Let’s stipulate that Donald Trump is an incompetent president. Let’s stipulate that his fondness for the Russians exhibits at least naiveté about their intentions, if not out and out compromise. Let’s agree that when he fucks up, it is fair game to scream about it as a way to limit his power. Let’s acknowledge ruefully, again, that the man who got elected heckling “Lock her up!” continues to engage in far more egregious mistreatment of classified information than an email server.

But it’s worth looking at one paragraph in the WaPo story on how Donald Trump shared code word intelligence with the two Russian Sergeys, Foreign Minister Sergey Lavrov and the omnipresent Ambassador to the US Sergey Kislyak last week.

First, some background.

The whole point of the story, which is sourced to “current and former U.S. officials,” just one of whom is described as a former intelligence official (meaning the others could be members of Congress), is that Trump’s actions are particularly egregious because he revealed the city from which ISIS was allegedly plotting a laptop attack on US planes that has led US Homeland Security to consider ineffective bans on laptops in passenger areas of planes.

Trump went on to discuss aspects of the threat that the United States learned only through the espionage capabilities of a key partner. He did not reveal the specific intelligence-gathering method, but he described how the Islamic State was pursuing elements of a specific plot and how much harm such an attack could cause under varying circumstances. Most alarmingly, officials said, Trump revealed the city in the Islamic State’s territory where the U.S. intelligence partner detected the threat. [my emphasis]

Revealing the city, these US officials sharing the information anonymously because of “the sensitivity of the subject” explain, might help ID the US ally or capability involved in revealing this laptop threat.

The identification of the location was seen as particularly problematic, officials said, because Russia could use that detail to help identify the U.S. ally or intelligence capability involved. Officials said the capability could be useful for other purposes, possibly providing intelligence on Russia’s presence in Syria. Moscow would be keenly interested in identifying that source and perhaps disrupting it.

Hmmm. How many cities does ISIS still hold…?

The other problem with sharing this information is that it is not ours to share. This ally gets very frustrated when it discovers we shared information that it hasn’t permitted us to share.

At a more fundamental level, the information wasn’t the United States’ to provide to others. Under the rules of espionage, governments — and even individual agencies — are given significant control over whether and how the information they gather is disseminated, even after it has been shared. Violating that practice undercuts trust considered essential to sharing secrets.

[snip]

At a more fundamental level, the information wasn’t the United States’ to provide to others. Under the rules of espionage, governments — and even individual agencies — are given significant control over whether and how the information they gather is disseminated, even after it has been shared. Violating that practice undercuts trust considered essential to sharing secrets.

The officials declined to identify the ally but said it has previously voiced frustration with Washington’s inability to safeguard sensitive information related to Iraq and Syria.

“If that partner learned we’d given this to Russia without their knowledge or asking first, that is a blow to that relationship,” the U.S. official said.

So: bad to share because this ally gets to veto any sharing of this information, and “if that partner learned we’d given this to Russia without their knowledge or asking first, that is a blow to that relationship.” And especially bad to share the city (even though there can’t be many possibilities) because that would make it easier to figure out the underlying sources and methods.

This stuff is so sensitive, the WaPo explains, that if anyone else were to share it (with an adversary, they caveat), it’d be illegal.

For almost anyone in government, discussing such matters with an adversary would be illegal.

You with me so far? Sharing bad without okay of frustrated ally, sharing location especially bad, illegal if you’re not the President.

Okay. Now read this paragraph:

The Post is withholding most plot details, including the name of the city, at the urging of officials who warned that revealing them would jeopardize important intelligence capabilities.

So multiple people learned of this event, and went out and leaked it (which is illegal to do for most anyone besides the President, the WaPo helpfully notes), not just with the WaPo’s two reporters, but with reporters from Buzzfeed, NYT, WSJ, and more. They leaked it to reporters who they presumably knew would then report it, alerting the frustrated ally that Trump had shared the information, which is a blow to that relationship, and also alerting the frustrated ally that they then proceeded to go leak it more.

I’m confused, is that a blow to that relationship too, leaking the sharing so it can be revealed? Or did, say, the Saudis call up a bunch of members of Congress and former spooks and permit them to leak this to the press so Donald and his close relationship with the Russians can be undermined?

And these sources who are outraged that Trump shared the city where our frustrated ally that shouldn’t learn we’re leaking it without its permission learned of the plot? These sources shared plot details, including the name of the city, with journalists whose job it is to publish stuff like this, though the journalists didn’t share it with us or the Russians.

Now, I’ll grant you, WaPo’s reporters aren’t an adversary (depending on who you ask), though neither are they tasked with keeping a nation that has already lost a plane to ISIS safe. WaPo’s reporters aren’t fighting for power in Syria like Russia (and our frustrated ally), so they can’t personally use this information for advantage there.

So, yeah, it’s different. But these very outraged sources are still sharing the information that it is so outrageous to share.

Me? I’m hoping all this sharing and leaking about sharing will reveal what the underlying threat really is supposed to be. Because some of our frustrated allies have a habit of exaggerating threats so we implement stupid transportation policies and grow ever more reliant on their intelligence that they seem to keep sharing even though it seems to keep getting leaked.

