SDNY Calls DOJ’s Definition of the Espionage Act an “Academic Interest”

DOJ has now responded to my intervention in the Joshua Schulte case. Presumably because my motion, written by Kel McClanahan, focused on how flimsy the government’s claim to keep transcripts of a CIPA conference hidden, the government’s response pitches this as exclusively a CIPA battle. It’s totally a reasonable legal stance.

But along the way, in apparent effort to distract from the topic at issue — in part, the application of the Espionage Act to journalism — SDNY suggests it is just an academic interest whether DOJ would charge someone for sharing classified information already published by the NYT.

The mere fact that someone would like to know information is not a part of the right-of-access analysis, however, and the Government’s motion should be granted.

[snip]

Intervenor’s desire to speculate as to the potential application of the Government’s articulation of the elements of an offense to other circumstances has no bearing on the ability of the public to monitor or assess the actual rulings of the Court in the CIPA § 6 hearings to which Intervenor demands access.

[snip]

[T]he question is not whether redacted transcripts are coherent as a matter of language or whether they might be relevant to Intervenor’s academic interest.

I’m the intervenor here, not McClanahan (who is a professor on national security law at GW Law). I need to know this stuff not just to cover WikiLeaks (I’m more of an expert than the expert SDNY relied on in the first trial, Paul Rosenzweig), but also to understand my own exposure as a journalist.

Not once in the filing does the government use the words “Espionage Act.” Not once does DOJ mention “journalist.” Not once does it mention the NY Times, the hypothetical that DOJ is attempting to hide, which (as Judge Jesse Furman described in a court hearing) is this:

I gave you two hypotheticals. I think one is where a member of the public goes on WikiLeaks today and downloads Vault 7 and Vault 8 and then provides the hard dive with the download to someone who is not authorized to receive NDI, and I posed the question of whether that person would be guilty of violating the Espionage Act and I think your answer was yes. That strikes me as a very bold, kind of striking proposition because in that instance, if the person is not in a position to know whether it is actual classified information, actual government information, accurate information, etc., simply providing something that’s already public to another person doesn’t strike me as — I mean, strikes me as, number one, would be sort of surprising if that qualified as a criminal act. But, to the extent that the statute could be construed to the extend to that act one would think that there might be serious constitutional problems with it.

I also posed the hypothetical of the New York Times is publishing something that appears in the leak and somebody sharing that article in the New York Times with someone else. That would be a crime and there, too, I think you said it might well be violation of the law. I think to the extent that that would extend to the New York Times reporter for reporting on what is in the leak, or to the extent that it would extend to someone who is not in position to know or position to confirm, that raises serious constitutional doubts in my mind. That, to me, is distinguishable from somebody who is in a position to know. I think there is a distinction if that person transmits a New York Times article containing classified information and in that transmission does something that confirms that that information is accurate — right — or reliable or government information, then that’s confirmation, it strikes me, as NDI. But it just strikes me as a very bold and kind of striking proposition to say that somebody, who is not in position to know or does not act in a way that would confirm the authenticity or reliability of that information by sharing a New York Times article, could be violating the Espionage Act. That strikes me as a kind of striking proposition.

The government is no doubt exploiting the emphasis in my filing, but the notion that whether I can be charged for doing journalism is not an academic interest! It’s not just that there is an acute interest, amid the Julian Assange extradition proceedings, to know the government’s thinking about the Espionage Act, it goes to the chilling effect of not knowing what I can safely publish in the course of doing my job. I don’t have the luxury of “speculating” about the application of the Espionage Act, because if I guess wrong, I could be imprisoned for a decade.

The government wants this to be about CIPA. But the problem is that the government is attempting to hide something that is not classified — the elements of offense for a serious crime that can chill the ability to do journalism — via claims about CIPA.

Third, Intervenor asserts a First Amendment right of access premised on the assertion that “the Government present[ed] legal arguments about elements of the crime itself,” which Intervenor claims both have traditionally been open to the public and are of value to the monitoring of the judicial process. (D.E. 988 at 2). Intervenor’s contention that legal arguments the Government may have advanced at the Section 6 hearings are “something that interested persons in the field should know” (id. at 3) simply “cuts too wide a swath—taken to its extreme, considerations of logic would always validate public access to any judicial document or proceeding.” United States v. Cohen, 366 F. Supp. 3d 612, 631 (S.D.N.Y. 2019). Contrary to Intervenor’s suggestion that discussion of the elements of an offense “stray[s] far from a simple discussion of evidentiary issues” (D.E. 988 at 3), such discussion is integral to virtually any assessment of the relevance and admissibility of evidence, including that occurring in CIPA § 6 hearings, in which courts “look to what elements must be proven under the statute,” United States v. McCorkle, 688 F.3d 518, 521 (8th Cir. 2012); see also United States v. Bailey, 444 U.S. 394, 416 (1980) (describing need to “limit[] evidence in a trial to that directed at the elements of the crime”).

Tellingly, SDNY’s citation of a 2019 District opinion relating to the unsealing of Michael Cohen’s search warrants — which were released with redactions, the desired goal here! — is inapt to the question of whether the government should be able to hide its discussions of how it understands the Espionage Act by claiming that that needs to be protected as classified information.

Considerations of logic also counsel against recognizing a First Amendment right to access search warrant materials. Of course, public access to search warrant materials may promote the integrity of the criminal justice system or judicial proceedings in a generalized sense. United States v. Huntley943 F.Supp.2d 383, 385 (E.D.N.Y. 2013) (remarking that “the light of the press shining into the innards of government is necessary to inhibit violation of the public trust”). But such an argument cuts too wide a swath—taken to its extreme, considerations of logic would always validate public access to any judicial document or proceeding. Cf. Times Mirror Co.873 F.2d at 1213 (rejecting as overbroad the argument that the First Amendment mandates access to any proceeding or document that implicates “self-governance or the integrity of the criminal fact-finding process”); In re Bos. Herald, Inc.321 F.3d at 187 (“In isolation, the [rationale that the public must have a full understanding to serve as an effective check] proves too much—under it, even grand jury proceedings would be public.”). As the Ninth Circuit aptly observed, “[e]very judicial proceeding, indeed every governmental process, arguably benefits from public scrutiny to some degree, in that openness leads to a better-informed citizenry and tends to deter government officials from abusing the powers of government.” Times Mirror Co.873 F.2d at 1213.

Understanding the law is a matter that precedes the media’s scrutiny of whether the government abused the Espionage Act in this case (or in Julian Assange’s). And while the elements of the offense of the Espionage Act does dictate whether evidence would be helpful or not to the defense — the consideration of a CIPA hearing — ultimately this debate was about (and significantly appeared in) jury instructions, the law as applied.

Again, SDNY’s stance seems tactical, a response to our filing’s greater focus on matters of classification than the status of the press. But the outcome — SDNY’s claim that I have the luxury of merely “speculating” about the application of the Espionage Act — is alarmingly arrogant.


I was only able to make this challenge because McClanahan was able and willing to help — and he can only do so through the support of his non-profit. If you believe fights like this are important and have the ability to include it in your year-end donations, please consider supporting  the effort with a donation via this link or PayPal. Thanks!

Judge Jesse Furman Gives DOJ 3 Pages to Reply to emptywheel’s Bid to Liberate Sealed Transcripts on the Espionage Act

Some weeks ago, I described that, with the help of National Security Counselors, I was intervening in the Joshua Schulte case to try to liberate transcripts from a May 3 sealed Classified Information Procedures Act hearing in which this exchange took place.

I gave you two hypotheticals. I think one is where a member of the public goes on WikiLeaks today and downloads Vault 7 and Vault 8 and then provides the hard dive with the download to someone who is not authorized to receive NDI, and I posed the question of whether that person would be guilty of violating the Espionage Act and I think your answer was yes. That strikes me as a very bold, kind of striking proposition because in that instance, if the person is not in a position to know whether it is actual classified information, actual government information, accurate information, etc., simply providing something that’s already public to another person doesn’t strike me as — I mean, strikes me as, number one, would be sort of surprising if that qualified as a criminal act. But, to the extent that the statute could be construed to the extend to that act one would think that there might be serious constitutional problems with it.

I also posed the hypothetical of the New York Times is publishing something that appears in the leak and somebody sharing that article in the New York Times with someone else. That would be a crime and there, too, I think you said it might well be violation of the law. I think to the extent that that would extend to the New York Times reporter for reporting on what is in the leak, or to the extent that it would extend to someone who is not in position to know or position to confirm, that raises serious constitutional doubts in my mind. That, to me, is distinguishable from somebody who is in a position to know. I think there is a distinction if that person transmits a New York Times article containing classified information and in that transmission does something that confirms that that information is accurate — right — or reliable or government information, then that’s confirmation, it strikes me, as NDI. But it just strikes me as a very bold and kind of striking proposition to say that somebody, who is not in position to know or does not act in a way that would confirm the authenticity or reliability of that information by sharing a New York Times article, could be violating the Espionage Act. That strikes me as a kind of striking proposition.

CIPA is the means by which the government tries criminal cases involving classified information. It permits the government to ask to hold certain hearings about what evidence will be admitted in sealed hearings to avoid any possibility that classified information will be publicly disclosed at those hearings.

[Note, these transcripts were funded by Calyx Institute with funding provided by Wau Holland Foundation, the latter of which has close ties to WikiLeaks.]

While everyone else was staying up late waiting for the January 6 Committee Report last Thursday, I was staying up late to see the filing that Kel McClanahan submitted in that intervention, which is here.

In the filing, McClanahan argued that the government’s own argument in support of sealing the transcripts attempted to use wiretap precedents to justify their continued sealing of CIPA hearings, even though they were asking to seal something else — hearings at which classified information might or might not be discussed.

It goes without saying that the proceedings in question—and the transcripts thereof—are judicial records for purposes of the common law, and the Government does not make any serious argument to the contrary. Instead, it argues that CIPA established a presumption against disclosure, drawing an analogy to the statutory provision for sealing of wiretap applications at issue in In re New York Times Co. to Unseal Wiretap & Search Warrant Materials, 577 F.3d 401 (2d Cir. 2009). It then goes beyond that analogy to argue that the presumption is even stronger because Congress allowed for wiretap materials to be unsealed for good cause but provided no comparable mechanism for CIPA proceedings. However, CIPA is not Title III, and the Government’s argument requires that to be the case in order to succeed.

Simply put, In re New York Times dealt with a statute which included a “manifest congressional intent that wiretap applications be treated confidentially,” id. at 408, but only because it includes a provision that the records themselves “shall be disclosed only upon a showing of good cause before a judge of competent jurisdiction.” 18 U.S.C. § 2518(8)(b). In contrast, CIPA only provides that a hearing shall be held in camera because “a public proceeding may result in the disclosure of classified information.” 18 U.S.C. App 3 § 6(a) (emphasis added). It in no way exhibits any intent that the records created from such a hearing should be presumed undisclosable, nor could it, since by its own terms the hearing might actually include no classified information. In other words, CIPA merely provides a protective procedure to guard against the chance that a hearing may include classified information,2 based solely on the Attorney General’s assertion that it may include classified information—hardly a high bar for the Government to clear. Congress voiced no opinion about what should then happen to the unclassified information included in that hearing, let alone a “manifest congressional intent.”

McClanahan laid out how the CIPA discussions at issue played a role in the exercise of Article III power, noting that the transcripts in question address the elements of the charges against Schulte: the very definition of the Espionage Act (and its application to someone like me, who might be held accountable for disseminating unconfirmed classified information).

The key question then becomes, what was the “role of the material at issue in the exercise of Article III judicial power” and its “resultant value . . . to those monitoring the courts?” United States v. Amodeo, 71 F.3d 1044, 1049 (2d Cir. 1995). The Court itself addressed both of these issues at various times. Most relevantly, it engaged in open court in an extensive discussion of a colloquy that appears to have taken place in the 3 May hearing, telling Government counsel, “I gave you two hypotheticals” about the Government’s interpretation of the scope of the Espionage Act. (Tr. of 7/6/22 Hrg. at 149:3-151:12.) It did so in the context of a discussion of potential jury instructions, and expressed the sentiment several times that the Government’s assertion that a person sharing National Defense Information (“NDI”) that is already in the public domain would still be liable under that statute was “kind of a striking proposition.” The role, then, of these transcripts—and the information they contain—in the exercise of Article III judicial power is clear, as is the resultant value to people monitoring the judicial process. In this case, according to this Court, the Government has—behind closed doors—pressed an argument that a person can violate the Espionage Act by handing a copy of a New York Times article containing leaked NDI to someone else, which is definitely something that interested persons in the field should know, and what they do not know is the degree to which the Government pressed this point, how it defended it, whether it has actually done so in the past, and what other positions it took when it was not expecting the transcripts to become made public.

