I’m still working on the serious parts of the reports from Umar Farouk Abdulmutallab’s FBI interrogations that Scott Shane liberated. But I wanted to share this detail, because it’s pretty funny.

In his fourth interview with the FBI on January 31, 2010 (the third after he started cooperating), Abdulmutallab told about how he tried to serve as a life coach for someone — perhaps a friend or a family member — back in Nigeria. He relied, according to the interrogation report, on principles he learned not from reading the Quran, but from the pop business book, Who Moved My Cheese.

That was in May 2009. Just two months later (two paragraphs in the interrogation report), Abdulmutallab decided to take set off to find Anwar al-Awlaki to undertake jihad.

In the last few days of July, 2009, UM [Abdulutallab] emailed the headmaster at SIAL [the school he would study at in Yemen]. He obtained the email address from SIAL’s website and sent the message using UM’s [redacted]

[snip]

This decision was entirely UM’s; no one encouraged him to go to Yemen to participate in jihad.

[snip]

For security reasons, UM told no one of his plan to travel to Yemen and participate in jihad.

Perhaps it’s not just funny and schmaltzy. It also demonstrates the degree to which Abdulmutallab was just looking for a path in life. Not long before he left to Yemen, he twice to propose to a woman, but (as he told the FBI, at least), his family wouldn’t permit him to marry yet.

Having been deprived that cheese, perhaps, he set off to martyr himself in the service of Al Qaeda in the Arabian Peninsula.

After a multiple year FOIA fight, Scott Shane has liberated the interrogation 302s from Umar Farouk Abdulmutallab. Kudos to Shane and NYT.

As Shane recalls in his story on the reports, I have noted problems about the government’s public claims about Abdulmutallab’s interrogation (even aside from conflicts with his other confessions and the terms under which the interrogation took place). The reports in some ways confirm those concerns — as I’ll write in some follow-up posts. But, more important, they also answer the most fundamental ones.

Some of the reports absolutely support the government’s claim that from Abdulmutallab’s first interrogations in January 2010, he attributed the instructions to wait until he was over the US to detonate his underwear bomb to Anwar al-Awlaki, which was always a key basis for the government’s argument they could execute the cleric.

Near the end of [Abdulmutallab’s — he is referred to as UM throughout these reports] stay at the camp, Aulaqi gave UM final specific instructions: that the operation should be conducted on a U.S. airliner;

[snip]

Aulaqi told UM: “Wait until you are in the US, then bring the plane down.” [PDF 24]

As a number of people have observed, the reports also show that (aside from the isolation later alleged by Abdulmutallab’s lawyers and whatever leverage the FBI got his family to exert), the FBI and the High Value Interrogation Group got a great deal of cooperation from Abdulmutallab without physical coercion, with Abdulmutallab providing intelligence on AQAP into the summer.

In this post, though, I want to note how the reports coincide with two other events from that period of 2010.

As many of you know, there’s a big, still somewhat unsolved problem with FBI interrogations. At the time, FBI didn’t record interrogations (and they still create big loopholes around a recently imposed rule that custodial interviews must be recorded). Rather, the FBI agent would take notes and subsequently write up those notes into a “302,” which is what the FBI calls their reports on interviews.

In Abdulmutallab’s case, there was an interesting lag between the time his interrogators conducted the interrogation and when they wrote it up. For example, his January 29, 2010 interrogation (and all the ones from the subsequent intense period of interrogation), were not dictated until February 5, 2010.

And those dictations did not start to get transcribed into finished 302s until starting on February 17, 19 days after the interrogation.

Let me be clear: there is nothing suspect about the delay. The timing cues in the interrogation makes it clear these initial interrogations were full-day interrogations. Add in the preparation time interrogators would have to do overnight, and it makes sense that they wouldn’t dictate out their notes until the end of the week (though that is yet another reason FBI Agents should always make recordings of interrogations). Moreover, the one week delay is not so long that an agent would forget substantial parts of the interrogation. Plus, a federal defender was present and could have challenged any problems with this report.

So we should assume the report is a fair indication of the conduct of the interrogation.

I’m more interested in the timing of other events in early 2010.

Consider the public comments Director of National Intelligence Dennis Blair made on February 3, at a House Intelligence hearing. Responding to a Dana Priest article from the prior week, Blair assured Congress they get specific permission before they drone kill an American citizen (there are a bunch of still unreleased memos that suggest they were actually still working on this policy).

“We take direct actions against terrorists in the intelligence community,” he said. “If we think that direct action will involve killing an American, we get specific permission to do that.”

He also said there are criteria that must be met to authorize the killing of a U.S. citizen that include “whether that American is involved in a group that is trying to attack us, whether that American is a threat to other Americans. Those are the factors involved.”

Obliquely asked about Awlaki, Blair responded that they would only kill an American “for taking action that threatens Americans or has resulted in it” — a standard that falls short of what OLC would eventually adopt, but one it appears they believed they had already surpassed with Awlaki.

“So there is a framework and a policy for what’s hypothetically a radical born cleric … who’s living outside of the United States, there’s a clear path as to when this person may be engaging in free speech overseas and when he may have moved into recruitment or when he may have moved into actual coordinating and carrying out or coordinating attacks against the United States?”

Mr. Blair responded that he would rather not discuss the details of this criteria in open session, but he assured: “We don’t target people for free speech. We target them for taking action that threatens Americans or has resulted in it.”

That comment was made after Abdulmutallab had implicated Awlaki in giving him final orders, but before it had been dictated, much less transcribed.

Then there’s the first of two OLC memos written to authorize Awlaki’s execution. That was finalized on February 19, 2010, just two days after the first 302 implicating Awlaki in final instructions for the attack was finished.

That is, only two days elapsed from the time that the one document we know of memorializing Abdulmutallab’s confession for David Barron to authorize Awlaki’s execution.

That’s also not that surprising. After all, the government deemed (and had, before this time) Awlaki to be an urgent threat, and they shouldn’t be faulted for wanting to prepare to respond to any opportunity to neutralize it, as quickly as possible. Moreover, unlike the subsequent OLC memo, this one doesn’t appear to analyze the intelligence on Awlaki closely — it just deems him a “senior leader of Al-Qa’ida in the Arabian Peninsula” and moves on to analysis about whether killing him constitutes assassination.

