Chelsea Manning’s Release May Not Be the End of Her Troubles

When I wrote this post noting that Judge Anthony Trenga had ordered Chelsea Manning be released, I admitted, I don’t know what it means. I was hoping that when her lawyers released a statement it would bring more clarity. But that statement — released hours after the release — offered no such clarity (though it does make it clear that right now her focus is on recovering from the suicide attempt and malign effects of incarceration, not any celebration of her freedom). It attributed her release to “the apparent conclusion” of the grand jury.

Judge Anthony Trenga today ordered Chelsea Manning’s release from confinement, after the apparent conclusion of the grand jury to which she had been subpoenaed, and before which she refused to testify. He further ordered that she pay $256,000 in fines which accrued each day she refused to cooperate with the grand jury.

Needless to say we are relieved and ask that you respect her privacy while she gets on her feet.

That tells us no more than Trenga’s opinion revealed and arguably shifts the emphasis from “the business of” the grand jury to the grand jury itself. There’s no reason to believe this grand jury expired (it was understood to be a newly seated one last May, which should mean it would have two more months). Rather, written two days after the grand jury appearance scheduled, Trenga’s opinion says the grand jury is done with whatever it was doing.

That’s one of the reasons I focused so closely on what prosecutors told Jeremy Hammond Tuesday, when he also refused to testify before the grand jury. They asserted that Julian Assange is a Russian spy.

“What could the United States government do that could get you to change your mind and obey the law here? Cause you know” — he basically says — “I know you think you’re doing the honorable thing here, you’re very smart, but Julian Assange, he’s not worth it for you, he’s not worth your sacrifice, you know he’s a Russian spy, you know.”

[snip]

He implied that all options are on the table, they could press for — he didn’t say it directly, but he said they could press for criminal contempt. … Then he implies that you could still look like you disobeyed but we could keep it a secret — “nobody has to know I just want to know about Julian Assange … I don’t know why you’re defending this guy, he’s a Russian spy. He fucking helped Trump win the election.”

Amid suggestions that prosecutors were considering further legal means against Hammond, one of them used the example of Bartleby the Scrivener — whose example Hammond had followed in the grand jury in preferring not to answer questions — to remind that refusing to answer questions led Bartleby to die in prison.

Let me be clear, I’m not saying I agree with that observation, nor am I ceding that prosecutors definitely have proof that Assange is a Russian spy. But unless you believe that Hammond entirely made up these two exchanges, then everyone on all sides of the WikiLeaks divide would do well to take note of it. Julian Assange’s prosecutors are asserting to a witness that he is a Russian spy, which is far more than they’ve put into any indictment, yet.

Hammond suggested that when prosecutors “implied that all options are on the table,” he took that to mean he might be held in criminal contempt. Manning’s camp was expressing similar concerns before the grand jury appointment on Tuesday, that they believed the government might respond to her bid to be released by ratcheting up her legal exposure. But if prosecutors really do believe Assange is a Russian spy, it would give them tools far beyond criminal contempt.

It is a crime by itself in the US to refuse to tell authorities about espionage. As Ron Wyden’s bill to fix the Espionage Act makes clear, prosecutors can charge someone under the Espionage Act for conspiracy, aiding and abetting, accessory after the fact, or misprision of a felony. Misprision is effectively not telling a court or other authority about what you know as soon as possible.

Whoever, having knowledge of the actual commission of a felony cognizable by a court of the United States, conceals and does not as soon as possible make known the same to some judge or other person in civil or military authority under the United States, shall be fined under this title or imprisoned not more than three years

And under the Espionage Act statute Assange has already been charged under as well as 18 USC § 794 (sharing defense information with a foreign government like Russia), such conspiracy language exposes the person found conspiring not to just three years, but to the same punishments as the person himself. If Julian Assange shared with Russia some of the information Manning shared with him, for example, that may expose her for his acts.

This is why I focused so intently on the language that prosecutors in the Joshua Schulte case were using, treating WikiLeaks as a criminal organization. If the federal government currently conceives of WikiLeaks in these terms, it means Hammond and Manning’s silence may expose them far more than they or their current advisors seem to be envisioning. And that was based off language describing WikiLeaks like an organized crime entity, not someone led by (as prosecutors claimed the other day) a Russian spy.

Again, I am not defending this stance. I’m not saying I agree with it. I’m making an observation that people on all sides of the WikiLeaks divide — but especially those caught in the spell of the lies that Assange’s people are telling to combat extradition — would do well to note.

The government is using language that is far, far more serious than virtually anyone seems to be accounting for, including Manning and Hammond. Prosecutors may well have been blowing smoke to try to cow Hammond into cooperating. Or they may have been putting Hammond on notice of the stakes he was facing.

Chelsea Manning Released from Jail … with a Massive Fine

Judge Anthony Trenga just ordered Chelsea Manning released from jail, a day before her attempt to be released based off a claim that coercion would never get her to testify.

Trenga declared that motion moot, though. The reason he released her is because the work of the grand jury has finished.

By Order dated March 12, 2020, after finding that the business of Grand Jury 19-3 had concluded, the Court dismissed Grand Jury 19-3.

Upon consideration of the Court’s May 16, 2019 Order, the Motion, and the Court’s March 12, 2020 Order discharging Grand Jury 19-3, the Court finds that Ms. Manning’s appearance before the Grand Jury is no longer needed, in light of which her detention no longer serves any coercive purpose. The Court further finds that enforcement of the accrued, conditional fines would not be punitive but rather necessary to the coercive purpose of the Court’s civil contempt order.

Her total fine amounts to $256,000.

I have no idea, yet, what this means. But I’m glad she has been released.

Update: Jeremy Hammond has also been released back to federal prison.

 

Hours before She Attempted to Kill Herself, Prosecutors May Have Told Chelsea Manning that Julian Assange Is a Russian Spy

Back when the government first subpoenaed Chelsea Manning, I laid out why that was likely to be counterproductive.

[U]nless there’s a really good legal reason for the government to pursue its own of evolving theory of WikiLeaks’ activities, it doesn’t make sense to rush where former WikiLeaks supporters are headed on their own. In virtually all venues, activists’ reversed understanding of WikiLeaks is bound to have more credibility (and almost certainly more nuanced understanding) than anything the government can offer. Indeed, that would likely be especially true, internationally, in discussions of Assange’s asylum claim.

A charge against Assange in conjunction with Vault 7 or the 2016 election operation might accelerate that process, without foreclosing the government’s opportunity to present any evolved understanding of WikiLeaks’ role in the future (especially if tied to conspiracy charges including the 2016 and 2017 activities).

But getting into a subpoena fight with Chelsea Manning is likely to have the opposite effect.

That’s true, in part, because post-commutation a lot of people worry about the impact renewed pressure from the government against Manning will have, regardless of the legal soundness of it. The government wanted Aaron Swartz to become an informant when they ratcheted up the pressure on him between 2011 and 2013. They didn’t get that information. And his suicide has become a key symbol of the reasons to distrust law enforcement and its ham-handed legal tactics.