By the same token, this convergence of factors also definitively demonstrates that the First Amendment right of access attaches to these records, because unlike the hypothetical CIPA hearing that the Government asks the Court to envision, at least this discussion strayed far from a simple discussion of evidentiary issues, with the Government presenting legal arguments about elements of the crime itself. [McClanahan’s italics, my bold]

He argued that the government’s argument went further than the stance it takes on Prepublication Reviews, insofar as we’re just arguing for a First Amendment right to read these transcripts, not publish them.

Simply put, when courts are put in the position of balancing claims related to national security against a writer’s First Amendment concerns, they consistently and without exception find that only classified information tilts the balance. There is no reason for this dynamic to change when it involves a reader’s First Amendment concerns, and while we acknowledge that some district courts have accepted the Government’s arguments, there is no evidence to show that those courts were presented with our argument and no grounds for this Court to follow suit.

Then McClanahan pointed to Judge Furman’s own comments about the colloquy as proof that the government’s claim — that there is no meaningful way to unseal just the unclassified portions of the transcripts — must be false.

In fact, the very existence of the Court’s 6 July summary of the two hypotheticals discussed above demonstrates the frivolousness of these arguments, since: (a) it was neither incoherent not functionally useless; and (b) the Court presumably did not divulge classified information in discussing it.

Judge Furman must have found something novel or persuasive in this argument. When he ordered the government to formally request the continued sealing of the transcripts on November 21, he said they could only submit a reply with his permission. But he just gave the government three pages to to do so.

This challenge could do more than liberate arguments the government made about the Espionage Act in secret. It could challenge the government’s larger views on secrecy in the context of CIPA.

As McClanahan laid out, “the Government has—behind closed doors—pressed an argument that a person can violate the Espionage Act by handing a copy of a New York Times article containing leaked [classified information] to someone else.” When I saw the argument (as relayed in Furman’s July description), I recognized the import of liberating this transcript.

I was only able to make this challenge because McClanahan was able and willing to help — and he can only do so through the support of his non-profit. If you believe fights like this are important and have the ability to include it in your year-end donations, please consider supporting  the effort with a donation via this link or PayPal. Thanks!

The Day after I Blew Off Josh Schulte He Started Deleting “Suspicious Emails”

On the evening of August 13, 2018, Joshua Schulte activated a Samsung phone he had just gotten in a swap with another detainee at Metropolitan Correctional Center.

On August 14, according to a page of his prison notebook introduced at trial, he wrote up the beginnings of his plan for an “information war” conceived — Schulte claimed at trial — after doing some kind of drugs on August 8.

The way is clear. I will setup a wordpress of joshschulte.wordpress.com and presumption of innocence.wordpress.com. From here, I will stage my information war.

“Give me a phone and a blog and I will change the world,” he wrote in the margin of the same page where he planned out how to manage the limited charge time on his phone: “1 charge per day//use from 3-death.”

On August 21, according to another of the pages introduced at trial, Schulte made plans to cover his tracks.

In between those two days, August 14 and August 21, 2018, Schulte, his cellmate, Omar Amanat, and/or Amanat’s brother, Irfan, pitched me via email that Schulte could, “prove to be the most valuable source of information you have ever had.” The day after I declined that offer, Schulte started “delet[ing] suspicious emails.”

At 6:52PM ET on August 14, I received this email from the [email protected] account. (I’ve replaced the bitly links with direct links indicating the bitly code, but have not fixed typos.)

Hello Marcy : Confidential Intelligence Source

Dear Marcy,

I am writing on behalf of a senior ex NSA/CIA Intellgence officer who spearheaded many of the CIA’s technology hacking and counter-hacking intelligence efforts against state sponsored hackers overseas between 2010-November, 2016. He is currently imprisoned inside MCC (aka Manhattan’s Guantanamo) next to El Chapo and the Chelsea Bomber. He is charged with the largest leak in the history of the CIA: the Vault 7 release to Wikileaks.

The Government does not allow him to electronically communicate with anyone outside the prison via its monitored electronic communication system because he is designated as a “danger to the facility.” Please keep this source confidential as if all goes well you will be able to speak to him and even meet with him in person to corroborate everything I am writing as an approved visitor. We know you disclosed that you revealed another source to the FBI before and that we are therefore taking a huge risk in contacting you. However in your writings and NPR interview we have gleaned that you are a truly thoughtful independent thinker and patriot unafraid to communicate with others if you deem their underlying intentions to be worthy. That is the case with this source, whom you will find to have a pristine moral clarity and intellect -despite the lurid false and totally unsubstantiated accusations against him.

If you protect his confidentiality he will prove to be the most valuable source of information you have ever had.

He has a lot of material information —- never before revealed to the public —-including, but not limited to, Trump principals and agents acquiescence in what’s going on under cover of night with Putin backed Russian Oligarchs —revealing their true agenda. Trumo had a 2 hour dinner at Nobu in Moscow in 2013 with 12 Oligarchs which laid all of this out in advance. These covert efforts are ill understood by media and political hacks but they are actually the single largest threat posed by Putin-backed Russian Cyberhackers on behalf of the Oligarchy : their successful attempts to target second tier—-but highly strategic—- economic assets using an innovative Russian incubated “disruptive business model innovation” they are now exporting to the West called Reiderstvo. See www.reiderstvo.org It is the mechanism that enabled 12 men to end up with 51% of the wealth of one of the wealthiest countries in the world. If it continues unabated it will end with them perpetrating the largest transfer of power and wealth in the history of the world. —via state sponsored legalized theft —-not new value creation and if followed to its logical conclusion the evolution of this virulent “Malware of the Mind” could possibly usher in the decline of western civilization as we know it by rendering the west’s judicial infrastructure and Federal Rules of Evidence completely comprised and ineffectual.

These reids are highly sophisticated legal campaigns that began in 2016 targeting wealthy Clinton backers and they are using President Trump’s own personal lawyer Marc Kasowitz —-who represents Putin’s own bank the largest bank in Russia -Sberbank. [bitly link 2P3oVSd to this NYT story]. Using a Kasowitz division called Intelligence Options which on its website [bitly link 2BafcX6 to Intelligence Options page] brags about its ability to take out business rival targets in highly coordinated efforts involving law enforcement authorities. He can confirm that the Kasowitz firm has been paid “mid 8 figures” by Russian oligarchs close to Putin to implement Reiderstvo targeting American and European citizens who are falsely arrested and their assets seized by the Oligarchs losing billions in the process using (and distorting) the American justice system. And they are just getting started. The Despite the furor over Peter Strzok the FBI itself is compromised by many recent ex Field Agents loyal to Trump working for Kasowitz Intelligence Options division including many who served as personal security guards for him and his family. We have their names.

Inception Hacks
Our ex CIA tech wiz can confirm that they have already used ‘near misses’ in these disinformation campaigns to convince prosecutors, judges and juries that “real info is fake” and have distorted justice in the process. They have developed a lethal technology that is the “nuclear bomb of hacking” that no other state actor has discovered : “Inception Hacking”: is the planting of fabricated emails onto ISP’s without leaving a trace behind. Imagine planting child pornography on an adversary’s computer without him ever knowing or anyone being able to prove it wasn’t his. No network intrusion. No trace.

$6-9 billion of value has already been stolen from American citizens and another $150 billion is currently in the targets sights with $1Trillion in transfered assets by 2022 as their stretch goal. The targets of these campaign includes one in jail with the ex NSA/CIA intelligence officer who he met at MCC and whose case study you will find fascinating and disturbing.

Is there a phone number I can call you to discuss? I tried sending to your encrypted email but it doesn’t seem to work from protonmail.

Thanks

Jake

I declined the offer to connect with “the most valuable source of information you have ever had.”

Aside from an email I sent on October 29 after the contraband phones were revealed in a court filing (which went unanswered), our last contact was at at 3:49PM on August 21, the same day Schulte wrote a list of things to do to hide his tracks.

I wasn’t sure whether this pitch came from Schulte and/or someone working with him until the first trial. I’m still not sure who, specifically, sent the email. But evidence submitted at Schulte’s two trials revealed that the pitch used common content and the same email as were used in later efforts using contraband phones. It was Schulte or someone else involved in his efforts to communicate from jail.

Most notably, the email address — [email protected] — is the same one mentioned in a Signal text sent to Shane Harris about seven weeks later, after Schulte was thrown in SHU on October 1. The text probably reflects Schulte cellmate Omar Amanat’s effort, using Schulte’s Samsung after Amanat’s own iPhone had been seized, to get Harris to move to an account he still had access to.

In what follows, I will use the pronoun, “they,” to reflect that the email was, for the reasons I lay out here, probably a collective effort. At least in the case of a very similar email sent to Shane Harris months later, Schulte, Omar, and Irfan Amanat all worked on a common Google Doc, chatting on the side via encrypted texts, to put together the content of the email. Given the similarity between the documents and the use of the common protonmail account, I think it likely that the same happened with the email sent to me.

I’m sharing this now for several reasons. Most notably, I’m intervening in the case in an attempt to liberate a discussion during a sealed CIPA hearing about DOJ’s application of the Espionage Act, and I don’t want DOJ to have any lingering suspicions that I ever pursued a secret back channel with Schulte. I’ve long wanted to be transparent about this, given how closely I have covered the case. But I wanted to wait until after the guilty verdict to avoid contributing in any way to Schulte’s prosecution (I had hoped to wait until his post-trial motions were adjudicated, which is why I didn’t do it during the summer, when I started drafting this post). And for a variety of reasons, the WikiLeaks crowd has belatedly decided to spin Schulte as a hero, so I wanted to explain why I’m so certain he’s a fraud.

I’m sharing it (but not subsequent emails) because I did not agree to confidentiality before they sent it and I’m certain this email and follow-ups are riddled with lies. For example, the claim that this email was sent from a Schulte cousin and their representations about communications in jail almost certainly served to hide the use of a contraband mobile phone to send it. While Schulte’s cousin was involved in contacting other journalists, according to a 2020 FBI interview he did, he only ever used a [email protected] account to do so, and Schulte demonstrably lied to Shane Harris later in the summer about the same cousin.

Court filings give reason to believe Schulte was a liar even before I got this email, but this correspondence is one reason I’m certain he is.

I’m sharing this email, too, because I think the way they pitched this may be of interest for others trying to understand what Schulte was up to. For example, whereas Schulte got WaPo’s Harris to make a series of agreements before sending this Reiderstvo pitch on September 22, 2018, they just gave it to me as the initial dangle. Boom. Here’s the purported good stuff! I regarded it then, as now, as a dangle, an attempt to package up what they imagined I most wanted to hear as a way to get me on the phone. Maybe they tried to raise the value of it with Harris by making it harder to get?

The content of the email sent to me, too, may be of interest. It’s unclear whether and if so how the “Reiderstvo” pitch evolved by the time they prepared to send it to Harris. But as it appears here, it seems, at least in part, a bid to create an alternative narrative that might undermine the viability of the evidence against both Schulte and Amanat. The idea laid out in the “Inception Hacking” passage of the email incorporates alibis that both Schulte and Amanat were offering in their own defense in 2018 (and still, in Schulte’s case): a claim that the FBI fabricated Yahoo emails in Amanat’s case, and a claim that the FBI planted Child Sexual Abuse Material on Schulte’s computer in his case.

The form of the claim capitalized on Schulte’s own hacking expertise.

Here’s how Schulte described that expertise in another document he wrote in jail.

Do you know what my speciality was at the CIA? Do you know what I did for fun? Data hiding and crypto. I designed and wrote software to conceal data in a custom-designed filesystem contained within the drive slackspace or hidden partitions. I disguised data. I split data across files and filesystems to conceal the crypto — analysis tools would NEVER detect random or pseudo-random data indicative of potential crypto.

This was part of the National Defense Information that Schulte was charged and convicted of leaking from jail. So there must be truth to it (to be clear, I have no reason to believe the things in the email to me are true, much less classified).