But the timing of all this at least suggests that there were more communications about these issues than have been identified in ACLU’s FOIAs on the subject. They at least suggest (and this would not be surprising in the least, either) that there were less formal communications about Abdulmutallab’s interrogation provided to Washington DC well before this 302 was finalized.

Again — that’s not surprising. I imagine a secure cable went out to Washington after the interrogation on the 29th — if not during Abdulmutallab’s afternoon prayer break — saying that Abdulmutallab had implicated Awlaki in providing the final instructions making sure that the US would be targeted.

But it is an interesting data point on how deliberative the process behind authorizing Awlaki’s execution was.

The other day, I explained why we should remain skeptical of the congressional investigations into the Russian hack. Most importantly, I questioned Richard Burr’s seriousness. The investigation should be done by the House and/or Senate Intelligence Committee, and both Chairs of those committees have had Trump appointments in the last year.

That said, this Maine Public Radio interview with Susan Collins may provide reason for hope (see after 10 minutes and 39 minutes).

In it, she reiterated promises — made in the agreement on the inquiry — that the committee would do open hearings and release a public report.

I will encourage that there’ll be some public hearings as well as the closed hearings that we’re doing now and that we issue a report.

She also noted that she and others intend to call Mike Flynn to testify (though she didn’t say whether the interview would be open or not). Note, National Security Advisors cannot be subpoenaed (which is one basis why Devin Nunes said they couldn’t call Flynn).

I am going to request, many members are, that we call Steve Flynn–Mike Flynn, the former National Security Advisor to testify before us.

In addition, after 30 minutes, in response to a caller insisting that the inquiry be public, Collins noted that Republicans have just a one vote majority on the committee (though she didn’t point out that she could be the swing voter).

She was asked if she would subpoena Trump’s tax returns, and on that she said it would depend on Burr and Mark Warner. We shall see whether Warner has the chops to force that issue.

On both torture and drone memos, Collins has been willing to serve as a swing voter on SSCI before. If she does so here, it could make a difference.

Robert Eatinger — the former CIA lawyer deeply implicated in torture who referred the authors of the Senate Intelligence Committee report on torture to DOJ for criminal investigation — has a curious column in The Cipher Brief. Eatinger purports to rebut commentators who have described “Executive Order 12333 as a sort of mysterious, open-ended authorization for U.S. intelligence agencies to engage in secret, questionable activities.” But mostly he addresses the Agency’s new Attorney General Guidelines under EO 12333 approved by Loretta Lynch on January 17.

Eatinger doesn’t explain what led to the adoption of new procedures. He does at least admit that the CIA had been operating on procedures written in 1982, a year after EO 12333 mandated such procedures. He also admits that those procedures did not reflect, “advances in collection methods due to changes in technology and privacy interests unforeseen in 1982, which did not contemplate the ubiquitous use of mobile phones, computers, and other digital media devices or evolving views of privacy and thus did not seek to address ‘big data’ or ‘bulk’ collection.” But readers who didn’t know better might conclude from Eatinger’s piece that the CIA just decided out of the blue to start protecting Americans’ privacy.

The proximate change to the procedures was likely a desire to finally expand data sharing under Obama’s new EO 12333 sharing rules, a final step before accessing a firehose of data from the NSA (curiously, Eatinger doesn’t mention that these new procedures will probably enable the expanded intake of vast amounts of bulk data including US person information). It also (as I’ll explain) belatedly responds to a mandate from Congress.

But in reality, the change comes in response to over three years of nagging from the Privacy and Civil Liberties Oversight Board, which asked James Clapper and Eric Holder to make agencies update these procedures back in August 2013, pointing out how much technology had changed in the interim. Which is another way of saying that, for the entire time when Eatinger was a top CIA lawyer, CIA was perfectly happy to operate on 35-year old procedures not reflecting current technology.

Among the procedures limiting CIA’s (newly expanded) access to bulk data, Eatinger highlights the five year restriction on retention of information including US person data.

These sections also satisfy the requirements to create procedures that limit to five years the retention of any nonpublic telephone or electronic communication acquired without the consent of a person who is a party to the communication except in defined circumstances (Section 309).

[snip]

Section 6 creates two different types of handling requirements for unevaluated information; one for “routine” handling and one for “exceptional” handling.  Exceptional handling requirements apply to intelligence collections either of nonpublic communications that were acquired without the consent of a party to the communication, or that are anticipated to contain U.S. person identifying information that is significant in volume, proportion, or sensitivity.  The exceptional requirements include segregating the unevaluated information, limiting access to CIA employees who receive special training, creating an auditable record of activity, and importantly, requiring such information to be destroyed no later than five years after collection, permitting extensions in limited circumstances.

The five-year limit in Section 6 is but one example of how specifics in the new procedures attempt to find the right balance of intelligence and privacy interests.  Each procedure involves an effort to find the right tradeoffs to allow lawful intelligence collection and protect privacy and civil liberty rights and interests. The tradeoff was between the risk to a loss in intelligence capabilities by destroying information at five years against the risk to compromising privacy interests by keeping the information longer.

It’s not until nine paragraphs after Eatinger introduces this requirement, which he notes arises from “Section 309” in paragraph 8, that he explains where it comes from in paragraph 17, from Congress.

The five-year retention period in Section 6 was not set by the CIA, DNI, or Attorney General, however, it was set by Congress through Section 309.

Eatinger doesn’t describe when Congress passed that law, but I will. It was in the Intelligence Authorization for FY 2015. It became law on December 19, 2014.

Which is another way of saying that for over two years after Congress passed this law mandating the destruction of bulk data including US person data after five years, CIA hadn’t updated its EO 12333 procedures to reflect that requirement (this was after Eatinger left CIA, so we can’t blame him for the tardiness).

Now, Eatinger helpfully confirms something I’ve long believed but hadn’t confirmed: rather than sorting through and deleting the US person data in the collection, which would be all the law requires, the CIA instead destroys the entire data set at the five year interval, effectively extending the privacy protections passed to cover US persons to foreigners as well (you’re welcome, Europe). Eatinger does so in a passage laying out the trade-offs to deleting data after five years.

