Posts

The Schulte CIPA Transcripts: Locking up Vault 8

Perhaps the most interesting thing about the CIPA (Classified Information Procedures Act) transcripts from the Josh Schulte case that Kel McClanahan helped me liberate is that (at least in 2022, when they did a classification review) the CIA treated the moniker “Vault 8” that WikiLeaks gave to the CIA source code releases as still-classified.

When Judge Jesse Furman restated the hypothetical he posed about whether disseminating already-released stolen classified information could itself be a crime, he described the releases to include Vault 7 and Vault 8.

I gave you two hypotheticals. I think one is where a member of the public goes on WikiLeaks today and downloads Vault 7 and Vault 8 and then provides the hard dive with the download to someone who is not authorized to receive NDI, and I posed the question of whether that person would be guilty of violating the Espionage Act and I think your answer was yes. [my emphasis]

There’s actually no unredacted reference to Vault 8 in the released transcripts.

But there are what are almost certainly redacted references to Vault 8.

Here’s how part of the discussion about hypotheticals appears in the May 2 transcript:

It appears likely that Josh Schulte was deliberately using both terms — he started doing so, and much later in the transcript he claimed, falsely, that there was a distinction in the charges against him between the development notes and the source code. The dual references, with repeated mention of Vault 7, followed immediately by a redaction describing the other of plural “disclosures,” appear to stop after page 31, perhaps in response to something one of the prosecutors said.

There’s undoubtedly good reason the government remains coy about the more damaging part of this release.

In a self-serving note sent after it became clear he was a suspect, Schulte himself made a clear distinction between the development notes and the source code, describing that, “These tools are MUCH more valuable [to a hostile country like Russia] undiscovered by the media or the nation that lost them [because] Now, you can secretly trace and discover every operation that nation is conducting.”  The source code provided American adversaries the ability to reverse engineer US spying efforts, and in the process, identify CIA assets.

I have written about how Julian Assange seemed to threaten Don Jr by raising the separately named source code in November 2017.

Schulte’s apparent failed attempt to win the right to discuss the source code releases, in addition to the development note releases, came in the midst of his attempt to get more details from what was likely the ongoing investigation into the aftermath of his leak, including (possibly) how hackers obtained the tools he had leaked. Schulte received that discovery starting in early April, and on April 29, he asked Judge Furman to give him all the details of the ongoing investigation. Throughout his second trial, Schulte seemed focused on using his defense to communicate outward (which is one reason I found Wau Holland’s decision to pay for transcripts so notable). So in the hearing where he was attempting to include Vault 8 among the things he could discuss publicly, he was focused on the ongoing investigation into how hackers had obtained or used these tools.

I have long said that, historically, the files WikiLeaks chose not to release — and, potentially, to selectively share — were far more important than the files they released. The government’s ongoing sensitivity seems to confirm that: The US government has conceded that the development notes from CIA’s hacking tools, which constitutes the bulk of what WikiLeaks released, came from the CIA, but appears not to concede that the hacking source code itself does.

If a Bear Shits in a Sealed CIPA Conference, Can It Expand the Espionage Act to the NYT’s Readers?

On May 3, 2022, Judge Jesse Furman posed two hypotheticals to prosecutors in the Joshua Schulte case about whether the Espionage Act would apply to people who disseminated already public information from the Vault 7/Vault 8 leaks: First, a member of the public, having downloaded publicly-posted CIA hacking materials made available by WikiLeaks, who gave those materials to a third party. Second, someone who passed on information from the Vault 7/8 leaks published by the NYT to a third party. In both cases, the government argued that someone passing on already public information from the leaked files could be guilty of violating the Espionage Act.

At least, it appears that the government argued for this expansive hypothetical application of the Espionage Act, based on what Furman said in a discussion about jury instructions on July 6. I’ve put a longer excerpt of the exchange from the discussion about jury instructions below; here’s how Judge Furman instructed the jury on the matter.

The actual discussion in May took place in a hearing conducted as part of the Classified Information Procedures Act, CIPA, the hearings during which the government and defense argue about what kind of classified information must be declassified for trial (I wrote more about CIPA in this post). Because the discussion happened as part of the CIPA process, the hearing itself is currently sealed.

And the government wants it to stay that way.

Both in a letter motion filed on November 11, postured as an update on the classification review of the transcripts of that hearing, and in a December 5 letter motion Furman ordered the government to file formally asking to keep the transcripts sealed, the government argued that CIPA trumps the public’s right of access to such court records.

CIPA’s mandatory sealing of the records of in camera proceedings conducted pursuant to Section 6 supersedes any common law right of access to those records, and neither history, logic, nor the right of attendance at proceedings support a right of access under the First Amendment.

The earlier letter even explained why it wanted to keep the “extensive colloquies” in these hearings sealed.

Beyond that, the extensive colloquies and the specific issues of law discussed at that hearing would reveal, by itself, the specific type of relief sought by the parties on specific subjects, which would in turn provide significant indications about what classified information was at issue, prompting undue speculation that would undermine national security interests.

But this specific issue of law, whether journalists or their readers have legal exposure under the Espionage Act for reporting on leaked, classified material, is not secret. Nor should it be.

That’s why, with the support of National Security Counselors’ Kel McClanahan, I’m intervening in the case to oppose the government’s bid to keep the May 3 and other transcripts sealed. How the government applies the Espionage Act to people who haven’t entered into a Non-Disclosure Agreement with the government to keep those secrets has been a pressing issue for years, made all the more so by the prosecution of Julian Assange. Indeed, the government may have given the answers to Judge Furman’s hypotheticals that they did partly to protect the basis of the Assange prosecution. But for the same reason that the Assange prosecution is a dangerous precedent, the prosecutors’ claims — made in a sealed hearing — that they could charge people who share a NYT article (or an emptywheel post) on the Vault 7 releases raise real Constitutional concerns. As Judge Furman noted, “there are hundreds of thousands of people unwittingly violating the Espionage Act by sharing the New York Times report about the WikiLeaks leak” (and, though he doesn’t say it, tens of thousands sharing the emptywheel reporting about it). And yet no one will learn that fact if the discussion about it remains sealed.

I’m not usually able to intervene in such matters because I don’t have the resources of a big media in-house counsel to do so. McClanahan’s willingness to help makes that possible. National Security Counselors are experts on this kind of national security law, with extensive experience both on the Espionage Act and on CIPA. But the group relies heavily on tax-exempt charitable contributions to be able to do this kind of work. Please consider supporting  the effort with a donation via this link or PayPal. Thanks!

Transcript excerpt

These transcripts were obtained by the Calyx Institute with funding from Wau Holland, the latter of which has close ties to WikiLeaks.