Yesterday, Manning tried to kill herself. While the statement released by her lawyers notes that she has a hearing tomorrow on whether she should be freed because no amount of coercion will make her cooperate with the grand jury, the statement is silent about the fact that she was brought before the grand jury yesterday, hours before the suicide attempt.

I know of no account of what happened in that grand jury appearance. But Jeremy Hammond was also brought before the grand jury in advance of a hearing, also on Friday, in a bid to be freed (in Hammond’s case, he’d be released back into federal prison to serve out his sentence for hacking Stratfor). He gave an account of the appearance in an interview yesterday (the part about the grand jury starts after 41:20). Hammond described how, before entering the grand jury, the prosecutor asked whether there was anything the government could do to get him to change his mind about not testifying.

“What could the United States government do that could get you to change your mind and obey the law here? Cause you know” — he basically says — “I know you think you’re doing the honorable thing here, you’re very smart, but Julian Assange, he’s not worth it for you, he’s not worth your sacrifice, you know he’s a Russian spy, you know.”

The questions he was asked in the grand jury were apparently no surprise: the prosecutor asked whether Assange asked Hammond to hack any websites. Hammond describes the questions as the same as were asked in his last appearance, in September. Because Hammond decided to answer in the same way Bartleby the Scrivener answered questions — by saying he preferred not to answer — the prosecutor afterwards tried to chat up Hammond about world literature. He even reminded that Bartleby died in prison. The prosecutor then repeated that Assange is a Russian spy.

He implied that all options are on the table, they could press for — he didn’t say it directly, but he said they could press for criminal contempt. … Then he implies that you could still look like you disobeyed but we could keep it a secret — “nobody has to know I just want to know about Julian Assange … I don’t know why you’re defending this guy, he’s a Russian spy. He fucking helped Trump win the election.”

Hammond asked why Assange wasn’t charged in the 2016 operation, and the prosecutor appears to have responded that the extradition would take a long time. One of the prosecutors reminded Hammond that one of his Anonymous co-defendants was now a professor in the UK. One asked whether Hammond would discuss Sabu, which surprised him. Hammond said that Sabu was the only one who asked him to hack into any websites. The FBI officer in the room pulled out a notebook and started taking notes.

There’s no indication that prosecutors said the same things to Manning as they did to Hammond, though this is the same grand jury and same prosecutors and both are obviously being asked about Assange.

Which means it is likely that hours before Manning attempted to kill herself, prosecutors tried to get her to answer questions about the man she sent entire databases of secrets to by claiming he is a Russian spy. They may well now have evidence of that — but if they used that tack, they were basically asking Manning to testify that the understanding she has of her own actions are entirely wrong and that the sacrifices she made were for a purpose other than the one she believed in.

Sadly, if Hammond is any indication, Manning is also getting a distorted view of the extradition fight over Assange. As I have noted, WikiLeaks supporters are telling at least three outright lies by:

  • Pretending that discussions of a pardon only started in August 2017, in exchange for testimony claiming that Russia didn’t hack the DNC, rather than started well before the FBI investigation into Trump’s campaign was public, as either an implicit or explicit payoff for election assistance
  • Claiming that Mike Pompeo’s designation of WikiLeaks as a non-state hostile intelligence agency was part of the larger attack on the press that formally started four months afterwards and presenting his claim that the First Amendment doesn’t protect someone stealing American secrets solely to destroy America out of context
  • Distorting the timing of UC Global’s increased surveillance of Assange to hide that it followed the Vault 7 publication

These are cynical, transparent lies being spread by a bunch of people claiming to support journalism. Probably, WikiLeaks supporters are also lying about how Assange repeatedly got tipped off to prosecutorial steps against him, presenting that as proof of Trump’s hostility against Assange.

Earlier in yesterday’s interview, Hammond adopted the distorted claim about Pompeo as “proof” that Assange’s prosecution is political and also that Trump has hostility to the guy who helped him get elected. I doubt whether having an accurate understanding of this would have changed Hammond’s decision not to testify, but he does, apparently, believe the lies.

And I doubt whatever prosecutors told Manning yesterday was the sole cause of yesterday’s attempt. Her attorneys had tried unsuccessfully to prevent yesterday’s testimony, which doesn’t make sense in the context of this week’s hearing unless they believed that even appearing before the grand jury would cause Manning a great deal of stress.

I have no idea what Assange’s relationship with Russia is — that’s presumably the entire point of the grand jury. There’s no doubt there were Russians in chat rooms where the Stratfor hack happened and that Assange was in discussions during the hacks. Obviously, Assange played a key role in the 2016 Russian operation as well as efforts after the fact to invent hoaxes to disclaim Russian involvement. And Joshua Schulte expressed (sometimes contradictory) willingness to seek Russian help after he allegedly sent CIA’s hacking tools to WikiLeaks.

But making such claims amid the stress of a grand jury appearance — if they, in fact, did so — isn’t going to help someone who has a history of self-harm.

King Josh in Jail, Part One: The Informant

The testimony on accused Vault 7 leaker Joshua Schulte’s conduct in MCC raised more questions than answers. So I want to do a series of three or four posts to look more closely at it (I’m using the term “King Josh” because it was one of his passwords at the CIA).

In this post I want to look at the jail house informant who is the publicly acknowledged basis by which prosecutors discovered that Schulte had a phone in jail, Carlos Bentances Luna Mera.

Betances is a 41 year old citizen of the Dominican Republic who twice migrated to the US without documentation, the first time in 1996 (he was deported in 2001), and then again around 2008. At some point, Betances married and had children. During both periods, he began to work as a low level cog in narcotics trafficking.

Betances was arrested on March 15, 2018 in conjunction with the trafficking. The only federal complaint unsealed in the docket is for illegal reentry, and in that magistrates docket, proceedings were continued in both April and May 2018, something that would happen if Betances were forgoing indictment and moving directly to a plea. Given his testimony, there must be a sealed criminal docket showing a guilty plea on nine counts covering multiple narcotics trafficking and conspiracy counts, illegal reentry, identity fraud, mail fraud, and taking a phone into jail.

That suggests that Betances flipped almost immediately, perhaps, at first, to cooperate against his network of suppliers. That’s consistent with an answer Betances gave when Schulte’s lawyer, Sabrina Shroff, suggested that cooperation on using a phone in jail, “was the most valuable to the government,” more than on all his narcotics charges. Betances responded, “Well, may I remind you that I had been cooperating before I talked to them?”

According to the testimony, Betances didn’t start spying on Schulte until sometime in summer 2018, at least four months after he was jailed, and didn’t first meet with prosecutors until September 2018. So the public story is that Betances got busted and flipped, managed to play a role in smuggling and hiding phones in jail that put him in a key spot to interact with Schulte and his cellmate, Omar Amanat (I’ll look at Amanat and his brother in the next post), and only after that happened witnessed something that led him to start taking pictures and videos of Schulte’s phone use. That went on for maybe a month before — aware that something big was going to go down in the library — Betances sent a note to the guards, who thwarted it. Some days later, Schulte was thrown in the SHU and a big hunt started for the phones and Schulte’s other activities in jail.

