Thoughts on the NYT Comey Blockbuster

/15 Comments/in , , /by

The NYT has a big piece on Jim Comey’s involvement in the election you should definitely read. Rather than share my thoughts in a tweet storm I thought I’d share here so we can all gab about it.

Consensus coming closer to Jim Comey being self-righteous

As long time readers know, I think Jim Comey is self-righteous. He creates a heroic self-image that is often overblown (as it was regarding the post hospital hero events). So I was happy to see this paragraph — and observations matching it — through out the story.

Mr. Comey made those decisions with the supreme self-confidence of a former prosecutor who, in a distinguished career, has cultivated a reputation for what supporters see as fierce independence, and detractors view as media-savvy arrogance.

Comey deserves all the criticism he has gotten for his statements about the Hillary investigation. But we’re stuck with Comey for now; he’s one of the few checks against Trump’s arbitrary rule (and Comey is enough of a media hound to be able to create the space to conduct the investigation into Trump).

But one way or another I’m happy people are beginning to understand Comey not as the hospital hero, nor as a partisan, but as someone who doesn’t (or didn’t?) assess his own actions with a fair measure.

The secret David Margolis meeting

One of two really interesting new details in this story is that, when Comey was trying to decide what to do, he consulted with David Margolis, who has long been treated as the conscience of DOJ by DOJers. (See this bmaz post for more background on Margolis.)

Mr. Comey sought advice from someone he has trusted for many years. He dispatched his deputy to meet with David Margolis, who had served at the Justice Department since the Johnson administration and who, at 76, was dubbed the Yoda of the department.

What exactly was said is not known. Mr. Margolis died of heart problems a few months later. But some time after that meeting, Mr. Comey began talking to his advisers about announcing the end of the Clinton investigation himself, according to a former official.

This meeting (and the description of how they staged Margolis’ funeral so the DOJ people criticizing Comey wouldn’t have to share a stage with him) plays a weird role in the story, as if just the mention of the meeting serves to exonerate Comey’s terrible decision to announce the end of the Hillary investigation.

But what the story doesn’t note is that Comey was effectively consulting with the person who for years always intervened to make sure DOJ’s lawyers don’t get held accountable for their misconduct (most notably, he did this for John Yoo). Now, I’m not sure whether as FBI Director Comey’s behavior might have been reviewed by the Office of Professional Responsibility; as it happens DOJ IG is doing so. But it is not ethical to have the guy who, later on, would bless your actions, bless them before the fact. It’s like getting pre-approval to break the rules.

Loretta Lynch should have recused

One of the details others find most interesting is that the FBI acted as they did, in part, because a Democratic operative suggested in an email that Loretta Lynch would ensure nothing came of the investigation.

During Russia’s hacking campaign against the United States, intelligence agencies could peer, at times, into Russian networks and see what had been taken. Early last year, F.B.I. agents received a batch of hacked documents, and one caught their attention.

The document, which has been described as both a memo and an email, was written by a Democratic operative who expressed confidence that Ms. Lynch would keep the Clinton investigation from going too far, according to several former officials familiar with the document.

Read one way, it was standard Washington political chatter. Read another way, it suggested that a political operative might have insight into Ms. Lynch’s thinking.

Normally, when the F.B.I. recommends closing a case, the Justice Department agrees and nobody says anything. The consensus in both places was that the typical procedure would not suffice in this instance, but who would be the spokesman?

The document complicated that calculation, according to officials. If Ms. Lynch announced that the case was closed, and Russia leaked the document, Mr. Comey believed it would raise doubts about the independence of the investigation.

I’ve got a slew of hacking related questions about this document — starting with why it hasn’t, as far as I know, been leaked. The described timing as “early last year” suggests that it may have been hacked in the FSB phase of the hacking. But the document would have solidified the narrative the Russians were reportedly fostering about Hillary.

The article doesn’t pursue those questions, but it notes that in response to finding it, Comey did not ask Lynch to recuse. He should have. You recuse whether or not there’s basis for recusal but because of appearances as well. Moreover, so much awfulness could have been avoided had she recused. This was one of the big own goals of this whole mess.

CIA Directors should not meet with just one Gang of Eight member

The second detail I find most interesting in this story is that John Brennan privately briefed Harry Reid about his concerns about the Russians.

John O. Brennan, the C.I.A. director, was so concerned about the Russian threat that he gave an unusual private briefing in the late summer to Harry Reid, then the Senate Democratic leader.

Top congressional officials had already received briefings on Russia’s meddling, but the one for Mr. Reid appears to have gone further. In a public letter to Mr. Comey several weeks later, Mr. Reid said that “it has become clear that you possess explosive information about close ties and coordination between Donald Trump, his top advisors, and the Russian government — a foreign interest openly hostile to the United States.”

While I’m generally sympathetic to Democrats’ complaints that DOJ should have either remained silent about both investigations or revealed both of them, it was stupid for Brennan to give this private briefing (and I hope he gets grilled about it by HPSCI when he testifies in a few weeks). In addition to the things Reid said publicly about the investigation, it’s fairly clear he and his staffers were also behind some of the key leaks here (and, as CNN reported yesterday, leaks about the investigation actually led targets of it to alter their behavior). For reasons beyond what appears in this story, I think it likely Reid served as a cut-out for Brennan.

And that’s simply not appropriate. There may well have been reasons to avoid briefing Richard Burr (who was advising Trump). But spooks should not be sharing information with just one party. CIA did so during its torture cover-up in ways that are particularly troubling and I find this — while not as bad — equally problematic.

Two missing details: the leaks and the delayed notice to Congress

While this is already a comprehensive story (though its telling of October 7 omits key details), there are two parts that seem critical that are missing: the flood of leaks from FBI and the decision to delay notifying the Gang of Four of the CI investigation.

This week, CNN reported that the FBI was “clarifying” an earlier policy fostering more contact between FBI employees with the media in response to leaks about the Trump campaign. (Click through to read about the TV series coming out focusing on FBI heroism that the FBI exercised editorial control over!!!)

The FBI is overhauling its media policy, restricting contacts between the news media and its employees amid controversy over alleged leaks, bureau officials told CNN.

The new media policy was rolled out this week at a conference in Washington attended by FBI special agents in charge of its 56 field offices, according to officials who attended.
Media access to top officials at the FBI became more common in recent years under FBI Director James Comey, part of a transparency effort he said was aiming at demystifying the FBI and helping the public understand its mission. But the new policy appears to curtail that access.
An official familiar with the development of the new policy described it as largely a “clarification” intended to reinforce existing rules on who is authorized to talk to reporters, not a step back from Comey’s transparency initiatives.

Not only should this policy have been put in place before people leaked details of FISA orders, but it should have been put in place in early 2016, when it was clear FBI Agents were leaking details of the Hillary investigation to try to force their supervisors to expand its scope to include the Clinton Foundation.

Instead, the possibility that FBI Agents would leak was one of the reasons why Comey did what he did. The correct thing, instead of making unprecedented public statements as he did, would have been to shut down the leaking.

Additionally, according to Comey’s testimony, FBI actually delayed notifying at least the heads of the Intelligence Committees  until fairly recently. The NYT acknowledges that this detail was hidden. But I’d love to understand how this departure from normal briefing affected all the other decisions (particularly in light of the the Brennan meeting).

In any case, read the whole thing. It’s very frustrating. But it also lays out a series of things that Comey — and other Obama officials — should have done differently.

The WikiLeaks Deterrent Theory, AKA the Arbitrary Official Secrets Act

/14 Comments/in , , /by

Three outlets yesterday — first the WaPo, then CNN, then NYT — reported that DOJ is considering charges against Julian Assange and WikiLeaks. The discussion of what charges, and for what leaks, differs between the reports.

While mentioning the Vault 7 leaks, WaPo also focuses on Chelsea Manning’s leaks and Assange’s discussions about how to gain access.