Yesterday, Mike Lee trolled Democrats by suggesting that Merrick Garland, who has a lifetime seat on the DC Circuit, should vacate that and lead the FBI. In a piece explaining how utterly moronic the many Democrats who took his bait are, Dave Weigel explains this is “Why Liberals Lose” — not just because they never press for advantage effectively, but because they so often fall prey when Republicans do.

We live in a golden age of political stupidity, but I’m not being hyperbolic when I say this: The idea of pulling Judge Merrick Garland off the D.C. Circuit federal appeals court and into the FBI is one of the silliest ideas I’ve seen anyone in Washington fall for. It’s like Wile E. Coyote putting down a nest made of dynamite and writing “NOT A TRAP” on a whiteboard next to it. It’s also an incredibly telling chapter in the book that’s been written since the Republican National Convention — the story of how Republicans who are uncomfortable with the Trump presidency gritting their teeth as they use it to lock in control of the courts.

You should definitely read all of Weigel’s piece, which is spot on.

But there are other aspects that the success of Lee’s ploy explain about Why Liberals Lose. First and foremost, it shows how mindlessly Democrats adopt the playing field that Republicans deal them.

I mean, even as Democrats have been pushing for months to use the Russian scandal to impeach Trump, and even at the moment where that actually seems feasible (down the road), most Democrats simply accepted the necessity of replacing Jim Comey and have shifted instead to fighting the worst names being floated, people like Trey Gowdy (an initial trial balloon) and Alice Fisher and Michael Garcia, who’re reportedly being formally considered.

Why are Democrats even accepting that Trump should get to replace Comey?

According to CNBC’s count from mid-April, Trump had filled just 24 of the 554 Senate confirmed positions in government.

Sure, Trump has filled a handful more in the interim month, but Trump is otherwise not in a rush to staff the government. Yet he has immediately turned to replacing Comey.

There is nothing more illegitimate than for Trump to be able to give someone a ten year term as FBI Director because he fired Jim Comey.

Trump is no longer hiding the fact that he fired Comey to try to undercut the Russian investigation. And the timeline is clear: the dinner to which Trump called Comey to twice demand his loyalty took place on January 27.

As they ate, the president and Mr. Comey made small talk about the election and the crowd sizes at Mr. Trump’s rallies. The president then turned the conversation to whether Mr. Comey would pledge his loyalty to him.

Mr. Comey declined to make that pledge. Instead, Mr. Comey has recounted to others, he told Mr. Trump that he would always be honest with him, but that he was not “reliable” in the conventional political sense.

[snip]

By Mr. Comey’s account, his answer to Mr. Trump’s initial question apparently did not satisfy the president, the associates said. Later in the dinner, Mr. Trump again said to Mr. Comey that he needed his loyalty.

Mr. Comey again replied that he would give him “honesty” and did not pledge his loyalty, according to the account of the conversation.

That means it took place the same day of Sally Yates’ second conversation with Don McGahn about FBI’s investigation into Mike Flynn (and by association, I always point out, Jared Kushner).

It was always a pipe dream for Democrats to think they could stave off Neil Gorsuch’s confirmation, in part because you really do need a full panel at SCOTUS.

But for the moment, the FBI will continue to run the same way the rest of government is running: with the acting officials who’re filling in until Trump gets around to filling the spot. Moreover, Andrew McCabe, the Acting FBI Director, is a Comey loyalist who will ensure his initiatives will continue for whatever portion of Comey’s remaining 6 years he gets to serve.

This is important not just for the Russian investigation — it’s important to the future of our democracy. Alice Fisher, for example, would be an even more insanely pro-corporate FBI Director than Comey (former Board Member of HSBC, remember) or Mueller.

Democrats should be out there, loudly and in unison, decrying how inappropriate it would be for Trump to get to replace Comey when everyone watching knows the firing was one of the most corrupt things a President has done in a century.

Instead, they’re falling prey to Mike Lee’s obvious ploys.

Since 2014, I have been trying to alert anyone who would listen about Section 704.

That’s a part of FISA Title VII — the part of FISA that will be reauthorized this year. When Congress passed FISA Amendments Act in 2008, they promised they’d protect US persons overseas by requiring an order to surveil them. Almost always, the section that accomplished that was referred to Section 703, which is basically PRISM for Americans overseas.

Except I discovered when I (briefly) worked at the Intercept that NSA never uses 703. Ever. Which meant that what they use to surveil Americans overseas is somewhat looser Section 704 (or, for Americans against whom there is a traditional domestic FISA order, 705b). Except no one — and I mean literally no one, not in the NGO community nor on the Hill — understood how Section 704 was used.

Exactly a year ago, I laid all this out in a post and suggested that, as part of the Section 702 reauthorization this year, Congress should finally figure out how 704 works and whether there are any particular concerns about it.

It turns out, four months before I wrote that, NSA’s Inspector General had finalized a report showing that in the seven and a half years since Section 704 was purportedly protecting Americans overseas, it wasn’t. The report is heavily redacted, but what isn’t redacted showed that the NSA had never set up a means to identify all 704/705b queries, and so couldn’t reliably oversee whether analysts were following the rules. The report showed that Signals Intelligence Compliance and Oversight only started helping DOJ and ODNI do their compliance reviews of 704/705b in October 2014, by providing the queries they could identify to the reviewers. But not all queries can be audited, because not all the feeds in question can be sent to NSA’s auditing and logging system.