That thing that led Betances to prepare to inform on Schulte (again, per the testimony) is that one day sometime in the summer, Schulte said he wanted Russia’s help.

[W]e were in Chino’s cell [Chino was also part of the cell phone smuggling and sharing network] and I heard Josh saying that Russia had to help in in the things that he was doing.

Here’s how Betances described it on cross (through a translator) to a very dubious Sabrina Shroff:

Shroff: So anyway, it’s you who walks in when Mr. Schulte and Omar are talking, correct?

Betances: Yes, correct.

Shroff: And you walk in to give them a heads-up that somebody’s coming, correct?

Betances: Yes, correct.

Shroff: And just as you walk in, you hear him say the word “Russia,” correct?

Betances: That’s correct, yes.

Shroff: And that’s what prompts fear into you to go cooperate with the United States Attorney’s Office?

Betances: It sounded interesting to me.

Shroff: Right.

Hearing Schulte mention Russia led Betances to do a remarkable amount of surveillance on Schulte’s phones, which he stored for him behind his cell locker.

He took two pictures of the apps Schulte loaded onto the phone, and — per his testimony — got Schulte and Amanat to explain the function of WhatsApp, Signal, Proton Mail, Orbot, Turbo VPN, and Secure Delete. Betances also got pictures of the things Schulte was writing on his phone, including the initial emails to Shane Harris that would form part of the basis for the Espionage Act charges on which the jury was hung.

He took several videos of Schulte using his phone.

After having taken these pictures on September 1, Betances waited around three weeks before he alerted the guards that something big was going down in the library, and then was removed from MCC when guards found at least some of these phones in his cell.

Shroff: And before you decided to cooperate, you simply decided to take photos, is that your testimony?

Betances: Just to be clear with the defense attorney’s question in deciding to cooperate, when they were working on sending whatever they were going to send from the library, that’s when I decided to cooperate.

Shroff: My only question was when did you take this photograph?

Betances: In the summer of 2018.

Shroff: Right. Months before you’re now saying that you decided to cooperate, right?

Betances: Could you repeat that question? You confused me.

Shroff: You took the photo before you decided to cooperate, according to you, correct?

Betances: Yes, yes.

Shroff: Right. And you’re saying you just decided to take these photos for no reason at all, right?

Betances: May I remind you that the reason I took it was because I head the conversation that I heard?

According to his testimony on redirect, Betances did all this without government instruction.

Karamarju: Now, all of the photographs that you testified about, did the government tell you to take any of those photographs?

Betances: No.

The remarkable coincidence that a jailhouse informant would end up first smuggling in and then guarding her client’s illegal phones and then taking pictures from them is not the only thing Shroff was skeptical about. She also doubted the circumstances by which Betances exposed his wife to the risk of smuggling phones into jail as well as his ability — with little English — to figure out what Schulte was doing, to the extent he did.

Still, all that is explicable if Betances’ attorney negotiated a plea deal with narcotics prosecutors and the attorney coached Betances through how to dramatically increase the value of his cooperation by catching Joshua Schulte attempting to leak classified information from his jail cell.

Betances’ surveillance was critical to obtaining the jail warrants that would lead to the discovery of Schulte’s very damning prison notebooks, several phones, three of the Proton Mail accounts he was using, and his Signal traffic. And that’s just what prosecutors revealed in this case.

Betances met with prosecutors in Schulte’s case a bunch of times: first in September 2018, then October and December 2018, several times in 2019, and then perhaps five times in 2019.

None of that means Betances made this stuff up. He certainly doesn’t have the English skills to write those emails to Shane Harris. And while the evidence regarding Schulte’s comments about Russia are contradictory, there is corroboration for it.

But it does present a number of remarkable coincidences that just ended up providing Schulte the means to communicate “securely” from his jail cell, only to have that activity thwarted at the moment he attempted to act.

When Julian Assange Testified before a Nation-State Investigation of a Suspected Spy…

Back on December 20, 2019, Julian Assange testified in a nation-state’s investigation of someone suspected of spying for another nation-state. He testified pursuant to international legal process that got challenged on jurisdictional grounds, but ultimately upheld. While El País provided a report of his testimony, the testimony itself was not open to the press.

As he testified, Chelsea Manning and Jeremy Hammond sat in jail in Alexandria, VA, being held in contempt for refusing to testify, under a grant of immunity, in their own nation-state’s investigation of someone suspected of working with the intelligence services of another nation-state. Related charges are being challenged on jurisdictional issues. Manning, at least, claims she won’t testify because any hearing — like the one Assange testified in — would not be public. Tomorrow, prosecutors in EDVA will bring Manning before the grand jury again, in a third attempt to get her to testify before a hearing on Friday over her motion to be released based on an assertion the coercion of contempt will never bring her to testify.

This is just one irony about the way WikiLeaks supporters are treating the investigation of David Morales, the owner of a security contractor that provided the security for Ecuador’s embassy until 2018. Morales is accused of spying for the CIA — that is, spying for a third country’s intelligence service.

There are some problems or obvious alternative explanations for the accusations against Morales, but even assuming the allegations are true, there is little that separates what Morales would have done from what Assange did on at least one occasion: work as a willing participant in a third country’s intelligence service operation compromising the privacy of private citizens. Indeed, there are allegations of Russian involvement in two other WikiLeaks-related publications: there were Russians active in Stratfor hack chat rooms, and Joshua Schulte allegedly expressed an interest in Russian help (though the allegations are contradictory and post-date the initial leak to WikiLeaks, which I’ll return to).

You might argue that Morales’ surveillance of Assange — on whoever’s authority — constituted a far more serious privacy violation than those WikiLeaks has committed by publishing the private emails of John Podesta and the private information of Turkish, Saudi, and third party citizens. That might be true in first instance, but since some of the people exposed by WikiLeaks’ publications live in authoritarian countries, the secondary effects of WikiLeaks’ publication of details about private individuals might not be.

(I have heard, directly and indirectly, multiple consistent allegations about WikiLeaks itself engaging in practices that constitute privacy violations of the sort implicated by the surveillance of Assange, but it would take a law enforcement investigation to substantiate such claims, most of the affected parties would never want to involve law enforcement, and some investigations would be barred by privilege protections.)

Ultimately, though, Spain’s investigation into UC Global is the same thing the US investigation into WikiLeaks is: a properly predicated nation-state investigation into someone suspected of engaging in espionage-related activities with a foreign intelligence service. There are legitimate reasons why those who respect privacy might support both investigations.

WikiLeaks supporters might argue that it’s different because it’s the United States. That’s a perfectly justifiable stance, but if it’s the basis of supporting one investigation and another, should be admitted explicitly. WikiLeaks supporters might argue it’s different because Assange is the alleged victim, but that doesn’t change that there are victims (and not just spy agencies) that the US is trying to protect with its investigation.

Manning and Hammond say they are refusing to testify because they object to American grand jury practices. That amounts to civil disobedience, which is certainly their prerogative. They are paying a steep price for that civil disobedience (as both already paid with their decisions not to cooperate after pleading guilty). But when WikiLeaks supporters complain about the treatment Manning is suffering for her stance, they might think about the fact that — when it came to testifying in an equivalent inquiry — Julian Assange had none of the objections to testifying.