Significantly, the email sent to me also calls “Inception Hacking,” “Malware of the Mind,” which is the name Schulte gave to that larger document in which he described “disguis[ing] data.”

According to this pitch, the evidence of Schulte and/or Amanat’s guilt was instead proof they were victims of the kind of hack Schulte bragged he could do for the CIA, but here the culprit (in an email to someone they seemed to think would respond enthusiastically) was Russia, not CIA.

Equating Malware of the Mind with Inception in the email sent to me invokes another spy movie, like the Jason Bourne identity Schulte (predictably) adopted as his own, days after this email was sent.

Finally, I’m posting this because of the timing. While I can’t prove this email came from Schulte, as opposed to one of the Amanats or someone else tied to them, during the entirety of the first week Schulte had that Samsung phone, someone was trying to get me on the phone with him, promising that I could speak to him without jailhouse monitors knowing (a claim I found absurd at the time, but which made more sense once I learned of the contraband phones). The day I said, “no,” August 21, Schulte made a list of things to start deleting. The next day, August 22, he renewed his outreach to Harris.

I didn’t then and don’t now know what to make of this. On the one hand, Schulte attempted to speak to a number of journalists who cover this beat; at least five others have been identified in trial exhibits and court filings. In that, there’s nothing special about outreach to me.

Plus, there’s a perfectly reasonable explanation for why they pitched some journalist at the time. At least according to jail house informant Carlos Betances, Schulte wanted the Samsung because, after someone that Betances believed to be Schulte’s cousin got raided by the FBI, Schulte grew paranoid that the FBI could be monitoring the phones Schulte and his buddies already had.

Q. Mr. Betances, what did the defendant say about why he didn’t want to use iPhones anymore?

A. Because of a conversation in Chino’s cell, he was very scared because his cousin — or, I don’t know who it was. The FBI had gone to that person’s house. They had taken his computer, and since then, he was very scared. So he wanted to replace all phones. He wanted to get all new phone chips, and because of something like that that had happened; he didn’t know what.

[snip]

Q. OK. But that has nothing to do with the FBI or my cousin, right?

A. It does have something to do, because we had that conversation, and you were there.

Q. OK. So when you described me as very scared, what is that based on?

A. Because you said we had to change the phones, we had to change everything. You were freaking out. You were freaked out, in panic mode.

Q. OK. So your description’s not based on the demeanor but based on what you say are requested actions from me, right?

A. I didn’t understand your question. Could you repeat it?

Q. Yes. It wasn’t my outward appearance but what we were discussing that led you to believe I was very scared, right?

MR. LOCKARD: Objection. Form.

THE INTERPRETER: I’m sorry, sir. Did you say something? The interpreter just wants — did you say something at the very end?

MR. SCHULTE: I think there was an objection.

THE COURT: The objection’s overruled.

A. It’s not that you made me believe. It’s the way that you were acting, your outward appearance. You were freaking out.

Q. OK. And what was I scared of?

A. The fact that we had to change our phones, you were pacing back and forth, because the FBI might be listening in on the calls; they might do something. And then, so I asked you why. You know, did you talk to somebody on the phones that we were all using? And that’s when you didn’t answer me. You didn’t say yes or no.

It may not have been his cousin, Shane Presnall, but instead his parents that Schulte was worried about.

DOJ had been ratcheting up pressure on Schulte’s attempts to leak from jail for months by August 2018, when I got this email. In response to journalists publishing information on Schulte’s affidavits in May, DOJ admonished Schulte for violating his protective order. In an attempt to learn how the affidavits had gotten shared, the FBI first interviewed, then served a subpoena on Presnall to appear before the Grand Jury on June 13.

On June 28, Schulte posted a pro se bail application that the CIA claimed included classified information, which led the FBI to ask his parents and attorney in Texas for any classified information, something he repeatedly called a “raid” during the trial.

Then, in early August, Presnall turned over to DOJ another of Schulte’s narratives, which by description may be the one his parents wouldn’t post for him.

On or about August 6, 2018, Presnall, through counsel, produced documents responsive to the subpoena and an index. The index described Articles 1 through 7 by Joshua Schulte, which corresponded to the articles published on the John Galt’s Legal Defense Fund Facebook page in April 2018; as well as an “Article 8 by Joshua Schulte” and the Schulte Article described as “Article entitled ‘. . .unalienable Rights, that among these are Life. Liberty and the pursuit of Happiness’ by Joshua Schulte.” ” (Ex. 4; id. at JAS_021890-JAS_021902). The latter two articles had not yet been published on Facebook. The Schulte Article has four chapter headings, including “Chapter 1: The confrontation,” “Chapter 2: my last experience at the CIA and my reason(s) for resigning,” “Chapter 3: Hell,” and “Chapter 4: The Red Pill.” As with his other articles, the primary thesis of Schulte Article is that the defendant is innocent and he is the victim of lawless, dishonest agents and a criminal justice system uninterested in civil liberties or truth.

As I have noted, this article not only referred to his colleagues whose identities were classified by name, which if published would have exposed their identities, but also described the benefit to Russia that advance access to CIA’s source code would provide. It was a really damning document.

Inexplicably, DOJ did not use it in either of the two trials against Schulte.

The government’s discovery of the materials from Presnall may explain the panic that shows up in Schulte’s notebook in this period, with two notes Schulte wrote reflecting concern that the government had compromised the IMEI numbers for “all 3” phones.

 

The reference to three phones is probably a reference to the contraband jail phones, but Schulte used three different phones in 2017, after FBI seized a first one, that he would have received discovery on. In any case, DOJ’s increased efforts to crack down on his leaking from jail would have come just as reviewing his own discovery may have led Schulte to belatedly realize the import of the basic investigative tools, such as subpoenas for subscriber records, which the FBI uses to track suspects. That is, at precisely the time he was pursuing a variety of means to leak from jail, Schulte discovered that he hadn’t covered his tracks anywhere nearly as well as he arrogantly believed he had.

So he got a new phone and tried to encrypt everything.

So it would be unsurprising for Schulte, believing his past communications with journalists to have been exposed, to try someone new — me. Then the day after I said no, Schulte turned to reestablish ties with Harris via a new channel and new false identity.

But let’s be honest: it was fucking insane for these guys to do a cold outreach to someone who (as they note!) had only recently publicly confessed to sharing information with the FBI. I’ve never spoken to the FBI about this, but if they did find evidence that Schulte had reached out to me, the outreach would be adjacent enough to the things I did share, it would set off alarms bells all over DOJ. Indeed, there are several non-public details –details that DOJ knows about — that make me uncertain, even today, whether Schulte wasn’t trying something more, and one of those details may have led DOJ to suspect the same.

Plus, Schulte had no reason to believe I’d be receptive to his story. Already, in my coverage of Vault 7, I had made observations — such as that someone may have used CIA’s own hacking tools against it or that Schulte violated release conditions to get back on Tor in the wake of an Assange tweet seeming to use the stolen CIA documents for leverage against Don Jr — that may have been of particular interest to Schulte. But my coverage of Schulte wasn’t particularly sympathetic at all. Even in 2018, Schulte was unlikely to convince me of his lies, and that should have been clear from what I had written.

It’s pretty likely that DOJ did discover traces of this outreach, which is another reason I’m not withholding it. Schulte laid out a plan to delete his Google Docs (given the length of the email and the hotlinks in this email, I assume it was drafted in Google Docs, as the documents later shared with Harris were) the same day I declined this offer, so DOJ may not have the banal content of this email. But even assuming he deleted drafts of this email written collectively on Google Docs, given all the references to other journalists submitted in exhibits and other court filings, I assume references to me would show up in the same places that their names did: in searches conducted using the other phones, in text threads conducted on WhatsApp before Schulte installed Signal, in Schulte’s notebook, in pictures that jailhouse informant Betances took of the phones he tended (by Betances’ description, the email to me was sent before Schulte changed the password to the Samsung). DOJ has a great deal of evidence about Schulte’s actions they didn’t share at trial, and given the timing, much of it would be precisely where any mention of my name would appear.

For example, my name doesn’t show up in unredacted form in what were described as the “Internet searches” done on the Samsung (this is the version introduced at the first trial), though those only start on August 13, by which point whoever sent the email presumably had already gotten contact information for me. But it’s likely it shows up on another phone — perhaps the iPhone that Amanat had been using, or in Google searches (at the first trial the jury got all of Schulte’s Google searches, but the exhibit was not released publicly). Someone went to my website to get both the email addresses I had listed at the time.

Nor does my name appear in the prison notebooks introduced at trial. But there are twenty pages in Schulte’s prison notebooks between the beginning of the August 14 entry and the beginning of the August 21 one, just one of which was included in the trial exhibit. So even assuming the FBI never got into the psalms100 ProtonMail account (something I think is unlikely), they probably learned of the existence of this email via the notebook and searches, and may have gotten the content from Google Docs. So the final reason I’m sharing this is to clarify for anyone at DOJ who might still wonder about this that I said “no” to this outreach. There’s probably nothing in the email Schulte sent me that they didn’t find in other places.

And, yes, whoever sent this really did use “Confidential Intelligence Source” in the subject line of an email sent to a Gmail email, and they really did mention Vault 7 in the first paragraph.

So Schulte and his buddies were not just liars and bad suck-ups, but also stupid.

Again, I had and have no idea what to make of this — though over the course of two trials, how it fits into Schulte’s efforts to work the press in 2018 makes more sense. But at the very least, it hints that there are a lot more things in evidence seized from Schulte’s jail cell that were likely of interest to investigators, but not evidence of a crime.

If a Bear Shits in a Sealed CIPA Conference, Can It Expand the Espionage Act to the NYT’s Readers?

On May 3, 2022, Judge Jesse Furman posed two hypotheticals to prosecutors in the Joshua Schulte case about whether the Espionage Act would apply to people who disseminated already public information from the Vault 7/Vault 8 leaks: First, a member of the public, having downloaded publicly-posted CIA hacking materials made available by WikiLeaks, who gave those materials to a third party. Second, someone who passed on information from the Vault 7/8 leaks published by the NYT to a third party. In both cases, the government argued that someone passing on already public information from the leaked files could be guilty of violating the Espionage Act.

At least, it appears that the government argued for this expansive hypothetical application of the Espionage Act, based on what Furman said in a discussion about jury instructions on July 6. I’ve put a longer excerpt of the exchange from the discussion about jury instructions below; here’s how Judge Furman instructed the jury on the matter.

The actual discussion in May took place in a hearing conducted as part of the Classified Information Procedures Act, CIPA, the hearings during which the government and defense argue about what kind of classified information must be declassified for trial (I wrote more about CIPA in this post). Because the discussion happened as part of the CIPA process, the hearing itself is currently sealed.

And the government wants it to stay that way.

Both in a letter motion filed on November 11, postured as an update on the classification review of the transcripts of that hearing, and in a December 5 letter motion Furman ordered the government to file formally asking to keep the transcripts sealed, the government argued that CIPA trumps the public’s right of access to such court records.

CIPA’s mandatory sealing of the records of in camera proceedings conducted pursuant to Section 6 supersedes any common law right of access to those records, and neither history, logic, nor the right of attendance at proceedings support a right of access under the First Amendment.

The earlier letter even explained why it wanted to keep the “extensive colloquies” in these hearings sealed.

Beyond that, the extensive colloquies and the specific issues of law discussed at that hearing would reveal, by itself, the specific type of relief sought by the parties on specific subjects, which would in turn provide significant indications about what classified information was at issue, prompting undue speculation that would undermine national security interests.

But this specific issue of law, whether journalists or their readers have legal exposure under the Espionage Act for reporting on leaked, classified material, is not secret. Nor should it be.

That’s why, with the support of National Security Counselors’ Kel McClanahan, I’m intervening in the case to oppose the government’s bid to keep the May 3 and other transcripts sealed. How the government applies the Espionage Act to people who haven’t entered into a Non-Disclosure Agreement with the government to keep those secrets has been a pressing issue for years, made all the more so by the prosecution of Julian Assange. Indeed, the government may have given the answers to Judge Furman’s hypotheticals that they did partly to protect the basis of the Assange prosecution. But for the same reason that the Assange prosecution is a dangerous precedent, the prosecutors’ claims — made in a sealed hearing — that they could charge people who share a NYT article (or an emptywheel post) on the Vault 7 releases raise real Constitutional concerns. As Judge Furman noted, “there are hundreds of thousands of people unwittingly violating the Espionage Act by sharing the New York Times report about the WikiLeaks leak” (and, though he doesn’t say it, tens of thousands sharing the emptywheel reporting about it). And yet no one will learn that fact if the discussion about it remains sealed.

