Posts

“Lock Him Up!” Trump Calls on Congress to Halt the Criminal Investigation into Joe Biden

Yesterday, four Trump lawyers sent House Intelligence Chair Mike Turner a really risky letter. CNN first reported on the letter.

Boris Epshteyn, who had allegedly been leading Trump’s defense in that investigation, did not sign the letter.

The letter responds to the news that Turner and other Gang of 8 members have recently been given access to the documents found at Donald Trump, Joe Biden, and Mike Pence’s properties.

We understand that DOJ is making the documents marked classified available for your review, and this letter provides the Committee with information that we suspect DOJ has not disclosed to it.

It doesn’t cite its source of information about those reviews, which is one way to obscure that the Gang of 8 actually began to get such access by April 11, two weeks ago.

Since Mike Turner and other Gang of 8 members started reviewing the documents, two things have happened.

First, Joe Biden announced his reelection campaign, without waiting on Special Counsel Robert Hur to report the results of his investigation into Biden for mishandling classified information.

And, about a month after Evan Corcoran testified in a crime-fraud excepted appearance before the grand jury, Boris Epshteyn spent two days last week chatting with Jack Smith’s prosecutors. (Like Epshteyn, Corcoran did not sign this letter, but that’s because his partners forced him to recuse from the investigation after he testified.) Even though Epshteyn has been a likely source for a lot of the press reports on the various investigations into which he has or had visibility, I’m not aware of any report describing his testimony, much less why he testified without any report of a subpoena.

Contemplate the significance of the first item — Biden’s reelection announcement — as you consider the purported point of the letter. Donald Trump — the guy who won the presidency with non-stop chants of “Lock her up!” in 2016 — claims to think that an investigation analogous to the one that targeted Hillary Clinton in 2015 to 2016 is improper.

A legislative solution by Congress is required to prevent the DOJ from continuing to conduct ham-handed criminal investigations of matters that are inherently not criminal.

[snip]

What is consistent in all three of these cases is that the document handling procedures in the White House are flawed and DOJ is not the appropriate agency to conduct investigations pertaining to the mishandling or spillage of classified material.

Conclusion

The solution to these issues is not a misguided, politically infected, and severely botched criminal investigation, but rather a legislative solution. DOJ should be ordered to stand down, and the intelligence community should instead conduct an appropriate investigation and provide a full report to this Committee, as well as your counterparts in the Senate. Armed with the appropriate knowledge, we respectfully suggest that your Committee hold hearings and make legislative changes to:

1. Correct classified document handling procedures in the White House;

2. Standardize document handling and storage procedures for Presidents and Vice Presidents when they leave office; and

3. Formalize procedures for investigations into the mishandling or spillage of classified material, to prevent future situations where DOJ is inappropriately assigned to conduct an investigation.

President Trump’s legal team would be happy to meet with you or your staff to assist in any way necessary to address these issues. Please know that despite the differences in the cases, we do not believe that any of these three matters should be handled by DOJ as a criminal case. Rather, the stakeholders to these matters should set aside political differences and work together to remediate this issue and help to enhance our national security in the process. [my emphasis]

Donald Trump is asking Congress to intervene to halt not just into the investigation into him — and make no mistake, that is what he’s doing. But he’s also asking Congress to halt the investigation into his opponent!

Having won the presidency in 2016 by demanding the investigation into Hillary be more punitive, he’s now asking Congress to halt the investigation into Joe Biden.

Having won the presidency in 2016 by succeeding in highlighting Hillary’s negligence for mishandling classified information, Trump now wants to forego the opportunity to pursue the same approach in 2024.

At the very least, that’s a pretty good sign that he and his lawyers don’t believe their own claims that the known facts about Biden’s mishandling of classified information are worse than the known facts about Trump’s.

4 Of course, we also recently learned from media reports that President Biden possessed
marked documents in a “personal” folder at the Penn-Biden Center – strong evidence
that he intentionally possessed then after he or someone else secretly removed them,
from the Senate SCIF at least 14 years earlier when he was the Senator from Delaware.
We also now know that after DOJ learned about President Biden’s possession of
classified documents at the Penn-Biden Center, it allowed his personal attorneys to
search for and collect documents from his residence in Delaware making the specific
locations of the documents in the residence difficult, and perhaps impossible, to
determine. And, it has since been publicly reported that there could be even more
classified documents in the 1,850 boxes that Mr. Biden shipped to the University of
Delaware in 2012. https://www.cnn.com/2-23/02/15/politics/biden-delawaresearch/index.html. DOJ’s reaction to all of this is stunningly different from how it
responded to President Trump’s offer of cooperation regarding the boxes stored at Mara-Largo. [sic: Trump’s lawyers misspell Mar-a-Lago in several different ways in the letter]

[snip]

When documents were found in President Joseph Biden’s Penn-Biden Center office, despite clear indicators that his violations were more likely the result of willful misconduct, DOJ treated him very differently by forgoing any attempts at manufacturing conflict, while implicitly approving the spoliation of evidence.