Deleting all unevaluated information specifically concerning U.S. persons has little to no intelligence downside because intelligence agencies will never want or have reason to search their intelligence holdings.  The five-year period to destroy all unevaluated information, however, will remove not only information concerning U.S. persons but also any information potentially concerning valid intelligence targets, such as international terrorists, from the intelligence agencies holdings.  In this latter case, however, intelligence agencies will want and may have a reason to search its holdings for information on these targets.  The deletion of that information could thus have an adverse intelligence impact, particularly on counterterrorism and counterproliferation intelligence reporting, as well as on the conduct of human intelligence operations, all of which are important activities of the CIA.

The CIA could be expected to search all of its holdings upon receiving intelligence identifying a previous unknown person as a suspected terrorist or proliferator.  Under the five-year retention period, when the CIA conducts the search, any unevaluated information on that person that may have been acquired during a bulk collection activity over five years ago will have been deleted; CIA’s search will not retrieve that information.  Thus, CIA might gain an incomplete or misleading understanding of the individual, his place in a terrorist network, and his contacts.  Or, CIA may send intelligence officers to conduct dangerous human intelligence operations to collect information it once had.  The loss of five-year old information could also adversely impact the spotting, assessing, recruiting, and running of human sources. [my emphasis]

This is how Eatinger introduces Congress’ role in requiring CIA to destroy data after five years: to blame them for limiting the CIA’s ability to sit on bulk data on Americans and foreigners for 25 years. To his credit, Eatinger does describe Congress as “the right body” to “impose” a “single retention period … on the entire intelligence community.” Given his direct attacks on Congressional oversight of the torture program, though, I wonder precisely in what spirit he intended this comment.

In any case, Eatinger also emphasizes that CIA doesn’t have to abide by this “single retention period …  imposed on the entire intelligence community.” After suggesting that some agencies might be able to abide by the Congressional mandate, he asserts unnamed other agencies may not be able to.

Some intelligence entities likely could accomplish their mission and destroy unevaluated information in less than five years.  Others may need to retain information longer than five years.

He then notes that Congress has given agencies an out.

Congress has provided that intelligence agency heads may retain information longer than five years if the head determines a longer retention “is necessary to protect the national security of the United States” and certifies in writing to the intelligence committees the reasons for that determination, the new retention period, the particular information to be retained; and the measures that will be taken to protect the privacy interests of U.S. persons and persons located inside the United States.

That out is laid out in CIA’s procedures at 6.2.2.2, but rather than stating the intelligence committees must get notice, the section says only that, “Upon such extension, the [CIA Director] shall complete any notifications required by statute, Executive Order, or other Presidential decree” which, given the way the Bush Administration ignored FISA based on Presidential decree, doesn’t inspire confidence that Congress would get the notice mandated under Section 309.

In any case, we have reason to believe the CIA is just one month into receiving an expanded firehose of data, including a great deal of data on Americans. And Eatinger sure seems to suggest the CIA may never give the data obtained via that firehose up.

As I mentioned in this post, on Saturday, Reuters offered the most comprehensive description of the structure of the FBI investigation into the DNC hack. As it describes there are “at least” three different distinct probes into the FBI hack: one led by counterintelligence agents based in DC, one in Pittsburgh targeted at the hack of the DNC itself, and one in San Francisco targeted at the Guccifer 2 persona.

That structure is interesting for a number of reasons, not least that, in recent years, FBI has assigned cyber investigative teams to geographical offices that have developed certain expertise. I’m most interested that FBI has split the Guccifer 2 side of the investigation off from the hack of the DC.

DC: The Counterintelligence investigation

Let’s start with the DC investigation. Contrary to what you may think, a good deal of the attention on Trump’s close advisors stems from behavior that barely involves the DNC hack, if at all, but instead focuses on larger discussions of quid pro quo. Here’s what has been publicly alleged, mostly in the Trump dossier. Reminder, these are only allegations! 

Paul Manafort, using Carter Page as a go between, conducts on-going quid pro quo about attacks on Hillary in response for distracting from Ukraine issues. (PDF 8)

Carter Page conducts a meeting with Rosneft CEO (and US sanction target) Igor Sechin in Moscow. The two discuss a quid pro quo tying 19% transfer of Rosneft to Page in exchange for the lifting of sanctions.(PDF 9, 30) On the same visit, Page meets top Kremlin official Diyevkin, where the latter explains to Page what kind of compromising information they had on both Trump and Hillary. (PDF 9)

A Kremlin figure describes Russian efforts to reach out to some in the US, including Jill Stein, Mike Flynn, and Carter Page. (PDF 15)

At a meeting in August, Yanukovych admits to Putin that he had paid off Manafort, but had covered it up. According to Steele’s sources, Putin doubts how well Yanukovych had covered his tracks. (PDF 20-21)

Trump lawyer Michael Cohen meets with Russian Presidential Administration figures, including Oleg Solodukhin, operating under the cover of the Rossotrudnichestvo organization, in Prague in August. According to two pre-election reports, this meeting was to clean up fall-out of prior contacts with Manafort (here described exclusively in terms of his involvement in Ukraine) and Page (described as the quid pro quo on sanctions). (PDF 18, 31-32) According to a post-election report, the meeting also discusses payments and cover-up of Europe-based hackers, who would be paid by both the Russians and Trump. (PDF 34-35) The role of Cohen — whose wife is Russian and whose father-in-law is a key Russian developer — as liaison to Russia is key. Note, information likely indicating intelligence sourcing is redacted in two of these reports. (PDF 30, 34)

The one other Trump figure mentioned in allegations of Russian ties, Roger Stone, is not mentioned in the dossier, though his role has exclusively been described as a potential knowing go-between with Wikileaks. (The error I mentioned I made in my the OTM interview was in forgetting Cohen, whose role is central, and instead mentioning Stone.)

