Posts

The Schulte CIPA Transcripts: Locking up Vault 8

Perhaps the most interesting thing about the CIPA (Classified Information Procedures Act) transcripts from the Josh Schulte case that Kel McClanahan helped me liberate is that (at least in 2022, when they did a classification review) the CIA treated the moniker “Vault 8” that WikiLeaks gave to the CIA source code releases as still-classified.

When Judge Jesse Furman restated the hypothetical he posed about whether disseminating already-released stolen classified information could itself be a crime, he described the releases to include Vault 7 and Vault 8.

I gave you two hypotheticals. I think one is where a member of the public goes on WikiLeaks today and downloads Vault 7 and Vault 8 and then provides the hard dive with the download to someone who is not authorized to receive NDI, and I posed the question of whether that person would be guilty of violating the Espionage Act and I think your answer was yes. [my emphasis]

There’s actually no unredacted reference to Vault 8 in the released transcripts.

But there are what are almost certainly redacted references to Vault 8.

Here’s how part of the discussion about hypotheticals appears in the May 2 transcript:

It appears likely that Josh Schulte was deliberately using both terms — he started doing so, and much later in the transcript he claimed, falsely, that there was a distinction in the charges against him between the development notes and the source code. The dual references, with repeated mention of Vault 7, followed immediately by a redaction describing the other of plural “disclosures,” appear to stop after page 31, perhaps in response to something one of the prosecutors said.

There’s undoubtedly good reason the government remains coy about the more damaging part of this release.

In a self-serving note sent after it became clear he was a suspect, Schulte himself made a clear distinction between the development notes and the source code, describing that, “These tools are MUCH more valuable [to a hostile country like Russia] undiscovered by the media or the nation that lost them [because] Now, you can secretly trace and discover every operation that nation is conducting.”  The source code provided American adversaries the ability to reverse engineer US spying efforts, and in the process, identify CIA assets.

I have written about how Julian Assange seemed to threaten Don Jr by raising the separately named source code in November 2017.

Schulte’s apparent failed attempt to win the right to discuss the source code releases, in addition to the development note releases, came in the midst of his attempt to get more details from what was likely the ongoing investigation into the aftermath of his leak, including (possibly) how hackers obtained the tools he had leaked. Schulte received that discovery starting in early April, and on April 29, he asked Judge Furman to give him all the details of the ongoing investigation. Throughout his second trial, Schulte seemed focused on using his defense to communicate outward (which is one reason I found Wau Holland’s decision to pay for transcripts so notable). So in the hearing where he was attempting to include Vault 8 among the things he could discuss publicly, he was focused on the ongoing investigation into how hackers had obtained or used these tools.

I have long said that, historically, the files WikiLeaks chose not to release — and, potentially, to selectively share — were far more important than the files they released. The government’s ongoing sensitivity seems to confirm that: The US government has conceded that the development notes from CIA’s hacking tools, which constitutes the bulk of what WikiLeaks released, came from the CIA, but appears not to concede that the hacking source code itself does.

Josh Schulte Sentenced to 40 Years

Aldrich Ames was arrested at the age of 53 in 1994 after 9 years of spying for Russia. He remains imprisoned in Terre Haute to this day — 30 years and counting — at the age of 82. (My math here is all rough.)

Robert Hanssen was arrested in 2001 at the age of 57 after 22 years of spying for Russia. He died last year, at the age of 79, in Florence SuperMax.

After six years in jail — most under Special Administrative Measures sharply limiting his communication — Josh Schulte, aged 35, was sentenced Thursday to 40 years in prison. He will presumably go to either Florence (most likely, because Judge Jesse Furman recommended he should go to someplace close to Lubbock) or Terre Haute.

Since his guidelines sentencing range was life in prison, I’m not sure how much, if any, of his sentence could, hypothetically, be dropped for good behavior.

Furman sentenced him concurrently on his Child Sexual Abuse Material conviction and the Espionage Act charges. Barring any successful appeal, he would be in prison for at least 20 years on top of time served, if he were to get credit for good behavior. That would put him back on the street at age 55, still the prime of his life (says someone in precisely that prime of her life, someone still learning some of the forensic techniques Schulte mastered as a teenager).

But the possibility that Schulte would be released before 2058, when Schulte will be 69, is based on two very big assumptions (on top of my uncertainty about whether he could get time off). First, that Schulte could sustain “good behavior” in prison, when he has failed to do so even while being held under SAMs in New York. Most recently, the government alleges he somehow obtained more CSAM in 2022 while in prison, where he would consume it in his cell after days representing himself in his second trial, the one in which he was convicted of the Espionage Act charges.

Even while Schulte’s family was traveling to attend his trial in 2022, he chose to retreat to his cell to view the child pornography that he had secreted on his prison laptop. (See D.E. 1093-1 at 3-4 (describing examples of times when videos were played).)

And there’s good reason to believe he attempted to — may well have succeeded at — conducting further hacks from prison.

That’s some of what I’ve been pondering since the government first requested that Schulte be treated like four men, including Ames and Hanssen, who gave America’s secrets to Russia rather than giving them to WikiLeaks, as a jury convicted Schulte of doing, by sentencing him to life in prison.

It took years of tradecraft to recruit and cultivate sources like Ames and Hanssen.

Many of the details about what led up to Schulte’s leaks of the CIA’s hacking tools remain unknown — including via what server he shared the files, because WikiLeaks’ submission system could not have accepted them at the time, meaning Schulte necessarily had some kind of contact with WikiLeaks in advance.

But the current story is that Schulte reacted to being disciplined at work fairly directly by stealing and then sharing the CIA hacking tools in one fell swoop. In a matter of days in April and May 2016 (perhaps not coincidentally, the same period when Russian hackers were stealing files from Hillary Clinton’s team), Schulte took steps that burned a significant part of CIA’s capabilities to the ground.

As a result of that reactive decision, Schulte delivered a set of files that would allow their recipients to hunt down CIA’s human sources based off the digital tracks they left in highly inaccessible computers. As I’ve noted, Schulte was well aware of the damage that could do, because he wrote it up in a self-serving narrative after the fact.

I told them the confluence server was the one that seemed to be compromised, and while horrible and damaging at least it wasn’t Stash; At least not at this point–Hopefully they could stop any additional leaks from the network at this point. From the news articles I’ve read, wikileaks claims to have source code, but we don’t know what code or from where. However, at this point, I knew the SOP was a complete stand down on all [redacted] operations. We had no idea what had been leaked, when, for how long, or even who else had seen the materials leaked. Have they been steadily accessing our network every day? Have all our ops been blown since we wrote the first line of code? Perhaps only confluence had been leaked, but the individual(s) responsible are/were planning to exfil the other parts of DEVLAN too? So much still unknown, and with potential (yet unconfirmed) link between wikileaks and Russia–Did the Russians have all the tools? How long? It seems very unlikely that an intelligence service would ever leak a nation’s “cyber weapons” as the media calls them. These tools are MUCH more valuable undiscovered by the media or the nation that lost them. Now, you can secretly trace and discover every operation that nation is conducting. I told them all this was certainly very disturbing and I felt bad for my friends and colleagues at the agency who likely weren’t doing anything and most likely had to completely re-write everything. [my emphasis]

What gets virtually no coverage is that this is precisely what happened: the bulk of the most sensitive files Schulte stole, the source code, has never been publicly accounted for. That’s why I find credible the unsealed and sealed filings submitted with sentencing claiming that Schulte caused what Judge Furman claimed (as reported by Inner City Press) was $300 million in damage and a cascading series of compromises.

Because DOJ couldn’t trade a death sentence in exchange for cooperation about how Schulte did it, as they did with Ames and Hanssen, because digital encryption is much more secure than a dead drop in a Virginia park, it’s not clear whether the government even knows all of it.

I don’t even know what Schulte was trying when he attempted to social engineer me from jail in 2018 — but I have my suspicions.

Later this month, Julian Assange will get a last chance to stave off extradition. I have long suspected if the UK approves the extradition, Russia will attempt to swap Evan Gershkovich for Assange. One way or another, we may learn more about what the US government has learned about the WikiLeaks operation in the 7 years since Schulte was part of one of the most successful, sustained attacks by Russia on the US.

But until then, Schulte will be moving to new long-term accommodations in a highly secure prison.

Jack Teixeira: Leak Dumps Don’t Care about (the Story You Tell about) Motive

Dan Froomkin says reporters should call Jack Teixeira’s release of highly classified documents “theft,” not a leak, distinguishing “public-spirited” leakers from “self-serving … thieves.” Spencer Ackerman muses that Teixeira, “leaked for that most ineffable thing, something nonmaterial but nevertheless hyper-real in the logic of the poster, and particularly the right-wing-chud poster: clout.” Charlie Savage suggests something distinguishes this case, legally, from those of everyone else (among a limited subset) who took classified information. Glenn Greenwald has been all over the map, in one breath calling this, “a bullshit leak, despite some relevant docs, the impact of which has been severely overblown from the start,” but then applauding Tucker Carlson’s focus on the altered casualty numbers in Ukraine and Tucker’s claims that even Fox has factchecked as an example of, “the significant revelations these leaks provide.”