I’m not usually able to intervene in such matters because I don’t have the resources of a big media in-house counsel to do so. McClanahan’s willingness to help makes that possible. National Security Counselors are experts on this kind of national security law, with extensive experience both on the Espionage Act and on CIPA. But the group relies heavily on tax-exempt charitable contributions to be able to do this kind of work. Please consider supporting  the effort with a donation via this link or PayPal. Thanks!

Transcript excerpt

These transcripts were obtained by the Calyx Institute with funding from Wau Holland, the latter of which has close ties to WikiLeaks.

So that’s the context and a little bit of the background. I think I have frankly come around to thinking that for reasons and constitutional avoidance and otherwise that there is a lot to — that Mr. Schulte is not entirely correct but is substantially correct, that is to say that if all — let me put it differently. I think the reason that Mr. Schulte is in a different position with respect to the MCC counts is that he is someone in a position to know whether the information was classified, was NDI, was CIA information and in that sense by virtue of leaking it again, so to speak, he is providing official confirmation but it is the official confirmation that is the new information that would qualify as NDI and I think Rosen kind of highlights that, that particular nuance. I think that distinguishes Mr. Schulte from — I gave you a hypothetical, again, I think it is currently in the classified hearing and therefore not yet public, but I gave you two hypotheticals. I think one is where a member of the public goes on WikiLeaks today and downloads Vault 7 and Vault 8 and then provides the hard dive with the download to someone who is not authorized to receive NDI, and I posed the question of whether that person would be guilty of violating the Espionage Act and I think your answer was yes. That strikes me as a very bold, kind of striking proposition because in that instance, if the person is not in a position to know whether it is actual classified information, actual government information, accurate information, etc., simply providing something that’s already public to another person doesn’t strike me as — I mean, strikes me as, number one, would be sort of surprising if that qualified as a criminal act. But, to the extent that the statute could be construed to the extend to that act one would think that there might be serious constitutional problems with it.

I also posed the hypothetical of the New York Times is publishing something that appears in the leak and somebody sharing that article in the New York Times with someone else. That would be a crime and there, too, I think you said it might well be violation of the law. I think to the extent that that would extend to the New York Times reporter for reporting on what is in the leak, or to the extent that it would extend to someone who is not in position to know or position to confirm, that raises serious constitutional doubts in my mind. That, to me, is distinguishable from somebody who is in a position to know. I think there is a distinction if that person transmits a New York Times article containing classified information and in that transmission does something that confirms that that information is accurate — right — or reliable or government information, then that’s confirmation, it strikes me, as NDI. But it just strikes me as a very bold and kind of striking proposition to say that somebody, who is not in position to know or does not act in a way that would confirm the authenticity or reliability of that information by sharing a New York Times article, could be violating the Espionage Act. That strikes me as a kind of striking proposition.

So all of which is to say I think I have come around to the view that merely sharing something that is already in the public domain probably can’t support a conviction under this provision except that if the sharing of it provides something new, namely, confirmation that it is reliable, confirmation that it is CIA information, confirmation that it is legitimate bona fide national defense information, then that confirmation is, itself, or can, itself, be NDI. I otherwise think that we are just in a terrain where, literally, there are hundreds of thousands of people unwittingly violating the Espionage Act by sharing the New York Times report about the WikiLeaks leak.

MR. DENTON: So, your Honor, I think there is a couple of different issues there and one of them is sort of whether the question that you are posing right now is actually the right question for this moment in time when we are talking about the elements of the offense.

In the context of that earlier discussion, and I will repeat it here, I think one of the things that we emphasized is there is a difference between whether a set of conduct, either the hypotheticals that you describe would satisfy the elements of a violation of 793 as opposed to the separate question of whether a person or an organization in that context would have a well-taken, as-applied First Amendment challenge to the application of the statute to them in that context.

THE COURT: But I have to say — and I recognize this may be in tension with my prior holding on this issue — the First Amendment is an area where somebody — I mean, the overbreadth doctrine in the First Amendment context allows somebody, as to whom a statute could be applied, constitutionally to challenge the statute on the grounds that it does cover conduct that would violate the First Amendment. So in that regard, it is distinct from a vagueness challenge. I think to the extent that you are saying that in those instances — I mean, the reason being that the First Amendment embodies a concept of chilling. If a New York Times reporter doesn’t know whether he is violating the Espionage Act by repeating what is in the WikiLeaks leak notwithstanding the fact that there is serious public interest in it, it may chill the suppression and that suppression is protected by the First Amendment. That’s the point in the overbreadth doctrine.

Go ahead.

On the Shoddy Journalistic Defense of “WikLeaks”

When it was first published, a letter that the NYT, Guardian, Le Monde, Der Spiegel, and El País signed, calling on the US government to drop the Espionage Act charges against Julian Assange, got the date of Assange’s arrest wrong — it was April 11, not April 12, 2019. The outlets have since corrected the error, though without crediting me for alerting them to it.

A correction was made on Nov. 29, 2022: An earlier version of this letter misstated the date of Julian Assange’s 2019 arrest. It was April 11th, not April 12th.

An email was sent by me and then a correction was made. No bill was sent for the free fact checking.

As it currently exists, even after correcting that error, the Guardian version of the letter misspells WikiLeaks: “WikLeaks.”

For Julian Assange, publisher of WikLeaks, the publication of “Cablegate” and several other related leaks had the most severe consequences. On [April 11th] 2019, Assange was arrested in London on a US arrest warrant, and has now been held for three and a half years in a high-security British prison usually used for terrorists and members of organised crime groups. He faces extradition to the US and a sentence of up to 175 years in an American maximum-security prison. [my emphasis]

The slovenly standards with which five major newspapers released this letter suggest the other inaccuracies in the letter may be the result of sloppiness or — in some cases — outright ignorance about the case on which they claim to comment.

Take the claim Assange could serve his sentence in “an American maximum-security prison.” The assurances on which British judges relied before approving the extradition included a commitment that the US would agree to transfer Assange to serve any sentence, were he convicted, in Australia.

Ground 5: The USA has now provided the United Kingdom with a package of assurances which are responsive to the judge’s specific findings in this case. In particular, the US has provided assurances that Mr Assange will not be subject to SAMs or imprisoned at ADX (unless he were to do something subsequent to the offering of these assurances that meets the tests for the imposition of SAMs or designation to ADX). The USA has also provided an assurance that they will consent to Mr Assange being transferred to Australia to serve any custodial sentence imposed on him if he is convicted.

While the assurances that Assange wouldn’t be subject to Special Administrative Measures (basically contact limits that amount to isolation) aren’t worth the paper they were written on — partly because Assange did so much at the Ecuadorian Embassy that, if done in a US jail, would get him subject to SAMs, and partly because the process of designation under SAMs is so arbitrary — reneging on the agreement to transfer Assange to Australia would create a significant diplomatic row. A sentence in an American maximum-security prison is explicitly excluded from the terms of the extradition before Attorney General Garland, unless Assange ultimately chose to stay in the US over Australia (or Australia refused to take him).

The claim that he could be sentenced to 175 years, when the reality is that sentencing guidelines and concurrent sentences would almost certainly result in a fraction of that, is misleading, albeit absolutely within the norm for shoddy journalism about the US legal system. It’s also needlessly misleading, since any sentence he would face would be plenty draconian by European standards. Repeating a favorite Assange line, one that is legally true but practically misleading, does little to recommend the letter.

In the next paragraph, these five media outlets seem to suggest that the Computer Fraud and Abuse Act conspiracy alleged in “the indictment” is limited to Assange’s effort to crack a password.

This group of editors and publishers, all of whom had worked with Assange, felt the need to publicly criticise his conduct in 2011 when unredacted copies of the cables were released, and some of us are concerned about the allegations in the indictment that he attempted to aid in computer intrusion of a classified database. But we come together now to express our grave concerns about the continued prosecution of Julian Assange for obtaining and publishing classified materials.

It is — in the 2017 to 2019 charging documents. But not the one on which Assange is being extradited.

The hacking conspiracy, as currently charged, is a 5-year conspiracy that alleges far more than — and starts before — the password cracking seemingly described in the paragraph. It includes Assange’s use of Siggi’s credentials to access a police database to monitor any investigation into himself, a request to hack a former WikiLeaks associate, the recruitment of Anonymous hackers to target US-based companies (arguably also an attempt to aid in the computer intrusion of classified databases, albeit not US government ones), and the exploitation of WikiLeaks’ role in helping Edward Snowden flee to recruit more hacks including, explicitly, a sysadmin hack of the CIA’s classified databases like the one for which Joshua Schulte has now been convicted. (The existing indictment ends at 2015, before the start of Schulte’s actions, though I would be unsurprised to see a superseding indictment incorporating that hack, leak, and exposure of sensitive identities.)

Are these media outlets upset that DOJ has charged Assange for a conspiracy in which at least six others have been prosecuted, including in the UK? Are they saying that’s what their own journalists do, recruit teenaged fraudsters who in turn recruit hackers for them? Or are these outlets simply unaware of the 2020 indictment, as many Assange boosters are?

Whichever it is, it exhibits little awareness of the import that Judge Vanessa Baraitser accorded the hacking conspiracy to distinguish Assange’s actions from actual journalism.

At the same time as these communications, it is alleged, he was encouraging others to hack into computers to obtain information. This activity does not form part of the “Manning” allegations but it took place at exactly the same time and supports the case that Mr. Assange was engaged in a wider scheme, to work with computer hackers and whistle blowers to obtain information for Wikileaks. Ms. Manning was aware of his work with these hacking groups as Mr. Assange messaged her several times about it. For example, it is alleged that, on 5 March 2010 Mr. Assange told Ms. Manning that he had received stolen banking documents from a source (Teenager); on 10 March 2010, Mr. Assange told Ms. Manning that he had given an “intel source” a “list of things we wanted and the source had provided four months of recordings of all phones in the Parliament of the government of NATO country-1; and, on 17 March 2010, Mr. Assange told Ms. Manning that he used the unauthorised access given to him by a source, to access a government website of NATO country-1 used to track police vehicles. His agreement with Ms. Manning, to decipher the alphanumeric code she gave him, took place on 8 March 2010, in the midst of his efforts to obtain, and to recruit others to obtain, information through computer hacking

[snip]

In relation to Ms. Manning, it is alleged that Mr. Assange was engaged in these same activities. During their contact over many months, he encouraged her to obtain information when she had told him she had no more to give him, he identified for her particular information he would like to have from the government database for her to provide to him, and, in the most obvious example of his using his computer hacking skills to further his objective, he tried to decipher an alphanumeric code she sent to him. If the allegations are proved, then his agreement with Ms. Manning and his agreements with these groups of computer hackers took him outside any role of investigative journalism. He was acting to further the overall objective of WikiLeaks to obtain protected information, by hacking if necessary. Notwithstanding the vital role played by the press in a democratic society, journalists have the same duty as everyone else to obey the ordinary criminal law. In this case Mr. Assange’s alleged acts were unlawful and he does not become immune from criminal liability merely because he claims he was acting as a journalist.

Whether editors and publishers at the five media outlets know that Assange was superseded in 2020 or not or just used vague language that could be read, given the actual allegations in the indictment, to suggest that some of them think Assange shouldn’t be prosecuted for conspiring to hack private companies, the language they included about the CFAA charge has led other outlets, picking up on this misleading language (along with the original error about the arrest date), to write at length about an indictment, with a more limited CFAA charge, that is not before Attorney General Merrick Garland. So maybe the NYT, Guardian, Le Monde, Der Spiegel, and El País know about the true extent of the CFAA charge, but by their vagueness, these five leading newspapers have contributed to overtly false claims by others about it.

Finally, the letter repeats WikiLeaks’ narrative about the changing DOJ views on Assange, presenting it as a binary between the “Obama-Biden” and Donald Trump Administrations.

The Obama-Biden administration, in office during the WikiLeaks publication in 2010, refrained from indicting Assange, explaining that they would have had to indict journalists from major news outlets too. Their position placed a premium on press freedom, despite its uncomfortable consequences. Under Donald Trump however, the position changed. The DoJ relied on an old law, the Espionage Act of 1917 (designed to prosecute potential spies during world war one), which has never been used to prosecute a publisher or broadcaster.