In other words, while allegations of involvement with Russia do touch on the DNC hack, for both Manafort and Page, the evidence focuses more on old-fashioned influence peddling. The evidence against Flynn in the dossier is exclusively that of cultivation.

Only Cohen, though, is strongly and repeatedly alleged in the dossier to have had a role in both the influence peddling and arranging — and paying! — for the DNC hack (though a weak allegation against Manafort is made in an early report).

Yesterday, NYT reported that Cohen tried to pitch a crazy “peace” deal for Ukraine to Mike Flynn not long before the latter was caught on an intercept with Russia’s Ambassador.

A week before Michael T. Flynn resigned as national security adviser, a sealed proposal was hand-delivered to his office, outlining a way for President Trump to lift sanctions against Russia.

Mr. Flynn is gone, having been caught lying about his own discussion of sanctions with the Russian ambassador. But the proposal, a peace plan for Ukraine and Russia, remains, along with those pushing it: Michael D. Cohen, the president’s personal lawyer, who delivered the document; Felix H. Sater, a business associate who helped Mr. Trump scout deals in Russia; and a Ukrainian lawmaker [named Andrii Artemenko].

Note that Sater, who has mobbed up business ties with Trump the latter has denied, also allegedly has worked for the CIA.

All of this is a way of saying that several of Trump’s advisors — especially Cohen — have been alleged to have dodgy ties to Russian, but much if not most of that pertains to influence peddling tied to Ukraine and sanctions imposed in retaliation for Russian involvement in Ukraine. So even beyond the different technical and security requirements of the investigation (not to mention any sensitivity involving the CIA), such an investigation sensibly would reside in FBI’s CI world. Thus the DC investigation.

Pittsburgh: The DNC hackers

As Reuters describes it, the Pittsburgh inquiry is examining who hacked the DNC (curiously, it makes no mention of John Podesta or any other hack target).

The FBI’s Pittsburgh field office, which runs many cyber security investigations, is trying to identify the people behind breaches of the Democratic National Committee’s computer systems, the officials said. Those breaches, in 2015 and the first half of 2016, exposed the internal communications of party officials as the Democratic nominating convention got underway and helped undermine support for Hillary Clinton.

The Pittsburgh case has progressed furthest, but Justice Department officials in Washington believe there is not enough clear evidence yet for an indictment, two of the sources said.

It’s not just that Pittsburgh conducts a lot of cyber security investigations — though it has been involved in some key multinational cybercrime investigations (and perhaps as importantly, infrastructure take-downs). In addition to international partnerships in those investigations, it partners closely with Carnegie Mellon’s CERT, which is best known for developing an attack on Tor the FBI uses (the legal follow-up to the 2014 Operation Onymous operation that exposed it went through SDNY in Manhattan, though that would have been before FBI started assigning investigations by geography).

Pittsburgh is also where the most discussed indictment of a nation-state hacking group — that of Chinese People’s Liberation Army hackers, mostly for spying on negotiations — came through (most of the victim companies were there too, but that was probably because they could all serve as victims without compromising national security). I will be interested to see whether the FBI assigned this investigation to Pittsburgh before or after Crowdstrike declared the DNC hack a state-sponsored hack.

San Francisco: Guccifer 2

Finally, there is the investigation into Guccifer 2, the persona who claimed to have hacked the DNC, who took credit for handing the documents to WikiLeaks, and who allegedly had ties to DC Leaks. Here’s how Reuters describes this part of the investigation:

Meanwhile the bureau’s San Francisco office is trying to identify the people who called themselves “Guccifer 2” and posted emails stolen from Clinton campaign manager John Podesta’s account, the sources said. Those emails contained details about fundraising by the Clinton Foundation and other topics.

The language here is really curious. The strongest case that Russia’s GRU hacked a Democratic target involves Podesta. And Guccifer didn’t post any Podesta emails. Guccifer claimed to have posted Clinton Foundation documents, though the documents appeared to be DCCC documents, my comment on which elicited an unsolicited response from Guccifer.

Reuters is actually not the first outlet to report that San Francisco was investigating Guccifer. I believe credit for that goes to Ellen Nakashima’s report, the day before Obama imposed sanctions, on how the US might retaliate.

Criminal indictments of Russians might become an option, officials said, but the FBI has so far not gathered enough evidence that could be introduced in a criminal case. At one point, federal prosecutors and FBI agents in San Francisco considered indicting Guccifer 2.0, a nickname for a person or people believed to be affiliated with the Russian influence operation and whose true identity was unknown.

In December, at least, it appears the FBI did not know Guccifer’s identity though they still believed it to be tied to Russia. Nevertheless that part of the investigation had already been spun out to San Francisco, the other side of the country from the Pittsburgh hack investigation.

Now, there have always been reasons to doubt the interpretation that Russian metadata invoking Felix Dzerzhinsky was proof that Guccifer was Russian, rather than disinformation casting blame on Russia. Here are two more recent pieces making that argument. And in Guccifer’s most recent posting — posted on January 12 but fairly obviously written and posted in advance — the persona used proper English. Nevertheless, that’s presumably not why this part of the investigation got spun off.

There are several other possibilities explaining why the Guccifer investigation is in San Francisco. That office, too, does a ton of cyber investigations, but virtually all of those involve Bay Area companies targeted as victims. So it’s possible the San Francisco office is leading the investigation because of some tie with an area company. Guccifer posted on WordPress, which is headquartered in San Francisco, so that could explain it. It’s also possible FBI believes there is a tie between Guccifer and Shadow Brokers. The latter persona is not mentioned by Reuters, but they are surely also being investigated, perhaps even separately from the Hal Martin investigation in Maryland. If that’s the case, the victim American firewall companies exposed in the first release are all headquartered in Silicon Valley (though they were initially victimized by NSA’s TAO hackers, unless the companies knew NSA was using those back doors).

There are two other interesting cases that might suggest why the Guccifer part of the investigation is out in San Francisco. First, the corrupt government agents who stole Bitcoin while they were investigating Silk Road were investigated and tried out there. I’ve always suspected that was done to make it harder for Ross Ulbricht to access information on that investigation in discovery (if that was the intent, it worked like a charm!). I’m not suggesting there’s anything like that going on here, but I can imagine reasons why the FBI might want to firewall some parts of this investigation from others.