Judge Crotty Declares a Mistrial in Joshua Schulte Case

This morning, Judge Paul Crotty declared a mistrial in the Joshua Schulte case. Jurors found Schulte guilty on the two least serious charges — false statements and contempt — but didn’t even find him guilty of obstruction, to say nothing of the Espionage and CFAA charges tied to his alleged theft of the CIA’s hacking tools. A sentence on those two charges would not even amount to the time he has already served since being jailed in December 2018.

This is an absolutely stunning rebuke for the government on the most serious Espionage case in years, and an unbelievable success for Schulte’s lawyers, especially Sabrina Shroff.

The two sides will have a conference on March 26 to decide what to do. The government will certainly push to retry Schulte; Sabrina Shroff asked for an extended deadline to file motions. She may try to do something further about the government’s late notice that Michael, a key witness, got put on paid leave last August (though the government has argued compellingly that Michael’s underlying lack of candor has been noticed to the defense throughout). She also may make yet another bid to get more access to the forensics, something I’ve argued that the government should have permitted in the first place.

That said, I think the government’s failure in this case stemmed largely from too much focus on the CIA and too little focus on the (abundant) evidence against Schulte. In addition, they do not appear to have shown — via the abundant evidence available to them — that Schulte is a compulsive liar, and that exhibits that show Schulte offering alternate theories of the theft all fall flat.

Plus, there were problems with two jurors, problems that I think Judge Crotty did not adequately manage.

That is, I think the government can learn from its failures in this case. I wouldn’t be surprised, either, if the vaunted SDNY is forced to add a cybersecurity prosecutor to their team, to ensure that the forensic case is presented more clearly to jurors.

I highly doubt Schulte can pull this off a second time. If he can, it will be a remarkable comment on the government’s ability to obtain justice against insider threats.

How the Wyden/Khanna Espionage Act Fix Works (But Not for Julian Assange)

Last week, Ron Wyden and Ro Khanna released a bill that they say will eliminate much of the risk of prosecution that people without clearance would face under they Espionage Act. They claim the bill would limit the risk that:

  • Whistleblowers won’t be able to share information with appropriate authorities
  • Those appropriate authorities (including Congress) won’t be able to do anything with that information
  • National security journalists will be prosecuted for publishing classified information
  • Security researchers will be prosecuted for identifying and publishing vulnerabilities

I want to look at how the bill would do that. But I want to do so against the background of claims about how the bill would affect the ability to prosecute Julian Assange.

After explaining that under the bill Edward Snowden could still be prosecuted, the summary of the bill states in no uncertain terms that the government could still prosecute Julian Assange under the bill.

Q: How would this bill impact the government’s prosecution of Julian Assange?

A: The government would still be able to prosecute Julian Assange.

It doesn’t say how, but immediately after that question, it explains that the government could still prosecute hackers who steal government secrets.

Q: What about hackers who break into government systems and steal our secrets?

A: The Espionage Act is not necessary to punish hackers who break into U.S. government systems. Congress included a special espionage offense (U.S.C § 1030(a)(1)) in the Computer Fraud and Abuse Act, which specifically criminalizes this.

Khanna, in an interview with The Intercept, seems to confirm that explanation — that Assange could still be prosecuted under CFAA.

Khanna told The Intercept that the new bill wouldn’t stop the prosecution of Assange for his alleged role in hacking a government computer system, but would make it impossible for the government to use the Espionage Act to charge anyone solely for publishing classified information.

Indeed, that is sort of what Charge 18 against Assange is, conspiracy to commit computer intrusion, though, as written, it invokes the Espionage Act and theft of government secrets as part of the conspiracy (the Wyden/Khanna bill would limit the theft of government property bill in useful ways). Never mind that as charged it’s a weak charge for evidentiary reasons (though that may change in Assange’s May extradition hearing); it would still be available, if not provable given existing charged facts, under this bill.

But given the claims the US government makes about Assange, that may not be the only way he could be prosecuted under this bill. That’s because the bill works in two ways: first, by generally limiting its application to “covered persons,” who are people who’ve been authorized to access classified or national defense information by an Original Classification Authority. Then, it defines “foreign agent” using the definition in FISA (though carving out foreign political organizations) and says that anyone who is not a foreign agent “shall not be subject to prosecution” under the Espionage Act unless they commit a felony under the act — by aiding, abetting, or conspiring in the act — or pays for the information and wants to harm the US. The bill further carves out providing advice (for example, on operational security) or an electronic communication or remote computing service (such as a secure drop box) to the public.

So:

  • If you don’t have clearance or are sharing information not obtained illegally or via your clearance and
  • If you aren’t an agent of a foreign power and
  • If you’re not otherwise paying for, conspiring or aiding and abetting in some way beyond offering operational security and drop boxes with the specific intent to harm the US or help another government

Then you shouldn’t be prosecuted under the Espionage Act.

Below, I’ve written up how 18 USC §793 and 18 USC §798 would change under the bill, with changes italicized (18 USC §794 already includes the foreign government language added by this bill so would not change).

In the wake of the 2016 election operation, where Julian Assange helped a Russian operation hiding behind thin denials, Assange might well meet the definition of “foreign agent.” Three of WikiLeaks’ operations — the Stratfor hack (in which Russians were involved in the chat rooms), the 2016 election year operation, and Vault 7 (in which Joshua Schulte, between the initial leak and the alleged attempts to leak from jail, evinced an interest in Russia’s help) — involved some Russian activity.

And it’s not clear how Congress’ resolution — passed in last year’s NDAA — that WikiLeaks is a non-state hostile intelligence service often abetted by state actors would affect Assange’s potential treatment as a foreign agent.

It is the sense of Congress that WikiLeaks and the senior leadership of WikiLeaks resemble a nonstate hostile intelligence service often abetted by state actors and should be treated as such a service by the United States.

But even with all the new protections for those who don’t have clearance, this bill specifically envisions applying it to someone like Assange. That’s because it explicitly incorporates aiding and abetting (18 USC § 2) — which is how Assange is currently charged in Counts 2-14 — as well as accessory after the fact (18 USC § 3), and misprison of a felony (18 USC § 4) into the bill. That’s on top of the conspiracy to commit an offense against the US (18 USC § 371), which is already implicitly incorporated in 18 USC § 793(g), which is Count 1 in the Assange indictment. Arguably, explicitly adding the accessory after the fact and misprison of a felony would make it easier to prosecute Assange for assistance that WikiLeaks and associated entities routinely provide sources after the fact, such as publicity and legal representation, to say nothing of the help that Sarah Harrison gave Edward Snowden to flee to Russia.

And those charges don’t require someone formally fit the definition of agent of a foreign power so long as the person has “the specific intent to harm the national security of the United States or benefit any foreign government to the detriment of the United States.” (I’ve bolded this language below.) That’s a mens rea requirement that might otherwise be hard to meet — but not in the case of Assange, even before you get into any non-public statements the US government might have in hand.

