Posts

Or Maybe the FBI Really Did Have a Reason to Stay Off the Russian Attribution?

/33 Comments/in , /by

The Comey whiplash continues.

In the latest development, a single source — a “former FBI official,” offered with no description of how he or she would know — told CNBC that weeks ago Jim Comey refused to join onto the Intelligence Community’s attribution of the DNC hacks to Russia because it was too close to the election.

FBI Director James Comey argued privately that it was too close to Election Day for the United States government to name Russia as meddling in the U.S. election and ultimately ensured that the FBI’s name was not on the document that the U.S. government put out, a former FBI official tells CNBC.

The official said some government insiders are perplexed as to why Comey would have election timing concerns with the Russian disclosure but not with the Huma Abedin email discovery disclosure he made Friday.

In the end, the Department of Homeland Security and The Office of the Director of National Intelligence issued the statement on Oct. 7, saying “The U.S. intelligence community is confident that the Russian Government directed the recent compromises of emails from US persons and institutions, including from US political organizations…These thefts and disclosures are intended to interfere with the US election process.”

[snip]

According to the former official, Comey agreed with the conclusion the intelligence community came to: “A foreign power was trying to undermine the election. He believed it to be true, but was against putting it out before the election.” Comey’s position, this official said, was “if it is said, it shouldn’t come from the FBI, which as you’ll recall it did not.”

In spite of what Hillary said at the most recent debate, the statement was billed as a “Joint Statement,” though it did claim to represent the view of the intelligence community.

Until someone else confirms this story — preferably with more than one source, one clearly placed in a position to know — I advise caution on this.

That’s true, first of all, because a bunch of people who likely harbor grudges against Jim Comey are coming out of the woodwork to condemn Comey’s Friday statement. Given the reasons they might resent Comey, I really doubt Alberto Gonzales or Karl Rove were primarily motivated to criticize him out of a concern for the integrity of our election process.

The same could be true here.

The other reason I’d wait is because of reporting going back to this summer on the case against Russia. As I’ve noted, reporters repeatedly reported that while there seemed little doubt that Russia had hacked the Democrats, the FBI had not yet proven some steps in the chain of possession. For example, at the end of July, FBI was still uncertain who or how the emails from DNC were passed onto WikiLeaks.

The FBI is still investigating the DNC hack. The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

As I noted, the IC attribution statement actually remained non-committal on precisely this step of the process, finding that the leaks of emails were consistent with stuff Russia’s GRU has done in the past, but stopping short of saying (as they had on the hack itself) that it is confident that Russia leaked the files.

Which is to say the same thing the FBI had questions about in July is something that remained non-committal in the October statement, which might be one of a number of reasons (including that FBI wants to retain the ability to prosecute whoever they charge with this, including if it is a currently unknown middleman) that the FBI might not want to be on the attribution. FBI was unwilling to fully commit to the accusation in July, and apparently unwilling to do so in October.

Note that CNBC’s anonymous source, even when confirming that Comey backed the statement, didn’t confirm he backed the whole content of it. The person contrasts the most aggressive quote from the IC statement:

… the U.S. intelligence community is confident that the Russian Government directed the recent compromises …

With this, allegedly from Comey:

A foreign power was trying to undermine the election

Those statements are not the same thing, and it may be that FBI continued to have perhaps not doubts, but unproven holes in the case, that led to caution on the Russia statement.

In any case, it’s not that I believe the anonymous CNBC statement to be impossible. But there is another perfectly consistent explanation for Comey hesitating to name FBI on that IC attribution.

Update: Ellen Nakashima has a version of this story (sourced to more than one person) now. Here’s an excerpt, but definitely read the whole thing for the logic (or lack thereof) FBI used.

In the debate over publicly naming Russia, the FBI has investigative interests to protect, officials said. At the same time, other officials said, the aim of public attribution was to stop Russia from undermining confidence in the integrity of the election.

[snip]

But the White House, Justice Department, State Department and other agencies debated for months whether to officially blame Moscow or not.

Comey’s instincts were to go with the public attribution even as late as August, said one participant in the debate. But as the weeks went by and the election drew nearer, “he thought it was too close,” the official said.

When, by early October, the decision was made, the talk shifted to who would make the announcement. In December 2014, it was the FBI that publicly pointed the finger at North Korea for hacking Sony Pictures Entertainment and damaging its computers. That was because the attribution to Pyongyang was based on the FBI investigation, said a senior administration official.

[snip]

The announcement did not mention the White House, which also had been very concerned about appearing to influence the election.

Anthony Weiner Creates a Virgin Birth for Evidence the Clinton Foundation Investigators Want

/46 Comments/in , /by

WSJ’s Devlin Barrett has a long story he describes as laying bare “tensions that have built for months inside the bureau and the Justice Department over how to investigate someone who could soon be elected president.” It might just as well be described as a catalogue of the ways FBI has gotten out of control.

To show the important background to the decision to get a warrant to access Huma Abedin’s email, I’m going to switch the order of the story from that Barrett uses. Looked at in this way, it becomes clear that by accessing Huma’s email, the FBI may not just have renewed the probably fruitless investigation into Hillary’s email server, but also found a way to access Huma’s emails for use in an investigation of the Clinton Foundation.

FBI ignores Public Integrity orders not to escalate the investigation of the Clinton Foundation

After laying out the recent decision to access Huma Abedin’s email (which I deal with below), Barrett confirms what Comey made obvious with a “neither confirm nor deny” response at his July testimony before the House Oversight Committee (though a flood of leaks had long claimed such an investigation existed).

The FBI has been investigating the Clinton Foundation for over a year.

As Barrett describes it, the case arose because Agents were seeing if a crime was committed, not because they had found evidence that it had:

Early this year, four FBI field offices—New York, Los Angeles, Washington and Little Rock, Ark.—were collecting information about the Clinton Foundation to see if there was evidence of financial crimes or influence-peddling, according to people familiar with the matter.

He describes that in February, when Andrew McCabe got promoted to Deputy Director, he took over oversight of this investigation. (In an earlier article Barrett insinuated that an earlier Terry McAuliffe donation to McCabe’s wife’s state senate campaign presented a conflict, but in this article Barrett provides McAuliffe’s explanation for the donation.) Also in February — Barrett doesn’t say whether McCabe was involved — investigative teams located in Los Angeles, DC, Little Rock, and New York (he doesn’t say whether they were in EDNY or SDNY or both, which is relevant to a later development in the story) presented their case to DOJ’s Public Integrity (PIN) section.

Here’s how Barrett describes that meeting:

Some said that is because the FBI didn’t present compelling evidence to justify more aggressive pursuit of the Clinton Foundation, and that the career anticorruption prosecutors in the room simply believed it wasn’t a very strong case. Others said that from the start, the Justice Department officials were stern, icy and dismissive of the case.

“That was one of the weirdest meetings I’ve ever been to,” one participant told others afterward, according to people familiar with the matter.

Anticorruption prosecutors at the Justice Department told the FBI at the meeting they wouldn’t authorize more aggressive investigative techniques, such as subpoenas, formal witness interviews, or grand-jury activity. But the FBI officials believed they were well within their authority to pursue the leads and methods already under way, these people said.

Mind you, seven paragraphs before describing PIN telling the FBI it would not authorize subpoenas, Barrett described the Los Angeles team having “issued some subpoenas for bank records related to the foundation.” So when he says FBI officials believed they could pursue leads and methods already under way, it may mean they decided they could use the fruit of subpoenas PIN subsequently judged weren’t merited by the evidence.

In July, after DOJ decided not to prosecute anyone on the email server and Comey started blabbing (including his non-denial of the existence of this investigation), FBI “sought to refocus the Clinton Foundation probe,” which sounds a lot like redoubling efforts to find something to investigate Hillary for. (Note, this entire article makes no mention of the June Supreme Court decision throwing out much of former VA governor Bob McDonnell’s conviction, which would have significantly raised the bar for any prosecution of the Clinton Foundation.) McCabe bracketed the DC work focusing on Terry McAuliffe, from which he was recused, and put NY in charge of the rest.

Barrett spends a paragraph airing both sides of a dispute about whether that was the right decision, then describes a (male, and therefore someone besides Loretta Lynch or Sally Yates) senior DOJ official bitching out McCabe for continuing to pursue the Clinton Foundation investigation, especially during the election.

According to a person familiar with the probes, on Aug. 12, a senior Justice Department official called Mr. McCabe to voice his displeasure at finding that New York FBI agents were still openly pursuing the Clinton Foundation probe during the election season. Mr. McCabe said agents still had the authority to pursue the issue as long as they didn’t use overt methods requiring Justice Department approvals.

The Justice Department official was “very pissed off,” according to one person close to Mr. McCabe, and pressed him to explain why the FBI was still chasing a matter the department considered dormant.

Barrett spends several paragraphs airing both sides of what happened next, whether FBI agents were ordered to stand down entirely or whether McCabe said they could continue to investigate within the existing guidelines.

