John Durham May Have Made Igor Danchenko “Aggrieved” Under FISA

Amidst a bunch of inaccurate quotations and insinuations, John Durham presented evidence in the Igor Danchenko indictment that Olga Galkina was (at least in part) seeking access when she claimed, in 2016, to be a fan of Hillary Clinton. And in the process, Durham may have created some significant discovery and FISA challenges for himself.

Olga Galkina, a friend of Igor Danchenko’s whom he said was the source for a key claim about Carter Page and all the discredited Michael Cohen claims, described herself this way in a declaration submitted in Alfa Bank’s lawsuit against Fusion GPS:

My name is Olga Aleksandrovna Galkina. I am a Russian citizen. I graduated with a law degree from Perm State University in 2002 and with a philology degree from Peoples’ Friendship University of Russia in 2004. In addition to Russian, I speak English and Bulgarian, and have basic knowledge of Georgian and Spanish.

My background is in journalism and public relations. I now work as a communications advisor. Previously, I held a number of positions in public relations and government, including head of the Governor’s Press Service in the Saratov Region (2005–2006); deputy head of the city administration in Saratov (2006–2007); and public relations advisor at Servers.com, a part of the XBT Holding group of companies that includes Webzilla (2015–2016).

[snip]

Igor Danchenko and I have been friends since our teen years in Perm, Russia. Through the years, Mr. Danchenko and I have communicated in person, over the phone, and through electronic messengers. I never gave my permission to Mr Danchenko to publish (or disclose to a third party) any part of our private discussions or private communications.

Mr. Danchenko and I met once in 2016. In connection with my job at Servers.com, I traveled to the United States in the spring of 2016 to participate in the Game Developers Conference event and investigate the prospects of running a public relations campaign for the company in the United States. I asked Mr. Danchenko to assist those efforts, and he introduced me to a third party, Charles Dolan, whom he thought could help. Mr. Danchenko and I did not discuss anything related to the Dossier or its contents during this meeting.

Note that this entire declaration is designed as a non-denial denial. The denial that she discussed the dossier in spring 2016, before the dossier project began, is in no way a denial that she discussed stuff — with Danchenko or Dolan — that ended up in the dossier, nor does she deny being the source of anything but the Alfa Bank allegations elsewhere in the declaration.

Durham describes Galkina this way.

At all times relevant to this Indictment, DANCHENKO maintained communications with a Russian national (“Russian Sub-Source-I”) based in a foreign country (“Country-1”) who, according to DANCHENKO, acted as one of DANCHENKO’s primary sources of information for allegations contained in the Company Reports. DANCHENKO and [Galkina] had initially met as children in Russia, and remained friends thereafter.

In or about early 2016, Russian Sub-Source-I began working at a business based in Country-1 (“Business-1”) that was owned by a Russian national and would later appear in the Company Reports. [Galkina] conducted public relations and communications work for Business-1

Business-1 would be XBT Holdings, which appeared in the last dossier report.

The Danchenko indictment barely mentions the long ties between him and Galkina, and doesn’t explain that she was the alleged source for the Cohen allegations (or even the claim that Danchenko named her as the source for a meeting Page had in Moscow, something utterly central to Durham’s project). Instead, it focuses on the fact that, after Danchenko himself met PR Executive Charles Dolan (through Fiona Hill) in February 2016, the next month, Danchenko introduced Dolan to Galkina for obvious business reasons, and then they all continued to communicate, both with Danchenko included and without him.

In or about March 2016, and prior to the June 2016 Planning Trip, DANCHENKO learned from Russian Sub-Source-I that Business-I was interested in retaining a U.S.-based public relations firm to assist with Business-1 ‘sentry into the U.S. market. DANCHENKO brokered a meeting between PR Executive-I and Russian Sub-Source-I to discuss a potential business relationship. Thereafter, PR Firm-I and Business-I entered a contractual relationship.

In or around the same time period, DANCHENKO, PR Executive-I, and Russian Sub-Source-I communicated about, among other things, the business relationship between Business-I and PR Firm-I. [my emphasis]

Thus far, this is garden variety networking, plopped into an indictment for reasons that do not directly relate to the crimes alleged.

The indictment then turns to laying out that, in conversations not including Danchenko, Dolan and Galkina spoke of their mutual enthusiasm for Hillary Clinton. Except the second paragraph Durham uses to substantiate “their [shared] support for Hillary Clinton” has nothing to do with Hillary Clinton, but in fact shows that Galkina was using Dolan’s ties to senior Russian officials for her own career advantage.

41. During the same time period, [Galkina] and [Dolan] communicated regularly via social media, telephone, and other means. In these communications and others, [Galkina] and [Dolan] discussed their political views and their support for Hillary Clinton.

[snip]

b. Additionally, on or about July 13, 2016, [Galkina] sent a message to a Russia-based associate and stated that [Dolan] had written a letter to Russian Press Secretary-I in support of [Galkina]’s candidacy for a position in the Russian Presidential Administration.

This is important, presumably, because it shows Dolan had better access to some figures in the dossier than Galkina did, but it has nothing to do with Hillary Clinton. It does, however, show that Galkina used her relationship with Dolan for access, even in Russia. And Durham is likely to argue that she used that access to obtain information that she then shared with Danchenko, which ended up in the dossier.

But it’s also important because, in the later communications quoted, Durham shows that Galkina was leveraging her relationship with Dolan — and bragging about it to an associate — in hopes of access under a Hillary presidency.

d. In or about August 2016, [Galkina] sent a message to a Russia-based associate describing [Dolan] as an “advisor” to Hillary Clinton. [Galkina] further commented regarding what might happen if Clinton were to win the election, stating in Russian, “[W]hen [[Dolan] and others] take me off to the State Department [to handle] issues of the former USSR, then we’ll see who is looking good and who is not.”

e. In or about September 2016, [Galkina] made a similar comment in a message to the same associate, stating in Russian that [Dolan] would “take me to the State Department if Hillary wins.”

f. On or about November 7, 2016 (the day before the 2016 U.S. Presidential election), Russian Sub-Source-I emailed [Dolan] in English and stated, in part: [] I am preparing you some information on former USSR/UIC countries, Igor [DANCHENKO] possibly told you about that. …. Tomorrow your country is having a great day, so, as a big Hillary fan, I wish her and all her supporters to have a Victory day. Hope, that someday her book will have one more autograph on it) Thank you for your help and support, Best regards, [First Name of Russian Sub-Source-I] [my emphasis]

All this Hillary support — shared with Dolan, but not (at least in this indictment) with Danchenko — does matter to Durham’s project. The allegations Danchenko attributed to Galkina were the most damning in the dossier, including the post-election (purportedly free) report that Michael Cohen had actually paid for Russian hackers. If she genuinely supported Hillary, it’s possible she knowingly fed Danchenko bullshit in hopes of helping Hillary’s chances.

But those Cohen allegations were also the earliest claims debunked in the dossier. By January 12, 2017 (so, importantly, weeks before Danchenko’s first FBI interview and before Galkina tasked Danchenko with a collection request in the wake of the dossier’s release), the FBI had obtained information marking the Cohen allegations as likely disinformation.

A January 12, 2017, report relayed information from [redacted] outlining an inaccuracy in a limited subset of Steele’s reporting about the activities of Michael Cohen. The [redacted] stated that it did not have high confidence in this subset of Steele’s reporting and assessed that the referenced subset was part of a Russian disinformation campaign to denigrate U.S. foreign relations. A second report from the same [redacted] five days later stated that a person named in the limited subset of Steele’s reporting had denied representations in the reporting and the [redacted] assessed that the person’s denials were truthful.

This report should have led the FBI to treat any allegation sourced to Galkina, including the damning Carter Page one, with caution. All the more so after Danchenko told them (as he did in his January interviews) that Galkina recognized Cohen’s name almost immediately when he asked her for information about Trump’s associates.

[Danchenko] began his explanation of the Prague and Michael Cohen-related reports by stating that Christopher Steele had given him 4-5 names to research for the election-related tasking. He could only remember three of the names: Carter Page, Paul Manafort and Michael Cohen. When he talked to [Galkina] in the fall of 2016 — he believes it was a phone call — he rattled off these names and, out of them, he was surprised to hear that [she] immediately [later [Danchenko] softened this to “almost immediately”] recognized Cohen’s name.

But her emails boasting that Dolan would get her access to State in a Hillary Administration are naked influence-peddling, whether for banal careerist reasons or for more malign purposes of access. They are what you’d expect from anyone with growing ties to a well-connected person, regardless of political leanings.

And we already knew — and the FBI knew — that Galkina had sent communications indicating strong support for Hillary (whether good faith or feigned for access purposes). That was revealed in a footnote to the DOJ IG Report declassified in response to Chuck Grassley and Ron Johnson demands in April 2020. That footnote strongly suggests that FBI learned it from obtaining Galkina’s communications under FISA Section 702 (the footnote only makes sense if they had 702 collection on Galkina and only Galkina), and they learned it by “early June 2017.”

FBI documents reflect that another of Steele’s sub-sources who reviewed the election reporting told the FBI in August 2017 that whatever information in the Steele reports that was attributable to him/her had been “exaggerated” and that he/she did not recognize anything as originating specifically from him/her. 347

347 The FBI [received information in early June 2017 which revealed that, among other things, there were [redacted]] personal and business ties between the sub-source and Steele’s Primary Sub-source; contacts between the sub-source and an individual in the Russian Presidential Administration in June/July 2016; [redacted] and the sub‐source voicing strong support for candidate Clinton in the 2016 U.S. elections. The Supervisory Intel Analyst told us that the FBI did not have Section 702 coverage on any other Steele sub‐source. [my emphasis]

Galkina is the one Danchenko sub-source that the FBI interviewed directly. The business ties between her and Danchenko reflect loans back and forth. The contacts reflected here with someone in the Presidential Administration in June/July may reflect Dolan’s recommendation of Galkina for a job. The second redaction here may even include a reference to Dolan.

There are a whole slew of implications from this detail, if it indeed reflects that FBI obtained Galkina’s communications using Section 702, which by description included the communications with Dolan about Hillary and would have included any US-cloud based communications she had Danchenko as well.

The first implication is that, in relying on communications involving Danchenko, Galkina, and Dolan (bold and underlined above), Durham may have made Danchenko an “aggrieved person” under FISA.

The term “aggrieved” under FISA is a technical legal one, and one that the US government makes great efforts to obscure. But anyone whose communications “were subject to electronic surveillance,” is aggrieved.

“Aggrieved person” means a person who is the target of an electronic surveillance or any other person whose communications or activities were subject to electronic surveillance.

And FISA mandates that the government provide FISA notice to someone if they intend to use evidence obtained or derived from electronic surveillance “in any trial, hearing, or other proceeding in or before any court.”

Whenever the Government intends to enter into evidence or otherwise use or disclose in any trial, hearing, or other proceeding in or before any court, department, officer, agency, regulatory body, or other authority of the United States, against an aggrieved person, any information obtained or derived from an electronic surveillance of that aggrieved person pursuant to the authority of this subchapter, the Government shall, prior to the trial, hearing, or other proceeding or at a reasonable time prior to an effort to so disclose or so use that information or submit it in evidence, notify the aggrieved person and the court or other authority in which the information is to be disclosed or used that the Government intends to so disclose or so use such information.

While the government treats information obtained from the cloud as a physical search, after the Snowden releases, DOJ started notifying some defendants of 702 surveillance and in 2018 (before Durham was appointed), Congress mandated that information obtained under FISA 702 be treated as electronic surveillance for FISA’s notice provision.

Information acquired from an acquisition conducted under section 1881b of this title shall be deemed to be information acquired from an electronic surveillance pursuant to subchapter I for purposes of section 1806 of this title.

In 2018, Congress has also imposed restrictions on the searches of 702 data for criminal prosecution, restrictions that the FBI famously blew off under Bill Barr.

Also in 2018, Congress demanded that the government keep better records of how US person names get unmasked in FISA surveillance.

To be very clear: this doesn’t help Danchenko all that much. The government’s precedents seem to say that notice provisions only trigger in an actual trial, so including reference to communications that would have first been obtained under 702 in an indictment probably wouldn’t normally trigger the notice requirement. If Durham restricted himself to using only those communications involving Galkina and Dolan but not Danchenko at trial, it would not render Danchenko “aggrieved,” because a person is only aggrieved if his own communications are used, not if communications of two associates he introduced are used to prosecute him.