So that’s the context and a little bit of the background. I think I have frankly come around to thinking that for reasons and constitutional avoidance and otherwise that there is a lot to — that Mr. Schulte is not entirely correct but is substantially correct, that is to say that if all — let me put it differently. I think the reason that Mr. Schulte is in a different position with respect to the MCC counts is that he is someone in a position to know whether the information was classified, was NDI, was CIA information and in that sense by virtue of leaking it again, so to speak, he is providing official confirmation but it is the official confirmation that is the new information that would qualify as NDI and I think Rosen kind of highlights that, that particular nuance. I think that distinguishes Mr. Schulte from — I gave you a hypothetical, again, I think it is currently in the classified hearing and therefore not yet public, but I gave you two hypotheticals. I think one is where a member of the public goes on WikiLeaks today and downloads Vault 7 and Vault 8 and then provides the hard dive with the download to someone who is not authorized to receive NDI, and I posed the question of whether that person would be guilty of violating the Espionage Act and I think your answer was yes. That strikes me as a very bold, kind of striking proposition because in that instance, if the person is not in a position to know whether it is actual classified information, actual government information, accurate information, etc., simply providing something that’s already public to another person doesn’t strike me as — I mean, strikes me as, number one, would be sort of surprising if that qualified as a criminal act. But, to the extent that the statute could be construed to the extend to that act one would think that there might be serious constitutional problems with it.

I also posed the hypothetical of the New York Times is publishing something that appears in the leak and somebody sharing that article in the New York Times with someone else. That would be a crime and there, too, I think you said it might well be violation of the law. I think to the extent that that would extend to the New York Times reporter for reporting on what is in the leak, or to the extent that it would extend to someone who is not in position to know or position to confirm, that raises serious constitutional doubts in my mind. That, to me, is distinguishable from somebody who is in a position to know. I think there is a distinction if that person transmits a New York Times article containing classified information and in that transmission does something that confirms that that information is accurate — right — or reliable or government information, then that’s confirmation, it strikes me, as NDI. But it just strikes me as a very bold and kind of striking proposition to say that somebody, who is not in position to know or does not act in a way that would confirm the authenticity or reliability of that information by sharing a New York Times article, could be violating the Espionage Act. That strikes me as a kind of striking proposition.

So all of which is to say I think I have come around to the view that merely sharing something that is already in the public domain probably can’t support a conviction under this provision except that if the sharing of it provides something new, namely, confirmation that it is reliable, confirmation that it is CIA information, confirmation that it is legitimate bona fide national defense information, then that confirmation is, itself, or can, itself, be NDI. I otherwise think that we are just in a terrain where, literally, there are hundreds of thousands of people unwittingly violating the Espionage Act by sharing the New York Times report about the WikiLeaks leak.

MR. DENTON: So, your Honor, I think there is a couple of different issues there and one of them is sort of whether the question that you are posing right now is actually the right question for this moment in time when we are talking about the elements of the offense.

In the context of that earlier discussion, and I will repeat it here, I think one of the things that we emphasized is there is a difference between whether a set of conduct, either the hypotheticals that you describe would satisfy the elements of a violation of 793 as opposed to the separate question of whether a person or an organization in that context would have a well-taken, as-applied First Amendment challenge to the application of the statute to them in that context.

THE COURT: But I have to say — and I recognize this may be in tension with my prior holding on this issue — the First Amendment is an area where somebody — I mean, the overbreadth doctrine in the First Amendment context allows somebody, as to whom a statute could be applied, constitutionally to challenge the statute on the grounds that it does cover conduct that would violate the First Amendment. So in that regard, it is distinct from a vagueness challenge. I think to the extent that you are saying that in those instances — I mean, the reason being that the First Amendment embodies a concept of chilling. If a New York Times reporter doesn’t know whether he is violating the Espionage Act by repeating what is in the WikiLeaks leak notwithstanding the fact that there is serious public interest in it, it may chill the suppression and that suppression is protected by the First Amendment. That’s the point in the overbreadth doctrine.

Go ahead.

A Different DOJ Search of Note: Joshua Schulte

Josh Schulte should have grown concerned when David Denton — one of the two AUSAs in charge of his prosecution — didn’t show up to a status conference on July 26.

THE COURT: All right. Good afternoon, everyone. Mr. Lockard, will Mr. Denton be joining us?

MR. LOCKARD: He will not be joining us today.

For that matter, he should have sussed something was up a month earlier, during trial, when Denton objected to Schulte’s bid to introduce a script he wrote as evidence at his trial because of ongoing and escalating security concerns.

[Y]our Honor, we have accepted a continuing expansion of the defendant’s use of a laptop that was originally provided for the purpose of reviewing discovery, but to us, this is really a bridge too far in terms of security concerns, particularly in light of the issues uncovered during the last issue with his laptop and the concerns that the MDC has raised to us about tampering with the law library computer. We have not taken any action in response to that, because we’re in the middle of trial and we’re loath to do things that would disrupt the trial at this point.

As I laid out, among the security concerns Denton was worried about was that, just weeks before trial when Schulte claimed that his laptop was broken, IT staff at the US Attorney’s Office discovered that Schulte had been tampering with the BIOS on his laptop, seemingly in an attempt to bypass WiFi restrictions.

First, with respect to the defendant’s discovery laptop, which he reported to be inoperable as of June 1, 2022 (D.E. 838), the laptop was operational and returned to Mr. Schulte by the end of the day on June 3, 2022. Mr. Schulte brought the laptop to the courthouse on the morning of June 3 and it was provided to the U.S. Attorney’s Office information technology staff in the early afternoon. It appears that the laptop’s charger was not working and, after being charged with one of the Office’s power cords, the laptop could be turned on and booted. IT staff discovered, however, that the user login for the laptop BIOS1 had been changed. IT staff was able to log in to the laptop using an administrator BIOS account and a Windows login password provided by the defendant. IT staff also discovery an encrypted 15-gigabyte partition on the defendant’s hard drive. The laptop was returned to Mr. Schulte, who confirmed that he was able to log in to the laptop and access his files, along with a replacement power cord. Mr. Schulte was admonished about electronic security requirements, that he is not permitted to enable or use any wireless capabilities on the laptop, and that attempting to do so may result in the laptop being confiscated and other consequences. Mr. Schulte returned to the MDC with the laptop.

1 The BIOS is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the booting process. The BIOS settings can determine, for example, whether external ports and wireless capabilities are enabled or disabled.

So DOJ revealed evidence that Schulte was attempting to hack his discovery laptop before trial, Denton implied DOJ was waiting until after trial to do anything about it, and Denton was too busy to show up at the status hearing on July 26.

He appears to have been busy getting a search warrant for the laptop. The government served Schulte with the warrant and seized the offending laptop two days later, on July 28. After Schulte attorney Sabrina Shroff complained, the government explained that since they had not yet charged Schulte in conjunction with the new warrant, they didn’t have to provide their affidavit.

[T]he Government’s investigation of the defendant’s conduct that gave rise to the search warrant is ongoing, no charges related to his use of the laptop have been filed, and the scope and precise nature of the conduct that the Government is investigating are not known either to the public or to the defendant.

If that investigation results in the use of information obtained pursuant to the search warrant, the Government will comply with its discovery obligations promptly.

They did, however, object to getting Schulte a new laptop.