Finally, note that Yevgeniy Aleksandrovich Nikulin, the credential theft hacker arrested in Prague in October, was investigated out of San Francisco, explicitly because his alleged victims are also located in the Bay Area. There have always been hints that that arrest might tie into the Russian investigation (not least because Nikulin is Russian), but this would seem to suggest there’s a tangential tie to it. So perhaps by the time FBI split up this investigation that theory had been developed.

Update: Laura Rozen reminds me via Twitter that Russia’s San Francisco Consulate was one of the locales from which diplomats were expelled.

A final comment. As interesting as it is that this investigation has split into three, I find it just as interesting that EDVA is not involved in it, which is where most international hacking investigations take place. I’ve got no explanation for why that might be, but it is as interesting a question as why the Guccifer investigation got sent out to San Francisco.

One thing is clear, though: For some reason, FBI thought it best to split two parts of what have widely believed to have been part of the same operation — the hacking and (some of) the leaking — and conduct them completely across the country from each other.

I was interviewed (on Thursday) about the Flynn resignation and larger investigation into the Russia hack for Saturday’s On the Media. In what made the edit, I made one error (which I’ll explain later), but a key point I made holds. The leaking about Flynn and other Russian events are hypocritical and out of control. But they may create pressure to fix two problems with the current investigations into the Russian hack: the role of Jeff Sessions overseeing the DOJ-led investigations, and the role of Trump advisory officials Devin Nunes and Richard Burr overseeing the most appropriate congressional investigations.

In this post I’ll look at the latter conflicts. In a follow-up I’ll look at what the FBI seems to be doing.

As I noted in the interview, contrary to what you might think from squawking Democrats, there are five congressional investigations pertaining to Russian hacks, though some will likely end up focusing on prospective review of Russian hacking (for comparison, there were seven congressional Benghazi investigations). They are:

• Senate Intelligence Committee: After months of Richard Burr — who served on Trump’s campaign national security advisory council — saying an inquiry was not necessary and going so far as insisting any inquiry wouldn’t review the dossier leaked on Trump, SSCI finally agreed to do an inquiry on January 13. Jim Comey briefed that inquiry last Friday, February 17.
• House Intelligence Committee: In December, James Clapper refused to brief the House Intelligence Committee on the latest intelligence concluding Russian hacked the DNC with the goal of electing Trump, noting that HPSCI had been briefed all along (as was clear from some of the leaks, which clearly came from HPSCI insiders). In January, they started their own investigation of the hack, having already started fighting about documents by late January. While Ranking Democratic Member Adam Schiff has long been among the most vocal people complaining about the treatment of the hack, Devin Nunes was not only a Trump transition official, but made some absolutely ridiculous complaints after Mike Flynn’s side of some conversations got legally collected in a counterintelligence wiretap. Nunes has since promised to investigate the leaks that led to Flynn’s forced resignation.
• Senate Armed Services Committee: In early January, John McCain announced he’d form a new subcommittee on cybersecurity, with the understanding it would include the Russian hack in its focus. Although he originally said Lindsey Graham would lead that committee, within weeks (and after Richard Burr finally capitulated and agreed to do a SSCI inquiry), McCain instead announced Mike Rounds would lead it.
• Senate Foreign Relations Committee: In December, Bob Corker announced the SFRC would conduct an inquiry, scheduled to start in January. At a hearing in February, the topic came up multiple times, and both Corker and Ben Cardin reiterated their plans to conduct such an inquiry.
• Senate Judiciary Subcommittee on Crime and Terrorism: After Graham was denied control of the SASC panel, he and Sheldon Whitehouse announced they’d conduct their own inquiry, including a prospective review of “the American intelligence community’s assessment that Russia did take an active interest and play a role in the recent American elections.”

All the while, some Senators — McCain, Graham, Chuck Schumer, and Jack Reed — have called for a Select Committee to conduct the investigation, though in true McCainesque fashion, the maverick has at times flip-flopped on his support of such an inquiry.

Also, while not an investigation, on February 9, Jerry Nadler issued what I consider (strictly as it relates to the Russian hack, not the other conflicts) an ill-advised resolution of inquiry calling for the Administration to release materials relating to the hack, among other materials. Democrats in both the House and Senate have introduced legislation calling for an independent commission, but have gotten no support even from the mavericky Republicans.

As you can see from these descriptions, it took pressure from other committees, especially Lindsey Graham getting control of one of the inquiries, before Richard Burr let himself be convinced by SSCI Vice Chair Mark Warner to conduct an inquiry. Thus far, Mitch McConnell has staved off any Select Committee. As soon as SSCI did claim to be launching an investigation, a bunch of Republicans tried to shut down the others, claiming it was all simply too confusing.

Let me be clear: as I noted in the OTM interview, the intelligence committees are the appropriate place to conduct this investigation, as it concerns really sensitive counterintelligence matters — people who could be witnesses to it are getting killed! — and an ongoing investigation. The only way to conduct a responsible inquiry is to do so in secret, and unless a select committee with clearance is formed, that means doing so in the dysfunctional intelligence committees.

That’s made worse by Nunes and Burr’s obvious conflicts, having served on Trump’s pre-inauguration advisory teams (at a time when Mike Flynn was chatting about ongoing sanctions with Russia), and their equally obvious disinterest in conducting the investigation. Remember that the intelligence committees successfully bolloxed up the independent investigation into Iran-Contra. While neither Nunes nor Burr is as smart as Dick Cheney, who had a key role in that intentional bolloxing, Democrats should be cognizant of the ways that such bolloxing has happened in the past.

And now that SSCI has finally started its inquiry, Ali Watkins published an uncharacteristically credulous report on Burr’s role in the investigation, slathering on the colorful vocabulary — “brutally yanked;” “underground cohort;” “dark shadow of Langley;” “Wearily, they’re trudging forward on a probe littered with potential political landmines;” — before portraying the allegedly difficult position Burr is in:

That he’s now in charge of the sweeping Russia inquiry puts the North Carolina Republican in between a rock and a hard place. Since taking over the helm of the intelligence committee, Burr has pressed for more active and aggressive oversight, and has kept a rigorous travel schedule to match. But his decisive reelection victory in November came at a cost — throughout the contentious race, Burr towed Trump’s line, and hasn’t yet directly criticized the White House publicly.