FBI attempts to venue shop to get at Clinton server emails

Even after that order, the Clinton Foundation investigators tried to get more — specifically, all the emails turned over in the email server investigation. When EDNY (as a reminder, that’s where Loretta Lynch was until last year US Attorney) refused, the investigators asked to go get them in SDNY.

In September, agents on the foundation case asked to see the emails contained on nongovernment laptops that had been searched as part of the Clinton email case, but that request was rejected by prosecutors at the Eastern District of New York, in Brooklyn. Those emails were given to the FBI based on grants of partial immunity and limited-use agreements, meaning agents could only use them for the purpose of investigating possible mishandling of classified information.

Some FBI agents were dissatisfied with that answer, and asked for permission to make a similar request to federal prosecutors in Manhattan, according to people familiar with the matter. Mr. McCabe, these people said, told them no and added that they couldn’t “go prosecutor-shopping.”

Several comments on this: First, McCabe did the right thing here in refusing to let his agents venue shop until they got their way. I hope he would do the same in a less visible investigation where senior DOJ officials were chewing him out for conducting the investigation in the first place.

Second, consider how the timing of this coincides with both leaks about the immunity agreements, Jason Chaffetz’ inquiry into the same, and two sets of email server related materials. As one key example, on October 5, just weeks after McCabe told his Agents they couldn’t go “prosecutor-shopping” to get to the emails released in the email server probe, Republicans were releasing details of their in camera review of the terms of the immunity agreements used to deny the Clinton Foundation investigations access to the emails. We should assume that some entities within the FBI are using all angles, using Chaffetz’ investigations to publicize decisions that have thwarted their investigation.

Did FBI Agents review the content of Huma Abedin’s email without a warrant?

So sometime in September, the Clinton foundation team was told they couldn’t have emails associated with the server investigation that were tied to immunity agreements. On October 3 (per the NYT), FBI agents seized a number of devices, including a laptop used jointly by Anthony Weiner and Huma Abedin with a warrant permitting just the investigation of Weiner’s alleged sexting of an underaged woman (curiously, Barrett says they were permitted to look for child porn). Shortly thereafter, they found found emails from accounts, plural, of Huma Abedin on the laptop. Multiple reports suggest those emails may be duplicative of the ones that FBI had just been told they couldn’t access because of the immunity agreements tied to other devices.

There’s no reason to believe FBI found those potentially duplicative emails because they were prohibited from accessing the ones turned over voluntarily as part of the email server probe (in any case, they are presented as different investigative teams, although the description of this sprawling Clinton Foundation investigation may explain why earlier leaks said 147 people were part of the Clinton investigation); it’s just one of those coinkydinks that seem to plague the Clintons.

At that point, per Barrett, “Senior FBI officials decided to let the Weiner investigators proceed with a closer examination of the metadata on the computer, and report back to them.” Early last week (so two or three weeks later), some asked how that weeks-long review of the Huma emails (allegedly just the metadata) was going.

“At that point, officials realized that no one had acted to obtain a warrant, these people said.”

In other words, for several weeks, FBI has been nosing around those emails without court authorization to do so in conjunction with the email server investigation (which may or may not have been formally closed). If they really stuck to metadata, that’s no big deal under Third Party rules. If they did peek — even at subject lines — then that may be a bigger problem.

Only then did the Weiner investigators compare notes with the Hillary investigators and decide the emails were relevant. Barrett doesn’t answer the obvious question: how did the Weiner investigators determine these emails might be relevant and did they really just review only metadata? Given all the stories to FBI friendly sources claiming Comey — and implying no one — has seen the content of the email, I suspect the answer is Weiner investigators went beyond metadata.

The background Barrett provides gives more significance to FBI’s decision to (perhaps belatedly) obtain a warrant to get Huma’s email and to Comey’s highly inappropriate magnification of it. Not only have they reopened (or renewed — reports on this are still all over the map on this point) the email investigation, but they’ve also created a virgin birth for emails that the Clinton foundation investigators tried — and were willing to venue shop — but failed to get.

FBI leaking has neutralized DOJ’s control over the Bureau

This story shows that FBI has tried a number of methods to defy PIN advice to drop the investigation into the Clinton Foundation.

I don’t know whether the investigation into the Clinton Foundation has merit or not (though given Barrett’s explanation, it does seem that some in FBI were looking for a crime rather than looking to solve one).

But I do know that if FBI agents operate outside of bounds on their power, they constitute a grave threat to the rule of law.

And Barrett’s article suggests at least three ways they appear to have done just that:

  • Fiddling with investigative guidelines of the DIOG (by using subpoenas without the appropriate level of investigation and authority)
  • Attempting to venue shop to get permission to access evidence they were told they couldn’t have
  • Leaking promiscuously, in clear violation of the rules, to bring political pressure including on Comey to conduct an investigation their supervisors had told them to either limit or halt

That promiscuous leaking, of course, includes this article, which relied on a great number of sources, almost none of whom should be speaking about this investigation. Don’t get me wrong — it’s great reporting on Barrett’s part. But it also serves the purpose of airing the claim that McCabe, PIN, and DOJ generally have thwarted an investigation into the Clinton Foundation that some at FBI believe has merit.

In addition, I’ve got questions about whether they read Huma’s email when they were supposed to just be looking at metadata.

Whatever else Comey’s totally inappropriate behavior reflects, his justification for doing so because it otherwise might leak suggests he doesn’t have control over his agency. Though given his coy response to Chaffetz in July, I do wonder whether he isn’t rooting for the Clinton foundation investigation to proceed; whatever else he is, Comey is a master of using the press to win political fights.

And remember, the FBI (under Comey) has undermined one of the few irreproachable entities that might fix this sorry state of affairs. It has refused, now backed by an OLC opinion, to give DOJ’s Inspector General the unfettered right to investigate things like grand jury proceedings (though given that no grand jury was used in these cases, it might be harder to keep them out here). So if Patrick Leahy were to ask Michael Horowitz to investigate whether FBI acted inappropriately in these related investigations — and he should! — FBI might be able to withhold information from the IG.

A bunch of people who have unquestioned faith in the goodness of DOJ — now including Eric Holder, the guy who couldn’t prosecute a single criminal bank — have been, rightly, scolding Comey for his actions. But they have largely remained utterly silent about the runaway agents at the FBI, both about their obvious leaking and now about their efforts to sustain this investigation in defiance of at least some of the chain of command, including career prosecutors who should be fairly insulated from any political influence that someone like Lynch might respond to.

As I said, I’m agnostic about the investigation of the Clinton Foundation. I’m not agnostic on the importance of keeping FBI firmly within the bureaucratic bounds that prevents them from acting as an abusive force.

They seem to have surpassed those bounds.

The Story About Judicial Dysfunction Behind the Comey Whiplash

/58 Comments/in , , /by

I’ve been home from Europe for less than a day and already I’m thinking of sporting a neck collar for the whiplash I’ve gotten watching the wildly varying Jim Comey opinions.

I’m speaking, of course, of the response to Jim Comey’s highly unusual announcement to sixteen Chairs and Ranking Members of congressional committees (at least some of which Comey did not testify to) that the investigative team — presumably on the Clinton case — briefed him Thursday that FBI discovered additional emails in an unrelated case — now known to be the investigation into Anthony Weiner allegedly sexting a 15 year old — and he approved their request to take the steps necessary to be able to review those emails.

Effectively, the Weiner investigators, in reviewing the content from devices seized in that investigation, found emails from Huma Abedin, told the Hillary investigative team, and they’re now obtaining a warrant to be able to review those emails.

So of course the Republicans that had been claiming Comey had corruptly fixed the investigation for Hillary immediately started proclaiming his valor and Democrats that had been pointing confidently to his exoneration of Hillary immediately resumed their criticism of his highly unusual statements on this investigation. Make up your minds, people!

For the record, I think his initial, completely inappropriate statements made this inevitable. He excuses Friday’s statement as formally correcting the record of his testimony. The claim is undermined by the fact that not all recipients of the letter had him testify. But I think once you start the process of blabbing about investigations, more blabbing likely follows. I don’t mean to excuse this disclosure, but the real sin comes in the first one, which was totally inappropriate by any measure. I’m also very unsympathetic with the claim —  persistently offered by people who otherwise cheer Comey — that he released his initial statement to help Loretta Lynch out of the jam created by her inappropriate meeting with Bill Clinton; I think those explanations stem from a willful blindness about what a self-righteous moralist Comey is.

Of course I’ve been critical of Comey since long before it was cool (and our late great commenter Mary Perdue was critical years before that).

But I’d like to take a step back and talk about what this says about our judicial system.

Jim Comey doesn’t play by the rules

Jamie Gorelick (who worked with Comey when she was in DOJ) and Larry Thompson (who worked with Comey when Comey was US Attorney and he was Deputy Attorney General, until Comey replaced him) wrote a scathing piece attacking Comey for violating the long-standing prohibition on doing anything in an investigation pertaining to a political candidate in the 60 days leading up to an election. The op-ed insinuates that Comey is a “self-aggrandizing crusader[] on [a] high horse” before it goes on to slam him for making himself the judge on both the case and Hillary’s actions.

