The Yahoos in Brazil Identified in Sergey Cherkasov’s Complaint

/29 Comments/in , , /by

There’s a detail in Greg Miller’s profile of Sergey Cherkasov, the Russian accused of posing under an assumed Brazilian identity and using a SAIS degree to get an internship at the ICC, that confirms something I’ve long assumed: the US has had a hand in the recent roll-up of Russian spies, mostly in Europe.

He was due to start a six-month internship there last year — just as the court began investigating Russian war crimes in Ukraine — only to be turned away by Dutch authorities acting on information relayed by the FBI, according to Western security officials.

[snip]

His arrest last April came at the outset of an ongoing roll-up of Russian intelligence networks across Europe, a crackdown launched after Russia’s invasion of Ukraine that officials say has inflicted greater damage on Kremlin spy agencies than any other effort since the end of the Cold War.

The FBI and CIA have played extensive behind-the-scenes roles in this wave of arrests and expulsions, according to Western officials.

As Miller describes, the Dutch realized that Russians stationed in the Hague were preparing to welcome a new agent, but by then, the US already had an incredibly detailed dossier on him.

On March 31, as he boarded a flight to Amsterdam, neither Cherkasov nor his GRU handlers seemed aware of the net closing in on him. By then, the Dutch intelligence service had picked up its own signals that the Russian Embassy in The Hague was making preparations for the arrival of an important new illegal, according to a Western security official.

Authorities in the Netherlands then received a dossier from the FBI with so much detail about Cherkasov’s identity and GRU affiliation that they concluded the bureau and the CIA had been secretly monitoring Cherkasov for months if not years, according to a Western official familiar with the matter.

Until DOJ charged him last week, this had been largely a European story, with Dutch intelligence crowing about their success at foiling his plans and Bellingcat serially unpacking his public life (though CNN published this story at the time). Significantly, the Dutch published his legend and an explanation of how it might be used, with translations into Dutch and English from the original Portuguese.

As noted below, the US would later source its own possession of the legend to devices seized from Cherkasov on arrest in Brazil.

However, as Brazil gets closer to extraditing Cherkasov back to Russia on a trumped up narcotics trafficking charge, the US stepped in to make their own claim with the criminal charges: multiple counts of fraud, as well as acting as an unregistered foreign power. It’s not yet clear how Brazil will respond to the competing charges. Contrary to some reporting on the charges, DOJ has not yet indicted the case. The complaint has not yet been docketed.

Which is why I wanted to look at the sourcing for the complaint.

Many of the sources in the complaint come via way of Brazil, temporally after the Dutch deported him and the Brazilians arrested him, and so long past the time the US shared “a dossier” from the FBI reflecting months if not years of review. Brazil-sourced evidence includes:

  • A picture taken on Cherkasov’s 2011 immigration into Brazil
  • His Brazilian birth certificate
  • The details behind Brazil’s identity theft charges
  • Items collected — as if for the first time — from devices Cherkasov had with him when he arrived in Brazil, including:
    • The hard drive
    • Thumb drive 1
    • Thumb drive 2
    • Thumb drive 3, including:
      • March 2022 emails of unknown provider with details about a dead drop
      • Details about his dead drop site
      • March 2022 emails about paying for false Portuguese citizenship
      • March 2022 mails about establishing a meeting place
    • Samsung Galaxy Note phone
      • His mother’s Kaliningrad contact
      • 90 contacts with someone whose Telegram account and VKontakte account lead to a 2011 picture of Cherkasov in military uniform and a 2008 picture with friends
      • Contacts from one of those friends to a posted picture in military uniform (a picture also shown in the original Bellingcat profile)
  • Devices collected from the dead drop shared by Brazilian authorities
  • Correspondence between Brazil and Russia about Cherkasov
  • Audio messages between Cherkasov and his fiancée from immediately after his arrest in the Netherlands
  • Post-arrest communications between Cherkasov and his one-time fiancée, at least some of which were photographs of hand-written notes
  • Validation of Cherkasov’s ID in certain photos from FBI agents who met him in 2022 (though these meetings are not explicitly described to have taken place in Brazil)
  • A Bellingcat story debunking the Russian narcotics charges against Cherkasov

The focus on the phone, especially, cites evidence that would be fairly easily collected via other sources, but attributes that evidence to analysis the FBI did only downstream from the Brazilian arrest, and with the assent of Brazil. The complaint doesn’t explain whether these devices were encrypted or even what messaging applications were used, at least on the thumb drives including communications with his handlers. But there’s at least some reason to believe Brazil let FBI take the lead on exploiting those devices.

To be sure, there are items that the US could have collected in the US, whether before or after Cherkasov flew to the Hague, such as an Uber receipt timed to his travel to the dead drop in Brazil and IP addresses tied to US-based cloud providers like Yahoo and Google. Just once does the complaint reference using legal process — a 2017 video from a Moscow airport restaurant, obtained using legal process, reflecting Cherkasov saying goodbye to his mother — though it doesn’t describe what kind (it sounds like it could be iCloud content).

Still, the emphasis on material obtained with subpoenas and investigative steps done while Cherkasov has been in Brazilian custody — whether or not that was the first that FBI obtained such evidence — is one reason I’m interested in the outliers.

This is a document that could form basis to extradite Cherkasov to the US — it seems more than sufficient to make that case. But it’s also a document that might reflect on the kinds of investigations that have contributed to efforts to roll up spies outside of the US.

First, there are details about communications that Cherkasov had, while studying at Trinity College in Ireland and so not a US person at all — via known Section 702 participant, Yahoo!!! — with a tour agent who wrote recommendations for Cherkasov then later worked in Russia’s Consul General and, apparently, the General Consul himself.

CHERKASOV used the Yahoo 1 Account on multiple occasions to contact individual “C2” who was communicating with CHERKASOV from Brazil. C2 communicated with CHERKASOV on numerous matters, including financial matters, between at least July 22, 2016, and December 27, 2019. According to a translation of C2’s curriculum vitae, C2 worked in Brazil at “The General Consulate of the Russian Federation,” for “General Consul [M.G.]”

[snip]

35. Other emails show C2 took direction from another person, M.G., about financial payments that C2 sent to CHERKASOV. In correspondence between C2 and M.G., C2 refers to M.G. as “Mikhail” and the email address is identified in C2’s contacts as “MikhailRussia.” For example, on or about November 30, 2016, C2 forwarded M.G. correspondence from CHERKASOV that indicated another payment to CHERKASOV was imminent. M.G. responded by sending an email to C2 instructing C2 to make a payment to CHERKASOV: “Friend; thank you very much. Let’s do another one on the 14th of December.” According to further correspondence, CHERKASOV was able to receive the original transaction intended via MoneyGram. However, after corresponding to CHERKASOV that C2 would attempt to make transactions via Western Union the following day, financial records indicate C2 attempted to make two separate transactions via Western Union shortly after on December 16 and 18, 2016, for $842.65 and $867.55, respectively, but the funds were never transferred to CHERKASOV. CHERKASOV corresponded on December 19, 2016, that Western Union would not work properly and moving forward, the transactions should be made via Moneygram. C2 corresponded back to CHERKASOV on December 20, 2016, that C2 had sent €750 again via Moneygram to CHERKASOV.

36. C2 also stated in other emails that C2 previously owned a travel agency in Brazil, and that the Russian Federation was one of C2’s best clients. C2 later moved to the Russian Consulate after C2 closed the travel agency.

37. On or about March 8, 2017, C2 wrote a letter of recommendation for CHERKASOV for a university located in Canada. In the letter, C2 indicated FERREIRA worked as a travel consultant for C2 from May 2014 until March 2017, and as a senior event manager in

It’s possible that something Cherkasov did while at SAIS triggered a larger investigation that worked its way back to two likely Russian spies in Brazil. It’s also possible that the investigation started from known subjects in Brazil and thereby discovered Cherkasov.

But one thing these two references do — aside from identify the travel agent later made part of the official Russian delegation, aside from making Cherkasov’s tie to Russian government officials necessary for the 18 USC 951 charge — is put both Brazil and Russia on notice that the US is aware of these two suspected intelligence officers who were or are in Brazil.

Both C2 and the Consult General would have been legal targets for the entirety of the period in question and (as noted) Cherkasov was while he was in both Ireland or Brazil.

Another of the relatively few pieces of evidence unmoored from the Brazil arrest pertains to collection Cherksov shared after taking a SAIS trip to Israel. The details around the reporting — the single use email directing Cherkasov to fly to the Philippines to meet — definitely give the story spy drama.

Just as interesting, however, are the descriptions of the identifiable US (and Israeli) subjects targeted by Cherksov’s collection.

45. On or about January 16, 2020, CHERKASOV, using his D.C.-based phone number, texted with M.S. at a Philippines-based number for M.S. the following:

CHERKASOV: Hey [M],7 I arrived…Where do you want to meet?

[M.S.]: Grab a taxi and ask to drive via skyway.

CHERKASOV: On my way. Will be there in approx. 15 min.

[M.S.]: Ok. Here

CHERKASOV: I can’t find it

[M.S.]: Names?

CHERKASOV: Yea, I’ll text you then when I’m in the airport.

CHERKASOV: Texting you the names.

CHERKASOV: Sent you a list there. Now whom we met.

CHERKASOV: All people from the Jerusalem Embassy, literally every single one, even LGBTQ advisor. [N.G.]8 – security expert, local. I think he is a spook. [?.L.]9 kingmaker’ – [Israeli political] party leader

CHERKASOV: The previous list didn’t sent [sic], I’ll retype it.

CHERKASOV: Can I send it to you email?

CHERKASOV: This SMS shit kills me

[M.S.]: Sure.

46. On or about January 17, 2020, CHERKASOV sent M.S. an email with a screen shot of names, mostly U.S. persons (“USP”), stating the following: Just a list of interesting people that I was talking to you about Experts side: [USP 1]10– DoS, middle Eastern direction advisor the president admin, former [University 1] student.

[USP 2]11– FDD, military security adviros [sic] to the Congress Committee on Intelligence, [USP 3]’s12 assistant. [“TT1”] 13 group: [USP 4]14– [USP 5]15 chair, came only for a day though, [USP 6]16– main guy to call shots, Israeli expert came with small team of his own. [University 1, University 2] student leader: [USP 7]17– Anapolis [sic] Naval Academy Cyber Sec instructor

While just one of the people involved in Cherkasov’s targeting — his SAIS professor, Eugene Finkel — has explicitly spoken out about being duped by Cherkasov, virtually all of these people (and a bunch more described later in the complaint) are likely to be able to identify themselves.

There are a few I suspect I recognize and, if I’m right, they’ve been apologists for Trump’s propaganda about Russia.

Notably, this messaging involved a US-based phone, one not obviously included among the devices seized from Cherkasov when he returned to Brazil. The FBI Agent who wrote the affidavit couldn’t have obtained the messaging in real time — he or she has only worked at the FBI since 2021, and the messaging dates to early 2020. But the affidavit does reference “surveillance that I have conducted.”

In general, the FBI is revealing almost nothing obtained via sensitive sources and methods — that’s one reason the reliance on evidence obtained via Brazil is of interest to me. Given how the US has allowed European countries to take credit for these stings, I find it interesting that the US almost creates the misimpression that it only discovered Cherkasov — that it accessed his legend that the Dutch had upon his arrest — when he arrived in Brazil.

But in just a few spots, the affidavit gives a glimpse of what else the US Intelligence Community might know.