But Burr has shown no indication that he’s ever angled for a Trump administration job, and says he’s not running for re-election. How seriously he takes his obligation to carry his president’s water remains to be seen.

Burr has been slammed by colleagues in recent days, who fear he’s slow-rolling an investigation into a fast-moving story. But much of the inquiry’s slow start was due to bureaucratic wrangling — some intelligence agencies insisted products be viewed on site rather than sent to the Hill, and some of the intelligence was so tightly controlled that it was unclear if staffers could even view it.

This is just spin. There is abundant public record that Burr has thwarted oversight generally (he has said things supporting that stance throughout his history on both the Senate and House Intelligence Committee, even ignoring his role in covering up torture, and Watkins’ earlier incorrect claims about Burr’s open hearings remain only partly corrected). There is no mention in this article that Burr was on Trump’s national security advisory committee. Nor that SSCI had reason to do hearings about this hack well before January 2017, back when it might have made a difference — at precisely the time when Burr apparently had time to advise Trump about national security issues as a candidate. Plus, it ignores all the things laid out here, Burr’s continued equivocation about whether there should even be a hearing.

There is no reason to believe Burr or Nunes intend to have a truly rigorous investigation (bizarrely, Warner seems to have had more success pushing the issue than Schiff — or Dianne Feinstein when she was Vice Chair — though that may be because the Ranking position is stronger in the Senate than in the House). And history tells us we should be wary that their investigations will be counterproductive.

As I noted, on Friday — the Friday before a recess — Jim Comey briefed the SSCI on the Russian hack. That briefing was unusual for the date (regular SSCI meetings happen on Tuesday and Thursday, and little business of any kinds happens right before a recess). Reporters have interpreted that, along with the presumed silence about the content of the briefing, as a sign that things are serious. That may be true — or it may be that that was the only time a 3-hour briefing could be scheduled. In the wake of the briefing, it was reported that the SSCI sent broad preservation requests tied to the inquiry (that is, they sent the request long after the inquiry was started). And while the press has assumed no one is talking, the day after the briefing, Reuters reported outlines of at least three parts of the FBI investigation into the Russian hack, attributed to former and current government officials.

I’m traveling again, so I’m running on delayed coverage of the Trump circus.

But I wanted to point out something that has been puzzling me: David Ignatius’ curious role in the events leading up to the forced resignation of Mike Flynn as President Trump’s National Security Adviser.

After all, Ignatius set off the events with this article. The article included two curious details. First, in an update to the story, Ignatius stated as fact that the Russian plane carrying a military choir to Syria had been shot down.

This official later added that Flynn’s initial call was to express condolences to Kislyak after the terrorist killing of the Russian ambassador to Ankara Dec. 19, and that Flynn made a second call Dec. 28 to express condolences for the shoot-down of a Russian plane carrying a choir to Syria.

Perhaps this was a mistake, but no cause for the crash has been reported (and it’d be even more curious if Trump’s people knew this was a shoot-down right away, given the lack of public accounting for it). There has been no follow-up about who shot down this plane (and little claim that it was terrorism).

More importantly for the Flynn story, Ignatius reported the December 29 calls between Sergey Kislyak and Flynn, the first public mention of them.

According to a senior U.S. government official, Flynn phoned Russian Ambassador Sergey Kislyak several times on Dec. 29, the day the Obama administration announced the expulsion of 35 Russian officials as well as other measures in retaliation for the hacking. What did Flynn say, and did it undercut the U.S. sanctions? The Logan Act (though never enforced) bars U.S. citizens from correspondence intending to influence a foreign government about “disputes” with the United States. Was its spirit violated? The Trump campaign didn’t immediately respond to a request for comment.

If the Trump team’s contacts helped discourage the Russians from a counter-retaliation, maybe that’s a good thing. But we ought to know the facts.

Ignatius not only knew of the calls, but he knew enough to ask the question — which the FBI would later pose to Flynn in an interview — about whether Flynn had undercut US sanctions. In response to his mention of the calls, other journalists followed up with Mike Pence, which ultimately led to the excused reason for Flynn’s firing, that he had lied to Pence about the calls. Frankly, that questioning also clearly led to Flynn correcting his story between February 8 and 9, which suggests he may have reviewed the transcripts in the interim.

While Ignatius’ report is mentioned in a WaPo timeline of these events, he’s not bylined in either of the two big bombshells from WaPo on this, even though up to seven journalists are mentioned.

There are two obvious explanations. First, that Ignatius’ column, which serves as a mouthpiece for the IC (and especially CIA), is not generally treated in the same way other journalism at the WaPo is. And possibly, specifically in this case, if that reference were treated as reporting rather than speculation, it might lead Trump’s leak investigation back to the source that kicked off this leak fest. But by posing it as speculative questioning, it protects that original source.

Whatever the explanation is, I think the odd circumstances surrounding the story invite further attention to two of the other questions Ignatius poses in that column. He asked, for example, whether Obama delayed his response to the Russian out of fears Russia would do something worse to Hillary.

Did the administration worry that the Russians would take additional steps to hurt Clinton and help Trump, and might disrupt balloting itself?

According to public reports, Obama twice raised probes of registration databases directly with Putin; after the election the IC included them among Russia’s roles. What exactly was the Obama Administration worried about here?

And Ignatius also asked a question I’ve heard floated (which is one reason I focused so intently on the curious forensic details about the dossier): that the Russians themselves released the anti-Trump dossier compiled by Christopher Steele to sow further chaos (and, presumably, to hurt Trump).

Finally, what’s the chance that Russian intelligence has gamed its covert action more subtly than we realize? Applying a counter-intelligence lens, it’s worth asking whether the Russians hoped to be discovered, and whether Russian operatives fed the former MI6 officer’s controversial dossier deliberately, to sow further chaos.