In March, WikiLeaks published thousands of files revealing secret cyber-tools used by the CIA to convert cellphones, televisions and other ordinary devices into implements of espionage. The FBI has made significant progress in the investigation of the leak, narrowing the list of possible suspects, officials said. The officials did not describe WikiLeaks’ exact role in the case beyond publishing the tools.

Prosecutors are also reexamining the leaks from Chelsea Manning, the Army soldier who was convicted in 2013 of revealing sensitive diplomatic cables. Manning chatted with Assange about a technique to crack a password so Manning could log on to a computer anonymously, and that conversation, which came up during Manning’s court-martial, could be used as evidence that WikiLeaks went beyond the role of publisher or journalist.

Alexa O’Brien tweeted out some thoughts and links to what any further prosecution of the Manning leak might entail.

CNN, which is the most certain charges have already been drawn up, explains that DOJ believes WikiLeaks’ actions changed in nature with Edward Snowden.

The US view of WikiLeaks and Assange began to change after investigators found what they believe was proof that WikiLeaks played an active role in helping Edward Snowden, a former NSA analyst, disclose a massive cache of classified documents.

I think that may be demonstrably true of Sarah Harrison, who helped a fugitive escape. But I’m not sure the US has equally compelling evidence against Assange.

Perhaps the most interesting discussion comes from NYT, which discusses the ongoing debate — with “senior Justice Department officials … pressuring prosecutors” over what is realistic and what authorities actually want, which is an Espionage conviction.

The official, speaking on the condition of anonymity because the details of the discussions remain secret, said senior Justice Department officials had been pressuring prosecutors in the Eastern District of Virginia to outline an array of possible charges against Mr. Assange.

But the official said prosecutors remained skeptical that they could pursue the most serious charges, of espionage, with regard to the documents Mr. Assange disclosed years ago with the help of an Army intelligence analyst, Chelsea Manning. Ms. Manning was convicted and sent to prison, but President Barack Obama commuted her sentence in January.

Given how few people Trump has confirmed into positions in government, these outlets should be a bit more descriptive. In that passage, for example, and the following from WaPo, what does “senior justice department official” mean when US Attorney Dana Boente is (as I’ve noted but none of these stories do) also acting DAG and acting AG for any Russia-related charges.

Prosecutors in recent weeks have been drafting a memo that contemplates charges against members of the WikiLeaks organization, possibly including conspiracy, theft of government property or violating the Espionage Act, officials said. The memo, though, is not complete, and any charges against members of WikiLeaks, including founder Julian Assange, would need approval from the highest levels of the Justice Department.

Would Boente be approving charges filed under Boente’s name?

Though that may not matter. Rod Rosenstein, who will become DAG shortly, has himself pursued excessive charges in leak cases, both against Thomas Drake and Hal Martin.

Perhaps the most interesting claim is that the FBI thought indicting Assange — who likely won’t be prosecuted in any case unless Ecuador suddenly changes their mind about their house guest — would provide some kind of deterrent effect.

Officials have said that the F.B.I. supports prosecuting Mr. Assange. Several years ago, the agency sent a series of documents to the Justice Department outlining charges that investigators claimed to have evidence to support. At the time, F.B.I. counterintelligence agents believed that charging Mr. Assange would deter him from posting new troves of American documents.

I think you’d have to be daft to think prosecuting Assange would deter him from posting more, assuming this happened while he was in the Ecuadoran Embassy. Prosecuting him would only mean he’d have less to lose — and, frankly, more reason to post things that might please America’s adversaries, like Russia.

But it might serve as deterrence for other publishing outlets that aren’t holing up in an Embassy. Short of some really distinguishing actions (and Harrison’s might amount to that in the Snowden case), indicting Assange would put everyone else with a SecureDrop on notice that they, too, might be prosecuted. Surely, DOJ would pick and choose who gets prosecuted. They might choose other easily easily targeted people — people who are gay, people who no longer live in this country, people who have too many dogs — to similarly make examples of (though pity the fool that challenges Glenn Greenwald’s First Amendment rights.

DOJ wants to start cutting away at the First Amendment. All the better for them, if in the name of prosecutorial discretion, Jeff Sessions’ DOJ could pick and choose which publishers’ speech gets curtailed.

The Ironies of the EO 12333 Sharing Expansion for Obama and Trump

/8 Comments/in , , /by

In one of his first acts as leader of the Democratic party in 2008, Barack Obama flipped his position on telecom immunity under FISA Amendments Act, which cleared the way for its passage. That was a key step in the legalization of the Stellar Wind dragnet illegally launched by George Bush in 2001, the normalization of turnkey surveillance of the rest of the world, surveillance that has also exposed countless Americans to warrantless surveillance.

Bookends of the Constitutional law president’s tenure: codifying and expanding Stellar Wind

So it is ironic that, with one of his final acts as President, Obama completed the process of normalizing and expanding Stellar Wind with the expansion of EO 12333 information sharing.

As I laid out some weeks ago, on January 3, Loretta Lynch signed procedures that permit the NSA to share its data with any of America’s other 16 intelligence agencies. This gives CIA direct access to NSA data, including on Americans. It gives all agencies who jump through some hoops that ability to access US person metadata available overseas for the kind of analysis allegedly shut down under USA Freedom Act, with far fewer limits in place than existed under the old Section 215 dragnet exposed by Edward Snowden.

And it did so just as an obvious authoritarian took over the White House.

I’ve was at a privacy conference in Europe this week (which is my partial explanation for being AWOL all week), and no one there, American or European, could understand why the Obama Administration would give Trump such powerful tools.

About the only one who has tried to explain it is former NSA lawyer Susan Hennessey in this Atlantic interview.

12333 is not constrained by statute; it’s constrained by executive order. In theory, a president could change an executive order—that’s within his constitutional power. It’s not as easy as just a pen stroke, but it’s theoretically possible.

[snip]

When they were in rewrites, they were sort of vulnerable. There was the possibility that an incoming administration would say, “Hey! While you’re in the process of rewriting, let’s go ahead and adjust some of the domestic protections.” And I think a reasonable observer might assume that while the protections the Obama administration was interested in putting into place increased privacy protections—or at the very least did not reduce them—that the incoming administration has indicated that they are less inclined to be less protective of privacy and civil liberties. So I think it is a good sign that these procedures have been finalized, in part because it’s so hard to change procedures once they’re finalized.

[snip]

I think the bottom line is that it’s comforting to a large national-security community that these are procedures that are signed off by Director of National Intelligence James Clapper and Attorney General Loretta Lynch, and not by the DNI and attorney general that will ultimately be confirmed under the Trump Administration.

Hennessey’s assurances ring hollow. That’s true, first of all, because it is actually easier to change an EO — and EO 12333 specifically — than “a pen stroke.” We know that because John Yoo did just that, in authorizing Stellar Wind, when he eliminated restrictions on SIGINT sharing without amending EO 12333 at all. “An executive order cannot limit a President,” Yoo wrote in the 2001 memo authorizing Stellar Wind. “There is no constitutional requirement for a President to issue a new executive order whenever he wishes to depart from the terms of a previous executive order. Rather than violate an executive order, the President has instead modified or waived it.” And so it was that the NSA shared Stellar Wind data with CIA, in violation of the plain language of EO 12333 Section 2.3, until that sharing was constrained in 2004.

Yes, in 2008, the Bush Administration finally changed the language of 2.3 to reflect the SIGINT sharing it had started to resume in 2007-2008. Yes, this year the Obama Administration finally made public these guidelines that govern that sharing. But recent history shows that no one should take comfort that EOs can bind a president. They cannot. The Executive has never formally retracted that part of the 2001 opinion, which in any case relies on a 1986 OLC opinion on Iran-Contra arguing largely the same thing.