This is a bill from Ron Wyden, remember. Back in 2017, when he first spoke out when SSCI first moved to declare WikiLeaks a non-state hostile intelligence service, he expressed concerns about the lack of clarity in such a designation.

I have reservations about Section 623, which establishes a Sense of Congress that WikiLeaks and the senior leadership of WikiLeaks resemble a non-state hostile intelligence service. The Committee’s bill offers no definition of “non-state hostile intelligence service” to clarify what this term is and is not. Section 623 also directs the United States to treat WikiLeaks as such a service, without offering further clarity.

To be clear, I am no supporter of WikiLeaks, and believe that the organization and its leadership have done considerable harm to this country. This issue needs to be addressed. However, the ambiguity in the bill is dangerous because it fails to draw a bright line between WikiLeaks and legitimate journalistic organizations that play a vital role in our democracy.

I supported efforts to remove this language in Committee and look forward to working with my colleagues as the bill proceeds to address my concerns.

While this bill does much to protect journalists (and in a way that doesn’t create a special class for journalists or InfoSec researchers that would violate the First Amendment), it provides the clarity that would enable charging Assange, even for things he did after the fact to encourage leakers.

Update: Two more points on this. First, as I understand it, the explicit references to 18 USC §§ 2-4 are designed to protect reporters, meaning the protections apply to those as well.

I also meant to note that the way this bill is written — which is clearly meant to allow for prosecution of people working at state-owned media outlets (Russia, China, and Iran all use their outlets as cover for spies) — would then by design not protect reporters at the BBC or Al Jazeera, both of which have done reporting on stories implicating US classified information in the past.


18 USC § 793

(a) Whoever, for the purpose of obtaining information respecting the national defense with intent or reason to believe that the information is to be used to the injury of the United States, or to the advantage of any foreign nation, goes upon, enters, flies over, or otherwise unlawfully obtains nonpublic information concerning any vessel, aircraft, work of defense, navy yard, naval station, submarine base, fueling station, fort, battery, torpedo station, dockyard, canal, railroad, arsenal, camp, factory, mine, telegraph, telephone, wireless, or signal station, building, office, research laboratory or station or other place connected with the national defense owned or constructed, or in progress of construction by the United States or under the control of the United States, or of any of its officers, departments, or agencies, or within the exclusive jurisdiction of the United States, or any place in which any vessel, aircraft, arms, munitions, or other materials or instruments for use in time of war are being made, prepared, repaired, stored, or are the subject of research or development, under any contract or agreement with the United States, or any department or agency thereof, or with any person on behalf of the United States, or otherwise on behalf of the United States, or any prohibited place so designated by the President by proclamation in time of war or in case of national emergency in which anything for the use of the Army, Navy, or Air Force is being prepared or constructed or stored, information as to which prohibited place the President has determined would be prejudicial to the national defense; or

(b) An individual who, while a covered person, for the purpose aforesaid, and with like intent or reason to believe, copies, takes, makes, or obtains, or attempts to copy, take, make, or obtain, any sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, document, writing, or note of anything connected with the national defense; or

(c) A foreign agent who, for the purpose aforesaid, and with like intent or reason to believe, receives or obtains or agrees or attempts to receive or obtain from any person, or from any source whatever, any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note, of anything connected with the national defense, knowing or having reason to believe, at the time the foreign agent receives or obtains, or agrees or attempts to receive or obtain it, that it has been or will be obtained, taken, made, or disposed of by any person contrary to the provisions of this chapter; or

(d) Whoever, lawfully having possession of, access to, control over, or being entrusted with any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note, or information relating to the national defense, which document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, note, or information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits or causes to be communicated, delivered, or transmitted or attempts to communicate, deliver, transmit or cause to be communicated, delivered or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it on demand to the officer or employee of the United States entitled to receive it; or

(e) An individual who—

(1) while a covered person, gains unauthorized possession of, access to, or control over any non public document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note of anything connected with the national defense; and

(2)(A) with reason to believe such information could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit, or cause to be communicated, delivered, or transmitted, the same to any person not entitled to receive it; or

(B) willfully—

(i) retains the same at an unauthorized location; and

(ii) fails to deliver the same to the officer or employee of the United States entitled to receive it; or’

(f) Whoever, being entrusted with or having lawful possession or control of any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance,  (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed, and fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer—

Shall be fined under this title or imprisoned not more than ten years, or both.

(g)(1) A foreign agent who—

(A) aids, abets, counsels, commands, induces, or procures the commission of an offense under this section shall be subject to prosecution under this section by virtue of section 2 of this title;

(B) knowing that an offense under this section has been committed by another person, receives, relieves, comforts, or assists such other person in order to hinder or prevent the apprehension, trial, or punishment of such other person shall be subject to prosecution under section 3 of this title;

(C) having knowledge of the actual commission of an offense under this section, conceals and does not as soon as possible make known the same to some judge or other person in civil or military authority under the United States shall be subject to prosecution under section 4 of this title; or

(D) conspires to commit an offense under this section shall be subject to prosecution under section 371 of this title.

(2) Any person who is not a foreign agent shall not be subject to prosecution under this section by virtue of section 2 of this title or under section 3, 4, or 371 of this 7 title, unless the person—

(A) commits a felony under Federal law in the course of committing an offense under this section (by virtue of section 2 of this title) or under section 3, 4, or 371 of this title;

(B) was a covered person at the time of the 13 offense; or

(C) subject to paragraph (3), directly and materially aids, or procures in exchange for anything of monetary value, the commission of an offense under this section with the specific intent to—

(i) harm the national security of the United States; or

(ii) benefit any foreign government to the detriment of the United States.

(3) Paragraph (2)(C) shall not apply to direct and material aid that consists of—

(A) counseling, education, or other speech activity; or

(B) providing an electronic communication service to the public or a remote computing service (as such terms are defined in section 2510 and 2711, respectively).

(h)

(1)Any person convicted of a violation of this section shall forfeit to the United States, irrespective of any provision of State law, any property constituting, or derived from, any proceeds the person obtained, directly or indirectly, from any foreign government, or any faction or party or military or naval force within a foreign country, whether recognized or unrecognized by the United States, as the result of such violation. For the purposes of this subsection, the term “State” includes a State of the United States, the District of Columbia, and any commonwealth, territory, or possession of the United States.

(2)The court, in imposing sentence on a defendant for a conviction of a violation of this section, shall order that the defendant forfeit to the United States all property described in paragraph (1) of this subsection.

(3)The provisions of subsections (b), (c), and (e) through (p) of section 413 of the Comprehensive Drug Abuse Prevention and Control Act of 1970 (21 U.S.C. 853(b), (c), and (e)–(p)) shall apply to—

(A)property subject to forfeiture under this subsection;

(B)any seizure or disposition of such property; and

(C)any administrative or judicial proceeding in relation to such property, if not inconsistent with this subsection.

(4)Notwithstanding section 524(c) of title 28, there shall be deposited in the Crime Victims Fund in the Treasury all amounts from the forfeiture of property under this subsection remaining after the payment of expenses for forfeiture and sale authorized by law.

