point that I haven’t seen discussed in other coverage of Assange’s arrest: whether DOJ got around cautions against indicting journalists in its media policy by relying on the language that such cautions do not apply when there are reasonable grounds to believe that the media person in question is aiding, abetting, or conspiring in illegal activities with a foreign power.

The news media policy also provides that it does not apply when there are reasonable grounds to believe that a person is a foreign power, agent of a foreign power, or is aiding, abetting, or conspiring in illegal activities with a foreign power or its agent. The U.S. Intelligence Community’s assessment that Russian state-controlled actors coordinated with Wikileaks in 2016 may have implicated this exclusion and other portions of the news media policy, although that conduct occurred years after the events for which Assange was indicted. The fact that Ecuador conferred diplomatic status on Assange, and that this diplomatic status was in place at the time DOJ filed its criminal complaint, may also have been relevant. Finally, even if the Attorney General concluded that the news media policy applied to Assange, the Attorney General may have decided that intervening events since the end of the Obama Administration shifted the balance of interests to favor prosecution. Whether the Attorney General or DOJ will publicly describe the impact of the news media policy is unclear.

That is, CRS suspects that DOJ may have gotten around cautions against arresting members of the media by using the exception in AG Guidelines,

(ii) The protections of the policy do not extend to any individual or entity where there are reasonable grounds to believe that the individual or entity is –

(A) A foreign power or agent of a foreign power, as those terms are defined in section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801);

Which would in effect mean they were arguing that Assange fulfills this language from FISA.

(B) acts for or on behalf of a foreign power which engages in clandestine intelligence activities in the United States contrary to the interests of the United States, when the circumstances indicate that such person may engage in such activities, or when such person knowingly aids or abets any person in the conduct of such activities or knowingly conspires with any person to engage in such activities;

It would be unsurprising to see DOJ argue that for Assange’s activities in 2016. After all, they’ve described him in terms often used with co-conspirators in the GRU indictment (though didn’t obtain that indictment until long after Assange was charged and indicted). They similarly describe WikiLeaks as the recipient of Vault 7 documents in the Joshua Schulte superseding indictments; but while that gets perilously close to alleging Schulte was leaking documents on behalf of a foreign power, they don’t charge that (and, again, that superseding indictment was obtained months after the Assange one).

None of that means Assange was acting as — or abetting — the actions of a foreign power in 2010. That may ultimately be what they want to argue, that he was conspiring with Russia way back in 2010. But they haven’t charged or alleged that yet. Indeed, even Mike Pompeo’s accusations from 2017 — that WikiLeaks was a non-state intelligence service — don’t seem to reach the language in these exceptions.

And none of that makes this language any less dangerous for journalists. A lot of journalists published documents stolen from the DNC in 2016 long after it was broadly accepted that Russia had stolen them. That would mean any of those journalists might be accused of knowingly abetting Russia’s election year efforts.

In other words, prosecuting Assange because he knowingly abetted Russian efforts (especially if DOJ can only prove that for 2016, not the 2010 actions they’ve charged him with) still doesn’t pass the “New York Times” test.

The Three Theories of Prosecution for Julian Assange

In this post, I laid out what the 17 new charges against Julian Assange are. In this, I’ll look more closely at three theories of criminalization here:

  • Theory One: Charging Assange for causing Chelsea Manning to leak classified information by soliciting it generally or specifically (and/or discussing its value before she obtained it)
  • Theory Two: Charging Assange for offering to help crack a password and attempting to obtain the documents that would have been available using it
  • Theory Three: Charging Assange for leaking the identities of US government informants in three different databases

Theory One: Obtaining and disclosing documents that were solicited (Counts 2-4 and 6-14)

Effectively, for three sets of documents, they’ve charged Assange for causing Chelsea Manning to obtain (Charges 2 through 4), Assange obtaining himself (Charges 6 through 8), causing Manning to disclose documents she did not have authorized possession of (Charges 9 through 11), and  causing Manning to disclose legally obtained documents (Charges 12 through 13) for three sets of documents: The Gitmo Detainee Assessment Briefs, the State Department Cables, and the Iraq Rules of Engagement.

Assange is not being charged for publishing anything under this theory (that’s not true under Theory Three). He’s being charged with causing Manning to obtain and disclose them to him.

To accuse Assange of causing Manning to do these things, they show how a Most Wanted Leaks list posted on WikiLeaks until September 2010 resembles what Manning looked for on DOD’s networks and what she sent to Assange.