Moreover, as anyone not named Carter Page would discover, FISA’s due process protections are basically useless. If DOJ determined that Danchenko was, indeed, aggrieved, he’d get notice and a judge would review how Galkina got targeted and almost immediately determine that Galkina was lawfully targeted under 702 (she was) and FBI was not primarily trying to get Danchenko’s communications with her (they weren’t), and that would be that.

Plus, DOJ has developed a number of ways to launder 702 information, such as getting the same information first obtained with a 702 directive with a warrant, and then claiming, implausibly, that the criminal process was not “derived from” the FISA process. Durham might even try to claim he didn’t discover this information via FISA, he obtained it via completely independent parallel means. In any case, DOJ has well-developed ways of parallel constructing information collected via sensitive means to hide its sourcing.

Still, Danchenko might have cause to question whether Durham complied with search requirements and whether the FBI properly documented any searches of Galkina’s communications used in a non-national security investigation, but even there, the original investigation implicating Galkina was undeniably a national security one, investigating whether Carter Page was a foreign agent, and so that original search would not require documentation (and preceded the rigorous application of that requirement in any case).

The point of all this is not that this helps Danchenko, at all, from a due process standpoint. But in the same way that Carter Page used his status as the first person to learn he was targeted under FISA without being prosecuted to cause a great deal of trouble, Danchenko might be able to use his status as someone whose prosecution appears to tie directly to 702 searches years ago to cause a great deal of trouble. Because DOJ has already declassified material that ties these communications to 702 collection, Danchenko may be able to demand transparency about FISA procedures that no one before him has ever been able to, and that may complicate prosecution of him.

And, at the very least, Danchenko will be able to demand discovery on the circumstances of this collection when otherwise, DOJ would be able to hide it under FISA disclosure protections. Normally, if DOJ did not rely on these communications, they would not have to inform Danchenko about them at all. But given that DOJ has already acknowledged them and seemingly identified them as Section 702 collection, DOJ will be forced to acknowledge that by early June 2017, they had these communications.

The fact that DOJ obtained information showing the ties between Dolan and Galkina in “early June” may go a long way (along with demonstrating Durham’s inaccurate citation) to disproving the alleged lie charged in Count One of this indictment. It certainly undermines Durham’s claims that the lie was material. It further will make it easy to suggest that this prosecution arises out of political animus (though that is always of limited use at trial).

In substantiating the case that Carter Page was wrongly aggrieved under FISA thanks to rumors passed along by Igor Danchenko, Durham appears to have similarly made Danchenko aggrieved himself. And that may help him defend himself in ways that would not otherwise be available.

Related documents

Danchenko posts

The Igor Danchenko Indictment: Structure

John Durham May Have Made Igor Danchenko “Aggrieved” Under FISA

“Yes and No:” John Durham Confuses Networking with Intelligence Collection

Daisy-Chain: The FBI Appears to Have Asked Danchenko Whether Dolan Was a Source for Steele, Not Danchenko

Source 6A: John Durham’s Twitter Charges

John Durham: Destroying the Purported Victims to Save Them

John Durham’s Cut-and-Paste Failures — and Other Indices of Unreliability

Aleksej Gubarev Drops Lawsuit after DOJ Confirms Steele Dossier Report Naming Gubarev’s Company Came from His Employee

In Story Purporting to “Reckon” with Steele’s Baseless Insinuations, CNN Spreads Durham’s Unsubstantiated Insinuations

On CIPA and Sequestration: Durham’s Discovery Deadends

The Disinformation that Got Told: Michael Cohen Was, in Fact, Hiding Secret Communications with the Kremlin

The Two New Material Errors Are the News from the IG Report on Woods File Errors

Footnote 14 in a DOJ Inspector General Report summarizing the problems with the FBI’s compliance with the Woods requirement released last week claims to lay out why reviewing Woods file compliance is a good measure of FISA.

14 The OIG’s December 2019 FISA Report demonstrates the significant problems that can result from a lack of compliance with the Woods Procedures. For example, one of the Woods Procedures-based failures detailed in our December 2019 report concerned the failure to seek and document the handling agent’s approval of the source characterization statement for Christopher Steele in the FISA applications, which we found overstated Steele’s bona fides and gave the misimpression that Steele’s past reporting to the FBI had been deemed sufficiently reliable by prosecutors to use in court and that more of his information had been corroborated than was actually the case. As detailed in our December 2019 report, the handling agent told us that had he been shown the source characterization statement, as required by the Woods Procedures, he would not have approved it. Given the importance of a source characterization statement to the FISC’s determination of a source’s reliability, the failure to comply with the Woods Procedures was a significant error on the part of the FBI case agents involved and their supervisors. Moreover, this issue compounded other serious problems with the subsequent FISA renewal applications, such as the FBI’s continued reliance on Steele’s information despite the fact that the Primary Sub-source, during his FBI interviews, had contradicted Steele’s reporting on several critical issues.

The footnote badly overstates its claim.

In a post laying out how the Woods file errors in Carter Page’s applications weren’t the real indicators of a problem, I noted that Steele’s FBI handler, Mike Gaeta, had explained why he treated Steele’s reporting as reliable, even though Steele had never testified in any trials, the measure FBI normally uses to measure the reliability of a source.

[DOJ IG identified two claims unsupported by the Woods file stating] that Christopher Steele’s reporting had been corroborated, something the DOJ IG Report lays out at length was not true in the terms FBI normally measured. Except, even there, Steele handler Mike Gaeta’s sworn testimony actually said it had been. He described jumping when Steele told him he had information because he was a professional,

And at that time there were a number of instances when his information had borne out, had been corroborated by other sources.

He also provided a perfectly reasonable explanation for why Steele’s reporting was not corroborated in the way DOJ IG measured it in the report: because you could never put Steele on a stand, so his testimony would never be used to prosecute people.

From a criminal perspective and a criminal investigative kind of framework, you know, Christopher Steele and [redacted] were never individuals who were going to be on a witness stand.

In other words, while it appears that DOJ cleaned up many of the errors identified by DOJ IG by finding the documentation to back it over the course of months, the public record makes it clear that Crossfire Hurricane would have been able to clear up even more of the Page Woods file.

Per the IG Report, Gaeta would not have approved the source statement in the Carter Page application as written. But Gaeta is on the record explaining what measure he used to assess a source who would never be asked to testify but whose reporting had nevertheless “borne out.” And Gaeta, per his Congressional testimony, believed Steele’s reporting was worth immediate attention.

There was just one other Woods file error identified in the Carter Page IG Report that wasn’t proven elsewhere that can be publicly tested — a James Clapper claim that Russia had provided money (unproven) and disinformation (proven) to particular candidates. The majority of the problems in the Page report, however, weren’t related to a Woods violation, in large part because they were about critical information omitted from the applications, not included.

That is, the Woods file was pretty much useless for identifying the real errors in the Carter Page applications. That’s why I’m sympathetic with a comment that DOJ IG cited critically — DOJ IG judged that the comment “dismiss[ed …] the weaknesses we identified related to compliance with the Woods Procedures” — that the IG emphasis on Woods file compliance may distract from getting material facts correct.

While we all understand the extreme importance of presenting accurate facts to any court on material issues, there is a concern that we are allowing our efforts to be diverted from that very important goal and instead diverted to the creation of picture perfect Woods binders that literally support every granular fact in the application regardless of whether it is material to probable cause.

That’s why — as my previous post laid out at length — the DOJ IG audit is most useful for identifying problems in the claims FBI and DOJ made about the FISA process, as well as larger systematic problems identified. For example, DOJ IG scolded DOJ for releasing a statement boasting, in summer of 2020, of its accuracy, while downplaying the seriousness of the errors DOJ IG identified (something I noted in my earlier post).

On July 30, 2020, following the Department’s review of the remaining applications, the FBI issued a press statement that again referenced the FBI’s “dedicat[ion] to the continued, ongoing improvement of the FISA process to ensure all factual assertions contained in FISA applications are accurate and complete,” while highlighting that “DOJ and FBI discovered only two material errors [in the 29 FISA applications] but—most importantly—neither of these errors is assessed to have undermined or otherwise impacted the FISC’s probable cause determinations” (emphasis in original). The statement went on to state that “Within these thousands of facts, there were approximately 201 non-material errors found, across the 29 applications. These include minor typographical errors, such as misspelled words, and slight date inaccuracies.”28 However, the statement did not mention that the majority of the FISA application errors—124 of these 201—involved errors beyond minor typographical mistakes and date errors, including deviations from source documentation, misidentified sources of information, and unsupported facts.

The report provided examples of the kinds of errors that DOJ deemed fairly insignificant. My favorite — which DOJ considered non-material — is that a counterintelligence suspect had visited an entirely different continent than the country they were suspected of being an agent of, but FBI misreported that destination.

Example: The FISA application stated the target returned from a trip overseas from the specific country of counterintelligence threat concern, but the support in the Woods File stated that the target was returning from a country on a different continent.

In perhaps the most telling example, though, DOJ IG described how FBI blew off as “subjective” a FISA application assertion that DOJ IG identified as a “potential inaccuracy,” only to have NSD determine the inaccuracy was not only an error, but a material one requiring a report to FISC.

[T]here were 30 instances where FBI field personnel initially determined that the potential inaccuracy we identified was not an error, yet NSD OI ultimately determined it was an error, which was thereafter reported to the FISC. In one instance that was ultimately determined to be a material omission of fact by NSD OI, the FBI field office’s initial response dismissed our note and stated that the issue was “subjective” and “not material to probable cause.”

The IG Report identifies that, in addition to two publicly released letters to FISC (one, two) describing the errors DOJ identified based off DOJ IG’s preliminary review of 29 cases, there was a third, dated October 28, 2020, which DOJ NSD has not made public, revealing two additional material errors.

In three separate filings with the FISC on June 15, July 29, and October 28, 2020, the Department and FBI provided the results after their assessment of the CDC accuracy reviews of the 29 FISA applications that the OIG had reviewed and in which we had identified numerous potential errors. 12 In total, the Department notified the FISC about 209 instances of unsupported or inaccurate statements, as well as omissions of fact, that it had identified in 27 of the 29 FISA applications. The Department and FBI further informed the FISC that 2 of the 29 FISA applications reviewed did not contain any inaccurate statements.13 Of the total 209 errors reported to the FISC, 162 related to initial concerns identified in the OIG’s review. The additional errors reported were identified by the FBI in its subsequent CDC accuracy reviews in response to the FISC’s order.

[snip]

The Department and FBI determined that 4 of the 209 identified errors were material errors. FBI policy and the 2009 Accuracy Memorandum define material facts as “those facts that are relevant to the outcome of the probable cause determination” and states that NSD OI determines whether a misstatement or omission is capable of influencing the FISC’s probable cause determination. The Department further assessed that none of these 209 errors undermined or otherwise impacted the FISC’s probable cause determinations. The four reported material errors or omissions occurred in three different applications related to different targets. The material errors were:

  • Failing to include context to inform the reader of the application that certain remarks the target made about a particular organization were made, according to evidentiary support, to provoke a response from law enforcement personnel. Instead, the application simply stated that the target expressed support of the referenced organization.
  • Describing the target’s support for a specific group, where the evidence in the Woods File instead indicated the target supported a specific cause.
  • Describing that the target used a financial account as of a certain date. NSD OI stated that it was not evident from the supporting documentation how recently the government had confirmed the target’s use of the financial account, and certain evidence on the target’s use of the financial account was several years prior to the date included in the application.
  • Failing to include the required reliability statement for one of two CHSs referenced in the application.

It’s not just that FBI treated a comment made by someone trying to “provoke a response from law enforcement personnel” as sincere. It’s that having already reviewed all these errors and publicly boasted about how minimal they were (even while ignoring that none of the worst problems in the Carter Page applications were found using this methodology), DOJ somehow went back and discovered there were additional problems, one of which they had dismissed as “subjective.”

Don’t get me wrong. The headline findings — that FBI simply didn’t have Woods files for a number of applications — are concerning.