The defendant has seven weeks to draft and file his pro se motions pursuant to Federal Rules of Criminal Procedure 29 and 33, and can do so using the normal resources available to pro se inmates at the Metropolitan Detention Center. The defendant “has the right to legal help through appointed counsel, and when he declines that help, other alternative rights, like access to a [personal laptop], do not spring up.” United States v. Byrd, 208 F.3d 592, 593 (7th Cir. 2000). Particularly in view of the Magistrate Judge’s determination that there is probable cause to believe that the defendant’s previous laptop contains evidence of additional crimes, there is no reason that the defendant should be afforded special access to a new laptop simply because the Court has permitted him to proceed partially pro se for certain matters going forward.

Shroff’s reply, in addition to making a legitimate case that Schulte should be able to get a laptop to finish his Rule 29 and 33 motions, provided more detail of what she knows about the warrant. This is not about espionage. She mentions only additional counts of contempt and possessing contraband, the same charges investigated in 2018 when Schulte’s phone was found (though those crimes seem inconsistent with the security concerns — hacking — described leading up to the trial).

The search warrant itself notes that the government is not alleging it has probable cause for any acts of espionage.

[snip]

Notably, while the government’s letter states the factors which may permit an affidavit to be withheld – e.g., to preserve confidential sources or protect witnesses – the government never explains how those factors possibly could apply here, where someone already incarcerated is accused of violations of Title 18, United States Code, Sections 401(3) (contempt of court) and 1791(a) (possessing contraband in a correctional facility). There are no confidential sources or witness at risk – and production of the affidavit in support of the search warrants implicates none of the articulated concerns.

But that’s not right. It can’t be right. If Schulte got contraband, it means someone — his legal team, his family, or the guards — shared it with him. He has a history of getting the latter two involved in ferrying information or goods improperly. I’m mindful, too, of Schulte’s curious replication of a WikiLeaks-seeded propaganda campaign about Mike Pompeo, even in spite of being on SAMs.

After suggesting there couldn’t be witnesses in a situation where there’d have to be witnesses, Shroff turns the government’s efforts to avoid disrupting Schulte’s trial on its head, claiming it is proof that waiting until after the trial is punitive.

The timing of the search warrant sought by the government as it relates to its stance on a replacement laptop is perhaps informative. Right before start of trial, a guard at the MDC dropped Mr. Schulte’s laptop. See ECF Docket Entry No. 838. In an effort to “fix” the laptop, Mr. Schulte provided it to the government – for that limited purpose. The government then returned the laptop saying it was working but asked Mr. Schulte about the organization of the laptop and then asked the court to admonish Mr. Schulte for manner in which he was maintaining it. The government did nothing more. It did not ask the Court for a search warrant or to curtail Mr. Schulte’s access to the laptop. The government allowed Mr. Schulte to keep his laptop – all through the trial – and only now seeks its seizure. The timing appears punitive and not keyed to any potential harm to a third party.

Ultimately, Judge Jesse Furman declined to intervene, in part because the warrant was obtained in EDNY, not SDNY.

How Josh Schulte Got Judge Jesse Furman to Open a File in Internet Explorer

Something puzzles me about both Josh Schulte trials (as noted yesterday, the jury found Schulte guilty of al charges against him yesterday).

In both, the government introduced a passage from his prison notebooks advocating the use of the tools he has now been found guilty of sharing with WikiLeaks in an attack similar to NotPetya. [This is the version of this exhibit from his first trial.]

Vault 7 contains numerous zero days and malware that could be [easily] deployed repurposed and released onto the world in a devastating fashion that would make NotPetya look like Child’s play.

Neither time, however, did prosecutors explain the implications of this passage, which proved both knowledge of the non-public files released to WikiLeaks and a desire that they would be used, possibly by Russia, as a weapon.

Here’s how AUSA Sidhardha Kamaraju walked FBI Agent Evan Schlessinger through explaining it on February 26, 2020, in the first trial.

Q. Let’s look at the last paragraph there.

A. “Vault 7 contains numerous zero days and malware that could easily be deployed, repurposed, and released on to the world in a devastating fashion that would make NotPetya look like child’s play.”

Q. Do you know what NotPetya is?

A. Yes, generally.

Q. What is it?

A. It is a version of Russian malware.

Here’s how AUSA David Denton walked Agent Shlessinger through that same exact script this June 30 in the second trial.

Q. And the next paragraph, please.

A. “Vault 7 contains numerous zero days and malware that could easily be deployed,” struck through “repurposed and released onto the world in a devastating fashion that would make NotPetya look like child’s play.”

Q. Sir, do you know what NotPetya is?

A. Yes, generally.

Q. Generally, what is a reference to?

A. Russian malware.

The placid treatment of that passage was all the more striking in this second trial because it came shortly after Schulte had gone on, at length, mocking the claim from jail informant Carlos Betances that Schulte had expressed some desire for Russia’s help to do what he wanted to do, which in context (though Betances wouldn’t know it) would be to launch an information war.

Q. OK. Next, you testified on direct that I told you the Russians would have to help me for the work I was doing, right?

A. Yes, correct.

Q. OK. So the Russians were going to send paratroopers into New York and break me out of MCC?

MR. LOCKARD: Objection.

THE COURT: Sustained.

BY MR. SCHULTE: Q. What is your understanding of how the Russians were going to help?

A. No, I don’t know how they were going to help you. You were the one who knew that.

Q. What work was I doing for Russia?

A. I don’t know what kind of work you were doing for Russia, but I know you were spending long periods of time in your cell with the phones.

Q. OK.

A. With a sheet covering you.

Q. OK. But only Omar ever spoke about Russia, correct?

A. No. You spoke about Russia.

Q. Your testimony is you never learned anything about Omar and Russian oligarchs?

A. No.

Denton could easily have had Schlessinger point out that wanting to get a CIA tool repurposed in Russian malware just like the Russians had integrated stolen NSA tools to use in a malware attack of unprecedented scope would be pretty compelling malicious cooperation with Russia. It would have made Schulte’s mockery with Betances very costly. But Denton did not do that.

In fact, the government entirely left this theory of information war out of Schulte’s trial. In his closing argument for the second trial, for example, Michael Lockard explicitly said that Schulte’s weapon was to leak classified information, not to launch cyberattacks.

Mr. Schulte goes on to make it even more clear. He says essentially it is the same as taking a soldier in the military, handing him a rifle, and then begin beating him senseless to test his loyalty and see if you end up getting shot in the foot or not. It just isn’t smart.

Now, Mr. Schulte is not a soldier in the military, he is a former CIA officer and he doesn’t have a rifle. He has classified information. That is his bullet.

To be sure, that’s dictated by the charges against Schulte. Lockard was trying to prove that Schulte developed malicious plans to leak classified information, not that he developed malicious plans to unleash a global cyberattack that would shut down ports in the United States. But that’s part of my point: The NotPetya reference was superfluous to the charges against Schulte except to prove maliciousness they didn’t use it for.

I may return to this puzzle in a future post. For now, though, I want to use it as background to explain how, that very same day that prosecutors raised Schulte’s alleged plan to get CIA hacking tools used to launch a global malware attack, Schulte got Judge Jesse Furman to open a document in Internet Explorer.