No statutorily independent oversight over vastly expanded information sharing

Which brings us to whether the EO sharing procedures, as released, might bind Trump anymore than EO 12333 bound Bush in 2001.

In general, the sharing procedures are not even as stringent as other surveillance documents from the Obama Administration. The utter lack of any reasonable oversight is best embodied, in my opinion, by the oversight built into the procedures. A key cog in that oversight is the Department of National Intelligence’s Privacy and Civil Liberties Officer — long inhabited by a guy, Alex Joel, who had no problem with Stellar Wind. That role will lead reviews of the implementation of this data sharing. In addition to DNI’s PCLO, NSA’s PCLO will have a review role, along with the General Counsels of the agencies in question, and in some limited areas (such as Attorney Client communications), so will DOJ’s National Security Division head.

What the oversight of these new sharing procedures does not include is any statutorily independent position, someone independently confirmed by the Senate who can decide what to investigate on her own. Notably, there is not a single reference to Inspectors General in these procedures, even where other surveillance programs rely heavily on IGs for oversight.

There is abundant reason to believe that the PATRIOT Act phone and Internet dragnets violated the restrictions imposed by the FISA Court for years in part because NSA’s IG’s suggestions were ignored, and it wasn’t until, in 2009, the FISC mandated NSA’s IG review the Internet dragnet that NSA’s GC “discovered” that every single record ingested under the program violated FISC’s rules after having not discovered that fact in 25 previous spot checks. In the past, then, internal oversight of surveillance has primarily come when IGs had the independence to actually review the programs.

Of course, there won’t be any FISC review here, so it’s not even clear whether explicit IG oversight of the sharing would be enough, but it would be far more than what the procedures require.

I’d add that the Privacy and Civil Liberties Oversight Board, which provided key insight into the Section 215 and 702 programs, also has no role — except that PCLOB is for all intents and purposes defunct at this point, and there’s no reason to believe it’ll become operational under Trump.

Obama vastly expanded information sharing with these procedures without implementing the most obvious and necessary oversight over that sharing, statutorily independent oversight.

Limits on using the dragnet to affect political processes

There is just one limit in the new procedures that I think will have any effect whatsoever — but I think Trump may have already moved to undercut it.

The procedures explicitly prohibit what everyone should be terrified about under Trump — that he’ll use this dragnet to persecute his political enemies. Here’s that that prohibition looks like.

Any IC element that obtains access to raw SIGINT under these Procedures will:

[snip]

Political process in the United States. Not engage in any intelligence activity authorized by these Procedures, including disseminations to the White House, for the purpose of affecting the political process in the United States. The IC element will comply with the guidance applicable to NSA regarding the application of this prohibition. Questions about whether a particular activity falls within this prohibition will be resolved in consultation with the element’s legal counsel and the General Counsel of the Office of the Director of National Intelligence (ODNI) (and the DoD’s Office of the General Counsel in the case of a DoD IC element).

If you need to say the IC should not share data with the White House for purposes of affecting the political process, maybe your info sharing procedures are too dangerous?

Anyway, among the long list of things the IC is not supposed to do, this is the only one that I think is so clear that it would likely elicit leaks if it were violated (though obviously that sharing would have to be discovered by someone inclined to leak).

All that said, note who is in charge of determining whether something constitutes affecting political processes? The IC agency’s and ODNI’s General Counsel (the latter position is vacant right now). Given that the Director of National Intelligence is one of the positions that just got excluded from de facto participation in Trump’s National Security Council (in any case, Republican Senator Dan Coats has been picked for that position, which isn’t exactly someone you can trust to protect Democratic or even democratic interests), it would be fairly easy to hide even more significant persecution of political opponents.

FBI and CIA’s expanded access to Russian counterintelligence information

There is, however, one aspect of these sharing guidelines that may have work to limit Trump’s power.

In the procedures, the conditions on page 7 and 8 under which an American can be spied on under EO 12333 are partially redacted. But the language on page 11 (and in some other parallel regulations) make it clear one purpose under which such surveillance would be acceptable, as in this passage.

Communications solely between U.S. persons inadvertently retrieved during the selection of foreign communications will be destroyed upon recognition, except:

When the communication contains significant foreign intelligence or counterintelligence, the head of the recipient IC element may waive the destruction requirement and subsequently notify the DIRNSA and NSA’s OGC;

Under these procedures generally, communications between an American and a foreigner can be read. But communications between Americans must be destroyed except if there is significant foreign intelligence or counterintelligence focus. This EO 12333 sharing will be used not just to spy on foreigners, but also to identify counterintelligence threats (which would presumably include leaks but especially would focus on Americans serving as spies for foreign governments) within the US.

Understand: On January 3, 2017, amid heated discussions of the Russian hack of the DNC and public reporting that at least four of Trump’s close associates may have had inappropriate conversations with Russia, conversations that may be inaccessible under FISA’s probable cause standard, Loretta Lynch signed an order permitting the bulk sharing of data to (in part) find counterintelligence threats in the US.

This makes at least five years of information collected on Russian targets available, with few limits, to both the CIA and FBI. So long as the CIA or FBI were to tell DIRNSA or NSA’s OGC they were doing so, they could even keep conversations between Americans identified “incidentally” in this data.

I still don’t think giving the CIA and FBI (and 14 other agencies) access to NSA’s bulk SIGINT data with so little oversight is prudent.

But one of the only beneficial aspects of such sharing might be if, before Trump inevitably uses bulk SIGINT data to persecute his political enemies, CIA and FBI use such bulk data to chase down any Russian spies that may have had a role in defeating Hillary Clinton.

Working Thread: HPSCI’s Full Unbelievably Shitty Snowden Report

/11 Comments/in , , /by

In September, I did a post asking why the House Intelligence Committee report on Edward Snowden was so unbelievably shitty. My post was just based off a summary released by the Committee. HPSCI has now released the full report.

This will be a working thread.

Summary: The summary, with all its obvious errors, remains unchanged. So see my earlier post for the problems with that.

PDF 6: The report starts with a claim that Snowden’s leaks were the “most massive and damaging in history.” But the claim was made in 2014. Since then we’ve had two more damaging leaks, the OPM leak and the Shadow Brokers leak.

PDF 6: In my earlier post, I wrote about how the deference given to the ongoing criminal investigation into Snowden seemed very similar to — but was far less defensible than — the approach Stephen Preston used when he was General Counsel at CIA. He was General Counsel at DOD when this report started, suggesting he adopted the same approach. Worse, we now know from emails released this year that the exec had actually moved on by May 2014, meaning the claim was not sustainable when made in August 2014.

PDF 7: On the education paragraph, see this post.

PDF 7: Rather than asking the military why Snowden was discharged, the committee asked NSA’s security official. As Bart Gellman notes, his official Army record backs Snowden, not the security official.  Then they say (in the footnote) that they “found node evidence that Snowden was involved in a training accident.”

PDF 9: This page cites from a CIA IG report on Snowden’s complaints about the treatment of TISOs overseas. It actually shows him trying to complain through channels.

PDF 10: Note that HPSCI claimed a paragraph based on information classified confidential was classified secret.

PDF 11: I’m curious why they redacted footnote 43.

PDF 11: Report notes a new derogatory report was submitted after Snowden left Geneva but also after his next employer hired him. It doesn’t seem too serious. Report notes that the alert function for Scattered Castles got updated after that.

PDF 12: The reports that he went to Thailand and China are second-hand, based off what an NSA lawyer said his former co-workers said. Both support an awareness that Snowden was making his privacy concerns known, including this quote (which is likely out of context and may refer to an individual program):

… Snowden expressing his view that the U.S. government had overreached on surveillance and that it was illegitimate for the government to obtain data on individuals’ personal computers.

PDF 13: Why would HPSCI (or NSA, for that matter) depend on the comments of co-workers to learn what Snowden did during a leave of absence? Also note, this is classified Secret, which means it must have some security function.