Out of the FBI’s stated universe of over 7,000 FISA applications for which Woods Files appeared to be required, we identified at least 179 instances (in addition to the 4 that the OIG previously identified) across 21 field offices where the respective field office reported the Woods File as missing or incomplete and requiring whole or partial reassembly.17

But they’re frankly not the real concern. The real concern is that the Woods file is not designed to fix the problems identified in the Carter Page applications (and this report doesn’t describe whether an effort to elicit information that might otherwise be omitted is working). And somewhere along the way, Billy Barr’s DOJ admitted to the FISC that their self-congratulatory press boasts turned out to be inaccurate without revealing that publicly.

Update, 11/14/21: I just realized that the Woods File violation pertaining to Clapper involved the FBI paraphrasing a Clapper interview otherwise quoted before and after the violative language.

CLAPPER: In the U.S., the United States. And of course there is a history there of — there is a tradition in Russia of interfering with the elections, their own and others’. So it shouldn’t come as a big shock to people. I think it’s more dramatic maybe because now they have the cyber tools that they can bring to bear in the same effort. This is still going on, but I will say that it’s probably not real, real clear whether there is influence in terms of outcome. What I worry about more, frankly, is just sowing seeds of doubt, where doubt is cast on the whole process. So what are we doing about it? Well, apart from what you talked about, certainly DHS, Secretary Jeh Johnson has been very active with state election officials, offering, you know, our services and best practices and that sort of thing to secure, where appropriate, particularly if there is any dependence on the Internet in the course of the conduct of an election in voter registration, databases or the actual conduct of the election. We have a strength here in that we don’t have a centralized electoral system. It’s very decentralized among the states and local officials, and that actually works our advantage to be really a real monumental undertaking to try to affect the election nationally. But again, I think probably the more likely — and I am just surmising here — the more likely objective to would be to try to just sow seeds of doubt about the efficacy and viability and the sanctity — if I could use that word — of the whole system. _________IGNATIUS: You mentioned that there had been past instances where Russia — in this case I assume the Soviet Union — had tried to interfere in our election process. I probably should know what those are but I don’t. What comes to mind in terms of the past history of this? _________CLAPPER: Well, where they have fed money to opposition candidates, or tried to feed disinformation. Again, the way it was done during the Cold War, which of course preceded what we now know as the cyber era. And of course the record is replete with cases of influencing elections in East Europe and that sort of thing by, by today’s standards, more primitive methods. They have a history of that

Tucker Carlson Burns FBI or NSA Intercepts Regarding His 30-Month Pursuit of Face-Time with Vladimir Putin

Last week, I suggested that one possible explanation for Tucker Carlson’s claim to have been spied on by NSA is that he had a back channel with Russian operatives and was trying to get ahead of allegations that he was coordinating with Russian agents.

Particularly if the communications implicating Carlson were damning and potentially illegal, leaking them to him would be an easy way to flip the story, and accuse NSA of spying rather than Carlson of coordinating with Russian agents. Again, that’s all just a hypothetical that might explain Carlson’s claims.

Overnight, Jonathan Swan — who’s a political reporter, not a surveillance reporter — described that sources claimed authorities had obtained communications from Tucker Carlson’s efforts to get an interview with Vladimir Putin. Swan describes that Tucker had two intermediaries with Russia, but they live in the US. (I had hypothesized these might be Ukrainian sources, but Swan suggests they’re Russians.)

Two sources familiar with Carlson’s communications said his two Kremlin intermediaries live in the United States, but the sources could not confirm whether both are American citizens or whether both were on U.S. soil at the time they communicated with Carlson.

Swan doesn’t note that if the surveillance happened in the US, it would have formally been an FBI intercept, not an NSA one (just as the intercepts showing Mike Flynn’s secret back channel with Russia were collected by the FBI). But he does a good job of laying out the most likely ways this happened, which is that the NSA or FBI were surveilling the kind of people they’re supposed to surveil: Russian agents, whether overt or covert.

  • The first — and least likely — scenario is that the U.S. government submitted a request to the Foreign Intelligence Surveillance Court to monitor Carlson to protect national security.
  • A more plausible scenario is that one of the people Carlson was talking to as an intermediary to help him get the Putin interview was under surveillance as a foreign agent.
  • In that scenario, Carlson’s emails or text messages could have been incidentally collected as part of monitoring this person, but Carlson’s identity would have been masked in any intelligence reports.
  • In order to know that the texts and emails were Carlson’s, a U.S. government official would likely have to request his identity be unmasked, something that’s only permitted if the unmasking is necessary to understand the intelligence.

The import of the agency involved — FBI or NSA — is that “unmasking” works quite differently for the FBI, which has a duty to guard against spying in this country. FBI agents tracking a known Russian agent might review such communications to find out if a high profile US journalist was being recruited by a known Russia spy. And if this was the FBI, it might explain how it recently became known: because Merrick Garland’s DOJ is trying to disclose all the tracking of journalists that took place under the Trump Administration.

This entire faux scandal feels just like ones that Devin Nunes has twice sown, first when Republican members of Congress got picked up undermining US policy with Bibi Netanyahu, and then again when Trump’s Transition team set up a secret back channel meeting with UAE. Each time Nunes has done this, it was with the seeming intent of flipping the scandalous efforts of Republicans to undermine US policy.

That’s consistent with Tucker’s claim that his source is “in a position to know.”

The whistleblower, who’s in a position to know, repeated back to us information about a story we are working from that could have only come directly from my texts and emails. There’s no other possible source for that information, period. The NSA captured that information without our knowledge and did it for political reasons.

But it also means that, if true, then Tucker and his source — whom Tucker himself suggests had a need to know — just burned intercepts on legitimate surveillance targets from a hostile country.

Plus, there’s a far bigger problem with Tucker’s currently operative story. Jason Leopold liberated Tucker’s FOIA request to obtain what he claims would be proof of this spying. Whether intentionally or because of incompetence, the FOIA was written in such a way that it is guaranteed to fail to find anything, because it uses language that NSA would understand to mean communications targeting Tucker (and, specifically, communications obtained from physical possession of Tucker’s phone).

More interesting than the failure by design is the scope. Tucker believes these sensitive communications — ostensibly a recent effort to set up an interview with Vladimir Putin — extend from January 1, 2019 until June 28, 2021, the date he first revealed this.

That’s thirty months he has been working with Russian back channels, purportedly to set up a meeting with Putin.

That, by itself, may explain why the communications generated further attention (if indeed they did). Thirty months isn’t the pursuit of an interview, it’s a long term relationship. This would look like a recruitment effort, not journalism.

It also explains why, even though Tucker himself is the person who leaked these details (again, burning what by all accounts are legitimate intercept targets), he claims it was an effort to take him off the air. If the FBI believes that Tucker really was pursuing a long-term relationship with Russian agents, then even Fox News might rethink giving him a platform. But that wouldn’t be the content of the communications, per se, but the fact that they appear to have been going on for thirty months.

PCLOB: The Essential Oversight Link Designed to Be Inadequate

Last year, there were a couple of measures that purported to respond to the problems with the Carter Page FISA application but which would not have helped him at all. In February, House Judiciary Committee rolled out a bill to replace the now-lapsed Section 215 of FISA that included a Privacy and Civil Liberties Oversight Board review of the impact that tradition FISA had on First Amendment Activities.

SEC. 303. REPORT ON USE OF FISA AUTHORITIES REGARDING PROTECTED ACTIVITIES AND PROTECTED CLASSES.

(a) REPORT.—Not later than one year after the date of the enactment of this Act, the Privacy and Civil Liberties Oversight Board shall make publicly available, to the extent practicable, a report on—

(1) the extent to which the activities and protected classes described in subsection (b) are used to support targeting decisions in the use of authorities pursuant to the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.); and

(2) the impact of the use of such authorities on such activities and protected classes.

As I noted at the time, because PCLOB’s mandate is limited to counterterrorism, it would not be able to look at counterintelligence targeting. This is not the first time that PCLOB’s mandate made its work less useful than it could be. Because its Section 702 report was necessarily limited to the counterterrorism uses of the law, PCLOB’s report did not address problems with the cybersecurity and counterproliferation uses of Section 702, both of which have far more unexpected impact on US person’s privacy than the counterterrorism use.

Then, in May, PCLOB’s Chair, Adam Klein, announced PCLOB was going to review traditional FISAs.

Adam I. Klein, the chairman of the privacy board, said that the issues Horowitz surfaced were precisely those that the board was established to examine.

“This is at the heartland of our jurisdiction,” said Klein, a lawyer and prominent researcher of FISA and other national security laws. “The IG found systemic compliance problems. At a minimum, we have a duty to inform ourselves.”

I again noted that PCLOB’s mandate would limit the value of such a review, and indeed, would prevent PCLOB from even reviewing the precipitating application, Page’s counterintelligence application.

Last week, Klein released the results of that review, billed and released not as a PCLOB report, but as a Chairperson’s White Paper (Klein has said he’d step down once Joe Biden replaced him). He makes clear,

I provide several observations and recommendations based on this review. These views are provided in my individual capacity as Chairman and should not be attributed to the Board as a whole or to other members of the Board.

Its recommendations are not obviously supported by the described scope of the review. His White Paper generally argues for more efficiency, a recommendation that conflicts with virtually all other conclusions that came out of the Carter Page review (though some of his recommendations to achieve efficiency, such as making the authorization period for non-US person FISA applications one year, make sense). He makes two recommendations (that the Woods file not require repeated documentation for repeated facts and that DOJ distinguish between information known at the time and information learned subsequent to an initial application) that would undercut some of the results of the DOJ IG Report on Carter Page.

Klein’s White Paper does recommend that a summary memo submitted with the application which highlights novel privacy, legal, or technological issues. If the FBI Director or his delegate were required to sign off on that summary as well as the current certification (that doesn’t address the probable cause content of the application in the least), it might provide a level of accountability that (Congress doesn’t yet understand) FISA currently lacks. Other than that, Klein’s White Paper reads as much like a valedictory trying to guide future PCLOB plans as it does a report to improve FISA. Almost two pages of the 26-page report constitutes a recommendation to reauthorize Section 215 of FISA.

But, as predicted, the review did not consider anything remotely pertinent to what happened to Carter Page.

To conduct its review of applications themselves, PCLOB asked for and received the subset of the 29 FISA files that DOJ IG is conducting a review of that pertain to counterterrorism as well as the backup exchange between FBI and DOJ regarding those applications. That included:

  • 19 total applications (out of 29 reviewed by DOJ IG)
  • All counterterrorism targets
  • Most located in United States at time of targeting

These details help us understand the two reports DOJ IG wrote about the full set of 29 files, which I wrote about here. Of the 29, ten must be counterintelligence files like Carter Page’s.

Because PCLOB did not review the counterintelligence applications, it only reviewed one of the two for which DOJ IG found a material error.  The second was a CI application that showed a worse error rate than the Carter Page file (which was measured using a different methodology than the Carter Page one).

It also didn’t review any Sensitive Investigative Matters — applications which, like Carter Page’s, involve someone who is a political, journalistic, or religious figure whose targeting should get extra scrutiny. That seems to suggest that DOJ IG did not include any counterterrorism applications targeting SIMs in its review (it would seem SIMs would be more likely to be targeted on the counterintelligence side, but we know of religious and political figures targeted under counterterrorism FISA applications). These would be the applications that pose the greatest privacy and civil liberties concern.

In lieu of that, FBI Office of General Counsel provided PCLOB with,

The number of “sensitive investigative matters” pertaining to U.S. persons in which FBI sought a FISA probable cause order in each year between 2015 and 2019, a summary of each matter (including the type of investigation and the features resulting in its classification as a “sensitive investigative matter”), and whether each request was granted.

That’s presumably how PCLOB learned that there aren’t all that many SIMs targeted under FISA.

[I]nformation received by the Board indicates that relatively few FISA applications are obtained each year in SIMs.

Still, this is the core of what you’d need to review to serve the function of PCLOB. Klein even appears not to have reviewed Page’s significantly declassified public applications, which would have been simple to do, would have provided him something to compare the counterterrorism applications he reviewed with, but which would have been outside the scope of PCLOB’s mandate.