This is a story WikiLeaks likes to tell even while incessantly publicizing a a story that debunks it. It is based on a public quote — made in November 2013 by former DOJ spox, Matt Miller, who left DOJ in 2011, about why DOJ wouldn’t charge Assange. But a Yahoo story last year included former Counterintelligence head Bill Evanina’s description of how the US approach to WikiLeaks began to change in 2013, after Miller left DOJ but still during the Obama Administration, based on WikiLeaks’ role in helping Snowden flee.

That began to change in 2013, when Edward Snowden, a National Security Agency contractor, fled to Hong Kong with a massive trove of classified materials, some of which revealed that the U.S. government was illegally spying on Americans. WikiLeaks helped arrange Snowden’s escape to Russia from Hong Kong. A WikiLeaks editor also accompanied Snowden to Russia, staying with him during his 39-day enforced stay at a Moscow airport and living with him for three months after Russia granted Snowden asylum.

In the wake of the Snowden revelations, the Obama administration allowed the intelligence community to prioritize collection on WikiLeaks, according to Evanina, now the CEO of the Evanina Group.

Years earlier, CNN reported the same thing: that the US understanding of WikiLeaks began to change based on its role in helping Snowden to flee.

It should be unsurprising that the government’s approach to WikiLeaks changed after the outlet helped a former intelligence officer travel safely out of Hong Kong, because at least one media outlet made similar judgments about how that distinguishes WikiLeaks from journalism. Bart Gellman’s book described how lawyers for WaPo believed the journalists should not publish Snowden’s key to help him authenticate himself with foreign governments — basically, something else that would have helped him flee. Once Gellman understood what Snowden wanted, he realized it would make WaPo, “a knowing instrument of his flight from American law.” By his description, the lawyers implied Gellman and Laura Poitras might risk aid and abetting charges unless they refused a “direct attempt to enlist [them] in assisting him with his plans to approach foreign governments.” Like the US government, the WaPo judged in 2013 that helping Snowden obtain protection from other, potentially hostile, governments would legally go beyond journalism.

This is one reason clearly conveying the scope of the CFAA allegations is central to any credible commentary on the Assange case: because Assange’s exploitation of the Snowden assistance is an overt act charged in it. But five media outlets skip both the import of that act and its inclusion in the charges against Assange in a bid to influence the Biden Administration.

This WikiLeaks narrative also obscures one more step in the evolution of the understanding of Assange during the Obama administration, one that is more problematic for this letter, given that it would hope to persuade Attorney General Merrick Garland. Per the Yahoo article that WikiLeaks never tires of publicizing, the US government’s understanding of WikiLeaks changed still more when the outlet partnered with Russian intelligence on its 2016 hack-and-leak campaign.

Assange’s communication with the suspected operatives settled the matter for some U.S. officials. The events of 2016 “really crystallized” U.S. intelligence officials’ belief that the WikiLeaks founder “was acting in collusion with people who were using him to hurt the interests of the United States,” said [National Intelligence General Counsel Bob] Litt.

That’s important because, while the parts pertaining to WikiLeaks are almost entirely redacted, the SSCI Report on responses to the 2016 hack-and-leak makes it clear how central a role then-Homeland Security Advisor and current Deputy Attorney General Lisa Monaco played in the process. You’re writing a letter about which Garland would undoubtedly consult with Monaco. She knows that the gradual reassessment of WikiLeaks was no lightswitch that flipped with the inauguration of Donald Trump. Treating it as one provides one more basis on which DOJ could dismiss this letter. What changed wasn’t the administration: it was a series of WikiLeaks actions that increasingly overcame the “New York Times problem,” leading to expanded collection on Assange himself, leading to a different understanding of his actions.

Here’s why I find the sloppiness of this letter so frustrating.

I absolutely agree that, as charged, the Espionage Act charges against Assange are a dangerous precedent. That’s an argument that should be made soberly and credibly, particularly if made by leaders of the journalistic establishment.

I agree with the letter’s point that, “Obtaining and disclosing sensitive information when necessary in the public interest is a core part of the daily work of journalists,” (though these same publishers decided that disclosing the names of US and coalition sources was not in the public interest, and Assange’s privacy breach in doing so was the other basis by which Baraitser distinguished what Assange does from journalism).

But so is fact-checking. So is speaking accurately and with nuance.

If you’re going to write a letter that will be persuasive to the Attorney General, it would be useful to address the indictment and extradition request as it actually exists, not as it existed in 2019 or 2020 or 2021.

And if you’re going to speak with the moral authority of five leading newspapers defending the institution of journalism, you would do well to model the principles of journalism you claim to be defending.

As noted, these outlets corrected the date error after I inquired about the process by which this letter was drafted. I have gotten no on-the-record comments about the drafting of this letter in response.

DOJ Rethinks — but in a Few Areas, Expands — Access to Media Content

In a story on the new media guidelines DOJ rolled out yesterday, Charlie Savage reveals what representatives of the press think they got in the new guidelines, in addition to a formal codification of broader restrictions on the use of legal process to find real journalists’ sources:

Those conversations led to several adjustments about potentially critical issues, like how “news gathering” is defined. According to participants, the Justice Department originally intended to define it in a way that was limited to the passive receipt of government secrets. But the final version now covers the act of pursuing information.

The language in question appears to cover things like encrypted dropboxes, something that journalists liked to compare (inaptly) to the charge against Julian Assange of attempting to hack a password for Chelsea Manning. Thus far, multiple criminal prosecutions show that dropboxes have not thwarted DOJ from prosecuting those who submitted documents into them.

Journalism includes reporting on classified information

A more important change is that the guidelines explicitly include reporting on classified information in its definition of newsgathering.

Newsgathering includes the mere receipt, possession, or publication by a member of the news media of government information, including classified information, as well as establishing a means of receiving such information, including from an anonymous or confidential source.

Savage describes that “is also said to have removed espionage from a list of criminal activities that are excluded from protected news gathering.” I’m not sure that’s right: 18 USC 793 and 798 were (along with Child Sexual Abuse Materials) included in the exceptions to 42 USC 2000aa, which I think is unchanged by this regulation.

What has been removed from the prior version (in addition to the inclusion of classified information in the definition of newsgathering) is an exception permitting the use of legal process in investigations of classified leaks. This language has been removed.

In investigations or prosecutions of unauthorized disclosures of national defense information or of classified information, where the Director of National Intelligence, after consultation with the relevant Department or agency head(s), certifies to the Attorney General the significance of the harm raised by the unauthorized disclosure and that the information disclosed was properly classified and reaffirms the intelligence community’s continued support for the investigation or prosecution, the Attorney General may authorize members of the Department, in such investigations, to issue subpoenas to members of the news media.

In other words, it wasn’t that there was an exception for the Espionage Act. Rather, there was language permitting searches in leak investigations that might be (and frequently have been in recent years) charged under the Espionage Act. That exception has been removed, and reporting on classified information has been explicitly included in the definition of newsgathering.

As we’ll see below, the regulation still authorizes searches in cases of suspected agents of a foreign power.

Expanded protection and a prohibition with exceptions instead of permission for exceptions

As Savage notes, however, the topline change is both a restructuring in the ways that a journalist’s sources might be accessed and the types of legal process covered. Whereas previously, the language on accessing source information included a presumption of access with a bunch of limits on use, as laid out in the prior regulation

The Department views the use of certain law enforcement tools, including subpoenas, court orders issued pursuant to 18 U.S.C. 2703(d) or 3123, and search warrants to seek information from, or records of, non-consenting members of the news media as extraordinary measures, not standard investigatory practices. In particular, subpoenas or court orders issued pursuant to 18 U.S.C. 2703(d) or 3123 may be used, after authorization by the Attorney General, or by another senior official in accordance with the exceptions set forth in paragraph (c)(3) of this section, only to obtain information from, or records of, members of the news media when the information sought is essential to a successful investigation, prosecution, or litigation; after all reasonable alternative attempts have been made to obtain the information from alternative sources; and after negotiations with the affected member of the news media have been pursued and appropriate notice to the affected member of the news media has been provided, unless the Attorney General determines that, for compelling reasons, such negotiations or notice would pose a clear and substantial threat to the integrity of the investigation, risk grave harm to national security, or present an imminent risk of death or serious bodily harm. [my emphasis]

The new regulation outright prohibits compulsory legal process except in certain exceptions.

(c) Compulsory legal process for the purpose of obtaining information from or records of a member of the news media acting within the scope ofnewsgathering. Compulsory legal process for the purpose of obtaining information from or records of a member of the news media acting within the scope of newsgathering is prohibited except under the circumstances set forth in paragraphs (c)(l) through (3).

In other words, these regulations importantly flip the presumption from one that permits the access of journalist records in certain situations to one that prohibits it except according to an enumerated exception.

And this revised regulation has broader language prohibiting the use of legal process. It now includes interception orders (like that used against NBC journalists who were sourced by Henry Kyle Frese), MLAT orders (like the Mexican one that targeted Zach Whittaker in 2020), and orders served on obscure third party providers of enterprise email hosting (like orders used against the WaPo and NYT in recent years).

“Compulsory legal process” consists of subpoenas, search warrants, court orders issued pursuant to 18 U.S.C. 2703(d) and 3123, interception orders issued pursuant to 18 U.S.C. 2518, civil investigative demands, and mutual legal assistance treaty requests-regardless of whether issued to members of the news media directly, to their publishers or employers, or to others, including third-party service providers of any of the forgoing, for the purpose of obtaining information from or records of members of the news media, and regardless of whether the compulsory legal process seeks testimony, physical or electronic documents, telephone toll or other communications records, metadata, or digital content.

In other words, the revision closes loopholes used under the Trump Administration.

What journalism isn’t

More generally, DOJ has reconceptualized the regulation though the use of exceptions.

Some of these are exceptions that permit the compelled process of a journalist, the most interesting new one of which entails evidentiary authentication with DAAG authorization.

(1) To authenticate for evidentiary purposes information or records that have already been published, in which case the authorization of a Deputy Assistant Attorney General for the Criminal Division is required;

This may be a response to the need to get journalists to validate videos they took on January 6.

DOJ has slightly reworked an existing section that at least used to be tailored to the definition covered by FISA (and FISA surveillance of journalists is in no way excluded from these regulations). It still includes the same language excepting an agent of a foreign power or someone who aids or abets one.

A foreign power or agent of a foreign power, as those terms are defined in section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801);

In at least one of the reworked categories, the regulations represent an (entirely reasonable) expansion. The regulation includes this definition of terrorist activity — adding 18 USC 2339B, C, and D — which not only aren’t tied to State’s Foreign Terrorist Organization designations, but also includes (with C) funding for what could be domestic terrorism.

Committing or attempting to commit the crimes of providing material support or resources to terrorists or designated foreign terrorist organizations, providing or collecting funds to finance acts of terrorism, or receiving military-type training from a foreign terrorist organization, as those offenses are defined in 18 U.S.C. 2339A, 2339B, 2339C, and 2339D; or

Seamus Hughes pointed me to this case in which three white supremacists were prosecuted under 18 USC 2339A as an example of how this might apply to domestic terrorists. The new regulations add a review by the National Security Division head on these categories, but since John Demers approved the data collection on real journalists under the Trump Administration, that’s unlikely to be a very useful protection.

Another new exception — this time not associated with newsgathering — is for an investigation targeting a journalist’s non-journalist housemate or similar who is the subject of an investigation.

To obtain information or records of a non-member of the news media, when the nonmember is the subject or target of an investigation and the information or records are in a physical space, device, or account shared with a member of the news media;

But the biggest change is that, in addition to that tweaked list of national security exceptions, DOJ added a bunch of more common crimes that journalism doesn’t include:

(B) Except as provided in paragraph (b)(2)(ii)(A) of this section, newsgathering does not include criminal acts committed in the course of obtaining information or using information, such as: breaking and entering; theft; unlawfully accessing a computer or computer system; unlawful surveillance or wiretapping; bribery; extortion; fraud; insider trading; or aiding or abetting or conspiring to engage in such criminal activities, with the requisite criminal intent.

The distinctions are not entirely clearcut though. Of most concern, what distinguishes a journalist reporting on tech vulnerabilities and a hacker is that “requisite criminal intent,” and one often determines that by accessing content.