James B. Comey, put himself enthusiastically forward as the arbiter of not only whether to prosecute a criminal case — which is not the job of the FBI — but also best practices in the handling of email and other matters. Now, he has chosen personally to restrike the balance between transparency and fairness, departing from the department’s traditions. As former deputy attorney general George Terwilliger aptly put it, “There’s a difference between being independent and flying solo.”

But the real meat is that there’s a rule against statements like the one Comey made, and Comey broke it.

Decades ago, the department decided that in the 60-day period before an election, the balance should be struck against even returning indictments involving individuals running for office, as well as against the disclosure of any investigative steps. The reasoning was that, however important it might be for Justice to do its job, and however important it might be for the public to know what Justice knows, because such allegations could not be adjudicated, such actions or disclosures risked undermining the political process. A memorandum reflecting this choice has been issued every four years by multiple attorneys general for a very long time, including in 2016.

If Comey is willing to break this rule in such a high profile case, then what other rules is he breaking? What other judgements has Comey made himself arbiter of? Particularly given Comey’s persistent discussion of FBI’s work in terms of “good guys” and “bad guys” — as opposed to criminal behavior — that seems a really pertinent question.

As with James Clapper, Loretta Lynch can’t control Comey

Gorelick (who has been suggested among potential Clinton appointees) and Thompson go easier on Lynch, however, noting that she didn’t order him to stand down here, but ultimately blaming Comey for needing to be ordered.

Attorney General Loretta E. Lynch — nominally Comey’s boss — has apparently been satisfied with advising Comey but not ordering him to abide by the rules. She, no doubt, did not want to override the FBI director in such a highly political matter, but she should not have needed to. He should have abided by the policy on his own.

But since John Cornyn confronted Lynch in March about who would make decisions in this case — “Everyone in the Department of Justice works for me, including the FBI, sir,” Lynch forcefully reminded Cornyn — it has been clear that there’s a lot more tension than the org chart would suggest there should be.

The NYT provides more details on how much tension there is.

The day before the F.B.I. director, James B. Comey, sent a letter to Congress announcing that new evidence had been discovered that might be related to the completed Hillary Clinton email investigation, the Justice Department strongly discouraged the step and told him that he would be breaking with longstanding policy, three law enforcement officials said on Saturday.

Senior Justice Department officials did not move to stop him from sending the letter, officials said, but they did everything short of it, pointing to policies against talking about current criminal investigations or being seen as meddling in elections.

And it’s not just Lynch that has problems managing FBI.

In a response to a question from me in 2014 (after 56:00), Bob Litt explained that FBI’s dual role creates “a whole lot of complications” and went on to admit that the office of Director of National Intelligence — which is supposed to oversee the intelligence community — doesn’t oversee the FBI as directly.

Because FBI is part of the Department of Justice, I don’t have the same visibility into oversight there than I do with respect to the NSA, but the problems are much more complicated because of the dual functions of the FBI.

Litt said something similar to me in May when we discussed why FBI can continue to present bogus numbers in its legally mandated NSL reporting.

Now these are separate issues (though the Clinton investigation is, after all, a national security investigation into whether she or her aides mishandled classified information). But if neither the DNI nor the AG really has control over the FBI Director, it creates a real void of accountability that has repercussions for a whole lot of issues and, more importantly, people who don’t have the visibility or power of Hillary Clinton.

The FBI breaks the rules all the time by leaking like a sieve

Underlying this entire controversy is another rule that DOJ and FBI claim to abide by but don’t, at all: FBI is not supposed to reveal details of ongoing investigations.

Indeed, according to the NYT, Comey pointed to the certainty that this would leak to justify his Friday letter.

But although Mr. Comey told Congress this summer that the Clinton investigation was complete, he believed that if word of the new emails leaked out — and it was sure to leak out, he concluded — he risked being accused of misleading Congress and the public ahead of an election, colleagues said.

Yet the US Attorney’s Manual, starting with this language on prejudicial information and continuing into several more clauses, makes it clear that these kinds of leaks are impermissible.

At no time shall any component or personnel of the Department of Justice furnish any statement or information that he or she knows or reasonably should know will have a substantial likelihood of materially prejudicing an adjudicative proceeding.

Comey, the boss of all the FBI Agents investigating this case, had another alternative, one he should have exercised months ago when it was clear those investigating this case were leaking promiscuously: demand that they shut up, conduct investigations of who was leaking, and discipline those who were doing so. Those leaks were already affecting election year concerns, but there has been little commentary about how they, too, break DOJ rules.

But instead of trying to get FBI Agents to follow DOJ guidelines, Comey instead decided to violate them himself.

Again, that’s absolutely toxic when discussing an investigation that might affect the presidential election, but FBI’s habitual blabbing is equally toxic for a bunch of less powerful people whose investigative details get leaked by the FBI all the time.

[Update: Jeffrey Toobin addresses the role of leaks more generally here, though he seems to forget that the Hillary investigation is technically a national security investigation. I think it’s important to remember that, especially given Hillary’s campaign focus on why FBI isn’t leaking about the investigation into Trump’s ties to Russia, which would also be a national security investigation.]

Warrantless back door searches do tremendous amounts of damage

Finally, think about the circumstances of the emails behind this latest disclosure.

Reports are currently unclear how much the FBI knows about these emails. The NYT describes that the FBI seized multiple devices in conjunction with the Weiner investigation, including the laptop on which they found these emails.

On Oct. 3, F.B.I. agents seized several electronic devices from Mr. Weiner: a laptop, his iPhone and an iPad that was in large measure used by his 4-year-old son to watch cartoons, a person with knowledge of the matter said. Days later, F.B.I. agents also confiscated a Wi-Fi router that could identify any other devices that had been used, the person said.

While searching the laptop, the agents discovered the existence of tens of thousands of emails, some of them sent between Ms. Abedin and other Clinton aides, according to senior law enforcement officials. It is not clear if Ms. Abedin downloaded the emails to the laptop or if they were automatically backed up there. The emails dated back years, the officials said. Ms. Abedin has testified that she did not routinely delete her emails.

Presumably, the warrant to seize those devices permits the FBI agents to go find any evidence of Weiner sexting women (or perhaps just the young woman in question).

And admittedly, the details NYT’s sources describe involve just metadata: addressing information and dates.

But then, Comey told Congress these emails were “pertinent” to the Clinton investigation, and other details in reports, such as they might be duplicates of emails already reviewed by the FBI, suggest the Weiner investigators may have seen enough to believe they might pertain to the inquiry into whether Clinton and her aides (including Huma) mishandled classified information. Moreover, the FBI at least thinks they will be able to prove there is probable cause to believe these emails may show the mishandling of classified information.

Similarly, there are conflicting stories about whether the Hillary investigation was ever closed, which may arise from the fact that if it were (as Comey had suggested in his first blabby statements), seeking these emails would require further approval to continue the investigation.

The point, though, is that FBI would have had no idea these emails existed were it not for FBI investigators who were aware of the other investigation alerting their colleagues to these emails. This has been an issue of intense litigation in recent years, and I’d love for Huma, after the election, to submit a serious legal challenge if any warrant is issued.

But then, in this case, Huma is being provided far more protection than people swept up in FISA searches, where any content with a target can be searched years into the future without any probable cause or even evidence of wrong-doing. Here, Huma’s emails won’t be accessible for investigative purpose without a warrant (in part because of recent prior litigation in the 2nd Circuit), whereas in the case of emails acquired via FISA, FBI can access the information — pulling it up not just by metadata but by content — with no warrant at all.

[Update: Orin Kerr shares my concerns on this point — with the added benefit that he discusses all the recent legal precedents that may prohibit accessing these emails.]

This is a good example of the cost of such investigations. Because the FBI can and does sweep so widely in searches of electronic communications, evidence from one set of data collection can be used to taint others unrelated to the crime under investigation.

All the people writing scathing emails about Comey’s behavior in this particular matter would like you to believe that this issue doesn’t reflect on larger issues at DOJ. They would like you to believe that DOJ was all pure and good and FBI was well-controlled except for this particular investigation. But that’s simply not the case, and some of these issues go well beyond Comey.

Update: Minor changes were made to this post after it was initially posted.

FBI’s Surveillance Arbitrage, First Amendment Edition

/in /by

While I was cycling around Provence without a care in the world last week, DOJ’s Inspector General released an IG Report mandated by the USA Freedom Act. It reports on the use of Section 215 from 2012 to 2014 (which means NSA and FBI have successfully avoided any review of their 215 orders from 2010 and 2011, not to mention any review of CIA’s use of the provision). The key takeaway is that the application process to get Section 215 orders is very time consuming — over 100 days on average. Which is probably why Republican Senators have been trying to permit FBI to obtain Electronic Communications Transaction Records with just a National Security Letter since the report was released to Congress in June.