This matters because PCLOB has been reasonably effective. Indeed, in a book published in April in recognition of the 50th Anniversary of the Pentagon Papers, Lisa Monaco (in a contribution submitted before she became Deputy Attorney General) pointed to PCLOB’s contributions after the Snowden releases as an important way forward to balance security and secrecy in the age of mass leaks. Monaco even recommended that PCLOB consult with the Director of National Intelligence prior to the implementation of certain policies. (Director of National Intelligence Avril Haines also contributed a chapter to the book, which was far more intriguing that Monaco’s.)

Another would be to institute a practice of DNI consultation with the PCLOB before the adoption of certain collection programs. The PCLOB served an important function after disclosures precisely because it is charged with considering privacy and civil liberties implications as well as the national security implications of counter-terrorism programs.82 It could be a valuable addition to the consideration and review of some intelligence programs for a standing body with the infrastructure to handle classified information to work with privacy officers in each agency to assess privacy concerns and conduct privacy impact assessments that are reported to the DNI.

But as noted above, even PCLOB’s Section 702 review suffered because it couldn’t look at several of the applications of 702, applications implicated by the Snowden releases.

Last year, I was told that efforts to expand the jurisdiction of PCLOB would be a poison pill to any bill to which they were attached. I can only assume that means the Executive doesn’t want to expose to scrutiny they kinds of practices that were central to the Carter Page application.

But if Lisa Monaco believes PCLOB has a role to play in balancing national security and secrecy, she should ensure its mandate is sufficiently broad to do that job.

Some Perspective on the Politicized Leak Investigation Targeting Adam Schiff

The NYT reported the other day that DOJ obtained phone records of Adam Schiff, Eric Swalwell, and a bunch of House Intelligence Committee staffers in the guise of what it reports is a leak investigation (though given the specific form of Bill Barr’s prevarications about his knowledge, may have been repackaged as something else when the investigation was resuscitated in 2020).

Prosecutors subpoenaed Apple for data from the accounts of at least two Democrats on the House Intelligence Committee, aides and family members. One was a minor.

All told, the records of at least a dozen people tied to the committee were seized in 2017 and early 2018, including those of Representative Adam B. Schiff of California, then the panel’s top Democrat and now its chairman, according to committee officials and two other people briefed on the inquiry. Representative Eric Swalwell of California said in an interview Thursday night that he had also been notified that his data had subpoenaed.

Prosecutors, under the beleaguered attorney general, Jeff Sessions, were hunting for the sources behind news media reports about contacts between Trump associates and Russia. Ultimately, the data and other evidence did not tie the committee to the leaks, and investigators debated whether they had hit a dead end and some even discussed closing the inquiry.

But William P. Barr revived languishing leak investigations after he became attorney general a year later. He moved a trusted prosecutor from New Jersey with little relevant experience to the main Justice Department to work on the Schiff-related case and about a half-dozen others, according to three people with knowledge of his work who did not want to be identified discussing federal investigations.

The initial collection and especially the subsequent treatment were clearly politicized — and more importantly, stupid, from an investigative standpoint. But, especially because this involves Adam Schiff, some exactitude about what went on really is required.

This is not spying

First, this is not “spying.” If the use of informants to investigate members of the Trump campaign and Hillary Clinton’s Foundation during a political campaign is not spying, if the use of a lawful FISA to conduct both physical and electronic surveillance on recently departed campaign volunteer Carter Page is not spying — and Adam Schiff said they were not, and I agree — then neither is the use of a subpoena to collect the phone records of Democrats who had knowledge of information that subsequently leaked in a fully predicated (and very serious) leak investigation.

This is “just” metadata

According to all reports, the government obtained the iPhone metadata records of 73 phone numbers and 36 email addresses. Apple suggests other tech companies probably got subpoenas, too, which means that some of those email addresses probably weren’t Apple emails.

But it was — as Adam Schiff said many times when defending a program that aspired to collect “all” the phone records in the United States — “just” metadata.

I don’t mean to belittle the impact of that. As I and others argued (against Schiff), metadata is actually profoundly revealing.

But if this is a problem (it is!), then people like Adam Schiff should lead a conversation about whether the standard on collection of metadata — currently, it only needs to be “relevant to” an investigation — is what it should be, as well as the rules imposed on future access to the data once collected prevent abuse.

Apple (and other tech companies) wouldn’t have known this was Adam Schiff

Even people who understand surveillance seem to believe that Apple would have known these requests targeted Adam Schiff in a leak investigation and therefore should have done more to fight it, as if the actual subpoena would be accompanied with an affidavit with shiny flags saying “HPSCI Ranking Member.”

They wouldn’t have. They would have gotten a list of selectors (some of which, by its description, it probably did not service), a description of the crime being investigated (a leak), and a gag order. The one thing that should have triggered closer review from Apple was the number of selectors. But apparently it did not, and once Apple complied, the data was swept up into the FBI’s servers where it presumably remains.

The subpoena was overly broad and not tailored to limit damage to Schiff

All that said, there were aspects of the subpoena that suggest it was written without any consideration for limiting the damage to Congressional equities or reasonable investigative targets. Focusing on these details are important because they distinguish what is really problematic about this (and who is to blame). According to reports, the subpoena:

  • Obtained information from a minor, who would have had no access to classified information
  • Included a series of year-long gags
  • Obtained all the toll records from date of creation
  • May have focused exclusively on Democratic members and staffers

It’s conceivable that, after years of investigation, DOJ would have reason to believe someone was laundering leaks through a child. But given how broad this subpoena is, it’s virtually impossible the affidavit included that kind of specific knowledge.

With journalists, DOJ is supposed to use shorter gags–three months. The series of year-long gags suggests that DOJ was trying to hide the existence of these subpoenas not just to hide an investigation, but to delay the political embarrassment of it.

There’s no reason to believe that Adam Schiff leaked a FISA application targeting Carter Page first obtained in 2016 in 2009 (or whenever the Californian lawmaker first set up his Apple account). It’s a physical impossibility. So it is completely unreasonable to imagine that years-old toll records would be “relevant to” a leak investigation predicated off a leak in 2017. Mind you, obtaining all records since the inception of the account is totally normal! It’s what DOJ did, for example, with Antionne Brodnax, a January 6 defendant who got notice of subpoenas served on him, but whose attempt to limit the subpoena failed because those whose records are subpoenaed have no authority to do that. There are two appropriate responses to the unreasonable breadth of this request: both a focus on the failure to use special caution with Congressional targets, but also some discussion about how such broad requests are unreasonable regardless of the target.

Given the number of these selectors, it seems unlikely DOJ did more than ID the people who had access to the leaked information in question. Except if they only obtained selectors for Democrats, it would suggest investigators went into the investigation with the assumption that the leak was political, and that such a political leak would necessarily be partisan. That’s simply not backed by exhibited reality, and if that’s what happened, it should force some scrutiny on who made those assumptions. That’s all the more true given hints that Republicans like Paul Ryan may have tipped Page off that he had been targeted.

These kinds of limiting factors are where the most good can come out of this shit-show, because they would have a real impact and if applied broadly would help not just Schiff.

Barr continued to appoint unqualified prosecutors to do his political dirty work

I think it would be useful to separate the initial records request — after all, the leak of a FISA intercept and the target of a FISA order are virtually unprecedented — from the continued use of the records in 2020, under Billy Barr.

The NYT explains that the initial investigators believed that charges were unlikely, but Barr redoubled efforts in 2020.

As the years wore on, some officials argued in meetings that charges were becoming less realistic, former Justice Department officials said: They lacked strong evidence, and a jury might not care about information reported years earlier.

[snip]

Mr. Barr directed prosecutors to continue investigating, contending that the Justice Department’s National Security Division had allowed the cases to languish, according to three people briefed on the cases. Some cases had nothing to do with leaks about Mr. Trump and involved sensitive national security information, one of the people said. But Mr. Barr’s overall view of leaks led some people in the department to eventually see the inquiries as politically motivated.

[snip]

After the records provided no proof of leaks, prosecutors in the U.S. attorney’s office in Washington discussed ending that piece of their investigation. But Mr. Barr’s decision to bring in an outside prosecutor helped keep the case alive.

[snip]

In February 2020, Mr. Barr placed the prosecutor from New Jersey, Osmar Benvenuto, into the National Security Division. His background was in gang and health care fraud prosecutions.

Barr used this ploy — finding AUSAs who were unqualified to work on a case that others had found no merit to — on at least three different occasions. Every document John Durham’s team submitted in conjunction with the Kevin Clinesmith prosecution, for example, betrayed that investigators running it didn’t understand the scope of the Crossfire Hurricane investigation (and thereby also strongly suggested investigators had no business scrutinizing a counterintelligence investigation at all). The questions that Jeffrey Jensen’s team, appointed by Barr to review the DOJ IG investigation and the John Durham investigation to find conclusions they didn’t draw, asked Bill Barnett betrayed that the gun crimes prosecutors running it didn’t know fuckall about what they were doing (why Barnett answered as he did is another thing, one that DOJ IG should investigate). And now here, he appointed a health care fraud prosecutor to conduct a leak investigation after unbelievably aggressive leak investigators found nothing.

DOJ IG should include all of those investigations in its investigation, because they all reflect Barr’s efforts to force prosecutors to come to conclusions that the evidence did not merit (and because the Jensen investigation, at least, appears to have altered records intentionally).

FBI never deletes evidence

In an attempt to disclaim responsibility for yet more political abuse, Billy Barr issued a very interestingly worded disavowal.

Barr said that while he was attorney general, he was “not aware of any congressman’s records being sought in a leak case.” He added that Trump never encouraged him to zero in on the Democratic lawmakers who reportedly became targets of the former president’s push to unmask leakers of classified information.

There are two parts to this: One, that “while he was attorney general,” Congresspersons’ records were not sought, and two, sought in a leak case. The original subpoena for these records was in February 2018, so not during Barr’s tenure as Attorney General. He doesn’t deny asking for those previously-sought records to be reviewed anew while Attorney General.

But he also limits his disavowal to leak cases. Under Barr’s fervent imagination, however, these investigations may well have morphed into something else, what he may have imagined were political abuse or spying violation cases. DOJ can and often does obtain new legal process for already obtained records (which would be unnecessary anyway for toll records), so it is not outside the realm of possibility that Barr directed his unqualified prosecutor to use those already-seized records to snoop into some other question.

It’s a pity for Adam Schiff that no one in charge of surveillance in Congress imposed better trackability requirements on FBI’s access of its investigative collections.

Both an IG investigation and a Special Counsel are inadequate to this investigation

Lisa Monaco asked Michael Horowitz to investigate this investigation. And that’s fine: he can access the records of the investigation, and the affidavits. He can interview the line prosecutors who were tasked with this investigation.

But he can’t require Barr or Jeff Sessions or any of the other Trump appointees who ordered up this investigation to sit for an interview (he could move quickly and ask John Demers to sit for an interview).

Because of that, a lot of people are asking for a Special Counsel to be appointed. That would be nice, except thus far, there’s no evidence that a crime was committed, so there is no regulatory basis to appoint a Special Counsel. The standard for accessing records is very low, any special treatment accorded journalists or members of Congress are not written into law, and prosecutorial discretion at DOJ is nearly sacrosanct. The scandal is that this may all be entirely legal.

Mind you, there’s good reason to believe there was a crime committed in the Jeffrey Jensen investigation, the same crime (altering documents) that Barr used to predicate the Durham Special Counsel appointment. So maybe people should revisit that?

Luckily, Swalwell and Schiff know some members of Congress who can limit such abuses

If I learned that DOJ engaged in unreasonable surveillance on me [wink], I’d have no recourse, largely because of laws that Adam Schiff has championed for years.

But as it happens, Schiff and Swalwell both know some members of Congress who could pass some laws limiting the ability to do some of the things used against them that affect thousands of Americans investigated by the FBI.

Now that Adam Schiff has discovered, years after we tried to reason with him on this point, that “it’s just metadata” doesn’t fly in this day and age, maybe we can talk about how the FBI should be using metadata given how powerful it has become?