(i) In this section—

(1) the term “covered person” means an individual who—

(A) receives official access to classified information granted by the United States Government;

(B) signs a nondisclosure agreement with regard to such classified information; and

(C) is authorized to receive documents, writings, code books, signal books, sketches, photographs, photographic negatives, blueprints, plans, maps, models, instruments, appliances, or notes of anything connected with the national defense by—

(i) by the President; or

(ii) the head of a department or agency of the United States Government which is expressly designated by the President to engage in activities relating to the national defense; and

(2) the term “foreign agent”—

(A) has the meaning given the term “agent of a foreign power” under section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801); and

(B) does not include a person who is an agent of a foreign power (as so defined) with respect to a foreign power described in section 101(a)(5) of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801(a)(5)).

18 USC §798

(a)Any individual who knowingly and willfully communicates, furnishes, transmits, or otherwise makes available to an unauthorized person, or publishes, or uses in any manner prejudicial to the safety or interest of the United States or for the benefit of any foreign government to the detriment of the United States any classified information obtained by the individual while the individual was a covered person and acting within the scope of his or her activities as a covered person

(1) concerning the nature, preparation, or use of any code, cipher, or cryptographic system of the United States or any foreign government; or

(2) concerning the design, construction, use, maintenance, or repair of any device, apparatus, or appliance used or prepared or planned for use by the United States or any foreign government for cryptographic or communication intelligence purposes; or

(3) concerning the communication intelligence activities of the United States or any foreign government; or

(4) obtained by the processes of communication intelligence from the communications of any foreign government, knowing the same to have been obtained by such processes—

Shall be fined under this title or imprisoned not more than ten years, or both.

(b)As used in subsection (a) of this section:

(1) The term ‘classified information’—

(A) means information which, at the time of a violation of this section, is known to the person violating this section to be, for reasons of national security, specifically designated by a United States Government Agency for limited or restricted dissemination or distribution and;

(B) does not include any information that is specifically designated as ‘Unclassified’ under any Executive Order, Act of Congress, or action by a committee of Congress in accordance with the rules of its House of Congress.

(2) The terms ‘code’, ‘cipher’, and ‘cryptographic system’ include in their meanings, in addition to their usual meanings, any method of secret writing and any mechanical or electrical device or method used for the purpose of disguising or concealing the contents, significance, or meanings of communications.

(3) The term “communication intelligence” means all procedures and methods used in the interception of communications and the obtaining of information from such communications by other than the intended recipients.

(4) The term ‘covered person’ means an individual who—

(A) receives official access to classified information granted by the United States Government;

(B) signs a nondisclosure agreement with regard to such classified information; and

(C) is authorized to receive information of the categories set forth in subsection (a) of this section—

(i) by the President; or

(ii) the head of a department or agency of the United States Government which is expressly designated by the President to engage in communication intelligence activities for the United States

(5) The term “foreign government” includes in its meaning any person or persons acting or purporting to act for or on behalf of any faction, party, department, agency, bureau, or military force of or within a foreign country, or for or on behalf of any government or any person or persons purporting to act as a government within a foreign country, whether or not such government is recognized by the United States.

(6) The term “unauthorized person” means any person who, or agency which, is not authorized to receive information of the categories set forth in sub10 section (a) of this section by—

(A) the President;

(B) the head of a department or agency of the United States Government which is expressly designated by the President to engage in communication intelligence activities for the United States; or

(C) an Act of Congress.

(c)Nothing in this section shall prohibit the furnishing of information to—

(1) any Member of the Senate or the House of Representatives;

(2) a Federal court, in accordance with such procedures as the court may establish;

(3) the inspector general of an element of the intelligence community (as defined in section 3 of the National Security Act of 1947 (50 U.S.C. 3003)), including the Inspector General of the Intelligence Community;

(4) the Chairman or a member of the Privacy and Civil Liberties Oversight Board or any employee of the Board designated by the Board, in accordance with such procedures as the Board may establish;

(5) the Chairman or a commissioner of the Federal Trade Commission or any employee of the Commission designated by the Commission, in accordance with such procedures as the Commission may establish;

(6) the Chairman or a commissioner of the Federal Communications Commission or any employee of the Commission designated by the Com2 mission, in accordance with such procedures as the Commission may establish; or

(7) any other person or entity authorized to receive disclosures containing classified information pursuant to any applicable law, regulation, or executive order regarding the protection of whistleblowers.

(d)

(1) In this subsection, the term ‘foreign agent’—

(A) has the meaning given the term “agent of a foreign power” under section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801); and

(B) does not include a person who is an agent of a foreign power (as so defined) with respect to a foreign power described in section 101(a)(5) of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801(a)(5)).

(2) A foreign agent who—

(A) aids, abets, counsels, commands, induces, or procures the commission of an offense under this section shall be subject to prosecution under this section by virtue of section 2 of this title;

(B) knowing that an offense under this section has been committed by another person, receives, relieves, comforts, or assists such other person in order to hinder or prevent the apprehension, trial, or punishment of such other person shall be subject to prosecution under section 3 of this title;

(C) having knowledge of the actual commission of an offense under this section, conceals and does not as soon as possible make known the same to some judge or other person in civil or military authority under the United States shall be subject to  prosecution under section 4 of this title; or

(D) conspires to commit an offense under this section shall be subject to prosecution under section 371 of this title.

(3) Any person who is not a foreign agent shall not be subject to prosecution under this section by virtue of section 2 of this title or under section 3, 4, or 371 of this title, unless the person—

(A) commits a felony under Federal law in the course of committing an offense under this section (by virtue of section 2 of this title) or under section 3, 4, or 371 of this title;

(B) was a covered person at the time of the offense; or

(C) subject to paragraph (4), directly and materially aids, or procures in exchange for anything of monetary value, the commission of an offense under this section with the specific intent to—

(i) harm the national security of the United States; or

(ii) benefit any foreign government to the detriment of the United States.

(4) Paragraph (3)(C) shall not apply to direct and material aid that consists of—

(A) counseling, education, or other speech activity; or

(B) providing an electronic communication service to the public or a remote computing service (as such terms are defined in section 2510 and 2711, respectively)

(e)

(1)Any person convicted of a violation of this section shall forfeit to the United States irrespective of any provision of State law—

(A)any property constituting, or derived from, any proceeds the person obtained, directly or indirectly, as the result of such violation; and

(B)any of the person’s property used, or intended to be used, in any manner or part, to commit, or to facilitate the commission of, such violation.

(2)The court, in imposing sentence on a defendant for a conviction of a violation of this section, shall order that the defendant forfeit to the United States all property described in paragraph (1).

(3)Except as provided in paragraph (4), the provisions of subsections (b), (c), and (e) through (p) of section 413 of the Comprehensive Drug Abuse Prevention and Control Act of 1970 (21 U.S.C. 853(b), (c), and (e)–(p)), shall apply to

(A)property subject to forfeiture under this subsection;

(B)any seizure or disposition of such property; and

(C)any administrative or judicial proceeding in relation to such property,
if not inconsistent with this subsection.