One of the challenges presented when a computer hacker like Schulte represents himself (pro se) is how to equip him to prepare a defense without providing the tools he can use to launch an information war. It’s a real challenge, but also one that Schulte exploited.

In one such instance, in February, Schulte argued the two MDC law library desktops available to him did not allow him to prepare his defense, and so he needed a DVD drive to transfer files including “other binary files,” the kind of thing that might include malware.

Neither of these two computers suffices for writing and printing motions, letters, and other documents. The government proposes no solution — they essentially assert I have no right to access and use a computer to defend myself in this justice system.

I require an electronic transfer system; printing alone will not suffice, because I cannot print video demonstratives I’ve created for use at trial; I cannot print forensics, forensic artifacts, and other binary files that would ultimately be tens of thousands of useless printed pages. I need a way to transfer my notes, documents, motion drafts, demonstrative videos, technical research, analysis, and countless other documents to my standby counsel, forensic expert, and for filing in this court.

The government had told Schulte on January 21 that he could not have a replacement DVD drive that his standby counsel had provided in January because it had write-capabilities; as they noted in March, not having such a drive was not preventing him from filing a blizzard of court filings. Ultimately, in March, the government got Schulte to let them access the laptop to add a printer driver to his discovery laptop. Schulte renewed his request for a write-capable DVD, though, in April.

Schulte continued to complain about his access to the law library for months, sometimes with merit, and other times (such as when he objected to the meal times associated with his choice to fast during Ramadan) not.

The continued issues, though, and Schulte’s claims of retaliation by prison staffers, are why I was so surprised that when, on June 1, Sabrina Shroff reported that a guard had broken Schulte’s discovery laptop by dropping it just weeks before trial, she didn’t ask for any intervention from Judge Furman. Note, she attributes her understanding of what happened to the laptop to Schulte’s parents (who could only have learned that from Schulte) and the prison attorney (who may have learned of it via Schulte as well). In response, as Shroff had tried to do with the write-capable DVD, she was just going to get him a new laptop.

We write to inform the Court that a guard at the MDC accidently dropped Mr. Schulte’s laptop today, breaking it. Because the computer no longer functions, Mr. Schulte is unable to access or print anything from the laptop, including the legal papers due this week. The defense team was first notified of the incident by Mr. Schulte’s parents early this afternoon. It was later confirmed in an email from BOP staff Attorney Irene Chan, who stated in pertinent part: “I just called the housing unit and can confirm that his laptop is broken. It was an unfortunate incident where it was accidentally dropped.”

Given the June 13, 2022 trial date, we have ordered him a new computer, and the BOP, government, and defense team are working to resolve this matter as quickly as possible. We do not seek any relief from the Court at this time.

Only, as I previously noted, that’s not what happened to the laptop, at all. When DOJ’s tech people examined the laptop, it just needed to be charged. As they were assessing it, though,  they discovered he had a 15GB encrypted partition on the laptop and had been trying to use wireless capabilities.

First, with respect to the defendant’s discovery laptop, which he reported to be inoperable as of June 1, 2022 (D.E. 838), the laptop was operational and returned to Mr. Schulte by the end of the day on June 3, 2022. Mr. Schulte brought the laptop to the courthouse on the morning of June 3 and it was provided to the U.S. Attorney’s Office information technology staff in the early afternoon. It appears that the laptop’s charger was not working and, after being charged with one of the Office’s power cords, the laptop could be turned on and booted. IT staff discovered, however, that the user login for the laptop BIOS1 had been changed. IT staff was able to log in to the laptop using an administrator BIOS account and a Windows login password provided by the defendant. IT staff also discovery an encrypted 15-gigabyte partition on the defendant’s hard drive. The laptop was returned to Mr. Schulte, who confirmed that he was able to log in to the laptop and access his files, along with a replacement power cord. Mr. Schulte was admonished about electronic security requirements, that he is not permitted to enable or use any wireless capabilities on the laptop, and that attempting to do so may result in the laptop being confiscated and other consequences. Mr. Schulte returned to the MDC with the laptop.

1 The BIOS is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the booting process. The BIOS settings can determine, for example, whether external ports and wireless capabilities are enabled or disabled.

This had all the markings of a hacker — someone who had once envisioned launching a cyberattack as part of his information war from jail — trying to prepare just such an attack.

Weeks later, during the trial, the government intimated that they might punish Schulte for that stunt, but were just trying to get through trial.

We have not taken any action in response to that, because we’re in the middle of trial and we’re loath to do things that would disrupt the trial at this point.

Along the way, though, Schulte’s laptop access continued to grow — for perfectly justifiable reasons tied to the trial, but which appears to have resulted in the discovery laptop (the one with the encrypted partition that he had apparently tried to access WiFi on) being in the same place as a second exhibit laptop, perhaps the very laptop originally intended to replace the one that wasn’t really broken at all. On June 13, Judge Furman ordered the Marshals to let Schulte keep his laptop at breaks. On June 15, Schulte got Furman to order the Marshals to let him use his second laptop, “just like the discovery laptop.”

MR. SCHULTE: OK. So the first thing is I think the marshals just need permission or authorization from you for me to be able to use the second laptop for my exhibits.

THE COURT: Use in the courtroom?

MR. SCHULTE: Yeah, be able to access and use it likeI use the other. I think there was court order for me to be able to use this laptop so they need authorization from you for me to use the second laptop.

THE COURT: And the second laptop is something that standby counsel procured? What is it?

MR. SCHULTE: Yes.

THE COURT: Any objection, Mr. Denton? Any concerns?

MR. DENTON: I think as long as it is something that’s used just here in the courtroom, that’s fine, your Honor. I think to the extent that it was going with the defendant anywhere else other than the courtroom, we would want to make sure that we applied the same security procedures that were applied to his original laptop.

THE COURT: Is it just to be used in this courtroom?

MR. SCHULTE: Yes. That’s correct. It is being locked, I think, in the FBI marshal’s room by the SCIF.

On June 17, Schulte asked Furman to issue a specific order to MDC to ensure he’d be able to “go to the law library and access the laptop.” Again, these are generally understandable accommodations for a defendant going pro se. But they may have placed his discovery laptop (normally used in MDC in Brooklyn) in close proximity to his exhibit laptop used outside of a SCIF in Manhattan.

With that in the background, on June 24, prosecutors described that just days earlier, Schulte had provided them code he wanted to introduce as an exhibit at trial. There were evidentiary problems — this was a defendant representing himself trying to introduce his own writing without taking the stand — but the real issue was his admission he was writing (very rudimentary) code on his laptop. As part of that explanation, the government also claimed that MDC had found Schulte tampering with the law library computer.

The third, however, and most sort of problematic category are the items that were marked as defense exhibits 1210 and 1211, which is code and then a compiled executable program of that code that appear to have been written by the defendant. That raises an evidentiary concern in the sense that those are essentially his own statements, which he’s not entitled to offer but, separately, to us, raises a substantial security concern of how the defendant was able to, first, write but, more significantly, compile code into an executable program on his laptop.