The renewed focus on Schiff’s metadata would have come after Schiff disclosed Nunes’ ties to Rudy Giuliani’s grift

Another factor of timing hasn’t gotten enough attention. In late December, Schiff released the Democrats’ impeachment report. Because Schiff obtained subpoenas (almost certainly targeting Lev Parnas and Rudy Giuliani), he included call records of calls implicating Devin Nunes and his staffer Derek

Over the course of the four days following the April 7 article, phone records show contacts between Mr. Giuliani, Mr. Parnas, Representative Devin Nunes, and Mr. Solomon. Specifically, Mr. Giuliani and Mr. Parnas were in contact with one another, as well as with Mr. Solomon.76 Phone records also show contacts on April 10 between Mr. Giuliani and Rep. Nunes, consisting of three short calls in rapid succession, followed by a text message, and ending with a nearly three minute call.77 Later that same day, Mr. Parnas and Mr. Solomon had a four minute, 39 second call.78

[snip]

On the morning of May 8, Mr. Giuliani called the White House Switchboard and connected for six minutes and 26 seconds with someone at the White House.158 That same day, Mr. Giuliani also connected with Mr. Solomon for almost six minutes, with Mr. Parnas, and with Derek Harvey, a member of Representative Nunes’ staff on the Intelligence Committee.159

69 AT&T Document Production, Bates ATTHPSCI _20190930_00848-ATTHPSCI_20190930_00884. Mr. Parnas also had an aborted call that lasted 5 seconds on April 5, 2019 with an aide to Rep. Devin Nunes on the Intelligence Committee, Derek Harvey. AT&T Document Production, Bates ATTHPSCI_20190930_00876. Call records obtained by the Committees show that Mr. Parnas and Mr. Harvey had connected previously, including a four minute 42 second call on February 1, 2019, a one minute 7 second call on February 4, and a one minute 37 second call on February 7, 2019. AT&T Document Production, Bates ATTHPSCI_20190930_00617, ATTHPSCI_20190930_00630, ATTHPSCI_20190930_00641. As explained later in this Chapter, Rep. Nunes would connect separately by phone on April 10, 11, and 12 with Mr. Parnas and Mr. Giuliani. AT&T Document Production, Bates ATTHPSCI_20190930_00913- ATTHPSCI_20190930_00914; ATTHPSCI_20190930-02125.

76 Specifically, between April 8 and April 11, phone records show the following phone contacts:

  • six calls between Mr. Giuliani and Mr. Parnas (longest duration approximately five minutes), AT&T Document Production, Bates ATTHPSCI_20190930-02115-ATTHPSCI_20190930-02131;
  • four calls between Mr. Giuliani and Mr. Solomon (all on April 8, longest duration approximately one minute, 30 seconds) AT&T Document Production, Bates ATTHPSCI_20190930-02114- ATTHPSCI_20190930-02115;
  • nine calls between Mr. Parnas and Mr. Solomon (longest duration four minutes, 39 seconds) AT&T Document Production, Bates ATTHPSCI_20190930-00885- ATTHPSCI_20190930- 00906; and
  • three calls between Mr. Parnas and Ms. Toensing (longest duration approximately six minutes), AT&T Document Production, Bates ATTHPSCI_20190930-00885- ATTHPSCI_20190930- 00905.

77 AT&T Document Production, Bates ATTHPSCI_20190930-02125, ATTHPSCI_20190930-03236.

78 AT&T Document Production, Bates ATTHPSCI_20190930-00902.

[snip]

158 AT&T Document Production, Bates ATTHPSCI_20190930_02313.

159 AT&T Document Production, Bates ATTHPSCI_20190930_02314; ATTHPSCI_20190930_02316; ATTHPSCI_20190930_02318; ATTHPSCI 20190930 01000.

Because Nunes doesn’t understand how phone records work, he — and most other Republicans in Congress — accused Schiff of subpoenaing the record of his colleagues. That’s not what happened. Instead, Nunes and a key staffer got involved in with Rudy’s efforts to solicit dirt from Russian assets and as a result they showed up in Rudy’s phone records.

But it’s the kind of thing that might lead Barr to intensify his focus on Schiff.

The last section of this was an update.

Welcome to Lisa Monaco’s DOJ, E Jean Carroll Lawsuit Edition

During Lisa Monaco’s confirmation hearing, several people joked about how few questions she was getting. Because Vanita Gupta had been targeted by Republicans, Monaco was left for broad swaths of the hearing, a spectator to that effort.

There were some good exchanges. In addition to complaining about DOJ’s refusal to respond to questions from Democratic members of Congress, Sheldon Whitehouse asked about OLC, to which Monaco provided an anodyne answer that was enough for Whitehouse, who was going to vote for Monaco one way or another. Josh Hawley asked some legitimately good questions, including about end-to-end encryption. To those questions, Monaco hewed a middle ground and an adherence to the laws on the books. John Cornyn asked the same question Republicans harped on with Merrick Garland, whether she would let John Durham finish his work, to which she responded that her job is to make sure he has the resources to do so, which (while more nuanced that it sounded) shut down that line of questioning.

It was a testament to how shallowly Republican staffers interpreted Lisa Monaco’s long career that Chuck Grassley asked Monaco whether she had involvement in Crossfire Hurricane — the answer was obviously no, given her White House role at the time. But Grassley didn’t ask whether her position at the nexus of Mike Flynn’s efforts to obtain information from the Obama White House in advance of making calls with Sergey Kislyak that Flynn lied to hide would affect her view of the Russian investigation. Perhaps only Susan Rice was more personally betrayed by Mike Flynn’s outreach to Russia, and yet Republicans seemed to not even realize that Flynn and KT McFarland sent Tom Bossert to query Monaco in advance of Flynn’s covert call with Russia, making her the Obama person most directly victimized by Flynn’s underhandedness.

That blithe ignorance of how Monaco’s personal history might affect her tenure extended beyond the Senate Judiciary Committee. For example, while every Assange supporter has targeted Biden and Garland for their pleas to drop the Assange prosecution, none have thought about the fact that Monaco was in charge of the response to the 2016 Russian interference campaign that led even WikiLeaks sympathizers in the Obama Administration to completely reconsider Assange’s game and his longterm relationship with Russia (then again, Assange supporters, almost to a one, have convinced themselves to believe bullshit propaganda about that decision being made under Trump).

Most people have failed to ask these questions about Monaco’s career experiences, even though as Deputy Attorney General, Monaco runs DOJ on a day-to-day basis and makes a lot of these decisions and serves as a key advisor to Garland where she doesn’t.

As a result of the very surface approach to Monaco’s career, there were a whole slew of questions in her confirmation hearing that should have been asked (and should be asked before Monaco’s close associate Matt Olsen is confirmed as National Security Division head), but were not. When Lisa Monaco was Robert Mueller’s top advisor in 2006, for example, what role did she play legalizing the phone dragnet aspiring to collect the phone records of all Americans under FISA’s Section 215? Given her past failures to fulfill promises of transparency, specifically as it relates to FISA, what can she do to ensure she will deliver on such transparency as Deputy Attorney General? What was her role in the execution of Anwar al-Awlaki, and what does that say about her willingness to support unfettered executive authority? With the value of hindsight, does Monaco believe that she was suckered into continuing John Brennan’s permissive approach to drone strikes as White House Homeland Security Advisor, and if so what would she do to give herself the leverage to actually change bad policies baked in by her predecessors?

Don’t get me wrong: Monaco has almost unparalleled qualifications to be Deputy Attorney General, she brings a lot of great qualities to the job, and I’m sure she’s a lovely person. But there was almost no consideration about what affect her long tenure at DOJ and in National Security roles would have on her view towards Presidential authority and DOJ institutional precedent before she was confirmed.

Indeed, in perhaps the question that got closest to asking how she would treat initiatives from career DOJ officials already in place, Monaco explained to Amy Klobuchar that she viewed her job as to empower the people at DOJ she believed operated from an inherently unpartisan stance.

Klobuchar: After the last four years where civil servants withstood political interference, what do you see your role is as restoring the trust in the Department of Justice?

Monaco: Well Senator, as I said in my opening remarks, I think that the career men and women of the Justice Department are its backbone. They’re the people that enforce the law independently, faithfully, fairly, impartially, without any consideration of improper motive. I think they simply want to do their job. They want to do their job with the resources and the tools to keep the American people safe, to prosecute violent crime, to administer justice with compassion, and with humility, as Judge Garland talked about before this committee. And they want to see equal justice under law, and they want to do the work that this Committee has done on a bipartisan basis to administer criminal justice reform. And so I think my role is to ensure that they’ve got the tools and resources to do their job and to protect them from improper influence, any partisan motive, because I think they just want to do their job.

This is the belief system that leads Monaco to respond to a question about career DOJ prosecutor John Durham’s clearly politicized investigation by saying that her job is to make sure he has the resources he wants to continue that investigation.

In her role at DOJ, Monaco has overseen some key wins: with the announcement yesterday that FBI had seized much of the ransomware payment that Colonial pipelines had paid Dark Side hackers, with her quiet presence on the public line listening as Paul Hodgkins made the first pure guilty plea of the January 6 investigation, with the decision — on her first full day in office — to let SDNY resume its investigation into Rudy Giuliani’s foreign influence peddling.

But also under her leadership, DOJ has delayed notice to NYT about an effort to get their Internet records in a clearly politicized investigation. DOJ has moved to hide the contents of a Bill Barr memo that clearly abused his authority and the role of OLC (and with that decision, protected career employees who were making similarly dubious claims when Monaco ran the National Security Division). DOJ has defended a lot of legal stances that were obviously political on their face, most recently and egregiously by sustaining DOJ support to give Trump immunity from suit in his attack on alleged rape survivor, E. Jean Carroll. That is, as she did before with Cheney’s Stellar Wind and Brennan’s drone program, Monaco seems to have chosen not to make a clean break from the horrible policies of her predecessors, choosing instead to ensure the continuity of the institution.

Again, Lisa Monaco oozes intelligence and competence; she’s undeniably qualified to be where she’s at. But she also got where she’s at by cleaning up the messes left by Stellar Wind, the torture program, and John Brennan’s drone program by improving those shitty policies without demanding any accountability for the abuse of DOJ and presidential authority they entailed. Plus, as a career DOJ official, she’s going to defend professionals who did stupid things on the orders of a deeply politicized boss.

Particularly in the wake of the decision to defend Trump against Carroll’s suit, people are wondering how Merrick Garland could make such a horrible decision. My suspicion is they would be better asking what Lisa Monaco’s role was in the decision.

Snowden

Insurance File: Glenn Greenwald’s Anger Is of More Use to Vladimir Putin than Edward Snowden’s Freedom

Glenn Greenwald risks making his own anger more valuable to Vladimir Putin than Edward Snowden’s freedom.

When WikiLeaks helped Snowden flee Hong Kong eight years ago, both WikiLeaks and Snowden had the explicit goal of using Snowden’s successful flight from prosecution to entice more leakers.

In his book, Snowden described that Sarah Harrison and Julian Assange’s goal in helping him flee Hong Kong was to provide a counterexample to the draconian sentence of Chelsea Manning.

People have long ascribed selfish motives to Assange’s desire to give me aid, but I believe he was genuinely invested in one thing above all—helping me evade capture. That doing so involved tweaking the US government was just a bonus for him, an ancillary benefit, not the goal. It’s true that Assange can be self-interested and vain, moody, and even bullying—after a sharp disagreement just a month after our first, text-based conversation, I never communicated with him again—but he also sincerely conceives of himself as a fighter in a historic battle for the public’s right to know, a battle he will do anything to win. It’s for this reason that I regard it as too reductive to interpret his assistance as merely an instance of scheming or self-promotion. More important to him, I believe, was the opportunity to establish a counterexample to the case of the organization’s most famous source, US Army Private Chelsea Manning, whose thirty-five-year prison sentence was historically unprecedented and a monstrous deterrent to whistleblowers everywhere. Though I never was, and never would be, a source for Assange, my situation gave him a chance to right a wrong. There was nothing he could have done to save Manning, but he seemed, through Sarah, determined to do everything he could to save me. That said, I was initially wary of Sarah’s involvement. But Laura told me that she was serious, competent, and, most important, independent: one of the few at WikiLeaks who dared to openly disagree with Assange. Despite my caution, I was in a difficult position, and as Hemingway once wrote, the way to make people trustworthy is to trust them.

[snip]

It was only once we’d entered Chinese airspace that I realized I wouldn’t be able to get any rest until I asked Sarah this question explicitly: “Why are you helping me?”

She flattened out her voice, as if trying to tamp down her passions, and told me that she wanted me to have a better outcome. She never said better than what outcome or whose, and I could only take that answer as a sign of her discretion and respect.

