Posts

Scooter Libby, Whom Trump Pardoned, Serves as Precedent for the CIPA Challenge His Prosecution Presents

If and when former President Trump goes on trial, the Classified Information Procedures Act will govern what information gets submitted at trial and in what form. I wrote about CIPA in conjunction with the Igor Danchenko case here. Former National Security Division prosecutor David Aaron wrote about it the other day.

I’d like to give three examples of what documents that have gone through the CIPA process look like.

First, here’s one of the many CIA cables introduced at Jeffrey Sterling’s trial (here’s a larger set). Sterling was convicted of leaking details about a scheme to use a former Russian nuclear scientist to deal fake blueprints to Iran in an attempt to bollox their nuclear program. The cables would include substitutions for all the organizational details of how CIA works, as well as for the names of the Russian — Merlin — and all the covert CIA officers involved. Entire paragraphs that weren’t crucial to the meaning of the document were redacted.

This particular document was 15 years old when it was used at trial. Most if not all of the Sterling exhibits were classified Secret.

This exhibit includes the parts of Josh Schulte’s prison notebook introduced at trial. This was tied to the allegation that he was launching an Information War from jail, planning to leak further classified information to damage the CIA.

The government was able to substitute the name of a cybersecurity company that had IDed one of the CIA’s hacking tools, so as to avoid confirming that the tool referred to as Bartender in the WikiLeaks release was the malware discussed in the vendor report. But several other things were entirely redacted — such as details of the role that Schulte played at the CIA.

Some of these redactions cover other information — such as his privileged material or stuff that’s particularly inflammatory.

Schulte wrote these notes in 2018; they were first introduced for his 2020 trial, then again for his trial last year.

The case that may present the most analogous challenges to a trial against Trump is the Scooter Libby case, which — like the documents charged against Trump — involved a lot of classified communications to the White House. Here are the exhibits used in his 2nd Grand Jury appearance, at which he lied to cover up the orders Dick Cheney gave him.

Many of these are CIA documents from which the classification markings and entire sentenced were redacted. Like two of the exhibits charged against Trump, these have hand-written notes — sometimes Libby’s, sometimes Cheney’s — which were important to the case. One HUMINT report involving Joe Wilson redacted all the front-matter, including the classification marks (in this case, the notation of Wilson’s name was the important bit).

Even still, the vast majority of the documents introduced at trial were still just classified Secret, not Top Secret with compartments like most of the documents charged against Trump.

The exceptions were often Libby’s notes of Daily Briefings (including PDBs), which he used as part of a gray-mail campaign to try to make the case impossible to try. Though they didn’t have any classification marks (as is true of a document charged against Trump), they were treated as TS/SCI.

Here’s one example of from Libby’s own notes:

The vast majority of this had to be declassified because it was central to the defense Libby was mounting. Just the Foreign Leader and the US official were masked.

The Libby documents are similar to those charged against Trump in another way. These were just 4 years old when presented at trial. If Trump were to go to trial next year, the most recent documents, from 2020, would be four years old.

These cases are all in different circuits than Trump would be prosecuted in. Nevertheless, given the scant number of CIPA cases, it’s possible that the case of Josh Schulte — about whose case was one of the first times Trump shared classified information — and Scooter Libby, whom Trump pardoned, will serve as precedents for his prosecution.

That Other Bitter Jan6er about to Start Trial for Bringing Classified Documents Home from Work

There’s a guy in Florida who participated in the attack on democracy on January 6 about to go on trial on October 3 for hoarding classified documents in his home.

No, not that guy.

I’m talking about Jeremy Brown, the Oath Keeper charged with trespassing for January 6, but also charged with possession of illegal weapons and classified documents in Florida. Brown’s is an instructive example of what normally happens when a disgruntled former government employee hoards government secrets and allegedly plots the overthrow of constitutional government.

It started with a misdemeanor arrest warrant arising out of the January 6 grand jury investigation in DC, just for trespassing. Upon searching Brown’s house and RV, FBI agents saw several firearms and some grenades that cooperating Oath Keeper witness Caleb Berry had told investigators that Brown brought to January 6 in his RV. So the FBI got another warrant the next day to seize the weapons.

On October 19, DOJ indicted him for the weapons. They found a bunch of documents in a briefcase in that search, though, and after six months, they superseded Brown, adding four counts of 18 USC 793e, the same crime for which that other guy in Florida is being investigated.

It may have taken them six months to determine whether the 18-year old documents from a deployment to Afghanistan were still classified. Or — as explained below — they may have considered but decided not to charge him for a report Brown bragged about while drunk five yers ago. That process of deciding which documents to charge (what Brandon Van Grack revealed recently are called “Goldilocks” documents) takes some time and requires the input of the agencies whose documents would be charged.

That’s part of the discussion going on right now about the documents Trump took home.

Like many Jan6ers, Brown spent much of the last year challenging his detention and searching for increasingly MAGAt lawyers, ultimately settling on representing himself, pro se. Brown challenged the search of his home — but not the seizure of those classified documents. The two sides have also had a fight about how much of the money that Brown grifted by fund-raising off his arrest he or his girlfriend could access, rather than pay off his court appointed lawyer. Brown’s girlfriend also successfully fought to have a rifle belonging to her returned to her.

It’s not just Trump who tries to get their personal stuff back after an invasive search.

The case has only recently turned to the classified information that will be debated at trial. For example, the government is seeking to admit related evidence (called 404(b)), about the time in 2017 when investigators came to his home based on a suspicion he had classified information. They didn’t find the classified document in the place he permitted them to look, but he refused to let him search his whole house.

On October 17, 2017, Special Agents from the Air Force Office of Special Investigations conducted a voluntary interview of the Defendant at his residence, which was the same residence that was searched in this case. The purpose of the interview was to determine whether the Defendant possessed any classified information and, if so, to retrieve the information and return it to the government entity to which it belonged.

During the interview, the Defendant denied possessing any classified information, and he further stated that he did not recall telling anyone that he possessed classified information. The Defendant admitted that he had drafted a classified trip report about a missing soldier, and that he may have discussed that report with others. The Defendant stated that it was possible that he may have discussed this classified information with one of his friends while he was intoxicated, and that it was possible that his friend had misconstrued that conversation to mean that he had classified information in his home. Agents asked the Defendant whether he had that classified memorandum or any other classified information in his possession, and he stated that he did not.

At the request of the interviewing agents, the Defendant consented to a search of the storage containers in his shed, which he stated contained all of the items that he had removed from his office upon his retirement from the military in 2012. Agents searched the storage containers, and they did not find any classified information. Agents requested permission to search the remaining residence and other areas on the property. The Defendant refused to consent to the search of anywhere else on the property.

The government wants to introduce evidence of this earlier search as proof he knew he had the classified documents, fulfilling one element of the offense — precisely the same thing DOJ would do with the June 3 meeting if they were ever to charge Trump.

What’s more, the Defendant’s 2017 refusal to consent to a search of his residence for classified information further establishes his consciousness of guilt for the charged crimes, which is relevant to proving that he willfully retained the documents, as required by the statute. See 18 U.S.C. § 793(e) (“Whoever having unauthorized possession of, access to, or control over any document . . . . relating to the national defense . . . willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it . . . [s]hall be fined under this title or imprisoned not more than ten years, or both.”).

This is exactly how the June 3 meeting would function in a Trump prosecution. Before that, he might have been able to claim he didn’t know he had the documents or hadn’t refused to hand them back. After that, it’s far easier to make the case. That’s why it’s virtually impossible to charge Trump for 18 USC 793 for the earlier possession of classified documents.

Brown objects to that evidence coming in because, he says, the documents that he did brag about in 2017 aren’t classified in the form in which they were found in his briefcase, because he wrote them himself.

The documents that are the subject of the 404(b) notice allegedly were found in the Defendant’s possession along with the alleged classified documents are the subject of the criminal charges in the Indictment.

[snip]

The 404(b) documents that the Government chose not to charge the Defendant with, probably because in the form they are in, are not classified, were allegedly in the same briefcase as the charged documents. In 2017, the Defendant was discussing documents that he did have in his possession that he himself had marked “SECRET,” that he had authored, and that the Government decided did not warrant criminal charges for him possessing when they found the documents.

That’s probably not true: the documents are probably just harder to prove to be classified and possibly a good deal more sensitive, given that Brown was bragging about them.

Again, this is something we might see with a Trump prosecution: The government might charge less sexy documents that could be shared with a jury, but reference the far more damning ones stored with the charged documents.

The government has also recently turned to how they’ll persuade the jury, which is the ultimate judge, that these documents constitute National Defense Information. Here’s the standard the jury will be asked to consider.

To establish that the Documents contained “information relating to the national defense,” the government need show only that (1) the information is directly and reasonably connected with the national defense, and (2) the information was closely held by the government. See United States v. Campa, 529 F.3d 980, 1004-05 (11th Cir. 2008) (“‘information relating to the national defense’ . . . is limited to information that the government has endeavored to keep from the public”). The Supreme Court has held that “national defense” is a “generic concept of broad connotations, referring to the military and naval establishments and the related activities of national preparedness.” Id. (quoting Gorin v. United States, 312 U.S. 19, 28 (1941)).

To prove this, the government wants to have a witness attest the documents remain classified.

At trial, the government anticipates calling an expert witness to testify that the Classified Documents were and remain classified, and that, as a result, they were subject to access restrictions, specific handling and storage requirements, and other protections designed to avoid the disclosure of information and material relating to the national security.

They want the witness to explain the documents. While that person testifies, they want to share the documents with the jury under what is called a Silent Witness Rule. They’ll be handed binders — the one time I’ve seen this process, the documents were in the brightly colored classified folders like the ones Trump stole — with the actual documents inside, but then have to return the binders as soon as the witness is done.

As part of this testimony, the government’s expert will testify about the Classified Documents. To enable the jury to adequately weigh this testimony, the government will provide copies of the Classified Documents to the jurors. The Court and the defense will also receive copies of the Classified Documents. However, because public disclosure of the Classified Documents reasonably could cause serious damage to national security, the Classified Documents cannot be declassified for the trial.

[snip]

First, the government would provide each juror, the Court, and the defense with a binder of unredacted copies of the Classified Documents. The same process was followed in Mallory, 40 F.4th at 173, and it would enable the jurors to examine the Classified Documents while the government elicits unclassified testimony about the same from its expert witness. As in Mallory, the defense would be permitted to follow the same procedures during cross examination and/or with its own cleared expert, should the defense choose to retain one. Id. This procedure ensures that the jury has full access to the information it needs to fulfill its obligations. Id. at 178 (“But a review of the record reveals that the silent witness rule denied the jury none of the information on which Mallory based his defense.” (emphasis in original)). Second, the government will have Bates and line numbers added to the Classified Documents to enable the witness, the government, and the defense to direct the jurors to specific portions of the material.

While that happens, the public will have access only to heavily redacted versions of the documents.

The SWR is fairly controversial. In Jeffrey Sterling’s case (the one time I’ve seen it), it accorded the documents a kind of mystique and also limited the amount of time the jury could spend examining the documents, which weren’t related to the charged offenses in the case.

But (as the government explained) the SWR is one of the few tools the government has to prove to a jury that information is classified so they can hold someone accountable for hoarding such documents after he leaves government.

Because the Defendant is charged with violation 18 U.S.C. § 793(e), the government must establish that the Classified Documents found in his RV contain information relating to the national defense. Thus, the Classified Documents will necessarily be a part of the upcoming trial. Declassification of these documents is not an option given the national security risks presented by disclosure. Nor can the Classified Documents be redacted in a manner that would mitigate the national security risks, while also preserving the jury’s ability to meaningfully evaluate whether the Classified Documents relate to the national defense. This is exactly the sort of Hobson’s choice—protecting the national security versus pursuing charges under the Espionage Act—that CIPA was designed to prevent. See, e.g., United States v. Collins, 720 F.2d 1195, 1197 (11th Cir. 1983) (“Prior to CIPA, there was no way to evaluate the cost, by way of damage to the national security and the nation’s foreign relations, should the prosecution be initiated or pursued.”).