PDF 13: Note they had an interview with a lawyer and a security official on the same day.

PDF 13: His co-workers claimed Snowden frequently showed up late. That would mean he’d be home for the entirely of the East Coast day.

PDF 13: Snowden expressed concern that SOPA/PIPA would lead to online censorship, but his co-worker was dismissive bc he hadn’t read the bill.

PDF 14: The claim that Snowden went to a hackers conference in China is sourced to a co-worker who didn’t like Snowden much.

PDF 14: Note in the patch discussion, they hide the kind of person that the interviewee for this information is.

PDF 14: Snowden did something after being called out for bringing in a manager.

PDF 15: The report claims that Snowden started downloading docs in July 2012. Snowden has said that was part of transferring docs. But it also coincides with the period when he was trouble shooting a 702 template, so they may think this is how he got the FISA data.

PDF 15: Snowden had access to wget on NSA’s networks for the same reason Chelsea Manning did, IIRC: because the networks were unreliable. Snowden said he did this to move files from MD to HI. There’s a redacted paragraph that it sourced to a “HPSCI recollection summary paper,” which seems odd and unreliable.

PDF 15: The methods Snowden used paper is classified REL to USA, FVEY, presumably because Snowden was grabbing GCHQ documents.

PDF 16: Here’s the funny quote about Snowden violating privacy. Note the first redacted sentence here is not sourced to an NSA document, but instead to a NSA Legislative Affairs document.

PDF 18: The end of this betrays NSA’s efforts to make light of glaring security holes: the CD-ROM/USB port on Snowden’s computer, and the ability for him to download data w/o a buddy (they currently require a buddy).

PDF 19: THe complaints about Snowden’s “resumé inflation” are a valid point. But what does it say that no one at NSA checks these things.

PDF 20: After Snowden moved to Booz, he went back to his old computer to be able to download the files he had new access to. I had been wondering about that.

PDF 20: All the details about Snowden’s flight are taken from public reports, not FBI or CIA reports or even NSA’s timeline, which must cover it. Did NSA’s timeilne, which is dated . That is bizarre.

PDF 21: Note the classification mark for 132, which seems to conclude that Snowden’s motivation was to inform the public.

PDF 21: The report says Snowden left some encrypted hard drives behind, sourced to a 2/4/14 briefing not cited elsewhere. Working from memory I think this is the Flynn one.

PDF 21: The description of what others had said about Snowden’s interest in privacy conflicts with what NSA said internally. 

PDF 22: I will return to the description of the 702 training.

PDF 22: Note they source the training issue to someone unnamed. This appears to be the same person who described the patch issue (PDF 14), with an interview on October 28. That means it couldn’t have been the training person, and surely didn’t have first-hand knowledge.

PDF 23: The report cites the emails (without describing who they were addressed to) and the I Con the Record report on the email. Which means I’ve reviewed this issue more closely than HPSCI.

PDF 23: The section on whether Snowden was a whistleblower doesn’t cite his CIA IG contact.

PDF 25: Some of the foreign influence section obviously says there was none (see the Keith Alexander comment). Plus, this doesn’t cite other public comments saying there is no evidence of any foreign tie.

PDF 26: FN 166 is the bad briefing. Note that 1/5 of the documents Snowden took were blank.

PDF 29: This section describes the damage assessment. I find it very significant the NCSC has stopped reviewing T3 and T2 documents, which must suggest, in part, that they trust the security of the documents and/or have confirmed via some means that there aren’t more out there.

PDF 34: Yet another complaint about not fixing the removable media problem.

PDF 34: A description of the Secure the Net initiative, with four measures outstanding, and taking over a year to get to buddy system with SysAdmins.

PDF 35-36: There’s a list of things HPSCI ordered the IC to do after Snowden.

Threat Level Orange! Election Week Plot!

/14 Comments/in , , , /by

screen-shot-2016-11-04-at-5-01-51-pmThis morning, CBS published a story attributed to senior producer Pat Milton, who has done a lot of FBI-based stories (and co-produced fawning 60 Minutes interviews with John Brennan and Jim Comey), reporting on a possible terrorist attack. The story described the threat with specific detail — scheduled for Monday, in maybe NY, TX, or VA — but even while explicitly stating that “its credibility hasn’t been confirmed.”

Sources told CBS News senior investigative producer Pat Milton that U.S. intelligence has alerted joint terrorism task forces that al Qaeda could be planning attacks in three states for Monday.

It is believed New York, Texas and Virginia are all possible targets, though no specific locations are mentioned.

U.S. authorities are taking the threat seriously, though the sources stress the intelligence is still being assessed and its credibility hasn’t been confirmed. Counterterrorism officials were alerted to the threat out of abundance of caution.

The version published at 7:43 AM (and screen captured to the right) clearly attributed the story to a senior FBI official. (I’ve bolded the differences.)

A senior FBI official told CBS News, “The counterterrorism and homeland security communities remain vigilant and well-postured to defend against attacks here in the United States.  The FBI, working with our federal, state and local counterparts, shares and assesses intelligence on a daily basis and will continue to work closely with law enforcement and intelligence community partners to identify and disrupt any potential threat to public safety.”

The version published at 12:52 rewrote that paragraph, obscuring that FBI was the source.

While we do not comment on intelligence matters, we will say the counterterrorism and homeland security communities remain vigilant and well-postured to defend against attacks here in the United States,” a U.S. intelligence official told CBS News. “The FBI and DHS, working with our federal, state and local counterparts, share and assess intelligence on a daily basis and will continue to work closely with law enforcement and intelligence community partners to identify and disrupt any potential threat to public safety.

This story, leaked by a senior FBI official who “doesn’t comment on intelligence matters” but nevertheless did just that, comes at the end of the crappiest week for the FBI in decades.

At this point, it is fair to argue that the intelligence community — including people leading it today — have capitalized on a terrorist threat, even a dodgy one. As I tweet stormed this morning (and wrote in more detail here), in 2004 the government played up two dodgy election year threats.

In March 2004 (just as torture, spying cut back) fabricator went to CIA in Pakistan and said, “Janat Gul wants to attack US elections.”

Someone in CIA immediately said, “Nah!” Nevertheless, US got PK to detain, turn Gul to US to be tortured.

USG (including Jim Comey) reauthorized torture, to be used with Gul. Including waterboarding & techniques CIA had already used w/o approval.

USG (including Comey & John Brennan) also used election year plot based off fabrication as one reason FISC had to approve Internet dragnet.

There were, of course, leaks to the press about this election year plot.

CIA kept torturing and torturing Janat Gul, because they needed details of an election year plot based off a fabrication.

It wasn’t until October that someone said, “Hey, let’s go check if that guy claiming Gul wanted to attack US election was lying!” He was.

But Gul had served purpose: election year scare, reauthorizing torture, getting FISC approval for dragnet. Not bad for one torture victim!

Comey didn’t know CIA immediately raised concerns abt fabricator’s claims. It’s one thing Cheney/Gonzales prevented him fr learning in 2005

Comey signed off on torture again, including waterboarding w/o knowing that that case was all based off a fabrication.

But Comey has also refused to read torture report, which lays all this out. He’s avoiding learning what he did in 2004, 2005. Brennan too!

I lay all this out bc, w/history like this, IC (still led by Brennan & Comey) should be VERY careful abt leaking election year plots.

Succinctly: They cried wolf in 2004. And have yet to face accountability for that.

Then, in 2006 (at a time when both Comey and Brennan were on hiatus from directly government work, though they were both working with key government contractors), it happened again. Dick Cheney triggered the revelation of a very real terrorist plot in 2006 — fucking over the British officials trying to collect enough information to prosecute the perpetrators — to help Joe Lieberman stay in the Senate.

The point is, these people, including the people in charge of the IC now, have selectively exploited real or imagined terrorist plots before. The leak of this one, which FBI clearly hasn’t even vetted, sure seems exploitative given how badly FBI needs to distract from its own fuck-ups.