It’s not just Snowden’s impression, though, that WikiLeaks intended to make an example of him. The superseding indictment against Assange cites several times when Assange invoked WikiLeaks’ role in Snowden’s successful escape to encourage others (including CIA Systems Administrators like Joshua Schulte, who had a ticket to Mexico when the FBI first interviewed him and seized his passports) to go do what Snowden did. British Judge Vanessa Baraitser even included one of those speeches in paragraphs distinguishing what Assange is accused of from legal journalism. And as early as 2017, public reporting said that WikiLeaks’ assistance to Snowden was what changed how DOJ understood WikiLeaks and why it began to consider prosecuting Assange. It wasn’t Trump that led DOJ to stop treating Assange as a journalist, it was Snowden.

According to Snowden’s own words, he shared WikiLeaks’ goal of setting an example to inspire others. In an email that Snowden must have sent Bart Gellman weeks before the exchange between him and Harrison above, Snowden described steps he took to give other leakers (this may be Gellman’s paraphrase), “hope for a happy ending.”

In the Saturday night email, Snowden spelled it out. He had chosen to risk his freedom, he wrote, but he was not resigned to life in prison or worse. He preferred to set an example for “an entire class of potential whistleblowers” who might follow his lead. Ordinary citizens would not take impossible risks. They had to have some hope for a happy ending.

To effect this, I intend to apply for asylum (preferably somewhere with strong internet and press freedoms, e.g. Iceland, though the strength of the reaction will determine how choosy I can be). Given how tightly the U.S. surveils diplomatic outposts (I should know, I used to work in our U.N. spying shop), I cannot risk this until you have already gone to press, as it would immediately tip our hand. It would also be futile without proof of my claims—they’d have me committed—and I have no desire to provide raw source material to a foreign government. Post publication, the source document and cryptographic signature will allow me to immediately substantiate both the truth of my claim and the danger I am in without having to give anything up. . . . Give me the bottom line: when do you expect to go to print?

Citizenfour also quotes Snowden describing how he hoped that proof that his “methods work[]” would encourage others to leak.

If all ends well, perhaps the demonstration that our methods worked will embolden more to come forward.

Snowden’s “methods” don’t work — they certainly haven’t for Daniel Hale, Reality Winner, or Joshua Schulte. But for each, Snowden played at least some role (there is ambiguity about how Schulte really felt about Snowden) in inspiring them to ruin their lives with magical thinking and inadequate operational security.

One of Snowden’s “methods” appears to entail quitting an existing job and then picking another at an Intelligence Community contractor with the intent of obtaining documents to leak. Snowden did this at Booz Allen Hamilton, and his book at least suggests the possibility he did that with his earlier job in Hawaii.

The government justified the draconian sentence that it had negotiated with Winner’s lawyers, in part, by claiming that she premeditated her leak.

Around the same time the defendant took a job with Pluribus requiring a security clearance in February 2017, she was expressing contempt for the United States, mocking compromises of our national security, and making preparations to leak intelligence information

Along with evidence Winner researched The Intercept’s SecureDrop before starting at her new job, the government supported this claim by pointing to three references Winner made to Snowden as or shortly after she started at Pluribus, including texts in which Winner told her sister she was on Assange and Snowden’s side the day the Vault 7 leak was revealed. That was still two months before she took the files she would send to The Intercept.

Had Hale gone to trial, the government would have shown that Hale discussed serving as a source for Jeremy Scahill by May 30, 2013, the day before he left NSA, and discussed Snowden — and hanging out with the journalists reporting on him — the day Snowden came forward on June 9. Then, on July 25, Hale sent Scahill a resume showing he was looking for counterterrorism or counterintelligence jobs. In December, Hale started the the job at Leidos where he would print out the files he sent to The Intercept.

You can think these leaks were valuable and ethical without thinking it a good idea to leave a months-long trail of evidence showing premeditation on unencrypted texts and social media.

Similarly, one of Snowden’s “methods” was to claim he had expressed concerns internally, but was ignored, a wannabe whistleblower stymied by America’s admittedly failed support for whistleblowers, especially those at contractors.

In the weeks before Snowden left NSA, he made a stink about some legal issues and NSA’s training programs (about how FISA Section 702 interacted with EO 12333) that he subsequently pointed to as his basis for claiming to be a whistleblower. The complaint was legit, and one NSA department actually did take notice, but it was not a formal complaint; indeed, it was more a complaint about US law. But his complaint had nothing to do with the vast majority of the documents that have been published based off his files, to say nothing of the far greater set of documents he took. And he made the complaint long after having prepared for months to steal vast amounts of files.

Similarly, Joshua Schulte wrote two emails documenting purported concerns about CIA security, one to a colleague less than a month before he left, which he didn’t send, and then, on his final day, one to CIA’s Inspector General that he falsely claimed was unclassified, a copy of which he was seen taking with him when he packed up. In the first search warrant for Schulte’s house obtained on March 13, 2017, less than a week after the initial Vault 7 release, the FBI had already found those emails and deemed Schulte’s treatment of them as suspect. And when they found a copy of the classified letter to the IG stashed in his headboard, it gave them cause to seize Schulte’s passports on threat of arrest. Snowden’s “methods” didn’t deliver Schulte a “happy ending;” they made Schulte’s apprehension easier.

To the extent Schulte could be shown to be following Snowden’s “methods” (again, that question was not resolved at his first trial) it would be a fairly damning indictment of those methods, since this effort to create a paper trail as a whistleblower was such an obvious attempt to retroactively invent cover for leaks for which there was abundant evidence Schulte’s motivation was spite and revenge. Maybe that’s why someone close to Assange explicitly asked me to stop covering Schulte’s case.

Had Daniel Hale gone to trial, the government undoubtedly would have used the exhibits showing that Hale had never made any whistleblower claims in any of the series of government jobs where he had clearance as a way to push back on his claim of being a whistleblower, though Hale was outspoken about his criticisms of the drone program before he took most of the files he shared with The Intercept. Indeed, given the success of Hale’s earlier anti-drone activism, his case raises real questions about whether leaking was more effective than Hale’s frank, overt witness to the problems of the drone program.

Worse still, Snowden’s boasts about his “methods” appear to have made prosecutions more likely. An early, mostly-sealed filing in Hale’s case, reveals that the government set out to investigate whether Hale was The Intercept’s source because they were trying to figure out whom Snowden had “inspired” to leak.

Specifically, the FBI repeatedly characterized its investigation in this case as an attempt to identify leakers who had been “inspired” by a specific individual – one whose activity was designed to criticize the government by shedding light on perceived illegalities on the part of the Intelligence Community.

That explains why the government required Hale to allocute to being the author of an essay in a collection of Hale’s leaked documents involving Snowden: by doing so, they obtained sworn proof that Hale is the person Snowden and Glenn Greenwald were discussing, while the two were sitting in Moscow, in the closing sequence of Citizenfour. In the scene, Glenn flamboyantly wrote for Snowden how this new leaker and The Intercept’s journalist were communicating, what appears to be J-A-B-B-E-R. That stunt for the camera would have tipped the government off, in cinema release just two months after they had raided Hale’s home, to look for and reconstruct Hale’s Jabber communications with Jeremy Scahill, which they partly succeeded in doing.

Rather than being means to a “happy ending,” then, prosecutors have found Snowden’s “methods” useful to pursuing increasingly draconian prosecutions of people inspired by him.

And now, after Snowden and Greenwald failed to persuade Trump to pardon Snowden, Assange — and in a secondary effort — The Intercept’s sources (perhaps, like Assange, they find the association with Schulte counterproductive, because they didn’t even try to get him pardoned, even though Trump himself almost bolloxed that prosecution), Snowden is left demanding pardons on Twitter for the people he set out to convince leaking could have a “happy ending.”

By associating these leaks with someone being protected by Russia so that — in Snowden’s own words — he could encourage more leaks, Snowden only puts a target on these people’s back, making a justifiable commutation of Winner’s sentence less likely (Winner is due to get out on November 23, two days before the most likely time for Joe Biden to even consider commuting her sentence).

I’m grateful for Snowden’s sacrifices to release the NSA files, but his efforts to lead others to believe that leaking would be easy was bound to, and has, ended badly.

If Vladimir Putin agreed to protect Snowden in hopes that he would inspire more leakers to release files that help Russia evade US spying (as Schulte’s leak did, at a time when the US was trying to understand the full scope of what Russia had done in 2016), the US prosecutorial focus on Snowden-related leakers undermines his value to Putin, probably by design. As that happens, Snowden might reach the moment that observers of his case have long been dreading, the moment when Putin’s utilitarian protection of Snowden will give way to some other equally utilitarian goal.

This is all happening as Putin adjusts to dealing with Joe Biden rather than someone he could manipulate by (at the very least) feeding his narcissism, Donald Trump. It is happening in the wake of new sanctions on Russia, in response to which Putin put US Ambassador John Sullivan on a plane to deliver some message, in person, to Biden. It is happening as Biden’s response to the Colonial Pipeline attack, in which ransomware criminals harbored by Putin shut down US critical infrastructure for fun and profit, includes noting that he and Putin will meet in person soon, followed by the unexplained disabling of the perpetrators in the wake of the attack.

Meanwhile, even as Snowden is of less and less use to Putin, Glenn Greenwald’s utility continues to grow. Snowden, for example, continues to speak out about topics inconvenient to Putin, like privacy. The presence in Russia of someone like Snowden with his own platform and international credibility may become increasingly risky for Putin given the success of protests around Alexei Navalny.

Greenwald, by contrast, seems to have dropped all interest in surveillance and has instead turned many of his grievances — even his complaint that former NSA lawyer Susan Hennessey will get a job in DOJ’s National Security Division, against whom one can make a strong case on privacy grounds — into a defense of Russia. Greenwald spends most of his time arguing that a caricature that he labels “liberals” and another caricature that he labels “the [American] Deep State,” followed closely by another caricature he calls “the  [non-right wing propaganda] Media,” are the most malignant forces in American life. In his rush to attack “liberals,” “the Deep State,” and “the Media,” Greenwald has coddled the political forces that Putin has found useful, including outright racists and other right wing extremists. By the end of the Trump presidency, Greenwald was excusing virtually everything Trump did, up to and including his attempted coup based on the utter denigration of democratic processes. In short, Greenwald has become a loud and important voice in support of the illiberalism Putin favors, to say nothing of Greenwald’s use of a rhetoric unbound by facts.

That Greenwald spends most of his days deliberately inciting Twitter mobs is just an added benefit, to those who want to weaken America, to Greenwald’s defense of fascists.

Most of us who used to know Greenwald attribute his Russian denialism and his apologies for Trump at least partly to his desire to free Snowden from exile. Yet Greenwald’s tantrums, because of their value to Putin, may have the opposite effect.

Stoking Greenwald’s irrational furor over what he calls “liberals” and “the Deep State” and “the Media” would actually be a huge incentive for Putin to deal Snowden to the US, in maximally symbolic fashion. There is nothing that could light up Greenwald’s fury like Putin bringing Snowden to a summit with Biden, wrapped up like a present, to send back on Air Force One. (That’s an exaggerated scenario, but you get my point.)

Plus, if Putin played it right, such a ceremonial delivery of Snowden might just achieve the completion of the Snowden operation, the public release of all of the files Snowden stole, not just those that one or another journalist found to have news value.

The Intelligence Community has, over the years, said a bunch of things about Snowden that were outright bullshit or, at least, for which they did not yet have evidence. But one true thing they’ve said is that Snowden took a great many files that had no imaginable privacy value. Even from a brief period working in the full archive aiming to answer three very discrete questions about FISA, I believe that to be true. While some (including Assange) pressured Snowden and others to release all these files, Snowden instead ensured that journalists would serve a vetting role, and after some initial fumbling, The Intercept did a laudable job of keeping those files safe. So up to now, the fact that Snowden took far more files than any privacy concern — even privacy concerns divorced from all question of nationality — could justify may not have mattered.

But as far as I know there are still full copies out there and Russia would love to spin up Glenn Greenwald’s fury so much he would attempt to burn down his caricature of “The Deep State” in retaliation — much like Schulte succeeded in badly damaging the CIA — by releasing his set.

I believe Russia has been trying to do this since at least 2016.