Clearly, Ignatius’ source on the Flynn call with Kislyak advanced the story in a direction that led to Flynn’s firing. What else were Ignatius’ source or sources for the this story trying to lead reporting to?

It turns out Trump is on pace to fire a person every week, just like in his reality show. As you surely know, Mike Flynn has been ousted as National Security Advisor, along with his Deputy, KT McFarland.

There has been some confusion about what intelligence the spooks who just caused Flynn to be fired relied on. So let’s start with this detail from last night’s WaPo story:

After the sanctions were rolled out, the Obama administration braced itself for the Russian retaliation. To the surprise of many U.S. officials, Russian President Vladimir Putin announced on Dec. 30 that there would be no response. Trump praised the decision on Twitter.

Intelligence analysts began to search for clues that could help explain Putin’s move. The search turned up Kislyak’s communications, which the FBI routinely monitors, and the phone call in question with Flynn, a retired Army lieutenant general with years of intelligence experience.

From that call and subsequent intercepts, FBI agents wrote a secret report summarizing ­Flynn’s discussions with Kislyak.

That is, in response to questions elicited by Putin’s response, analysts actually read the intercepts of the Flynn-Kislyak call, which led to further monitoring of the conversations. And contrary to what HPSCI Chair Devin Nunes is whining, FBI would have access to Flynn’s side of the call right away, because they would own the tap (and in any case, they’d get unminimized copies of anything from NSA).

Some have pointed to this passage to suggest that the FBI was always listening in.

U.S. intelligence reports during the 2016 presidential campaign showed that Kislyak was in touch with Flynn, officials said. Communications between the two continued after Trump’s victory on Nov. 8, according to officials with access to intelligence reports on the matter.

It’s quite likely that’s not the case. After all, even Michael McFaul (who served as Ambassador to Russia at the beginning of the Obama Administration) said it was normal to have such calls before inauguration. Moreover, the FBI wouldn’t need to access the content of communications to learn that they were taking place. The metadata would be enough. And the actual content of the contacts would remain in some server in Utah.

Also, some have suggested that Flynn must be the Trump associate against whom a single FISA order was obtained in October. That’s unlikely, first of all, because if there were a FISA order on Flynn, then the FBI wouldn’t have needed the weird Putin response to lead them to read the actual content of calls (not to mention, the WaPo is clear that the contacts were collected as a result of normal monitoring of a foreign diplomat). Furthermore, most reports of that FISA order suggest the FBI first asked for four orders (in June and July) but only got one, in October. So it’s likely that FISA order covers another of Trump’s Russian buddies.

Finally, remember that for a great deal of SIGINT, FBI wouldn’t need a warrant. That’s because Obama changed the EO 12333 sharing rules just 4 days after the IC started getting really suspicious about Flynn’s contacts with Russia. That would make five years of intercepts available to FBI without a warrant in any counterintelligence cases, as this one is.

Update: Corrected KT McFarland instead of KC. Also, I’ve been informed she’ll stick around until Trump names a new NSA.

WaPo did this fact check on Trump senior advisor Stephen Miller’s claim that, “72 individuals, according to the Center for Immigration Studies, have been implicated in terroristic activity in the United States who hail from those seven nations, point one.” It awards his claim three stars, stating,

[U]pon closer examination of the cases on the list, it becomes clear that his statement went too far. In fact, this is pretty thin gruel on which to make sweeping claims about the alleged threat posed to the United States by these seven countries, especially because the allegations often did not concern alleged terrorist acts in the United States.

[snip]

Regardless of the direct or tangential ties that investigators believe each individual may have to terrorist activities, these charges need to be proven in a court of law. Suspected or potential terror links involving these 72 individuals do not confirm Miller’s claim that they were “implicated in terrorist activity.”

Moreover, some people on this list entered the United States — many of them naturalized — decades before they were charged with any of the crimes. That makes Miller’s use of this list to defend Trump’s executive order quite questionable.

There are other methodological problems with the list Miller references that WaPo doesn’t consider. For example, it includes people, like Ahmed Warsame, who got extradited or rendered to the US, so it’s not like their presence in the US can be attributed to visa screening (though there is some concern that the Muslim ban will make it more difficult to extradite and coerce cooperation from similarly situated defendants, thus making it harder to round up threats overseas).

Just as strikingly, the list affirmatively undermines the claim that these seven countries are all a threat. Of the CIS’ list of 72 individuals, just four are from Iran, two from Libya, just one from Sudan. And the claims implicating these people mostly fall apart when you look closer. Most of them arise from the efforts in the early 2000s to prosecute Muslim charities, and several of those cases eventually fell apart, rather spectacularly in a case associated with Al-Haramain. Plus, in at least two cases, these defendants got caught in the middle of America’s changing views on which terrorists it criminalizes and which it partners with.

Sudan

Abdel Azim El-Siddig: CIS claims that El-Siddig was found guilty of conspiracy to fail to register as a foreign agent and was sentenced to 58 months. That’s an error. El-Siddig plead just to conspiracy to violate FARA. He was sentenced to probation and has served that sentence. El-Siddig was largely charged in an effort to coerce his cooperation in prosecuting former Congressman Mark Deli Siljander, who pursued the interests of the Islamic American Relief Agency. Ultimately, even Siljander was only sentenced to a year; it looks like this may have been one of the cases that fell apart based on crummy intelligence.

Libya

Ali Mohamed Bagegni: One of the Libyans listed is Ali Mohamed Bagegni, who was on the board of IARA and got wrapped up in the case against Siljander. He served 6 months of probation.

Emadeddin Muntasser: Muntasser was convicted in another charity case — for lying to get tax exempt status for Care International and also for lying about having met Gulbuddin Hekmatyar, who has gone on and off America’s list of favored terrorists for twenty years now. Judge Dennis Saylor overturned the tax charge, finding it was not supported by the facts presented. The First Circuit reinstated guilty verdicts on tax charges, but Saylor just sentenced him to time served.

Iran

Siavosh Henareh: As WaPo notes, one of the Iranians listed is Siavosh Henareh. He was busted for conspiracy to import heroin that others allegedly were going to use to raise money for Hezbollah. But he was not charged with any ties to terrorism.