Or Maybe the FBI Really Did Have a Reason to Stay Off the Russian Attribution?

/33 Comments/in , /by

The Comey whiplash continues.

In the latest development, a single source — a “former FBI official,” offered with no description of how he or she would know — told CNBC that weeks ago Jim Comey refused to join onto the Intelligence Community’s attribution of the DNC hacks to Russia because it was too close to the election.

FBI Director James Comey argued privately that it was too close to Election Day for the United States government to name Russia as meddling in the U.S. election and ultimately ensured that the FBI’s name was not on the document that the U.S. government put out, a former FBI official tells CNBC.

The official said some government insiders are perplexed as to why Comey would have election timing concerns with the Russian disclosure but not with the Huma Abedin email discovery disclosure he made Friday.

In the end, the Department of Homeland Security and The Office of the Director of National Intelligence issued the statement on Oct. 7, saying “The U.S. intelligence community is confident that the Russian Government directed the recent compromises of emails from US persons and institutions, including from US political organizations…These thefts and disclosures are intended to interfere with the US election process.”

[snip]

According to the former official, Comey agreed with the conclusion the intelligence community came to: “A foreign power was trying to undermine the election. He believed it to be true, but was against putting it out before the election.” Comey’s position, this official said, was “if it is said, it shouldn’t come from the FBI, which as you’ll recall it did not.”

In spite of what Hillary said at the most recent debate, the statement was billed as a “Joint Statement,” though it did claim to represent the view of the intelligence community.

Until someone else confirms this story — preferably with more than one source, one clearly placed in a position to know — I advise caution on this.

That’s true, first of all, because a bunch of people who likely harbor grudges against Jim Comey are coming out of the woodwork to condemn Comey’s Friday statement. Given the reasons they might resent Comey, I really doubt Alberto Gonzales or Karl Rove were primarily motivated to criticize him out of a concern for the integrity of our election process.

The same could be true here.

The other reason I’d wait is because of reporting going back to this summer on the case against Russia. As I’ve noted, reporters repeatedly reported that while there seemed little doubt that Russia had hacked the Democrats, the FBI had not yet proven some steps in the chain of possession. For example, at the end of July, FBI was still uncertain who or how the emails from DNC were passed onto WikiLeaks.

The FBI is still investigating the DNC hack. The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

As I noted, the IC attribution statement actually remained non-committal on precisely this step of the process, finding that the leaks of emails were consistent with stuff Russia’s GRU has done in the past, but stopping short of saying (as they had on the hack itself) that it is confident that Russia leaked the files.

Which is to say the same thing the FBI had questions about in July is something that remained non-committal in the October statement, which might be one of a number of reasons (including that FBI wants to retain the ability to prosecute whoever they charge with this, including if it is a currently unknown middleman) that the FBI might not want to be on the attribution. FBI was unwilling to fully commit to the accusation in July, and apparently unwilling to do so in October.

Note that CNBC’s anonymous source, even when confirming that Comey backed the statement, didn’t confirm he backed the whole content of it. The person contrasts the most aggressive quote from the IC statement:

… the U.S. intelligence community is confident that the Russian Government directed the recent compromises …

With this, allegedly from Comey:

A foreign power was trying to undermine the election

Those statements are not the same thing, and it may be that FBI continued to have perhaps not doubts, but unproven holes in the case, that led to caution on the Russia statement.

In any case, it’s not that I believe the anonymous CNBC statement to be impossible. But there is another perfectly consistent explanation for Comey hesitating to name FBI on that IC attribution.

Update: Ellen Nakashima has a version of this story (sourced to more than one person) now. Here’s an excerpt, but definitely read the whole thing for the logic (or lack thereof) FBI used.

In the debate over publicly naming Russia, the FBI has investigative interests to protect, officials said. At the same time, other officials said, the aim of public attribution was to stop Russia from undermining confidence in the integrity of the election.

[snip]

But the White House, Justice Department, State Department and other agencies debated for months whether to officially blame Moscow or not.

Comey’s instincts were to go with the public attribution even as late as August, said one participant in the debate. But as the weeks went by and the election drew nearer, “he thought it was too close,” the official said.

When, by early October, the decision was made, the talk shifted to who would make the announcement. In December 2014, it was the FBI that publicly pointed the finger at North Korea for hacking Sony Pictures Entertainment and damaging its computers. That was because the attribution to Pyongyang was based on the FBI investigation, said a senior administration official.

[snip]

The announcement did not mention the White House, which also had been very concerned about appearing to influence the election.

Anthony Weiner Creates a Virgin Birth for Evidence the Clinton Foundation Investigators Want

/46 Comments/in , /by

WSJ’s Devlin Barrett has a long story he describes as laying bare “tensions that have built for months inside the bureau and the Justice Department over how to investigate someone who could soon be elected president.” It might just as well be described as a catalogue of the ways FBI has gotten out of control.

To show the important background to the decision to get a warrant to access Huma Abedin’s email, I’m going to switch the order of the story from that Barrett uses. Looked at in this way, it becomes clear that by accessing Huma’s email, the FBI may not just have renewed the probably fruitless investigation into Hillary’s email server, but also found a way to access Huma’s emails for use in an investigation of the Clinton Foundation.

FBI ignores Public Integrity orders not to escalate the investigation of the Clinton Foundation

After laying out the recent decision to access Huma Abedin’s email (which I deal with below), Barrett confirms what Comey made obvious with a “neither confirm nor deny” response at his July testimony before the House Oversight Committee (though a flood of leaks had long claimed such an investigation existed).

The FBI has been investigating the Clinton Foundation for over a year.

As Barrett describes it, the case arose because Agents were seeing if a crime was committed, not because they had found evidence that it had:

Early this year, four FBI field offices—New York, Los Angeles, Washington and Little Rock, Ark.—were collecting information about the Clinton Foundation to see if there was evidence of financial crimes or influence-peddling, according to people familiar with the matter.

He describes that in February, when Andrew McCabe got promoted to Deputy Director, he took over oversight of this investigation. (In an earlier article Barrett insinuated that an earlier Terry McAuliffe donation to McCabe’s wife’s state senate campaign presented a conflict, but in this article Barrett provides McAuliffe’s explanation for the donation.) Also in February — Barrett doesn’t say whether McCabe was involved — investigative teams located in Los Angeles, DC, Little Rock, and New York (he doesn’t say whether they were in EDNY or SDNY or both, which is relevant to a later development in the story) presented their case to DOJ’s Public Integrity (PIN) section.

Here’s how Barrett describes that meeting:

Some said that is because the FBI didn’t present compelling evidence to justify more aggressive pursuit of the Clinton Foundation, and that the career anticorruption prosecutors in the room simply believed it wasn’t a very strong case. Others said that from the start, the Justice Department officials were stern, icy and dismissive of the case.

“That was one of the weirdest meetings I’ve ever been to,” one participant told others afterward, according to people familiar with the matter.

Anticorruption prosecutors at the Justice Department told the FBI at the meeting they wouldn’t authorize more aggressive investigative techniques, such as subpoenas, formal witness interviews, or grand-jury activity. But the FBI officials believed they were well within their authority to pursue the leads and methods already under way, these people said.

Mind you, seven paragraphs before describing PIN telling the FBI it would not authorize subpoenas, Barrett described the Los Angeles team having “issued some subpoenas for bank records related to the foundation.” So when he says FBI officials believed they could pursue leads and methods already under way, it may mean they decided they could use the fruit of subpoenas PIN subsequently judged weren’t merited by the evidence.