In addition, they show that Manning and Assange discussed some of these leaks before she obtained them.

For example, on March 7, 2010, Manning asked ASSANGE how valuable the Guantanamo Bay detainee assessment briefs would be. After confirming that ASSANGE thought they had value, on March 8, 2010, Manning told ASSANGE that she was “throwing everything [she had] on JTF GTMO [Joint Task Force, Guantanamo] at [Assange] now.” ASSANGE responded, “ok, great!”

[snip]

Manning later told ASSANGE in reference to the Guantanamo Bay detainee assessment briefs that “after this upload, thats all i really have got left.” I

It argued that Manning downloaded the State Department cables in response to the request for bulk databases on the Wish List.

Further, following ASSANGE’s “curious eyes never run dry” comment, and consistent with WikiLeaks’s solicitation of bulk databases and classified materials of diplomatic significance, as described in paragraphs 2,4-5, between on or about March 28, 2010, and April 9, 2010, Manning used a United States Department of Defense computer to download over 250,000 U.S. Department of State cables, which were classified up to the SECRET level. Manning subsequently uploaded these cables to ASSANGE and WikiLeaks through an SFTP connection to a cloud drop box operated by WikiLeaks, with an X directory that WikiLeaks had designated for Marining’s use. ASSANGE and WikiLeaks later disclosed them to the public.

And it showed that the Iraq Rules of Engagement were on the Wish List.

As of November 2009, WikiLeaks’s “Most Wanted Leaks” for the United States included the following:

[snip]

b. “Military and Intelligence” documents, including documents that the list described as classified up to the SECRET level, for example, “Iraq and Afghanistan Rules of Engagement 2007-2009 (SECRET);”

[snip]

Following ASSANGE’s “curious eyes never run dry” comment, on or about March 22,2010, consistent with WikiLeaks’s “Most Wanted Leaks” solicitation of “Iraq and Afghanistan US Army Rules of Engagement 2007-2009 (SECRET),” as described in paragraphs 4-5, Manning downloaded multiple Iraq rules of engagement files from her Secret Internet Protocol Network computer and burned these files to a CD, and provided them to ASSANGE and WikiLeaks.

Thus, for each of these, the government is saying that soliciting specific classified (or protected) materials amounts to Espionage. This is the theory of prosecution I argued would criminalize people like Jason Leopold, who was clearly engaged in journalism when he specifically asked about a specific Suspicious Activity Report from a source.

Theory Two: Attempted hacking to attempt to obtain the documents available via the hack (Counts 5 and 18)

For one vaguely defined set of documents, DOJ has charged Assange for attempting to help Manning crack a password (which was the single previous charge, which is now Charge 18) in order to attempt to obtain unidentified documents on SIPRNet.

15. In furtherance of this scheme, ASSANGE agreed to assist Manning in cracking a password hash stored on United States Department of Defense computers connected to the Secret Internet Protocol Network, a United States government network used for classified documents and communications, as designated according to Executive Order No. 13526 or its predecessor orders.

I believe (though am not certain) that that’s what the documents charged in Count 5 are about.

Between in or about November 2009 and in or about May 2010, in an offense begun and committed outside of the jurisdiction of any particular state or district of the United States, the defendant, JULIAN PAUL ASSANGE, who will be first brought to the Eastern District of Virginia, and others unknown to the Grand Jury, knowingly and unlawfully attempted to receive and obtain documents, writings, and notes connected with the national defense—^namely, information stored on the Secret Internet Protocol Network classified up to the SECRET level— for the purpose of obtaining information respecting the national defense, knowing and having reason to believe, at the time that he attempted to receive and obtain them, that such materials would be obtained, taken, made, and disposed of by a person contrary to the provisions of Chapter 37 of Title 18 of the United States Code.

This theory also doesn’t charge Assange with publishing information. Rather than charging him for soliciting leaks (Theory One), it charges him with helping to obtain documents Manning was not authorized to obtain by attempting to crack a password to get Administrators privileges.

Releasing the names of informants (Counts 15-17)

For each of three sets of US government informants, there’s also a charge tied to the informants’ identities disclosed in bulk databases.

35. Also following Manning’s arrest, during 2010 and 2011, ASSANGE published via the WikiLeaks website the documents classified up to the SECRET level that he had obtained from Manning, as described in paragraphs 12, 21, and 27, including approximately 75,000 Afghanistan war-related significant activity reports, 400,000 Iraq war-related significant activities reports, 800 Guantanamo Bay detainee assessment briefs, £ind 250,000 U.S. Department of State cables.