Brown is just an angry old former Green Beret who has been stewing on his bitterness with all the keepsakes in his RV. He’s not the former President. Though they both seem to spend a lot of time stewing with their treasures.

But the same complexities arise even in his case. And even with Brown, prosecuting someone for hoarding classified documents he brought home from work is not easy.

Update: Added more contextualization of how this would work with Trump.

Update: Another filing in the Brown case provided some context for how, the government claims, he left the Special Forces. He loaded some porn onto a DOD computer, did not contest the charges, and so was not permitted to re-enlist. DOJ ties the incident directly to the classified documents found in his RV.

While in the Special Forces, over the course of eight months from September 2010 to April 2011, the Defendant “knowingly and willfully placed approximately 67 unauthorized files on the [Department of Defense computer system] shared drive.” See Exhibit 1. The military determined that the 67 files that the Defendant had uploaded contained “pornographic photos and videos.”

On September 29, 2011, the Defendant received a General Officer Memorandum of Reprimand (“GOMR”) for these actions, attached hereto as Exhibit 1. The GOMR determined that, but uploading pornography to the military computer systems, the Defendant had “compromised the high standards of personal conduct and exemplary behavior expected of a Senior Noncommissioned Officer and Special Forces.” It further determined that the Defendant’s behavior was “inexcusable and incompatible with the maintenance of high standards of performance, military discipline and readiness,” and had “demonstrated extremely poor judgment, a lack of self-discipline, lack of professionalism and set an extremely poor example for all Soldiers.”

[snip]

The Defendant’s commanding officer, wanting to ensure that the Defendant’s children would not lose their pension, intervened to prevent the Defendant from being dishonorably discharged. As a result of this GOMR, however, the Defendant was barred from reenlistment in the military.

The Defendant was angry about the GOMR, and he later claimed that the GOMR was levied against him in retaliation for the contents of a classified memorandum that he had written. The Defendant finished out his term of enlistment and retired from the Army in 2012.

And it provides more detail on how and where it found the documents.

On September 30, 2021, federal agents executed a search warrant at the Defendant’s residence and recreational vehicle (R.V.). In the bedroom of the R.V., agents located an ammunition carrier containing two M-67 fragmentation grenades. On a couch in the R.V., agents located an illegal short-barrel shotgun. Next to the shotgun, agents located a briefcase. Inside the briefcase, agents located photographs and personal papers of the Defendant. Among those papers, agents found a paper copy of a classified Memorandum concerning a missing soldier that the Defendant had authored, which was marked “SECRET,” as well as a C.D. marked as classified with a red “SECRET” sticker. Subsequent review of that C.D. revealed that it had numerous classified documents that the Defendant had retained from his time in the military.

If you believe the government’s story (though stories of how DOD disposes of guys like Brown are always suspect), he brought these documents home nursing a grievance, certain he was not fired for cause.

It’s another thing he has in common with Trump, I guess.

Snowden

Insurance File: Glenn Greenwald’s Anger Is of More Use to Vladimir Putin than Edward Snowden’s Freedom

Glenn Greenwald risks making his own anger more valuable to Vladimir Putin than Edward Snowden’s freedom.

When WikiLeaks helped Snowden flee Hong Kong eight years ago, both WikiLeaks and Snowden had the explicit goal of using Snowden’s successful flight from prosecution to entice more leakers.

In his book, Snowden described that Sarah Harrison and Julian Assange’s goal in helping him flee Hong Kong was to provide a counterexample to the draconian sentence of Chelsea Manning.

People have long ascribed selfish motives to Assange’s desire to give me aid, but I believe he was genuinely invested in one thing above all—helping me evade capture. That doing so involved tweaking the US government was just a bonus for him, an ancillary benefit, not the goal. It’s true that Assange can be self-interested and vain, moody, and even bullying—after a sharp disagreement just a month after our first, text-based conversation, I never communicated with him again—but he also sincerely conceives of himself as a fighter in a historic battle for the public’s right to know, a battle he will do anything to win. It’s for this reason that I regard it as too reductive to interpret his assistance as merely an instance of scheming or self-promotion. More important to him, I believe, was the opportunity to establish a counterexample to the case of the organization’s most famous source, US Army Private Chelsea Manning, whose thirty-five-year prison sentence was historically unprecedented and a monstrous deterrent to whistleblowers everywhere. Though I never was, and never would be, a source for Assange, my situation gave him a chance to right a wrong. There was nothing he could have done to save Manning, but he seemed, through Sarah, determined to do everything he could to save me. That said, I was initially wary of Sarah’s involvement. But Laura told me that she was serious, competent, and, most important, independent: one of the few at WikiLeaks who dared to openly disagree with Assange. Despite my caution, I was in a difficult position, and as Hemingway once wrote, the way to make people trustworthy is to trust them.

[snip]

It was only once we’d entered Chinese airspace that I realized I wouldn’t be able to get any rest until I asked Sarah this question explicitly: “Why are you helping me?”

She flattened out her voice, as if trying to tamp down her passions, and told me that she wanted me to have a better outcome. She never said better than what outcome or whose, and I could only take that answer as a sign of her discretion and respect.

It’s not just Snowden’s impression, though, that WikiLeaks intended to make an example of him. The superseding indictment against Assange cites several times when Assange invoked WikiLeaks’ role in Snowden’s successful escape to encourage others (including CIA Systems Administrators like Joshua Schulte, who had a ticket to Mexico when the FBI first interviewed him and seized his passports) to go do what Snowden did. British Judge Vanessa Baraitser even included one of those speeches in paragraphs distinguishing what Assange is accused of from legal journalism. And as early as 2017, public reporting said that WikiLeaks’ assistance to Snowden was what changed how DOJ understood WikiLeaks and why it began to consider prosecuting Assange. It wasn’t Trump that led DOJ to stop treating Assange as a journalist, it was Snowden.

According to Snowden’s own words, he shared WikiLeaks’ goal of setting an example to inspire others. In an email that Snowden must have sent Bart Gellman weeks before the exchange between him and Harrison above, Snowden described steps he took to give other leakers (this may be Gellman’s paraphrase), “hope for a happy ending.”

In the Saturday night email, Snowden spelled it out. He had chosen to risk his freedom, he wrote, but he was not resigned to life in prison or worse. He preferred to set an example for “an entire class of potential whistleblowers” who might follow his lead. Ordinary citizens would not take impossible risks. They had to have some hope for a happy ending.

To effect this, I intend to apply for asylum (preferably somewhere with strong internet and press freedoms, e.g. Iceland, though the strength of the reaction will determine how choosy I can be). Given how tightly the U.S. surveils diplomatic outposts (I should know, I used to work in our U.N. spying shop), I cannot risk this until you have already gone to press, as it would immediately tip our hand. It would also be futile without proof of my claims—they’d have me committed—and I have no desire to provide raw source material to a foreign government. Post publication, the source document and cryptographic signature will allow me to immediately substantiate both the truth of my claim and the danger I am in without having to give anything up. . . . Give me the bottom line: when do you expect to go to print?

Citizenfour also quotes Snowden describing how he hoped that proof that his “methods work[]” would encourage others to leak.

If all ends well, perhaps the demonstration that our methods worked will embolden more to come forward.

Snowden’s “methods” don’t work — they certainly haven’t for Daniel Hale, Reality Winner, or Joshua Schulte. But for each, Snowden played at least some role (there is ambiguity about how Schulte really felt about Snowden) in inspiring them to ruin their lives with magical thinking and inadequate operational security.

One of Snowden’s “methods” appears to entail quitting an existing job and then picking another at an Intelligence Community contractor with the intent of obtaining documents to leak. Snowden did this at Booz Allen Hamilton, and his book at least suggests the possibility he did that with his earlier job in Hawaii.

The government justified the draconian sentence that it had negotiated with Winner’s lawyers, in part, by claiming that she premeditated her leak.

Around the same time the defendant took a job with Pluribus requiring a security clearance in February 2017, she was expressing contempt for the United States, mocking compromises of our national security, and making preparations to leak intelligence information

Along with evidence Winner researched The Intercept’s SecureDrop before starting at her new job, the government supported this claim by pointing to three references Winner made to Snowden as or shortly after she started at Pluribus, including texts in which Winner told her sister she was on Assange and Snowden’s side the day the Vault 7 leak was revealed. That was still two months before she took the files she would send to The Intercept.

Had Hale gone to trial, the government would have shown that Hale discussed serving as a source for Jeremy Scahill by May 30, 2013, the day before he left NSA, and discussed Snowden — and hanging out with the journalists reporting on him — the day Snowden came forward on June 9. Then, on July 25, Hale sent Scahill a resume showing he was looking for counterterrorism or counterintelligence jobs. In December, Hale started the the job at Leidos where he would print out the files he sent to The Intercept.

You can think these leaks were valuable and ethical without thinking it a good idea to leave a months-long trail of evidence showing premeditation on unencrypted texts and social media.

Similarly, one of Snowden’s “methods” was to claim he had expressed concerns internally, but was ignored, a wannabe whistleblower stymied by America’s admittedly failed support for whistleblowers, especially those at contractors.

In the weeks before Snowden left NSA, he made a stink about some legal issues and NSA’s training programs (about how FISA Section 702 interacted with EO 12333) that he subsequently pointed to as his basis for claiming to be a whistleblower. The complaint was legit, and one NSA department actually did take notice, but it was not a formal complaint; indeed, it was more a complaint about US law. But his complaint had nothing to do with the vast majority of the documents that have been published based off his files, to say nothing of the far greater set of documents he took. And he made the complaint long after having prepared for months to steal vast amounts of files.

Similarly, Joshua Schulte wrote two emails documenting purported concerns about CIA security, one to a colleague less than a month before he left, which he didn’t send, and then, on his final day, one to CIA’s Inspector General that he falsely claimed was unclassified, a copy of which he was seen taking with him when he packed up. In the first search warrant for Schulte’s house obtained on March 13, 2017, less than a week after the initial Vault 7 release, the FBI had already found those emails and deemed Schulte’s treatment of them as suspect. And when they found a copy of the classified letter to the IG stashed in his headboard, it gave them cause to seize Schulte’s passports on threat of arrest. Snowden’s “methods” didn’t deliver Schulte a “happy ending;” they made Schulte’s apprehension easier.

To the extent Schulte could be shown to be following Snowden’s “methods” (again, that question was not resolved at his first trial) it would be a fairly damning indictment of those methods, since this effort to create a paper trail as a whistleblower was such an obvious attempt to retroactively invent cover for leaks for which there was abundant evidence Schulte’s motivation was spite and revenge. Maybe that’s why someone close to Assange explicitly asked me to stop covering Schulte’s case.

Had Daniel Hale gone to trial, the government undoubtedly would have used the exhibits showing that Hale had never made any whistleblower claims in any of the series of government jobs where he had clearance as a way to push back on his claim of being a whistleblower, though Hale was outspoken about his criticisms of the drone program before he took most of the files he shared with The Intercept. Indeed, given the success of Hale’s earlier anti-drone activism, his case raises real questions about whether leaking was more effective than Hale’s frank, overt witness to the problems of the drone program.

Worse still, Snowden’s boasts about his “methods” appear to have made prosecutions more likely. An early, mostly-sealed filing in Hale’s case, reveals that the government set out to investigate whether Hale was The Intercept’s source because they were trying to figure out whom Snowden had “inspired” to leak.

Specifically, the FBI repeatedly characterized its investigation in this case as an attempt to identify leakers who had been “inspired” by a specific individual – one whose activity was designed to criticize the government by shedding light on perceived illegalities on the part of the Intelligence Community.