Now he’s just making shit up about WaPo and NYT hunting down Teixeira, shit that a quick reading of the arrest affidavit readily debunks, shit that ignores that WaPo’s source(s) for hundreds of still-unpublished documents, at least, are one or more of the Discord chat kids, to whom WaPo has given source protection (that will be utterly meaningless in the face of the subpoenas already served).

A bunch of people who made their careers because a young, narcissistic IT guy stole a shit-ton of records about which he had little personal expertise — some incredibly important, a great many useful only to America’s adversaries — seem to be uncertain what to make of Jack Teixeira, who, early reports at least suggest, is an even younger narcissistic IT guy who stole a smaller shit-ton of records about which he had even less personal expertise, some newsworthy, some useful primarily to America’s adversaries.

We will likely have the rest of Teixeira’s young life to get a better understanding of why he allegedly did what he did, which may well be very different than what he told the kids in the Discord chat rooms about why he did what he did, who in any case are entirely unreliable narrators. But then, they may be no more unreliable, as narrators, than Greenwald is about Edward Snowden, and for a similar reason: because their identity is wrapped up in a certain narrative about this dude.

Since this age of the leak dump started, journalists have been sustaining self-serving stories about what leak dumps really are.

That Ackerman treats Josh Schulte’s hack-and-dump in the same breath as the leak dumps of Chelsea Manning or Edward Snowden, calling Teixeira’s leaks, “something different than the Snowden leaks, Manning leaks or, say, the Vault 7 hack,” is a great example of that. At trial, Schulte didn’t so much claim he was a whistleblower as he was a scapegoat, someone the CIA already hated to blame for an embarrassing compromise. But in his second trial, in the course of representing himself, he performed precisely what the government said he was: a narcissistic coder — KingJosh, he called himself — exacting revenge for the escalating personnel problems he caused after his manager moved his desk. “I think you are playing into the government’s theory of the case,” Judge Jesse Furman warned in a sidebar during Schulte’s cross-examination of a former supervisor, “by making clear to the jury that even today you remain aggrieved by you as being mistreated.”

Vault 7 was not a noble leak. It was an epic act of nihilism. A man-boy retaliating because he couldn’t get his way at work.

And except for security researchers in the business of attributing CIA hacks, the Vault 7 files weren’t all that newsworthy, either — though they did give Julian Assange a way to pressure the Trump Administration. Plus, the fate of both the Vault 7 files during the nine months between leak and publication, during a period when Assange was a key part of a Russian influence operation, as well as the Vault 8 source code included in Schulte’s guilty verdict, remains unknown. In a letter attempting to exonerate himself (even while exposing the protected identities of several colleagues), Schulte himself described the value that the source code would have for Russia, particularly during that nine month window before the CIA learned Schulte had hacked them:

So much still unknown, and with potential (yet unconfirmed) link between wikileaks and Russia–Did the Russians have all the tools? How long? It seems very unlikely that an intelligence service would ever leak a nation’s “cyber weapons” as the media calls them. These tools are MUCH more valuable undiscovered by the media or the nation that lost them. Now, you can secretly trace and discover every operation that nation is conducting.

I don’t imagine that these issues were what Ackerman had in mind, when comparing Schulte to Manning and Snowden, but perhaps he should give some thought to why he believes otherwise.

Meanwhile, Marjorie Taylor Greene is already creating a heroic myth about Teixeira not all that dissimilar from the myths WikiLeaks spun about Schulte that Ackerman appears to still believe.

Maybe, like Chelsea Manning, a struggle with his own demons made Teixeira more apt to leverage classified records to win the adulation of a bunch of teenagers. Or maybe, like Schulte, he really is the racist shithole he sounds like.

Or both.

We may never learn how much damage these leaks did such that we could adequately balance their value against their cost. We will undoubtedly get inflammatory claims from prosecutors if Teixeira is ever sentenced, which may or may not be backed by some damage assessment that will get declassified in a decade or three.

Because it’ll be some time before we really understand this guy, because journalists seem to be struggling to understand how to treat him, I thought it worthwhile to lay out some lessons I have learned from covering leak-dumps for 15 years, lessons that have resulted in a radically different view than the Manichean belief in good dumps or bad dumps others have.

Leak dumps don’t care about all that.

In what follows, I’m not questioning the value of (some) of Snowden’s and Manning’s leaks. I’m saying that some of the people most closely involved haven’t taken a step back, in the decade since, to see what we’ve learned since, including some things these celebrated leakers have in common with what we know, so far, of Teixeira.

It’s worth distinguishing leaks from people knowledgable about what they’re leaking

Those who’ve worked on past leak dumps like to compare the leakers with Daniel Ellsberg, a comparison Ellsberg has welcomed.

But for most, there’s something that clearly distinguishes this later group of leakers: many don’t have expertise on the specific files they’re leaking.

Indeed, several of these leakers obtained new jobs while they were already contemplating leaking (or, in Snowden’s case, long after he had started collecting documents to leak). Several took files entirely unrelated to their jobs.

By comparison, Ellsberg was a PhD who leaked the Rand study he worked on himself.

To the extent that prior leak dumpers leaked files they didn’t have specific reason to want to expose, they often did so out of a generalized malaise, usually stemming from America’s war on terror policies. While I think Manning and Daniel Hale’s reaction to the war on terror was just and righteous, and while Teixeira thus far seems like a badly misguided conspiracy theorist, the type of motivation, a general malaise about American conduct, may not be that dissimilar.

Similarly, Teixeira clearly doesn’t have the knowledge or maturity to make an ethical decision to leak these documents. But it’s not clear some of his predecessors did either.

False claims about authentic documents are still false claims

Over the years, Greenwald and others — most recently #MattyDickPics Taibbi — have completely collapsed the distinction between “true” and “authentic.” There’s a good deal of Snowden reporting, for example, that remains uncorrected. Ackerman even repeated one such error, from the Guardian’s report on PRISM, in his 2021 book — “the NSA could conduct what internal documents described as ‘legally-compelled collection’ from the servers—the exact form of access remains unknown”—of PRISM participants. [my emphasis] This description of getting data directly from tech companies’ servers came from a guy who was overselling the program, effectively a Deep State hypester snookering civil libertarian journalists to buy into his hype.

As Bart Gellman described in his own book, not only was the direct access misleading, but it distracted from the more important policy points of the Section 702 collection.

Companies that had declined to comment in advance, or had said nothing of substance, now issued categorical denials that any U.S. agency had “direct access” to their servers. I scrambled to reconcile those statements with the NSA program manager’s explicit words—repeated twice—in the authoritative PRISM overview. Later that night I found a clue in another document from the Snowden archive. There, in a description of a precursor to PRISM, I found a variation on Rick’s formula. “For Internet content selectors, collection managers sent content tasking instructions directly to equipment installed at company-controlled locations,” it said. That sounded as though the U.S. government black box was on company property but might not touch the servers themselves. I updated my story to disclose the conflicting information and the new evidence.

[snip]

The “direct access” question became a big distraction, rightly essential to the companies but not so much to the core questions of public policy.”

The Snowden reporters were under a real time crunch and unbelievable security pressure to report, so have a good excuse, but others don’t.

#MattyDickPics blithely started reporting on Twitter without first bothering to get the least understanding of what he was looking at and he still has never gotten records showing what requests Trump made of Twitter, the only thing close to real censorship in question. Yet because he has some screen caps to wave around, vast swaths of people believe his false claims.

The same is true of the “laptop.” Virtually the entire Republican Party has refused to distinguish between authentic emails on a hard drive allegedly obtained from a Hunter Biden laptop, and the authenticity of the laptop itself, even after people in Rudy’s orbit started altering that hard drive. To say nothing of whether provably authentic emails say what the GOP breathlessly claims they do, which so far, they have not.

As noted, Tucker has already magnified (with Greenwald applauding) two of the false claims about the documents that Teixeira released: the doctored casualty numbers put out by Russia, and misrepresentations about the role of Special Operations forces in Ukraine, which have been debunked by the same Fox News reporter that Tucker tried to get fired one of the previous times she corrected the network’s false claims.

Notably, I think one thing that is contributing to more accurate reporting based on these files is more hesitation from responsible outlets to publish or magnify the files themselves, while still using them as a basis for stories, though as WaPo races to beat its competitors that may be changing.

Documents can serve to distract

And that’s because authentic documents have, from the start of these leak dumps, often served to distract attention from the actual content.

As I noted the other day, FBI’s cooperating troll witness in the Douglass Mackey trial, Microchip, described unashamedly how the trolls ensuring the John Podesta emails would go viral in the last weeks of the 2016 election knew there was no there, there. But they also knew that so long as they could invent some kind of controversy out of them, they could suck the air out of substantive political coverage.

Q What was it about Podesta’s emails that you were sharing?

A That’s a good question.

So Podesta ‘s emails didn’t, in my opinion, have anything in particularly weird or strange about them, but my talent is to make things weird and strange so that there is a controversy. So I would take those emails and spin off other stories about the emails for the sole purpose of disparaging Hillary Clinton.

T[y]ing John Podesta to those emails, coming up with stories that had nothing to do with the emails but, you know, maybe had something to do with conspiracies of the day, and then his reputation would bleed over to Hillary Clinton, and then, because he was working for a campaign, Hillary Clinton would be disparaged.

Q So you’re essentially creating the appearance of some controversy or conspiracy associated with his emails and sharing that far and wide.

A That’s right.

Q Did you believe that what you were tweeting was true?