The report also noted a sharp drop-off in the use of 215 orders in recent years, which I’ve been tracking here.

Those two factors are useful background for some other details in the report, however. First, DOJ and FBI interviewees offered many explanations for the decline in Section 215 use, one of which is Edward Snowden, but two more credible ones of which are the use of other authorities to get the same information, Section 702 or grand jury subpoenas.

NSD and FBI personnel attributed the subsequent decline between 2013 and 2015 to several factors, including the stigma attached to the use of Section 215 authority following the Snowden revelations, increased use of Section 702 of the FISA Amendments Act, providers’ resistance to business records orders, agents’ frustrations with the lack of timeliness and level of oversight in the business records process, and agents’ increasing use of criminal legal process instead of FISA authority in counterterrorism and cyber investigations.

They key point, though, is for most uses, there are other ways to get the same information. There is a limit to that, though. Apparently, grand jury subpoenas are only possible for counterterrorism and cybersecurity investigations, not counterintelligence ones.

When asked about this disparity, agents told us that business records orders frequently are the only option available in counterintelligence investigations given the nature and classification of the information involved. By contrast, agents handling counterterrorism and cyber investigations can in some instances open a parallel criminal investigation and use the grand jury process to obtain the same information more quickly and with less oversight than a business records order.

That’s why I’m so interested in a discussion of the applications that got filed — in counterterrorism cases — but either not submitted or withdrawn from the FISC in this period.

screen-shot-2016-10-07-at-10-51-46-am

Remember, the way the government and FISC avoid rejected applications is by not submitting or withdrawing things that it is clear the FISC won’t approve. What this redacted section effectively says is that at least “several” requests based on a target’s statements about jihad were withdrawn, apparently in the wake of a February 2013 order from John Bates on what constitutes targeting for First Amendment reasons.

We’ve seen a heavily redacted version of that opinion. As I laid out here, it’s a classic John Bates opinion: it hems and haws about Executive Branch behavior, but then approves the behavior in question (at least in this case, Bates didn’t approve an expansion of the questionable behavior, as he did in 2010 with the Internet dragnet).

Effectively Bates appears to have objected to the use of a target’s language (perhaps, support for jihad without endorsement of specific threats) in obtaining a Section 215 order, but then pointed to other peoples’ behavior in finding that the order didn’t stem exclusively from First Amendment protected activities.

And the IG Report says that, apparently in the wake of that wishy-washy opinion, DOJ decided to withdraw several applications based on stated support for jihad.

Remember, in 2006, the FBI withdrew two attempts at a 215 order because of FISC’s First Amendment concerns only to get the same information with NSLs. (See page 68ff) Congress made a particularly big stink about it, because the FBI was acting on its own in spite of FISC’s disapproval.

This feels similar. That is, given that FBI was already moving its Section 215 orders to grand jury subpoenas because they’re easier to get and undergo less oversight, it sure seems likely these requests reappeared as such. Unlike the earlier IG report that confirmed FBI arbitraged surveillance authorities to get around First Amendment protections, this report appears not to have pursued the issue (as I understand it, the declassification of this report was handled exclusively through redactions).

They did, however, ask why DOJ doesn’t track applications that are withdrawn, to avoid the appearance that the FISC is a rubber stamp. DOJ’s answer was rather unpersuasive.

The FISA Court did not deny any business records applications between 2012 and 2014. When asked why applications withdrawn after submission of a read copy to the FISA Court were not reported to Congress, potentially creating the inadvertent impression that the FISA Court is a “rubber stamp,” NSD supervisors told us that the Department includes only business records applications formally submitted to the FISA Court and denied or withdrawn, not those filed in “read copy” and subsequently withdrawn. 41 The NSD supervisors acknowledged that excluding applications withdrawn after the FISA Court indicates that it will not sign an order might lead to misunderstandings about the FISA Court’s willingness to question applications, but the supervisors noted that NSD and the FISA Court have talked about the “read” process publicly to address concerns about this. 42 In comments provided to the OIG after reviewing a draft of this report, NSD stated that it is currently considering whether to revise the methodology for counting withdrawn applications.

My guess is they want to avoid any records of withdrawn applications for those times when they do use a grand jury subpoena to obtain stuff that FISC made known it wouldn’t approve. That detail might have to be disclosed to defendants, after all. Here, there’s less paperwork.

It all seems to support a theory that the FBI continues to arbitrage surveillance authorities (as they, by their own admission, do with location tracking). With location tracking, there’s nothing patently illegal about that. But with First Amendment protections, that sure seems dubious.

The Misunderstandings of the Anti-Transparency Hillary-Exonerating Left

/13 Comments/in , /by

It wasn’t enough for Matt Yglesias to write a widely mocked piece calling for less transparency, now Kevin Drum has too. It all makes you wonder whether there’s some LISTERV somewhere — the successor to JOURNOLIST, from which leaked emails revealed embarrassing discussions of putting politics above principle, perhaps — where a bunch of center-left men are plotting about how to finally end the email scandal that Hillary herself instigated with a stupid decision to host her own email. Especially given this eye-popping paragraph in Drum’s piece:

Part of the reason is that Hillary Clinton is a real object lesson in how FOIA can go wrong when it’s weaponized. Another part is that liberals are the biggest fans of transparency, and seeing one of their own pilloried by it might make them take a second look at whether it’s gone off the rails. What we’ve seen with Hillary Clinton is not that she’s done anything especially wrong, but that a story can last forever if there’s a constant stream of new revelations. That’s what’s happened over the past four years. Between Benghazi committees and Judicial Watch’s anti-Hillary jihad, Clinton’s emails have been steadily dripped out practically monthly, even though there’s never been any compelling reason for it. It’s been done solely to keep her alleged corruption in the public eye.

Even setting aside that his piece generally ignores (perhaps, betrays no knowledge of) the widely-abused b5 exemption that already lets people withhold precisely the kinds of deliberations that Drum wants to kill FOIA over (and is used to withhold a lot more than that), this paragraph betrays stunning misunderstanding about the Clinton email scandal. Not least, the degree to which many of the delays have arisen from Clinton’s own actions.

It led me to go back to read this post, which engages in some cute spin and selective editing, but really gives up the game in this passage.

Oddly, the FBI never really addresses the issue of whether Hillary violated federal record retention rules. They obviously believe that she should have used a State email account for work-related business, but that’s about it. I suppose they decided it was a non-issue because Hillary did, in fact, retain all her emails and did, in fact, turn them over quickly when State requested them.

There’s also virtually no discussion of FOIA. What little there is suggests that Hillary’s only concern was that her personal emails not be subjected to FOIA simply because they were held on the same server as her work emails.

Of course the FBI never really addresses how Hillary violated the Federal Records Act. Of course the FBI never really addresses how Hillary tried to avoid FOIA. (Note too that Drum ignores that some of those “personal” emails have been found to be subject to FOIA and FRA and Congressional requests; they weren’t actually personal.)

That’s because this wasn’t an investigation into violating the Federal Records Act. As I wrote in this post summarizing Jim Comey’s testimony to Oversight and Government Reform:

The FBI investigation that ended yesterday only pertained to that referral about classified information. Indeed, over the course of the hearing, Comey revealed that it was narrowly focused, examining the behavior of only Clinton and four or five of her close aides. And it only pertained to that question about mishandling classified information. That’s what the declination was based on: Comey and others’ determination that when Hillary set up her home-brew server, she did not intend to mishandle classified information.

This caused some consternation, early on in the hearing, because Republicans familiar with Clinton aides’ sworn testimony to the committee investigating the email server and Benghazi were confused how Comey could say that Hillary was not cleared to have her own server, but aides had testified to the contrary. But Comey explained it very clearly, and repeatedly. While FBI considered the statements of Clinton aides, they did not review their sworn statements to Congress for truth.

That’s important because the committee was largely asking a different question: whether Clinton used her server to avoid oversight, Federal Record Act requirements, the Benghazi investigation, and FOIA. That’s a question the FBI did not review at all. This all became crystal clear in the last minutes of the Comey testimony.

Chaffetz: Was there any evidence of Hillary Clinton attempting to avoid compliance with the Freedom of Information Act?

Comey: That was not the subject of our criminal investigation so I can’t answer that sitting here.

Chaffetz: It’s a violation of law, is it not?

Comey: Yes, my understanding is there are civil statutes that apply to that. I don’t know of a crimin–

Chaffetz: Let’s put some boundaries on this a little bit — what you didn’t look at. You didn’t look at whether or not there was an intention or reality of non-compliance with the Freedom of Information Act.

Comey: Correct.

Having started down this path, Chaffetz basically confirms what Comey had said a number of times throughout the hearing, that FBI didn’t scrutinize the veracity of testimony to the committee because the committee did not make a perjury referral.

Chaffetz: You did not look at testimony that Hillary Clinton gave in the United States Congress, both the House and the Senate?

Comey: To see whether it was perjurious in some respect?

Chaffetz: Yes.