That explains why the government required Hale to allocute to being the author of an essay in a collection of Hale’s leaked documents involving Snowden: by doing so, they obtained sworn proof that Hale is the person Snowden and Glenn Greenwald were discussing, while the two were sitting in Moscow, in the closing sequence of Citizenfour. In the scene, Glenn flamboyantly wrote for Snowden how this new leaker and The Intercept’s journalist were communicating, what appears to be J-A-B-B-E-R. That stunt for the camera would have tipped the government off, in cinema release just two months after they had raided Hale’s home, to look for and reconstruct Hale’s Jabber communications with Jeremy Scahill, which they partly succeeded in doing.

Rather than being means to a “happy ending,” then, prosecutors have found Snowden’s “methods” useful to pursuing increasingly draconian prosecutions of people inspired by him.

And now, after Snowden and Greenwald failed to persuade Trump to pardon Snowden, Assange — and in a secondary effort — The Intercept’s sources (perhaps, like Assange, they find the association with Schulte counterproductive, because they didn’t even try to get him pardoned, even though Trump himself almost bolloxed that prosecution), Snowden is left demanding pardons on Twitter for the people he set out to convince leaking could have a “happy ending.”

By associating these leaks with someone being protected by Russia so that — in Snowden’s own words — he could encourage more leaks, Snowden only puts a target on these people’s back, making a justifiable commutation of Winner’s sentence less likely (Winner is due to get out on November 23, two days before the most likely time for Joe Biden to even consider commuting her sentence).

I’m grateful for Snowden’s sacrifices to release the NSA files, but his efforts to lead others to believe that leaking would be easy was bound to, and has, ended badly.

If Vladimir Putin agreed to protect Snowden in hopes that he would inspire more leakers to release files that help Russia evade US spying (as Schulte’s leak did, at a time when the US was trying to understand the full scope of what Russia had done in 2016), the US prosecutorial focus on Snowden-related leakers undermines his value to Putin, probably by design. As that happens, Snowden might reach the moment that observers of his case have long been dreading, the moment when Putin’s utilitarian protection of Snowden will give way to some other equally utilitarian goal.

This is all happening as Putin adjusts to dealing with Joe Biden rather than someone he could manipulate by (at the very least) feeding his narcissism, Donald Trump. It is happening in the wake of new sanctions on Russia, in response to which Putin put US Ambassador John Sullivan on a plane to deliver some message, in person, to Biden. It is happening as Biden’s response to the Colonial Pipeline attack, in which ransomware criminals harbored by Putin shut down US critical infrastructure for fun and profit, includes noting that he and Putin will meet in person soon, followed by the unexplained disabling of the perpetrators in the wake of the attack.

Meanwhile, even as Snowden is of less and less use to Putin, Glenn Greenwald’s utility continues to grow. Snowden, for example, continues to speak out about topics inconvenient to Putin, like privacy. The presence in Russia of someone like Snowden with his own platform and international credibility may become increasingly risky for Putin given the success of protests around Alexei Navalny.

Greenwald, by contrast, seems to have dropped all interest in surveillance and has instead turned many of his grievances — even his complaint that former NSA lawyer Susan Hennessey will get a job in DOJ’s National Security Division, against whom one can make a strong case on privacy grounds — into a defense of Russia. Greenwald spends most of his time arguing that a caricature that he labels “liberals” and another caricature that he labels “the [American] Deep State,” followed closely by another caricature he calls “the  [non-right wing propaganda] Media,” are the most malignant forces in American life. In his rush to attack “liberals,” “the Deep State,” and “the Media,” Greenwald has coddled the political forces that Putin has found useful, including outright racists and other right wing extremists. By the end of the Trump presidency, Greenwald was excusing virtually everything Trump did, up to and including his attempted coup based on the utter denigration of democratic processes. In short, Greenwald has become a loud and important voice in support of the illiberalism Putin favors, to say nothing of Greenwald’s use of a rhetoric unbound by facts.

That Greenwald spends most of his days deliberately inciting Twitter mobs is just an added benefit, to those who want to weaken America, to Greenwald’s defense of fascists.

Most of us who used to know Greenwald attribute his Russian denialism and his apologies for Trump at least partly to his desire to free Snowden from exile. Yet Greenwald’s tantrums, because of their value to Putin, may have the opposite effect.

Stoking Greenwald’s irrational furor over what he calls “liberals” and “the Deep State” and “the Media” would actually be a huge incentive for Putin to deal Snowden to the US, in maximally symbolic fashion. There is nothing that could light up Greenwald’s fury like Putin bringing Snowden to a summit with Biden, wrapped up like a present, to send back on Air Force One. (That’s an exaggerated scenario, but you get my point.)

Plus, if Putin played it right, such a ceremonial delivery of Snowden might just achieve the completion of the Snowden operation, the public release of all of the files Snowden stole, not just those that one or another journalist found to have news value.

The Intelligence Community has, over the years, said a bunch of things about Snowden that were outright bullshit or, at least, for which they did not yet have evidence. But one true thing they’ve said is that Snowden took a great many files that had no imaginable privacy value. Even from a brief period working in the full archive aiming to answer three very discrete questions about FISA, I believe that to be true. While some (including Assange) pressured Snowden and others to release all these files, Snowden instead ensured that journalists would serve a vetting role, and after some initial fumbling, The Intercept did a laudable job of keeping those files safe. So up to now, the fact that Snowden took far more files than any privacy concern — even privacy concerns divorced from all question of nationality — could justify may not have mattered.

But as far as I know there are still full copies out there and Russia would love to spin up Glenn Greenwald’s fury so much he would attempt to burn down his caricature of “The Deep State” in retaliation — much like Schulte succeeded in badly damaging the CIA — by releasing his set.

I believe Russia has been trying to do this since at least 2016.

To be very clear, I’m not claiming that Greenwald is taking money from or is any way controlled by Russia. I am very much not claiming that, in part because it wouldn’t be necessary. Why pay Greenwald for what you can get him to do for free?

And while I assume Greenwald would respect Snowden’s stated wishes and protect the files, like Trump, Greenwald’s narcissism and resentment are very, very easy buttons to push. Greenwald has been heading in this direction without pushing. It would be child’s play to have people friendly to Russia’s illiberal goals (people like Steve Bannon or Tucker Carlson) exacerbate Greenwald’s anger at “the Deep State” to turn it into the frenzy it has become.

Meanwhile, custody of Edward Snowden would be a very enticing dangle for Putin to offer Biden as a way to reset Russia’s relationship with the US. One cannot negotiate with Putin, one can only adjust the points of leverage over each other and hope to come to some stable place, and Snowden has always been at risk of becoming a bargaining chip in such a relationship. By turning Snowden over to the US to be martyred in a high profile trial, Putin might wring the last bit of value out of Snowden. All the better, from Putin’s standpoint, if Greenwald were to respond by releasing the full Snowden set.

For the past four years, Greenwald seems to have believed that if he sucked up to Putin and Trump, he’d win Snowden’s freedom, as if either man would ever deal in good faith. Instead, I think, that process has had the effect of making Greenwald more useful to Russia than Snowden is anymore. And at this point, Greenwald seems to have lost sight of the likelihood that his belligerent rants may well make Snowden less safe, not more.

Update: According to the government sentencing memo for Hale, they didn’t write up the statement of offense, Hale did.

Hale pled guilty without any plea agreement, and submitted his own Statement of Facts. Def.’s Statement of Facts, Dkt. 197 (“SOF”).

The Government Prepares to Argue that Transmitting Information *To* WikiLeaks Makes the Vault 7 Leak Different

In a long motion in limine yesterday, the government suggested that if Joshua Schulte had just been given a “prestigious desk with a window,” he might not have leaked all of CIA’s hacking tools in retaliation and caused what the government calls “catastrophic” damage to national security.

Schulte grew angrier at what he perceived was his management’s indifference to his claim that Employee-1 had threatened him. Schulte also began to complain about what, according to him, amounted to favoritism toward Employee-1, claiming, for example, that while the investigation was ongoing, Schulte was moved to an “intern desk,” while Employee-1 had been moved to a “prestigious desk with a window.”

[snip]

The Leaks are the largest illegal disclosure of CIA information in the agency’s history and, as noted above, caused catastrophic damage to national security.

Along the way, the motion provides the most detailed description to date about how the government believes Schulte stole the Vault 7 files from CIA. It portrays him as an arrogant racist at the beginning of this process, and describes how he got increasingly belligerent with this colleagues at CIA leading up to his alleged theft of the CIA’s hacking files, leading his supervisors to recognize the threat he might pose, only to bollox up their efforts to restrict his access to CIA’s servers.

The motion, along with several other submitted yesterday, suggests that the government would like to argue that leaking to WikiLeaks heightens the damage that might be expected to the United States.

Along with laying out that it intends to argue that the CIA charges (stealing the files and leaking them to WikiLeaks) are intertwined with the MCC charges (conducting “information war” against the government from a jail cell in the Metropolitan Correction Center; I explained why the government wants to do so here), the government makes the case that cybersecurity expert Paul Rosenzweig should testify as a witness about WikiLeaks.

Rosenzweig will testify about (i) WikiLeaks’s history, technical and organizational structure, goals, and objectives; (ii) in general terms, prior leaks through WikiLeaks, in order to explain WikiLeaks’s typical practices with regard to receiving leaked classified information, its practices or lack thereof regarding the review and redaction of sensitive information contained in classified leaks, and certain well-publicized harms to the United States that have occurred as a result of disclosures by WikiLeaks; and (iii) certain public statements by WikiLeaks regarding the Classified Information at issue in this case.

Rosenzweig’s testimony would come in addition to that of classification experts (probably for both sides) and forensic experts (again, for both sides; Steve Bellovin is Schulte’s expert).

The expert witnesses were allowed to testify as to the background of the organization Wikileaks; how the U.S. Government uses certain markings and designations to identify information that requires special protection in the interests of national security; the meaning of certain computer commands and what they would do; how various computers, servers, and networks work; how data is stored and transferred by various computer programs and commands; and the examination of data that is stored on computers and other electronics.

The only motion in limine Schulte submitted yesterday objected to Rosenzweig’s testimony. Schulte argues that the government’s expert notice neither provides sufficient explanation about Rosenzweig’s intended testimony nor proves he’s an expert on WikiLeaks. More interesting is Schulte’s  argument that Rosenzweig’s testimony would be prejudicial. It insinuates that Rosenzweig’s testimony would serve to substitute for a lack of proof about how Schulte sent the CIA files to WikiLeaks (Schulte is alleged to have used Tor and Tails to transmit the files, which would leave no forensic trace).

In Mr. Schulte’s case, the government has no reliable evidence of how much information was taken from the CIA, how it was taken, or when it was provided to WikiLeaks. The government cannot overcome a lack of relevant evidence by introducing evidence from other cases about how much information was leaked or how information was leaked in unrelated contexts. The practices of WikiLeaks in other contexts and any testimony about alleged damage from other entirely unrelated leaks is completely irrelevant.

Schulte’s claimed lack of evidence regarding transfer notwithstanding, that’s not how the government says they want to use Rosenzweig’s testimony. They say they want to use his testimony to help prove that Schulte intended to injure the US.

The Government is entitled to argue that Schulte intended to harm the United States, by transmitting the stolen information to WikiLeaks, because he knew or had reason to know what WikiLeaks would do with the information. The fact that WikiLeaks’ prior conduct has harmed the United States and has been widely publicized is powerful evidence that Schulte intended or had reason to believe that “injury [to] the United States” was the likely result of his actions—particularly given that the Government will introduce evidence that demonstrates Schulte’s knowledge of earlier WikiLeaks disclosures, including his own statements.

It does so by invoking WikiLeaks’ past leaks and the damage those leaks have done.