The review itself — conducted from March to August of 2015 on data from the first quarter of that year — showed a not insignificant amount of querying non-compliance.

The 704 compliance problems are a part of the problem with NSA’s decision to shut down upstream surveillance (because 704 collection authorization is one of the things that automatically gets a US person approved for upstream searches]. Though, in her most biting comment in an otherwise pathetic opinion, Chief FISC judge Rosemary Collyer note the failure to tell her about this when 702 certificates were submitted in September or in an October 4 hearing showed a lack of candor.

At the October 26, 2016 hearing, the Court ascribed the government’s failure to disclose those IG and OCO reviews at the October 4, 2016 hearing to an institutional “lack of candor” on NSA’s part and emphasized that “this is a very serious Fourth Amendment issue.”

A review that post-dated the IG Report revealed the problem was even bigger than that. In the compliance section of the report, Collyer noted that 85% of the 704/705b queries conducting using one particular tool (which was rolled out in 2012) were non-compliant.

NSA examined all queries using identifiers for “U.S. persons targeted pursuant to Sections 704 and 705(b) of FISA using the tool [redacted] in [redacted] . . . from November 1, 2015 to May 1, 2016.” Id. at 2-3 (footnote omitted). Based on that examination, “NSA estimates that approximately eighty-five percent of those queries, representing [redacted] queries conducted by approximately [redacted] targeted offices, were not compliant with the applicable minimization procedures.” Id. at 3. Many of these non-compliant queries involved use of the same identifiers over different date ranges. Id. Even so, a non-compliance rate of 85% raises substantial questions about the propriety of using of [redacted] to query FISA data. While the government reports that it is unable to provide a reliable estimate of the number of non-compliant queries since 2012, id., there is no apparent reason to believe the November 2015-April 2016 period coincided with an unusually high error rate.

And NSA was unable to chase down the reporting based off this non-compliant querying.

The government reports that NSA “is unable to identify any reporting or other disseminations that may have been based on information returned by [these] non-compliant queries” because “NSA’s disseminations are sourced to specific objects,” not to the queries that may have presented those objects to the analyst. Id. at 6. Moreover, [redacted] query results are generally retained for just [redacted].

All of which is to say that the authority that the government has been pointing to for years to show how great Title VII is is really a dumpster fire of compliance problems.

And still, we know very little about how this authority is used.

The number of Americans affected is not huge — roughly 80 people approved under 704 plus anyone approved for domestic FISA order that goes overseas (though that would almost certainly include Carter Page). Still, if this is supposed to be the big protection Americans overseas receive, it hasn’t been providing much protection.

In the wake of the Comey firing, particularly given the way Deputy Attorney General Rod Rosenstein let himself serve as a pawn, many people have renewed their call for “a special prosecutor.” In the short term, however, I believe Dana Boente — that is, the status quo — is a better solution.

As a reminder, Dana Boente is the US Attorney of Eastern District of VA. With Rosenstein’s confirmation as DAG, Boente is the last remaining confirmed US Attorney in the United States. Boente’s office is overseeing at least two parts of the Russian investigation: the generalized investigation into Wikileaks, and the investigation into Trump’s campaign. The latter investigation recently issued subpoenas to Mike Flynn associates. There are reportedly parts of the investigation in three other places: some work being done in Main Justice, as well a a team investigating Guccifer 2.0/Shadow Brokers in San Francisco, and a team investigating the Russian hackers in Pittsburgh.

But the bulk of what people think of as “the Russian investigation” — the investigation into Trump’s cronies — is happening in EDVA, overseen by The Last USA.

In addition to reporting up to Rosenstein as DAG and Rosenstein as Acting AG for the Russian investigation, Boente just took over as Acting Assistant Attorney General for National Security Division — the office that reviews things like FISA orders. That means Boente — for better and worse — has more authority, on several levels, than a “Special Counsel” would have.

First, note I use the term “Special Counsel,” not “Special Prosecutor.” Ken Starr was a Special Prosecutor, but in the wake of his fiasco and given persistent questions about the constitutionality of having someone who was totally independent from the structure of DOJ prosecuting people, Congress got rid of the provision supporting Special Prosecutors.

So if Rod Rosenstein wanted to appoint someone “independent” to oversee the Russian investigation, he’d have to use the Special Counsel provision.

While I think it is permissible to hire someone from outside of DOJ to do that job (so it is possible he could call up corporate lawyer Pat Fitzgerald for his third ride on the Special Counsel merry-go-round to, in dramatic fashion, save the investigation undercut by the firing of his good friend Jim Comey), in practice the recent Special Counsel appointments (the UndieBomb 2.0 leak investigation, the StuxNet leak investigation, the John Kiriakou prosecution, the Torture investigation, and the Plame investigation) have all been DOJ prosecutors, either US Attorneys (in all but one case) or an Assistant USA Attorney, in the case of John Durham’s whitewash of torture. Plus, while Fitz is still well-loved at DOJ and FBI as far as I know, if Rosenstein appointed him, I bet Trump would fire him within minutes because he’s sure as hell not going to be “loyal.” And because of Fitz’ past gunning hard for Cheney and Bush, many Republicans might not put up much of a stink there.