The US has not really taken much credit for helping a bunch of European countries roll up Russian spies (though they’re likely reminding them of the role Section 702 plays in the process). But this document, seemingly released because they had reason to exert legal pressure with a country that is fairly close to Russia, likely serves multiple purposes. While it doesn’t give away a lot, it does hint at far more.

Update, 4/6: The Guardian reported that two suspected Russian illegals, one presenting as Brazilian and the other presenting as Greek-Mexican, disappeared in January.

Halfway through a trip to Malaysia in January, Gerhard Daniel Campos Wittich stopped messaging his girlfriend back home in Rio de Janeiro and she promptly launched a frantic search for her missing partner.

A Brazilian of Austrian heritage, Campos Wittich ran a series of 3D printing companies in Rio that made, among other things, novelty resin sculptures for the Brazilian military and sausage dog key chains.

[snip]

The Brazilian foreign ministry and Facebook communities in Malaysia mobilised to look for the missing man. But Campos Wittich had simply disappeared.

Greece believes Campos Wittich was a Russian illegal with the surname Shmyrev, said the official, while his wife, “Maria Tsalla”, was born Irina Romanova. She married him in Russia before their missions began and took his surname, the Greeks claim. She left Athens in a hurry in early January, just after Campos Wittich left Brazil. Neither have returned.

If I’m right that the FBI chose to use the Cherkasov complaint in part to identify those in Brazil who were running illegals, it may be because the disappearance of another Brazilian illegal in January led the US Intelligence Community to believe Russia had figured out what the US knew.

Tucker’s Putin Envy

/110 Comments/in , , /by

There was a part of the Global Threats Report presented to both the Senate and House Intelligence Committees last week that deserves more attention. In the middle of the section on Russia’s influence operations, the report predicted that Russia will “try to strengthen ties to U.S. persons in the media and politics in hopes of developing vectors for future influence operations.”

It is the judgment of the intelligence community, per the report, that Russia is trying to cultivate “US persons in the media and politics” as part of its foundation for future influence operations.

Russia presents one of the most serious foreign influence threats to the United States, because it uses its intelligence services, proxies, and wide-ranging influence tools to try to divide Western alliances and increase its sway around the world, while attempting to undermine U.S. global standing, sow discord inside the United States, and influence U.S. voters and decisionmaking. Moscow probably will build on these approaches to try to undermine the United States as opportunities arise. Russia and its influence actors are adept at capitalizing on current events in the United States to push Moscow-friendly positions to Western audiences. Russian officials, including Putin himself, and influence actors routinely inject themselves into contentious U.S. issues, even if that causes the Kremlin to take a public stand on U.S. domestic political matters.

  • Moscow views U.S. elections as opportunities for malign influence as part of its larger foreign policy strategy. Moscow has conducted influence operations against U.S. elections for decades, including as recently as the U.S. midterm elections in 2022. It will try to strengthen ties to U.S. persons in the media and politics in hopes of developing vectors for future influence operations.
  • Russia’s influence actors have adapted their efforts to increasingly hide their hand, laundering their preferred messaging through a vast ecosystem of Russian proxy websites, individuals, and organizations that appear to be independent news sources. Moscow seeds original stories or amplifies preexisting popular or divisive discourse using a network of state media, proxy, and social media influence actors and then intensifies that content to further penetrate the Western information environment. These activities can include disseminating false content and amplifying information perceived as beneficial to Russian influence efforts or conspiracy theories. [italicized bold original, underline my emphasis]

This is not new news. Obviously Russia has been cultivating both journalists and politicians in recent years, often by inviting them for big shindigs in Russia, after which, over the course of years, they come to spout more and more Russian propaganda uncritically.

It’s is noteworthy that the IC stuck this detail amid discussions about election interference and Ukraine mobilization, because Russia has had renewed success of late getting entertainers and politicians to magnify inflammatory and often false claims about Ukraine.

The judgement came out the same week that Tucker Carlson (whose Ukraine invasion anniversary special was breathtaking even by his standards of propaganda) provided more details of the time, in summer 2021, he was informed that the NSA had discovered his back channel contacts to Putin.

The story starts when Tucker squeals that he’s envious of the podcasters because they got to go to Russia, but he might be arrested if he went. Throughout the show, his interviewers operate on the assumption that Russia is the threat to Tucker, but he suggests State or FBI is.

Tucker: Now I’m envious.

[snip]

Full Send: But everyone told us not to go obviously, but. We knew we were with good people. So after that, it was all good, but.

Tucker: Oh, I want to go. I’ve never been there!

Full Send: You feel it though, it is real scary. There’s like military checkpoints.

Tucker: Oh yeah!

Full Send: It’s … it’s serious shit.

Full Send 2: Would you have gone with him or no?

Tucker: I can’t go to Russia. I honestly think I would be arrested.

Full Send: Yeah, they get you.

Tucker: Which is outrageous because, I’m a journalist, and I’ve been all over the world. I feel like I’ve been everywhere except Russia. And Russia is a combatant in a war that’s changing the world, and like I should go see it. And I was planning it and then I got stopped by the US government from doing it.

Full Send: Oh, you were gonna go? What were going to do?

Tucker: Interview Putin. Why wouldn’t I?

Full Send: You had it set up? Damn!

Tucker: I was working on it and then they broke into my text messages — the NSA broke into my Signal account, which I didn’t know they could do —

Full Send: Oh so Signal’s not even safe!

Tucker: Signal is not safe. It’s not safe. Signal’s not safe.

Full Send: I know people think WhatsApp’s safe.

Tucker: WhatsApp?!?! WhatsApp is not — you know what’s safe? And ask any mafia Don. Park your car in front of the liquor store. Leave your phone in the vehicle, in your Caprice Classic, and walk out behind the liquor store, in the vacant lot back there with the WINOs, to talk to the person you want to talk to.

Full Send 2: How many times have you done that?

Tucker: Zero. Cause I’m like lazy. I’m like whoa! And I’m — actually I always say to myself, I’m not hiding anything. I don’t have a secret life. I’m pretty upfront. And some people like it and some people don’t. Of course, but, I’m not hiding anything. But I was definitely hiding my plan to go interview Putin, just because it’s an interview. It’s no one’s business.

Full Send 2: So how did that happen? How do you know the NSA broke into your Signal?

Tucker: Because they admitted it.

Full Send: Really?

Tucker: Oh yeah!

Full Send: Can you tell us about it? Like how did you find out?

Tucker: I got a call from somebody in Washington who’s — who would know. Just trust me. So I went up there for another reason. But this person said, you know, you going to come to Washington anytime soon? This was a year and a half ago, and I was like, yeah, actually I’m going to be up in a week. He’s like, meet me Sunday morning. So weird. Like, who does that? Just text me, you know what I mean? Just text me. No. So I go and this person’s like — and this is someone who would know — Um, are you planning a trip to go see Putin? This was the summer before the war started. I was like, how would you know that? I haven’t told anybody that, I mean, anybody. Not my brother, not my wife, nobody. Just because, you know, it’s one of a million things you’re working on, but that was one of them. I want to go interview Putin. Why wouldn’t I want to go interview Putin?

Full Send 2: Of course.

Tucker: I want to interview Xi, I want to interview everybody. Right? That’s kind of my job.

Full Send: We want to get Kim Jong Un on here one day.

Tucker: Of course! Of course! We met him.

Full Send: You did? We gotta talk about that. Holy shit.

Tucker: Yup. Super interesting. But anyway, um, how would you know that? Because NSA pulled your texts with this other person you were texting. How did you know that? And so I immediately, I was intimidated, I’m embarrassed to admit, but I was, I was completely freaked out by it. I called a US Senator, who I know — not that well, but it seems like a trustworthy person, and I told him the story, I just want to tell you this, and then I went on TV on Monday and I’m like this happened. And so they had — Congress asked NSA and NSA’s like, yes we did this, but for good reason. What would be a good reason to read my — you know, what? But the head of NSA, it’s fine, cause everyone’s in on it, Republicans and Democrats are all in on it. And by it I mean the assumption that there’s no privacy whatsoever, that they have a right to know everything you’re saying and thinking,

Full Send: That shit’s scary.

Tucker: And that’s just not a right as far as I’m concerned. By the way, if you have no privacy you have no freedom. [my emphasis]

Parts of Tucker’s commentary provides more detail on the incident than previous reporting did, which I covered here and here. As Jonathan Swan reported, the IC collected communications showing a back channel effort to set up a meeting with Putin.

Tucker Carlson was talking to U.S.-based Kremlin intermediaries about setting up an interview with Vladimir Putin shortly before the Fox News host accused the National Security Agency of spying on him, sources familiar with the conversations tell Axios.

[snip]

The intrigue: Two sources familiar with Carlson’s communications said his two Kremlin intermediaries live in the United States, but the sources could not confirm whether both are American citizens or whether both were on U.S. soil at the time they communicated with Carlson.

  • This is relevant because if one of them was a foreign national and on foreign soil during the communications, the U.S. government wouldn’t necessarily have had to seek approval to monitor their communications.

On Maria Bartiromo’s show in 2021, Tucker pointed to what was undoubtedly reporting done in the wake of his initial story — quite likely Swan’s own story (indeed, Tucker could well be one of Swan’s two sources) — and claimed it was proof the NSA was leaking information about him.

In the Bartiromo appearance, Tucker spoke in terms of a single email arranging an imminent trip to Russia.

In last week’s podcast, in addition to reiterating that Tucker is not trying to hide anything but oh yeah he was trying to hide his back channel to Putin, even from his spouse, Tucker adds two details: After he learned about it, he reached out to a (male) Senator to look into it, and the communications obtained include Signal texts, not just a single email.

In the past, I had suggested that Tucker’s tipster might be a member of Congress — a Gang of Eight member like Devin Nunes or Kevin McCarthy — or someone close to them (like Kash Patel). The fact that Tucker called a Senator in response (then Chair of the Senate Intelligence Committee Marco Rubio would make sense given the details he provides), and not someone he was closer to like Nunes, makes it more likely his initial tipster had a tie to the House. The focus on the Senate response may suggest this came up again in the Global Threats hearing, during the closed session.

The detail that, per Tucker, in addition to the email he sent about arranging a then-imminent trip to Russia, they also got Signal texts is more interesting, but it doesn’t mean he was the target or that they broke into his phone.

It does suggest that there could have been two different tracks going on: the discussion, over email, about a trip to Russia, one his producer knew about, and another more sensitive discussion going on via Signal.

We do know, however, that Tucker hasn’t hidden past interview preparation. Indeed, his outreach to Viktor Orbán was quite overt and gleeful. So his explanations about why he would want to hide preparation for a Putin interview don’t hold up.

Remember: When Tucker sent his now former investigative producer to try to FOIA this information from NSA (via a FOIA that was guaranteed to fail), he asked for 30 months of data, going back to January 1, 2019. That’s more than a single email to set up a meeting with Putin.

Rather than taking this as a tip that the back channels via which he was (at least) trying to set up a meeting with Putin are considered — even by Republican Senators — legitimate intelligence targets, possibly Russian spies, Tucker has instead spun up conspiracy theories. And that has, in turn, led him to suggest he faces a bigger threat from the US State Department than he would from Russian military checkpoints.

Update: On Twitter, MD suggested that Rand Paul may have been the Senator Tucker approached, given that he wrote a letter to General Nakasone. It’s an interesting possibility, especially given Russia’s cultivation of Rand and his father as well as the suggestion that whatever Senator he approached was ultimately satisfied with the explanation.