You know, your Honor, we have accepted a continuing expansion of the defendant’s use of a laptop that was originally provided for the purpose of reviewing discovery, but to us, this is really a bridge too far in terms of security concerns, particularly in light of the issues uncovered during the last issue with his laptop and the concerns that the MDC has raised to us about tampering with the law library computer. We have not taken any action in response to that, because we’re in the middle of trial and we’re loath to do things that would disrupt the trial at this point. The fact that defendant is compiling executable code on his laptop raises a substantial concern for us separate from the evidentiary objections we have to its introduction.

THE COURT: OK. Maybe this is better addressed to Mr. Schulte, but I don’t even understand what the third category would be offered for, how it would be offered, what it would be offered for.

MR. DENTON: As best we can tell, it is a program to change the time stamps on a file, which I suppose would be introduced to show that such a thing is possible. I don’t know. We were only provided with it on Tuesday. Again, we think there are obvious issues with its admissibility separate and apart from its relevance, but like I said, for us, it also raises the security concern that we wanted to bring to the Court’s attention.

[snip]

MR. SCHULTE: But for the code, the government produced lots of source code in discovery, and this specific file is, like, ten, ten lines of source code as well as —

THE COURT: Where does it come from? Did you write it?

MR. SCHULTE: Yes, I wrote it. That’s correct.

Schulte didn’t end up introducing the script he wrote. Instead, he asked forensics expert Patrick Leedom if he knew that Schulte had used the “touch” command in malware to alter file times.

Q. Do you know about the Linux touch command?

A. Yes.

Q. This command can be used to change file times, right?

A. Yes, it can.

Q. That includes access times, right?

A. Yes.

Q. And from reviewing my workstation, you know that I developed Linux malware tools for the CIA, right?

A. I know you worked on a few tools. I don’t know if they were Linux-specific or not, but —

Q. And you knew from that that I wrote malware that specifically used the touch command to change file times, right?

In the end, then, it turned out to be just one of many instances during the trial where Schulte raised the various kinds of malware he had written to hide his tracks, infect laptops, and jump air gaps, instances that appeared amidst testimony — from that same jail informant, Carlos Betonces — that Schulte had planned to launch some kind of key event in his information war from the (MCC) law library.

Q. That we — you testified that we were going to do something really big and needed to go to the law library, right?

A. You were paying $200 to my friend named Flaco to go to the library, yes.

Q. I paid someone money?

A. No. They were paying. And Flaco refused to take it downstairs. And the only option left was that they had to go down and take it themselves.

Q. OK. So Omar offered to pay money for Flaco to take some phone down, right?

A. That’s not how Flaco told me. That’s not the way Flaco described it. He said that both of them were offering him money.

Q. All right. But there were cameras in the law library, correct?

THE INTERPRETER: I’m sorry. Can you repeat the question?

Q. There were cameras in the law library, correct?

A. I don’t know.

Q. OK. But your testimony on direct was that me and Omar needed to send some information from the phone, right?

A. Let me explain it to you again. Not information. It’s that you had to do something in the, in the library. That’s what I testified about.

Q. OK. What did I have to do in the law library, according to you?

A. Well, you’re very smart. You must know the question. There was something down there that you wanted to use that you couldn’t use upstairs.

Q. OK. You also testified something about a USB drive, right?

A. Yes.

Q. You testified, I believe, that me and Omar wanted a USB device, right?

A. Yeah. You asked me all the time when the drive was going to arrive. When was it coming? When was it coming?

Q. OK. But there were already USB hard drives given to prisoners in the prison, right?

A. Not to my understanding.

Q. You don’t — you never received or saw anyone using a USB drive with their discovery on it?

A. No, because I — no, I hardly ever went down to the law library.

Q. All right. And then you said, you testified that you slipped a note under the guard’s door?

A. Yes.

Q. And that was about, you said something was going to happen in the law library, right?

THE INTERPRETER: Could you repeat the question, please?

MR. SCHULTE: Yes.

Q. You said that the note said something was going to happen in the law library, right?

A. Yes.

Which finally brings us to the Internet Explorer reference. During his cross-examination of FBI Agent Schlessinger on June 30, Schulte attempted to introduce the return from the warrant FBI served on WordPress after discovering Schulte was using the platform to blog from jail. The government objected, which led to an evidentiary discussion after the jury left for the weekend. The evidentiary discussion pertained to how to introduce the exhibit — which was basically his narrative attacking the criminal justice system — without also disclosing the child porn charges against Schulte referenced within them.

Schulte won that discussion. On the next trial day, July 6, Furman ruled for Schulte, and Schulte said he’d just put a document that redacted the references to his chid porn and sexual assault charges on a CD to share with the government.

MR. SCHULTE: Yes. I just — if I can get the blank CD from them or something I can just give it to them and they can review it.

But back on June 30, during the evidentiary discussion, Judge Furman suggested that the 80- or 90-page document that the government was looking at was something different than the file he was looking at.

That was surprising to Furman.

So was the fact that his version of the document opened in Internet Explorer.

MR. DENTON: Your Honor, on Exhibit 410 we recognize the Court has reserved judgment on that. I want to put sort of a fourth version in the hopper. At least in the version we are looking at, it is a 94-page 35000-word document. To the extent that the only thing the Court deems admissible is sort of the fact that there were postings that did not contain NDI, we would think it might be more appropriate to stipulate to that fact rather than put, essentially, a giant manifesto in evidence not for the truth. So I want to put that option out there given the scope of the document.

[snip]

MR. DENTON: Understood, your Honor. I think at that point, even if we get past the hearsay and the not for the truth problems, then there is a sort of looming 403 problem in the sense that it is a massive document that is essentially an manifesto offered for a comparatively small point. I think at that point it is risk of confusing the jury and potentially inflaming them if people decide to sit down and to read his entire screed, it significantly outweighs the fairly limited value it serves. But, we recognize the Court has reserved on this so I don’t need to belabor the point now.

THE COURT: Unless I am looking at something different, what I opened as Defendant’s Exhibit 410 — it opened for me in Internet Explorer, for some reason and I didn’t even think Internet Explorer existed anymore — and it does not appear to be 84 pages. So, I don’t even know if I am looking at what is being offered or not. But, let me add another option, which is if the government identifies any particular content in here that it thinks should be excluded under 403, then you are certainly welcome to make that proposal as well in the event that I do decide that it should come in in more or less its entirety with the child porn redacted. And if you think that there is something else that should be redacted pursuant to 403, I will consider that. All right?

MR. DENTON: We will make sure we are looking at the same thing and take a look at it over the weekend, your Honor.

To be clear: The reason this opened in IE for Furman is almost certainly that the document was old — it would date to October 2018 — and came in a proprietary form that Furman’s computer didn’t recognize. So for some reason, his computer opened it in IE.

That said, it’s not clear that the discrepancy on the page numbers in the file was ever addressed. Schulte just spoke to one of the prosecutors and they agreed on how it would be introduced.

And if a developer who had worked on malware in 2016 wanted an infection vector, IE might be one he’d pick. That’s because Microsoft stopped supporting older versions of IE in 2016, the year Schulte left the CIA. And WordPress itself was a ripe target for hacking in 2018. Schulte himself might relish using a Microsoft vector because the expert in the trial, Leedom, has moved onto Microsoft since working as a consultant to the FBI.