A No, and I didn’t care.

Q Did you fact- check any of it?

A No.

Q And so what was the ultimate purpose of that? What was your goal?

A To cause as much chaos as possible so that that would bleed over to Hillary Clinton and diminish her chance of winning.

In this model — the exact model adopted by the Twitter Files (and, frankly, virtually all of Trump’s tweets) — the actual documents themselves are just a hook for viral dissemination of the false claims made about the documents, just like most of the Twitter Files are.

Microchip even admitted that disinformation can increase buzz.

Q As you sit here today, back in that time period, did you like to get a rise out of people?

A Sure, yeah.

Q And that’s one of the reasons you posted things on Twitter; correct?

A Correct.

Q Was it your belief back then that disinformation increases buzz? A Um, disinformation sometimes does increase buzz, yes.

The claims about the documents don’t work like truth claims do; instead, they serve to short-circuit rational thought, making it far easier to believe conspiracy theories or intentional disinformation.

We’re seeing some of that now from the disinformation crowd, starting with Tucker and Greenwald.

You can’t always tell who is in a chat room

The Discord kids told WaPo there were “roughly two dozen” active members of the Discord chat room where Teixeira allegedly first released the documents, about half of whom were overseas, including in Ukraine and elsewhere in post-Soviet countries.

Of the roughly 25 active members who had access to the bear-vs-pig channel, about half were located overseas, the member said. The ones who seemed most interested in the classified material claimed to be from mostly “Eastern Bloc and those post-Soviet countries,” he said. “The Ukrainians had interest as well,” which the member chalked up to interest in the war ravaging their homeland.

But the affidavit to search Teixeira’s house says there were twice that many members, approximately 50. WSJ reports that the group was more pro-Russian than the Discord kids have thus far admitted. So while initial reports suggest this was not espionage, it’s far too early to tell either what Teixeira’s motive was or whether he was cultivated by someone else in his server, encouraged to leak certain kinds of documents just as Chelsea Manning was encouraged to seek out certain things over a decade ago.

That’s why I harped on this earlier: I’ve learned, both stuff that’s public and not, about how easily sophisticated actors can manipulate precisely the kinds of people, usually young men, who inhabit these kinds of chat rooms.

Foreign intelligence services have been searching out these opportunities, eliciting both criminal hacking and leaks, for at least a decade.

For example, the LulzSec hackers knew there were Russians in their chat rooms, but didn’t much care. But it might explain why some documents hacked as part of the Syria Leaks that would be particularly damaging to Russia never got published by WikiLeaks, even though multiple sets of the documents were shared with the outlet.

Even the FBI, with subpoena power, may have troubles identifying everyone who participated in a chat room. And if the FBI can’t do it, the teenagers involved likely can’t either. That’s especially true as operational security increases. Which means they may have no idea who they were really talking to, no matter what they tell the WaPo and FBI.

So while Teixeira paid for with this server with his own credit card, it has been shut down long enough that FBI may never be able to figure out who else was in the chat room, much less their real identity. So we may never know what happened before someone decided to ruin their lives by leaking documents with what inevitably will be inadequate operational security.

Which, in the case of Teixeira’s leaks, means we may not know all the people who got advance access to documents months before their publication on Twitter and Telegram alerted the IC about them, to say nothing of whether those people were nudging Teixeira for certain kinds of leaks.

No one controls what happens with dump leaks

Back in 2021, former Principal Deputy Director of National Intelligence Sue Gordon and former DOD Chief of Staff Eric Rosenbach seemingly confirmed that the files released by Shadow Brokers in 2016 and 2017 were obtained after two NSA employees, Nghia Pho and Hal Martin, brought them home from work; there’s no evidence that Pho, at least, ever tried to share them and no proof Martin did either.

In two separate incidents, employees of an NSA unit that was then known as the Office of Tailored Access Operations—an outfit that conducts the agency’s most sensitive cybersurveillance operations—removed extremely powerful tools from top-secret NSA networks and, incredibly, took them home. Eventually, the Shadow Brokers—a mysterious hacking group with ties to Russian intelligence services—got their hands on some of the NSA tools and released them on the Internet. As one former TAO employee told The Washington Post, these were “the keys to the kingdom”—digital tools that would “undermine the security of a lot of major government and corporate networks both here and abroad.”

If that’s right, it means the last most damaging leak to DOD wasn’t intentionally leaked at all, which makes it not dissimilar from the way that Teixeira reportedly intended just to share it with the guys in his Discord server. It was exfiltrated from NSA’s secure servers by employees (in Pho’s case, purportedly for work reasons), then stolen, then released.

In the wake of that discovery, DOJ seems to have started pushing to hold leakers accountable for the unintended consequences of their leaks. In a declaration accompanying Terry Albury’s sentencing, for example, Bill Priestap raised the concern that by loading some of the files onto an Internet-accessible computer, Albury could have made them available to entities he had no intention of sharing them with.

The defendant had placed certain of these materials on a personal computing device that connects to the Internet, which creates additional concerns that the information has been or will be transmitted or acquired by individuals or groups not entitled to receive it.

But it’s a lesson journalists don’t take seriously, except (in most cases) their own operational security. What happened to the source code of CIA hacking tools Schulte took? What happened to the damning files on Russia from the Syria leaks? Did Chelsea Manning envision the State cables she leaked would be shared with someone like Israel Shamir, who reportedly shared them, in turn, with Alexander Lukashenko’s regime in advance — the same kind of advance knowledge that Schulte himself reflected on?

Even the laudable, distinguishing aspect of Snowden’s leaks, that he gave them to journalists to determine what was in the public interest (an approach he abandoned when he described CIA infrastructure in his own book), is a double-edged sword. He made multiple copies of his files — most of which weren’t in the public interest — and handed the files to others, including at least one person, Greenwald, that Snowden knew had started out with epically shitty OpSec. We would never know if someone got some the Snowden files as a result unless, like Shadow Brokers or Teixeira’s leaks, someone started sharing them openly on Telegram.

The damage assessment and the reporting goes on

We are nine days into the public part of this leak and, thanks to WaPo reporters’ success at befriending the Discord kids, WaPo has obtained hundreds of otherwise unpublished documents. In addition to about eight background stories on the leaks and charges against Teixeira, WaPo currently has Discord Leak stories on: Taiwan’s military vulnerability, China’s surveillance balloonsSurveillance on Mexican cartels. There’s nothing that makes WaPo’s reporting more or less credible, more or less honorable, because Teixeira released these to show off to his buddies (if that is why he released them).

The Discord Leaks are a leak dump. They may have more in common with past leak dumps than a lot of past leak dump journalists would like to admit. Importantly, no matter what journalists would like to tell themselves, Teixeira’s motive, if he is the source, will have virtually no impact on the damage he does to US national security or the value those documents offer to the public good, both of which will be driven by the content of the documents and the details of any advance notice adversaries may have gotten.

And legally, Teixeira is going to be treated just like Chelsea Manning and Josh Schulte — which is to say, harshly, unless he decides to flip before prosecutors can build charges on another twenty documents and has information of value to prosecutors. That’s not surprising in the least. But — short of proving he knowingly shared these documents with an agent of a foreign power — nor will it be tied to his motive.

Leak dumps don’t care about motive.

Update: PwnAllTheThings’ analysis of the damage caused by the Discord leaks is worth reading. Along with noting that at least one human source has been put in danger by these leaks (as well as a bunch of SIGINT collection), he describes how these releases could have gotten a bunch of Ukrainians killed.

We don’t know yet if Teixeira wanted lots of Ukrainians to die as a result of his leak. But we definitely know he didn’t care if they did, and they certainly had the potential to cause colossal amounts of death—both military and civilian—in Ukraine, even if that huge potential was never fully realized.

On Joshua Schulte’s Alleged Substantial Amount of CSAM … and Other Contraband

Yesterday, Judge Jesse Furman docketed a letter, impossibly dated March 23, updating him on the investigation into the Child Sexual Abuse Material allegedly found on WikiLeaks Vault 7 source, Josh Schulte’s discovery computer, six months ago (see this post for an explanation).

It described more about the CSAM material found on Schulte’s computer: The FBI had found “at least approximately 2,400 files on the laptop … likely containing CSAM.”

With respect to assertions that Joshua Schulte, the defendant, has made about the discovery laptop—that the laptop does not contain CSAM, that any CSAM appears only in thumbnails, or that the CSAM was maliciously or inadvertently loaded onto the laptop by the Government. See, e.g., D.E. 998 at 3 (pro se letter to the Court dated Dec. 21, 2022), 5 (pro se letter to the Court dated Jan. 5, 2023)—the Government is able to confirm the following: at least approximately 2,400 files on the laptop have been identified to date as likely containing CSAM. Those files include full images, and are not limited to thumbnail images. Moreover, the Government did not copy discovery materials onto the defendant’s laptop. In 2021, former defense counsel copied discovery and trial materials onto the laptop, which was then reviewed by personnel from the U.S. Attorney’s Office for security compliance before making a file index and providing the laptop to the Metropolitan Correctional Center (“MCC”), where the defendant was then in custody. The CSAM on the laptop was not provided by the Government or the result of Government action.

That, by itself, doesn’t tell us a lot more than we learned in an October filing, which explained that the FBI had found, “a substantial amount” of suspected CSAM.