“The Rule of Law is not assured:” The Cascading Constitutional Crisis Judge Aileen Cannon Deliberately Created

/246 Comments/in , , /by

See the important correction about the scope of DOJ’s motion for a stay, below. I’ve corrected this post in italics.

There will be some timeline clashes this week in the Trump stolen document case, each of which could spiral into a Constitutional crisis.

They arise, in part, from Judge Aileen Cannon’s order that Judge Raymond Dearie start his review of the documents with those marked classified.

The Special Master and the parties shall prioritize, as a matter of timing, the documents marked as classified, and the Special Master shall submit interim reports and recommendations as appropriate.

That’s because DOJ’s motion for a stay of Cannon’s order enjoining DOJ from doing any investigative work and sharing classified information — which was filed at 9:03PM on Friday — and any other yet-to-be-filed appeal of (parts of) her order will be proceeding even as Dearie scrambles to meet Cannon’s first deadline: to have a schedule in place by September 25.

Within ten (10) calendar days following the date of this Order, the Special Master shall consult with counsel for the parties and provide the Court with a scheduling plan setting forth the procedure and timeline—including the parties’ deadlines—for concluding the review and adjudicating any disputes.

On Saturday at 7:03PM — just over 22 hours after DOJ’s filing — the 11th Circuit ordered Trump to file his opposition to the motion for a stay by Tuesday at 12PM.

That deadline comes just two hours before a first meeting Judge Dearie scheduled in his courtroom in Brooklyn at 2PM on Tuesday.

Counsel are directed to appear before the undersigned in Courtroom 10A-S of the Brooklyn Federal Courthouse on Tuesday, September 20, 2022 at 2:00 PM for a preliminary conference in the above-captioned matter.

Counsel are invited to submit proposed agenda items for discussion by docketed letter to be filed before the close of business on Monday, September 19, 2022.

The 11th Circuit seems poised to move quickly. But unless they granted a stay as quickly as they ordered Trump to file, it would not stay the Special Master process.

Until they rule, though, Dearie will necessarily move towards taking some of the steps laid out in this thread from SecretsAndLaws:

  • Finding a SCIF, probably in Brooklyn, to make the classified files available and transferring them by hand
  • Finding a place to store the remaining seized 12,904 items and shipping them
  • Clearing and providing work facilities for anyone who will have to access the classified documents

SecretsAndLaw didn’t consider one aspect of Cannon’s order. Read literally, with the exception of the 64 potentially privileged documents, she required DOJ to share the originals of the seized material with Dearie, not copies.

That’s likely something DOJ will ask to clarify on Tuesday. It’s solvable, sort of. DOJ can likely find a SCIF in the EDNY Courthouse or US Attorney’s Office. But that’s already a tremendous ask: that the government turn over the original copies of highly sensitive documents lawfully seized with a warrant to another branch of government.

It’s the clearance process that will lead to conflict.

As DOJ noted in their motion for a stay, Trump’s lawyers may be witnesses to the crimes under investigation.

Yet the district court here ordered disclosure of highly sensitive material to a special master and to Plaintiff’s counsel—potentially including witnesses to relevant events—in the midst of an investigation, where no charges have been brought. Because that review serves no possible value, there is no basis for disclosing such sensitive information.

We already know Evan Corcoran is — at least — a witness. But a passage in the warrant affidavit unsealed last week reveals that it called Christina Bobb “PERSON 2” (Mark Meadows is the best candidate to be “PERSON 1,” because we know he was directly involved with returning, or not, documents to NARA earlier this year). Given that it refers to Corcoran as “FPOTUS COUNSEL 1,” there’s the possibility there’s an “FPOTUS COUNSEL 2” discussed as well (the FBI agent did not use numbers for all descriptors; it called Jay Bratt “DOJ COUNSEL,” with no number). If that’s right, it may mean Jim Trusty — the only one of Trump’s lawyers known to have held clearance in recent years and unlike Chris Kise, already representing Trump on August 5 when the affidavit was written — also made himself a witness in this investigation.

Meanwhile in 2020, Kise — the guy Trump just uncharacteristically ponied up a $3 million retainer to — registered under FARA to represent Venezuela on sanctions issues before Treasury. That would normally make him ineligible for a clearance, much less one to access some of the most sensitive documents the US owns.

In other words, it’s possible that none of Trump’s attorneys, not even Jim Trusty, are eligible for clearance in this matter. And when I say ineligible, it’s not a close call. There’s no reason DOJ should be forced to share these materials with someone who was an agent of a foreign power. There’s even less reason to share them with someone who might be implicated in obstruction himself. In a normal situation, Trump would be told to go find a lawyer with clearance (with the added benefit, to him, that they might know a bit about national security law).

DOJ routinely refuses to make classified materials available in civil suits. And anytime someone tries to order them to do so, they jump through a great many hoops to avoid doing so. In the al-Haramain case suing for illegal surveillance under Stellar Wind, one that has many direct applications to this one, that was true even when the plaintiff had already seen the classified document, as Trump has. In al-Haramain, there was even a cleared lawyer, Jon Eisenberg, with no ties to al-Haramain’s suspect activities, whom the government resisted sharing the key document in question.

The government will do — historically, has done — a great deal to avoid the precedent of a District Court judge ruling that it needs to grant even cleared lawyers the Need to Know very classified information.

And I have no reason to believe it will be different here.

All of this wouldn’t necessarily pose a risk of Constitutional crisis if not for a tactic that Judge Cannon has already used to create a harm that she can insist on remedying.

As I’ve noted, twenty days ago, DOJ asked for permission to share the items they had determined to be potentially privileged with Trump’s lawyers so they could begin to resolve those issues. Twenty days!!

But Cannon prohibited DOJ from doing so, because she wanted to deal with this all “holistically.”

MR. HAWK: We would like to seek permission to provide copies — the proposal that we offered, Your Honor, provide copies to counsel of the 64 sets of the materials that are Bates stamped so they have the opportunity to start reviewing.

THE COURT: I’m sorry, say that again, please.

MR. HAWK: The privilege review team would have provided Bates stamped copies of the 64 sets of documents to Plaintiff’s counsel. We would like to seek permission from Your Honor to be able to provide those now, not at this exact moment but to move forward to providing those so counsel has the opportunity to review them and understand and have the time to review and do their own analysis of those documents to come to their own conclusions. And if the filter process without a special master were allowed to proceed, we would engage with counsel and have conversations, determine if we can reach agreements; to the extent we couldn’t reach agreements, we would bring those before the Court, whether Your Honor or Judge Reinhart. But simply now, I’m seeking permission just to provide those documents to Plaintiff’s counsel.

THE COURT: All right. I’m going to reserve ruling on that request. I prefer to consider it holistically in the assessment of whether a special master is indeed appropriate for those privileged reviews.

In her order denying DOJ’s request for a stay of her injunction (and several times before that), Cannon pointed to precisely these reserved potentially privileged items to find a harm to Trump that she needed to address.

To further expand the point, and as more fully explained in the September 5 Order, the Government seized a high volume of materials from Plaintiff’s residence on August 8, 2022 [ECF No. 64 p. 4]; some of those materials undisputedly constitute personal property and/or privileged materials [ECF No. 64 p. 13]; the record suggests ongoing factual and legal disputes as to precisely which materials constitute personal property and/or privileged materials [ECF No. 64 p. 14]; and there are documented instances giving rise to concerns about the Government’s ability to properly categorize and screen materials [ECF No. 64 p. 15]. Furthermore, although the Government emphasizes what it perceives to be Plaintiff’s insufficiently particularized showing on various document-specific assertions [ECF No. 69 p. 11; ECF No. 88 pp. 3–7], it remains the case that Plaintiff has not had a meaningful ability to concretize his position with respect to the seized materials given (1) the ex parte nature of the approved filter protocol, (2) the relatively generalized nature of the Government’s “Detailed Property Inventory” [ECF No. 39-1], and (3) Plaintiff’s unsuccessful efforts, pre-suit, to gather more information from the Government about the content of the seized materials [ECF No. 1 pp. 3, 8–9 (describing Plaintiff’s rejected requests to obtain a list of exactly what was taken and from where, to inspect the seized property, and to obtain information regarding potentially privileged documents)] [my emphasis]

I’ve written about how Cannon outright invented the claim that the medical and tax records were personal property. Both inventories thus far provided to Trump comply with the law (and, importantly, Custodian of Records Christina Bobb signed the first with no complaint about the accuracy or level of detail, arguably waiving any complaint).

But the single solitary reason why the filter protocol remained unavailable to Trump’s team on September 15, when Cannon wrote this order, is because she prohibited DOJ from sharing it with Trump over two weeks earlier.

Cannon, personally, created the harm, then used that harm to justify her intervention to address it.

And if you don’t think she plans to use the harm she created to justify continued intervention, consider that she still hasn’t ruled on DOJ’s request to unseal the privilege team status report, filed over ten days ago, which would be necessary for DOJ to address this ruse before the 11th Circuit (and rebut her false claims that the filter team missed anything). And she ordered Dearie — “shall” — to first address the classified documents even while acknowledging that her order was going straight to the 11th Circuit.

The Government advises in the Motion that it will seek relief from the United States Court of Appeals for the Eleventh Circuit “[i]f the Court does not grant a stay by Thursday, September 15” [ECF No. 69 p. 1]. Appreciative of the urgency of this matter, the Court hereby issues this Order on an expedited basis.

Ordering Dearie to start with the classified documents feigned reasonableness on Cannon’s part. But what it also did is ensure these separation of powers issues come to a head within days, not weeks, possibly before any 11th Circuit ruling.

A reasonable judge, someone genuinely interested in a third party reviewing this stuff as expeditiously as possible, would start with the items already identified as potentially privileged, because that’s the single set of documents that does not implicate any separation of powers issues (and also the single set of documents that is virtually guaranteed not to be included in DOJ’s appeal).

So in addition to the motion for a stay and, at some point, the actual appeal of other parts of Cannon’s order — with complaints about the order to review classified documents, review for executive privilege, and the order prohibiting criminal charges, all of which Cannon concedes are Executive Branch authorities even while she usurps authority to override the Executive — the way Cannon has set this up may elicit several other appeals of the implementation of her order, separate from the initial appeal of the order itself:

  • To turn over possession of materials owned by the Executive Branch to Dearie
  • To clear Trump’s lawyers and anyone else not otherwise eligible for clearance
  • To grant those people Need to Know the contents of these documents

Ironically, Cannon’s Constitutional arrogance may hasten precisely the thing she claims to be preventing.

That’s because the single quickest way to avoid all these problems would be to charge Trump if and when the 11th Circuit (or SCOTUS) grants a stay of her injunction. As soon as that happens, all of this review would get moved under the District Court judge overseeing the criminal case (and Cannon’s intransigence makes it more likely DOJ would file such a case in DC).

DOJ really could not charge Trump on Espionage until that time (or until they seize other classified documents he has been hoarding, which they allude to in their motion for a stay). That’s because the the key proof that Trump refused to give the classified documents back is the failure to comply with the May 11 subpoena. Even any obstruction charge might require possession of (not just permission to use) the actual documents to prove the case. But DOJ may hasten such a decision at such time as they are permitted, to avoid the other Constitutional problems Cannon deliberately created.