In July, after DOJ decided not to prosecute anyone on the email server and Comey started blabbing (including his non-denial of the existence of this investigation), FBI “sought to refocus the Clinton Foundation probe,” which sounds a lot like redoubling efforts to find something to investigate Hillary for. (Note, this entire article makes no mention of the June Supreme Court decision throwing out much of former VA governor Bob McDonnell’s conviction, which would have significantly raised the bar for any prosecution of the Clinton Foundation.) McCabe bracketed the DC work focusing on Terry McAuliffe, from which he was recused, and put NY in charge of the rest.

Barrett spends a paragraph airing both sides of a dispute about whether that was the right decision, then describes a (male, and therefore someone besides Loretta Lynch or Sally Yates) senior DOJ official bitching out McCabe for continuing to pursue the Clinton Foundation investigation, especially during the election.

According to a person familiar with the probes, on Aug. 12, a senior Justice Department official called Mr. McCabe to voice his displeasure at finding that New York FBI agents were still openly pursuing the Clinton Foundation probe during the election season. Mr. McCabe said agents still had the authority to pursue the issue as long as they didn’t use overt methods requiring Justice Department approvals.

The Justice Department official was “very pissed off,” according to one person close to Mr. McCabe, and pressed him to explain why the FBI was still chasing a matter the department considered dormant.

Barrett spends several paragraphs airing both sides of what happened next, whether FBI agents were ordered to stand down entirely or whether McCabe said they could continue to investigate within the existing guidelines.

FBI attempts to venue shop to get at Clinton server emails

Even after that order, the Clinton Foundation investigators tried to get more — specifically, all the emails turned over in the email server investigation. When EDNY (as a reminder, that’s where Loretta Lynch was until last year US Attorney) refused, the investigators asked to go get them in SDNY.

In September, agents on the foundation case asked to see the emails contained on nongovernment laptops that had been searched as part of the Clinton email case, but that request was rejected by prosecutors at the Eastern District of New York, in Brooklyn. Those emails were given to the FBI based on grants of partial immunity and limited-use agreements, meaning agents could only use them for the purpose of investigating possible mishandling of classified information.

Some FBI agents were dissatisfied with that answer, and asked for permission to make a similar request to federal prosecutors in Manhattan, according to people familiar with the matter. Mr. McCabe, these people said, told them no and added that they couldn’t “go prosecutor-shopping.”

Several comments on this: First, McCabe did the right thing here in refusing to let his agents venue shop until they got their way. I hope he would do the same in a less visible investigation where senior DOJ officials were chewing him out for conducting the investigation in the first place.

Second, consider how the timing of this coincides with both leaks about the immunity agreements, Jason Chaffetz’ inquiry into the same, and two sets of email server related materials. As one key example, on October 5, just weeks after McCabe told his Agents they couldn’t go “prosecutor-shopping” to get to the emails released in the email server probe, Republicans were releasing details of their in camera review of the terms of the immunity agreements used to deny the Clinton Foundation investigations access to the emails. We should assume that some entities within the FBI are using all angles, using Chaffetz’ investigations to publicize decisions that have thwarted their investigation.

Did FBI Agents review the content of Huma Abedin’s email without a warrant?

So sometime in September, the Clinton foundation team was told they couldn’t have emails associated with the server investigation that were tied to immunity agreements. On October 3 (per the NYT), FBI agents seized a number of devices, including a laptop used jointly by Anthony Weiner and Huma Abedin with a warrant permitting just the investigation of Weiner’s alleged sexting of an underaged woman (curiously, Barrett says they were permitted to look for child porn). Shortly thereafter, they found found emails from accounts, plural, of Huma Abedin on the laptop. Multiple reports suggest those emails may be duplicative of the ones that FBI had just been told they couldn’t access because of the immunity agreements tied to other devices.

There’s no reason to believe FBI found those potentially duplicative emails because they were prohibited from accessing the ones turned over voluntarily as part of the email server probe (in any case, they are presented as different investigative teams, although the description of this sprawling Clinton Foundation investigation may explain why earlier leaks said 147 people were part of the Clinton investigation); it’s just one of those coinkydinks that seem to plague the Clintons.

At that point, per Barrett, “Senior FBI officials decided to let the Weiner investigators proceed with a closer examination of the metadata on the computer, and report back to them.” Early last week (so two or three weeks later), some asked how that weeks-long review of the Huma emails (allegedly just the metadata) was going.

“At that point, officials realized that no one had acted to obtain a warrant, these people said.”

In other words, for several weeks, FBI has been nosing around those emails without court authorization to do so in conjunction with the email server investigation (which may or may not have been formally closed). If they really stuck to metadata, that’s no big deal under Third Party rules. If they did peek — even at subject lines — then that may be a bigger problem.

Only then did the Weiner investigators compare notes with the Hillary investigators and decide the emails were relevant. Barrett doesn’t answer the obvious question: how did the Weiner investigators determine these emails might be relevant and did they really just review only metadata? Given all the stories to FBI friendly sources claiming Comey — and implying no one — has seen the content of the email, I suspect the answer is Weiner investigators went beyond metadata.

The background Barrett provides gives more significance to FBI’s decision to (perhaps belatedly) obtain a warrant to get Huma’s email and to Comey’s highly inappropriate magnification of it. Not only have they reopened (or renewed — reports on this are still all over the map on this point) the email investigation, but they’ve also created a virgin birth for emails that the Clinton foundation investigators tried — and were willing to venue shop — but failed to get.

FBI leaking has neutralized DOJ’s control over the Bureau

This story shows that FBI has tried a number of methods to defy PIN advice to drop the investigation into the Clinton Foundation.

I don’t know whether the investigation into the Clinton Foundation has merit or not (though given Barrett’s explanation, it does seem that some in FBI were looking for a crime rather than looking to solve one).

But I do know that if FBI agents operate outside of bounds on their power, they constitute a grave threat to the rule of law.

And Barrett’s article suggests at least three ways they appear to have done just that:

  • Fiddling with investigative guidelines of the DIOG (by using subpoenas without the appropriate level of investigation and authority)
  • Attempting to venue shop to get permission to access evidence they were told they couldn’t have
  • Leaking promiscuously, in clear violation of the rules, to bring political pressure including on Comey to conduct an investigation their supervisors had told them to either limit or halt

That promiscuous leaking, of course, includes this article, which relied on a great number of sources, almost none of whom should be speaking about this investigation. Don’t get me wrong — it’s great reporting on Barrett’s part. But it also serves the purpose of airing the claim that McCabe, PIN, and DOJ generally have thwarted an investigation into the Clinton Foundation that some at FBI believe has merit.

In addition, I’ve got questions about whether they read Huma’s email when they were supposed to just be looking at metadata.

Whatever else Comey’s totally inappropriate behavior reflects, his justification for doing so because it otherwise might leak suggests he doesn’t have control over his agency. Though given his coy response to Chaffetz in July, I do wonder whether he isn’t rooting for the Clinton foundation investigation to proceed; whatever else he is, Comey is a master of using the press to win political fights.

And remember, the FBI (under Comey) has undermined one of the few irreproachable entities that might fix this sorry state of affairs. It has refused, now backed by an OLC opinion, to give DOJ’s Inspector General the unfettered right to investigate things like grand jury proceedings (though given that no grand jury was used in these cases, it might be harder to keep them out here). So if Patrick Leahy were to ask Michael Horowitz to investigate whether FBI acted inappropriately in these related investigations — and he should! — FBI might be able to withhold information from the IG.

A bunch of people who have unquestioned faith in the goodness of DOJ — now including Eric Holder, the guy who couldn’t prosecute a single criminal bank — have been, rightly, scolding Comey for his actions. But they have largely remained utterly silent about the runaway agents at the FBI, both about their obvious leaking and now about their efforts to sustain this investigation in defiance of at least some of the chain of command, including career prosecutors who should be fairly insulated from any political influence that someone like Lynch might respond to.

As I said, I’m agnostic about the investigation of the Clinton Foundation. I’m not agnostic on the importance of keeping FBI firmly within the bureaucratic bounds that prevents them from acting as an abusive force.