I have no idea how alarmed to be about all this. The opinions from experts I’ve asked have ranged from “dated file” to “he’d have to be lucky” to “unlikely but potentially terrifying” to “no no no no!” And Schulte is the kind of guy who lets grudges fester so badly that avenging the grudge becomes more important than all else.

So I wanted to put this out there so smarter people can access the documents directly — and perhaps so technical staff from the courthouse can try to figure out why that document opened in Internet Explorer.

Note: As it did with the first trial, Calyx Institute made the transcripts available. This time, however, they were funded by Germany’s Wau Holland Foundation. WHF board member Andy Müller-Maguhn has been named in WikiLeaks operations and was in the US during some of the rough period when Schulte is alleged to have leaked these documents. 

More on Joshua Schulte’s Attempted Hack of the Justice System

A few weeks ago, I described what I believed was an attempt by Joshua Schulte to hack the judicial system — not by using computer code, but by exploiting legal code. In a status hearing, he claimed that he had informed prosecutors that he wanted to proceed pro se (representing himself). The sole remaining member of the prosecution team, David Denton, said he hadn’t heard of it.

A letter submitted by Denton and AUSA Michael Lockard today, who has joined the team, explains why: after they reviewed one of many appeals Schulte had filed (this one a demand for the judge in this case to recuse), he actually informed of his purported decision Judge Paul Crotty ex parte, before he sent a contrary filing, also ex parte. Crotty, having gotten no unequivocal indication that Schulte intended to proceed pro se, did nothing, which is part of the basis for Schulte’s mandamus filing.

On June 9, 2021, the defendant filed a pro se petition for a writ of mandamus in the Second Circuit seeking to recuse the District Court, claiming, among other things, that the defendant “petitioned [the Court] to represent himself in multiple letters throughout November 2020,” and that the Court “did not hold a Faretta hearing as required by law.” In Re: Joshua Schulte, 21-1445, Dkt. 1 at 10 (2d Cir. 2021). At the status conference in this matter on June 15, 2021, the Government noted that no such request appeared on the docket for this case, and that the Government was not aware of the defendant expressing “an unequivocal intent to forego the assistance of counsel.” Williams, 44 F.3d at 100. At the conference, defense counsel, at the defendant’s apparent request, stated that this was incorrect, and the defendant did wish to proceed pro se. Following the conference, defense counsel forwarded the Government a copy of a letter dated November 6, 2020, in which the defendant indicated his desire to proceed pro se, and informed the Government that the request had been submitted by the defendant to the Court ex parte. Defense counsel further explained that, in subsequent ex parte communication with the Court following the defendant’s November 2020 letter, defense counsel had advised the Court that the defendant intended to continue with counsel.

Much of the letter submitted today is routine process for when a defendant claims to want to represent himself. Among the precedents the government cites are two (one in this circuit) holding that a defendant cannot be co-counsel with his defense attorney, which is effectively what Schulte has done.

(4) a defendant who elects to proceed pro se “has no constitutional or statutory right to represent himself as co-counsel with his own attorney,” United States v. Tutino, 883 F.2d 1125, 1141 (2d Cir. 1989); see also Schmidt, 105 F.3d at 90 (“[T]here is no constitutional right to hybrid representation.”).

And while at the hearing Sabrina Shroff had suggested she and Deborah Colson serve as stand-by counsel, the government rightly notes that in his mandamus petition, Schulte raised conflicts reviewed before his first trial, which is something amounting to advice from Shroff that Schulte write down everything he wanted to leak in his prison notebook. They’re using that to ask that Crotty appoint someone besides Shroff (though they don’t name her) as standby counsel.

With regard to the appointment of standby counsel, the Government notes that the defendant’s recently filed pro se mandamus petition reiterates his prior claims that he wishes to call as witnesses certain of his prior and current counsel from the Federal Defenders of New York, although that claim is framed in the context of arguing that the Court’s prior rulings on this issue demonstrate bias that requires the Court’s recusal, rather than seeking relief from the Court’s orders themselves. See In Re: Joshua Schulte, 21-1445, Dkt. 1 at 4-9 (2d Cir. 2021). Accordingly, in order to avoid later claims alleging any purported conflict-of-interest, the Government respectfully suggests that it would be prudent for the Court to appoint as standby counsel one of the defendant’s current or former attorneys not implicated in the defendant’s claims asserting conflict or implicating the attorney-witness rule.

So the letter explains what, in a normal court room, is going on. But I maintain that Schulte is (and has been, for some time) attempting to do what he did with CIA’s computer systems: send a bunch of conflicting messages to get the machine to operate in a way entirely unexpected. Indeed, one tactic he’s using is one he used several times at CIA, the same tactic small children use when one parent gives them a response they don’t like: Schulte is bypassing his criminal docket (both through the use of the ex parte letters and the non-associated dockets, to ensure the government didn’t learn of this ploy until all the Speedy Time would, if the ploy is successful, have elapsed).

If I were the government I’d have some good hacking investigators review the docket to try to understand it all from a hacker’s brain. Because, at the very least, I suspect Schulte plans to claim that the government simply forgot to hold his second trial.

Joshua Schulte Attempts to Hack the Court System

Joshua Schulte attempted to complete a hack of the court system yesterday.

I don’t mean that Schulte used computer code to bring down the court systems. His laptop doesn’t connect to the Internet, and so he does not have those tools available. Rather, over the 3.5 years he has been in jail, he has tested the system, figured out which messages can be used to distract adversaries, and which messages have an effect that will lead the system to perform in unexpected ways. He identified vulnerabilities and opportunities — SDNY arrogance, the pandemic and related court delays, Louis DeJoy’s postal system, and even the SAMs imposed on him — and attempted to exploit them.

As a reminder, a jury hung on the most serious charges against Schulte in March 2020. Afterwards, the government moved to retry Schulte quickly, but his defense attorneys said they needed more time, in part because their expert, Steve Bellovin, was for health reasons unwilling to serve as an expert during COVID. Last November, Judge Paul Crotty scheduled a trial to start June 7, 2021, which would have been a week ago Monday. In March, Schulte’s superb attorney, Sabrina Shroff, moved to delay the trial once more, to October, still citing Bellovin’s withdrawal.

Meanwhile, starting in January, Schulte started submitting pro se filings, some filed through Shroff, and some sent directly. The government responded to a motion for habeas corpus (basically, to point out he needs to file suit against the Warden of MCC, not the prosecution), but did not respond to his motion to suppress evidence seized from the MCC jail. When Schulte filed to request direct access to Lexus Nexis, the government responded, in part, by asking Judge Crotty to force Schulte to decide whether he was representing himself, pro se, or, if not, then to solely allow Shroff and her team to make filings on his behalf.