Comey: No we did not.

[snip]

Comey: Again, I can confirm this but I don’t think we got a referral from Congressional committees, a perjury referral.

Chaffetz: No. It was the Inspector General that initiated this.

Now, let me jump to the punch and predict that OGR will refer at least Hillary’s aides, and maybe Hillary herself, to FBI for lying to Congress. They might even have merit in doing so, as Comey has already said her public claims about being permitted to have her own email (which she repeated to the committee) were not true. Plus, there’s further evidence that Hillary used her own server precisely to maintain control over them (that is, to avoid FOIA).

As I said in my earlier post, I’m loathe to admit this, because I’d really like to be done with this scandal (I’d like, even more, to come up with sensible policy proposals like fixing email and text archiving to prevent this from happening in every presidential administration). All the questions about whether Hillary chose to keep her own server to avoid oversight (or, as Chaffetz asked today, to obstruct OGR’s investigation) has never been investigated by FBI. Those requests even have more merit than Democrats are making out — in part for precisely this reason, FBI has never considered at least some evidence to support the case Hillary deliberately avoided FRA, including a string of really suspicious timing. As I wrote in my other post, I also think they won’t amount to anything, in part because these laws (including laws prohibiting lying to Congress) are so toothless. But they are a fair question.

All that said, it is incorrect to take a report showing the FBI not charging Hillary for intentionally mishandling classified information and conclude from that that hers is an example of FRA and FOIA gone amuck. On the contrary. Hillary has never been exonerated for trying to avoid FOIA and FRA. The evidence suggests it would be hard to do that.

Jim Comey Impugns Pot Smokers Again

/8 Comments/in , /by

Reason reports that the American Legion just passed a resolution calling on Congress to reclassify cannabis.

One of the potential medical values of medical marijuana is as a treatment for Post-Traumatic Stress Disorder (PTSD). And in what must certainly at this point make it abundantly clear where the majority of Americans stand on marijuana use, the American Legion has just voted at its national convention to support a resolution calling on Congress to legislatively reclassify cannabis and place it in a category that recognizes its potential value.

The resolution, readable here at marijuana.com, highlights a number of important statistics that have helped push the Legion to support it. Across two years, the Department of Veterans Affairs have diagnosed thousands of Afghanistan and Iraq War veterans as having PTSD or Traumatic Brain Injuries (TBI). More than 1,300 veterans in fiscal year 2009 were hospitalized for brain injuries. And the resolution notes that systems in the brain can respond to 60 different chemicals found in cannabis.

Therefore, the American Legion wants the DEA to license privately-funded medical marijuana and research facilities and to reclassify marijuana away from being lumped in with drugs like cocaine and meth.

If veterans suffering from PTSD were able to use cannabis as treatment, we would have to add them to the list of people — like Malia Obama — whom Jim Comey thinks don’t have integrity.

For the second time in as many months, Comey last week used the example of people who smoke pot (on their way to an interview, at least) to describe a lack of integrity.

To have a cyber special agent, you need three buckets of attributes. You need integrity, which is non-negotiable. You need physicality. We’re going to give you a gun on behalf of the United States of America, you need to be able to run, fight, and shoot. So there’s a physicality required. And obviously there’s an intelligence we need for any special agent, but to be a cyber special agent, we need a highly sophisticated, specialized technical expertise.

Those three buckets are rare to find in the same human being in nature. We will find people of great integrity, who have technical talent, and can’t squeeze out more than two or three push-ups. We may find people of great technical talent who want to smoke weed on the way to the interview. So we’re staring at that, asking ourselves, “Are there other ways to find this talent, to equip this talent, to grow this talent?” One of the things we’re looking at is, if we find people of integrity and physicality and high intelligence, can we grow our own cyber expertise inside the organization? Or can we change the mix in cyber squads? A cyber squad today is normally eight special agents—gun-carrying people with integrity, physicality, high intelligence, and technical expertise. Ought the mix to be something else? A smaller group of this, and a group of high-integrity people with technical expertise who are called cyber investigators?

I get that this cute labeling of pot smokers as lacking integrity is part of his script (he used almost the same lines in both speeches), perhaps to avoid thinking about what it means that our nation can’t best fight the alleged biggest threat to it because of outdated laws. But either he has given no thought about the words that are falling out of his mouth (indeed, he also seems to have no understanding of the the words “adult” and “mature” mean, which are other words he tends to wield in profoundly troublesome fashion), or the nation’s top cop really can’t distinguish between law — and that, not even in all states anymore — and ethics.

 

FBI’s Fancy Bear Cyber Structure

/5 Comments/in /by

Back in July, I noted this passage in the latest DOJ IG report on FBI’s cyber prioritization.

According to the FBI, computer intrusion matters Involving national security are the highest priority matters investigated by the FBI Cyber Division. National security computer intrusion matters are intrusions or attempted intrusions into any computer or information system that may compromise the confidentiality, integrity, or availability of critical infrastructure data, components, or systems (e.g., cyber national security incidents or threats to the national Information infrastructure) by or on behalf of a foreign power, or an agent of a to include designated international terrorist groups. [half paragraph redacted]

In FY 2015, to ensure t hat the highest ranked threats are efficiently investigated, the Cyber Division implemented its Cyber Threat Team (CIT) model. A CTT focuses on the investigation of and operations against a specific national security threat. Each CTT is comprised of lead field office, called a Strategic Threat Execution office, up to five field offices assisting in specific aspects of the threat called Tactical Threat Execution offices, and a Cyber Division headquarters threat manager. The CTT bears the responsibility for managing the strategy, operations, and intelligence for its assigned threat. [half paragraph redacted]

The intention of the Cyber Division’s err model is to facilitate the allocation of resources to cyber national security threats, increase efficiency in addressing those threats, and facilitate the development of subject matter expertise within various field offices. Additionally, the CTT model is intended to enable each field office to focus on specific, assigned threats, helping to prevent the previous diffusion of efforts wherein multiple field offices were working the same cyber threat and not coordinating efforts. Prior to the implementation of the err, such overlapping investigations were a great challenge for the FBI. While its field offices each have a territory for which they are responsible, cyber threats are not restricted by geographical boundaries, so a territorial model proved ineffective. Lastly, the err model is intended to assist the FBI in prioritizing and properly allocating resources to each field office based on the threats on which they are assigned to work.

The Cyber Division organizes its headquarters national security intrusion threat operational units geographically, including sections responsible for identifying, pursuing, and defeating cyber adversaries emanating from Asia, Eurasia, and Middle East/Africa. Such geographic delineations of responsibility do not present the same problems at Cyber Division Headquarters, since responsibility for the threats is based on their point or area of origin, and not the multiple U.S. jurisdictions where they might have an impact. The threat operational units coordinate with the errs and with units of the Cyber Intelligence Section, which also are geographically organized and provide actionable intelligence information.

In other words, at both the field office level and at the national level, the FBI’s cyber agents have reorganized around the geography of the threat rather than the geography of the target.

Jim Comey elaborated on this reorganization in a speech on cyber (and back dooring encryption) last week.

The challenge we face today, with a threat that comes at us at the speed of light from anywhere in the world, is that physical place isn’t such a meaningful way to assign work any longer. Where did “it” happen when you’re talking about an intrusion that’s coming out of the other side of the globe, aimed at multiple enterprises either simultaneously or in sequence? That “it” is different than it ever was before.

So we’ve changed the way we’re assigning work. We have now created a Cyber Threat Team model, where we assign the work in the FBI based on ability. Which field office has shown the chops to go after which slice of the threat we face—that stack? And then assign it there.

This does two things for us. It allows us to put the work where the expertise is, and it creates a healthy competition inside the FBI. Everybody wants to be at the front of the list to own important threats that come at us. We assign, in the Cyber Threat Team model, a particular threat. Let’s imagine it’s a particular threat that comes at us from a certain nation-state actor set. We assign that to the Little Rock Division because the Little Rock Division has demonstrated tremendous ability against that threat.

But we’re not fools about important physical manifestations, because that threat is going to touch particular enterprises around the country. And the CEOs of those enterprises and their boards are going to want to know, “Has the FBI been here to talk to us? And what’s the nature of the investigation? And how is it going?” To make sure we accommodate that need, we’re going to allow up to four other offices to help the team that is assigned the threat in Little Rock. If a company is hit in Indianapolis, and one is hit in Seattle, and one is hit in Miami, those field offices will also be able to assist in the investigation, but the lead will be in Little Rock. Then, the air traffic control for all of that to make sure we are not duplicating effort, or sending confusing messages, will come from the Cyber Division at Headquarters.

We’re trying this. We’ve been doing it now for about a year in a half. Seems to be working pretty well. It has set very, very healthy competition inside the FBI, which is good for us. But we’re confronting a challenge and a way of doing work that we’ve never seen before, so we’re eager to get feedback and then iterate as make sense. We want to be humble enough to understand that just as our world has been transformed in our lifetimes, the way in which we do our work is being transformed. We have to be open to changing when it makes sense.