If Rosenstein were to adhere to the practice of naming existing DOJ prosecutors, though, it’d mean he’d be choosing between Boente, The Last USA, or an AUSA (perhaps one of the ones who recently reported to him in MD). In both cases, the Special Counsel would report to Rosenstein for AG approvals (as Pat Fitz reported to Jim Comey for the Plame case).

You can see quickly why Boente is the preferable option. First, there’s no reason to believe he isn’t pursuing the investigation (both investigations, into Wikileaks and Trump’s associates) with real vigor. He is a hard ass prosecutor and if that’s what you want that’s what you’d get. His grand jury pool is likely to be full of people with national security backgrounds or at least a predisposition to be hawks.

But — for better and worse — Boente actually has more power than a Special Counsel would have (and more power than Fitz had for the Plame investigation), because he is also in charge of NSD, doing things like approving FISA orders on suspected Russian agents. I think there are problems with that, particularly in the case of a possible Wikileaks prosecution. But if you want concentrated power, Boente is a better option than any AUSA. With the added benefit that he’s The Last USA, which commands some real respect.

Sure. If next week Trump calls Boente to dinner and demands his loyalty on threat of firing, this may change. But the same logic that people are using with a Special Counsel (that if Trump fired that person, maybe then Republicans in Congress would want something more independent) holds for Boente. Firing The Last USA ought to be as incendiary as firing an AUSA, assuming anything will be.

In her opinion approving the April 26 certifications (which may be one of the most unimpressive FISC opinions I’ve read), Rosemary Collyer borrowed heavily on the 2015 authorization in finding this year’s constitutional. As such she refers to Thomas Hogan’s imposition of a reporting requirement for any back door searches “in which FBI personnel receive and review Section 702-acquired information that the FBI identifies as concerning a United States person in response to a query that is not designed to find and extract foreign intelligence information.”

She then describes the one incident reported this year: basically an Agent seeing an email of someone referring to violence toward children. The Agent searched on the person who allegedly committed the violence and the names of the children, only to find the same email again. The Agent reported the suspected child abuse to the local child protective services.

But, she reveals, no one reported this until DOJ’s National Security Division asked about such reporting during their review.

The Court notes, however, that the FBI did not identify those queries as responsive to the Court’s reporting requirement until NSD asked whether any such queries had been made in the course of gathering information about the Section I.F dissemination. Notice at 2. The Court is carrying forward this reporting requirement and expects the government to take further steps to ensure compliance with it.

There are several reasons this is troublesome.

First, the incident would have gone unreported unless someone felt obliged to be honest when asked specifically about it (ODNI/DOJ don’t do reviews in all field offices, so not everyone will get asked).

Moreover, the incident got reported not because it was “receive[d] and reviewe[d],” but because it was disseminated. So there may be a great deal of back door searches that get received and reviewed but because they don’t constitute evidence of a crime, aren’t disseminated, with the consequent paper trail.

Finally, this means certain kinds of criminal searches won’t be reported: those where FBI gets a criminal tip, then looks on their 702 data, only to find something they might use to coerce informants. Information used to coerce informants would suddenly become foreign intelligence information, so no longer subject to the reporting requirement.

To meet the actual requirement from FISC — rather than the one they’re willing to comply with — FBI needs to dramatically restructure the compliance to this reporting requirement, to measure when a search is done for criminal purposes, and then — as soon as an agent conducts that review — gets noticed to the FISC.

Of course, that would require precisely the kind of tracking the FBI has refused to do. Their arbitrary rewriting of this requirement demonstrates why.

Update: In application for certificates submitted on September 26, 2016, DOJ said this about its back door searches:

In a latter filed on December 4, 2015, the government noted that there is no automated way for the FBI to track whether a query is run solely for a foreign intelligence purpose, to extract evidence of a crime, or both. However, the December 4, 2015 letter detailed the processes the FBI put in place to attempt to identify those queries that are run in FBI systems containing raw 702-acquired information after December 4, 2015, that are designed to extract evidence of a crime. In addition, the December 4, 2015 letter explained that FBI had issued guidance to its personnel about this reporting requirement and the process to enable FBI to centrally track such scenarios and report any such queries to NSD that would fall under the reporting requirement described above. Additionally, NSD conducts minimization reviews in multiple FBI field offices each year. As part of these minimization reviews, NSD and FBI National Security Law Branch have emphasized the above requirements and processes during field office training. Further, during the minimization reviews, NSD audits a sample of queries performed by FBI personnel in the databases storing raw FISA-acquired information, including raw section 702-acquired information. Since December 2015, NSD has reviewed these queries to determine if any such queries were conducted solely for the purpose of retaining evidence of a crime. If such a query was conducted, NSD would seek additional information from the relevant FBI personnel as to whether FBI personnel received and reviewed section 702-acquired information of or concerning a U.S. person in response to such a query. Since the above processes were put in place in December 2015, FBI and NSD have not identified any instance in which FBI personnel have received and reviewed section 702-acquired information of or concerning a United States person in response to a query that is not designed to find and extract foreign intelligence information.

There are several key details here.