As we have all that to look forward to this week, it’s worth watching or reading the remarkable speech Merrick Garland made with little fanfare at Ellis Island on Saturday, after he administered the Oath of Allegiance to new citizens. After contemplating that his grandmother would not have survived the Holocaust if not for the Rule of Law in the United States, Garland focused on its fragility.

My grandmother was one of five children born in what is now Belarus. Three made it to the United States, including my grandmother who came through the Port of Baltimore.

Two did not make it. Those two were killed in the Holocaust.

If not for America, there is little doubt that the same would have happened to my grandmother.

But this country took her in. And under the protection of our laws, she was able to live without fear of persecution.

I am also married to the daughter of an immigrant who came through the Port of New York in 1938.

Shortly after Hitler’s army entered Austria that year, my wife’s mother escaped to the United States. Under the protection of our laws, she too, was able to live without fear of persecution.

That protection is what distinguishes America from so many other countries. The protection of law – the Rule of Law – is the foundation of our system of government.

The Rule of Law means that the same laws apply to all of us, regardless of whether we are this country’s newest citizens or whether our [families] have been here for generations.

The Rule of Law means that the law treats each of us alike: there is not one rule for friends, another for foes; one rule for the powerful, another for the powerless; a rule for the rich, another for the poor; or different rules, depending upon one’s race or ethnicity or country of origin.

The Rule of Law means that we are all protected in the exercise of our civil rights; in our freedom to worship and think as we please; and in the peaceful expression of our opinions, our beliefs, and our ideas.

Of course, we still have work to do to make a more perfect union. Although the Rule of Law has always been our guiding light, we have not always been faithful to it.

The Rule of Law is not assured. It is fragile. It demands constant effort and vigilance.

The responsibility to ensure the Rule of Law is and has been the duty of every generation in our country’s history. It is now your duty as well. And it is one that is especially urgent today at a time of intense polarization in America.

Having started the speech focused on his forebears, the Attorney General closed by addressing the urgency of “doing what is difficult” for the generations of Americans who come after us.

On this historic day and in this historic place, let us make a promise that each of us will protect each other and our democracy.

That we will honor and defend our Constitution.

That we will recognize and respect the dignity of our fellow Americans.

That we will uphold the Rule of Law and seek to make real the promise of equal justice under law.

That we will do what is right, even if that means doing what is difficult.

And that we will do these things not only for ourselves, but for the generations of Americans who will come after us.

And then — even as the former President was riling up his cult in Ohio — the Attorney General was contemplating, on the verge of tears, that the rule of law is not assured.

Things could get really crazy in weeks ahead.

Update: I’ve been corrected about something in DOJ’s motion for a stay: They requested that the 11th Circuit stay both Cannon’s injunction and her order that they share classified information with Trump.

Although the government believes the district court fundamentally erred in appointing a special master and granting injunctive relief, the government seeks to stay only the portions of the order causing the most serious and immediate harm to the government and the public by (1) restricting the government’s review and use of records bearing classification markings and (2) requiring the government to disclose those records for a special-master review process. This Court should grant that modest but critically important relief for three reasons.

Six Data Points about the CIA Dragnet

/14 Comments/in , /by

Last week, Ron Wyden and Martin Heinrich released a declassified letter they wrote last April, describing a CIA bulk program that had not been fully briefed to the Intelligence Committees, which violated the spirit and understanding of efforts to shut down bulk collection.

This history demonstrates Congress’s clear intent, expressed over many years and through multiple pieces of legislation, to limit, and in some cases, prohibit the warrantless collection of Americans’ records, as well as the public’s intense interest in and support for these legislative efforts. And yet, throughout this period, the CIA has secretly conducted it own bulk program [redacted]. It has done so entirely outside the statutory framework that Congress and the public believe govern this collection, and without any of the judicial, congressional or even executive branch oversight that comes with FISA collection.

I’ve been hesitating writing about it. That’s true, because it’s not the least little surprise to me. I’ve written a series of pieces describing how the self-congratulatory pieces claiming legislation passed in the wake of Snowden’s leaks won’t do what they say. I pointed out some of what PCLOB was likely to find when they started this review.

Then there’s bullet 4, which suggests CIA and/or NSA are collecting “within the United States or from U.S. companies.”

With regards collection “within the US,” Mayer’s post is helpful here too, pointing to loopholes for wireless and satellite communication.

The law that results is quite counterintuitive. If a communication is carried by radio waves, and it’s one-end foreign, it falls under Executive Order 12333. If that same communication were carried by a wire, though, it would fall under FISA. (Specifically, the Section 702 upstream program.)

As for how this Executive Order 12333 authority might be used beyond satellite surveillance, I could only speculate. Perhaps intercepting cellphone calls to or from foreign embassies?12 Or along the national borders? At any rate, the FISA-free domestic wireless authority appears to be even broader than the Transit Authority.

As far as collection outside the US, this may simply be a reference to providers voluntarily providing data under 18 U.S.C. § 2511(2)(f), as we know at least some of the telecoms do.

I pointed out that a consideration of the risks of surveillance under EO 12333 to US persons had to consider CIA’s use of it (then got yelled at because I pointed out enormous blindspots in “expert” reports). I noted that when cautioning about the dragnet Donald Trump would wield, you had to consider EO 12333.

I mean, there’s been a whole lot of self-congratulation since Snowden. And it has all been just that, something to brag to donors about. Because EO 12333 was always out there, and it was always possible to do virtually all of what Snowden exposed in the Section 215 program via EO 12333.

Add that to the list of unpopular things I have said over the years that leads “experts” to prefer to ignore me.

So I assume this will be ignored like all those other warnings of precisely this moment.

Here’s where I would propose to go find the CIA dragnet.

CIA always wanted to restore its Stellar Wind component

First, remember there was a CIA component to Stellar Wind, the first dragnet set up for counterterrorism (which this program is). CIA had to do its own IG Report on Stellar Wind.

Remember that one of Bill Binney’s gripes about how NSA repurposed his surveillance was that they eliminated the encryption hiding US person identifiers, effectively making it easy to spy on US persons.

Now consider that on July 20, 2004, the CIA took the lead on pushing for the adoption of “supplemental procedures” allowing the analysis of US person metadata under EO 12333. July 20, 2004 was days after Jack Goldsmith, who had shut down parts of Stellar Wind, resigned, and the agencies immediately moved to start turning all the programs he had shut down (including both surveillance and torture) back on.

It took years to restore that access to US person data (I have a theory that Alberto Gonzales was fired because he refused to reauthorize it). But starting in 2007, expanding  in 2009 (at a time when the Section 215 program was under threat), and then fully implementing in 2011 (after NSA had to shut down the PRTT program knowing full well it violated John Bates upstream order), SPCMA was rolled out.This meant that, so long as data was collected via whatever means overseas, US person metadata could be included in the analysis.

The government has been preserving its ability to use 18 U.S.C. § 2511(2)(f)

Over a series of IG Reports written by Glenn Fine, I honed in a memo that David Barron (the OLC head who, under Obama, played a similar role as John Yoo did for George Bush) wrote seemingly authorizing using 18 U.S.C. § 2511(2)(f) to get “international” data from telecoms provided voluntarily. In 2013, David Kris confirmed that that had been happening.

In March 2021 — so before he wrote the letter just declassified but after he was briefed by PCLOB on the report on the CIA dragnet — the Congressional Research Service wrote a report on 18 U.S.C. § 2511(2)(f) for Senator Wyden. It describes how it works as an exception to FISA and other criminal laws.

Accordingly, Section 2511(2)(f) identifies two broad categories of government activities that are exempt from Title III, the SCA, the Pen Register statute, and section 705 of the Communications Act of 1934:27 (1) the “acquisition by the United States Government of foreign intelligence information from international or foreign communications”; and (2) “foreign intelligence activities conducted in accordance with otherwise applicable Federal law involving a foreign electronic communications system.” These two categories are further qualified so that the exception only applies if: (3) the acquisition or the foreign intelligence activity is not “electronic surveillance” as defined under FISA; and (4) an “exclusivity” clause states that ECPA, the SCA, and FISA shall be the exclusive means by which electronic surveillance and the interception of domestic wire, oral, and electronic communications may be conducted. Each of these clauses is discussed in more detail below.

It describes that some things don’t count as an “acquisition” under FISA, such as something obtained from a telephone instrument being used in the ordinary course of business.

Therefore, some intelligence activities that qualify as “acquisitions” for purposes of Section 2511(2)(f) may not qualify as “electronic surveillance” under FISA because the acquisition is not accomplished through an electronic, mechanical, or other surveillance device. Although FISA does not define this phrase, ECPA provides a definition of “electronic, mechanical, or other device” to mean “any device or apparatus which can be used to intercept a wire, oral, or electronic communication.”46 However, this definition expressly excludes “any telephone or telegraph instrument, equipment or facility, or any component thereof” that is “being used by a provider of wire or electronic communication service in the ordinary course of its business.”47

This is the kind of language that was used to treat bulk metadata as a mere business record under Section 215 after the government stopped relying exclusively on voluntary production. The bulk telephony data of all Americans was just a business record.

The report written for Ron Wyden during the same period he was writing the now unclassified letter also notes that “exclusivity” only applies to “domestic” communications, not stuff acquired overseas.

The exclusivity clause is first directed at interception of domestic communications, which would not appear to be affected by the previous disclaimers regarding acquisition of foreign and international communications or foreign intelligence activities directed at foreign electronic communications systems.

In other words, if telephone companies want to voluntarily give the records they otherwise keep to the IC for the purpose of foreign intelligence, it fits in this loophole. And given the realities of telecommunication, a huge percentage of “domestic” communications can be obtained overseas.

In 2013, NYT reported that AT&T was providing CIA call records

In 2013, as a bunch of different dragnets were being disclosed while everyone was looking exclusively at Section 215 and right after Kris had confirmed this application of 18 U.S.C. § 2511(2)(f),  Charlie Savage described that the CIA had its own dragnet based on telephone records purchased from AT&T.

The C.I.A. is paying AT&T more than $10 million a year to assist with overseas counterterrorism investigations by exploiting the company’s vast database of phone records, which includes Americans’ international calls, according to government officials.

The cooperation is conducted under a voluntary contract, not under subpoenas or court orders compelling the company to participate, according to the officials. The C.I.A. supplies phone numbers of overseas terrorism suspects, and AT&T searches its database and provides records of calls that may help identify foreign associates, the officials said. The company has a huge archive of data on phone calls, both foreign and domestic, that were handled by its network equipment, not just those of its own customers.

Legally, this dragnet would fit solidly in the 18 U.S.C. § 2511(2)(f) loophole.

Obama’s codification of EO 12333 in his final days

Insanely, Obama finished the process of reconstituting the Stellar Wind program in his final days. He did so, I’ve been told, in an effort to put guidelines in place (for example, Loretta Lynch adopted rules that you couldn’t use EO 12333 data for political purposes, as if that would restrain Donald Trump). But I emphasized then precisely what Wyden and Heinrich are emphasizing now. There’s no oversight.

Which brings us to whether the EO sharing procedures, as released, might bind Trump anymore than EO 12333 bound Bush in 2001.

In general, the sharing procedures are not even as stringent as other surveillance documents from the Obama Administration. The utter lack of any reasonable oversight is best embodied, in my opinion, by the oversight built into the procedures. A key cog in that oversight is the Department of National Intelligence’s Privacy and Civil Liberties Officer — long inhabited by a guy, Alex Joel, who had no problem with Stellar Wind. That role will lead reviews of the implementation of this data sharing. In addition to DNI’s PCLO, NSA’s PCLO will have a review role, along with the General Counsels of the agencies in question, and in some limited areas (such as Attorney Client communications), so will DOJ’s National Security Division head.