Indeed, the letter focuses on debunking two counterarguments Schulte has made since, which is one of the reasons Furman docketed it after DOJ submitted it ex parte: “[T]his letter responds directly to assertions by Mr. Schulte,” Furman observed.

The government was debunking a claim made by Schulte that the government had caused the CSAM — but only thumbnails — to be loaded onto his discovery computer by “connect[ing] a child pornography drive to the laptop during setup.”

Schulte repeated and expanded — at great, great length — that theory in a set of filings dated March 1 but just loaded to the docket today.

The government response, effectively, was that they made an index of the files as the computer existed when it was turned over to MCC in 2021, calling Schulte on his claim that he was framed with CSAM.

Ultimately both sides will be able to present their claims to a jury.

But there are several other reasons I’m interested in the letter and related issues.

The government’s working theory when they first revealed this last fall, was that Schulte got a thumb drive into the SCIF and from that accessed the CSAM allegedly found on his home computer six years ago, presumably just to have it in his cell for his own further exploitation of children.

there is reason to believe that the defendant may have misused his access to the SCIF, including by connecting one or more unauthorized devices to the laptop used by the defendant to access the CSAM previously produced.

That’s because in August, they found a thumb drive attached to the SCIF laptop.

On or about August 26, 2022, Schulte was produced to the Courthouse SCIF and, during that visit, asked to view the hard drive containing the Home CSAM Files from the Home Desktop. The hard drive was provided to Schulte and afterwards re-secured in the dedicated safe in the SCIF. The FBI advised the undersigned that, while securing the hard drive containing the Home CSAM Files, they observed that an unauthorized thumb drive (the “Thumb Drive”) was connected to the SCIF laptop used by Schulte and his counsel to review that hard drive containing the Home CSAM Files. On or about September 8, 2022, at the Government’s request, the CISO retrieved the hard drive containing materials from the Home Desktop from the SCIF and returned it to the FBI so that it could be handled pursuant to the normal procedures applicable to child sexual abuse materials. The CISO inquired about what should be done with the Thumb Drive, which remained in the dedicated SCIF safe.

But in a little noticed development, during the period when FBI has been investigating how a defendant held under SAMs managed to get (we’re now told) 2,400 CSAM files onto his discovery computer, CNN reported that the network of FBI’s NY Field Office focused on CSAM had been targeted in a hacking attempt.

The FBI has been investigating and working to contain a malicious cyber incident on part of its computer network in recent days, according to people briefed on the matter.

FBI officials believe the incident involved an FBI computer system used in investigations of images of child sexual exploitation, two sources briefed on the matter told CNN.

“The FBI is aware of the incident and is working to gain additional information,” the bureau said in a statement to CNN. “This is an isolated incident that has been contained. As this is an ongoing investigation the FBI does not have further comment to provide at this time.”

FBI officials have worked to isolate the malicious cyber activity, which two of the sources said involved the FBI New York Field Office — one of the bureau’s biggest and highest profile offices. The origin of the hacking incident is still being investigated, according to one source.

DOJ still insists that former CIA hacker Josh Schulte found a way to access a whole bunch of CSAM. And in the same period, reportedly, the servers involved with CSAM investigation in the NYFO were hacked.

And while the letter released yesterday doesn’t tell us — much — that’s new about what Schulte allegedly had on his laptop, it does tell us, by elimination, which of the sealed filings in his docket are not related to the CSAM investigation.

Since the October update on the investigation into Schulte, sealed documents have been filed in Schulte’s docket on the following days:

  • December 15: Sealed document
  • January 19: Ex parte update on CSAM investigation
  • January 26: Sealed document
  • March 9: Sealed document
  • March 13: Sealed document

Only the January 19 letter — along with yesterday’s letter — have been unsealed. That, plus the flurry of filings in September and October, are it for the CSAM investigation. There’s something else going on in this docket, four sealed documents worth.

Indeed, in those very long set of filings mentioned above, both dated February and finalized March 1, both docketed today, Schulte alluded to something beyond CSAM.

Judge Furman has begun claiming that there are other vague misuses or misbehavior on the laptop.

He must not have read the September and October letters very closely, because they describe there was a warrant that preceded the discovery of the CSAM.

The warrants that we know of include the following:

Since late September, this investigation was about the “substantive” amounts of CSAM found on a computer possessed by Schulte.

But before that it was based on suspicions of contraband.

That stems, in significant part, from a search of the computer DOJ did in June, when Schulte turned it over claiming it had been dropped.

It hadn’t been dropped. It needed to be charged. Indeed, in the interminable motions filed today, Schulte treated plugging in a laptop as some kind of due process violation.

Plugging in a laptop should in no way compromise the privacy of a laptop. But it did raise real questions about the excuse Schulte offered in an attempt to get a second laptop (one he effectively got once trial started anyway).

Needless to say, his description of what happened with the BIOS password differs from the government’s, as provided last June.

First, with respect to the defendant’s discovery laptop, which he reported to be inoperable as of June 1, 2022 (D.E. 838), the laptop was operational and returned to Mr. Schulte by the end of the day on June 3, 2022. Mr. Schulte brought the laptop to the courthouse on the morning of June 3 and it was provided to the U.S. Attorney’s Office information technology staff in the early afternoon. It appears that the laptop’s charger was not working and, after being charged with one of the Office’s power cords, the laptop could be turned on and booted. IT staff discovered, however, that the user login for the laptop BIOS1 had been changed. IT staff was able to log in to the laptop using an administrator BIOS account and a Windows login password provided by the defendant. IT staff also discovery an encrypted 15-gigabyte partition on the defendant’s hard drive. The laptop was returned to Mr. Schulte, who confirmed that he was able to log in to the laptop and access his files, along with a replacement power cord. Mr. Schulte was admonished about electronic security requirements, that he is not permitted to enable or use any wireless capabilities on the laptop, and that attempting to do so may result in the laptop being confiscated and other consequences. Mr. Schulte returned to the MDC with the laptop. [my emphasis]

Here’s more background on all the funky things that happened with this laptop that led me to suspect something was going on last summer.

Anyway, the government claims it found a whole bunch of CSAM on Schulte’s computer. But there’s also something else going on.

We may find out reasonably soon. The impossibly dated filing from this week promised an update in a week, which (if the impossibly dated filing was actually dated March 21) might be Tuesday.

The Government expects to provide the Court with a supplemental status letter in approximately one week.

At the same time that CIA hacker Josh Schulte was allegedly finding a way to load CSAM onto his discovery laptop, the local FBI office’s CSAM servers were hacked.

That might be a crazy coincidence.

Update: DOJ filed an ex parte update today, which may or may not have to do with the CSAM investigation.

SDNY Calls DOJ’s Definition of the Espionage Act an “Academic Interest”

DOJ has now responded to my intervention in the Joshua Schulte case. Presumably because my motion, written by Kel McClanahan, focused on how flimsy the government’s claim to keep transcripts of a CIPA conference hidden, the government’s response pitches this as exclusively a CIPA battle. It’s totally a reasonable legal stance.

But along the way, in apparent effort to distract from the topic at issue — in part, the application of the Espionage Act to journalism — SDNY suggests it is just an academic interest whether DOJ would charge someone for sharing classified information already published by the NYT.

The mere fact that someone would like to know information is not a part of the right-of-access analysis, however, and the Government’s motion should be granted.

[snip]

Intervenor’s desire to speculate as to the potential application of the Government’s articulation of the elements of an offense to other circumstances has no bearing on the ability of the public to monitor or assess the actual rulings of the Court in the CIPA § 6 hearings to which Intervenor demands access.

[snip]

[T]he question is not whether redacted transcripts are coherent as a matter of language or whether they might be relevant to Intervenor’s academic interest.

I’m the intervenor here, not McClanahan (who is a professor on national security law at GW Law). I need to know this stuff not just to cover WikiLeaks (I’m more of an expert than the expert SDNY relied on in the first trial, Paul Rosenzweig), but also to understand my own exposure as a journalist.

Not once in the filing does the government use the words “Espionage Act.” Not once does DOJ mention “journalist.” Not once does it mention the NY Times, the hypothetical that DOJ is attempting to hide, which (as Judge Jesse Furman described in a court hearing) is this:

I gave you two hypotheticals. I think one is where a member of the public goes on WikiLeaks today and downloads Vault 7 and Vault 8 and then provides the hard dive with the download to someone who is not authorized to receive NDI, and I posed the question of whether that person would be guilty of violating the Espionage Act and I think your answer was yes. That strikes me as a very bold, kind of striking proposition because in that instance, if the person is not in a position to know whether it is actual classified information, actual government information, accurate information, etc., simply providing something that’s already public to another person doesn’t strike me as — I mean, strikes me as, number one, would be sort of surprising if that qualified as a criminal act. But, to the extent that the statute could be construed to the extend to that act one would think that there might be serious constitutional problems with it.

I also posed the hypothetical of the New York Times is publishing something that appears in the leak and somebody sharing that article in the New York Times with someone else. That would be a crime and there, too, I think you said it might well be violation of the law. I think to the extent that that would extend to the New York Times reporter for reporting on what is in the leak, or to the extent that it would extend to someone who is not in position to know or position to confirm, that raises serious constitutional doubts in my mind. That, to me, is distinguishable from somebody who is in a position to know. I think there is a distinction if that person transmits a New York Times article containing classified information and in that transmission does something that confirms that that information is accurate — right — or reliable or government information, then that’s confirmation, it strikes me, as NDI. But it just strikes me as a very bold and kind of striking proposition to say that somebody, who is not in position to know or does not act in a way that would confirm the authenticity or reliability of that information by sharing a New York Times article, could be violating the Espionage Act. That strikes me as a kind of striking proposition.