36. The significant activity reports from the Afghanistan and Iraq wars that ASSANGE published included names of local Afghans and Iraqis who had provided information to U.S. and coalition forces. The State Department cables that WikiLeaks published included names of persons throughout the world who provided information to the U.S. government in circumstances in which they could reasonably expect that their identities would be kept confidential. These sources included journalists, religious leaders, human rights advocates, and political dissidents who were living in repressive regimes and reported to the United States the abuses of their own government, and the political conditions within their countries, at great risk to their own safety. By publishing these documents without redacting the human sources’ names or other identifying information, ASSANGE created a grave and imminent risk that the innocent people he named would suffer serious physical harm and/or arbitrary detention.

For each database, the indictment looks at several instances of the individuals whose identities were released. It then lays out evidence that Assange knew and did not care that by publishing these identities he would be endangering people.

This is the theory of prosecution that does criminalize the publication of true information. And it criminalizes something that journalists do, at times, do.

The government often tries to classify identities that should not be (as they did with Gina Haspel, to hide her role in torture, for example). When journalists learn these identities they sometimes do choose to ignore admonitions against publication, for good reason. That’s what Assange is accused of doing here, but only on a mass scale. But if this is successful, there’s nothing that will prevent the government from charging people for disclosing classified identities at a smaller scale.

I’m also not sure how, as a foreign citizen, this doesn’t invite retaliation against the US for identifying classified identities of other countries.

Rick Gates’ Status Report Suggests Trump Will Be a Focus of Roger Stone’s Trial

As I noted yesterday, the government submitted a status report in Rick Gates’ case yesterday — the first since Mueller submitted his report. In the past several prior reports, the government had asked for sixty day extensions, but here, the government is asking for over three months.

The prosecutors who submitted the report — who are both on the Greg Craig prosecution team — make one reason for the longer extension clear: they’re scheduling the next status report for after Craig’s trial is expected to finish.

To date: (1) defendant Gates continues to cooperate with the government as required by his Plea Agreement, and (2) this Court has scheduled a trial in United States v. Craig, 19-CR-125 (ABJ), to begin on August 12, 2019,

Gates is not obviously mentioned in Craig’s indictment, but Paul Manafort is central to it, so presumably prosecutors want to have Gates explain why Manafort thought it so important that Craig hide the source of the funding for the Skadden Arps payment, Victor Pinchuk, which parallels the reasons why Manafort wanted everyone else who worked for him to keep their Ukrainian paymasters secret.

But prosecutors also mention Roger Stone’s November trial (though none of Stone’s prosecutors are on this filing).

another trial, United States v. Stone, 19-CR-18 (ABJ), to begin November 5, 2019

That’s interesting given the way the very redacted passages treating Stone’s charges in the Mueller Report flesh out Gates’ role as a liaison between Trump and Stone in the effort to optimize the WikiLeaks releases. Stone’s indictment had been coy on this point (so much so, I’ve wondered whether Big Dick Toilet Salesman told Mueller to stop mentioning Trump in charging documents after the Michael Cohen plea). It describes senior members of the campaign contacting Stone to find out what WikiLeaks had coming.

During the summer of 2016, STONE spoke to senior Trump Campaign officials about Organization 1 and information it might have had that would be damaging to the Clinton Campaign. STONE was contacted by senior Trump Campaign officials to inquire about future releases by Organization 1.

[snip]

By in or around June and July 2016, STONE informed senior Trump Campaign officials that he had information indicating Organization 1 had documents whose release would be damaging to the Clinton Campaign.

And there’s this very pregnant passage using the passive voice to describe someone — the indictment doesn’t name who — directing a senior campaign official to contact Stone about further releases, which would lead to Stone’s efforts to find out, in part via Jerome Corsi, what was coming in late July and early August.

After the July 22, 2016 release of stolen DNC emails by Organization 1, a senior Trump Campaign official was directed to contact STONE about any additional releases and what other damaging information Organization 1 had regarding the Clinton Campaign. STONE thereafter told the Trump Campaign about potential future releases of damaging material by Organization 1.

Stone has denied it happened but said if it did, Gates would have been the one who reached out to him.