What the oversight of these new sharing procedures does not include is any statutorily independent position, someone independently confirmed by the Senate who can decide what to investigate on her own. Notably, there is not a single reference to Inspectors General in these procedures, even where other surveillance programs rely heavily on IGs for oversight.

There is abundant reason to believe that the PATRIOT Act phone and Internet dragnets violated the restrictions imposed by the FISA Court for years in part because NSA’s IG’s suggestions were ignored, and it wasn’t until, in 2009, the FISC mandated NSA’s IG review the Internet dragnet that NSA’s GC “discovered” that every single record ingested under the program violated FISC’s rules after having not discovered that fact in 25 previous spot checks. In the past, then, internal oversight of surveillance has primarily come when IGs had the independence to actually review the programs.

Of course, there won’t be any FISC review here, so it’s not even clear whether explicit IG oversight of the sharing would be enough, but it would be far more than what the procedures require.

I’d add that the Privacy and Civil Liberties Oversight Board, which provided key insight into the Section 215 and 702 programs, also has no role — except that PCLOB is for all intents and purposes defunct at this point, and there’s no reason to believe it’ll become operational under Trump.

I guess I was wrong about PCLOB. It did get reconstituted, and seven years after the EO 12333 review started we’re getting dribbles about what it found!

And in fact if this whole discussion didn’t make me crabby, I’d point out details from the PCLOB report that suggest things aren’t as bad as I thought they’d get in 2017, when this dragnet was handed over to Donald Trump.

So I’m not entirely a pessimist!

PCLOB only has authority over counterterrorism programs

The only problem with being proven wrong about PCLOB, however, is even though there were efforts to expand its mandate during the Trump years, those efforts failed.

It can only look at counterterrorism programs.

So there could be a parallel program used for counterintelligence (indeed, the sharing rules make it quite clear there’s a CI purpose for it), and we’d never get oversight over it. So Wyden and Heinrich should be pushing to get a full briefing on the CI version of this, because it’s there, I would bet you a lot of money.

Anyway, if you want to find the CIA dragnet, you can look at my warnings over the last 9 years (or Charlie Savage’s report on it from 2013). Or you can look at the loophole that 18 U.S.C. § 2511(2)(f) creates, Ron Wyden was exploring closely when he was writing this letter. Another place you might look is AT&T’s earnings statements.

Tucker Carlson Burns FBI or NSA Intercepts Regarding His 30-Month Pursuit of Face-Time with Vladimir Putin

/27 Comments/in , , /by

Last week, I suggested that one possible explanation for Tucker Carlson’s claim to have been spied on by NSA is that he had a back channel with Russian operatives and was trying to get ahead of allegations that he was coordinating with Russian agents.

Particularly if the communications implicating Carlson were damning and potentially illegal, leaking them to him would be an easy way to flip the story, and accuse NSA of spying rather than Carlson of coordinating with Russian agents. Again, that’s all just a hypothetical that might explain Carlson’s claims.

Overnight, Jonathan Swan — who’s a political reporter, not a surveillance reporter — described that sources claimed authorities had obtained communications from Tucker Carlson’s efforts to get an interview with Vladimir Putin. Swan describes that Tucker had two intermediaries with Russia, but they live in the US. (I had hypothesized these might be Ukrainian sources, but Swan suggests they’re Russians.)

Two sources familiar with Carlson’s communications said his two Kremlin intermediaries live in the United States, but the sources could not confirm whether both are American citizens or whether both were on U.S. soil at the time they communicated with Carlson.

Swan doesn’t note that if the surveillance happened in the US, it would have formally been an FBI intercept, not an NSA one (just as the intercepts showing Mike Flynn’s secret back channel with Russia were collected by the FBI). But he does a good job of laying out the most likely ways this happened, which is that the NSA or FBI were surveilling the kind of people they’re supposed to surveil: Russian agents, whether overt or covert.

  • The first — and least likely — scenario is that the U.S. government submitted a request to the Foreign Intelligence Surveillance Court to monitor Carlson to protect national security.
  • A more plausible scenario is that one of the people Carlson was talking to as an intermediary to help him get the Putin interview was under surveillance as a foreign agent.
  • In that scenario, Carlson’s emails or text messages could have been incidentally collected as part of monitoring this person, but Carlson’s identity would have been masked in any intelligence reports.
  • In order to know that the texts and emails were Carlson’s, a U.S. government official would likely have to request his identity be unmasked, something that’s only permitted if the unmasking is necessary to understand the intelligence.

The import of the agency involved — FBI or NSA — is that “unmasking” works quite differently for the FBI, which has a duty to guard against spying in this country. FBI agents tracking a known Russian agent might review such communications to find out if a high profile US journalist was being recruited by a known Russia spy. And if this was the FBI, it might explain how it recently became known: because Merrick Garland’s DOJ is trying to disclose all the tracking of journalists that took place under the Trump Administration.

This entire faux scandal feels just like ones that Devin Nunes has twice sown, first when Republican members of Congress got picked up undermining US policy with Bibi Netanyahu, and then again when Trump’s Transition team set up a secret back channel meeting with UAE. Each time Nunes has done this, it was with the seeming intent of flipping the scandalous efforts of Republicans to undermine US policy.

That’s consistent with Tucker’s claim that his source is “in a position to know.”

The whistleblower, who’s in a position to know, repeated back to us information about a story we are working from that could have only come directly from my texts and emails. There’s no other possible source for that information, period. The NSA captured that information without our knowledge and did it for political reasons.

But it also means that, if true, then Tucker and his source — whom Tucker himself suggests had a need to know — just burned intercepts on legitimate surveillance targets from a hostile country.

Plus, there’s a far bigger problem with Tucker’s currently operative story. Jason Leopold liberated Tucker’s FOIA request to obtain what he claims would be proof of this spying. Whether intentionally or because of incompetence, the FOIA was written in such a way that it is guaranteed to fail to find anything, because it uses language that NSA would understand to mean communications targeting Tucker (and, specifically, communications obtained from physical possession of Tucker’s phone).

More interesting than the failure by design is the scope. Tucker believes these sensitive communications — ostensibly a recent effort to set up an interview with Vladimir Putin — extend from January 1, 2019 until June 28, 2021, the date he first revealed this.

That’s thirty months he has been working with Russian back channels, purportedly to set up a meeting with Putin.

That, by itself, may explain why the communications generated further attention (if indeed they did). Thirty months isn’t the pursuit of an interview, it’s a long term relationship. This would look like a recruitment effort, not journalism.

It also explains why, even though Tucker himself is the person who leaked these details (again, burning what by all accounts are legitimate intercept targets), he claims it was an effort to take him off the air. If the FBI believes that Tucker really was pursuing a long-term relationship with Russian agents, then even Fox News might rethink giving him a platform. But that wouldn’t be the content of the communications, per se, but the fact that they appear to have been going on for thirty months.

The Republican PCLOB Cover-Up of NSA’s XKEYSCORE Use Is More Troubling than Tucker Carlson’s Claims To Be Surveilled

/9 Comments/in /by

The other day, Tucker Carlson claimed that an NSA whistleblower had contacted him to let him know that the NSA was monitoring “our” electronic communications and planned to leak them to take him off the air. Carlson claims the whistleblower’s ability to read back what Carlson said in some texts and emails (both easily hackable communications) about an upcoming story is proof that it happened.

In response, the NSA issued an unprecedented statement via Twitter, reading in part:

This allegation is untrue. Tucker Carlson has never been an intelligence target of the Agency and the NSA has never had any plans to try to take his program off the air.

[snip]

NSA may not target a US citizen without a court order that explicitly authorizes the targeting.

As a number of people have pointed out, given how NSA uses “target” here, this doesn’t amount to a denial, because it’s possible that Carlson’s communications with a foreigner who was legally targeted got swept up. Strictly as a hypothetical, it could be that Carlson is working on another Hunter Biden story involving Ukraine, and the NSA picked up his communications directly with an agent of Russia in Ukraine by targeting that totally legitimate intelligence target. The result would be to incidentally collect Carlson’s communications with said hypothetical Ukrainian target. Particularly if the communications implicating Carlson were damning and potentially illegal, leaking them to him would be an easy way to flip the story, and accuse NSA of spying rather than Carlson of coordinating with Russian agents. Again, that’s all just a hypothetical that might explain Carlson’s claims.

Still, given that Carlson is a liar who has recently been spewing conspiracy theories that are whack even for him, my default assumption is that he’s lying.

Meanwhile, Carlson’s little cultivated outrage occurs at the same time that Privacy and Civil Liberties Oversight Board member Travis LeBlanc released a scathing dissent, dated March 12, 2021 but just declassified, from a recently released but still classified PCLOB report on the NSA’s use of XKEYSCORE. The statement points to problems with both the use of XKEYSCORE and EO 12333 generally, as well as the operation of PCLOB under the recently departed Adam Klein’s tenure as Chair. Together, LeBlanc’s complaint suggests that Klein may have deliberately protected NSA from scrutiny after violations that happened during the Trump Administration were discovered in November 2020.

XKEYSCORE is effectively a means of querying the Five Eyes collections for all information on a target. Here’s what a query, called a “fingerprint,” targeting a peace and reconciliation commission in the Solomon Islands, looks like:

PCLOB started investigating XKEYSCORE in 2014 as part of its review of a limited subset of programs authorized under EO 12333.

The NSA deep dive concerned NSA’s use of XKEYSCORE, an intelligence analysis tool. The Board received briefings from and held meetings with NSA staff between May 2015 and November 2016. The Board also reviewed the guidance and training provided to NSA personnel, compliance mechanisms, and the relationship between the NSA activity and the NSA’s EO 12333 implementing procedures.

In early 2019, after the Board regained a quorum, the Board reengaged with the NSA and received additional briefings, demonstrations, and information. During this process, the Board worked with NSA to confirm and update facts provided in the 2015 timeframe. Again, the Board concentrated on the protection of U.S. persons’ privacy and civil liberties.

The Board produced a detailed, classified report explaining NSA’s use of XKEYSCORE as an analytic tool and relevant privacy and civil liberties protections in late 2020. Accompanying the report were recommendations from the Board and additional views of individual Board Members. The report and recommendations were delivered to the NSA, Congress, and other relevant executive branch agencies.

But PCLOB, under Klein’s leadership, chose not to declassify any parts of the report on XKEYSCORE.

In his dissent, LeBlanc laid out a bunch of problems with the Report itself:

  1. PCLOB didn’t address any of the technological questions presented by the use of artificial intelligence and machine learning
  2. PCLOB didn’t unpack the jargon NSA uses by separating discovery, targeting, and acquisition activities that can — and LeBlanc strongly implies does — result in domestic collection
  3. PCLOB did not conduct the kind of efficacy review that its three earlier surveillance reports had done (which showed, for example, that the phone dragnet had never been really useful)
  4. PCLOB didn’t adequately chase down the legal justification for XKEYSCORE and closed up shop before examining 2019 violations disclosed in November 2020
  5. PCLOB refused to adopt recommendations made by LeBlanc and Ed Felton, including one (to tag communications believed to belong to a US person) that would not be burdensome but would ensure that such US person communications would be not picked up in the future
  6. PCLOB didn’t release the report
  7. The former GOP majority rushed to finalize this report before Republicans lost the majority on it

Of particular note, LeBlanc suggests that (as happened with the phone dragnet), NSA had not conducted any legal analysis specific to XKEYSCORE before PCLOB asked for it in 2015.