Incorporation of cases against recent not-journalism cases

Importantly, however, these crimes include a number of the cases that got journalists all hot and bothered but which, under the new rules, are very clearcut (Savage’s professed uncertainty about Project Veritas notwithstanding).

DOJ’s approach to Julian Assange didn’t begin change until he helped Edward Snowden flee to Russia and Assange wasn’t charged — initially, with attempting to help Chelsea Manning crack a password, itself included in one of the distinguishing crimes — until after he had aided and abetted Russia in a hack-and-leak campaign, one of the national security exceptions. The Espionage charges against Assange were filed after Russia attempted to exfiltrate Assange at the end of 2017. Any superseding indictment of Assange in the future would likely include an extortion claim and an aid-and-abet claim of Josh Schulte’s hacking of the CIA, for which Assange clearly expressed the criminal intent.

With regards to Project Veritas, the very first subpoena targeting their office manager (one obtained while Bill Barr was still Attorney General) listed 18 USC 873, blackmail — a kind of extortion — among the crimes under investigation, and their own defenses raised the possibility of extortion. Plus, Robert Kurlander’s statement of offense described trying to raise the price Project Veritas would pay for Ashley Biden’s diary because it was “literally a stolen diary.” So these new guidelines, applied retroactively, make the Project Veritas search an obvious exception.

The distinction between certain crimes and journalism would encompass three other, still undisclosed investigations into journalists last year described in DOJ’s report on legal process. The first was into insider trading:

In connection with an investigation of securities fraud and wire fraud relating to insider trading activities, a Deputy Assistant Attorney General authorized a U.S. Attorney’s Office to apply for a warrant to search the person, personal effects, and cellular telephones of a member of the news media who was the subject of the insider trading investigation. Investigators had established probable cause that the member of the news media had participated in the insider trading activities with three coconspirators and was in communication with the primary target of the investigation, a former U.S. Congressperson; and that the information seized pursuant to the search warrant would lead to further evidence. Investigators had pursued multiple avenues to obtain the evidence, without success, and had exhausted all investigative leads. The Department’s News Media Policy generally requires that the Attorney General must approve any application to search the communications records of a member of the news media, see 28 C.F.R. § 50.10(d)(1), but here, because the suspected criminal conduct was wholly outside the scope of the member of the news media’s newsgathering activities, a Deputy Assistant Attorney General for the Criminal Division authorized the search warrant applications pursuant to the “suspect exception” of the Privacy Protection Act (PPA), see 28 C.F.R. § 50.10(d)(4).

The second was into fraud and money laundering.

In connection with a fraud and money laundering investigation involving employees of a news media entity, a Deputy Assistant Attorney General authorized a U.S. Attorney’s Office to search stored electronic content of email accounts maintained by a member of the news media and its affiliate entity; and to issue a subpoena to a thirdparty service provider for information relating to accounts maintained by a member of the news media. The Department’s News Media Policy generally requires that the Attorney General must approve any application to search the communications records of a member of the news media, see 28 C.F.R. § 50.10(d)(1), but here, because the suspected criminal conduct was wholly outside the scope of the entities’ and employees’ newsgathering activities, a Deputy Assistant Attorney General for the Criminal Division authorized the search warrant applications pursuant to the “suspect exception” of the PPA, see 28 C.F.R. § 50.10(d)(4).

A third investigation last year into stalking that included the use of spyware and hacking.

In connection with an investigation of a member of the news media for stalking offenses, a Deputy Assistant Attorney General authorized a U.S. Attorney’s Office to apply for a warrant to search the email account of the member of the news media. Investigators had established probable cause that the member of the news media had engaged in harassment and stalking of multiple people, including through the installation and use of spyware and the hacking of social media accounts, as well as employing several means to damage the reputations of the parties the member of the news media was harassing and stalking. The U.S. Attorney’s Office established evidence that the information seized pursuant to the search warrant would lead to evidence regarding the member of the news media’s criminal conduct, which was wholly outside the scope of his newsgathering activities. The Department’s News Media Policy generally requires that the Attorney General must approve any application to search the communications records of a member of the news media, see 28 C.F.R. § 50.10(d)(1), but here, a Deputy Assistant Attorney General for the Criminal Division authorized the search warrant application pursuant to the “suspect exception” of the PPA, see 28 C.F.R. § 50.10(d)(4).

In other words, DOJ has used the lessons from the Trump DOJ’s hunt for journalistic sources, Julian Assange, Project Veritas, and three other undisclosed investigations (and who knows? Perhaps also to media outlets run by Neo-Nazis to help fundraise) to change how they conceive of journalism. All of those are reasonable exceptions from journalism.

There are a bunch of potential loopholes. If DOJ wants a journalist’s content, there are a great many ways they can still get it and because those exceptions would permit sustained secrecy about the searches might never be disclosed.

But these regulations, at a minimum, have established that reporting on classified information is part of journalism and have eliminated a lot of the loopholes to surveillance used to target journalists during the Trump Administration.

Sabrina Shroff Really Wants to Meet in Person with Josh Schulte

Something odd happened in the Josh Schulte case yesterday.

He still has to submit his Rule 29 motion for acquittal and Rule 33 motion for a new trial for his trial. Before the government seized his laptop in a search, they were originally due September 23.

But since the FBI allegedly found Child Sexual Abuse Material on his discovery laptop — the FBI suspects he copied it from the materials allegedly on his home computer via a thumb drive brought into the SCIF storing his discovery — he has been restricted to a typewriter, and so will be given more time to write the filings.

On October 6, Judge Jesse Furman ordered the two sides to come up with a new schedule for those motions by Friday to accommodate that restriction.

The FBI is also investigating Schulte for having contraband on his discovery laptop. Back in September, Schulte insisted that “the only material on the laptop was provided by the government or my attorneys.”

So early yesterday, the government filed a letter, effectively pre-empting one they said that Schulte’s attorney, Sabrina Shroff, had written but not yet docketed. They did so, they said, because hers was inaccurate and did not reflect consultation with Schulte, who is representing himself pro se on the last trial.

Counsel’s letter, which asks the Court to order the means by which the parties carry out their obligation to meet-and-confer about a proposed motions schedule, (i) is materially inaccurate, (ii) seeks unnecessarily burdensome and delay-laden restrictions on what should be a straightforward conversation about a schedule, and (iii) inappropriately attempts to speak on the defendant’s behalf with respect to an issue for which the defendant is pro se. Defense counsel’s letter falsely claims, for example, that the Government previously refused to have calls with the defendant while he was in the MDC and has “repudiated” this practice; when, in fact, the Government previously arranged meet-and-confer calls with the defendant during his courthouse SCIF days because doing so was logistically simpler. Here, where the defendant is no longer produced to the SCIF, the Government proposed a telephone call from the MDC, which defense counsel has been invited to join. When counsel objected to the call, the Government noted that the defendant is pro se and entitled to decide for himself whether or not to participate in the call and, if he declined to do so, the Government would attempt to confer through other means. The Government also offered to respond to a proposed schedule from the defendant conveyed by counsel. Rather than pursue either option or allow the defendant to speak for himself on this pro se matter,1 defense counsel submitted today’s letter to the Court.

1 Counsel’s letter does not assert that the defendant is incompetent to act for himself pro se and makes no representation that the defendant was consulted on the letter.

When Shroff’s letter was finally docketed (with two redactions describing Schulte’s current status, apparently something pertaining to having been moved from his prior cell), it became clear that she’s insisting on using the meet-and-confer as an opportunity to meet with him in person, rather than with her on the call, or barring that, ensuring that anything Schulte say not be used against him.

In the past, the government has fulfilled its meet and confer obligations by calling Mr. Schulte in the SCIF, where one or more of his standby counsel could be physically present and beside Mr. Schulte as he spoke with opposing counsel. During the time Mr. Schulte was entirely pro se, the government refused to have calls with him while he was at MDC-Brooklyn, insisting the calls take place while he was at the SCIF. Each call was recorded by the government and an FBI agent was present for the call.

In repudiation of this prior practice, the government now seeks to meet and confer with Mr. Schulte by arranging a telephone call with him at the MDC, meaning no defense counsel would be physically present next to Mr. Schulte during the call.1 Given (i) the hybrid representation in place; (ii) Mr. Schulte [redacted];2 and (iii) such a setup is not necessary, it would not be prudent for defense counsel to agree to such a meet and confer.

In lieu of the government’s proposal, defense counsel has offered to (i) take the government’s proposed briefing schedule to Mr. Schulte to get his sign-off;3 (ii) allow the meet and confer at the MDC, provided the government can arrange for Mr. Schulte’s counsel to be there physically with him in the same room; (iii) have Mr. Schulte produced at the 500 Pearl Street pens on the 4th floor for the meet and confer; or (iv) if the Court allows the meet and confer to take place outside the physical presence of counsel as the government demands, that the government agree not to use any purported spontaneous statements or questions that may come out during the call against Mr. Schulte at any future legal proceeding. The government has rejected each of these four proposals.

Given this impasse, and the importance of defense counsel being physically next to Mr. Schulte when the Government speaks with him, we respectfully ask the Court to Order the government to adopt one of the four proposals, so the meet and confer can proceed in a manner that allows defense counsel to step in and ensure that Mr. Schulte’s right against self-incrimination and right to counsel are protected.

1 Defense counsel has apprised the government of her unavailability on the government’s chosen date and time of October 19, 2022, and asked at the very least, the call be re-scheduled should the Court not grant the requested relief.

2 Neither the government nor the BOP informed counsel for Mr. Schulte [redacted] The BOP did not provide (for three days in row) the requested emergency legal calls. In person visits were also made unavailable. Counsel was told that the in-person visit could not take place as the room in the SAMs unit was occupied by other counsel, when in fact Mr. Schulte was not on his regular unit.

3 I twice offered to go to the MDC and vet with Mr. Schulte the government’s proposed briefing schedule for the Rule 29 and 33 motion. The government declined to provide its proposed timeline/schedule to me.

While Shroff’s letter sounds sketchy in light of Schulte’s own observation that any contraband had to have come from the government or his lawyers, Shroff is too smart to facilitate Schulte’s crimes. That said, the record suggests that he manipulates every single human being he comes into contact with, including his own family. I think the most likely explanation for any contraband is that he made a seemingly reasonable request for something from his lawyers, and then repurposed it.

The government, meanwhile, has used the recent developments to propose a long delay — with briefing to begin two months from now — on Schulte’s pretrial motions. Now they’re proposing he submit his motions on December 16.

I’ve been wondering how Schulte would respond to being accused of reaccessing CSAM material, something that, if proven, would make proving his pending charges on that easier to prove and also dramatically increase his potential sentence. He’s at the point where he has to be contemplating life in prison.

However he has and will respond, Shroff is worried about him speaking with the government without being present.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

18 USC 793e in the Time of Shadow Brokers and Donald Trump

Late last year, a Foreign Affairs article by former Principal Deputy Director of National Intelligence Sue Gordon and former DOD Chief of Staff Eric Rosenbach asserted that the files leaked in 2016 and 2017 by Shadow Brokers came from two NSA officers who brought the files home from work.

In two separate incidents, employees of an NSA unit that was then known as the Office of Tailored Access Operations—an outfit that conducts the agency’s most sensitive cybersurveillance operations—removed extremely powerful tools from top-secret NSA networks and, incredibly, took them home. Eventually, the Shadow Brokers—a mysterious hacking group with ties to Russian intelligence services—got their hands on some of the NSA tools and released them on the Internet. As one former TAO employee told The Washington Post, these were “the keys to the kingdom”—digital tools that would “undermine the security of a lot of major government and corporate networks both here and abroad.”

One such tool, known as “EternalBlue,” got into the wrong hands and has been used to unleash a scourge of ransomware attacks—in which hackers paralyze computer systems until their demands are met—that will plague the world for years to come. Two of the most destructive cyberattacks in history made use of tools that were based on EternalBlue: the so-called WannaCry attack, launched by North Korea in 2017, which caused major disruptions at the British National Health Service for at least a week, and the NotPetya attack, carried out that same year by Russian-backed operatives, which resulted in more than $10 billion in damage to the global economy and caused weeks of delays at the world’s largest shipping company, Maersk. [my emphasis]

That statement certainly doesn’t amount to official confirmation that that’s where the files came from (and I’ve been told that the scope of the files released by Shadow Brokers would have required at least one more source). But the piece is as close as anyone with direct knowledge of the matter — as Gordon would have had from the aftermath — has come to confirming on the record what several strands of reporting had laid out in 2016 and 2017: that the NSA files that were leaked and then redeployed in two devastating global cyberattacks came from two guys who brought highly classified files home from the NSA.