So the Cyber Threat Team model is at the core of our response. Also at the core of our response is a “fly team” of experts that we’ve put together that we call the CAT team—the Cyber Action Team. Just as in terrorism, we have pre-assigned pools of expertise that can jump on an airplane and go anywhere in the world in response to a terrorism threat, we’re building that, and have built, that same capability in respect to cyber, so that, if there is a particular intrusion—let’s say Sony in Los Angeles—we have the talent, the agent talent, the analyst talent, the technical talent, that’s already assigned to the Cyber Action Team that’s ready to deploy at a moment’s notice to literally fly to Los Angeles to support the investigation.

Comey had just defined “the stack” he refers to here as the priority of threats the FBI faces; nation-states, with China, Russia, Iran, and North Korea named, followed by multinational criminal syndicate, followed by “purveyors of ransomware,” followed by hactivists, with terrorists (who Comey says aren’t yet developing a hacking capability) last. This would suggest that this means no ransomware is perpetrated by multinational crime organizations, which would surprise me.

Now, I get the logic of such organization. Not only can network intrusions be launched from anywhere, but they usually hide where they’re launched from. So geographical location, in this scheme, appears to be about holding corporate CEO hands (I guess they get different victim service from the FBI than the rest of us), not investigative venue.

But it also raises a few concerns for me.

Will devolution of cyber lead to more abuse of venue?

First, questions of venue for prosecution. We’ve already seen, with Weev, DOJ prosecuting a hacker (I’m not sure where Weev would be defined in this stack, because he wasn’t doing it for political reasons) in an improper venue because of the nifty precedents there. With Playpen, we’ve got DOJ — before Rule 41 gets rewritten — hacking thousands based off one Eastern District of Virginia magistrate’s warrant.

This dispersed focus would seem to encourage such legally problematic moves.

To the Fancy Bear watchers everything looks like a Fancy Bear

In addition, there’s a potential problem with assigning cases by perceived perpetrator, one that replicates a problem in the private contracting world, where contractors routinely hype the threat of the day (which today is Russia, but which a few years ago was China) because it drove sales.

That is, at some level, FBI appears to be assigning cases based on preliminary evidence to specific CTTs. This seems potentially very problematic from an investigative standpoint, as it answers the question, “whodunnit,” at the beginning of the process, not the end. And that particular CTT has an incentive to keep any big flashy case in its own hands, meaning they’re going to be disinclined to see any other potential actors out there.

Moreover, if a case — say the DNC hack –that could involve multiple intrusions or actors with competing interests gets assigned to the group whose bureaucratic imperative requires it to be just one actor, it is far less likely they’re even going to see the evidence that something more may be going on.

Again, this is just a potential problem, but it could be a very serious one, as it could reverse the investigative model that FBI has traditionally used.

FBI’s 702 activities have been devolved as well and with that devolution undergo less oversight

Finally, this potentially exacerbates a concern I have with how FBI manages Section 702. The most recent batch of Semiannual reports that came out show that more 702-related functions are devolving to FBI Field offices, with one redaction (see italics) suggesting there might be some role involving tasking going on at Field offices. And as this passage from the October 2014 report suggests, ODNI is not monitoring things as closely.

During this reporting period, NSD continued to conduct minimization reviews at FBI field offices in order to review the retention and dissemination decisions made by FBI field office personnel with respect to Section 702-acquired data. As detailed in the attachments to the Attorney General’s Section 707 Report, NSD conducted minimization reviews at sixteen FBI field offices between June 1, 2013, through November 30, 2013 and reviewed [redacted] involving Section 702-tasked facilities.

ODNI participated in one of these reviews,10 and received written summaries regarding any issues discovered in the other reviews. (U//FOUO) NSD’s review of field offices coincided with FBI’s broadening of the use of Section 702-acquired data at these field offices. Although there were isolated instances of noncompliance with the FBI minimization procedures and/or FBI policy, NSD and ODNI found that overall agents understood and were properly applying the requirements of FBI policy and the minimization procedures.11

10 (U) ODNI joins NSD on these reviews when the FBI field offices are located in or within reasonable driving distance of the Washington, D.C. area (e.g., the Washington Field Office and the Baltimore Field Office). During this reporting period, ODNI joined NSD for the Baltimore Field Office review. ODNI plans to continue to accompany NSD during the minimization reviews of the FBI Washington and Baltimore field offices and is continuing to explore the feasibility of joining NSD on reviews of other FBI field offices.

11 (S//NF) NSD’s review found only one instance where U.S. person information was not properly handled as required by the minimization procedures. Specifically, the agent improperly disseminated U.S. person information that did not meet the standard minimization procedures requirement. Although the information reasonably appeared to be foreign intelligence information, it did not seem to have met the requirement that such information shall not be disseminated in a manner that identifies a United States person unless such person’s identity is necessary to understand foreign intelligence information or to assess its importance. In this case, upon NSD’s review, the agent agreed that the disseminated U.S. person identity did not meet the above standard. NSD confirmed that the agent recalled the dissemination and re-issued the dissemination without identifying the U.S. person.

Along with some interesting new redactions in the boilerplate about FBI’s roles in 702, the October 2014 and June 2015 report both include this paragraph:

While prior Joint Assessments provided figures regarding the number of reports FBI had identified as containing minimized Section 702-acquired United States person information, in 2013 FBI transitioned much of its dissemination from FBI Headquarters to FBI field offices. NSD is conducting oversight reviews of FBI field offices use of these disseminations, but because every field office is not reviewed every six months, NSD no longer has comprehensive numbers on the number of disseminations of United States person information made by FBI. FBI does, however, report comparable information on an annual basis to Congress and the FISC pursuant to 50 U.S.C. §1881a(l)(3)(i).

Ummm. We know that the FBI’s numbers on NSLs are bullshit — and FBI doesn’t much care. And when asked about those inaccuracies, FBI told DOJ’s IG,

[T]he FBI told the OIG that while 100 percent accuracy can be a helpful goal, attempting to obtain 100 percent accuracy in the NSL subsystem would create an undue burden without providing corresponding benefits. The FBI also stated that it has taken steps to minimize error to the greatest extent possible.

I’ve even asked ODNI about FBI’s funny NSL numbers, twice, and gotten this response:

¯\_(ツ)_/¯

So we already know that the FBI’s legally mandated reports to Congress on NSL numbers are bogus. Now we learn that FBI has devolved its 702 work to field offices which has led to the discontinuation of one of the key oversight mechanisms on their counting process: an outside check.

That seems like a potentially big oversight loophole.

The Just Right Fear Industry, in 18,000 Words

/5 Comments/in , , , /by

Steven Brill thinks we’re not worried enough about bioterrorism and dirty bombs. He makes that argument even while acknowledging that a dirty bomb attack launched in Washington DC would result in just 50 additional cancer deaths. And curiously, his extensive discussion about germ threats (inspired by a Scooter Libby report, no less!) doesn’t mention that the Russian military is currently struggling to contain an anthrax attack launched by a thawing reindeer.

That’s the problem with Brill’s opus: anthrax attacks only matter if they’re launched by Islamic extremist reindeers, not reindeers weaponized by climate change. (And if you were wondering, although he discusses it at length, Brill doesn’t mention that the 2001 anthrax attack, which was done with anthrax derived from a US lab, has never been solved.)

He makes a similar error when he spends 18 paragraphs focusing on what he (or his editors) dub “cyberterrorism” only to focus on OPM as proof the threat exists and includes this paragraph from Jim Comey admitting terrorists don’t yet have the capabilities to hurt us our Chinese and Russian adversaries do.

For his part, the FBI’s Comey worries more about a cyberterror onslaught directed at the private sector than one directed at the government. “These savages,” he says, “have so far only figured out how to use the internet to proselytize, not to wreak physical damage. What happens when they figure out how to use it to break into a chemical plant, or a blood bank and change the blood types? We know they are trying. And they don’t have to come here to do it.”

Biothreats and hacking are a threat. But it would be sheer idiocy to approach the problem, at this point, as primarily one of terrorism when climate change and nation-state adversaries clearly present a more urgent threat.

But it’s not just Brill who adopts some weird categorization. The article is perhaps most interesting for the really telling things he gets Comey to say, as when he suggests FBI drops investigations when they hear a “wing nut” making bomb threats in a restaurant.

“Think about it from our perspective,” Comey said when I asked about this. “Suppose someone is overheard in a restaurant saying that he wants to blow something up. And someone tells us about it. What should we do? Don’t we need to find out if he was serious? Or was he drunk? The way to do that is to have someone engage him in an undercover way, not show up with a badge and say, ‘What are your thoughts in regard to terrorism?’ ”

“Plenty of times it’s a wing nut or some drunk, and we drop it,” he continued.

I actually think the FBI, as an institution, is better than this. But to have the FBI Director suggest his bureau wouldn’t follow up if someone making bomb threats was deemed a radical but would if they were deemed a Muslim is really telling.