The defendant’s request appears to be an attempt to further his pattern of engaging in inappropriate, quasi-pro se litigation. The Court should not consider the defendant’s instant letter for that reason. “A defendant has a right either to counsel or to proceed pro se, but has no right to ‘hybrid’ representation, in which he is represented by counsel from time to time, but may slip into pro se mode for selected presentations.” United States v. Rivernider, 828 F.3d 91, 108 (2d Cir. 2016). Although the Court has “discretion to hear from a represented defendant personally,” id. at 108 n.5, “the interests of justice will only rarely be served by a defendant’s supplementation of the legal services provided by his . . . counsel,” United States v. Swinton, 400 F. Supp. 805, 806 (S.D.N.Y. 1975). To the extent the defendant has any colorable claims for relief, his attorneys can present them to the Court, and the Court should reject the defendant’s attempts to “slip into pro se mode,” Rivernider, 828 F.3d at 108, whenever it suits him. See, e.g., United States v. Crumble, No. 18 Cr. 32 (ARR), 2018 WL 3112041, at *4 (E.D.N.Y. June 25, 2018) (“As Markus has not elected to represent himself, he does not have a right to make a motion on his own behalf, nor does he have a right to insist that the district court hear his applications. While I have previously exercised my discretion to entertain Markus’s pro se submissions, I will do so no longer. If Markus wishes to file any further motions, he is directed to ask his trial counsel—or appellate counsel— to adopt this motion. I trust that assigned counsel will file any motions that they do not view as frivolous on Markus’s behalf. Any pro se motions made by Markus, however, will be summarily denied.” (cleaned up)).

In any event, even if the Court considers the defendant’s submission, it is without merit. As his letter acknowledges, he has access to legal databases (a fact confirmed by the volume of his recent pro se filings), but additionally he demands special access to “filings, briefs, modern search, and the ability to print.” The defendant’s claims about the purported deficiencies of the databases to which he does in fact have access do not support such demands or establish a basis for relief. “[A]n inmate cannot establish relevant actual injury simply by establishing that his prison’s law library or legal assistance program is subpar in some theoretical sense.” Lewis v. Casey, 518 U.S. 343, 351 (1996). The defendant identifies no reason he should be afforded special access beyond that which the facility provides in the normal course, and at bottom, he is represented by counsel who have the ability to make well-researched and thoroughly prepared legal claims on his behalf.

Crotty denied Schulte’s request for Lexus Nexis, but didn’t address the pro se request.

Meanwhile, two of the three prosecutors on the team, Matthew LaRoche and Sidhardha Kamaraju, withdrew from the case, both because they’ve left government. LaRoche was involved in a prosecution that collapsed because the government committed a Brady violation, but Kamaraju was not. Kamaraju, however, probably has the most computer expertise of the original three.

Yesterday there was a remarkable status hearing. Crotty started by asking the remaining prosecutor, David Denton, when replacement prosecutors will file an appearance. Imminently, Denton said, though it sounded like he didn’t believe that.

Crotty asked whether Shroff has found an expert. Curiously, she explained that Bellovin still can’t do it, even with the waning risk of COVID, because of his schedule at Columbia University. Crotty noted that it is her responsibility to find an expert (she had said in a November status conference that it would amount to ineffective assistance not to have one).

But the real stunner came at the end, when Shroff said that Schulte wanted her to tell the court that he had told the government back in November that he was proceeding pro se. Denton responded that this was the first he had heard of such a thing, and Shroff responded that he was incorrect; Schulte had informed the government in November.

The hearing ended with a commitment to brief whether Schulte can proceed pro se.

It is almost without exception an insanely bad idea for a defendant to represent themselves, and this is probably not that exception. Still, there are advantages that Schulte would get by representing himself. He’s brilliant, and clearly has been studying the law in the 3.5 years he has been in prison (though he has made multiple errors of process and judgment in his own filings). He has repeatedly raised the Sixth Amendment problems with Special Administrative Measures, notably describing how delays in receiving his mail make it impossible for him to respond to legal developments in timely fashion. So I imagine he’d prepare a Sixth Amendment challenge to everything going forward. He’d be able to demand access to the image of the server he is alleged to have hacked himself. By proceeding pro se, Schulte could continue to post inflammatory claims to the docket for sympathetic readers to magnify, as happened with a filing he submitted earlier this year. And after the government has made clear it will reverse its disastrous strategy from the first trial of making the trial all about Schulte’s conflicts with the CIA, by questioning witnesses himself, Schulte would be able to make personality conflicts central again, even against the government’s wishes. Plus, by not replacing Bellovin, Schulte would serve as expert himself. In that role, Schulte would present the false counter story he has been telling since he was jailed, but in a way that the government couldn’t cross-examine him. So it would probably be insanely detrimental, but less so than for most defendants that try it. It certainly would provide a way to mount the defense that Schulte clearly wants to pursue.

But I think that’s just Schulte’s fall-back plan.

I think his current plan is to argue that, because anything his attorneys did in his name after he purportedly informed prosecutors he was proceeding pro se would be a legal nullity, then two things have happened since that allegedly occurred that will permit him to demand immediate release. First, if his attorneys’ agreements to exclude time from the Speedy Trial clock were not valid, then it would mean the government has run out of time to prosecute Schulte. Additionally, if a request that Shroff made in March to reschedule the trial was not valid, then the trial would have still been scheduled for last week. I suspect Schulte will try to argue that the government forgot to hold their trial and so must be released.

Mind you, there’s no evidence in the docket that Schulte informed prosecutors, much less the court, that he was proceeding pro se. There’s a filing he made in April 2020 that claimed he had no lawyers and made requests as if he was proceeding pro se, one that everyone ignored. But according to Shroff, that’s not the notice; the notice took place in November. Still, given how Schulte has carefully tested how the mail system works with SAMs and COVID, I don’t rule out him sending a letter directly to prosecutors.

The other problem with his claim to be proceeding pro se is that in a May filing, Schulte referred to the October trial (meaning, he recognizes the validity of both that request and Shroff’s exclusion of time under the Speedy Trial Act) and complained that his attorney-client mail was being opened. If he were proceeding pro se without Crotty formally appointing Shroff as standby counsel, their communications would have no privilege. So he has said two things in a pro se filing that are inconsistent with really proceeding pro se.

Certainly, Shroff has said things — in multiple venues — that indicate she believed she remained Schulte’s lawyer.

Given that Schulte claims everything his legal team has done since November was done without his sanction, though, the government would seem to have cause to ask Crotty to assign entirely different lawyers to serve as Schulte’s stand-by counsel, if indeed he does proceed pro se going forward. Which would make his plan for the actual trial, if it ever happens, untenable.

To be sure, I’m not saying this is going to work. But the government — what’s left of the prosecution team, anyway — had better understand that Schulte has been treating the court system with the same adversarial approach as he allegedly did the CIA’s servers. Schulte is claiming to have entered a command into his prosecution back in November that hacked the system, effectively changed the effect of everything that has happened since. Just trusting that such a possibility cannot happen under the legal system is probably a bad idea given where the CIA’s trust that Schulte wouldn’t hack the system turned out.

Update: Via InnerCity Press, there’s the transcript of the hearing.