(4)Notwithstanding section 524(c) of title 28, there shall be deposited in the Crime Victims Fund established under section 1402 of the Victims of Crime Act of 1984 (42 U.S.C. 10601) [1] all amounts from the forfeiture of property under this subsection remaining after the payment of expenses for forfeiture and sale authorized by law.

(5)As used in this subsection, the term “State” means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any territory or possession of the United States.

20 Questions (Plus 5): The Joshua Schulte Jury Is Lost, Possibly Hopelessly

According to InnerCity Press (virtually the only press covering the Schulte verdict watch), by end of day today the jurors had sent out 25 notes, most questions but also problems with two of the jurors. At the end of the day they told the Court they “aligned” on two of the charges, but were at an impasse on the other. Given that there’s slam dunk evidence that he committed the least serious crimes (false statements and contempt), that suggests at least some members of the jury have reasonable doubt that the guy who wrote a virtual signed confession to committing the most damaging leak in CIA history actually did so.

I wanted to collect the known questions from jurors to give a sense of what issues have driven this uncertainty.

Note 1: A request for a summary of exhibits

Note 2: A request for a transcript of the testimony of David, a CIA Sysadmin, particularly as regards what jurors may have mislabeled 1209-8 (David testified about Schulte’s failed attempt to access Altabackups with regards to exhibit 1202-8).

Note 3 asked 7 questions:

  1. What is included in Count Three? We aren’t sure what the purview is — articles, search warrants, tweets? This pertains to the Espionage Charge tied to posting classified information in one of his diaries, sending a diagram of CIA’s servers to WaPo reporter Shane Harris, and planning to reveal details about how a CIA hacking tool, Bartender, was used in the field (which certainly would expose CIA officers, and probably NOCs).
  2. In 2015, when DevLAN went down, was Schulte called to fix the problem? How did he fix it? Schulte’s lawyer, Sabrina Shroff, had made much of the fact that when Schulte was at a conference he got called about DevLAN going down. It’s not directly related to any of his charges.
  3. Can you please reread what was found on Schulte’s home computer? This would have focused on deleted materials (and the lack of classified information), but given that Juror 5 almost certainly knew about the child porn allegations and there was a focus on Schulte’s hosting of movies, this may have been what they were looking for.
  4. Did GX 809 reference Schulte’s taking a drug (“took my last piece”)? If so, what was it? Was it regular use? This refers to part of one page of his prison notebook in which he discusses  taking his “last piece” and envisioning himself as a Cardinal. It is entirely unrelated to his charges.
  5. Is it confirmed that Schulte’s been diagnosed with Aspergers Syndrome? One of the very senior CIA managers suggested to another that Schulte might have Asperbergers. It is entirely unrelated to his charges.
  6. For Count One, is Altabackups inclusive of Brutal Kangaroo? Is it inclusive of OSB libraries? The backup that Schulte is alleged to have stolen included both the libraries (which were not leaked) and Brutal Kangaroo (materials on which were leaked), but it included far more, but the parties did not answer this because they weren’t sure whether this was a network question or a charging one.
  7. Where were OSB libraries housed/where did they live? They were part of Stash.

Note Four: Can we please have simplified badge times/formats for Schulte on 4/20/16 in a format similar to GX 115. One piece of evidence that Schulte did the reversion during which the backup sent to WikiLeaks was stolen was that he was the only one in his SCIF with his computer during the time the commands doing the reversion were entered into it. The badge records would show that. Jurors did get simplified badge records.

Note Five: In Exhibit GX 107, what does lock/unlock computer mean in columns Source and Type? Is the computer locking itself? What is someone unlocking? This pertains to something tracked on CIA badge records and was not explained in testimony.

Note Six includes four questions:

  1. Is there evidence that April 18 and 20 were the only two times in 2016 that Schulte left the vault last? April 18, the day Schulte allegedly conducted reconnaissance on the backup files, and April 20, the day he allegedly stole him were the only two days he was the last person in his SCIF at RDB (the time period for which may include just the last seven months he worked at CIA).
  2. What does mount the Altabackups mean? This refers to how the CIA networks were set up, and Schulte’s role in doing that.
  3. What does create data store mean? This pertains to testimony about one attempt Schulte made to regain access to files he had been booted from.
  4. When someone logs out of a virtual machine, what happens to the log files from that session? There was no testimony on this point (jurors likely asked it to try to assess whether Schulte’s buddy Michael could have stolen the files).

Note Seven (Exhibits 16-17, I think) asked for the transcripts of Michael Berger (the FBI forensics expert who presented evidence of Schulte’s efforts to wipe evidence at home) and Michael (Schulte’s buddy who took a screen cap of him deleting logs).

Note Eight: Jurors complained that one of the jurors, Juror 4, was not deliberating with the rest of the jury and coming in late.

Note Nine included two questions:

  1. Can we please have testimony from Richard Evanchec. Evanchec is one of the FBI agents that interviewed Schulte and searched his home, and so is central to the false statements charges.
  2. What testimonies covered GX 1305-8 and GX 1305-9. Can we please have transcripts about that. These are Schulte’s Google records, which Evanchec also testified about.

Note Ten: Juror five has prior information, probably including details of Schulte’s child porn charges. She also looked up one of the lawyers. It became clear in a later sidebar that this is the juror who had said something inappropriate to another juror, possibly about deliberations, on February 13, during the trial.

Note Eleven included two questions:

  1. What happened to Schulte’s computers and workstation after he went to Bloomberg (after November 10)? This is likely a question testing a theory about whether someone — possibly Michael? — could have altered logs on Schulte’s computer after he left on November 10, 2016.
  2. When and where was Rufus’s SSH key found? Was it found in the home directory or was it found forensically? Schulte had stored the key of someone, Rufus, who had had Admin access but left, on his home directory. He used it when he was deleting logs on April 20. Sabrina Shroff had gotten one witness to testify that it was very easy to access other people’s home drives, so this is likely another effort to test an alternate culprit theory.

There were two more questions today (which I’ll update on Monday when that transcript is released):

  • Something about the CFAA charge, suggesting jurors are not treating the reversion as a hack, but might be treating Schulte booting his colleague off Brutal Kangaroo as one.
  • Something about unanimity on charges, possibly relating to the leaks from jail.

And then jurors told the court that they’re only in agreement on two charges, but stuck on the others.

For the reasons I laid out here — as well as the two problem jurors — I’m not surprised about that. And given the questions, it seems clear that the extended focus on Schulte’s employment disputes at the CIA made at least some of the jurors sympathetic to the idea that someone at CIA framed Schulte. Keep in mind, too, that Schulte adopted the moniker Jason Bourne in prison, so he fed that idea. And — as Shroff noted in her close — there was no good reason to focus on the continued employment disputes that extended two months after Schulte allegedly stole the files.

When the CIA puts its formers on trial, in my opinion, it believes the general population will be as outraged by a violation of CIA’s sacred trust as they themselves are. That may be why prosecutors aired that entire nasty employment dispute. But that’s generally not the case outside of EDVA, especially not in SDNY.

Between that, and the forensic complexity of this case, it appears the jury is lost.

Reminder; Calyx Institute and other donors sprung for the transcripts of this trial.