Accordingly, proof that it was foreseeable to Schulte that disclosure of classified information to WikiLeaks could cause “injury [to] the United States” is a critical element in this case. Indeed, the Senate Select Committee on Intelligence has explicitly stated “that WikiLeaks and its senior leadership resemble a non-state hostile intelligence service.” S. Rep. 115-151 p. 10. In order to evaluate evidence related to this topic, the jury will need to understand what WikiLeaks is, how it operates, and the fact that WikiLeaks’ previous disclosures have caused injury to the United States. The Government is entitled to argue that Schulte intended to harm the United States, by transmitting the stolen information to WikiLeaks, because he knew or had reason to know what WikiLeaks would do with the information.

Notably, the government motion invokes the Senate’s recognition that WikiLeaks resembles “a non-state hostile intelligence service.” That may well backfire in spectacular fashion. That statement didn’t come until over a year after Schulte is alleged to have stolen the files. And the statement was a follow-up to Mike Pompeo’s similar claim, which was a direct response to Schulte’s leak. If I were Schulte, I’d be preparing a subpoena to call Pompeo to testify about why, after the date when Schulte allegedly stole the CIA files, on July 24, 2016, he was still hailing the purported value of WikiLeaks’ releases.

The thing is, showing that the specific nature of the intended recipient of a leak is an element of the offense has never been required in Espionage leak cases before. Indeed, the government’s proposed jury instructions are based off the instruction in the Jeffrey Sterling case. While the government flirted with naming James Risen an unindicted co-conspirator in that case, they did not make any case that leaking to Risen posed unique harm.

Moreover, even before getting into Schulte’s statements about WikiLeaks (most of which have not yet been made public, as far as I’m aware), by arguing the CIA and MCC charges together, the government will have significant evidence not just about Schulte’s understanding of WikiLeaks, but his belief and that they would lie to harm the US. The government also has evidence that Schulte knew that WikiLeaks’ pretense to minimizing harm with the Vault 7 files was false, and that instead WikiLeaks did selective harm in its releases, though it doesn’t want to introduce that evidence at trial.

In other words, this seems unnecessary, superfluous to what the government has done in past Espionage cases, and a dangerous precedent (particularly given the way the government suggested that leaking to The Intercept was especially suspect in the Terry Albury and Reality Winner cases).

That’s effectively what Schulte argues: that the government is trying to argue that leaking to WikiLeaks is particularly harmful, and that if such testimony goes in, it would be forced to call its own witnesses to testify about how past WikiLeaks releases have shown government malfeasance.

This testimony could also suggest that the mere fact that information was released by WikiLeaks necessarily means that it was intended to—and did—cause harm to the United States. These are not valid evidentiary objectives. Instead, this type of testimony would create confusion and force a trial within a trial on the morality of WikiLeaks and the extent of damage caused by prior leaks. If the government is allowed to introduce this evidence, the defense will necessarily have to respond with testimony about how WikiLeaks is a non-profit news organization, that it has previously released information from government whistle-blowers that was vital to the public understanding of government malfeasance, and that any assertion of damages in the press is not reliable evidence.

The government, in a show of reasonableness, anticipates Schulte’s argument about the prejudice this will cause by stating that it will limit its discussion of prior WikiLeaks releases to a select few.

The Government recognizes the need to avoid undue prejudice, and will therefore limit Mr. Rosenzweig’s testimony to prior WikiLeaks leaks that have a direct relationship with particular aspects of the conduct relevant to this case, for example by linking specific harms caused by WikiLeaks in the past to Schulte’s own statements of his intent to cause similar harms to the United States or conduct. Those leaks include (i) the 2010 disclosure of documents provided to WikiLeaks illegally by Chelsea Manning; (ii) the 2010 disclosure of U.S. diplomatic cables; (iii) the 2012 disclosure of files stolen from the intelligence firm Stratfor; and (iv) the 2016 disclosure of emails stolen from a server operated by the Democratic National Committee.

The selected cases are notable, as all of them (with Manning’s leaks seemingly listed twice) involve cases the government either certainly (with the EDVA grand jury seeking Manning and Jeremy Hammond’s testimony) or likely (with ongoing investigations into Roger Stone) currently has ongoing investigations into.

As a reminder: absent an unforeseen delay, this trial will start January 13, 2020 and presumably finish in the weeks leading up to the beginning of Julian Assange’s formal extradition process on February 25. The government has maintained it can add charges up until that point, and US prosecutors told British courts it won’t provide the evidence against Assange until two months before the hearing (so around Christmas).

Schulte’s trial, then, appears to be the opening act for that extradition, an opening act that will undermine the claims WikiLeaks supporters have been making about the journalistic integrity of the organization in an attempt to block Assange’s extradition. Rosenzweig’s testimony seems designed, in part, to heighten that effect.

Which may be why this instruction appears among the government’s proposed instructions.

Some of the people who may have been involved in the events leading to this trial are not on trial. This does not matter. There is no requirement that everyone involved in a crime be charged and prosecuted, or tried together, in the same proceeding.

You may not draw any inference, favorable or unfavorable, towards the Government or the defendant from the fact that certain persons, other than the defendant, were not named as defendants in the Indictment. Do not speculate as to the reasons why other persons were not named. Those matters are wholly outside your concern and have no bearing on your function as jurors.

Whether a person should be named as a co-conspirator, or indicted as a defendant in this case or another separate case, is a matter within the sole discretion of the United States Attorney and the Grand Jury.

As noted, a number of different WikiLeaks supporters have admitted to me that they’re grateful Assange has not (yet) been charged in conjunction with the Vault 7 case, because even before you get to his attempt to extort a pardon with the files, there’s little journalistic justification for what it did, and even more reason to criticize WikiLeaks’ actions as the case against Schulte proceeded.

Yet the obscure proceedings before the EDVA grand jury suggests the government may be pursuing a conspiracy case that starts in 2010 and continues through the Vault 7 releases, with the same variety of Espionage and CFAA charges continuing through that period.

By arguing the CIA and MCC charges in tandem, the government can pretty compellingly make the case that WikiLeaks’ activities went well beyond journalism in this case. But it seems to want to use Rosenzweig’s testimony to make the case more broadly.

Judge Crotty Should Let Joshua Schulte Test His Theory of Defense Forensically

At a hearing on July 25, accused Vault 7 leaker Joshua Schulte’s lawyer, Sabrina Shroff, argued that it’s possible if the government provides some forensic evidence that the CIA maintains is too classified to share, this case might avoid trial, either by identifying alternate culprits or leading her to advise her client to plead.

Mr. Kamaraju says that I would be forced anyway to then make a Section 5 motion to show relevance, etc. Well, maybe not. Maybe if I got the forensics, I would be able to say, hey, I think the government is completely wrong, Mr. Schulte is completely innocent, and you should go back and relook at your charging decisions because of X, Y, and Z in the forensics.

On the flip side, I could look at the forensics and say to my client, you know, maybe this isn’t the strongest case. Maybe we shouldn’t be going to trial. Not all discovery is asked for or relevant because it is only going to be used at trial. We asked for discovery because it is proper Rule 16 information that the defendant should have that would tell him about the charges and help him make proper decisions in the most serious or the most benign of cases.

At issue, per an order Judge Paul Crotty issued days before the hearing (but which got released publicly afterwards) is evidence that would exist if a narrative Schulte seeded before he left the CIA were true. In addition to all the email he wrote at CIA (the government is giving him what he wrote, but not the responses), he wants “a complete forensic copy of the Schulte Workstation and DevLAN, so that his expert can conduct a comprehensive forensic analysis.” Ultimately, Crotty did not grant Schulte’s request, noting that he “has been accused of leaking information he obtained from his employment at CIA both before he was arrested and from his cell at MCC after his arrest.” Instead, he directed the defense to “submit[] a more tailored request [that] provides good reason for further forensic discovery in a motion to compel. In this context, it would also be helpful, for example, if Schulte would communicate his thinking of how others are responsible for the theft.”

Yet that didn’t work, at least not immediately. In the aftermath of that order, Schulte’s team said the Wall Counsel hasn’t responded substantively to a previously written request. That seems to be a justifiable complaint about the difficulties of working with Classified Information Protect Act and Wall Counsel (to say nothing of really complex technical issues which none of the lawyers fully understand). It’s like a giant game of telephone and Schulte’s right to a fair trial is at stake.

Which is why the government should take this offer from Shroff more seriously than they appear to have done: giving Schulte’s expert direct access to the full set of data he seeks.

We have offered to limit the access to either counsel or go even further and limit the access to just the expert. We have even offered that the CIA need not give it to us. We would go to the CIA or the expert would go to the CIA to review the forensics.

Even while it could use CIPA to limit what they give Schulte’s team, it would serve the government to give his expert this access.

I say that, first of all, because of who Schulte’s expert is: Columbia University CompSci professor Steve Bellovin. He’s not just some forensics guy with clearance. He’s someone who has served in governmental positions (most notably as PCLOB’s tech expert for a year). That means he has already seen government spying in action, and what he’d see here would be a server that got replaced, probably before April, and some hacking tools and targets there were in no way exceptional.

Just as importantly, Bellovin is well-respected in the activist community, both on technical matters and judgment. If Bellovin were to test Schulte’s alternative explanation for the leak of the Vault 7 files and Schulte subsequently pled (suggesting that Shroff had counseled that he not take his theories to trial), it would suggest that Schulte’s story didn’t hold up to Bellovin’s scrutiny.

If that happened, it would be a key statement about not just what Schulte has claimed, but about what WikiLeaks did, in releasing the files in 2017.

As the government tells it, Schulte got in a fight with a colleague in December 2015, which led him to sour on the CIA as early as February 2016. When the agency didn’t respond in the way he wanted to Schulte’s claim that the colleague had threatened him, he started to retaliate in April 2016 by first copying the backup server holding all the CIA’s hacking tools, then sending it to WikiLeaks. In short, the government’s story is that Schulte simply burned the CIA’s hacking capabilities to the ground because he felt like they wronged him, a fairly breathtaking claim for one of the most damaging leaks to the government in history.

Schulte’s story is harder to suss out for a number of reasons: the defense has avoided putting this in writing, in part in an attempt to protect their theory of defense, some of what Schulte has argued is classified and still sealed, and other parts consist of rants he has published online or in dockets, not coherent arguments. Plus, some of Schulte’s claims are clearly lies, most demonstrably his claim that, “Federal Terrrorists [sic] had no evidence of plaintiff actually using cell phone” before they got a warrant relying on an affidavit that included pictures of him using the phone he had in MCC.

Schulte’s theory, as available, consists of three parts:

  • More people had access to the backup server from which the files were stolen than the government claims
  • The files were relatively easier to steal from an offsite backup server than the onsite one the government alleges Schulte stole them from
  • The likely culprits used security vulnerabilities he (claims to have) identified to CIA managers to steal the files

Evidence he’s making the first argument appears in his lawsuit against the Attorney General, where he claims the government has lied about the number of people who could access the server with the hacking tools.

AG lies about the number of people who had access to the classified information

Given a passage from the government’s response to his motion to suppress, Schulte must be referring to the claim that 200 people had access to the servers themselves, not the claim that 3-5 people had access to the backup server from which FBI claims the files were stolen. Schulte’s sealed filing appears to have argued that a second CIA group had access to the server.

Schulte does not dispute that the CIA Group was responsible for using and maintaining the LAN, that as of March 2016 fewer than 200 employees were assigned to the CIA Group, or that only these employees had access to the LAN. (See id. ,r 8(b)). Rather, Schulte argues that Agent Donaldson failed to note in the Covert Affidavit that a second CIA group (“CIA Group-2”), [redacted], allegedly also had access to the LAN.

For what it’s worth, the government disputes this claim outright. They introduce and conclude an otherwise redacted discussion by twice asserting this claim is false.

Schulte’s assertions about CIA Group-2’s access to the LAN are untrue [seven lines redacted] In short, Schulte is simply wrong.