April 12, 2020: Schulte claims he has no attorneys, claims only a few months remain on Speedy Trial

May 31, 2020: Shroff asks for a week extension to respond to government scheduling motion

June 8, 2020: Schroff requests a status conference for August or September 2020, acting as if Schulte’s request did not exist

June 15, 2020: Shroff initiates White Plains grand jury challenge

June 19, 2020: SDNY extends Speedy Trial to July 1, 2020

July 16, 2020: Shroff informs Judge Crotty Schulte will not reply to Rule 29 motion

July 27, 2020: Shroff asks for extension on grand jury challenge

July 28, 2020: Shroff asks for ESXi server (basically a repeat of Schulte’s April request)

July 30, 2020: Shroff asks for two week delay on status hearing citing (in part) Steve Bellovin’s withdrawal

August 14, 2020: Shroff asks for two week extension on reply to request for ESXi server

September 15, 2020: Shroff reply on ESXi laptop

September 16, 2020: SDNY proposes schedule, with January 2021 trial date

September 21, 2020: SDNY responds to Bellovin submission of ex parte declaration

October 14, 2020: SDNY asks for 30 day exclusion

October 30, 2020: Shroff requests Schulte appear remotely

November 4, 2020: Status conference, trial set for June 7, 2021, with time excluded; Shroff maintains it would be ineffective counsel to go to trial without expert

THE COURT: Are you entitled to an expert?

MS. SHROFF: In a case like this, yes. I’m quite certain I’m entitled to an expert. I think it would be clear error and ineffective assistance of counsel to try this case without an expert, without a doubt.

November 16, 2020: Shroff-submitted motion to dismiss on White Plains grand jury

November 19, 2020: Shroff submits request for VTC meeting with Schulte’s family

January 1, 2021: Schulte motion to suppress MCC evidence (docketed February 24)

January 7, 2021: Shroff requests 2 week extension on White Plains grand jury reply

January 19, 2021: Shroff files Schulte pro se motion for writ of habeas corpus regarding SAMs, dated December 25, 2020

January 22, 2021: Shroff requests two week extension on January 21 deadline for reply on White Plains grand jury reply

January 22, 2021: Shroff requests funds for new laptop for Schulte

January 27, 2021: Civil Division AUSA asks Crotty to dismiss motion for writ so it can be refiled naming Warden as defendant

February 22, 2021: Shroff submits reply on White Plains grand jury challenge

February 24, 2021: Schulte files motion to reconsider decision on habeas (docketed March 4)

March 19, 2021: Schulte calls on Crotty to decide his motion to suppress on the merits, given government non-response (docketed April 5)

March 22, 2021: Shroff moves, with consent of Schulte, to reschedule trial to last quarter of 2021

March 24, 2021: Crotty denies motion to dismiss; Crotty reschedules trial for October 25, excludes time

April 12, 2021: Schulte asks for Lexus Nexis (docketed April 29)

May 5, 2021: Schulte complains about mail delays (docketed May 19); among other things it reflects an October trial date and references attorney-client mail

May 7, 2021: Matthew LaRoche withdraws

May 11, 2021: SDNY submits opposition to Lexus Nexis request, including request for order that Schulte not submit pro se

June 3, 2021: Sidhardha Kamaraju withdraws

June 7, 2021: Date of trial scheduled in November 2020

June 15, 2021: Status hearing at which Schulte claims to have been representing himself pro se since November

Prosecutors Have Discovered the Joshua Schulte Is a Hack-and-Leak Case, Not a Personnel Dispute

While I’ve been buried in the Mike Flynn beat, on Monday, there was a status hearing in the Joshua Schulte case.

There were three main news items in the hearing.

First, prosecutors revealed unsurprisingly that they’re going retry Schulte. More interesting, they said they planned to supersede the indictment against Schulte, alleging the same charges, but providing more information on them. They cited the notes from jurors, which made it crystal clear that the jurors were confused by the forensic testimony and how the charges related to that testimony. What the limits of Schulte’s legal access were seemed to be particularly confusing (something that is not sufficiently clear in the law anyway). At the time of both the initial Espionage indictment and the superseding one, the CIA was still trying to keep secret specifically what had been stolen when and how, but now that that’s public. I expect the superseding indictment to explain more clearly what was stolen and how Schulte allegedly exceeded his legal accesses to do that.

In discussions around that superseding indictment, prosecutor David Denton said something to the effect that grand juries are only available in emergencies. As far as the public record goes, however, grand juries aren’t available at all, so Denton’s disclosure was news. That only matters in the Schulte case insofar as he’s going to refuse most Speedy Trial exclusions (meaning prosecutors may be forced to find some way to start a new trial before COVID lockdowns end). But it’s an interesting admission more generally.

Finally, prosecutors said they didn’t think the retrial will take as long as his initial trial. In my summary of why the prosecution was in a remarkably weak position as the last trial went to the jury, I described how prosecutors had made it look like the Vault 7 breach was just a really nasty personnel dispute to which burning the CIA’s hacking abilities to the ground was just a side dispute.

Add that to the pace of the trial, which feels like a nasty employment dispute to which the massive breach of the CIA’s hacking tools became just a side-dispute. That’s often true of CIA trials — it certainly was for Jeffrey Sterling. But the long parade of CIA witnesses — Schulte’s buddy, two other colleagues, his boss, his boss’s boss, his boss’s boss’s boss, her boss, and then yet another boss, plus a CIA SysAdmin and a security guy — all describing a series of disputes escalating from a nerf gun fight to WikiLeaks burning the CIA’s hacking capabilities to the ground refocused the trial onto whether Schulte’s complaints had merit and not on what the forensic evidence showed.

And Sabrina Shroff did a superb job of defending not the forensic case (indeed, defense expert Steve Bellovin did not take the stand to float any of the alternate theories that Schulte has been offering for two years, and in so doing will leave Shroff to claim Michael could have accessed the backup without prosecutors having gotten him to admit that wouldn’t have worked), but instead arguing that her client was maligned by the entire CIA. The boss, the boss’s boss, the boss’s boss’s boss, the boss’s boss’s boss’s boss, and then the senior-most boss are all lined up against Schulte for being an asshole. She even defused utterly damning notes about working with Russia (which I’ll return to). From the transcripts, it seemed like Shroff rattled a good many government witnesses, too, and a number of them (one of the FBI agents and the classification expert, especially) seemed to come off as unresponsive as a result.

I expect prosecutors will shorten the trial by limiting this testimony to just the four or so people who have first-hand knowledge of Schulte’s actions (and in the retrial, the government won’t have to backpedal as they try to fix their late disclosure that Schulte’s buddy Michael had been put on paid leave by the CIA). If so, that should make it easier for prosecutors to focus on why the circumstantial forensic evidence strongly supports Schulte’s involvement.

All that said, prosecutors also seemed to be fighting jury nullification in Schulte’s trial, with at least two jurors who were determined to acquit Schulte no matter what other jurors said. That may be a WikiLeaks thing (one that would be far less likely to happen if this were tried in EDVA, which is why Julian Assange says he can’t get a fair trial in EDVA). But it also may be the case that CIA’s hacking department doesn’t make a very sympathetic hacking victim.