They seem to have surpassed those bounds.

When Reporters Discover Selective Leak Targeting

/8 Comments/in /by

Shane Harris wants to know — and not for the first time — why James Cartwright will be the only one to take the fall for leaking to David Sanger about StuxNet.

The charges weren’t exactly a surprise. Cartwright has known for more than three years that he was the target of an investigation into who leaked details about the so-called Stuxnet computer virus, which the United States used to destroy centrifuges inside an Iranian nuclear enrichment facility in 2008 and 2009.

But notably, Cartwright who previously served as vice chairman of the Joint Chiefs of Staff, is the only person to have been charged with leaking information about the highly classified program, even though it’s clear from various books and articles that he wasn’t the only source of information about it. Times reporter David Sanger revealed the operation and wrote about it extensively in his book, Confront and Conceal.

That raises questions about why Cartwright is being charged now and if he was somehow singled out for speaking to Sanger and another journalist, Newsweek’s Daniel Klaidman. Journalists and U.S. officials in Washington have generally known for years that Cartwright was a major source about Stuxnet, but it was also understood that he had permission from the White House to share certain details about the program.

The intrigue surrounding the investigating dates back more than three years, according to Harris, to the last time he raised questions about Cartwright’s targeting. In that article, he admits,

Cartwright did have fans in the press corps, which usually found him an affable and, most importantly, accessible source.

Harris might more productively look at what was different about the Sanger story that got investigated — namely, that it blamed the Israelis for revealing the program by letting StuxNet escape. That it, it may well be that Cartwright got prosecuted not because he leaked the thing that was permissible — that the US had allegedly stalled Iran’s nuclear power production with computer code — but rather that the Israelis undermined the program that was undermining their excuse to attack Iran.

Still, it’s odd that Harris finds it odd that just one person is getting prosecuted in the first place, as if he’s only discovering that happens all the time.

It’s something Charlie Savage did in his book, Power Wars, too. I showed how erroneous that assumption is in the case of the UndieBomb 2.0 leak, where Donald Sachtleben was scapegoated even though the record shows he only confirmed something the reporters already had. But the same is true of other leaks, as well. For example, the public record already identifies another source for James Risen’s Merlin leak, and the trial record shows FBI believed still another person was the main leaker and never really dismissed him as a target.

So we always should be asking why the one and only one person who gets targeted gets targeted. In this case, a better parallel might be to the Scooter Libby case. There, as here, the target claims to have been authorized to leak. In that case, Fitzgerald was definitely trying to move up the chain to Dick Cheney. In both cases, the big question may be about whether the President (or Vice President, if he’s the one in charge) authorized the specific leak.

Me, I’m more interested in why Cartwright was prosecuted in DC, rather than Maryland, even while Maryland’s US Attorney Rod Rosenstein oversaw the investigation. I suspect that’s because it was deemed a special counsel investigation of sorts, but that raises even more questions about why Ronald Machen investigated UndieBomb 2.0 and Rosenstein investigated this, but both were apparently in DC.

In Latest Russian Plot, WikiLeaks Reveals Hillary Opposes ISDS

/5 Comments/in , , , , /by

Among the emails released as part of the Podesta leaks yesterday, WikiLeaks released this one showing that, almost a year before she was making the same argument in debates with Bernie Sanders, Hillary was opposed to Investor State Dispute Settlement that is part of the Trans Pacific Partnership. (h/t Matt Stoller) ISDS is the means by which corporations have used trade agreements to operate above the domestic laws of party countries (if you haven’t read this three part series from BuzzFeed to learn about the more exotic ways business are profiting off of ISDS).

The email also appears to echo her later public concern that she had changed her mind on TPP because of KORUS.

After our last talk with HRC, we revised our letter to oppose ISDS and include her caution about South Korea.

Sure, other Podesta emails show Hillary supporting a broad region of free trade (and labor) in the Americas. But this more recent email confirms that the views she expressed in debate were more than just an attempt to counter Bernie’s anti-trade platform.

Whether or not this is newsworthy enough to justify the WL dump, it is noteworthy in light of NYT’s rather bizarre article from some weeks back suggesting that WL always sides with Putin’s goals. As I noted, the article made a really strained effort to claim that WL exposed TPP materials because it served Putin’s interests. Now, here, WL is is releasing information that makes Hillary look better on precisely that issue.

That doesn’t advance the presumed narrative of helping Trump defeat Hillary!

Then, as I noted yesterday, in spite of all the huff and puff from Kurt Eichenwald, the release of a Sid Blumenthal email used by Trump is another case where the WL release, as released, doesn’t feed the presumed goals of Putin.

Which brings me to this Shane Harris piece, which describes four different NatSec sources revealing there’s still a good deal of debate about WL’s ties to Russia.

Military and intelligence officials are convinced that WikiLeaks is an ongoing threat to U.S. national security and privacy owing to its leaks of classified documents and emails. But its precise relationship with Russia has been a subject of internal debate. Some do see the group as being in cahoots with the Kremlin. But others find that WikiLeaks is acting mainly as the beneficiary of stolen documents, not unlike a journalistic organization.

There are some funny aspects to this story. Nothing in it considers the significant evidence that WL is (and has reason to be) affirmatively anti-Hillary, which means its interests may align with Russia, even if it doesn’t take orders from Russia.

It also suggests that if the spooks can prove some tie between WL and Russia, they can spy on it as an agent of foreign power.

But those facts don’t mean WikiLeaks isn’t acting at Russia’s behest. And that’s not a trivial matter. If the United States were to determine that WikiLeaks is an agent of a foreign power, as defined in U.S. law, it could allow intelligence and law enforcement agencies to spy on the group—as they do on the Russian government. The U.S. can also bring criminal charges against foreign agents.

WL has been intimately involved in two separate charges cases of leaking-as-espionage in the US, Chelsea Manning and Edward Snowden. The government has repeatedly told courts that it has National Security/Criminal investigations, plural, into WikiLeaks, and when pressed for details about how and whether the government is collecting on supporters and readers of WikiLeaks, the government has in part hidden those details under a b3 FOIA exemption, meaning a statute prevents disclosing it, while extraordinarily refusing to reveal what statute that is. We certainly know that FBI has used multiple informants to spy on WL and used a variety of collection methods against Jacob Appelbaum, including (according to Appelbaum) physical tails.

So there’s not only no doubt that the US government believes it can spy on WikiLeaks (which is, after all, headed by a foreigner and not a US organization), but that it already does, and has been doing for at least six years.

Perhaps Harris’ sources really mean they’ve never found a way to indict Julian Assange before, but if they can claim he’s working for Putin, then maybe they’ll overcome past problems of indicting him because it would criminalize journalism. If that’s the case, it may be shading analysis of WL, because the government would badly like a reason to shut down WL (as the comments about the direct threat to the US in the story back up).

As I’ve said before, the role of WL in this and prior leak events is a pretty complex one, one that if approached too rashly (or too sloppily) could have ramifications for other publishers. While a lot of people are rushing to collapse this (in spite of what sounds like a continuing absence of directly incriminating evidence) into a nation-state conflict, things like this TPP email suggest it’s not that simple.

Why Is HPSCI’s Snowden Report So Inexcusably Shitty?

/11 Comments/in , /by

There’s now a growing list of things in the HPSCI report on Snowden that are either factually wrong, misleading, or spin.

One part of the spin the report admits itself: the committee assessed damage based on the 1.5 million documents Snowden touched — an approach the now discredited General Michael Flynn presented in briefings to the committee — rather than the far more limited set the Intelligence Community included in its damage assessment.

Over the past three years, the IC and the Department of Defense (DOD) have carried out separate reviews with differing methodologies of the damage Snowden caused. Out of an abundance of caution, DOD reviewed all 1.5 million documents Snowden removed. The IC, by contrast, has carried out a damage assessment for only a small subset of the documents. The Committee is concerned that the IC does not plan to assess the damage of the vast majority of documents Snowden removed.