Surprisingly, when the Board requested any legal analysis by the NSA or the Department of Justice regarding the use of XKEYSCORE’s functions in 2015, the NSA responded with a 13-page memo prepared by the NSA Office of General Counsel in 2016. Setting aside such a legal analysis was first written in January 2016, it is equally concerning that the agency apparently has not updated that written legal analysis since then. At a general level and on the basis of the documents that have been provided to the Board, it is concerning that any surveillance tool woul have been conceptualized, coded, implemented, and then executed and routinely used without such a prior legal analysis. Further, the analysis that NSA provided in 2016 fundamentally rests on decades-old Supreme Court precedent from United States v. Verdugo-Urquidez, Smith v. Maryland, Katz v. United States, and two DOJ legal memoranda from the 1980s to assert that collection and use of XKEYSCORE is consistent with the Fourth Amendment.35 The NSA’s legal analysis lacks any consideration of recent relevant Fourth Amendment case law on electronic surveillance that one would expect to be considered–for example, Carpenter v. United States, Riley v. California, United States v. Jones, and United States v. Maynard. [some footnotes omitted]

Half of that footnote 35 — probably the bits that refer to DOJ memos likely including a 1984 OLC memo written by Ted Olson that DOJ is still hiding — is redacted.

The likelihood that none of this complies with the Fourth Amendment is all the more troubling given the disclosure of recent violations using XKEYSCORE and the way, subsequent to those violations, the GOP Majority rushed to finish the report before losing a majority on PCLOB.

In one of the most heavily redacted paragraphs in LeBlanc’s declassified dissent, he explains how PCLOB didn’t investigate reports of 2019 violations uncovered in November 2020.

I am equally concerned that the Board’s former majority failed to investigation [redacted] of serious compliance reports involving XKEYSCORE prior to approving this report. During the former Board’s investigation, it was uncovered in November 2020 that some [redacted] compliance reports involving XKEYSCORE occurred in 2019. Of those [redacted] XKEYSCORE reporters, [redacted] were deemed upon agency review to involve Questionable Intelligence Activities (“QIAs”). QIAs are defined as “any intelligence or intelligence-related activity when there is reason to believe such activity is unlawful or contrary to an EO, Presidential Directive, [Intelligence Community] Directive, or applicable DOD policy governing the activity. [entire sentence redacted] Obviously, violations of U.S. law and the known collection of processing of U.S. person information are serious compliance issues. Yet the former Board did not request specific information [full line redacted]

Ellen Nakashima’s story on this dissent reveals there were hundreds of such reports.

The program also resulted in hundreds of compliance incidents in 2019, a majority of which were considered “questionable intelligence activities” — a category that means the action may have involved improper surveillance of Americans’ communications, according to U.S. officials, who spoke on the condition of anonymity because details are classified.

As LeBlanc describes it (though much of that is redacted), when PCLOB heard about these hundreds of violations that happened under Donald Trump in the same month that Trump lost the presidency, they didn’t ask what happened.

Instead, they rushed to complete the still unfinished report while they retained a majority.

I have several concerns about the Board process that was followed to apparently approve the unfinished report. In a December 2020 Board meeting, the former majority sought ot vote on the then-unfinished XKEYSCORE report. During the Board meeting at which the vote was taken, we spent several hours discussing the revisions to the body and recommendations that would need to be made to the report. Instead of completing those revisions and then providing sufficient time for Members to review the report and prepare their statements before voting, the former Board majority sought in that meeting to approve the report for this project, ostensibly foreseeing the expiration of former Member Aditya Bamzai’s term at the end of December. Literally on the evening of December 21, former Member Bamzai circulated his statement. Subsequently, the new Board convened in January 2021 and then-Chairman submitted his own intention to resign the same month. Recognizing that the current 2021 Board has not voted on a report that we were still considering for revision as I drafted this statement, I have repeatedly requested a vote by the current Board on the final version of this report, including all final statements of current Members as well as a vote on whether to include the statement of a former Member. The then-current Chairman created a legal fiction to compel the issuing of a former Member’s statement without so much as a vote of the current Board to release this report. I simply cannot support a report that has not been voted on by the current Board that will issue it.

Even while he was pulling a fast one to close up the review of XKEYSCORE before it was done, Klein was writing his own White Paper on FISA that made claims about the soundness of FISA that he had no ability to conclude (most importantly, because PCLOB did not receive any of the applications implicating Sensitive Investigative Matters that should get the most scrutiny.

There were two claims of improper surveillance by NSA in recent days. One, made by a serial fabulist. And another, made by someone with access to classified information, that may affect hundreds of Americans.

The refusal of Republicans on PCLOB to examine the latter violations merits far more attention given the credibility of the reporting source than Tucker Carlson’s claims.

PCLOB: The Essential Oversight Link Designed to Be Inadequate

/5 Comments/in , , /by

Last year, there were a couple of measures that purported to respond to the problems with the Carter Page FISA application but which would not have helped him at all. In February, House Judiciary Committee rolled out a bill to replace the now-lapsed Section 215 of FISA that included a Privacy and Civil Liberties Oversight Board review of the impact that tradition FISA had on First Amendment Activities.

SEC. 303. REPORT ON USE OF FISA AUTHORITIES REGARDING PROTECTED ACTIVITIES AND PROTECTED CLASSES.

(a) REPORT.—Not later than one year after the date of the enactment of this Act, the Privacy and Civil Liberties Oversight Board shall make publicly available, to the extent practicable, a report on—

(1) the extent to which the activities and protected classes described in subsection (b) are used to support targeting decisions in the use of authorities pursuant to the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.); and

(2) the impact of the use of such authorities on such activities and protected classes.

As I noted at the time, because PCLOB’s mandate is limited to counterterrorism, it would not be able to look at counterintelligence targeting. This is not the first time that PCLOB’s mandate made its work less useful than it could be. Because its Section 702 report was necessarily limited to the counterterrorism uses of the law, PCLOB’s report did not address problems with the cybersecurity and counterproliferation uses of Section 702, both of which have far more unexpected impact on US person’s privacy than the counterterrorism use.

Then, in May, PCLOB’s Chair, Adam Klein, announced PCLOB was going to review traditional FISAs.

Adam I. Klein, the chairman of the privacy board, said that the issues Horowitz surfaced were precisely those that the board was established to examine.

“This is at the heartland of our jurisdiction,” said Klein, a lawyer and prominent researcher of FISA and other national security laws. “The IG found systemic compliance problems. At a minimum, we have a duty to inform ourselves.”

I again noted that PCLOB’s mandate would limit the value of such a review, and indeed, would prevent PCLOB from even reviewing the precipitating application, Page’s counterintelligence application.

Last week, Klein released the results of that review, billed and released not as a PCLOB report, but as a Chairperson’s White Paper (Klein has said he’d step down once Joe Biden replaced him). He makes clear,

I provide several observations and recommendations based on this review. These views are provided in my individual capacity as Chairman and should not be attributed to the Board as a whole or to other members of the Board.

Its recommendations are not obviously supported by the described scope of the review. His White Paper generally argues for more efficiency, a recommendation that conflicts with virtually all other conclusions that came out of the Carter Page review (though some of his recommendations to achieve efficiency, such as making the authorization period for non-US person FISA applications one year, make sense). He makes two recommendations (that the Woods file not require repeated documentation for repeated facts and that DOJ distinguish between information known at the time and information learned subsequent to an initial application) that would undercut some of the results of the DOJ IG Report on Carter Page.

Klein’s White Paper does recommend that a summary memo submitted with the application which highlights novel privacy, legal, or technological issues. If the FBI Director or his delegate were required to sign off on that summary as well as the current certification (that doesn’t address the probable cause content of the application in the least), it might provide a level of accountability that (Congress doesn’t yet understand) FISA currently lacks. Other than that, Klein’s White Paper reads as much like a valedictory trying to guide future PCLOB plans as it does a report to improve FISA. Almost two pages of the 26-page report constitutes a recommendation to reauthorize Section 215 of FISA.

But, as predicted, the review did not consider anything remotely pertinent to what happened to Carter Page.

To conduct its review of applications themselves, PCLOB asked for and received the subset of the 29 FISA files that DOJ IG is conducting a review of that pertain to counterterrorism as well as the backup exchange between FBI and DOJ regarding those applications. That included:

  • 19 total applications (out of 29 reviewed by DOJ IG)
  • All counterterrorism targets
  • Most located in United States at time of targeting

These details help us understand the two reports DOJ IG wrote about the full set of 29 files, which I wrote about here. Of the 29, ten must be counterintelligence files like Carter Page’s.

Because PCLOB did not review the counterintelligence applications, it only reviewed one of the two for which DOJ IG found a material error.  The second was a CI application that showed a worse error rate than the Carter Page file (which was measured using a different methodology than the Carter Page one).

It also didn’t review any Sensitive Investigative Matters — applications which, like Carter Page’s, involve someone who is a political, journalistic, or religious figure whose targeting should get extra scrutiny. That seems to suggest that DOJ IG did not include any counterterrorism applications targeting SIMs in its review (it would seem SIMs would be more likely to be targeted on the counterintelligence side, but we know of religious and political figures targeted under counterterrorism FISA applications). These would be the applications that pose the greatest privacy and civil liberties concern.

In lieu of that, FBI Office of General Counsel provided PCLOB with,

The number of “sensitive investigative matters” pertaining to U.S. persons in which FBI sought a FISA probable cause order in each year between 2015 and 2019, a summary of each matter (including the type of investigation and the features resulting in its classification as a “sensitive investigative matter”), and whether each request was granted.

That’s presumably how PCLOB learned that there aren’t all that many SIMs targeted under FISA.

[I]nformation received by the Board indicates that relatively few FISA applications are obtained each year in SIMs.

Still, this is the core of what you’d need to review to serve the function of PCLOB. Klein even appears not to have reviewed Page’s significantly declassified public applications, which would have been simple to do, would have provided him something to compare the counterterrorism applications he reviewed with, but which would have been outside the scope of PCLOB’s mandate.

This matters because PCLOB has been reasonably effective. Indeed, in a book published in April in recognition of the 50th Anniversary of the Pentagon Papers, Lisa Monaco (in a contribution submitted before she became Deputy Attorney General) pointed to PCLOB’s contributions after the Snowden releases as an important way forward to balance security and secrecy in the age of mass leaks. Monaco even recommended that PCLOB consult with the Director of National Intelligence prior to the implementation of certain policies. (Director of National Intelligence Avril Haines also contributed a chapter to the book, which was far more intriguing that Monaco’s.)

Another would be to institute a practice of DNI consultation with the PCLOB before the adoption of certain collection programs. The PCLOB served an important function after disclosures precisely because it is charged with considering privacy and civil liberties implications as well as the national security implications of counter-terrorism programs.82 It could be a valuable addition to the consideration and review of some intelligence programs for a standing body with the infrastructure to handle classified information to work with privacy officers in each agency to assess privacy concerns and conduct privacy impact assessments that are reported to the DNI.

But as noted above, even PCLOB’s Section 702 review suffered because it couldn’t look at several of the applications of 702, applications implicated by the Snowden releases.

Last year, I was told that efforts to expand the jurisdiction of PCLOB would be a poison pill to any bill to which they were attached. I can only assume that means the Executive doesn’t want to expose to scrutiny they kinds of practices that were central to the Carter Page application.