To be very clear, I’m not claiming that Greenwald is taking money from or is any way controlled by Russia. I am very much not claiming that, in part because it wouldn’t be necessary. Why pay Greenwald for what you can get him to do for free?

And while I assume Greenwald would respect Snowden’s stated wishes and protect the files, like Trump, Greenwald’s narcissism and resentment are very, very easy buttons to push. Greenwald has been heading in this direction without pushing. It would be child’s play to have people friendly to Russia’s illiberal goals (people like Steve Bannon or Tucker Carlson) exacerbate Greenwald’s anger at “the Deep State” to turn it into the frenzy it has become.

Meanwhile, custody of Edward Snowden would be a very enticing dangle for Putin to offer Biden as a way to reset Russia’s relationship with the US. One cannot negotiate with Putin, one can only adjust the points of leverage over each other and hope to come to some stable place, and Snowden has always been at risk of becoming a bargaining chip in such a relationship. By turning Snowden over to the US to be martyred in a high profile trial, Putin might wring the last bit of value out of Snowden. All the better, from Putin’s standpoint, if Greenwald were to respond by releasing the full Snowden set.

For the past four years, Greenwald seems to have believed that if he sucked up to Putin and Trump, he’d win Snowden’s freedom, as if either man would ever deal in good faith. Instead, I think, that process has had the effect of making Greenwald more useful to Russia than Snowden is anymore. And at this point, Greenwald seems to have lost sight of the likelihood that his belligerent rants may well make Snowden less safe, not more.

Update: According to the government sentencing memo for Hale, they didn’t write up the statement of offense, Hale did.

Hale pled guilty without any plea agreement, and submitted his own Statement of Facts. Def.’s Statement of Facts, Dkt. 197 (“SOF”).

The George Nader Problem: NSA Removes the Child Exploitation Content from Its Servers

When Lebanese-American dual citizen George Nader was stopped at Dulles after arriving on a flight from Dubai on January 17, 2018, he had at least 12 videos on his phone depicting boys as young as two years old being sexually abused, often with the involvement of farm animals. In the days before a Mueller prosecutor obtained the contents of the three phones Nader had with him, Nader sat for at least four interviews with Mueller’s prosecutors and told a story (which may not have been entirely forthright) about how he brokered a meeting in the Seychelles between Russia and Erik Prince a year earlier. Nader exploited Prince’s interest in work with Nader’s own employer — Mohammed bin Zayed — to set up the back channel meeting, and as such was a very effective broker in the service of two foreign countries, one hostile to the US. As such, I assume, Nader became a key counterintelligence interest, on top of whatever evidence he provided implicating Trump and his flunkies.

Mueller’s team got the returns on Nader’s phones back on March 16. An FBI Agent in EDVA in turn got a warrant for the child porn. But two days after the agent got the warrant return, Nader skipped town and remained out of the country until days after Mueller shut down his investigation, at which point he returned to the US and was promptly arrested for his abuse of children. Even without the other influence peddling that Nader had done on behalf of the Emirates, he would have remained a key counterintelligence interest for the entire 14 months he remained outside the country. After all, Nader had been making key connections since at least the time he introduced Ahmed Chalabi to Dick Cheney, and probably going back to the Clinton Administration.

So it is quite possible that for the entire period Nader was out of the country, he was surveilled. If that happened, it almost certainly would have happened with the assistance of NSA. As an agent of Dubai, he would be targetable under FISA, but as a US citizen, targeting him under FISA would require an individualized FISA warrant, and the surveillance overseas would take place under 705b.

If the surveillance did happen, Nader’s sexual abuse of boys would have had foreign intelligence value. It would be of interest, for example, to know who knew of his abuse and whether they used it as leverage over Nader. The source of the videos showing the children being exploited would be of interest. So, too, would any arrangements Nader made to procure the actual boys he abused, particularly if that involved high powered people in Middle Eastern countries.

Understanding how George Nader fit in international efforts to intervene in US affairs would involve understanding his sexual abuse of boys.

And that poses a problem for the NSA, because it means that really horrible content — such as Nader’s videos showing young boys being abused with goats for the object of an adult’s sexual pleasure — is among the things the NSA might need to collect and analyze.

I’ve been thinking about George Nader as I’ve been trying to understand one detail of the recent FISA 702 reauthorization. In January 2020, the NSA got permission to — in the name of lawful oversight — scan its holdings for child exploitation, stuff like videos of adults using goats to sexually abuse very young boys.

In a notice filed on January 22, 2020, the government informed the Court that NSA had developed a method, [redacted] of known or suspected child-exploitation material (including child pornography), to identify and remove such material from NSA systems. To test this methodology, NSA ran the [redacted] against a same of FISA-acquired information in NSA systems. The government concedes that queries conducted for such purposes do not meet generally applicable querying standard; nor do they fall within one of the lawful oversight functions enumerated in the existing NSA querying procedures. Nevertheless, NSD/ODNI opined that “the identification and removal of child exploitation material … from NSA systems that is a lawful oversight function under section IV.C.6,” and that the deviation from the querying procedures was “necessary to perform this lawful oversight function of NSA systems.” Notice of Deviation from Querying Procedures, January 22, 2020, at 3; see Oct. 19, 2020, Memorandum at 10.

NSA anticipates using such queries going forward, likely on a recurring basis, to proactively identify and remove child-exploitation material from its systems. The government submits that doing so is necessary to “prevent [NSA] personnel from unneeded exposure to highly disturbing, illegal material.” October 19, 2020, Memorandum at 10. The Court credits this suggestion and likewise finds that performance of these queries qualifies as a lawful oversight function for NSA systems. But the Court encouraged the government to memorialize this oversight activity in § IV.C.6, among the other enumerated lawful oversight functions that are recognized exceptions to the generally acceptable querying standards.

The government has done so. Section IV.C.6 now includes a new provision for “identify[ing] and remov[ing] child exploitation material, including child pornography, from NSA systems.” NSA Querying Procedures § IV.C.6.f. The Court finds that the addition of this narrow exception has no material impact on the sufficiency of the querying procedures taken as a whole.

At first, I thought they were doing this to protect the children. Indeed, my initial concern was that NSA was using these scans to expand the use of NSA queries for what wound up being law enforcement action, such that they could ask to do similar scans for the seven other crimes they’ve authorized sharing FISA data on (though of the other crimes, only snuff videos would be as easy to automate as child porn, which has a well-developed technology thanks to Facebook and Google). I thought that, once they scanned their holdings, they would alert whatever authority might be able to rescue the children involved that they had been victimized. After all, under all existing minimization procedures, the NSA can share proof of a crime with the FBI or other relevant law enforcement agency. Indeed, in 2017, FISC even authorized NSA and FBI to share such evidence of child exploitation with the National Center for Missing and Exploited Children, so they could attempt to identify the victims, help bring the perpetrators to justice, and track more instances of such abuse.

But that doesn’t appear to be what’s happening.

Indeed, as described, “saving the victims” is not the purpose of these scans. Rather, preventing NSA personnel from having to look at George Nader’s pictures showing goats sexually abusing small boys is the goal. When I asked the government about this, NSA’s Director for Civil Liberties, Privacy and Transparency, Rebecca Richards, distinguished finding child exploitation material in the course of intelligence analysis — in which case it’ll get reported as a crime — from this, which just removes the content.

NSA does not query collected foreign intelligence information to identify individuals who may be in possession of child exploitation material. This particular provision allows NSA to identify and remove known or suspected child-exploitation material (including child pornography) from NSA systems.

The Court agreed that this was appropriate lawful oversight to “prevent [NSA] personnel from unneeded exposure to highly distributing, illegal material.” The point of the query is not to surface the material for foreign intelligence analysis, the function of the query is to remove the material. If NSA finds such information in the course of its analytic process to identify and report on foreign intelligence, it will review and follow necessary crimes reporting.

The Court credits the suggestion to conduct this activity as part of NSA’s lawful oversight function. [my emphasis]

I asked NSA a bunch of other questions about this, but got no further response.

First, isn’t the NSA required to (and permitted to, under the minimization procedures) alert the FBI to all such instances they find? So wouldn’t this be no different from a law enforcement search, since if found it will lead to the FBI finding out about it?

Second, as offensive as this stuff is, isn’t it also of value from a foreign intelligence perspective? Ignoring that George Nader is a US person, if a high profile advisor to MbZ was known to exploit boys, wouldn’t that be of interest in explaining his position in MbZ’s court and his preference for living in Dubai instead of VA? Wouldn’t it be of interest in understanding the counterintelligence threat he posed?

If it is of FI interest (I seem to recall a Snowden revelation where similar discoveries were used against a extremist cleric, for example), then how is it recorded to capture the FI use before it is destroyed? And in recording it, aren’t there NSA and/or FBI personnel who would have to look more closely at it? Wouldn’t that increase the amount of child exploitation viewed (presumably with the benefit of finding more predators, even if they are outside US LE reach)?

Finally, can you tell me whether NCMEC is involved in this? Do they receive copies of the material for their databases?

Are you saying that if the NSA finds evidence of child exploitation via these searches, it does not refer the evidence to FBI, even if it implicates victims in the United States?

Another question I have given Richards’ response is, why would NSA personnel be accessing collections that happen to include child exploitation except for analytic purposes?

But maybe that’s the real answer here: NSA employees would access child exploitation 1) for analytical purposes (in which case, per Richards, it would get reported as a crime) or 2) inappropriately, perhaps after learning of its presence via accessing it for analytic purposes (something that is not inconsistent with claims Edward Snowden has made).

After all, there have been two really high profile examples of national security personnel accused of critical leaks in the last decade who also have been accused of possessing child pornography: Donald Sachtleben, who after he was busted for (amazingly) bringing child porn on his laptop into Quantico, he later became the scapegoat for a high profile leak about Yemen, and Joshua Schulte, on whose computer the government claims to have found child porn on when it searched the computer for evidence that he stole all of CIA’s hacking tools.

So perhaps the NSA is just removing evidence of child exploitation from its servers — which it spent a lot of resources to collect as foreign intelligence — to avoid tempting NSA employees from accessing it and further victimizing the children?

If that’s correct, then it seems that NSA has taken a totally backwards approach to mitigating this risk.

If you’re going to scan all of NSA’s holdings to ID child exploitation, why not do so on intake, and once found, hash and encrypt it immediately. Some of what analysts would be interested in — tracking the dissemination of known child porn or the trafficking of known victims by transnational organized crime, for example — could be done without ever viewing it, solely after those existing hashes. If there were some other need — such as identifying a previously unidentified victim — then the file in question can be decrypted as it is sent along to FBI. That would have the added benefit of ensuring that if NSA personnel were choosing to expose themselves to George Nader’s videos of young boys being abused with farm animals, then the NSA would have a record of who was doing so, so they could be fired.

I get why the NSA doesn’t want to host the world’s biggest collection of child abuse, particularly given its difficulties in securing its systems. I don’t have any answers as to why they’re using this approach to purge their systems.

The Rickety 702 System: Why It Continues to Fail

Back in 2009, I showed how a heavily redacted opinion rejecting what we now know to be a Yahoo challenge to the Protect America Act found that the predecessor to FISA 702 was constitutional because of the minimization procedures implementing certificates implementing the surveillance program. We learned seven years later that Yahoo hadn’t been provided those minimization procedures as part of their challenge, and indeed, DOJ withheld a key document from Reggie Walton, who presided over the challenge, until after he made key decisions in the case. That was also the first year the government finally presented details about the intended use of what had become 702 to FISC, most importantly that FBI was getting raw data they would encourage Agents to query, even at the assessment level. But even two years later, FISC was still just pushing FBI to follow rules imposed requiring them to track their queries of the raw 702 data. Two years later, after being presented with evidence that FBI still hasn’t complied with the law as currently written, outgoing presiding judge James Boasberg nevertheless reauthorized the program.

In general, Boasberg’s opinion reauthorizing 702 from last November describes violations pertaining to FBI access of 702 data for queries that have both a national security and criminal investigative function, FBI’s improper use of batch queries, and real problems with protections for attorney-client communications at NSA that could really blow up in the IC’s face one of these days, all problems FISC has been reviewing for years. The opinion also describes how training and COVID has delayed what will be an inevitable accounting for the fact that one key purpose of 702 when it was started — to select a fraction of all the intelligence NSA examines and put it into FBI coffers to make it available for querying — is a poor fit with the current law.