The government is no doubt exploiting the emphasis in my filing, but the notion that whether I can be charged for doing journalism is not an academic interest! It’s not just that there is an acute interest, amid the Julian Assange extradition proceedings, to know the government’s thinking about the Espionage Act, it goes to the chilling effect of not knowing what I can safely publish in the course of doing my job. I don’t have the luxury of “speculating” about the application of the Espionage Act, because if I guess wrong, I could be imprisoned for a decade.

The government wants this to be about CIPA. But the problem is that the government is attempting to hide something that is not classified — the elements of offense for a serious crime that can chill the ability to do journalism — via claims about CIPA.

Third, Intervenor asserts a First Amendment right of access premised on the assertion that “the Government present[ed] legal arguments about elements of the crime itself,” which Intervenor claims both have traditionally been open to the public and are of value to the monitoring of the judicial process. (D.E. 988 at 2). Intervenor’s contention that legal arguments the Government may have advanced at the Section 6 hearings are “something that interested persons in the field should know” (id. at 3) simply “cuts too wide a swath—taken to its extreme, considerations of logic would always validate public access to any judicial document or proceeding.” United States v. Cohen, 366 F. Supp. 3d 612, 631 (S.D.N.Y. 2019). Contrary to Intervenor’s suggestion that discussion of the elements of an offense “stray[s] far from a simple discussion of evidentiary issues” (D.E. 988 at 3), such discussion is integral to virtually any assessment of the relevance and admissibility of evidence, including that occurring in CIPA § 6 hearings, in which courts “look to what elements must be proven under the statute,” United States v. McCorkle, 688 F.3d 518, 521 (8th Cir. 2012); see also United States v. Bailey, 444 U.S. 394, 416 (1980) (describing need to “limit[] evidence in a trial to that directed at the elements of the crime”).

Tellingly, SDNY’s citation of a 2019 District opinion relating to the unsealing of Michael Cohen’s search warrants — which were released with redactions, the desired goal here! — is inapt to the question of whether the government should be able to hide its discussions of how it understands the Espionage Act by claiming that that needs to be protected as classified information.

Considerations of logic also counsel against recognizing a First Amendment right to access search warrant materials. Of course, public access to search warrant materials may promote the integrity of the criminal justice system or judicial proceedings in a generalized sense. United States v. Huntley943 F.Supp.2d 383, 385 (E.D.N.Y. 2013) (remarking that “the light of the press shining into the innards of government is necessary to inhibit violation of the public trust”). But such an argument cuts too wide a swath—taken to its extreme, considerations of logic would always validate public access to any judicial document or proceeding. Cf. Times Mirror Co.873 F.2d at 1213 (rejecting as overbroad the argument that the First Amendment mandates access to any proceeding or document that implicates “self-governance or the integrity of the criminal fact-finding process”); In re Bos. Herald, Inc.321 F.3d at 187 (“In isolation, the [rationale that the public must have a full understanding to serve as an effective check] proves too much—under it, even grand jury proceedings would be public.”). As the Ninth Circuit aptly observed, “[e]very judicial proceeding, indeed every governmental process, arguably benefits from public scrutiny to some degree, in that openness leads to a better-informed citizenry and tends to deter government officials from abusing the powers of government.” Times Mirror Co.873 F.2d at 1213.

Understanding the law is a matter that precedes the media’s scrutiny of whether the government abused the Espionage Act in this case (or in Julian Assange’s). And while the elements of the offense of the Espionage Act does dictate whether evidence would be helpful or not to the defense — the consideration of a CIPA hearing — ultimately this debate was about (and significantly appeared in) jury instructions, the law as applied.

Again, SDNY’s stance seems tactical, a response to our filing’s greater focus on matters of classification than the status of the press. But the outcome — SDNY’s claim that I have the luxury of merely “speculating” about the application of the Espionage Act — is alarmingly arrogant.


I was only able to make this challenge because McClanahan was able and willing to help — and he can only do so through the support of his non-profit. If you believe fights like this are important and have the ability to include it in your year-end donations, please consider supporting  the effort with a donation via this link or PayPal. Thanks!

Judge Jesse Furman Gives DOJ 3 Pages to Reply to emptywheel’s Bid to Liberate Sealed Transcripts on the Espionage Act

Some weeks ago, I described that, with the help of National Security Counselors, I was intervening in the Joshua Schulte case to try to liberate transcripts from a May 3 sealed Classified Information Procedures Act hearing in which this exchange took place.

I gave you two hypotheticals. I think one is where a member of the public goes on WikiLeaks today and downloads Vault 7 and Vault 8 and then provides the hard dive with the download to someone who is not authorized to receive NDI, and I posed the question of whether that person would be guilty of violating the Espionage Act and I think your answer was yes. That strikes me as a very bold, kind of striking proposition because in that instance, if the person is not in a position to know whether it is actual classified information, actual government information, accurate information, etc., simply providing something that’s already public to another person doesn’t strike me as — I mean, strikes me as, number one, would be sort of surprising if that qualified as a criminal act. But, to the extent that the statute could be construed to the extend to that act one would think that there might be serious constitutional problems with it.

I also posed the hypothetical of the New York Times is publishing something that appears in the leak and somebody sharing that article in the New York Times with someone else. That would be a crime and there, too, I think you said it might well be violation of the law. I think to the extent that that would extend to the New York Times reporter for reporting on what is in the leak, or to the extent that it would extend to someone who is not in position to know or position to confirm, that raises serious constitutional doubts in my mind. That, to me, is distinguishable from somebody who is in a position to know. I think there is a distinction if that person transmits a New York Times article containing classified information and in that transmission does something that confirms that that information is accurate — right — or reliable or government information, then that’s confirmation, it strikes me, as NDI. But it just strikes me as a very bold and kind of striking proposition to say that somebody, who is not in position to know or does not act in a way that would confirm the authenticity or reliability of that information by sharing a New York Times article, could be violating the Espionage Act. That strikes me as a kind of striking proposition.

CIPA is the means by which the government tries criminal cases involving classified information. It permits the government to ask to hold certain hearings about what evidence will be admitted in sealed hearings to avoid any possibility that classified information will be publicly disclosed at those hearings.

[Note, these transcripts were funded by Calyx Institute with funding provided by Wau Holland Foundation, the latter of which has close ties to WikiLeaks.]

While everyone else was staying up late waiting for the January 6 Committee Report last Thursday, I was staying up late to see the filing that Kel McClanahan submitted in that intervention, which is here.

In the filing, McClanahan argued that the government’s own argument in support of sealing the transcripts attempted to use wiretap precedents to justify their continued sealing of CIPA hearings, even though they were asking to seal something else — hearings at which classified information might or might not be discussed.

It goes without saying that the proceedings in question—and the transcripts thereof—are judicial records for purposes of the common law, and the Government does not make any serious argument to the contrary. Instead, it argues that CIPA established a presumption against disclosure, drawing an analogy to the statutory provision for sealing of wiretap applications at issue in In re New York Times Co. to Unseal Wiretap & Search Warrant Materials, 577 F.3d 401 (2d Cir. 2009). It then goes beyond that analogy to argue that the presumption is even stronger because Congress allowed for wiretap materials to be unsealed for good cause but provided no comparable mechanism for CIPA proceedings. However, CIPA is not Title III, and the Government’s argument requires that to be the case in order to succeed.

Simply put, In re New York Times dealt with a statute which included a “manifest congressional intent that wiretap applications be treated confidentially,” id. at 408, but only because it includes a provision that the records themselves “shall be disclosed only upon a showing of good cause before a judge of competent jurisdiction.” 18 U.S.C. § 2518(8)(b). In contrast, CIPA only provides that a hearing shall be held in camera because “a public proceeding may result in the disclosure of classified information.” 18 U.S.C. App 3 § 6(a) (emphasis added). It in no way exhibits any intent that the records created from such a hearing should be presumed undisclosable, nor could it, since by its own terms the hearing might actually include no classified information. In other words, CIPA merely provides a protective procedure to guard against the chance that a hearing may include classified information,2 based solely on the Attorney General’s assertion that it may include classified information—hardly a high bar for the Government to clear. Congress voiced no opinion about what should then happen to the unclassified information included in that hearing, let alone a “manifest congressional intent.”

McClanahan laid out how the CIPA discussions at issue played a role in the exercise of Article III power, noting that the transcripts in question address the elements of the charges against Schulte: the very definition of the Espionage Act (and its application to someone like me, who might be held accountable for disseminating unconfirmed classified information).