Pete Seda (Pirouz Sedaghaty): Seda’s case is a particularly problematic charity case, as we know the government illegally spied on him under Stellar Wind (though they probably did with all the other charity defendants as well). Ultimately, though, the charge that he tried to funnel money to Chechen fighters was overturned by the 9th Circuit, and he pled guilty to tax fraud. The case fell apart in part because the government had to pay off witnesses to implicate him and withheld other information. See this post for more details about how HSBC got off for a far bigger scale of crime associated with this case.

Zeinab Taleb-Jedi: Taleb-Jedi was prosecuted in 2006 for material support for MEK, the anti-Iranian group that a good chunk of DC has also materially supported, including Howard Dean, Elaine Chao, John Bolton, Fran Townsend, and Newt Gingrich, a group which had been a big source of often flimsy intelligence on Iran.  She stalled out that prosecution and in 2009 ultimately pled guilty to violating an executive order. Shewas sentenced to time served.

Manssor Arbabsiar: I’ve written about the Scary Iran Plot extensively (for example here, here, here, here). It is the one case where someone really was convicted of plotting an attack in the United States — in this case, to assassinate then Saudi Ambassador to the US Adel al-Jubeir. Arbabsiar plead guilty to the charges, so there’s no doubt he did act on his Revolutionary Guard cousin’s orders to find someone to kill the Saudi Ambassador. But most of the details about the plot — Arbabsiar’s likely prior role as an informant and his efforts to resume that role, DEA’s great craft in making the plot as scary as possible (even targeting a restaurant favored by Senators), the circumstances surrounding Arbabsiar’s interrogation and mental competence, and even hints that the cousin may have been a mole for another government — raise questions about how serious Iran was about actually conducting this attack.

In short, just one of these cases can really be construed as an attempted attack, and that was pretty remarkable for the fiction and other handiwork the DEA went into in making it a spectacular bust.

Don’t get me wrong. The overall list is bullshit too. If you look at CIS’ numbers, you see that most represented community, Somalia, also happens to be the one that has for years partnered closely with the FBI to alert them to concerns about radicalization. That basically means Trump’s Muslim ban punishes that community for affirmatively working to prevent terrorism.

But CIS’ efforts to pretend that Iran, Sudan, and Libya make sense here fall even further flat.

As you’ve surely heard, the Ninth Circuit handed President Trump a huge loss last night, refusing to overturn the nationwide stay on his Muslim ban. The per curium opinion is particularly strong in asserting that courts do have the ability to review Presidential orders, even those that pertain to national security.

But there’s another part of the opinion I’m particularly interested in, because if it is not reversed, it creates a very important new limit on what the President can do with EOs.

One of the problems Trump created for himself was targeting Green Card holders — lawful permanent residents. That’s because LPRs have long term relations with the country and are accorded constitutional protections, both within and outside of the US. So long as LPRs remain affected by the EO, it will be legally problematic, at least as it pertains to them.

The Administration tried to undo that damage by having the White House Counsel, Don McGahn, write guidance on how to interpret the EO, basically stopping its application to LPRs. Within the hearing, the attorney representing the states noted that the Administration’s stance toward LPRs had changed about five times. But it was clear the judges were also unimpressed with changes the WHCO, as opposed to the President, made to an EO.

Here’s where they rule that a WHCO can’t just change an EO with policy guidance.

The Government has argued that, even if lawful permanent residents have due process rights, the States’ challenge to section 3(c) based on its application to lawful permanent residents is moot because several days after the Executive Order was issued, White House counsel Donald F. McGahn II issued “[a]uthoritative [g]uidance” stating that sections 3(c) and 3(e) of the Executive Order do not apply to lawful permanent residents. At this point, however, we cannot rely upon the Government’s contention that the Executive Order no longer applies to lawful permanent residents. The Government has offered no authority establishing that the White House counsel is empowered to issue an amended order superseding the Executive Order signed by the President and now challenged by the States, and that proposition seems unlikely.

Nor has the Government established that the White House counsel’s interpretation of the Executive Order is binding on all executive branch officials responsible for enforcing the Executive Order. The White House counsel is not the President, and he is not known to be in the chain of command for any of the Executive Departments. Moreover, in light of the Government’s shifting interpretations of the Executive Order, we cannot say that the current interpretation by White House counsel, even if authoritative and binding, will persist past the immediate stage of these proceedings. On this record, therefore, we cannot conclude that the Government has shown that it is “absolutely clear that the allegedly wrongful behavior could not reasonably be expected to recur.” Friends of the Earth, Inc., v. Laidlaw Envtl. Servs., Inc., 528 U.S. 167, 189 (2000) (emphasis added).

In short, they’re arguing that to make the EO legal with respect to LPRs, the President himself is going to have to change the EO, not McGahn.

As most longtime readers know, I’m obsessed by the way that John Yoo pixie dusted EO 12333 by basically saying the President doesn’t have to modify an EO he is blowing off, by blowing it off he is simply modifying it. In a 2001 opinion (and a 2002 letter to the FISC) he wrote,

[T]here is no constitutional requirement that a President issue a new executive order whenever he wishes to depart from the terms of previous executive order. In exercising his constitutional or delegated statutory powers, the President often must issue instructions to his subordinates in the executive branch, which takes the form of an executive order. An executive order does not commit the President himself to a certain course of action. Rather than “violate” an executive order, the President in authorizing a departure from an executive order has instead modified or waived it.

George Bush used that ruling to be able to disseminate Stellar Wind data even though his EO said you could not disseminate SIGINT.

While this ruling does not directly affect that interpretation, it does suggest that only a President can alter an EO (or, alternately, he must first confirm that someone else modifying it has been delegated the authority to do so). So while it doesn’t entirely shut down the possibility of further pixie dusting, it does make such things harder. It does give people reason to challenge any such changes to an EO.

As I noted the other day, I don’t think John Yoo was so much complaining about Trump’s abuses, as complaining that the way he implemented his abuses might do permanent damage to claims of expansive Executive authority. Let’s hope Trump has already done so by refusing to formally alter an EO his WHCO recognized was vulnerable to legal challenge.