But if Lisa Monaco believes PCLOB has a role to play in balancing national security and secrecy, she should ensure its mandate is sufficiently broad to do that job.

Welcome to Lisa Monaco’s DOJ, E Jean Carroll Lawsuit Edition

/56 Comments/in , , , , , , , /by

During Lisa Monaco’s confirmation hearing, several people joked about how few questions she was getting. Because Vanita Gupta had been targeted by Republicans, Monaco was left for broad swaths of the hearing, a spectator to that effort.

There were some good exchanges. In addition to complaining about DOJ’s refusal to respond to questions from Democratic members of Congress, Sheldon Whitehouse asked about OLC, to which Monaco provided an anodyne answer that was enough for Whitehouse, who was going to vote for Monaco one way or another. Josh Hawley asked some legitimately good questions, including about end-to-end encryption. To those questions, Monaco hewed a middle ground and an adherence to the laws on the books. John Cornyn asked the same question Republicans harped on with Merrick Garland, whether she would let John Durham finish his work, to which she responded that her job is to make sure he has the resources to do so, which (while more nuanced that it sounded) shut down that line of questioning.

It was a testament to how shallowly Republican staffers interpreted Lisa Monaco’s long career that Chuck Grassley asked Monaco whether she had involvement in Crossfire Hurricane — the answer was obviously no, given her White House role at the time. But Grassley didn’t ask whether her position at the nexus of Mike Flynn’s efforts to obtain information from the Obama White House in advance of making calls with Sergey Kislyak that Flynn lied to hide would affect her view of the Russian investigation. Perhaps only Susan Rice was more personally betrayed by Mike Flynn’s outreach to Russia, and yet Republicans seemed to not even realize that Flynn and KT McFarland sent Tom Bossert to query Monaco in advance of Flynn’s covert call with Russia, making her the Obama person most directly victimized by Flynn’s underhandedness.

That blithe ignorance of how Monaco’s personal history might affect her tenure extended beyond the Senate Judiciary Committee. For example, while every Assange supporter has targeted Biden and Garland for their pleas to drop the Assange prosecution, none have thought about the fact that Monaco was in charge of the response to the 2016 Russian interference campaign that led even WikiLeaks sympathizers in the Obama Administration to completely reconsider Assange’s game and his longterm relationship with Russia (then again, Assange supporters, almost to a one, have convinced themselves to believe bullshit propaganda about that decision being made under Trump).

Most people have failed to ask these questions about Monaco’s career experiences, even though as Deputy Attorney General, Monaco runs DOJ on a day-to-day basis and makes a lot of these decisions and serves as a key advisor to Garland where she doesn’t.

As a result of the very surface approach to Monaco’s career, there were a whole slew of questions in her confirmation hearing that should have been asked (and should be asked before Monaco’s close associate Matt Olsen is confirmed as National Security Division head), but were not. When Lisa Monaco was Robert Mueller’s top advisor in 2006, for example, what role did she play legalizing the phone dragnet aspiring to collect the phone records of all Americans under FISA’s Section 215? Given her past failures to fulfill promises of transparency, specifically as it relates to FISA, what can she do to ensure she will deliver on such transparency as Deputy Attorney General? What was her role in the execution of Anwar al-Awlaki, and what does that say about her willingness to support unfettered executive authority? With the value of hindsight, does Monaco believe that she was suckered into continuing John Brennan’s permissive approach to drone strikes as White House Homeland Security Advisor, and if so what would she do to give herself the leverage to actually change bad policies baked in by her predecessors?

Don’t get me wrong: Monaco has almost unparalleled qualifications to be Deputy Attorney General, she brings a lot of great qualities to the job, and I’m sure she’s a lovely person. But there was almost no consideration about what affect her long tenure at DOJ and in National Security roles would have on her view towards Presidential authority and DOJ institutional precedent before she was confirmed.

Indeed, in perhaps the question that got closest to asking how she would treat initiatives from career DOJ officials already in place, Monaco explained to Amy Klobuchar that she viewed her job as to empower the people at DOJ she believed operated from an inherently unpartisan stance.

Klobuchar: After the last four years where civil servants withstood political interference, what do you see your role is as restoring the trust in the Department of Justice?

Monaco: Well Senator, as I said in my opening remarks, I think that the career men and women of the Justice Department are its backbone. They’re the people that enforce the law independently, faithfully, fairly, impartially, without any consideration of improper motive. I think they simply want to do their job. They want to do their job with the resources and the tools to keep the American people safe, to prosecute violent crime, to administer justice with compassion, and with humility, as Judge Garland talked about before this committee. And they want to see equal justice under law, and they want to do the work that this Committee has done on a bipartisan basis to administer criminal justice reform. And so I think my role is to ensure that they’ve got the tools and resources to do their job and to protect them from improper influence, any partisan motive, because I think they just want to do their job.

This is the belief system that leads Monaco to respond to a question about career DOJ prosecutor John Durham’s clearly politicized investigation by saying that her job is to make sure he has the resources he wants to continue that investigation.

In her role at DOJ, Monaco has overseen some key wins: with the announcement yesterday that FBI had seized much of the ransomware payment that Colonial pipelines had paid Dark Side hackers, with her quiet presence on the public line listening as Paul Hodgkins made the first pure guilty plea of the January 6 investigation, with the decision — on her first full day in office — to let SDNY resume its investigation into Rudy Giuliani’s foreign influence peddling.

But also under her leadership, DOJ has delayed notice to NYT about an effort to get their Internet records in a clearly politicized investigation. DOJ has moved to hide the contents of a Bill Barr memo that clearly abused his authority and the role of OLC (and with that decision, protected career employees who were making similarly dubious claims when Monaco ran the National Security Division). DOJ has defended a lot of legal stances that were obviously political on their face, most recently and egregiously by sustaining DOJ support to give Trump immunity from suit in his attack on alleged rape survivor, E. Jean Carroll. That is, as she did before with Cheney’s Stellar Wind and Brennan’s drone program, Monaco seems to have chosen not to make a clean break from the horrible policies of her predecessors, choosing instead to ensure the continuity of the institution.

Again, Lisa Monaco oozes intelligence and competence; she’s undeniably qualified to be where she’s at. But she also got where she’s at by cleaning up the messes left by Stellar Wind, the torture program, and John Brennan’s drone program by improving those shitty policies without demanding any accountability for the abuse of DOJ and presidential authority they entailed. Plus, as a career DOJ official, she’s going to defend professionals who did stupid things on the orders of a deeply politicized boss.

Particularly in the wake of the decision to defend Trump against Carroll’s suit, people are wondering how Merrick Garland could make such a horrible decision. My suspicion is they would be better asking what Lisa Monaco’s role was in the decision.

From Failed Whistleblower to Journalistic Source: Natalie Sours Edwards Mounts a Credible Public Interest Defense

/9 Comments/in , , , /by

Natalie Sours Edwards, one of the sources for a series of BuzzFeed stories on Treasury and a larger, global series on Suspicious Activity Reports, submitted her sentencing memorandum last night. It is probably the most convincing example of a whistleblower-turned-leaker telling her story to explain why she did what she did. And while she was charged under a different statute than the Espionage Act — there’s a specific law prohibiting the leaking of SARs — it is a laudable effort to make a public interest defense.

She spends much of her submission (as most do) describing her background — her Native American upbringing, the series of jobs she had after obtaining a PhD in national security decision-making, first at ATF, then at CIA, and then at Treasury’s FinCEN. Not long after she moved to Treasury, she grew concerned about a number of things she was seeing: She believed Treasury was making some organizational changes without first getting congressional approval.

By April of 2016, TFI was considering a proposal to move several employees from FinCEN to OIA. May Sours Edwards and other members of FinCEN’s upper management questioned the legality of the proposed realignment. In an email to John Farley, Acting Director of Executive Office for Asset Forfeiture (TEOAF), Dr. Edwards raised concerns about whether the transfers would be consistent with Congressional appropriations and whether OIA was moving forward in spite of a direction from the Senate Select Committee on Intelligence not to proceed until the Committee had reviewed the plans for the reallocation of funds.

She was concerned — as was the Privacy and Civil Liberties Oversight Board — that Treasury had never instituted guidelines protecting Americans’ privacy when accessing records under 12333. (I had written about this problem before this period.)

Did OIA, as a member of the intelligence community, have the authority to collect and retain data domestically. Under Executive Order 12333 (“E.O. 12333”) IC entities, which OIA is, are permitted to collect information on “United States persons” only if the organization has promulgated guidelines for doing so and had them reviewed and approved by the Attorney General.11 Dr. Edwards questioned whether OIA had signed guidelines. Counsel for OIA hostilely, in Dr. Edwards’ estimation, disagreed with her interpretation of EO 12333. She believed he deliberately denigrated her during the meeting in front of the other participants in an attempt to bully her into agreeing with his position. She did not acquiesce.

11Executive Order 12333 provides in pertinent part as follows. “2:3 Collection of Information. Agencies within the Intelligence Community are authorized to collect, retain or disseminate information concerning United States persons only in accordance with procedures established by the head of the agency concerned and approved by the Attorney General, consistent with the authorities provided in Part 1 of this Order.”

After she had shared these concerns with Congress, she believed that Jacob Lew had knowingly lied to Congress about whether there were whistleblowers at Treasury.

On September 22, 2016, Treasury Secretary Jacob Lew testified before the House Financial Services Committee. https://www.c-span.org/video/?415661- 1/secretary-jack-lew-testifies-financial-stability-report&start=9046. Representative Fitzpatrick specifically asked him whether the proposed realignment was consistent with the existing budget, the issue Dr. Edwards had been raising. He also the Secretary whether there were any whistleblowers at Treasury. Representatives Jeb Hensarling and Sean Duffy later sent a follow-up congressional letter to Secretary Lew, expressing concern that the proposed “changes may violate appropriations requirements, civil service rules, and constraints on gathering and use of financial intelligence data.” They also noted that it was “troubling that Treasury is moving forward with the proposed reallocation with the intention to complete the process before a new Administration takes over in January 2017 and despite bipartisan requests to process at a more deliberate pace.” Id.

Something else of significance happened during the hearing. In response to a question from Representative Fitzpatrick, Secretary Lew stated that he was unaware of any whistleblowers in the Treasury Department. Dr. Edwards was taken aback and concerned. She was a whistleblower, a fact well known to Treasury OIG.

In the wake of that hearing, she believed that her clearance was pulled, briefly, as retaliation.

On September 27, 2016, a week after the contentious OIA-FinCEN meeting, someone at OIA ordered that Dr. Edward’s SCI (Sensitive Compartmentalized Information) clearance and her access to the SCIF (Sensitive Compartmentalized Information Facility) be revoked. Dr. Edwards questioned the basis for the action. Her clearance was reinstated the following day. Email of September 28, 2016, from May Edwards to Elizabeth Ortiz, attached hereto as Exhibit XX

She submitted two whistleblower complaints — to Treasury IG and to OSC. The latter found that she had engaged in protected activity (meaning that she had been a whistleblower), but ruled against her claims of retaliation on narrow grounds.