Clearly, the IC wants a real assessment of the damage Snowden caused. HPSCI, however, appears to be interested in the most damning, which makes sense given that members of Congress actively solicited information they could use to damage Snowden.

Here are other problems with the report.

From Bart Gellman’s rebuttal:

  • HPSCI claimed the “bilateral tibial stress fractures” that led to Snowden’s discharge were “shin splints.”
  • HPSCI claimed he never got a GED. According to official Maryland records, Snowden got his equivalent degree on June 2, 2004.
  • HPSCI claimed Snowden was a computer technician at CIA. At the end he served as a “solutions referent/cyber referent” working on cyber contracts.
  • HPSCI claimed Snowden’s effort to show a security hole in CIA’s human resources intranet was an effort to doctor his performance evaluations.

From me:

HPSCI claimed Snowden failed the Section 702 training. According to an email from the SIGINT Compliance Chief, Snowden did pass it (the Chief had not checked whether or not Snowden had really failed it).“He said he had failed it multiple times (I’d have to check with ADET on that). He did pass the course at some point.”

The claim Snowden didn’t pass the test stems from an email written a year after an exchange between him and a Compliance training person. The training person wrote the email in direct response to Snowden’s claims that he had “contacted N.S.A. oversight and compliance bodies.” While it may be true Snowden failed the test before he passed it, there are enough irregularities with the email claim and related story it should not be credited without backup. When we asked NSA for specific answers about that email in conjunction with this story, they flipped out and went nuclear and preemptively released all the emails rather than provide the very easy answers to validate the email story.

From Patrick Eddington:

HPSCI claimed Snowden could have reported complaints to the committee, but HPSCI killed an effort to extend whistleblower protections to intelligence contractors in 2012.

Eddington and Steven Aftergood both suggest the shitty HPSCI report is good reason to embrace a set of reforms to improve HPSCI oversight.

But depending on the reason for the utter shittiness of the report, I think it might just warrant shutting the entire committee down and devolving oversight to real committees, like Judiciary, Homeland Security, and Armed Services. Remember, every single member of the committee, Democrat or Republican, signed this report. Every single one. For some reason, even fairly smart people like Adam Schiff and Jackie Speier signed off on something with inexcusable errors.

So I wanted to point to this passage on methodology.

The Committee’s review was careful not to disturb any criminal investigation or future prosecution of Snowden, who has remained in Russia since he fled there on June 23, 2013. Accordingly, the Committee did not interview individuals whom the Department of Justice identified as possible witnesses at Snowden’s trial, including Snowden himself, nor did the Committee request any matters that may have occurred before a grand jury. Instead, the IC provided the Committee with access to other individuals who possessed substantively similar knowledge as the possible witnesses. Similarly, rather than interview Snowden’s NSA coworkers and supervisors directly, Committee staff interviewed IC personnel who had reviewed reports of interviews with Snowden’s co-workers and supervisors.

So for this inexcusably shitty report, HPSCI did not interview:

  • Direct witnesses (presumably including the Compliance training woman whose email on 702 training is dodgy and probably also Booz and Dell contractors who might risk losing contracts)
  • Snowden’s co-workers
  • Snowden’s supervisors

They did interview:

  • People who possessed “substantively similar knowledge” as the people DOJ think might be witnesses at trial
  • People who reviewed reports of interviews with Snowden’s co-workers and supervisors

HPSCI spent two years but didn’t interview any of the direct witnesses.

Now, as a threshold matter, the publicly released emails provide good reason to doubt the adequacy of this indirect reporting on Snowden’s colleagues. Here’s how the Chief of NSA’s CI Division backed the conclusion that Snowden never talked about concerns about NSA surveillance with his colleagues.

Our findings are that we have found no evidence in the interviews, email, or chats reviewed that support his claims. Some coworkers reported discussing the Constitution with Snowden, specifically his interpretation of the Constitution as black and white, and others reported discussing general privacy issues as it relates to the Internet. Not one mentioned that Snowden mentioned a specific NSA program that he had a problem with. Actually, many of the people interviewed affirmed that he never complained about any NSA program. We also did not have any reflection that he asked anyone how he should/could report perceived wrongdoing.

So colleagues — who would presumably be in great fear of association with Snowden, especially in interviews with NSA’s Counterintelligence people — nevertheless revealed that they discussed the Constitution (and Snowden’s black and white interpretation of it) and general privacy issues about the Internet. “Many” of the interviewees said he never complained about any NSA program, which raises questions about what those excluded from this “many” said.

But it appears that NSA’s CI investigators only considered mention of specific programs to be a complaint, not general discussions about privacy and the Constitution.

We should assume the interview reports back to HPSCI members and staffers were similarly scoped.

There’s another reason I’m interested in this methodology section. That’s the implication from Spencer Ackerman’s series on SSCI’s Torture Report that CIA successfully used the John Durham investigation to undermine the SSCI investigation.

In August 2009, US attorney general Eric Holder expanded the remit of the prosecutor looking at the tapes destruction, John Durham, to include the torture program, much as the Senate committee had. The justice department’s new mandate was not as broad as the Senate’s. It would only concern itself with torture that exceeded the boundaries set for the CIA by the Bush-era justice department. Still, for all of Obama’s emphasis on looking forward and not backward, now the CIA had to face its greatest fear since launching the torture program: possible prosecution.

Holder’s decision, ironically, would ultimately hinder the committee more than the CIA, and lead to a criticism that the agency would later use as a cudgel against the Senate.

Typically, when the justice department and congressional inquiries coincide, the two will communicate in order to deconflict their tasks and their access. In the case of the dual torture investigations, it should have been easy: Durham’s team accessed CIA documents in the exact same building that Jones’s team did.

But every effort Jones made to talk with Durham failed. “Even later, he refused to meet with us,” Jones said.

Through a spokesman, Durham, an assistant US attorney in Connecticut, declined to be interviewed for this story.

The lack of communication had serious consequences. Without Durham specifying who at CIA he did and did not need to interview, Jones could interview no one, as the CIA would not make available for congressional interview people potentially subject to criminal penalty. Jones could not even get Durham to confirm which agency officials prosecutors had no interest in interviewing. “Regrettably, that made it difficult for our committee to do interviews. So the judgment was, use the record,” said Wyden, the Oregon Democrat on the panel.

[snip]

The CIA stopped compiling the Panetta Review in 2010 after Durham told Preston that CIA risked complicating any prosecution if it “made different judgments than the prosecutors had reached”, Charlie Savage reported in his 2015 book Power Wars.

Not only did CIA’s General Counsel Stephen Preston (who later served as DOD General Counsel from October 2013 until June 2015) use the Durham investigation to halt the CIA’s own internal investigation into the worthlessness of their torture, but it served as the excuse to withhold cooperation from SSCI. That, in turn, gave Republicans an excuse to disavow the report.

With the HPSCI report, an FBI investigation has again been used as an excuse to limit congressional oversight.

HPSCI’s failure to interview any of the relevant people directly is all the weirder given that there should be no problem for a witness to appear before both the grand jury and the committee. Certainly, House Oversight had no problem interviewing some of the subjects of the Hillary email investigation! And unlike the email investigation, with the Snowden one, few if any of the people who might serve as witnesses at any Snowden trial would be subjects of the investigation; they’d have no legal risk in also testifying to the committee. Snowden is the one at legal risk, and he has already been charged. And curiously, we’re hearing no squawking from Republicans about the necessity of direct interviews for the integrity of an investigation, like we heard with the Senate Torture Report.

One thing is certain: the public is owed an explanation for how HPSCI came to report knowably false information. The public is owed an explanation for why HPSCI is effectively serving as NSA’s propaganda wing.

And if we don’t get one, we should shut down the entire charade of post-Church Committee oversight committee.