First, DOJ reported no queries on September 26, which means the query must have happened after that (though it’s not clear whether Collyer’s opinion would reflect the most recent reporting).

It’s also clear DOJ will only find these in spot checks. As DOJ makes clear here (and as was misrepresented at a recent hearing), NSD and ODNI don’t actually visit every FBI office (though I’m sure they hit SDNY, EDNY, DC, EDVA, MD, and NDCA routinely, which are the biggest national security offices). That means there’s not going to be a chance to find many possible queries.

There’s also some fuzzy language here. I’m particularly intrigued by this double usage of “FBI personnel,” as if someone from outside of FBI does review this, perhaps on an analytical contract.

If such a query was conducted, NSD would seek additional information from the relevant FBI personnel as to whether FBI personnel received and reviewed section 702-acquired information of or concerning a U.S. person in response to such a query.

Or perhaps FBI calls up NSA and asks them to access the same content?

Finally, it’s clear the definition FBI is using, with respect to “foreign intelligence, crime, or both” permits generalized queries (in part to see if there’s intelligence to use to coerce someone to be an informant) that could serve either purpose. Such an approach cannot measure how much more often someone more likely to talk with a 702 target — like Muslims or Chinese-Americans — get pursued for crimes after a longer assessment decides against using the person as an informant.

Which is another way of saying that this metric is not measuring what Judge Hogan wanted it to measure.

I Con the Record has released a slew of documents pertaining to last year’s problem with upstream searches, including the opinion ultimately approving new certifications. I’m doing a working thread and suspect I will have concerns about FISC oversight that I haven’t had on past such reviews.

But for now, I’m aghast at this paragraph and accompanying footnote, describing how NSA’s office of compliance and IG were trying to get a grasp on the problems.

In anticipation of the January 31 deadline, the government updated the Court on these querying issues in the January 3, 2017 Notice. That Notice indicated that the IG’s follow-on study (covering the first quarter of 2016) was still ongoing. A separate OCO review, limited in many of the same ways as the IG studies, and covering the periods of April through December 2015 and April through July of 2016, found that some redacted] [improper queries were conducted by [redacted] analysts during those periods.21 The January 3, 2017 Notice stated that “human error was the primary factor” in these incidents, but also suggested that system design issues contributed. For example, some systems that are used to query multiple datasets simultaneously required analysts to “opt-out” of querying Section 702 upstream Internet data rather than requiring an affirmative “opt-in,” which, in the Court’s view, would have been more conducive to compliance. See January 3, 2017 Notice at 5-6. It also appeared that NSA had not yet fully assessed the scope of the problem: the IG and OCO reviews “did not include systems through which queries are conducted of upstream data but that do not interface with NSA’s query audit system.” Id. at 3 n.6. Although NSD and ODNI undertook to work with NSA to identify other tools and systems in which NSA analysts were able to query upstream data, id., and the government proposed training and technical measures, it was clear to the Court that the issue was not yet fully scoped out.

21 NSA further reported that OCO reviewed queries involving a number of identifiers for known U.S. persons who were not targets under Sections 704 or 705(b) of the Act, and which were associated with “certain terrorism-related events that had occurred in the United States.” January 3, 2017 Notice at 6. NSA OCO found [redacted] such queries, [redacted] of which improperly ran against Section 702 upstream Internet data. [redacted] of the improper queries were run in a system called [redacted] which NSA analysts use to of a current or prospective target of NSA collection, including under Section 702. Id. at 6-7. [my emphasis]

This passage seems to reveal several things: that NSA was querying upstream content before identifying whether something could be used as a target (which I suspect means it involved a triage process). It reveals that not all queries are being audited!!!!

And it also reveals that one reason NSA analysts were collecting upstream data is because over three years after DOJ and ODNI had figured out analysts were breaking the rules because they forgot to exclude upstream from their search, they were still doing so. Overseers noted this back in 2013!

NSA [redacted] incidents of non-compliance with this subsection of its minimization procedures, many of which involved analysts inadvertently searching upstream collection. For example, [redacted], the NSA analyst conducted approved querying with United States persons identifiers ([long redaction]), but inadvertently forgot to exclude Section 702-acquired upstream data from his query.

This problem should have been fixed in the first full period when they were doing upstream searches. But for some reason … NSA never did.

Update: This language seems to say that this problem existed for the entire time they were conducting upstream in the 2011 fashion.

In May and June 2016, NSA reported to oversight personnel in the ODNI and DOJ that, since approximately 2012, use of to query communications in had resulted in inadvertent violations of the above-described querying rules for Section 702 information. Id. The violations resulted from analysts not recognizing the need to avoid querying datasets for which querying requirements were not satisfied or not understanding how to formulate queries to exclude such datasets. Id. at 1-2.

In this post, I laid out claims based on Emmanuel Macron’s campaign manager’s claims about having included fakes in the email targeted by hackers. Yesterday, the NYT had a story that explains (and in some small ways, possibly conflicts with) the earlier report on this. In it, Macron’s head of tech Mounir Mahjoubi explained that the campaign had done far more than provide false metadata; they had created entire false accounts with false documents.