The key question then becomes, what was the “role of the material at issue in the exercise of Article III judicial power” and its “resultant value . . . to those monitoring the courts?” United States v. Amodeo, 71 F.3d 1044, 1049 (2d Cir. 1995). The Court itself addressed both of these issues at various times. Most relevantly, it engaged in open court in an extensive discussion of a colloquy that appears to have taken place in the 3 May hearing, telling Government counsel, “I gave you two hypotheticals” about the Government’s interpretation of the scope of the Espionage Act. (Tr. of 7/6/22 Hrg. at 149:3-151:12.) It did so in the context of a discussion of potential jury instructions, and expressed the sentiment several times that the Government’s assertion that a person sharing National Defense Information (“NDI”) that is already in the public domain would still be liable under that statute was “kind of a striking proposition.” The role, then, of these transcripts—and the information they contain—in the exercise of Article III judicial power is clear, as is the resultant value to people monitoring the judicial process. In this case, according to this Court, the Government has—behind closed doors—pressed an argument that a person can violate the Espionage Act by handing a copy of a New York Times article containing leaked NDI to someone else, which is definitely something that interested persons in the field should know, and what they do not know is the degree to which the Government pressed this point, how it defended it, whether it has actually done so in the past, and what other positions it took when it was not expecting the transcripts to become made public.

By the same token, this convergence of factors also definitively demonstrates that the First Amendment right of access attaches to these records, because unlike the hypothetical CIPA hearing that the Government asks the Court to envision, at least this discussion strayed far from a simple discussion of evidentiary issues, with the Government presenting legal arguments about elements of the crime itself. [McClanahan’s italics, my bold]

He argued that the government’s argument went further than the stance it takes on Prepublication Reviews, insofar as we’re just arguing for a First Amendment right to read these transcripts, not publish them.

Simply put, when courts are put in the position of balancing claims related to national security against a writer’s First Amendment concerns, they consistently and without exception find that only classified information tilts the balance. There is no reason for this dynamic to change when it involves a reader’s First Amendment concerns, and while we acknowledge that some district courts have accepted the Government’s arguments, there is no evidence to show that those courts were presented with our argument and no grounds for this Court to follow suit.

Then McClanahan pointed to Judge Furman’s own comments about the colloquy as proof that the government’s claim — that there is no meaningful way to unseal just the unclassified portions of the transcripts — must be false.

In fact, the very existence of the Court’s 6 July summary of the two hypotheticals discussed above demonstrates the frivolousness of these arguments, since: (a) it was neither incoherent not functionally useless; and (b) the Court presumably did not divulge classified information in discussing it.

Judge Furman must have found something novel or persuasive in this argument. When he ordered the government to formally request the continued sealing of the transcripts on November 21, he said they could only submit a reply with his permission. But he just gave the government three pages to to do so.

This challenge could do more than liberate arguments the government made about the Espionage Act in secret. It could challenge the government’s larger views on secrecy in the context of CIPA.

As McClanahan laid out, “the Government has—behind closed doors—pressed an argument that a person can violate the Espionage Act by handing a copy of a New York Times article containing leaked [classified information] to someone else.” When I saw the argument (as relayed in Furman’s July description), I recognized the import of liberating this transcript.

I was only able to make this challenge because McClanahan was able and willing to help — and he can only do so through the support of his non-profit. If you believe fights like this are important and have the ability to include it in your year-end donations, please consider supporting  the effort with a donation via this link or PayPal. Thanks!

If a Bear Shits in a Sealed CIPA Conference, Can It Expand the Espionage Act to the NYT’s Readers?

On May 3, 2022, Judge Jesse Furman posed two hypotheticals to prosecutors in the Joshua Schulte case about whether the Espionage Act would apply to people who disseminated already public information from the Vault 7/Vault 8 leaks: First, a member of the public, having downloaded publicly-posted CIA hacking materials made available by WikiLeaks, who gave those materials to a third party. Second, someone who passed on information from the Vault 7/8 leaks published by the NYT to a third party. In both cases, the government argued that someone passing on already public information from the leaked files could be guilty of violating the Espionage Act.

At least, it appears that the government argued for this expansive hypothetical application of the Espionage Act, based on what Furman said in a discussion about jury instructions on July 6. I’ve put a longer excerpt of the exchange from the discussion about jury instructions below; here’s how Judge Furman instructed the jury on the matter.

The actual discussion in May took place in a hearing conducted as part of the Classified Information Procedures Act, CIPA, the hearings during which the government and defense argue about what kind of classified information must be declassified for trial (I wrote more about CIPA in this post). Because the discussion happened as part of the CIPA process, the hearing itself is currently sealed.

And the government wants it to stay that way.

Both in a letter motion filed on November 11, postured as an update on the classification review of the transcripts of that hearing, and in a December 5 letter motion Furman ordered the government to file formally asking to keep the transcripts sealed, the government argued that CIPA trumps the public’s right of access to such court records.

CIPA’s mandatory sealing of the records of in camera proceedings conducted pursuant to Section 6 supersedes any common law right of access to those records, and neither history, logic, nor the right of attendance at proceedings support a right of access under the First Amendment.

The earlier letter even explained why it wanted to keep the “extensive colloquies” in these hearings sealed.

Beyond that, the extensive colloquies and the specific issues of law discussed at that hearing would reveal, by itself, the specific type of relief sought by the parties on specific subjects, which would in turn provide significant indications about what classified information was at issue, prompting undue speculation that would undermine national security interests.

But this specific issue of law, whether journalists or their readers have legal exposure under the Espionage Act for reporting on leaked, classified material, is not secret. Nor should it be.

That’s why, with the support of National Security Counselors’ Kel McClanahan, I’m intervening in the case to oppose the government’s bid to keep the May 3 and other transcripts sealed. How the government applies the Espionage Act to people who haven’t entered into a Non-Disclosure Agreement with the government to keep those secrets has been a pressing issue for years, made all the more so by the prosecution of Julian Assange. Indeed, the government may have given the answers to Judge Furman’s hypotheticals that they did partly to protect the basis of the Assange prosecution. But for the same reason that the Assange prosecution is a dangerous precedent, the prosecutors’ claims — made in a sealed hearing — that they could charge people who share a NYT article (or an emptywheel post) on the Vault 7 releases raise real Constitutional concerns. As Judge Furman noted, “there are hundreds of thousands of people unwittingly violating the Espionage Act by sharing the New York Times report about the WikiLeaks leak” (and, though he doesn’t say it, tens of thousands sharing the emptywheel reporting about it). And yet no one will learn that fact if the discussion about it remains sealed.

I’m not usually able to intervene in such matters because I don’t have the resources of a big media in-house counsel to do so. McClanahan’s willingness to help makes that possible. National Security Counselors are experts on this kind of national security law, with extensive experience both on the Espionage Act and on CIPA. But the group relies heavily on tax-exempt charitable contributions to be able to do this kind of work. Please consider supporting  the effort with a donation via this link or PayPal. Thanks!

Transcript excerpt

These transcripts were obtained by the Calyx Institute with funding from Wau Holland, the latter of which has close ties to WikiLeaks.

So that’s the context and a little bit of the background. I think I have frankly come around to thinking that for reasons and constitutional avoidance and otherwise that there is a lot to — that Mr. Schulte is not entirely correct but is substantially correct, that is to say that if all — let me put it differently. I think the reason that Mr. Schulte is in a different position with respect to the MCC counts is that he is someone in a position to know whether the information was classified, was NDI, was CIA information and in that sense by virtue of leaking it again, so to speak, he is providing official confirmation but it is the official confirmation that is the new information that would qualify as NDI and I think Rosen kind of highlights that, that particular nuance. I think that distinguishes Mr. Schulte from — I gave you a hypothetical, again, I think it is currently in the classified hearing and therefore not yet public, but I gave you two hypotheticals. I think one is where a member of the public goes on WikiLeaks today and downloads Vault 7 and Vault 8 and then provides the hard dive with the download to someone who is not authorized to receive NDI, and I posed the question of whether that person would be guilty of violating the Espionage Act and I think your answer was yes. That strikes me as a very bold, kind of striking proposition because in that instance, if the person is not in a position to know whether it is actual classified information, actual government information, accurate information, etc., simply providing something that’s already public to another person doesn’t strike me as — I mean, strikes me as, number one, would be sort of surprising if that qualified as a criminal act. But, to the extent that the statute could be construed to the extend to that act one would think that there might be serious constitutional problems with it.

I also posed the hypothetical of the New York Times is publishing something that appears in the leak and somebody sharing that article in the New York Times with someone else. That would be a crime and there, too, I think you said it might well be violation of the law. I think to the extent that that would extend to the New York Times reporter for reporting on what is in the leak, or to the extent that it would extend to someone who is not in position to know or position to confirm, that raises serious constitutional doubts in my mind. That, to me, is distinguishable from somebody who is in a position to know. I think there is a distinction if that person transmits a New York Times article containing classified information and in that transmission does something that confirms that that information is accurate — right — or reliable or government information, then that’s confirmation, it strikes me, as NDI. But it just strikes me as a very bold and kind of striking proposition to say that somebody, who is not in position to know or does not act in a way that would confirm the authenticity or reliability of that information by sharing a New York Times article, could be violating the Espionage Act. That strikes me as a kind of striking proposition.

So all of which is to say I think I have come around to the view that merely sharing something that is already in the public domain probably can’t support a conviction under this provision except that if the sharing of it provides something new, namely, confirmation that it is reliable, confirmation that it is CIA information, confirmation that it is legitimate bona fide national defense information, then that confirmation is, itself, or can, itself, be NDI. I otherwise think that we are just in a terrain where, literally, there are hundreds of thousands of people unwittingly violating the Espionage Act by sharing the New York Times report about the WikiLeaks leak.