Schulte’s claim that the files were more easily stolen from an offsite backup server may be more of a throwaway, based on what the government provided in discovery, reflecting what a contractor said almost a year into the investigation. (Remember that the government is not meaning to restate Schulte’s theories here, but instead to refute his claim that the initial affidavit against him included reckless errors.)

Schulte does not challenge that the Classified Information was taken from a back-up file, but instead argues that the back-up files were also stored at an offsite location (the “Offsite Server”), based on a network diagram of the LAN, and that, in one CIA Group contractor’s opinion, the “easiest” way to steal those back-up files was from the Offsite Server. None of this information, however, renders Agent Donaldson’s assessment misleading. Initially, while it is true that the back-up files were also stored in an Offsite Server, Agent Donaldson never suggested that the only place that the back-up files existed was the Back-up Server. Nor did Agent Donaldson opine in the abstract on the easiest method of exfiltrating the Classified Information from the LAN. Rather, he merely stated that it was “likely” that the Classified Information had come from the Back-Up Server, an eminently reasonable conclusion, given that the Back-Up Server contained the back-up files that mirrored the Classified Information, and Schulte–whom the FBI properly identified as a likely perpetrator of the theft–had access to it. Gates, 462 U.S. at 230-31 (courts do not isolate each factor of suspicion but look at the totality of the circumstances). The opinion of the contractor–who did not have access to all of the information and who had no relevant investigatory experience–in no way undermines that assessment, particularly when (i) that opinion is contradicted by [redacted], a LAN system administrator and a witness upon whom Schulte relies in his motion, who stated that “the easiest way to steal the data leaked by WikiLeaks” was for someone with administrative access to the LAN to “simply remov[e] the backup file from the network application” (i.e., the Back-Up Server) (Shroff C. Decl., Ex. I); and (ii) even if the contractor’s opinion was relevant, it was not conveyed to the FBI until February 2018, nearly a year after the date of the Covert Affidavit, see Garrison, 480 U.S. at 85.

Significantly, the government bases its claim that Schulte leaked classified information from jail in part on him sharing a “Network Structure Document” with someone (probably a reporter); given that some of the other information he is alleged to have leaked in violation of classification or protective orders was meant to sustain his claims of innocence, this probably does too. If so, that would suggest he was floating this theory about a year ago.

Finally, in his Presumption of Innocence blog, Schulte maintains that the CIA network was vulnerable in ways that he claims he raised with the CIA before he left.

I reported numerous security vulnerabilities that I discovered within our network and particularly issues with system administration, backup, and protection of some of our prominent tool sets. I was continually met with pushback and retaliatory responses that ultimately forced me to resign. My final acts were to file complaints with the OIG and the House Select Committee on Intelligence to hopefully prevent future retaliatory actions against others.

So while the government claims that Schulte retaliated by leaking the CIA’s hacking tools because the CIA wasn’t treating him with the respect he thought he deserved, Schulte appears to be claiming that possibly members of CIA’s Group-2 or perhaps even outsiders stole the files via vulnerabilities he identified before he left.

While not exactly the same, WikiLeaks made related claims when they released the files, in part as rationale for publishing them.

Compare what we can make out of Schulte’s defense with what WikiLeaks published in its “press release” accompanying the first Vault 7 release. WikiLeaks describes CIA “losing control” of its hacking tools, not someone leaking them.

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

While it mentions former US government hackers (which could include Schulte), it also invokes contractors (the press release elsewhere mentions Hal Martin), and contractors were the presumed source for Vault 7 files at the time. While WikiLeaks acknowledges that the files came from “an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina [sic]” the description of the archive circulating in unauthorized fashion suggests that WikiLeaks is claiming the files were more broadly accessible.

The “press release” also suggests CIA’s hacking division had 5,000 users, implying all were involved in the production of hacking tools.

By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware.

While that may or may not be the CIA Group-2 Schulte claims had access to the servers, it certainly suggests a far larger universe of potential sources for the stolen files than the 200 the government claims, much less the around 5 SysAdmins who had privileges to the backup server.

The purported motive for releasing these tools — both that of the source and of Assange — is partly the insecurity of having such tools lying around.

In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.

Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.

Julian Assange, WikiLeaks editor stated that “There is an extreme proliferation risk in the development of cyber ‘weapons’.

[snip]

Securing such ‘weapons’ is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces — sometimes by using the very same ‘weapons’ against the organizations that contain them.

[snip]

Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by peer states, cyber mafia and teenage hackers alike.

In other words, WikiLeaks justified posting development notes for a significant portion of CIA’s hacking tools — and ultimately the source code for one — to prevent “teenage hackers” from obtaining such weapons and using them. (By this February, a security researcher had made his own hacking module based off what WikiLeaks had released.) A key part of that claim is the risk that CIA itself had not sufficiently secured its own tools, that they were “circulat[ing] … in an unauthorized manner.” That is, WikiLeaks purports to be the fulfillment of and remedy for precisely the risk Schulte claims — in his Presumption of Innocence blog — he warned the CIA about.

Except the government claims that’s not true.

It is true, as the affidavit in dispute in Schulte’s motion to suppress lays out, that Schulte wrote a “draft resignation letter” purporting to warn about these dangers and, on his last day, sent the CIA’s Inspector General a letter raising the same issues. The government reviews what he did at length in their response to his motion to suppress.

Agent Donaldson discussed the circumstances of Schulte’s resignation from the CIA in November 2016, including a letter and email he wrote complaining about his treatment. (Id. ,i,i 19-20). On October 12, 2016, Schulte sent an email to another CIA Group employee with the subject line “ROUGH DRAFT of Resignation Letter *EYES ONLY*,” which attached a three-page, single-spaced letter (the “Letter”). (Id. ,i 19(a)). In the Letter, Schulte stated that the CIA Group management had unfairly “veiled” CIA leadership from various of Schulte’s “concerns about the network security of the CIA Group’s LAN” and that “[t]hat ends now. From this moment forward you can no longer claim ignorance; you can no longer pretend that you were not involved.” (Id. ~ 19(a)(ii)). The Letter also stated that Schulte was resigning because management had “‘ignored'” issues he had raised about ‘”security concerns,”‘ including that the LAN was ‘”incredibly vulnerable’ to the theft of sensitive data.” (Id. ~ 19(a)(iii)). In particular, Schulte stated that the “inadequate CIA security measures had ‘left [the CIA Group’s LAN] open and easy for anyone to gain access and easily download [from the LAN] and upload [sensitive CIA Group computer code] in its entirety to the [public] internet.”‘ (Id.~ 19(a)(iv)).

[snip]

However, on November 10, 2016, Schulte’s last day at the CIA, Schulte sent an internal email to the CIA’s Office of Inspector General (“OIG”), which Schulte marked “Unclassified,” advising that he had been in contact with the U.S. House of Representatives’ Permanent Select Committee on Intelligence regarding his complaints about the CIA (the “OIG Email”). (Id ~ 19(c)). The OIG Email raised many of the same complaints in the Letter, including “the CIA’s treatment of him and its failure to address the ‘security concerns’ he had repeatedly raised in the past.” (Id ~ 19(c)(i)). Although Schulte had labeled the OIG Email “Unclassified,” the CIA determined that the OIG Email did in fact contain classified information. (Id.~ 19(c)(iii)). Schulte nevertheless printed and removed the email from the CIA when he left that day. (Id ~ 19( c )(ii)).

As the government response notes, the affidavit describes that Schulte never actually sent the resignation letter.

Agent Donaldson noted that Schulte did not appear to send the Letter. (Id. ~ 19(b)).

A later discussion of the resignation letter as part of a summary of the probable cause against Schulte goes still further, claiming that there is no record that Schulte raised security concerns with CIA management (which is presumably one reason he asked for all his emails).

(iv) drafted a purported “resignation email,” in which he claimed essentially that he had warned CIA management about security concerns with the LAN7 that were so significant that the LAN’s contents could be posted online–precisely what happened four months later (see id. ,r 19);

7 There is no record of Schulte reporting any such security concerns to CIA management.

The government makes Schulte’s allegedly false claim to have raised concerns about the security of the CIA tools a key part of its short summary of the probable cause against Schulte, insinuating that Schulte wrote both the resignation letter and the letter to the IG (which he wrote five and six months, respectively, after the government alleges he stole the files) as a way to create a cover story for the leaked documents.

Thus, even if the Covert Affidavit was rewritten to Schulte’s (incorrect) specifications, it would still establish probable cause by showing that Schulte was a CIA employee with a grudge against the CIA and a track record of improperly accessing and taking classified information, who left the CIA claiming that classified information from the LAN would one day be sprayed across the Internet and who worried about the investigation when his “prophecy” came to pass.

Of course, the government — especially intelligence agencies like the NSA and CIA — always dismiss the claims to be whistleblowers of leakers. The CIA claimed Jeffrey Sterling only leaked details of the Merlin operation because he was disgruntled about an EEOC complaint they had denied. NSA denied that Edward Snowden had raised concerns — first at CIA about its security, then at NSA about the boundaries of EO 12333 and Section 702. In the former case, however, the government knows of at least three other people who thought Sterling’s concerns had merit, and the actual details around Merlin’s own activities were a clusterfuck. In the latter, even a really problematic HPSCI report acknowledges that both incidents occurred, and NSA ultimately released enough of the backup to show that the NSA undersold the latter instance (though Snowden’s claims were not as substantive as he claimed).

Thus far, Schulte has presented no such counterevidence (indeed, the docket does not show his team submitted a reply to the government’s response before their August 16 deadline, though a reply could be held up in classification review). [Update: This letter asking to sever the MCC charges from the WikiLeaks charges says they’re still working on their replies.]

There may be a very good reason why Schulte’s defense didn’t go there: because one of the lies the government claims he told to FBI Agents on March 20 and 21, 2017 involves making CIA systems more vulnerable to the theft of data.

On or about March 20 and 21, 2017, Schulte … denied ever making CIA systems vulnerable to the theft of data.

Aside from this mention, this allegation doesn’t otherwise appear in public documents I’m aware of. But the implication is that before Schulte wrote two documents that — the government claims — served to establish a cover story claiming he leaked the documents because CIA’s server was vulnerable to theft, he tampered with the CIA’s server to make it more vulnerable to theft.

There actually is evidence that the server was vulnerable to theft. In Crotty’s opinion, he overruled the government’s effort to withhold some internal reports on the leak under CIPA. He explained,

These documents [redacted] might help Schulte advance a theory that DevLAN’s vulnerabilities could have allowed someone else to have taken the leaked data. They also support the defense’s theory that Schulte’s behavior while an employee of the CIA was consistent with someone who was trying to help the agency address security flaws, rather than someone who was a disgruntled employee.

That’s why it’d be worthwhile for Bellovin to have access to the server directly: to test not just how vulnerable the servers really were (I bet he’d be willing to help improve their security along the way!), but also to test himself whether there’s any evidence that someone besides Schulte exploited those vulnerabilities.

The government’s reliance on CIPA in this case is an attempt to try Schulte for an unbelievably sensitive leak without (as Crotty laid out) giving him opportunity to leak some more.

But the case goes beyond Schulte’s actions, to implicate WikiLeaks’ actions (court filings make it clear that WikiLeak’s claims around this leak were false in another manner, one which I’m not describing at the government’s request). And while details of CIA’s unexceptional hacking program are useful for researchers to have, it would matter if the stated rationale for releasing them was bullshit manufactured after the fact. That’s all the more true if WikiLeaks — which used to boast its perfect record on verification — knew the claim to be false, particularly given how and when it released these files, with an attempt to extort the US government and in the wake of the Russian hacks, at a time CIA would have needed these tools to prevent follow-ups.

Three months after Schulte’s trial (if this does go to trial), the government will be embroiled in attempting to extradite Julian Assange under charges that are rightly being attacked as an assault on the press. The government is never going to reveal all it knows about Assange (including, pertinent to this case, whether there’s any evidence Assange used some of the CIA’s own tools for his own benefit). Bellovin, if he were permitted to review the CIA server, would never be in a position to reveal what he learned; but his role in this case provides a rare opportunity for a trusted outsider to weigh in on a controversial case.