“We created false accounts, with false content, as traps. We did this massively, to create the obligation for them to verify, to determine whether it was a real account,” Mr. Mahjoubi said. “I don’t think we prevented them. We just slowed them down,” he said. “Even if it made them lose one minute, we’re happy,” he said.

Mr. Mahjoubi refused to reveal the nature of the false documents that were created, or to say whether, in the Friday document dump that was the result of the hacking campaign, there were false documents created by the Macron campaign.

But he did note that in the mishmash that constituted the Friday dump, there were some authentic documents, some phony documents of the hackers’ own manufacture, some stolen documents from various companies, and some false emails created by the campaign.

“During all their attacks we put in phony documents. And that forced them to waste time,” he said. “By the quantity of the documents we put in,” he added, “and documents that might interest them.”

Mahjoubi has said there were five authentic accounts hacked, which might help to put a scope on the fakes (though he has seemed to say different things about what got faked before, and he had claimed that the Russians had definitively not succeeded, which must now be regarded as affirmative — and understandable — disinformation).

Remarkably, creating a great deal of fake documents sounds like a lot of work, but the NYT also notes Mahjoubi’s department was only 18 people.

With only 18 people in the digital team, many of them occupied in producing campaign materials like videos, Mr. Mahjoubi hardly had the resources to track down the hackers. “We didn’t have time to try to catch them,” he said.

Which, particularly given earlier reports that France’s security services had contacted the Macron campaign, may suggest that DGSE (possibly with the help of NSA, which was providing intelligence in real time) put together the fake documents.

If true, that may suggest the most important part of any fake documents is one Mahjoubi didn’t mention. If I were loading up hackers with a bunch of fake documents, I’d include beacons, to provide a way to track both the hackers and the process by which the hackers distributed documents.

If Macron (or DGSE or some other intelligence agency) did this, I suspect we’ll find real answers to the topics covered in the rest of the story, which claim certain things were fakes due to Russian sloppiness, but given Mahjoubi’s justifiable unwillingness to say what was fake and not may yet prove. As I noted here, I have yet to see convincing evidence that Russian metadata in the documents was accidental, and given the Guccifer precedent, we should in no way assume it is.

In other words, if Macron is tracking these documents, we may find out a lot more shortly (though the French are also better at keeping secrets than American spooks have been of late).

As to the question of my underlying post — whether Macron had fooled Wikileaks, as distinct from a bunch of right wing propagandists who’ve never been remotely bound by facts — the verdict is still out. Given Wikileaks’ ostentatious show of vetting the documents, if Macron can prove fakes that Wikileaks has not itself proven, it will discredit Wikileaks’ ability to claim the ability to vet (and probably give Wikileaks pause in the future).

Still, particularly given the way Wikileaks succeeded in debunking fakes boosted by Democratically aligned sources in October by releasing real versions the day after the fakes, it’s worth noting that deliberate fakes have been released twice, and neither time have they had the full effect they might have had to discredit Wikileaks (in this case, in that Wikileaks never did “publish” as opposed to “link to” the documents). That in and of itself is worth notice. If Macron was more successful (and especially if we come to learn Macron seeded the fake documents with some kind of trackers) this operation may still serve as a deterrent in the future, which would be the best effect possible.

But Macron’s confirmation they faked content may also undercut claims of attribution to Russians.

I’m traveling so I’ll have to lay out my thoughts about the Comey firing later.

But for the moment I want to point to a detail in Monday’s hearing that deserves more attention now.

Early in the hearing, Chuck Grassley asked both Sally Yates and James Clapper if they have ever unmasked a Trump associate or member of Congress. Yates said no, but Clapper revealed he had unmasked someone, but couldn’t say more.

GRASSLEY: OK. I want to discuss unmasking.

Mr. Clapper and Ms. Yates, did either of you ever request the unmasking of Mr. Trump, his associates or any member of Congress?

CLAPPER: Yes, in one case I did that I can specifically recall, but I can’t discuss it any further than that.

GRASSLEY: You can’t, so if I ask you for details, you said you can’t discuss that, is that what you said?

CLAPPER: Not — not here.

Grassley returned to the issue for clarification later on. Clapper said he had asked to have the identity of both a member of Congress and a Trump associate unmasked. But then he said he had only asked on one occasion.

GRASSLEY: Mr. Clapper, you said yes when I asked you if you ever unmasked a Trump associate or a member of Congress. But I forgot to ask, which was it? Was it a Trump associate, a member of Congress, or both?

CLAPPER: Over my time as DNI, I think the answer was on rare occasion, both. And, again, Senator, just to make the point here, my focus was on the foreign target and at the foreign target’s behavior in relation to the U.S. person.

GRASSLEY: OK. How many instances were there, or was there just one?

CLAPPER: I can only recall one.

Finally, Lindsey Graham returned to the issue at the close of the hearing. Clapper confirmed he had made a request to unmask a Trump associate and a member of Congress.

You made a request for unmasking on a Trump associate and maybe a member of Congress? Is that right, Mr. Clapper?

CLAPPER: Yes.

Obviously, there’s plenty of room for confusion in these exchanges, and Clapper has a history of sowing confusion in Congressional testimony.

But if it is true that he has only unmasked one person but that he has unmasked both a Trump associate and a member of Congress, it would suggest he unmasked the identity of a member of Congress who is a Trump associate.