MR. DENTON: So, your Honor, I think there is a couple of different issues there and one of them is sort of whether the question that you are posing right now is actually the right question for this moment in time when we are talking about the elements of the offense.

In the context of that earlier discussion, and I will repeat it here, I think one of the things that we emphasized is there is a difference between whether a set of conduct, either the hypotheticals that you describe would satisfy the elements of a violation of 793 as opposed to the separate question of whether a person or an organization in that context would have a well-taken, as-applied First Amendment challenge to the application of the statute to them in that context.

THE COURT: But I have to say — and I recognize this may be in tension with my prior holding on this issue — the First Amendment is an area where somebody — I mean, the overbreadth doctrine in the First Amendment context allows somebody, as to whom a statute could be applied, constitutionally to challenge the statute on the grounds that it does cover conduct that would violate the First Amendment. So in that regard, it is distinct from a vagueness challenge. I think to the extent that you are saying that in those instances — I mean, the reason being that the First Amendment embodies a concept of chilling. If a New York Times reporter doesn’t know whether he is violating the Espionage Act by repeating what is in the WikiLeaks leak notwithstanding the fact that there is serious public interest in it, it may chill the suppression and that suppression is protected by the First Amendment. That’s the point in the overbreadth doctrine.

Go ahead.

Sabrina Shroff Really Wants to Meet in Person with Josh Schulte

Something odd happened in the Josh Schulte case yesterday.

He still has to submit his Rule 29 motion for acquittal and Rule 33 motion for a new trial for his trial. Before the government seized his laptop in a search, they were originally due September 23.

But since the FBI allegedly found Child Sexual Abuse Material on his discovery laptop — the FBI suspects he copied it from the materials allegedly on his home computer via a thumb drive brought into the SCIF storing his discovery — he has been restricted to a typewriter, and so will be given more time to write the filings.

On October 6, Judge Jesse Furman ordered the two sides to come up with a new schedule for those motions by Friday to accommodate that restriction.

The FBI is also investigating Schulte for having contraband on his discovery laptop. Back in September, Schulte insisted that “the only material on the laptop was provided by the government or my attorneys.”

So early yesterday, the government filed a letter, effectively pre-empting one they said that Schulte’s attorney, Sabrina Shroff, had written but not yet docketed. They did so, they said, because hers was inaccurate and did not reflect consultation with Schulte, who is representing himself pro se on the last trial.

Counsel’s letter, which asks the Court to order the means by which the parties carry out their obligation to meet-and-confer about a proposed motions schedule, (i) is materially inaccurate, (ii) seeks unnecessarily burdensome and delay-laden restrictions on what should be a straightforward conversation about a schedule, and (iii) inappropriately attempts to speak on the defendant’s behalf with respect to an issue for which the defendant is pro se. Defense counsel’s letter falsely claims, for example, that the Government previously refused to have calls with the defendant while he was in the MDC and has “repudiated” this practice; when, in fact, the Government previously arranged meet-and-confer calls with the defendant during his courthouse SCIF days because doing so was logistically simpler. Here, where the defendant is no longer produced to the SCIF, the Government proposed a telephone call from the MDC, which defense counsel has been invited to join. When counsel objected to the call, the Government noted that the defendant is pro se and entitled to decide for himself whether or not to participate in the call and, if he declined to do so, the Government would attempt to confer through other means. The Government also offered to respond to a proposed schedule from the defendant conveyed by counsel. Rather than pursue either option or allow the defendant to speak for himself on this pro se matter,1 defense counsel submitted today’s letter to the Court.

1 Counsel’s letter does not assert that the defendant is incompetent to act for himself pro se and makes no representation that the defendant was consulted on the letter.

When Shroff’s letter was finally docketed (with two redactions describing Schulte’s current status, apparently something pertaining to having been moved from his prior cell), it became clear that she’s insisting on using the meet-and-confer as an opportunity to meet with him in person, rather than with her on the call, or barring that, ensuring that anything Schulte say not be used against him.

In the past, the government has fulfilled its meet and confer obligations by calling Mr. Schulte in the SCIF, where one or more of his standby counsel could be physically present and beside Mr. Schulte as he spoke with opposing counsel. During the time Mr. Schulte was entirely pro se, the government refused to have calls with him while he was at MDC-Brooklyn, insisting the calls take place while he was at the SCIF. Each call was recorded by the government and an FBI agent was present for the call.

In repudiation of this prior practice, the government now seeks to meet and confer with Mr. Schulte by arranging a telephone call with him at the MDC, meaning no defense counsel would be physically present next to Mr. Schulte during the call.1 Given (i) the hybrid representation in place; (ii) Mr. Schulte [redacted];2 and (iii) such a setup is not necessary, it would not be prudent for defense counsel to agree to such a meet and confer.

In lieu of the government’s proposal, defense counsel has offered to (i) take the government’s proposed briefing schedule to Mr. Schulte to get his sign-off;3 (ii) allow the meet and confer at the MDC, provided the government can arrange for Mr. Schulte’s counsel to be there physically with him in the same room; (iii) have Mr. Schulte produced at the 500 Pearl Street pens on the 4th floor for the meet and confer; or (iv) if the Court allows the meet and confer to take place outside the physical presence of counsel as the government demands, that the government agree not to use any purported spontaneous statements or questions that may come out during the call against Mr. Schulte at any future legal proceeding. The government has rejected each of these four proposals.

Given this impasse, and the importance of defense counsel being physically next to Mr. Schulte when the Government speaks with him, we respectfully ask the Court to Order the government to adopt one of the four proposals, so the meet and confer can proceed in a manner that allows defense counsel to step in and ensure that Mr. Schulte’s right against self-incrimination and right to counsel are protected.

1 Defense counsel has apprised the government of her unavailability on the government’s chosen date and time of October 19, 2022, and asked at the very least, the call be re-scheduled should the Court not grant the requested relief.

2 Neither the government nor the BOP informed counsel for Mr. Schulte [redacted] The BOP did not provide (for three days in row) the requested emergency legal calls. In person visits were also made unavailable. Counsel was told that the in-person visit could not take place as the room in the SAMs unit was occupied by other counsel, when in fact Mr. Schulte was not on his regular unit.

3 I twice offered to go to the MDC and vet with Mr. Schulte the government’s proposed briefing schedule for the Rule 29 and 33 motion. The government declined to provide its proposed timeline/schedule to me.

While Shroff’s letter sounds sketchy in light of Schulte’s own observation that any contraband had to have come from the government or his lawyers, Shroff is too smart to facilitate Schulte’s crimes. That said, the record suggests that he manipulates every single human being he comes into contact with, including his own family. I think the most likely explanation for any contraband is that he made a seemingly reasonable request for something from his lawyers, and then repurposed it.

The government, meanwhile, has used the recent developments to propose a long delay — with briefing to begin two months from now — on Schulte’s pretrial motions. Now they’re proposing he submit his motions on December 16.

I’ve been wondering how Schulte would respond to being accused of reaccessing CSAM material, something that, if proven, would make proving his pending charges on that easier to prove and also dramatically increase his potential sentence. He’s at the point where he has to be contemplating life in prison.

However he has and will respond, Shroff is worried about him speaking with the government without being present.

FBI Allegedly Found Child Sexual Abuse Material When It Searched Josh Schulte’s Discovery Laptop

For the past several weeks — since his attorney, Sabrina Shroff, filed a letter on September 28 asking why he hadn’t been delivered to the SCIF as expected on September 26 — there has been something weird going on in the docket for Josh Schulte — who in July was convicted of stealing and leaking the CIA’s hacking tools to Wikileaks. She noted there was a probable request that he be withheld from the SCIF in the docket and wanted access to it. Today, the government unsealed three filings explaining what happened: They allegedly caught Schulte with Child Sexual Abuse Material again. Almost four years to the day after he was found using contraband phones in MCC, the government did another search of his cell to figure out whether and how he got the CSAM (which probably came from his discovery pertaining to the files allegedly on his home computer in 2017).

The filings are:

What happened is this:

July 27: The government obtained a warrant for Schulte’s discovery laptop covering contempt and contraband with search run by filter AUSA.

As the Court is aware, on July 27, 2022, United States Magistrate Judge Cheryl L. Pollak of the Eastern District of New York signed a warrant authorizing the seizure and search of the laptop previously provided to the defendant for his use in the Bureau of Prisons for reviewing unclassified discovery and preparing litigation materials in this case (the “Laptop Warrant”), which was at that time located at the Metropolitan Detention Center (“MDC”) in Brooklyn, New York. Pursuant to the terms of the Laptop Warrant, the initial search and review of the contents of the defendant’s laptop for evidence of the subject offenses set forth therein, specifically violations of 18 U.S.C. §§ 401(3) (contempt of court) and 1791(a) (possessing contraband in a correctional facility), is being conducted by agents from the Federal Bureau of Investigation (“FBI”) who are not part of the prosecution team, supervised by an Assistant U.S. Attorney who is also not part of the prosecution team and is experienced in privilege matters (the “Wall Team”), to segregate out any potentially privileged documents or data.

August 26: The FBI discovered an extra thumb drive in the SCIF.