Effectively, a guy who authored CIA’s obfuscation tool and purportedly planned an information war from jail — complete with fake FBI and CIA personas — may have created the vulnerability he claimed to be exposing by leaking the files. If Bellovin were able to test that possibility, it would go a long way to shift an understanding about WikiLeaks recent intentions with the US government.

The Epistemology of Security Clearance Dick-Waving

As I disclosed last month, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

I really couldn’t be bothered to get hot and bothered about President Trump stripping John Brennan of his security clearance. Brennan himself has been involved in the politicization of security clearances (perhaps most directly in Jeffrey Sterling’s case), and to have David Petraeus, of all people, complain about politicized security clearances, discredits the pushback. I’m far more concerned about the loyalty policing at EPA, Interior, Department of Education, and on the DOJ team attacking ObamaCare than I am about Brennan, because the bullying of those more obscure people will have a tangible effect on Americans’ lives. Indeed, the fact that Trump issued a declaration stripping Brennan of his clearance on July 26 but we only learned about it on August 15 is a testament to how little impact this has, other than the posturing around it.

But it has led to dangerous politicization elsewhere.

After being stripped of his clearance, Brennan wrote this op-ed.

In it, Brennan spends six paragraphs setting up how deceitful are Russians generally and his former counterpart Alexander Bortnikov specifically, and how successfully they recruit targets, including Americans, leading from a description of Russian “perfidy” directly to deeming election tampering denials “hogwash.”

Brennan then turns to Trump. He leads his accusation that Trump “colluded” with Russia by describing how asking for Russian to find Hillary’s missing emails “openly authorized his followers to work” with Russians.

The already challenging work of the American intelligence and law enforcement communities was made more difficult in late July 2016, however, when Mr. Trump, then a presidential candidate, publicly called upon Russia to find the missing emails of Mrs. Clinton. By issuing such a statement, Mr. Trump was not only encouraging a foreign nation to collect intelligence against a United States citizen, but also openly authorizing his followers to work with our primary global adversary against his political opponent.

Brennan then points to what he has read in “the reporting of an open and free press” to declare Trump’s claims of no collusion — as he had just claimed Russia’s denials of election interference — to be “hogwash.”

Such a public clarion call certainly makes one wonder what Mr. Trump privately encouraged his advisers to do — and what they actually did — to win the election. While I had deep insight into Russian activities during the 2016 election, I now am aware — thanks to the reporting of an open and free press — of many more of the highly suspicious dalliances of some American citizens with people affiliated with the Russian intelligence services.

Mr. Trump’s claims of no collusion are, in a word, hogwash.

The only questions that remain are whether the collusion that took place constituted criminally liable conspiracy, whether obstruction of justice occurred to cover up any collusion or conspiracy, and how many members of “Trump Incorporated” attempted to defraud the government by laundering and concealing the movement of money into their pockets.

In response, Richard Burr issued this testy statement, defending Trump’s action of stripping the clearance of a former CIA Director with whom Burr got along splendidly when he was spying on Burr’s own separate branch of government oversight committee.

Director Brennan’s recent statements purport to know as fact that the Trump campaign colluded with a foreign power. If Director Brennan’s statement is based on intelligence he received while still leading the CIA, why didn’t he include it in the Intelligence Community Assessment released in 2017? If his statement is based on intelligence he has seen since leaving office, it constitutes an intelligence breach. If he has some other personal knowledge of or evidence of collusion, it should be disclosed to the Special Counsel, not The New York Times.

If, however, Director Brennan’s statement is purely political and based on conjecture, the president has full authority to revoke his security clearance as head of the Executive Branch.

I’m offended by Burr’s statement not just because it ignores the plain language of Brennan’s op-ed, which it links, but for the epistemology of the Russian investigation suggested by the Senate Intelligence Committee Chair. Here’s the logic of the statement:

1. Brennan “purports” to know Trump colluded with a foreign power

Here, Burr ignores how Brennan defines it — first “authorizing his followers to work” with Russia by calling on them to find Hillary’s missing emails, and then “highly suspicious dalliances of some American citizens with people affiliated with the Russian intelligence services” — stuff that’s public. He also ignores that Brennan himself says he doesn’t know whether the “collusion” involved constitutes a criminally liable conspiracy. That is, Brennan is defining collusion as something less than a criminal conspiracy to cooperate to cheat on the election, but Burr doesn’t care.

2. Why doesn’t Brennan’s claim show up in the Brennan-led Intelligence Community Assessment?

Again, Burr ignores Brennan’s description of becoming aware of this in the time period after he “had deep insight into Russian activities during the 2016 election” — so after he left the CIA — and taunts him that the ICA Brennan oversaw showed no evidence of collusion. The implication is Brennan’s ability to know if there were collusion ended on January 20, 2017. (Burr is also ignoring that there were two different investigations even while Brennan was in government — the intelligence investigation led by Brennan, which by law should not be targeting Americans, and the several parallel counterintelligence investigations at FBI, which could investigate Americans.)

Burr then presents three and only three possibilities for how Brennan might have knowledge of collusion, once again ignoring the free press that Brennan clearly attributes it to. First, either intelligence, or personal knowledge:

3. If Brennan has something called “intelligence” proving Trump’s collusion, then it must have come from an intelligence breach.

4. If he has something called “personal knowledge” of collusion, then it must only be shared with Mueller’s team, not with the NYT.

That’s it, according to the Senate Intelligence Chair, for real information about collusion. Either it’s intelligence to which Brennan is no longer entitled (assuming, of course, that Gina Haspel would have no reason to share intelligence about Russia with Brennan in some kind of consultation, which — if Brennan did then pass that on publicly, would be the only proper reason to strip his clearance). Or it’s “personal information,” usually called “evidence,” which may only be shared with Mueller and not with the press. “Intelligence,” which is the purview of the Intelligence Committee and the agencies it oversees. Or “evidence,” which is the purview of a DOJ investigation. Either/or.

That’s, of course, illogical, and not just because Burr’s own committee is investigating some of the same “evidence” that the FBI is, notably what happened on social media and what some witnesses have testified about, in secret, to the committee, and witnesses to both (like Rob Goldstone) have also commented publicly.

It’s illogical, too, because there are other ways to get real evidence of collusion. I believe I have evidence of collusion. I shared it with the FBI, sure. But after I revealed that I had provided information to the FBI in July, I also shared limited parts of it with some Republican Congressmen, in hopes of explaining to them how serious the investigation is and showing that entire parts of it don’t derive from Peter Strzok’s decisions. I’ve also discussed, prospectively, sharing it with some former top intelligence officials (unsurprisingly, not Brennan), in the interests of elucidating parts of the Russian attack they missed.

Yet even though his either/or proposition is false, Burr then uses it to proclaim Trump’s treatment of Brennan proper based on this remarkable statement:

5. “If, however, Director Brennan’s statement is purely political and based on conjecture, the president has full authority to revoke his security clearance as head of the Executive Branch.”

Having set up this false either/or proposition, Burr then suggests anything else must be “purely political” and “based on conjecture,” and — without showing the logical relation between the two clauses in this sentence — states that the President has the authority to revoke Brennan’s security clearance.

(If NOT (intelligence or evidence,) THEN political conjecture) THEN strip the damn clearance.

It is true that thus far the case law suggests that a President does have the authority to strip Brennan’s clearance (though a Brennan challenge, or even more easily, a Bruce Ohr challenge, might establish new limits to that authority). But that authority has no relationship to the claimed political or conjectural nature of Brennan’s comments. Not only does Burr suggest it does — suggest that stripping security clearances because of speech perceived to be political is not just proper but justified — but by yoking these two clauses together in one sentence, Burr suggests punishing political speech is in some way intimately tied to the authority therein.

Plus, as Brad Heath noted, Burr’s statement argues that Trump was right to strip Brennan’s clearance on July 26 because of statements Brennan made on August 16.

The Chairman of the Intelligence Committee, mind you, made this statement.

But here’s the reason why I really care about this.

Back when he was CIA Director, I openly criticized Brennan for the way he worked the press to get the most hawkish read of the Russian attack into the press. But I didn’t think his efforts arose from partisanship. Rather, it was an effort to raise alarm bells about the attack in the last weeks of the Administration. Such use of the press happens all the time when Administration officials are trying to advance their favored policy decisions.

Burr, however, is using his position of authority to affirmatively tie security clearances to speech he (or the President) deems excessively political. He’s doing it even as he argues there are just two appropriate categories of weighing whether collusion happened or not, intelligence (his purview) or evidence (Mueller’s). And he’s doing it as his committee is leading what has, up to this point, been the only Congressional investigation not utterly discredited by partisan bickering.

That pisses me off for several reasons. First, Burr is in the same breath being a raging partisan and asserting that his committee is one of the only entities that can appropriately weigh whether Trump conspired with Russia to win the election. He’s putting a thumb on the scale at precisely the moment that he claims only he (and Mueller) get to decide whether collusion happened. This raises real questions in my mind about what would happen if and when SSCI came upon information that shows Trump conspired with Russia. It raises real doubts in my mind about whether SSCI is able to conduct their investigation.

More importantly, he’s wrong. He’s wrong for the obvious reason that journalists are discovering important threads of the Russia investigation. Indeed, the part of SSCI’s work they’re most proud about — Russia’s use of social media — came out of a lot of really good reporting on the topic.

He’s wrong because we’re a democracy and whether Trump conspired with Russia will one day be most critically decided in a political sphere. As we get closer to that day, the American public has every right to read these two data points together and consider whether they show Trump and the Russians conspiring.

“Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing. I think you will probably be rewarded mightily by our press.”

For example, on or about July 27, 2016, the Conspirators attempted after hours to spearphish for the first time email accounts at a domain hosted by a third-party provider and used by Clinton’s personal office. At or around the same time, they also targeted seventy-six email addresses at the domain for the Clinton Campaign.

And he’s wrong because none of the certified experts are getting the Russia story entirely right. As I said, I’ve had conversations in the last several months with Republican congressmen, former top intelligence officials, and a whole lot of experts on the Russian attack, including (but not limited to) top InfoSec people, other journalists, and some key witnesses. Even aside from the stuff I went to the FBI about (which might give me special insight to what happened, but also has made me admittedly blindered about other issues) all of those people, including me, have missed key things or gotten key details wrong. Just as one example, in conversations I’ve had with that ilk of people, every single person save one has either misread key parts of the GRU indictment or read in their prior assumptions (the one exception had the advantage of being a key witness behind at least two paragraphs of the indictment). That’s just one example, but it’s an example that suggests we need more honest discussion and less of Burr and Trump’s attempt to decertify democratic speech about what the President did.

The Chair of the Intelligence Committee, Richard Burr, effectively asserted that he is one of the few authorities with the right to say, based off what his committee does in private, whether Trump conspired with Russia or not, and that any citizen deigning to weigh in based off the public evidence may be properly disciplined by the President. The statement goes a long way to discredit the investigation his committee is doing, a real blow to his staffers’ success at bridging any partisan divide. Most importantly, because it so badly gets the epistemology of an attack that targeted all Americans wrong, it raises real questions about Burr’s understanding of the Russian attack at issue.

Kashyap Patel Had Better Not Rely on the Bill Duhnke Precedent

Contrary to what a lot of people understand of the case, Jeffrey Sterling was not the CIA’s first suspect for the Merlin leaks to James Risen. Senate Intelligence Committee Staff Director Bill Duhnke was. As former CIA press person Bill Harlow testified, he told the FBI that James Risen had close ties to Duhnke when he first talked to them about Risen’s story.

Q. Okay. And you also told them that someone they should talk to about something like this would be Bill Duhnke, a person named Bill Duhnke, correct, up at the — that worked at the U.S. Senate?