If that’s right, there are several possibilities for who it could be: transition official Devin Nunes, national security advisor Richard Burr, and national security official Jeff Sessions.

But the most likely is Sessions, because we know he was talking to Sergey Kislyak and the intelligence community has pulled their collection on Kislyak.

Even if that’s the case, it’s unsurprising Sessions’ communications with Kislyak have been reviewed and unmasked.

Still, it is a data point from Monday’s hearing that makes Sessions’ role in the firing of Jim Comey worth noting.

Let me preface this post by saying that I’m perfectly willing to accept that Julian Assange is a narcissist, accused rapist, destructive hypocrite serving as a willful tool of Russia. I’m also happy to concede that his role in publishing the DNC and Podesta emails may have played a significant part in getting Donald Trump elected (though I think it’s down the list behind Comey and Hillary’s own (in)actions). Please loathe Julian Assange–that is your right.

But please, also, try to be accurate about him and Wikileaks.

There have been two funny claims about Wikileaks since the leak of hacked emails from Emmanuel Macron associates was announced on 4Chan on Friday. First, analysis of how the hashtag #MacronLeaks spread emphasized that Wikileaks got more pickup than right wing propagandist Jack Posobiec or the other right wing promoters of it.

The most important surge came when WikiLeaks began tweeting the hashtag. The tweet itself was cautious, pointing out that the leak “could be a 4chan practical joke,” but it was retweeted over 2,000 times, compared with over 600 times for Posobiec.

Yet people have taken that to suggest that everyone who shared Wikileaks’ links to the materials were themselves promoting the emails positively. That is, they ignored the extent to which people share Wikileaks tweets critically, which itself added to the buzz about the dump. The surge in attention, in other words, was in part critical attention to what Wikileaks was doing with respect to the leak.

More troubling, still, outlets including NPR claimed that Wikileaks posted the documents (it has since issued a correction).

Finally, there are absurd pieces like this which, after babbling that, “Macron, by contrast, is favored by those who want … a France looking to the future rather than clinging to the fearful and fictional nostalgia promulgated by Le Pen,” states,

Literally at the 11^th hour, before the blackout would silence it, the Macron campaign issued a statement saying it had been hacked and many of the documents that were dumped on the American 4Chan site and re-posted by Wikileaks were fakes.

On top of being poorly edited — Macron’s statement said nothing at all about who dumped the documents — the claims as to both 4Chan and Wikileaks are not technically correct. The documents weren’t dumped on 4Chan, a post on 4Chan included a link to a Pastebin with them. More importantly, Wikileaks didn’t “re-post” them, though it did post magnet links to them.

The importance of the distinction becomes evident just two paragraphs later when the article notes that some of the tweets in which Wikileaks linked to the documents described the vetting process it was undertaking.

Meanwhile, Wikileaks jumped on the document dump, but didn’t seem to be familiar with the material in it. Responding to the Macron statement that some of the items were bogus, Wikileaks tweeted, “We have not yet discovered fakes in #MacronLeaks & we are very skeptical that the Macron campaign is faster than us.”

Curiously, the article doesn’t link to WL’s first tweet, posted less than an hour after the 4Chan post, which said it could be a 4Chan practical joke.

In any case, contrary to what some idiotic readings of this article claim — that Macron succeeded in fooling Wikileaks — in fact, Macron has not succeeded, at least not yet, because Wikileaks has not posted the documents on its own site (Wikileaks could yet claim it had determined the documents to be real only to have Macron present proof they weren’t). Indeed, while Wikileaks expressed skepticism from the start, one thing that really raised questions for Wikileaks was that Macron so quickly claimed to have determined some were fake.

Plus, it’s not actually clear that Macron did fool the hackers who passed them onto the 4Chan source. Here’s the full description from Mounir Mahjoubi, the head of Macron’s digital team, on what their counteroffensive looked like.

“We also do counteroffensive against them,” says Mahjoubi.

[snip]

“We believe that they didn’t break through. We are sure of it,” said Mahjoubi. “But the only way to be ready is to train the people. Because what happened during the Hillary Clinton campaign is that one man, the most powerful, [campaign chairman] John Podesta, logged on to his [fake] page.”

To keep the entire Macron campaign aware of such dangers, Mahjoubi said, “Every week we send to the team screen captures of all the phishing addresses we have found during the week.” But that’s just the first phase of the response. Then the Macron team starts filling in the forms on the fake sites: “You can flood these addresses with multiple passwords and log-ins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out.”

If Mahjoubi was being honest about his certainty the hackers didn’t succeed, then the campaign would have no reason or means to feed disinformation. And the details offered here appear to be about disinformation in response to phishing probes — that is, disinformation about metadata — not disinformation about content.

But now, between the Daily Beast’s gloating and the sharing of it with even less factual gloating, coupled with Macron’s quick declaration that the dump included fake documents, raises real (but potentially unjustified!) questions about whether the campaign added the Cyrillic metadata that got so much attention. Not only has Wikileaks’ vetting process not (yet) been exposed as a fraud, but the reporting may create even more distrust and uncertainty than there was. [Note, I posted a tweet to that effect that I have deleted now that I’m convinced there’s no evidence Macron faked any documents.]