To understand one reason why this never gets better, I wanted to look at the structure of this and all other reauthorization opinions, because it never fixes some of the problems built in from the start.

The 702 opinions, like traditional FISA approvals, are all driven by the statute, ticking one after another required element off. If everything gets ticked, in order, then hundreds of thousands of people remain targeted for surveillance, along with all the people they communicate with.

Memorandum opinion and order

The opinion starts with introductory mapping. Even at that point, Boasberg describes this reauthorization as a “status-quo” reauthorization, meaning the request certificates from the government have remained largely the same and so don’t present any new issues to reconsider.

I. Government’s Submission

A. 2020 Certifications and Amendments: The opinion starts by laying out what gets included in the package, which basically includes the certificates, along with the targeting (NSA and FBI), querying (NSA, FBI, CIA, and NCTC), and minimization (NSA, FBI, CIA, and NCTC) procedures that implement the certificates.

B. Subject Matter of the Certification: This section describes, in heavily redacted fashion, what the certificates do and the rules and intent for all of them. Last we knew, there were three certifications: one targeting terrorists, one targeting proliferation, and one targeting “foreign governments,” focusing not just on other country’s spying, but also (to the extent it is a separate entity) their hacking. This section also notes, importantly, that these certificates renew prior authorizations; every year, FISC approves the new rules to apply to any new collections but also all the stuff already in the government’s possession. This is important, because analysts will continue to query (governed by one set of procedures) and report out (governed by minimization procedures) communications obtained in year’s past. Thus, every new approval covers all the stuff that came before (which also means the judges largely rely on their earlier decisions).

II. Review of the 2020 Certifications and Prior Certifications

One of the first things FISC does in these opinions is review the changes from past certifications, usually coming to the conclusion that, “we’ve approved these certifications going back 12 years, so we’ll just approve them again.” And some of this, as Boasberg admits in this opinion, is a matter of “check[ing]” procedural boxes — do the applications have the things required of them.

III. Targeting Procedures

Then each set of procedures is approved in isolation. First, the judge reviews whether targeting procedures fulfill the requirement that targeting procedures are “reasonably designed” to ensure that targets are outside the US and the procedures do not intentionally target communications entirely made up of US persons. For years, this has focused on making sure that if NSA or FBI get it wrong and target someone who’s in the US or is a US person, they detask the target quickly.

IV. Minimization and Querying Procedures

Then, the judge reviews whether the minimization procedures limit the dissemination of non-public US person data, allowing for its use for a foreign intelligence purpose and the sharing of evidence of a crime. Most opinions come with some language like this (from last year’s opinion) rationalizing — even though NSA and FBI have always refused to provide the data to test this assumption — that this content will be less impactful than traditional FISA collection.

In applying these statutory requirements, the Court is mindful that Section 702 acquisitions target persons reasonably believed to be non-U.S. persons outside the United States. Although such targets may communicate with or about U.S. persons, Section 702 acquisitions, as a general matter, are less likely to acquire information about U.S. persons that is unrelated to the foreign-intelligence purpose of the acquisition than, for example, electronic surveillance or physical search of a home or workplace within the United States that a target shares with U.S. persons.

Remember, unlike traditional FISA, there’s no individualized review of the foreign intelligence claims of these targets. So yeah, someone in Iran may have less contact with Americans, but the claims about that person require a far lower burden of foreign intelligence interest.

In last year’s opinion, Boasberg noted that the minimization (limits on dissemination) and querying (limits on searching the files) work together and analyzed them together. Nevertheless, with some more box-checking (for example, on whether each agency requires a record of queries made), Boasberg then concludes that since not much has changed, he can approve both the minimization and querying procedures.

Nothing detracts from the Court’s earlier findings [in past years] that these procedures as written are statutorily and constitutionally sufficient.

Remember: the FBI queries are the area where 702 has been particularly controversial of late, but the analysis of their application does not come here, in the section that approves them.

There is a discussion of attorney-client communications in here, particularly with regards to NSA’s use of attorney-client communications. But even after observing that,

The government does little by way of justifying the differing treatment of privileged communications by NSA,

Boasberg nevertheless relies on past approval for this same application to approve last year’s certificates.

[T]he Court has previously approved the dissemination provisions in the NSA procedures highlighted above, which unambiguously contemplate the dissemination of attorney-client privileged communications of the types being discussed here [redacted] subject to certain limitations and requirements.

[snip]

The Court again concludes that NSA’s procedures, as a whole and applied to it, an agency with no law-enforcement mission or authority, are reasonably designed to protect the substantial privacy interests in attorney-client communications, consistent with the need to exploit those communications for legitimate foreign-intelligence purposes.

Boasberg does “admonish[]” NSA to make sure none of this dissemination ends up in an FBI report. But having expressed concerns about how NSA exploits attorney-client communications, he nevertheless approves its use for foreign intelligence purposes.

V. Fourth Amendment Requirements

Then, in totally separate analysis, Boasberg (like judges before him) assesses whether all those procedures he just reviewed “are consistent with the Fourth Amendment.” This review, like all the ones since 2008, has relied on procedures to find that the program as a whole complies with the Fourth Amendment.

It does so by finding that the Targeting Procedures limit the collection to people not protected by the Fourth Amendment, and the interests of those swept up in that collection can be protected with Minimization and Querying Procedures.

For reasons explained above, the Court has found that the proposed targeting procedures, as written, are reasonably designed to limit acquisitions to those targets reasonably believed to be non-Untied States persons located outside the United States. The Fourth Amendment does not protect the privacy interests of such individuals. [citation omitted]

To the extent U.S.-person information is acquired under Section 702 — e.g., when a communication between a U.S. person and a Section 702 target is intercepted — the government can reduce the intrusiveness of the acquisition for Fourth Amendment purposes by restricting use or disclosure of such information.

After language about the import of national security interests, Boasberg then concludes that, “those procedures, as written, are consistent with the requirements of the Fourth Amendment.”

VI. Implementation and Compliance Issues

It’s only after ruling everything meets the legal requirements — all the boxes are checked — that Boasberg (and this opinion is in no way unique on the structure — turns to a list of compliance issues. Yes, this analysis feigns to be part of reviewing “how [the procedures] are implemented.” But Boasberg has already found the procedures, in the abstract, sufficient to comply with the Fourth Amendment.

As part of his analysis, Boasberg offers the following excuses for the FBI:

  • It took time for them to make the changes in their systems
  • It took time to train everyone
  • Once everyone got trained they all got sent home for COVID
  • Given mandatory training, personnel “should be aware” of the requirements, even if actual practice demonstrates they’re not
  • FBI doesn’t do that many field reviews
  • Evidence of violations is not sufficient evidence to find that the program inadequately protects privacy
  • The opt-out system for FISA material — which is very similar to one governing the phone and Internet dragnet at NSA until 2011 that also failed to do its job — failed to do its job
  • The FBI has always provided national security justifications for a series of violations involving their tracking system where an Agent didn’t originally claim one
  • Bulk queries have operated like that since November 2019
  • He’s concerned but will require more reporting

At the end of this section, Boasberg issued a 5-bullet conclusion that the certifications check all the boxes, the 2020 certifications comply with FISA and the Fourth Amendment, the minimization procedures (incorporating therein the querying procedures) mean access to prior collections complies with FISA and the Fourth Amendment, and one querying procedure is approved for the 2020 collection.

By conducting first an abstract analysis and only then an analysis of what that has meant in past practice, and where real concerns remain to require ongoing reporting, Boasberg “gets to yes” (as Brennan’s Liza Goitein aptly wrote). Boasberg repeatedly said he didn’t have evidence to assess whether this really works to meet the requirements, but nevertheless signed the reauthorization.

Reporting requirements

Boasberg doesn’t provide a heading for his reporting requirements. But as part of his order approving the certifications, he lays out all the reports that he and past judges have required to make up for the fact that there’s no evidence these protections work. There are 11 old ones and two new ones.

Two years ago, as part of the most rigorous amicus intervention known to date, the amici recommended that Boasberg consider the querying at the heart of the FBI’s use of 702 as its own Fourth Amendment consideration. Even though Boasberg refused, FBI still threw a fit and appealed his demand that they comply with the law as written. And this opinion, as noted, still lumps the abstract analysis of compliance of minimization procedures and querying in together.

Yet the document itself, by separating the box-checking from the concepts the box-checking is supposed to fulfill, and separating both of those from the program as implemented, and even still authorizing a program while deferring the obvious proof of compliance by simply asking for 13 different reports, often of non-compliance, doesn’t actually do what it is supposed to do.

Unless what it is supposed to do is give the patina of legal review while instead turning judges into a bureaucratic functionary who can, once a year, offer some compliance suggestions that may not be implemented.

FISC Suspects John Ratcliffe of Relaxing Rules for Unmasking of FISA Material

I Con the Record released last year’s FISA 702 reauthorization the other day. A number of people have written pieces about it. I think my piece, predicting what would happen with this one, written in September 2020, sums it up nicely. I say that because, as presiding Judge James Boasberg notes in his opinion, the certification process was largely a “status-quo replacement of certifications and procedures approved by the court [on] December 6, 2019.”

With regards to the pressing issue reported on by others (which I will return to) — whether FISC will ever fully account for the problems with the way FBI does back door searches, on FISA 702 material, traditional FISA material, and otherwise — because of the way certifications happen, the court is still working through stuff that happened over a year ago.

But a more interesting aspect of the filing deals with one of the more substantive changes in the “status-quo” reauthorization. Because of changes at the National Counterterrorism Center made under Ric Grenell and John Ratcliffe, ODNI had to change the title in the minimization procedures governing NCTC’s access to raw 702 data. When NCTC wants to override requirements that data get purged after five years, one of two fairly senior people needs to sign off on it. Before, those people were the Deputy Director for Intelligence and the Deputy Director for Terrorist Identities; now they are the Assistant Director for Intelligence and the Assistant Director for Identity Intelligence. Boasberg found that change was no big deal.

Boasberg was more troubled by a change arising from the same reorganization that assigns authority to disseminate unmasked information on US persons. Before, that approval had to come from the NCTC Director “or a designee who shall hold a position no lower than Group Chief within the NCTC Directorate of Intelligence.” Now, a “Group Chief” within the Directorate of Identity Intelligence can be delegated that authority. As Boasberg interprets it, this might allow NCTC to expand the universe of people who can authorize the dissemination of unmasked US person data.

This proposed change gives the Court pause. That the change is purportedly necessitated by the transfer of one analytic group to another directorate does not mean that the practical effect of the proposed change would be limited to that group. Presumably there are other groups within the Directorate of Identity Intelligence, and, on its face, this change would allow the NCTC Director to delegate dissemination determinations to chiefs of those other groups, as well as to other, more senior officials within the Directorate of Identity Intelligence, none of whom currently can be delegated such authority.

Mind you, Boasberg approved the change anyway.

To be sure, the Court does not second-guess internal organizational decisions made by the Executive. The Court, moreover, has no objection in principle to the maintenance of the status quo vis-à-vis the group, previously within the Directorate of Intelligence, and now within the Directorate of Identity Intelligence, that is “responsible for identifying and locating members of terrorist networks.” Id. But the Court has not been provided enough information about other groups within the Directorate of Identity Intelligence to know whether the extension of delegated authority to chiefs of those other groups to authorize [redacted] disseminations is equally appropriate. The Court will approve the proposed change, but require the government to report in the future on the exercise of the delegation authority to any group chief or official within the Directorate of Identity Intelligence other than the one specifically discussed in the government’s submission.

This is how FISA problems get so bad (as the FBI back door searches did) such that it takes years before FISC learns and catalogs current problems: it requires reporting, not imposes prohibitions, and as a result only learns if there are problems months or years after the fact.

Probably, this change did not result in a relaxation of the rules regarding who could unmask US person identities. Probably, the changes imposed under Grenell and Ratcliffe were just an attempt to root out people they deemed to be disloyal to Donald Trump. Probably, this has resulted in the same fairly strict rules regarding the unmasking of US person identities that were in place before.

But it’s fairly ironic that Boasberg suspected that a change made in a certification signed by John Ratcliffe would make it easier for the government to unmask the identities of Americans who had been captured in FISA surveillance — because that’s the kind of thing the GOP led a years-long campaign accusing others of.