The two men in question, Nghia Pho and Hal Martin, were prosecuted under 18 USC 793e, likely the same part of the Espionage Act under which the former President is being investigated. Pho (who was prosecuted by Thomas Windom, one of the prosecutors currently leading the fake elector investigation) pled guilty in 2017 and was sentenced to 66 months in prison; he is processing through re-entry for release next month. Martin pled guilty in 2019 and was sentenced to 108 months in prison.

The government never formally claimed that either man caused hostile powers to obtain these files, much less voluntarily gave them to foreign actors. Yet it used 793e to hold them accountable for the damage their negligence caused.

There has never been any explanation of how the files from Martin would have gotten to the still unidentified entity that released them.

But there is part of an explanation how files from Pho got stolen. WSJ reported in 2017 that the Kaspersky Anti-Virus software Pho was running on his home computer led the Russian security firm to discover that Pho had the NSA’s hacking tools on the machine. Somehow (the implication is that Kaspersky alerted the Russian government) that discovery led Russian hackers to subsequently target Pho’s computer and steal the files. In response to the WSJ report, Kaspersky issued their own report (here’s a summary from Kim Zetter). It acknowledged that Kaspersky AV had pulled in NSA tools after triggering on a known indicator of NSA compromise (the report claimed, and you can choose to believe that or not, that Kaspersky had deleted the most interesting parts of the files obtained). But it also revealed that in that same period, Pho had briefly disabled his Kaspersky AV and downloaded a pirated copy of Microsoft Office, which led to at least one backdoor being loaded onto his computer via which hostile actors would have been able to steal the NSA’s crown jewels.

Whichever version of the story you believe, both confirm that Kaspersky AV provided a way to identify a computer storing known NSA hacking tools, which then led Pho — someone of sufficient seniority to be profiled by foreign intelligence services — to be targeted for compromise. Pho didn’t have to give the files he brought home from work to Russia and other malicious foreign entities. Merely by loading them onto his inadequately protected computer and doing a couple of other irresponsible things, he made the files available to be stolen and then used in one of the most devastating information operations in history. Pho’s own inconsistent motives didn’t matter; what mattered was that actions he took made it easy for malicious actors to pull off the kind of spying coup that normally takes recruiting a high-placed spy like Robert Hanssen or Aldrich Ames.

In the aftermath of the Shadow Brokers investigation, the government’s counterintelligence investigators may have begun to place more weight on the gravity of merely bringing home sensitive files, independent of any decision to share them with journalists or spies.

Consider the case of Terry Albury, the FBI Agent who shared a number of files on the FBI’s targeting of Muslims with The Intercept. As part of a plea agreement, the government charged Albury with two counts of 793e, one for a document about FBI informants that was ultimately published by The Intercept, and another (about an online terrorist recruiting platform) that Albury merely brought home. The government’s sentencing memo described the import of files he brought home but did not share with The Intercept this way:

The charged retention document relates to the online recruitment efforts of a terrorist organization. The defense asserts that Albury photographed materials “to the extent they impacted domestic counter-terrorism policy.” (Defense Pos. at 37). This, however, ignores the fact that he also took documents relating to global counterintelligence threats and force protection, as well as many documents that implicated particularly sensitive Foreign Intelligence Surveillance Act collection. The retention of these materials is particularly egregious because Albury’s pattern of behavior indicates that had the FBI not disrupted Albury and the threat he posed to our country’s safety and national security, his actions would have placed those materials in the public domain for consumption by anyone, foreign or domestic.

And in a declaration accompanying Albury’s sentencing, Bill Priestap raised the concern that by loading some of the files onto an Internet-accessible computer, Albury could have made them available to entities he had no intention of sharing them with.

The defendant had placed certain of these materials on a personal computing device that connects to the Internet, which creates additional concerns that the information has been or will be transmitted or acquired by individuals or groups not entitled to receive it.

This is the scenario that, one year earlier, was publicly offered as an explanation for the theft of the files behind The Shadow Brokers; someone brought sensitive files home and, without intending to, made them potentially available to foreign hackers or spies.

Albury was sentenced to four years in prison for bringing home 58 documents, of which 35 were classified Secret, and sending 25 documents, of which 16 were classified Secret, to the Intercept.

Then there’s the case of Daniel Hale, another Intercept source. Two years after the Shadow Brokers leaks (and five years after his leaks), he was charged with five counts of taking and sharing classified documents, including two counts of 793e tied to 11 documents he took and shared with the Intercept. Three of the documents published by The Intercept were classified Top Secret.

Hale pled guilty last year, just short of trial. As part of his sentencing process, the government argued that the baseline for his punishment should start from the punishments meted to those convicted solely of retaining National Defense Information. It tied Hale’s case to those of Martin and Pho explicitly.

Missing from Hale’s analysis are § 793 cases in which defendants received a Guidelines sentence for merely retaining national defense information. See, e.g., United States v. Ford, 288 F. App’x 54, 61 (4th Cir. 2008) (affirming 72-month sentence for retention of materials classified as Top Secret); United States v. Martin, 1:17-cr-69-RDB) (D. Md. 2019) (nine-year sentence for unlawful retention of Top Secret information); United States v. Pho, 1:17-cr-00631 (D. Md. 2018) (66-month sentence for unlawful retention of materials classified as Top Secret). See also United States v. Marshall, 3:17-cr-1 (S.D. TX 2018) (41-month sentence for unlawful retention of materials classified at the Secret level); United States v. Mehalba, 03-cr-10343-DPW (D. Ma. 2005) (20-month sentence in connection with plea for unlawful retention – not transmission – in violation of 793(e) and two counts of violating 18 U.S.C. 1001; court departed downward due to mental health of defendant).

Hale is more culpable than these defendants because he did not simply retain the classified documents, but he provided them to the Reporter knowing and intending that the documents would be published and made available to the world. The potential harm associated with Hale’s conduct is far more serious than mere retention, and therefore calls for a more significant sentence. [my emphasis]

Even in spite of a moving explanation for his actions, Hale was sentenced to 44 months in prison. Hale still has almost two years left on his sentence in Marion prison.

That focus on other retention cases from the Hale filing was among the most prominent national references to yet another case of someone prosecuted during the Trump Administration for taking classified files home from work, that of Weldon Marshall. Over the course of years of service in the Navy and then as a contractor in Afghanistan, Marshall shipped hard drives of classified materials home.

From the early 2000s, Marshall unlawfully retained classified items he obtained while serving in the U.S. Navy and while working for a military contractor. Marshall served in the U.S. Navy from approximately January 1999 to January 2004, during which time he had access to highly sensitive classified material, including documents describing U.S. nuclear command, control and communications. Those classified documents, including other highly sensitive documents classified at the Secret level, were downloaded onto a compact disc labeled “My Secret TACAMO Stuff.” He later unlawfully stored the compact disc in a house he owned in Liverpool, Texas. After he left the Navy, until his arrest in January 2017, Marshall worked for various companies that had contracts with the U.S. Department of Defense. While employed with these companies, Marshall provided information technology services on military bases in Afghanistan where he also had access to classified material. During his employment overseas, and particularly while he was located in Afghanistan, Marshall shipped hard drives to his Liverpool home. The hard drives contained documents and writings classified at the Secret level about flight and ground operations in Afghanistan. Marshall has held a Top Secret security clearance since approximately 2003 and a Secret security clearance since approximately 2002.

He appears to have been discovered when he took five Cisco switches home. After entering into a cooperation agreement and pleading guilty to one count of 793e, Marshall was (as noted above) sentenced to 41 months in prison. Marshall was released last year.

Outside DOJ, pundits have suggested that Trump’s actions are comparable to those of Sandy Berger, who like Trump stole files that belong to the National Archives and after some years pled guilty to a crime that Trump since made into a felony, or David Petraeus, who like Trump took home and stored highly classified materials in unsecured locations in his home. Such comparisons reflect the kind of elitist bias that fosters a system in which high profile people believe they are above the laws that get enforced for less powerful people.

But the cases I’ve laid out above — particularly the lesson Pho and Martin offer about how catastrophic it can be when someone brings classified files home and stores them insecurely, no matter their motives — are the background against which career espionage prosecutors at DOJ will be looking at Trump’s actions.

And while Trump allegedly brought home paper documents, rather than the digital files that Russian hackers could steal while sitting in Moscow, that doesn’t make his actions any less negligent. Since he was elected President, Mar-a-Lago became a ripe spying target, resulting in at least one prosecution. And two of the people he is most likely to have granted access to those files, John Solomon and Kash Patel, each pose known security concerns. Trump has done the analog equivalent of what Pho did: bring the crown jewels to a location already targeted by foreign intelligence services and store them in a way that can be easily back-doored. Like Pho, it doesn’t matter what Trump’s motivation for doing so was. Having done it, he made it ridiculously easy for malicious actors to simply come and take the files.

Under Attorneys General Jeff Sessions and Bill Barr, DOJ put renewed focus on prosecuting people who simply bring home large caches of sensitive documents. They did so in the wake of a costly lesson showing that the compromise of insecurely stored files can do as much damage as a high level recruited spy.

It’s a matter of equal justice that Trump be treated with the same gravity with which Martin and Pho and Albury and Hale and Marshall were treated under the Trump Administration, for doing precisely what Donald Trump is alleged to have done (albeit with far fewer and far less sensitive documents). But as the example of Shadow Brokers offers, it’s also a matter of urgent national security.

A Different DOJ Search of Note: Joshua Schulte

Josh Schulte should have grown concerned when David Denton — one of the two AUSAs in charge of his prosecution — didn’t show up to a status conference on July 26.

THE COURT: All right. Good afternoon, everyone. Mr. Lockard, will Mr. Denton be joining us?

MR. LOCKARD: He will not be joining us today.

For that matter, he should have sussed something was up a month earlier, during trial, when Denton objected to Schulte’s bid to introduce a script he wrote as evidence at his trial because of ongoing and escalating security concerns.

[Y]our Honor, we have accepted a continuing expansion of the defendant’s use of a laptop that was originally provided for the purpose of reviewing discovery, but to us, this is really a bridge too far in terms of security concerns, particularly in light of the issues uncovered during the last issue with his laptop and the concerns that the MDC has raised to us about tampering with the law library computer. We have not taken any action in response to that, because we’re in the middle of trial and we’re loath to do things that would disrupt the trial at this point.

As I laid out, among the security concerns Denton was worried about was that, just weeks before trial when Schulte claimed that his laptop was broken, IT staff at the US Attorney’s Office discovered that Schulte had been tampering with the BIOS on his laptop, seemingly in an attempt to bypass WiFi restrictions.

First, with respect to the defendant’s discovery laptop, which he reported to be inoperable as of June 1, 2022 (D.E. 838), the laptop was operational and returned to Mr. Schulte by the end of the day on June 3, 2022. Mr. Schulte brought the laptop to the courthouse on the morning of June 3 and it was provided to the U.S. Attorney’s Office information technology staff in the early afternoon. It appears that the laptop’s charger was not working and, after being charged with one of the Office’s power cords, the laptop could be turned on and booted. IT staff discovered, however, that the user login for the laptop BIOS1 had been changed. IT staff was able to log in to the laptop using an administrator BIOS account and a Windows login password provided by the defendant. IT staff also discovery an encrypted 15-gigabyte partition on the defendant’s hard drive. The laptop was returned to Mr. Schulte, who confirmed that he was able to log in to the laptop and access his files, along with a replacement power cord. Mr. Schulte was admonished about electronic security requirements, that he is not permitted to enable or use any wireless capabilities on the laptop, and that attempting to do so may result in the laptop being confiscated and other consequences. Mr. Schulte returned to the MDC with the laptop.

1 The BIOS is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the booting process. The BIOS settings can determine, for example, whether external ports and wireless capabilities are enabled or disabled.

So DOJ revealed evidence that Schulte was attempting to hack his discovery laptop before trial, Denton implied DOJ was waiting until after trial to do anything about it, and Denton was too busy to show up at the status hearing on July 26.