BY MR. MAC MAHON: Q. Now, Mr. Harlow, in 2003, you told the FBI that you thought that Mr. Risen might reach out to the Staff Director of the Senate Select Intelligence Committee on Intelligence for confirmation, that Mr. Risen would, correct?

[snip]

A. My recollection is what the FBI asked me is who are the kind of people that Risen might talk to on a story like this, and I told them that he had regular contact with the Congressional Oversight Committees, including the Senate Intelligence Committee, and so the kind of places he might go to ask about the story would be the Senate Oversight committees. That’s my recollection of it. You know, it’s a dozen years ago but —

Q. And one of the names you gave them was Bill Duhnke, right?

A. Right.

As FBI Agent Hunt explained, however, she was hampered from investigating whether Duhnke (who knew aspects about Merlin that Sterling did not which showed up in Risen’s reporting) was a source for Risen because Senator Pat Roberts refused to cooperate with the FBI, even after then FBI Director Robert Mueller requested himself.

Q. And do you also remember writing in 2006 that the FBI director contacted the SSCI Chairman and Senator Pat Roberts, right?

A. Yes.

Q. And that Senator Roberts told Director Mueller that he wasn’t going to cooperate with the FBI at all in this investigation, correct?

A. Yes.

Q. And that never changed, did it?

A. It did change.

Q. You then got some cooperation from SSCI, correct?

A. I did. Q. You never got an interview with Mr. Duhnke, right?

A. I did not interview Mr. Duhnke.

Thus it happened that Speech and Debate prevented the FBI from investigating whether a key Intelligence Committee staffer played a role in a leak the government claimed was one of the worst ever.

I thought of that precedent when I read this passage in the NYT’s latest story on DOJ’s belated realization that Devin Nunes was using purported oversight requests to discover details that might help Trump delegitimize the Mueller investigation.

In another meeting, Mr. Rosenstein felt he was outright misled by Mr. Nunes’s staff. Mr. Rosenstein wanted to know whether Kashyap Patel, an investigator working for Mr. Nunes who was the primary author of the disputed memo, had traveled to London the previous summer to interview a former British spy who had compiled a salacious dossier about Mr. Trump, according to a former federal law enforcement official familiar with the interaction.

Mr. Patel was not forthcoming during the contentious meeting, the official said, and the conversation helped solidify Mr. Rosenstein’s belief that Mr. Nunes and other allies in Congress were not operating in good faith.

And these passages in an earlier NYT piece on Patel.

Over the summer, Mr. Nunes dispatched Mr. Patel and another member of the committee’s Republican staff to London, where they showed up unannounced at the offices of Mr. Steele, a former British intelligence official.

Told Mr. Steele was not there, Mr. Patel and Douglas E. Presley, a professional staff member, managed to track him down at the offices of his lawyers. There, they said they were seeking only to establish contact with Mr. Steele, but were rebuffed and left without meeting him, according to two people with knowledge of the encounter.

A senior official for the Republican majority on the Intelligence Committee, who spoke on the condition of anonymity because he was not authorized to speak about the matter, said the purpose of the visit had been to make contact with Mr. Steele’s lawyers, not Mr. Steele. Still, the visit was highly unusual and appeared to violate protocol, because they were trying to meet with Mr. Steele outside official channels.

Ordinarily, such a visit would be coordinated through lawyers, conducted with knowledge of the House Democrats, who were not informed and the American Embassy.

Given Rosenstein’s concerns that Patel was lying, I find it particularly interesting that he didn’t inform the American Embassy when he was there. It’s as if he was looking for a back channel!

As NYCSouthpaw noted, Patel has been hanging around the White House since he’s started playing this role.

In the months since, Mr. Patel has apparently forged connections at the White House. In November, he posted a series of photos to Facebook of him and several friends wearing matching shirts at the White House bowling alley. “The Dons hit the lanes at 1600 Pennsylvania,” Mr. Patel wrote under the photos.

This would suggest that the Nunes designee who has had firsthand access to all this intelligence, has also gotten really comfortable with the White House, leaving the possibility that he has shared the information with those in charge of delegitimize the investigation.

I’ve long wondered why Nunes has refused to read the information he has fought so hard to get access to. But by giving Patel that access without reading the materials himself, Nunes ensures that someone with easy access to the White House sees the materials, without jeopardizing the power to refuse any cooperation with Mueller.

Nunes, like Roberts did in 2006, could simply refuse to cooperate under speech and debate.

And it might well work!

There is, however one problem with that. You see, one of the ways (admittedly one of the less offensive ways) the President has interfered in the operations of DOJ is by demanding that the department ratchet up the leak investigations. And at a time last summer where Trump was threatening to fire Sessions so he could hire someone who could interfere with the Mueller investigation, Sessions and Dan Coats rolled out a new war on leaks, speaking of new permissiveness for prosecutors. Both Sessions…

To prevent these leaks, every agency and Congress has to do better.

We are taking a stand. This culture of leaking must stop.

[snip]

Finally, here is what I want to tell every American today: This nation must end the culture of leaks. We will investigate and seek to bring criminals to justice. We will not allow rogue anonymous sources with security clearances to sell out our country any longer.

These cases are never easy. But cases will be made, and leakers will be held accountable.

All of us in government and in every agency and in Congress must do better.

And Coats invoked Congress as a source of leaks specifically.

I would like to point out, however, that these national security breaches do not just originate in the Intelligence Community. They come from a wide range of sources within government, including the Executive Branch and including the Congress.

At the time, those mentions were deemed a warning that (in addition to changing the rules allowing them to pursue journalists), DOJ would also start pursuing Congress and its staffers more aggressively.

So while the available evidence suggests that Patel may be part of Nunes’ effort to funnel information to the White House, and while past history has shown that Nunes’ counterparts have been able to protect intelligence committee leakers, perhaps the witch hunt demanded by Trump will change that.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Reality Winner: The Cost of Mounting a Defense Arguing the Government Overclassifies

In this Democracy Now appearance, Reality Winner’s mom, Billie Winner-Davis, suggested that, whereas her case had originally been due to go to trial next month, it now looks like it will stretch into 2019.

We do not have a trial date at this point. The trial was originally scheduled for October, and then it was pushed to March. But as of right now, we do not have a new trial date. So we don’t know when she will be—face the jury. What I’m being told is that it will be late 2018, if not early February 2019.

Earlier this week the two sides submitted a proposed schedule that shows even that may be optimistic. Because Winner’s defense wants to use classified information to argue the document she is accused of releasing is not national defense information, it has to go through the onerous Classified Information Procedures Act process (see this for a description of the CIPA process) to get that information approved for use in a trial. If I’m doing the math correctly, most optimistically the proposed schedule looks like this:

  • March 30, 2018: Defense submits all proposed subpoenas
  • April 30: Deadline for discovery, including remainder of government’s CIPA Section 4
  • June 14: Government’s Rule 16 expert disclosures
  • July 14: Defendant’s Rule 16 expert disclosures, if they already have clearance (former ISOO head, Bill Leonard, who is already serving as expert witness already has clearance)
  • July 29: Defendant’s amended CIPA 5 notice
  • August 13: Government’s supplemental Rule 16 expert disclosures due, government’s objections to adequacy of defendant’s CIPA 5 notice
  • September 10: Government’ CIPA 6(a) motion
  • October 1: Defendant’s response to government’s CIPA 6(a) motion
  • October 15: Government’s reply to CIPA 6(a) motion
  • October 21: CIPA hearing (this is where the two sides argue about what classified information the defense needs to make her case)

At this point, there would either be 42 days to argue about CIPA 6(c) motion (where the government proposes unclassified substitutes). If that happens, it will be 90 days until trial, meaning it would start March 1. If it doesn’t, then the trial would skip that 42 day process and presumably drop into very early 2019).

  • Early January 2019 or March 1: Trial start

Again, this is a joint proposal, meaning the defense is on board with the long delay. Either they think they can win a graymail attempt (meaning the judge agrees they should get the classified information but the government refuses to provide adequate substitutes and so is forced to dismiss the case) or they believe they can make a case (with the help of Leonard) on the NDI claims generally. They may also anticipate that other events — the Mueller investigation, the congressional investigations into the Russian hack, state investigations, or more journalism — may make it clear how absurd it is to try Winner for information that has become publicly available as we have a public discussion about what the Russians did in 2016.

But if not, because (unlike most other people save Hal Martin recently charged under the Espionage Act) she will have been in jail for 19 months assuming an early January 2019 trial, or 21 months assuming a March 2019 trial. Winner is charged with one count of willful retention and dissemination of National Defense Information.

By comparison, Jeffrey Sterling, who was found guilty on nine counts, including five unauthorized disclosure counts, was sentenced to 42 months (the government had been asking for nine years, but Leonie Brinkema seemed to have reservations about the evidence behind a number of the guilty verdicts, and the sentencing came in the wake of the David Petraeus sweetheart two years of probation plea deal). Admittedly, the government piled on the charges in that case, whereas here they charged as one count things they might have charged as several (by charging both the leaks to The Intercept and WaPo, for example, or by charging her for not telling the full truth to the FBI). Nevertheless, Sterling was accused of exposing a critically sensitive program and an intelligence asset, whereas Winner is charged with leaking one document in an environment where very similar information is being leaked or released by multiple government sources.

Stephen Jin-Woo Kim, who pled guilty to one count of disseminating NDI pertaining to CIA resources in North Korea, was sentenced to 13 months.

This is the no-win situation Winner is in, trying to challenge her conviction after having been denied bail. Because of the way we deal with classified information, she’ll have served a likely full sentence by the time she gets to trial.

It still may be worth it. After all, if she wins at trial, she’ll avoid a record as a felon.

But the larger battle seems to be one about the ridiculousness of our classification system. As Leonard said (see PDF 99-100) in his declaration to explain why he was providing his services pro bono in this case, he believes the kind of overclassification of information that may be at issue here amounts to degrading the entire classification system.

My motivation for becoming involved in this case. was my concern for the integrity of the classification system. I strongly believe that classification is a critical national security tool and that the responsibilities of cleared individuals to properly protect classified information are profound. At the same time, government agencies have equally profound responsibilities and in this regard, I have long witnessed the over•classification of rnfonnation within the Executive Branch due to the failure of agencies to fulfill these responsibilities. In this way, the actions of agencies can actually undermine the integrity of the classification system in that to be effective, it must be used with precision. As Justice Potter Stewart said in the Pentagon Papers case, “when everything is classified, then nothing is classified … ”

[snip]

My involvement in [two prior prosecutions, that of Steven Rosen and Thomas Drake] confirmed for me the importance~ especially in criminal prosecutions, of not allowing representatives of the Executive Branch to simply assert that certain information is classified or closely held or potentially damaging if disclosed.

That is, Winner might prove a point: that this kind of information should be more accessible to the public.

But along the way she will have paid a very costly price.

Update, March 15: After two hearings, Magistrate Brian Epps cut two months off this schedule, setting Winner’s trial date for October 15. That will mean she will have been in jail over 16 months by the time of her trial.

Why I Left The Intercept: The Surveillance Story They Let Go Untold for 15 Months

The Intercept has a long, must-read story from James Risen about the government’s targeting of him for his reporting on the war on terror. It’s self-serving in many ways — there are parts of his telling of the Wen Ho Lee, the Valerie Plame, and the Jeffrey Sterling stories he leaves out, which I may return to. But it provides a critical narrative of DOJ’s pursuit of him. He describes how DOJ tracked even his financial transactions with his kids (which I wrote about here).

The government eventually disclosed that they had not subpoenaed my phone records, but had subpoenaed the records of people with whom I was in contact. The government obtained my credit reports, along with my credit card and bank records, and hotel and flight records from my travel. They also monitored my financial transactions with my children, including cash I wired to one of my sons while he was studying in Europe.