The Joshua Schulte Jury Is Falling Apart

Even before Judge Paul Crotty dismissed a juror today for reading outside information and sharing it with another juror, it was clear that the jury was a mess. Going all the way back to February 13, a juror had said something to another juror that concerned him.

THE COURT: Okay. I got a note from a juror, and it deals with an incident that occurred on Thursday late in the day. He then left the courthouse. We asked him to put the report that he made to David on Thursday in writing, which he did on Tuesday morning. This is the note. I’m going to mark it as Court Exhibit 1. I made copies. So I don’t think we can resolve this now. But I wanted to call it to your attention right away.

[snip]

MS. SHROFF: It’s her belief. She’s not saying she can’t be impartial. She’s not deliberated. She’s voicing an opinion. And she also notes that that was a different — I mean, she’s saying she is a different kind of citizen. That’s what we want. A jury of peers.

Judge Crotty discussed that incident with the two sides on February 19.

Then, on the first day of deliberations Tuesday, the jurors sent a bunch of notes, including one with seven questions, several of them (the questions about the DevLAN outage, drugs, and Aspergers) entirely unrelated to Schulte’s guilt or innocence:

Message: What is included in Count Three? We aren’t sure what the purview is — articles, search warrants, tweets? (2) In 2015, when DevLAN went down, was Schulte called to fix the problem? How did he fix it? (3) Can you please reread what was found on Schulte’s home computer? (4) Did GX 809 reference Schulte’s taking a drug (“took my last piece”)? If so, what was it? Was it regular use? (5) Is it confirmed that Schulte’s been diagnosed with Aspergers Syndrome? (6) For Count One, is Altabackups inclusive of Brutal Kangaroo? Is it inclusive of OSB libraries? (7) Where were OSB libraries housed/where did they live?

While a number of the questions made sense, it was also clear that the jurors are confused about the forensic evidence, including multiple threads of evidence that show Schulte was at his computer typing in the commands that reverted the backup on the date the files were stolen.

But today, according to a note from Schulte’s lawyers, Juror 1 told the Court that Juror 5 had shared outside information with him.

The defense respectfully requests that the Court halt jury deliberations temporarily and conduct an individual voir dire of jurors 2–11 to ensure that they were not exposed to prejudicial extra-record information from former Juror 5. Such an inquiry is necessary because the Court currently only has the information received in the robing room from Juror 1 and former Juror 5.

The juror who got booted spoke to the press. She seems to believe Schulte did restore his own access to certain files (given her description, she seems focused on Brutal Kangaroo), but does not believe he is guilty of the most serious charges.

“Was he a naughty boy? Yes,” Wiesenberg said. “But did he do the final click? I don’t have evidence. I want solid proof that I wasn’t given by the parties. I don’t think he did it — the most serious charges.”

[snip]

The five-week trial established that Schulte improperly reinstated his administrative privileges to access secret information he’d been told to stay away from, according to Wiesenberg, who lives in the West Village.

“He felt entitled. This was his tool — he created it,” Wiesenberg said, referring to some of the hacking tools. But that didn’t make Schulte guilty of the most serious of 11 charged counts, she added.

Note that, given how little coverage of this case there has been, she probably would have had to go looking for outside information.

In their close, prosecutors didn’t point jurors to where, in the pile of evidence they’ve been presented over the last month, the details are that might prove each of the charges against Schulte (the evidence is there, but it’s highly technical). It’s unsurprising they’re confused. And now Schulte’s lawyers want to know what other outside information on the trial has gotten into jurors.

Update: The booted juror told they Post there are others who doubt Schulte’s guilt on the most serious charges.

Wiesenberg said the Schutle jury is divided, with people like her who believe the former CIA programmer to be not guilty of the worst leak in the spy agency’s history.

It’s Easy to [Claim to] Attribute Hacks to CIA after a One Month Trial on CIA’s Tools

Yesterday, closing arguments and charging instructions in the Joshua Schulte trial were presented to the jury. As I’ve noted, I think the evidence against Schulte is quite compelling, but several things have weakened the government’s case. The transcripts for the closing arguments (which will come out tonight) may provide a better sense of how strong the case is. Otherwise, we wait on the jury.

But at least one Chinese InfoSec company is not waiting. One firm just released a report claiming to ID a number of CIA’s hacking campaigns against Chinese targets, which it dubs APT-C-39. It explicitly relies on the trial record (though not the most interesting details of it, and some of the details revealed at trial seem to conflict with this report).

Proficient in the design and development of cyber weapons and possessing knowledge of intelligence operations, Joshua became one of the core backbones of the CIA’s many important hacking tools, including a key cyber weapon – Vault 7.

In 2016, Joshua took advantage of his admin privilege of the core machine room and a preset backdoor to steal the classified documents of Vault 7 and disclosed to WikiLeaks, which was published on Wikileaks website in 2017.

In 2018, Joshua was arrested and prosecuted by the U.S. Department of Justice for the Vault 7 leaks. On February 4, 2020, at a public hearing in the federal court, the federal prosecutor alleged that Joshua, as the core developer and the person in charge of the highest administrator authority of its internal arsenal, has committed “the single biggest leak of classified national defense information in the history of CIA”by disclosing the agency’s secret hacking tools to WikiLeaks.

This piece appears to be entirely reversed engineered from the leaked files and the trial record, not actual InfoSec analysis. For example, it treats “Vault 7” as CIA’s code name, not some dumb label WikiLeaks assigned to it. It claims to track campaigns from September 2008 through June 2019; yet the trial record says CIA stopped all use of tools developed before Schulte left.

It makes much of compilation time. It is true that most of the work on these tools happen in VA and most of the developers work regular hours. However, there are two remote offices, so tools targeting China could easily be customized in Asian timezones.

The compilation time of malware is a common method and statistics in the research of APT group attribution. Through the study of the compilation time of malware, we can find out the developer’s work schedule, so as to know the approximate time zone of his location.

The following table is the schedule of compilation activities of APT-C-39 (the time is based on the East 8 time zone). It can be seen that the organization’s activities are close to the schedule in Eastern U.S. time zone, which is in line with the CIA’s location. (Virginia, U.S. Eastern Time).

It also admits that it is speculating about a key point — how CIA would use all this.

We speculate that in the past eleven years of infiltration attacks, CIA may have already grasped the most classified business information of China, even of many other countries in the world. It does not even rule out the possibility that now CIA is able to track down the real-time global flight status, passenger information, trade freight and other related information. If the guess is true, what unexpected things will CIA do if it has such confidential and important information? Get important figures‘ travel itinerary, and then pose political threats, or military suppression?

Don’t get me wrong. I’m sure the Chinese state is watching the trial closely for clues on CIA’s now defunct hacking tools, as well as organizational clues to how it used to be developed (though given China’s extensive success spying on the US, doubt they’ve learned anything even remotely new from this trial). But this report, at least, looks to be a opportunistic effort to make the most of the spectacle of the US prosecuting one of its own hackers.

Update: This, from last year, is a more credible report based on Vault 7 leaks. (h/t Catalin Cimpanu)

image_print