He appears to have been busy getting a search warrant for the laptop. The government served Schulte with the warrant and seized the offending laptop two days later, on July 28. After Schulte attorney Sabrina Shroff complained, the government explained that since they had not yet charged Schulte in conjunction with the new warrant, they didn’t have to provide their affidavit.

[T]he Government’s investigation of the defendant’s conduct that gave rise to the search warrant is ongoing, no charges related to his use of the laptop have been filed, and the scope and precise nature of the conduct that the Government is investigating are not known either to the public or to the defendant.

If that investigation results in the use of information obtained pursuant to the search warrant, the Government will comply with its discovery obligations promptly.

They did, however, object to getting Schulte a new laptop.

The defendant has seven weeks to draft and file his pro se motions pursuant to Federal Rules of Criminal Procedure 29 and 33, and can do so using the normal resources available to pro se inmates at the Metropolitan Detention Center. The defendant “has the right to legal help through appointed counsel, and when he declines that help, other alternative rights, like access to a [personal laptop], do not spring up.” United States v. Byrd, 208 F.3d 592, 593 (7th Cir. 2000). Particularly in view of the Magistrate Judge’s determination that there is probable cause to believe that the defendant’s previous laptop contains evidence of additional crimes, there is no reason that the defendant should be afforded special access to a new laptop simply because the Court has permitted him to proceed partially pro se for certain matters going forward.

Shroff’s reply, in addition to making a legitimate case that Schulte should be able to get a laptop to finish his Rule 29 and 33 motions, provided more detail of what she knows about the warrant. This is not about espionage. She mentions only additional counts of contempt and possessing contraband, the same charges investigated in 2018 when Schulte’s phone was found (though those crimes seem inconsistent with the security concerns — hacking — described leading up to the trial).

The search warrant itself notes that the government is not alleging it has probable cause for any acts of espionage.

[snip]

Notably, while the government’s letter states the factors which may permit an affidavit to be withheld – e.g., to preserve confidential sources or protect witnesses – the government never explains how those factors possibly could apply here, where someone already incarcerated is accused of violations of Title 18, United States Code, Sections 401(3) (contempt of court) and 1791(a) (possessing contraband in a correctional facility). There are no confidential sources or witness at risk – and production of the affidavit in support of the search warrants implicates none of the articulated concerns.

But that’s not right. It can’t be right. If Schulte got contraband, it means someone — his legal team, his family, or the guards — shared it with him. He has a history of getting the latter two involved in ferrying information or goods improperly. I’m mindful, too, of Schulte’s curious replication of a WikiLeaks-seeded propaganda campaign about Mike Pompeo, even in spite of being on SAMs.

After suggesting there couldn’t be witnesses in a situation where there’d have to be witnesses, Shroff turns the government’s efforts to avoid disrupting Schulte’s trial on its head, claiming it is proof that waiting until after the trial is punitive.

The timing of the search warrant sought by the government as it relates to its stance on a replacement laptop is perhaps informative. Right before start of trial, a guard at the MDC dropped Mr. Schulte’s laptop. See ECF Docket Entry No. 838. In an effort to “fix” the laptop, Mr. Schulte provided it to the government – for that limited purpose. The government then returned the laptop saying it was working but asked Mr. Schulte about the organization of the laptop and then asked the court to admonish Mr. Schulte for manner in which he was maintaining it. The government did nothing more. It did not ask the Court for a search warrant or to curtail Mr. Schulte’s access to the laptop. The government allowed Mr. Schulte to keep his laptop – all through the trial – and only now seeks its seizure. The timing appears punitive and not keyed to any potential harm to a third party.

Ultimately, Judge Jesse Furman declined to intervene, in part because the warrant was obtained in EDNY, not SDNY.

The Discovery Refrigerator: When Joshua Schulte Social Engineered His Cellmate’s Brother

In advance of some other things, I want to look at the time that Joshua Schulte, who was convicted last week on nine counts related to stealing and leaking CIA files to WikiLeaks, social engineered the brother of his cellmate.

One of the charges on which the jury found Schulte guilty was sending WaPo reporter Shane Harris a warrant affidavit from the investigation into him, along with Schulte’s own narrative purportedly debunking the allegations made in the warrant. The jury found that Schulte’s description of two hundred people who might have access to the DevLAN backups and the network setup that would allow them that access was National Defense Information. Effectively, prosecutors argued and the jury agreed, Schulte was revealing CIA’s organizational structure and numbers of classified employees to a journalist. It’s a picayune Espionage count that because it likely won’t be treated as the same leak as the charge for sending CIA’s hacking tools, could add years to Schulte’s sentence.

Schulte sent the warrant affidavits along with a dangle, a promise to tell Harris some dirt about Russian oligarchs’ ties to Marc Kasowitz and Rudy Giuliani.

We have decided to share with you an initial exposé (depending on how the first one goes with you we will share up to nine more) involving Russian oligarchs, business ties and wire transfers involving hundreds of millions of dollars to Donald Trump’s closest advisers and law firms, including Giuliani and Mark Kasowitz firms. Trump’s self-reported best friend plays a starting role.

In cross-examination of FBI Agent Evan Schlessinger, Schulte suggested, credibly, that this dangle came from his cellmate, Omar Amanat.

Q. Well, you remember the ProtonMail email that referenced Marc Kasowitz, right?

A. Yes.

Q. OK. And there’s no relation between me and Marc Kasowitz, right?

A. No. You’re — not that I’m aware of.

Q. OK. Let’s talk about the cell search at the MCC. Now, in the cell search at the MCC, did you know what cell I was in?

A. Yes.

Q. And just real quick, you did know that there was a relationship between Mr. Amanat and Marc Kasowitz, right?

A. I know it was a — it’s connected to Mr. Amanat. I don’t know exactly how.

Q. OK.

A. Or how it relates to Mr. Amanat.

Of course, Schulte wasn’t charged for leaking information about Trump’s once and future lawyers. He was charged for sharing information about the CIA that — even if Amanat were the one who sent the email to Harris — would still mean Schulte shared it with Amanat, someone else who wasn’t cleared to receive it.

Plus, the record now shows that Schulte had been working with Omar Amanat and his brother, Irfan, to get these documents out.

An FBI interview of Schulte’s cousin, Shane Presnall, conducted just days before his first trial on January 13, 2020 but only released in April, explains that the Amanats were participating in the effort to publicize Schulte’s case starting as soon as Schulte and Amanat ended up in a cell together in December 2017. In fact, Presnall handed off Schulte’s warrants (it’s not clear whether this includes Schulte’s response, which is where the classified information was) to Amanat’s brother, Irfan, by leaving them in the fridge at the apartment he had shared with Schulte. (At the time, Irfan had been charged in the same fraud as Omar, but he was still out on pretrial release; since these events in 2018, both Omar and Irfan have been sentenced, served their time, and released.)

JS’s idea to get to press was to get court documents to get more attention to his case. JS told SP he was trying to create public outrage. When arrested in December 2017, another inmate in MCC, named Omar Amanat, told JS that Omar had media comments [sic] and that JS should send documents out and Omar will get them out. SP expressed skepticism about having a stranger do this. Then Omar’s cousin (Iffy) reaches out to SP via WhatsApp and says they have media contacts and can get documents out. When moving everything out of the apartment, SP put the documents in the bottom of the fridge in his apartment and informed Iffy where the where the documents would be. Iffy came and got the documents at JS’s apartment. Iffy confirmed to SP that Iffy got the documents. Iffy had the key because SP handed it to him.

Presnall was also communicating with reporters via Signal and a ProtonMail account, JohnGalt. But after he handed off the documents, he never heard from Irfan again.

But Schulte and the Amanats continued to work closely to get the documents out.

Just days before the ProtonMail dangle with the warrants was sent to Harris on September 24, the Samsung phone primarily used by Schulte texted Irfan on Signal. [This is a version of the Signal report, GX 822-1 as submitted in the first trial, but in which I replaced phone numbers with names and eliminated extraneous data; the righthand-most column shows who sent a particular text, the second-from-right is who received it.]

Schulte claimed to be Omar. He said that J — Schulte — needed “screen shots of Romania hack and Moscow.”

Irfan was understandably confused because, at the same time as someone claiming to be his brother was texting from the Samsung, someone else was calling him on what must be the iPhone that Omar primarily used.

Nevertheless, Irfan sent the files and only then did Schulte tell Omar’s brother he had pretended to be Omar to get Irfan to send files he had been trying to get from his cellmate.

Irfan and Schulte had a good laugh together about “master airhead” Omar, and then they got back to work on the documents they were working on.

Over the next two days Irfan and Schulte chatted away as they worked on various files, at several points, switching to group chat. At one point, Omar asked who “anonymous badger” is. “My bro?”

Here’s a picture of Omar’s side of that conversation, working on the Google doc via his iPhone while Schulte and Irfan worked from other locations, from one of the 2018 warrant affidavits tied to this part of the investigation.

On September 26, Schulte texted Irfan to say that Omar broke a screen (perhaps an exacerbation of the crack seen above) but that everything was still a go.

That’s the day when jailhouse informant Carlos Betances narced them out to the guard before they could do … something … in the law library.

Q. Mr. Betances, did there come a time when you learned of an effort to take the Samsung somewhere else in the jail?

A. Yes.

Q. And what did you learn about that?

A. That they were going to pay this friend of mine, Flaco, 200 bucks to take it down to the library that day.

Q. And who wanted to pay to bring the phone to the library?

MR. SCHULTE: Objection. Hearsay.

THE COURT: How did you learn about that information?

THE WITNESS: Because Flaco told me.

[snip]

BY MR. LOCKARD: Q. Mr. Betances, did you observe anything about Mr. Schulte’s or Omar’s behavior around that time?

A. Yes. They were very wary. They wanted to go down to the library then, and — so once I realized that they wanted to go down there, I threw this little piece of paper at the guard who was right there, and letting him know that something was going to happen in the library, that he could — he should —

THE INTERPRETER: Interpreter correction. A. — that he should conduct a search or everybody should go down and figure out what was about to happen. So that is what happened. When Josh and Omar came up, they said something had happened, that there was a search, there had been a search in the library, but they never found out that I was the one who had prevented that from happening.

Q. And did you hear Mr. Schulte or Omar discuss why they wanted the phone in the library?

MR. SCHULTE: Objection.

THE COURT: Overruled.

A. They wanted to send something very important. I don’t know what it was, but it was important. They had spent a week, a long time with the phones. They would give me the phone back very late at night with a very low charge.

Over the course of the next few days, as one after another of the detainees in on the contraband phone gig got caught and put into the SHU, it seemed that Omar came to rely on the Samsung (the first of the contraband phones was seized on September 26) to send Irfan gloomy texts. What appears to be Omar asks Irfan to call Carlos’ son to let the son know they’d put $500 in his father’s commissary fund, something that Betances testified to at the second trial, claiming he newly remembered just last month being offered a $5,000 bribe through the air conditioning pipes to stay quiet.

So as the brothers allegedly discussed arranging paying off the guy who narced them out, they also discussed what Harris has received. “How much to carlo,” Irfan asked about the payment. “Washpo has em,” Omar discussed the documents.

The very last Signal text sent on the phone, on a day when Schulte was definitely in SHU but Omar was not yet, was a text from Omar to Harris, asking if they could shift to a different ProtonMail address, [email protected]

It’s a point Schulte made at trial: When that last text was sent, he was in SHU. He couldn’t have sent it.

According to Agent Schlessinger, there was no activity on the ProtonMail account Schulte had described in his notebook setting up on August 21, Annon1204, after Schulte was put in SHU. While Schulte pointed to a follow-up, on Annon1204, on September 26 that he suggested must have come from Omar, the switch to a different ProtonMail account after Schulte was moved overnight on October 1 is consistent with Omar not having the password for Annon1204, and so moving the ongoing conversation with Harris to another ProtonMail account, psalms100.

The entire (resumed) conversation with Shane Harris started with Schulte pretending to be Anonymous, partly in an effort to get Harris to send documents that Schulte’s family had already been warned, by the FBI, not to release publicly. Along the way, Schulte pretended to be Omar and then Omar pretended to be Schulte pretending to be Anonymous.

It was a grand scheme across contraband cell phones and Google docs to send out a bunch of documents. One of which, the jury has now issued their verdict, constituted a very costly crime.

image_print