And while the passage of the Mueller Report describing all this is heavily redacted, it does seem to confirm that — after Trump and Manafort both showed great interest in the WikiLeaks releases, at least Manafort and probably both (given the reference to Manafort “separately” telling Gates to stay in touch with Stone) told Gates to reach out to Stone.

[snip]

In addition, Gates seems to have witnessed Trump take a call from Stone at which the then candidate’s rat-fucker informed him about the upcoming WikiLeaks releases.

Given all the documentary evidence the government has against Stone, Gates’ testimony is probably not necessary to prove that Stone lied to the House Intelligence Committee about his efforts to optimize the WikiLeaks releases. But it may serve several prosecutorial roles.

First, given that Stone was interacting with Trump directly on the WikiLeaks releases, Gates’ (as well as Michael Cohen and even Manafort’s, the latter of whom seems to have uncharacteristically told the truth on this to the grand jury) confirmation that such contacts occurred could easily explain Stone’s motive to lie to HPSCI — which would serve to protect Trump. This is all the more true given how brazenly Trump lied about this point in his sworn answers to Mueller.

I recall that in the months leading up to the election there was considerable media reporting about the possible hacking and release of campaign-related information and there was a lot of talk about this matter. At the time, I was generally aware of these media reports and may have discussed these issues with my campaign staff or others, but at this point in time – more than two years later – I have no recollection of any particular conversation, when it occurred, or who the participants were.

I do not recall being aware during the campaign of any communications between [Stone, Donald Trump, Jr., Manafort, or Gates] and anyone I understood to be a representative of WikiLeaks or any of the other individuals or entities referred to in the question.

[snip]

I was in Trump Tower in New York City on October 7, 2016. I have no recollection of being told that WikiLeaks possessed or might possess emails related to John Podesta before the release of Mr. Podesta’s emails was reported by the media. Likewise, I have no recollection of being told that Roger Stone, anyone acting as an intermediary for Roger Stone, or anyone associated with my campaign had communicated with WikiLeaks on October 7, 2016.

I do not recall being told during the campaign that Roger Stone or anyone associated with my campaign had discussions with [WikiLeaks, Guccifer 2.0, or DCLeaks] regarding the content or timing of release of hacked emails.

I spoke by telephone with Roger Stone from time to time during the campaign. I have no recollection of the specifics of any conversations I had with Mr. Stone between June 1.2016 and November 8, 2016. I do not recall discussing WikiLeaks with him, nor do I recall being aware of Mr. Stone having discussed WikiLeaks with individuals associated with my campaign, although I was aware that WikiLeaks was the subject of media reporting and campaign-related discussion at the time.

Gates will not only help to prove that Trump knew all this was going on, but that the campaign had dedicated resources to make use of Stone’s disclosures.

In addition, the government’s ability to tie the President directly to this part of the operation will make it harder (though nothing is beyond Trump) to pardon Stone before the trial, even while it will provide incentive to Trump to do so. Trump’s centrality in all this may be one reason William Barr is so aggressively protecting the Stone related disclosures, including with his refusals to share unredacted copies of the report with Congress: because Trump’s documented role in encouraging Stone’s efforts is far stronger than it is in any of the other potential incidences of election tampering.

Finally, all this may change the calculus if and when Julian Assange gets extradited to the US. Trump was asked about — but refused to answer — whether he considered a pardon for Assange.

Trump’s lies to Mueller are perhaps best documented as they pertain to WikiLeaks. Using Gates as a witness at Stone’s trial will make the trial an exhibition of the President’s lies as much as those of his rat-fucker.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

In a Shoddy Attempt to Inflate the Single Server Fallacy, Roger Stone Suggests Communicating with Guccifer 2.0 Would Be Criminal

In a frivolous pair of motions, Roger Stone is going after CrowdStrike’s analysis of the Russian hack. In the first, he demands full unredacted copies of CrowdStrike’s reports on the hacks. He bases that demand on a claim the CrowdStrike reports are material to a motion to suppress the warrants against him because — he claims, falsely — the government relied exclusively on the CrowdStrike reports to decide Russia had hacked Democratic targets, so if the reports are faulty, then so are the warrants.

The entire stunt is based off what appears to be an inaccurate claim — that this government response to some other frivolous motions claimed they didn’t have to prove that Russia hacked Democratic targets.

The Government stated in its Opposition to Stone’s Motion to Dismiss (Dkt # 99) that it will not be required to prove that the Russians hacked either the Democratic National Committee (“DNC”) or Democratic Congressional Campaign Committee (“DCCC”) from outside their physical premises or that the Russians were responsible for delivering the data to WikiLeaks.