Which gets to the core of the piece. Over the course of the 18,000+ words, Brill admits — and quotes both President Obama and Comey admitting — that what makes terrorism different from the equally lethal attacks by other mentally unstable or “wing nut” types is the fear such attacks elicit.

President Obama described the difference to me this way: “If the perpetrator is a young white male, for instance—as in Tucson, Aurora, and Newtown—it’s widely seen as yet another tragic example of an angry or disturbed person who decided to lash out against his classmates, co-workers, or community. And even as the nation is shaken and mourns, these kinds of shootings don’t typically generate widespread fear. I’d point out that when the shooter or victims are African American, it is often dismissed with a shrug of indifference—as if such violence is somehow endemic to certain communities. In contrast, when the perpetrators are Muslim and seem influenced by terrorist ideologies—as at Fort Hood, the Boston Marathon bombing, San Bernardino, and Orlando—the outrage and fear is much more palpable. And yet, the fact is that Americans are far more likely to be injured or killed by gun violence than a terrorist attack.”

The FBI’s Comey agrees. “That the shooter in San Bernardino said he was doing it in the name of isil changed everything,” he told me. “It generates anxiety that another shooting incident, where the shooter isn’t a terrorist, doesn’t. That may be irrational, but it’s real.”

Nevertheless, all three — even Brill, in a piece where he takes Obama to task for not publicizing his change in dirty bomb response, refers to “deranged people and terrorists” obtaining assault weapons as if they are mutually exclusive categories — seem utterly unaware that part of the solution needs to be to stop capitulating to this fear. Stop treating terrorism as the unique, greatest threat when you know it isn’t. Channel the money being spent on providing tanks to local police departments to replacing lead pipes instead (an idea Brill floats but never endorses). Start treating threats to our infrastructure — both physical and digital — including those caused by weaponized reindeer as the threat they are.

And for chrissakes, don’t waste 18,000 words on a piece that at once scolds for fearmongering even while perpetuating that fear.

Jim Comey, Poker Face, and the Scope of the Clinton Investigation(s)

/36 Comments/in /by

Screen Shot 2016-07-07 at 10.11.04 PMI write this post reluctantly, because I really wish the Hillary investigations would be good and over. But I don’t think they are.

After having watched five and a half hours of the Clinton investigation hearing today, I’ve got new clarity about what the FBI has been doing for the last year. That leads me to believe that this week’s announcement that DOJ will not charge Clinton is simply a pause in the Clinton investigation(s). I believe an investigation will resume shortly (if one is not already ongoing), though that resumed investigation will also end with no charges — for different reasons than this week’s declination.

First, understand how this all came about. After the existence of Hillary’s server became known, State’s IG Steve Linick started an investigation into it, largely focused on whether Hillary (and other Secretaries of State) complied with Federal Records Act obligations. In parallel, as intelligence agencies came to complain about State’s redactions of emails released in FOIA response, the Intelligence Committee Inspector General Charles McCullough intervened in the redaction process and referred Clinton to the FBI regarding whether any classified information had been improperly handed. As reported, State will now resume investigating the classification habits of Hillary and her aides, which will likely lead to several of them losing clearance.

The FBI investigation that ended yesterday only pertained to that referral about classified information. Indeed, over the course of the hearing, Comey revealed that it was narrowly focused, examining the behavior of only Clinton and four or five of her close aides. And it only pertained to that question about mishandling classified information. That’s what the declination was based on: Comey and others’ determination that when Hillary set up her home-brew server, she did not intend to mishandle classified information.

This caused some consternation, early on in the hearing, because Republicans familiar with Clinton aides’ sworn testimony to the committee investigating the email server and Benghazi were confused how Comey could say that Hillary was not cleared to have her own server, but aides had testified to the contrary. But Comey explained it very clearly, and repeatedly. While FBI considered the statements of Clinton aides, they did not review their sworn statements to Congress for truth.

That’s important because the committee was largely asking a different question: whether Clinton used her server to avoid oversight, Federal Record Act requirements, the Benghazi investigation, and FOIA. That’s a question the FBI did not review at all. This all became crystal clear in the last minutes of the Comey testimony.

Chaffetz: Was there any evidence of Hillary Clinton attempting to avoid compliance with the Freedom of Information Act?

Comey: That was not the subject of our criminal investigation so I can’t answer that sitting here.

Chaffetz: It’s a violation of law, is it not?

Comey: Yes, my understanding is there are civil statutes that apply to that. I don’t know of a crimin–

Chaffetz: Let’s put some boundaries on this a little bit — what you didn’t look at. You didn’t look at whether or not there was an intention or reality of non-compliance with the Freedom of Information Act.

Comey: Correct.

Having started down this path, Chaffetz basically confirms what Comey had said a number of times throughout the hearing, that FBI didn’t scrutinize the veracity of testimony to the committee because the committee did not make a perjury referral.

Chaffetz: You did not look at testimony that Hillary Clinton gave in the United States Congress, both the House and the Senate?

Comey: To see whether it was perjurious in some respect?

Chaffetz: Yes.

Comey: No we did not.

[snip]

Comey: Again, I can confirm this but I don’t think we got a referral from Congressional committees, a perjury referral.

Chaffetz: No. It was the Inspector General that initiated this.

Now, let me jump to the punch and predict that OGR will refer at least Hillary’s aides, and maybe Hillary herself, to FBI for lying to Congress. They might even have merit in doing so, as Comey has already said her public claims about being permitted to have her own email (which she repeated to the committee) were not true. Plus, there’s further evidence that Hillary used her own server precisely to maintain control over them (that is, to avoid FOIA).

That said, there are two reasons why Hillary and her aides won’t be prosecuted for lying to Congress: James Clapper and Scott Bloch.

Clapper you all know about. The Director of National Intelligence — unlike Clinton — was not under oath when he spectacularly lied to Ron Wyden. Nor was he referred to DOJ for prosecution. But that recent lie will make FBI hesitate.

DOJ will hesitate even more given the history of Scott Bloch. bmaz has written a slew of posts about this but the short version is that the former Office of Special Counsel lied to this very committee and wiped his hard drive to obscure that fact. He ultimately pled guilty, but when the magistrate handling the case pointed out that the plea carried a minimum one month sentence, Bloch and DOJ went nuts and tried to withdraw his plea. bmaz and a bunch of whistleblowers who had been poorly treated by Bloch went nuts in turn. All to no avail. After DOJ claimed there were secret facts that no one understood, the court agreed to sentence Bloch to just one day in jail.

In other words, to keep one of their own out of jail, DOJ made expansive claims about how unimportant lying to Congress is. Even assuming DOJ would ignore their own recent historical claims about the frivolity of lying to Congress, Hillary’s lawyers could use that precedent to argue that lying to Congress has, effectively, been decriminalized (unilaterally by the Executive Branch!).

So FBI will investigate it. Comey might even refer, this time, for prosecution, because the evidence is actually far stronger that Hillary used her own server to avoid oversight (and that she was less than forthcoming about that to Congress). But that, too, won’t be prosecuted because you basically can’t prosecute lying to Congress after the Bloch case.

Which brings me to the funniest part of this exchange with Chaffetz (which, coming as it did in the last minutes of the hearing, has escaped most notice).

Chaffetz: Did you look at the Clinton Foundation?

Comey: I’m not going to comment on the existence or non-existence of any other investigation.

Chaffetz: Was the Clinton Foundation tied into this investigation?

Comey: I’m not going to answer that.

Understand: Comey had already commented on the existence or non-existence of other investigations, commenting at length on the non-investigation of questions pertaining to FOIA and FRA, even describing how many people (four to five) were subjects of this investigation. Comment on non-existence of investigation, comment on non-existence of investigation, comment on non-existence of investigation.

And for what it’s worth, the Clinton Foundation probably couldn’t have been part of the scope of this, given that this was only focused on four to five people (note, a Clinton Foundation investigation would better explain why FBI gave Brian Pagliano immunity, another topic on which Comey would not comment).

But when asked about the Clinton Foundation, he claimed he couldn’t say. All of a sudden, refusal to comment on existence or non-existence of investigation.

Now, I’m just going to say I don’t think anything will come of that, because I doubt FBI would clear Hillary on one issue but not the related one (plus, given SCOTUS’ ruling in the Bob McDonnell case, it probably became impossible to prosecute any Clinton Foundation violations). But Comey’s answer does make it clear that FBI considers questions about improperly handling classified information, avoiding FOIA and other oversight, lying about avoiding FOIA, and deals made with the Clinton Foundation to be different things.

I think that doesn’t change that Hillary won’t be indicted. But I do think she will continue to be investigated in conjunction with questions about what she did and said to avoid FOIA and other oversight.

Update: This post has been tweaked.

Some Legislative Responses to Clinton’s Email Scandal

/3 Comments/in /by

The Republicans have reverted to their natural “Benghazi witchhunt” form in the wake of Jim Comey’s announcement Tuesday that Hillary Clinton and her aides should not be charged, with Comey scheduled to testify before the House Oversight Committee at 10 AM.