On or about August 26, 2022, Schulte was produced to the Courthouse SCIF and, during that visit, asked to view the hard drive containing the Home CSAM Files from the Home Desktop. The hard drive was provided to Schulte and afterwards re-secured in the dedicated safe in the SCIF. The FBI advised the undersigned that, while securing the hard drive containing the Home CSAM Files, they observed that an unauthorized thumb drive (the “Thumb Drive”) was connected to the SCIF laptop used by Schulte and his counsel to review that hard drive containing the Home CSAM Files. On or about September 8, 2022, at the Government’s request, the CISO retrieved the hard drive containing materials from the Home Desktop from the SCIF and returned it to the FBI so that it could be handled pursuant to the normal procedures applicable to child sexual abuse materials. The CISO inquired about what should be done with the Thumb Drive, which remained in the dedicated SCIF safe. The Government requested that the Thumb Drive remain secured in the SCIF while the Government completed its review of the defendant’s laptop and continued to investigate the defendant’s potentially unauthorized activities.

September 22: FBI discovers “a substantial amount” of suspected CSAM on his discovery laptop with review run by a second AUSA.

[O]n September 22, 2022, the Wall Team contacted one of the FBI case agents handling this matter to inform him that, during the Wall Team’s review of the defendant’s MDC laptop, they had discovered a substantial amount of what appeared to be child sexual abuse materials (the “Laptop CSAM Files”) and to request guidance about how to proceed.

[snip]

[A]nother Assistant U.S. Attorney was assigned to the Wall Team at the request of the undersigned to be able to review the material and assist in obtaining that additional warrant, which this Court issued on September 23, 2022 (the “CSAM Expansion Warrant”).

October 5: FBI executes a search on Schulte’s cell, the SCIF, and electronics in the SCIF.

One warrant, which was issued on October 4, 2022 by United States Magistrate Judge Robert M. Levy of the Eastern District of New York, authorized the search of the defendant’s cell at the MDC and the seizure of certain materials contained therein, including electronic devices (the “MDC Cell Warrant”). The second warrant, which was also issued on October 4, 2022 by this Court, authorized the seizure and search of three specified electronic devices previously used by the defendant in the Courthouse Sensitive Compartmented Information Facility (“SCIF”) in connection with his review of CSAM obtained from the defendant’s home computer equipment and produced in discovery for review in the SCIF (the “CSAM Devices Warrant”). Both the MDC Cell Warrant and the CSAM Devices Warrant contain substantially the same procedures as the CSAM Expansion Warrant for initial review of the seized materials by the Wall Team. Both warrants were executed by the FBI on October 5, 2022.

DOJ is still investigating the discovery laptop for both the contraband and the CSAM. But they’re ready to give Schulte a typewriter so he can write his post-trial motions.

As the Government previously informed defense counsel and the Court, the Government cannot at this point consent to providing the defendant with a replacement laptop under any conditions (D.E. 950), in light of both his convictions of a variety of computer-related offenses and the additional evidence of his misconduct with regard to the previous MDC laptop that was seized. The Government has conferred with legal counsel at the MDC to request that the defendant have access to a typewriter for purposes of drafting these post-trial motions, similar to that available to inmates in general population. MDC legal counsel has indicated that this would likely be possible, subject to approval from the senior management of the MDC.

A Different DOJ Search of Note: Joshua Schulte

Josh Schulte should have grown concerned when David Denton — one of the two AUSAs in charge of his prosecution — didn’t show up to a status conference on July 26.

THE COURT: All right. Good afternoon, everyone. Mr. Lockard, will Mr. Denton be joining us?

MR. LOCKARD: He will not be joining us today.

For that matter, he should have sussed something was up a month earlier, during trial, when Denton objected to Schulte’s bid to introduce a script he wrote as evidence at his trial because of ongoing and escalating security concerns.

[Y]our Honor, we have accepted a continuing expansion of the defendant’s use of a laptop that was originally provided for the purpose of reviewing discovery, but to us, this is really a bridge too far in terms of security concerns, particularly in light of the issues uncovered during the last issue with his laptop and the concerns that the MDC has raised to us about tampering with the law library computer. We have not taken any action in response to that, because we’re in the middle of trial and we’re loath to do things that would disrupt the trial at this point.

As I laid out, among the security concerns Denton was worried about was that, just weeks before trial when Schulte claimed that his laptop was broken, IT staff at the US Attorney’s Office discovered that Schulte had been tampering with the BIOS on his laptop, seemingly in an attempt to bypass WiFi restrictions.

First, with respect to the defendant’s discovery laptop, which he reported to be inoperable as of June 1, 2022 (D.E. 838), the laptop was operational and returned to Mr. Schulte by the end of the day on June 3, 2022. Mr. Schulte brought the laptop to the courthouse on the morning of June 3 and it was provided to the U.S. Attorney’s Office information technology staff in the early afternoon. It appears that the laptop’s charger was not working and, after being charged with one of the Office’s power cords, the laptop could be turned on and booted. IT staff discovered, however, that the user login for the laptop BIOS1 had been changed. IT staff was able to log in to the laptop using an administrator BIOS account and a Windows login password provided by the defendant. IT staff also discovery an encrypted 15-gigabyte partition on the defendant’s hard drive. The laptop was returned to Mr. Schulte, who confirmed that he was able to log in to the laptop and access his files, along with a replacement power cord. Mr. Schulte was admonished about electronic security requirements, that he is not permitted to enable or use any wireless capabilities on the laptop, and that attempting to do so may result in the laptop being confiscated and other consequences. Mr. Schulte returned to the MDC with the laptop.

1 The BIOS is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the booting process. The BIOS settings can determine, for example, whether external ports and wireless capabilities are enabled or disabled.

So DOJ revealed evidence that Schulte was attempting to hack his discovery laptop before trial, Denton implied DOJ was waiting until after trial to do anything about it, and Denton was too busy to show up at the status hearing on July 26.

He appears to have been busy getting a search warrant for the laptop. The government served Schulte with the warrant and seized the offending laptop two days later, on July 28. After Schulte attorney Sabrina Shroff complained, the government explained that since they had not yet charged Schulte in conjunction with the new warrant, they didn’t have to provide their affidavit.

[T]he Government’s investigation of the defendant’s conduct that gave rise to the search warrant is ongoing, no charges related to his use of the laptop have been filed, and the scope and precise nature of the conduct that the Government is investigating are not known either to the public or to the defendant.

If that investigation results in the use of information obtained pursuant to the search warrant, the Government will comply with its discovery obligations promptly.

They did, however, object to getting Schulte a new laptop.

The defendant has seven weeks to draft and file his pro se motions pursuant to Federal Rules of Criminal Procedure 29 and 33, and can do so using the normal resources available to pro se inmates at the Metropolitan Detention Center. The defendant “has the right to legal help through appointed counsel, and when he declines that help, other alternative rights, like access to a [personal laptop], do not spring up.” United States v. Byrd, 208 F.3d 592, 593 (7th Cir. 2000). Particularly in view of the Magistrate Judge’s determination that there is probable cause to believe that the defendant’s previous laptop contains evidence of additional crimes, there is no reason that the defendant should be afforded special access to a new laptop simply because the Court has permitted him to proceed partially pro se for certain matters going forward.

Shroff’s reply, in addition to making a legitimate case that Schulte should be able to get a laptop to finish his Rule 29 and 33 motions, provided more detail of what she knows about the warrant. This is not about espionage. She mentions only additional counts of contempt and possessing contraband, the same charges investigated in 2018 when Schulte’s phone was found (though those crimes seem inconsistent with the security concerns — hacking — described leading up to the trial).

The search warrant itself notes that the government is not alleging it has probable cause for any acts of espionage.

[snip]

Notably, while the government’s letter states the factors which may permit an affidavit to be withheld – e.g., to preserve confidential sources or protect witnesses – the government never explains how those factors possibly could apply here, where someone already incarcerated is accused of violations of Title 18, United States Code, Sections 401(3) (contempt of court) and 1791(a) (possessing contraband in a correctional facility). There are no confidential sources or witness at risk – and production of the affidavit in support of the search warrants implicates none of the articulated concerns.

But that’s not right. It can’t be right. If Schulte got contraband, it means someone — his legal team, his family, or the guards — shared it with him. He has a history of getting the latter two involved in ferrying information or goods improperly. I’m mindful, too, of Schulte’s curious replication of a WikiLeaks-seeded propaganda campaign about Mike Pompeo, even in spite of being on SAMs.

After suggesting there couldn’t be witnesses in a situation where there’d have to be witnesses, Shroff turns the government’s efforts to avoid disrupting Schulte’s trial on its head, claiming it is proof that waiting until after the trial is punitive.

The timing of the search warrant sought by the government as it relates to its stance on a replacement laptop is perhaps informative. Right before start of trial, a guard at the MDC dropped Mr. Schulte’s laptop. See ECF Docket Entry No. 838. In an effort to “fix” the laptop, Mr. Schulte provided it to the government – for that limited purpose. The government then returned the laptop saying it was working but asked Mr. Schulte about the organization of the laptop and then asked the court to admonish Mr. Schulte for manner in which he was maintaining it. The government did nothing more. It did not ask the Court for a search warrant or to curtail Mr. Schulte’s access to the laptop. The government allowed Mr. Schulte to keep his laptop – all through the trial – and only now seeks its seizure. The timing appears punitive and not keyed to any potential harm to a third party.

Ultimately, Judge Jesse Furman declined to intervene, in part because the warrant was obtained in EDNY, not SDNY.