Maybe he’s thinking of another government response to his motions that notes they don’t have to prove an underlying crime to prove obstruction, but the one he cites (without paragraph citation) doesn’t make that claim. I mean, it is true that the government doesn’t have to prove the underlying crime, but that’s still another issue than having to prove what physical premises the Russians hacked the DNC from.

In his demand for the CrowdStrike servers, Stone at least claims he’s making the demand to distinguish his case from all the other Trump flunkies prosecuted for lying to Congress and mount a materiality challenge to his false statements prosecution.

As to selective prosecution, if the Russian state did not hack the DNC, DCCC, or Podesta’s servers, then Roger Stone was prosecuted for obstructing a congressional investigation into an unproven Russian state hacking conspiracy, while others similarly situated were not. Lastly, if the Russian state did not hack the servers or did not transfer the data to WikiLeaks, the exculpatory evidence regarding materiality, a factual issue for the jury, is amplified.

But in his Fourth Amendment challenge, Stone suggested that if Russia didn’t hack the Democrats and hand the documents to WikiLeaks, then speaking to WikiLeaks and Guccifer 2.0 would not be a crime.

If these premises are not the foundation for probable cause, Roger Stone communicating with a Twitter user named “Guccifer 2.0” or speaking with WikiLeaks, would not constitute criminal activity.

Hmm.

Speaking to WikiLeaks and Guccifer 2.0 would only be a crime if Stone engaged in a conspiracy with them, and a good bit of the redacted language on prosecutorial decisions in the Mueller Report probably says the First Amendment otherwise protects such speech. That said, the claim that talking to them would be a crime is interesting given some of the crimes for which the government showed probable cause in his warrant affidavits.

The search warrant applications however, allege that the FBI was investigating various crimes at different times, such as Stone for accessory after the fact, misprision of a felony, conspiracy, false statements, unauthorized access of a protected computer, obstruction of justice, witness tampering, wire fraud, attempt and conspiracy to commit wire fraud, and foreign contributions ban. The uncharged conduct particularly relied upon the assumptions the Russian state is responsible for hacking the DNC, DCCC,1 and even (although not as clear) Hillary Clinton campaign manager, John Podesta.

Stone is not, here, claiming that the government didn’t show a lot of evidence he engaged in these crimes (and remember, the government has told Andrew Miller that they’re likely to supersede Stone’s current indictment after they get Miller’s grand jury testimony, the content of which they know from an FBI interview last year). Rather, he’s claiming that these hacking-related crimes would only be illegal if the Russians did the hacking. (I really look forward to the government response to this, because some of these crimes would be crimes based on Julian Assange’s foreign status, not GRU’s, and wire fraud is a crime all by itself.)

Perhaps most interesting is the way Stone’s lawyers dismiss the Mueller Report (and the GRU indictment’s) focus on DCCC and Podesta documents. A footnote even suggests falsely that the Mueller Report said the DCCC documents did not get released.

WikiLeaks never released the DCCC documents. The Mueller report suggests the hack of the DCCC only provided additional keys to access the DNC servers.

At one point — perhaps a critical one — Stone uses the fact that the GRU hacked the DNC’s AWS server after Stone dismissed the value of the DCCC oppo research Guccifer 2.0 discussed with Stone in early September 2016 to suggest CrowdStrike was not competent.

CrowdStrike’s three draft reports are dated [sic] August 8 and August 24, 2016. The Mueller Report states Unit 26165 officers also hacked into a DNC account hosted on a cloud-computing service on September 20, 2016, thereby illustrating the government’s reliance on CrowdStrike even though the DNC suffered another attack under CrowdStrike’s watch.

Of course, CrowdStrike had little ability to protect AWS’ servers.

Ultimately, this is an attempt to misrepresent the Mueller Report and GRU indictment to shift the focus away from the Podesta and DCCC documents — where Stone’s greater criminal exposure might lie — and onto the Single Server Fallacy about the DNC server, which is irrelevant to those other documents.

And along the way, Stone lays out a good number of impressive crimes he was and may still be at risk for, and admits the government believed his actions are closely enough tied to the hacks to get redacted copies of the CrowdStrike reports in discovery. He also concedes (incorrectly) that simply speaking to WikiLeaks and Guccifer 2.0 may be a crime.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post.