Paul Ryan wrote a letter asking James Clapper to withhold classified briefings from Hillary. And the House Intelligence Committee is even considering a bill to prevent people who have mishandled classified information from getting clearances.

In light of the FBI’s findings, a congressional staffer told The Daily Beast that the House Intelligence Committee is considering legislation that could block security clearances for people who have been found to have mishandled classified information in the past.

It’s not clear how many of Clinton’s aides still have their government security clearances, but such a measure could make it more difficult for them to be renewed, should they come back to serve in a Clinton administration.

“The idea would be to make sure that these rules apply to a very wide range of people in the executive branch,” the staffer said. (Clinton herself would not need a clearance were she to become president.)

It’s nice to see the same Republicans who didn’t make a peep when David Petraeus kept — and still has — his clearance for doing worse than Hillary has finally getting religion on security clearances.

But this circus isn’t really going to make us better governed or safer.

So here are some fixes Congress should consider:

Add some teeth to the Federal/Presidential Records Acts

As I noted on Pacifica, Hillary’s real crime was trying to retain maximal control over her records as Secretary of State — probably best understood as an understandable effort to withhold anything potentially personal combined with a disinterest in full transparency. That effort backfired spectacularly, though, because as a result all of her emails have been released.

Still, every single Administration has had at least a minor email scandal going back to Poppy Bush destroying PROFS notes pertaining to Iran-Contra.

And yet none of those email scandals has ever amounted to anything, and many of them have led to the loss of records that would otherwise be subject to archiving and (for agency employees) FOIA.

So let’s add some teeth to these laws — and lets mandate and fund more rational archiving of covered records. And while we’re at it, let’s ensure that encrypted smart phone apps, like Signal, which diplomats in the field should be using to solve some of the communication problems identified in this Clinton scandal, will actually get archived.

Fix the Espionage Act (and the Computer Fraud and Abuse Act)

Steve Vladeck makes the case for this:

Congress has only amended the Espionage Act in detail on a handful of occasions and not significantly since 1950. All the while, critics have emerged from all corners—the academy, the courts, and within the government—urging Congress to clarify the myriad questions raised by the statute’s vague and overlapping terms, or to simply scrap it and start over. As the CIA’s general counsel told Congress in 1979, the uncertainty surrounding the Espionage Act presented “the worst of both worlds”:

On the one hand the laws stand idle and are not enforced at least in part because their meaning is so obscure, and on the other hand it is likely that the very obscurity of these laws serves to deter perfectly legitimate expression and debate by persons who must be as unsure of their liabilities as I am unsure of their obligations.

In other words, the Espionage Act is at once too broad and not broad enough—and gives the government too much and too little discretion in cases in which individuals mishandle national security secrets, maliciously or otherwise.

To underscore this point, the provision that the government has used to go after those who shared classified information with individuals not entitled to receive it (including Petraeus, Drake, and Manning), codified at 18 U.S.C. § 793(d), makes it a crime if:

Whoever, lawfully having possession of, access to, control over, or being entrusted with any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note relating to the national defense, or information relating to the national defense which information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits or causes to be communicated, delivered, or transmitted … to any person not entitled to receive it, or willfully retains the same and fails to deliver it on demand to the officer or employee of the United States entitled to receive it …

This provision is stunningly broad, and it’s easy to see how, at least as a matter of statutory interpretation, it covers leaking—when government employees (“lawfully having possession” of classified information) share that information with “any person not entitled to receive it.” But note how this doesn’t easily apply to Clinton’s case, as her communications, however unsecured, were generally with staffers who were“entitled to receive” classified information.

Instead, the provision folks have pointed to in her case is the even more strangely worded § 793(f), which makes it a crime for:

Whoever, being entrusted with or having lawful possession or control of [any of the items mentioned in § 793(d)], (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed … fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer …

Obviously, it’s easy to equate Clinton’s “extreme carelessness” with the statute’s “gross negligence.” But look closer: Did Clinton’s carelessness, however extreme, “[permit] … [classified information] to be removed from its proper place of custody or delivered to anyone in violation of [her] trust”? What does that even mean in the context of intangible information discussed over email? The short answer is nobody knows: This provision has virtually never been used at least partly because no one is really sure what it prohibits. It certainly appears to be focused on government employees who dispossess the government of classified material (like a courier who leaves a satchel full of secret documents in a public place). But how much further does it go?

There’s an easy answer here, and it’s to not use Clinton as a test case for an unprecedented prosecution pursuant to an underutilized criminal provision, even if some of us think what she did was a greater sin than the conduct of some who have been charged under the statute. The better way forward is for Congress to do something it’s refused to do for more than 60 years: carefully and comprehensively modernize the Espionage Act, and clarify exactly when it is, and is not, a crime to mishandle classified national security secrets.

Sadly, if Congress were to legislate the Espionage Act now, they might codify the attacks on whistleblowers. But they should not. They should distinguish between selling information to our adversaries and making information public. They should also make it clear that intent matters — because in the key circuit, covering the CIA, the Pentagon, and many contractors, intent hasn’t mattered since the John Kiriakou case.

Eliminate the arbitrariness of the clearance system

But part of that should also involve eliminating the arbitrary nature of the classification system.

I’ve often pointed to how, in the Jeffrey Sterling case, the only evidence he would mishandle classified information was his retention of 30-year old instructions on how to dial a rotary phone, something far less dangerous than what Hillary did.

Equally outrageous, though, is that four of the witnesses who may have testified against Sterling, probably including Bob S who was the key witness, have also mishandled classified information in the past. Those people not only didn’t get prosecuted, but they were permitted to serve as witnesses against Sterling without their own indiscretions being submitted as evidence. As far as we know, none lost their security clearance. Similarly, David Petraeus hasn’t lost his security clearance. But Ashkan Soltani was denied one and therefore can’t work at the White House countering cyberattacks.

Look, the classification system is broken, both because information is over-classified and because maintaining the boundaries between classified and unclassified is too unwieldy. That broken system is then magnified as people’s access to high-paying jobs are subjected to arbitrary review of security clearances. That’s only getting worse as the Intelligence Community ratchets up the Insider Threat program (rather than, say, technical means) to forestall another Manning or Snowden.

The IC has made some progress in recent years in shrinking the universe of people who have security clearances, and the IC is even making moves toward fixing classification. But the clearance system needs to be more transparent to those within it and more just.

Limit the President’s arbitrary authority over classification

Finally, Congress should try to put bounds to the currently arbitrary and unlimited authority Presidents claim over classified information.

As a reminder, the Executive Branch routinely cites the Navy v. Egan precedent to claim unlimited authority over the classified system. They did so when someone (it’s still unclear whether it was Bush or Cheney) authorized Scooter Libby to leak classified information — probably including Valerie Plame’s identity — to Judy Miller. And they did so when telling Vaughn Walker could not require the government to give al Haramain’s lawyers clearance to review the illegal wiretap log they had already seen before handing it over to the court.

And these claims affect Congress’ ability to do their job. The White House used CIA as cover to withhold a great deal of documents implicating the Bush White House in authorizing torture. Then, the White House backed CIA’s efforts to hide unclassified information, like the already-published identities of its torture-approving lawyers, with the release of the Torture Report summary. In his very last congressional speech, Carl Levin complained that he was never able to declassify a document on the Iraq War claims that Mohammed Atta met with a top Iraqi intelligence official in Prague.

This issue will resurface when Hillary, who I presume will still win this election, nominates some of the people involved in this scandal to serve in her White House. While she can nominate implicated aides — Jake Sullivan, Huma Abedin, and Cheryl Mills — for White House positions that require no confirmation (which is what Obama did with John Brennan, who was at that point still tainted by his role in torture), as soon as she names Sullivan to be National Security Advisor, as expected, Congress will complain that he should not have clearance.

She can do so — George Bush did the equivalent (remember he appointed John Poindexter, whose prosecution in relation to the Iran-Contra scandal was overturned on a technicality, to run the Total Information Awareness program).

There’s a very good question whether she should be permitted to do so. Even ignoring the question of whether Sullivan would appropriately treat classified information, it sets a horrible example for clearance holders who would lose their clearances.

But as far as things stand, she could. And that’s a problem.

To be fair, legislating on this issue is dicey, precisely because it will set off a constitutional challenge. But it should happen, if only because the Executive’s claims about Navy v. Egan go beyond what SCOTUS actually said.

Mandate and fund improved communication system

Update, after I posted MK reminded me I meant to include this.

If Congress is serious about this, then they will mandate and fund State to fix their decades-long communications problems.

But they won’t do that. Even 4 years after the Benghazi attack they’ve done little to improve security at State facilities.

Update: One thing that came up in today’s Comey hearing is that the FBI does not routinely tape non-custodial interviews (and fudges even with custodial interviews, even though DOJ passed a policy requiring it). That’s one more thing Congress could legislate! They could pass a simple law requiring FBI to start taping interviews.