He also reveals that DOJ sent him a letter suggesting he might be a subject of the investigation into Stellar Wind.

But in August 2007, I found out that the government hadn’t forgotten about me. Penny called to tell me that a FedEx envelope had arrived from the Justice Department. It was a letter saying the DOJ was conducting a criminal investigation into “the unauthorized disclosure of classified information” in “State of War.” The letter was apparently sent to satisfy the requirements of the Justice Department’s internal guidelines that lay out how prosecutors should proceed before issuing subpoenas to journalists to testify in criminal cases.

[snip]

When my lawyers called the Justice Department about the letter I had received, prosecutors refused to assure them that I was not a “subject” of their investigation. That was bad news. If I were considered a “subject,” rather than simply a witness, it meant the government hadn’t ruled out prosecuting me for publishing classified information or other alleged offenses.

But a key part of the story lays out the NYT’s refusals to report Risen’s Merlin story and its reluctance — until Risen threatened to scoop him with his book — to publish the Stellar Wind one.

Glenn Greenwald is rightly touting the piece, suggesting that the NYT was corrupt for acceding to the government’s wishes to hold the Stellar Wind story. But in doing so he suggests The Intercept would never do the same.

That’s not correct.

One of two reasons I left The Intercept is because John Cook did not want to publish a story I had written — it was drafted in the content management system — about how the government uses Section 702 to track cyberattacks. Given that The Intercept thinks such stories are newsworthy, I’m breaking my silence now to explain why I left The Intercept.

I was recruited to work with First Look before it was publicly announced. The initial discussions pertained to a full time job, with a generous salary. But along the way — after Glenn and Jeremy Scahill had already gotten a number of other people hired and as Pierre Omidyar started hearing from friends that the effort was out of control — the outlet decided that they were going to go in a different direction. They’d have journalists — Glenn and Jeremy counted as that. And they’d have bloggers, who would get paid less.

At that point, the discussion of hiring me turned into a discussion of a temporary part time hire. I should have balked at that point. What distinguishes my reporting from other journalists — that I’m document rather than source-focused (though by no means exclusively), to say nothing of the fact that I was the only journalist who had read both the released Snowden documents and the official government releases — should have been an asset to The Intercept. But I wanted to work on the Snowden documents, and so I agreed to those terms.

There were a lot of other reasons why, at that chaotic time, working at The Intercept was a pain in the ass. But nevertheless I set out to write stories I knew the Snowden documents would support. The most important one, I believed, was to document how the government was using upstream Section 702 for cybersecurity — something it had admitted in its very first releases, but something that it tried to hide as time went on. With Ryan Gallagher’s help, I soon had the proof of that.

The initial hook I wanted to use for the story was how, in testimony to PCLOB, government officials misleadingly suggested it only used upstream to collect on things like email addresses.

Bob Litt:

We then target selectors such as telephone numbers or email addresses that will produce foreign intelligence falling within the scope of the certifications.

[snip]

It is targeted collection based on selectors such as telephone numbers or email addresses where there’s reason to believe that the selector is relevant to a foreign intelligence purpose.

[snip]

It is also however selector-based, i.e. based on particular phone numbers or emails, things like phone numbers or emails.

Raj De:

Selectors are things like phone numbers and email addresses.

[snip]

A term like selector is just an operational term to refer to something like an email or phone number, directive being the legal process by which that’s effectuated, and tasking being the sort of internal government term for how you start the collection on a particular selector.

[snip]

So all collection under 702 is based on specific selectors, things like phone numbers or email addresses.

Brad Wiegmann:

A selector would typically be an email account or a phone number that you are targeting.

[snip]

So that’s when we say selector it’s really an arcane term that people wouldn’t understand, but it’s really phone numbers, email addresses, things like that.

[snip]

So putting those cases aside, in cases where we just kind of get it wrong, we think the email account or the phone is located overseas but it turns out that that’s wrong, or it turns out that we think it’s a non-U.S. person but it is a  U.S. person, we do review every single one to see if that’s the case.

That PCLOB’s witnesses so carefully obscured the fact that 702 is used to collect cybersecurity and other IP-based or other code collection is important for several reasons. First, because collection on a chat room or an encryption key, rather than an email thread, has very different First Amendment implications than collecting on the email of a target. But particularly within the cybersecurity function, identifying foreignness is going to be far more difficult to do because cyberattacks virtually by definition obscure their location, and you risk collecting on victims (whether they are hijacked websites or emails, or actual theft victims) as well as the perpetrator.

Moreover, the distinction was particularly critical because most of the privacy community did not know — many still don’t — how NSA interpreted the word “facility,” and therefore was missing this entire privacy-impacting aspect of the program (though Jameel Jaffer did raise the collection on IP addresses in the hearing).

I had, before writing up the piece, done the same kind of iterative work (one, two, three) I always do; the last of these would have been a worthy story for The Intercept, and did get covered elsewhere. That meant I had put in close to 25 hours working on the hearing before I did other work tied to the story at The Intercept.

I wrote up the story and started talking to John Cook, who had only recently been brought in, about publishing it. He told me that the use of 702 with cyber sounded like a good application (it is!), so why would we want to expose it. I laid out why it would be questionably legal under the 2011 John Bates opinion, but in any case would have very different privacy implications than the terrorism function that the government liked to harp on.

In the end, Cook softened his stance against spiking the story. He told me to keep reporting on it. But in the same conversation, I told him I was no longer willing to work in a part time capacity for the outlet, because it meant The Intercept benefitted from the iterative work that was as much a part of my method as meetings with sources that reveal no big scoop. I told him I was no longer willing to work for The Intercept for free.

Cook’s response to that was to exclude me from the first meeting at which all Intercept reporters would be meeting. The two things together — the refusal to pay me for work and expertise that would be critical to Intercept stories, as well as the reluctance to report what was an important surveillance story, not to mention Cook’s apparent opinion I was not a worthy journalist — are why I left.

And so, in addition to losing the person who could report on both the substance and the policy of the spying that was so central to the Snowden archives, the story didn’t get told until 15 months later, by two journalists with whom I had previously discussed 702’s cybersecurity function specifically with regards to the Snowden archive. In the interim period, the government got approval for the Tor exception (which I remain the only reporter to have covered), an application that might have been scrutinized more closely had the privacy community been discussing the privacy implications of collecting location-obscured data in the interim.

As recently as November, The Intercept asked me questions about how 702 is actually implemented because I am, after all, the expert.

So by all means, read The Intercept’s story about how the NYT refused to report on certain stories. But know that The Intercept has not always been above such things itself. In 2014 it was reluctant to publish a story the NYT thought was newsworthy by the time they got around to publishing it 15 months later.

10 Years of emptywheel: Key Non-Surveillance Posts 2013-2015

Happy Birthday to me! To us! To the emptywheel community!

On December 3, 2007, emptywheel first posted as a distinct website. That makes us, me, we, ten today.

To celebrate, over the next few days, the emptywheel team will be sharing some of our favorite work from the last decade. I’ll be doing 4 posts featuring some of my most important or — in my opinion — resilient non-surveillance posts, plus a separate post bringing together some of my most important surveillance work. I think everyone else is teeing up their favorites, too.

Putting together these posts has been a remarkable experience to see where we’ve been and the breadth of what we’ve covered, on top of mainstays like surveillance. I’m really proud of the work I’ve done, and proud of the community we’ve maintained over the years.

For years, we’ve done this content ad free, relying on donations and me doing freelance work for others to fund the stuff you read here. I would make far more if I worked for some free-standing outlet, but I wouldn’t be able to do the weedy, iterative work that I do here, which would amount to not being able to do my best work.

If you’ve found this work valuable — if you’d like to ensure it remains available for the next ten years — please consider supporting the site.

2013

What a Targeted Killing in the US Would Look Like

Amid now-abandoned discussions about using the FISA court to review targeted killing, I pointed out that a targeted killing in the US would look just like the October 28, 2009 killing of Imam Luqman Abdullah.

Article II or AUMF? “A High Level Official” (AKA John Brennan) Says CIA Can Murder You

When the second memo (as opposed to the first 7-page version) used to authorize the killing of Anwar al-Awlaki, it became clear that OLC never really decided whether the killing was done under Article II or the AUMF. That’s important because if it’s the latter, it suggests the President can order anyone killed.

John Brennan Sworn in as CIA Director Using Constitution Lacking Bill of Rights

I know in the Trump era we’re supposed to forget that John Brennan sponsored a whole lot of drone killing and surveillance. But I spent a good deal of the Obama Administration pointing that out. Including by pointing out that the Constitution he swore to protect and defend didn’t have the First, Fourth, Fifth, and Sixth amendment in it.

2014

The Day After Government Catalogs Data NSA Collected on Tsarnaevs, DOJ Refuses to Give Dzhokhar Notice

I actually think it’s unreasonable to expect the government’s dragnets to prevent all attacks. But over and over (including with 9/11), NSA gets a pass when we do reviews of why an attack was missed. This post lays out how that happened in the Boston Marathon case. A follow-up continued that analysis.

A Guide to John Rizzo’s Lies, For Lazy Journalists

Former CIA General Counsel John Rizzo lies, a lot. But that doesn’t seem to lead journalists to treat his claims skeptically, nor did it prevent them from taking his memoir as a statement of fact. In this post I summarized all the lies he told in the first 10 pages of it.

Obama to Release OLC Memo after Only 24 Congressional Requests from 31 Members of Congress

Over the year and a half when one after another member of Congress asked for the OLC memos that authorized the drone execution of Anwar al-Awlaki, I tracked all those requests. This was the last post, summarizing all of them.

The West’s Ideological Vacuum

With the rise of Trump and the success of Russia intervening in US and European politics, I’ve been talking about how the failures of US neoliberal ideology created a vacuum to allow those things to happen. But I’ve been talking about the failures of our ideology for longer than that, here in a post on ISIS.

KSM Had the CIA Believing in Black Muslim Convert Jihadist Arsonists in Montana for 3 Months

There weren’t a huge number of huge surprises in the SSCI Torture Report for me (indeed, its scope left out some details about the involvement of the White House I had previously covered). But it did include a lot of details that really illustrate the stupidity of the torture program. None was more pathetic than the revelation that KSM had the CIA convinced that he was recruiting black Muslim converts to use arson in Montana.

2015

The Jeffrey Sterling Trial: Merlin Meets Curveball

A big part of the Jeffrey Sterling trial was CIA theater, with far more rigorous protection for 10 year old sources and methods than given to 4 year old Presidential Daily Briefs in the Scooter Libby trial. Both sides seemed aware that the theater was part of an attempt, in part, to help the CIA gets its reputation back after the Iraq War debacle. Except that the actual evidence presented at trial showed CIA was up to the same old tricks. That didn’t help Sterling at all. But neither did it help CIA as much as government prosecutors claimed.

The Real Story Behind 2014 Indictment of Chinese Hackers: Ben Rhodes Moves the IP Theft Goal Posts

I’ve written a lot about the first indictment of nation-state hackers — People’s Liberation Army hackers who compromised some mostly Pittsburgh located entities, including the US Steel Workers. Contrary to virtually all the reporting on the indictment, the indictment pertained to things we nation-state hack for too: predominantly, spying on negotiations. The sole exception involves the theft of some nuclear technology from Westinghouse that might have otherwise been dealt to China as part of a technology transfer arrangement.

Obama’s Terrorism Cancer Speech, Carter’s Malaise Speech

In response to a horrible Obama speech capitulating to Republican demands he treat the San Bernardino attack specially, as Islamic terrorism, I compared the speech to Jimmy Carter’s malaise speech. Along the way, I noted that Carter signed the finding to train the mujahadeen at almost the exactly moment he gave the malaise speech. The trajectory of America has never been the same since.

Other Key Posts Threads

10 Years of emptywheel: Key Non-Surveillance Posts 2008-2010

10 Years of emptywheel: Key Non-Surveillance Posts 2011-2012