By letter dated May 21, 2018, OSC informed Dr. Edwards that they were closing her file. OSC concluded that Dr. Edwards’ reports to her “leadership, OIG, Congress and OSC all likely constitute ‘protected activity’ or whistleblowing under the law.” May 21, 2018, letter from OSC to Dr. Edwards, attached hereto as Exhibit HHH at 4. Further, Dr. Edwards could establish that her “management knew about [her] whistleblowing regarding, at a minimum, the issues [she] raised directly to them.” However, OSC made several findings that it concluded were fatal to Dr. Edwards’ claim that she had been retaliated against as a whistleblower. OSC could not find that there was a substantial likelihood that Treasury Secretary Lew knew of Dr. Edwards’ allegations when he testified before Congress that there were no whistleblowers in Treasury. Id. at 3. The email that outlined OMB’s direction to Treasury on communicating with Congress about the FinCEN/TSI realignment was not improper because it appeared to be directing Treasury officials not to discuss the issue in their official capacities as opposed to directing them in their individual capacities on their rights to report suspected wrongdoing to Congress

A Treasury IG Report ruled against her based on an alternative explanation provided for why the PKI of FinCEN employees had been pulled.

While finding that the problem with the IC PKI certificates was solely the result of inadvertence, the author of the audit did note that “the present working relationship between OIA and FinCEN related to the IC PKI process is strained.” Id. at 3. The two Treasury components had a “fundamental disagreement” about FinCEN’s need for access to the IC PKIs and more broadly about FinCEN’s autonomy.

She even explains how — after she started working with Jason Leopold — Ron Wyden complained that FinCEN was withholding information on Russian interference and its ties with Donald Trump.

In addition to her concern about OIA’s handling of realignment and the PKIs issue, Dr. Edwards grew to question whether FinCEN was providing complete information in response to Congressional requests for information. She was not alone in that belief. On May 10, 2017, Senator Ron Wyden made a floor statement placing a hold on the nomination of Sigal Mandelker for the position of Under Secretary of TFI. His office issued a statement explaining the Senator’s reasoning:

Senator Ron Wyden, D-Ore., today placed a hold on the nomination of Sigal Mandelker to be Under Secretary of the Treasury for Terrorism and Financial Intelligence. Wyden said he will maintain that hold until the Treasury Department provides the Senate Intelligence Committee and Senate Finance Committee information and documents related to Russia and its financial dealings with President Trump and his associates.

On Tuesday, May 9, Senate Intelligence Committee Vice Chairman Mark Warner announced that the Committee had made a request to the Treasury Department’s Financial Crimes Enforcement Network (FinCEN). https://www.wyden.senate.gov/news/press-releases/wyden-announces-hold-ontreasury-nominee-until-administration-produces-documents-on-russian-dealingswith-trump-associates. On September 22, 2017, Senator Wyden put a hold on another Treasury Assistant Secretary nominee, Isabelle Patelunas, again because of Treasury’s “refusal to provide documents related to Russia.” https:// www.wyden.senate.gov/news/press-releases/wyden-announces-hold-ontreasury-nominee-over-agencys-refusal-to-provide-documents-related-to-russia.

It’s in that context that — she described — she started working with Leopold to get Congress to return its attention to misconduct at Treasury.

When Congress’ attention to the issues May believed vitally affected the security of this country flagged, she began communicating with Jason Leopold, a reporter with the online publication BuzzFeed News. He told her that he shared her concern for national security. He assured her that the only way to revive Congressional interest was through media attention. He promised to – and did – introduce her to additional Congressional staffers. At his encouragement, she provided him with Suspicious Activity Reports (“SARs”) and other internal Treasury Department documents. He wrote articles that disclosed that information. She was arrested. He was not.

[snip]

Although Congress by then had done little to curb Treasury’s behavior, Dr. Edwards continued to believe that the only way to ensure that those responsible for the improper behavior were held accountable was through Congress. Leopold encouraged this belief: By writing articles, he could get the proper attention for the issues she believed were of vital importance to national security. This was a theme he returned to more than once when he sought information from Dr. Edwards: He could use what she gave him to write stories that would force Congress to investigate her allegations. (September 27, 2017: “We do need to keep momentum going so this story is crucial.” October 16, 2017: “We are going for the next story – keep momentum going with 12333.” January 11, 2018: “Listen, I am going to make a case that we need to leak something and report it. I am going to reach out to some of your colleagues. But this is getting ridiculous and I need to get their attention…By their attention I mean Congress).

Importantly, given the way she was charged (with a conspiracy to leak these SARs, with Leopold identified as a co-conspirator would be) she describes how hard Leopold worked to champion her efforts in Congress.

Throughout 2017 and 2018, Leopold told Dr. Edwards in their WhatsApp conversations that he was committed to her cause of uncovering and remedying corruption in the Treasury Department. He told her at times that he was acting on behalf of Congressional staff members in seeking information from her. He sought to arrange meetings for Dr. Edwards with members of Congress or their staff. Such meetings did take place. Leopold attended meetings with Dr. Edwards. Staffers encouraged Dr. Edwards to provide information they sought about the inner workings of the Treasury Department, including whether the requirements of the Bank Secrecy Act were being enforced by financial institutions as required to assist U.S. government agencies.

Remember: Before the global SARs reporting effort came out, Treasury issued a statement that can only be viewed as an attempt at prior restraint, a threat against Leopold.

Edwards’ sentencing memorandum says that the Probation office recommended two years of probation.

Dr. Sours Edwards faces no mandatory minimum term of incarceration. As discussed above, the relevant range under the United States Sentencing Guidelines, both as stipulated in the plea agreement and as determined by United States Probation, is zero to six months. PSR at ¶4, p. 28. Probation has recommended that the Court sentence Dr. Sours Edwards to a two-year term of Probation.

It is unclear whether this will work — whether Edwards will get probation. It is equally unclear whether Leopold’s laudable efforts to double down on his reporting, to raise global attention to the issue, will bring about reform at banks or in the US.

But this is what every other leaker I’ve covered has tried to do, far less persuasively: an attempt to make a public interest defense for leaking to a journalist.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Basaaly Moalin Wins His Appeal — But Gets Nothing

/9 Comments/in , /by

Basaaly Moalin is a Somali-American prosecuted for funding Al-Shabaab in 2010 who, years later, was used by FBI to justify the phone dragnet. After Edward Snowden revealed the Section 215 dragnet, the FBI pointed to his case, claiming they would not have found him were it not for the dragnet.

He just won an appeal of his case in the 9th Circuit, which found that the Section 215 dragnet may violate the Fourth Amendment. But it doesn’t do him any good, because the 9th Circuit panel determined that the government had been lying about how central the dragnet was in identifying him in the first place. The ruling is important, however, because it affirms that if the government is going to use evidence obtained from surveillance in court — or derived from surveillance — they need to notify the defendant.

The opinion argued that the Third Party doctrine probably doesn’t apply here, because current metadata collection obtains so much more than old-style pen registers.

There are strong reasons to doubt that Smith applies here.
Advances in technology since 1979 have enabled the
government to collect and analyze information about its
citizens on an unprecedented scale. Confronting these
changes, and recognizing that a “central aim” of the Fourth
Amendment was “to place obstacles in the way of a too
permeating police surveillance,” the Supreme Court recently
declined to “extend” the third-party doctrine to information
whose collection was enabled by new technology. Carpenter
v. United States, 138 S. Ct. 2206, 2214, 2217 (2018) (quoting
United States v. Di Re, 332 U.S. 581, 595 (1948)).

Carpenter did not apply the third-party doctrine to the
government’s acquisition of historical cell phone records
from the petitioner’s wireless carriers. The records revealed
the geographic areas in which the petitioner used his cell
phone over a period of time. Id. at 2220. Citing the “unique
nature of cell phone location information,” the Court
concluded in Carpenter that “the fact that the Government
obtained the information from a third party does not
overcome [the petitioner’s] claim to Fourth Amendment
protection,” because there is “a world of difference between
the limited types of personal information addressed in Smith
. . . and the exhaustive chronicle of location information
casually collected by wireless carriers today.” Id. at 2219–
20.

There is a similar gulf between the facts of Smith and the
NSA’s long-term collection of telephony metadata from
Moalin and millions of other Americans.

[snip]

The distinctions between Smith and this case are legion
and most probably constitutionally significant. To begin
with, the type of information recorded in Smith was
“limited” and of a less “revealing nature” than the telephony
metadata at issue here. Carpenter, 138 S. Ct. at 2219. The
pen register did not disclose the “identities” of the caller or
of the recipient of a call, “nor whether the call was even
completed.” Smith, 442 U.S. at 741 (quoting United States v.
New York Tel. Co., 434 U.S. 159, 167 (1977)). In contrast,
the metadata in this case included “comprehensive communications routing information, including but not limited to session identifying information (e.g., originating and terminating telephone number, International Mobile station Equipment Identity (IMEI) number, International Mobile Subscriber Identity (IMSI) number, etc.), trunk identifier, telephone calling card numbers, and time and duration of call.” In re Application II, 2013 WL 5741573, at *1 n.2. “IMSI and IMEI numbers are unique numbers associated with a particular telephone user or communications device.” Br. of Amici Curiae Brennan Center for Justice 11. “A ‘trunk identifier’ provides information about where a phone connected to the network, revealing data that can locate the parties within approximately a square kilometer.” Id. at 11–12.

Although the Smith Court perceived a significant distinction between the “contents” of a conversation and the phone number dialed, see 442 U.S. at 743, in recent years the distinction between content and metadata “has become increasingly untenable,” as Amici point out. Br. of Amici Curiae Brennan Center for Justice 6. The amount of metadata created and collected has increased exponentially, along with the government’s ability to analyze it. “Records that once would have revealed a few scattered tiles of information about a person now reveal an entire mosaic—a vibrant and constantly updating picture of the person’s life.” Klayman v. Obama, 957 F. Supp. 2d 1, 36 (D.D.C. 2013), vacated and remanded, 800 F.3d 559 (D.C. Cir. 2015). According to the NSA’s former general counsel Stewart Baker, “[m]etadata absolutely tells you everything about somebody’s life. . . . If you have enough metadata you don’t really need content . . . .” Laura K. Donohue, The Future of Foreign Intelligence 39 (2016). The information collected here was thus substantially more revealing than the telephone numbers recorded in Smith.

Importantly, it pointed to how much more revealing Moalin’s metadata was collected in conjunction with that of millions of other people (a point I made shortly after the District Court rejected Moalin’s original challenge).

Also problematic is the extremely large number of people from whom the NSA collected telephony metadata, enabling the data to be aggregated and analyzed in bulk. The government asserts that “the fact that the NSA program also involved call records relating to other people . . . is irrelevant because Fourth Amendment rights . . . cannot be raised vicariously.” Br. of United States 58. The government quotes the FISA Court, which reasoned similarly that “where one individual does not have a Fourth Amendment interest, grouping together a large number of similarly-situated individuals cannot result in a Fourth Amendment interest springing into existence ex nihilo.” In re Application II, 2013 WL 5741573, at *2. But these observations fail to recognize that the collection of millions of other people’s telephony metadata, and the ability to aggregate and analyze it, makes the collection of Moalin’s own metadata considerably more revealing.

After suggesting that Carpenter would apply to this dragnet, the panel then concluded that it doesn’t matter, because the dragnet wasn’t all that central to obtaining a warrant against Moalin.

Having carefully reviewed the classified FISA applications and all related classified information, we are convinced that under established Fourth Amendment standards, the metadata collection, even if unconstitutional, did not taint the evidence introduced by the government at trial. See Wong Sun v. United States, 371 U.S. 471, 488 (1963). To the extent the public statements of government officials created a contrary impression, that impression is inconsistent with the contents of the classified record

This will be a working thread.