Moreover, even if it is the case that GRU hacked Macron and Wikileaks would have happily published the emails if they passed its vetting process (which are both likely true), Wikileaks didn’t get and post the documents, which itself is worth noting and understanding.

In other words, some inaccuracies — and the rush to gloat against Wikileaks — may actually have been counterproductive to the truth and even the ability to understand what happened.

And this is not the only time. The other most celebrated case where inaccurate accusations against Wikileaks may have been counterproductive was last summer when something akin to what happened with the Macron leak did. Wikileaks posted a link to Michael Best’s archived copy of the AKP Turkish emails that doxed a bunch of Turkish women. A number of people — principally Zeynep Tufekci — blamed Wikileaks, not Best, for making the emails available, and in so doing (and like the Macron dump) brought attention to precisely what she was rightly furious about — the exposure of people to privacy violations and worse. Best argues that had Tufekci spoken to him directly rather than writing a piece drawing attention to the problem, some of the harm might have been avoided.

But I also think the stink surrounding Wikileaks distracted focus from the story behind the curious provenance of that leak. Here’s how Motherboard described it.

Here’s what happened:

First, Phineas Fisher, the hacker notorious for breaching surveillance companies Hacking Team and FinFisher, penetrated a network of the AKP, Turkey’s ruling party, according to their own statement. The hacker was sharing data with others in Rojava and Bakur, Turkey; there was apparently a bit of miscommunication, and someone sent a large file containing around half of akparti.org.tr’s emails to WikiLeaks.

WikiLeaks then published these emails on July 19, and as some pointed out, the emails didn’t actually seem to contain much public interest material.

Then Phineas Fisher dumped more files themselves. Thomas White, a UK-based activist also known as The Cthulhu, also dumped a mirror of the data, including the contentious databases of personal info. This is where Best, who uploaded a copy to the Internet Archive, comes in.

Best said he didn’t check the contents of the data beforehand in part because the files had already been released.

“I was archiving public information,” he said. “Given the volume, the source, the language barrier and the fact that it was being publicly circulated already, I basically took it on faith and archived a copy of it.”

Without laying out all the details here, I think there are some interesting issues about this hack-and-leak that might have gotten more scrutiny if the focus weren’t Wikileaks. But instead, the focus was entirely on what Wikileaks did (or actually, on blaming Wikileaks for what Best did), rather than how the hack-and-leak really happened.

I get that people have the need, emotionally, to attack Assange, and I have no problem with that. But when emotion disrupts any effort to understand what is really going on, it may make it more difficult to combat the larger problem (or, as lefties embrace coverage of the Bradley Foundation based on hacked documents and more mass hack-and-leak reporting gets journalism awards, to set norms for what might be legitimate and illegitimate hack-and-leaks).

If you hate Assange, your best approach may be to ignore him. But barring that, there really is a case for aspiring to factual accuracy even for Wikileaks.

Update: Fixed description of what WL actually linked to — h/t ErrataRob.

Update: This article provides more detail on the hack and Macron’s attempts to counter the hackers.

“Il y a des dossiers qui ont été ajoutés à ces archives. Des dossiers dont on ne sait pas à quoi ils correspondent. Qui ne sont pas des dossiers d’emails, par exemple. Ensuite, il y a des faux emails qui ont été ajoutés, qui ont été complétés. Il y a aussi des informations que nous-même on avait envoyées en contre-représailles des tentatives de phishing !”, a expliqué Mounir Mahjoubi.

So some of the added documents (which, incidentally, are the ones that show Cyrillic metadata) are from someplace unknown, not the five hacked email boxes. There are fake emails, described has “having been completed,” which may mean (this is a guess) the hackers sent emails that were sitting in draft; if so there might be fake emails that nevertheless come with authenticating DKIM codes. The description of what the campaign did — counter-attacks to phishing attempts — is still not clear as to whether it is metadata (faked emails) or content, but still seems most likely to be metadata.

Even as the privacy world has been discussing how NSA got out of one kind of the upstream collection business on April 28, most people overlooked that someone else got out of the upstream collection business almost entirely just a few days later. That’s when Verizon finalized its sale of a big chunk of its data centers — including the ones used for Stormbrew collection — to Equinix. (h/t to SpaceLifeForm for reminding me)

When Equinix announced the $3.6B cash purchase in December, it emphasized the Miami data center — though which much of the traffic from Latin America passes on to the rest of the world — and the Culpepper site serving the National Security world.

• The NAP (Network Access Point) of the Americas facility in Miami is a key interconnection point and will become a strategic hub and gateway for Equinix customer deployments servicing Latin America. Combined with the Verizon data centers in Bogotá and the NAP do Brasil in São Paulo, it will strategically position Equinix in the growing Latin American market.
• The NAP of the Capital Region in Culpeper, VA is a highly secure campus focused on government agency customers, strengthening Equinix as a platform of choice for government services and service providers.

The purchase also expands Equinix’s presence in Silicon Valley.

Mind you, spying infrastructure has continued to evolve since Snowden documents elucidated where the Stormbrew collection points were and what they did. So maybe these data centers are no longer key “chokepoints’ (as the NSA called them) of American spying.

But if they are, then Verizon is no longer the one sifting through your data.