The applicable criminal statute prohibits “willful retention” of national defense information, not mere possession. See 18 U.S. § 793 (e). To prove willful retention, a prosecutor must first establish that the possession was knowing. Despite media spin to the contrary, this is the key element that distinguishes President Trump’s retention of documents from that by President Biden. Evidence of knowing possession can be readily inferred from the length of time that President Biden possessed the marked documents since leaving office and the fact that they were moved and stored at multiple locations. In comparison, the materials found at Mar-a-Lago were still stored in the same GSA boxes in which they left the White House, untouched in the relatively short time since the end of President Trump’s term. Perhaps the most damning fact for President Biden is that he possessed marked documents from his time in the Senate—a body that maintains all marked documents in a SCIF, unlike the White House. Further, as you are no doubt aware and as mentioned earlier in this letter, media reports have indicated that classified documents were contained in a folder labeled “personal,”8 which is much more powerful evidence of knowing retention than documents being randomly dispersed into boxes by moving teams.

8 See, e.g., Jamie Gangel et al., “Exclusive: U.S. intelligence materials related to Ukraine, Iran and UK found in Biden’s private office, source tells CNN,” CNN (Jan. 10, 2023), https://www.cnn.com/2023/01/10/politics/biden-classified-documents-iran-ukraineunited-kingdom-beau-funeral/index.html.

There is not a chance in hell that Trump would forgo an opportunity to make this race about Biden’s mishandling of classified information if he really believed that Biden’s “violations were more likely the result of willful misconduct.”

Not a chance in hell!

But then, there’s abundant reason to believe that the four lawyers know they’re blowing smoke (to Congress). Heck, I’m so sure of it I think Mark Warner should invite all four of them to give sworn testimony to the Senate Intelligence Committee.

There are the claims this letter makes that conflict with known testimony, such as that Trump didn’t review any of the documents in the boxes ultimately returned to the Archives.

However, due to other demands on his time, President Trump subsequently directed his staff to ship the boxes to NARA without any review by him or his staff.

There are the claims this letter makes that conflict with known details about the case, such as that, because Trump was too busy starting an insurrection, he didn’t have the ability to send his documents to a GSA-leased facility.

When President Trump left office, there was little time to prepare for the outgoing transition from the presidency. Unlike his three predecessors, each of whom had over four years to prepare for their departure upon completion of their second term, President Trump had a much shorter time to wind up his administration. White House staffers and General Service Administration (“GSA”) employees quickly packed everything into boxes and shipped them to Florida. This was a stark change from the standard preparations made by GSA and National Archives and Records Administration (“NARA”) for prior administrations. As NARA acknowledged in a Press Statement it issued on October 11, 2022:

The National Archives and Records Administration (NARA), in accordance with the Presidential Records Act, assumed physical and legal custody of the Presidential records from the administrations of Barack Obama, George W. Bush, Bill Clinton, George H.W. Bush, and Ronald Reagan, when those Presidents left office. NARA securely moved these records to temporary facilities that NARA leased from the General Services Administration (GSA), near the locations of the future Presidential Libraries that former Presidents built for NARA. All such temporary facilities met strict archival and security standards, and have been managed and staffed exclusively by NARA employees.2

Investigators paid by the lead writer of this letter, Tim Parlatore, found two additional documents with classification marks in what is reportedly a GSA-leased facility in Florida.

Lawyers for Donald Trump found at least two items marked classified after an outside team hired by Trump searched a storage unit in West Palm Beach, Fla., used by the former president, according to people familiar with the matter.

[snip]

Emails released by the General Services Administration, which assists former presidents during their transition to private life, show that the government agency helped rent the storage unit at a private facility in West Palm Beach on July 21, 2021. The unit was needed to store items that had been held at an office in Northern Virginia used by Trump staffers in the months just after he left office.

There’s the claim that DOJ dictated the timing of the June 3 document pick-up, when the record shows Evan Corcoran called FBI and told them to come down the next day.

Ultimately, President Trump’s legal team complied with DOJ’s demands, performing as diligent a search as they could by Mr. Bratt’s arbitrary deadline, and submitted a certification that affirmed the same.

And this letter repeats a bullshit claim that Trump’s lawyers have chanted from the start of his attempts to sucker the press: that the only thing Jay Bratt requested after he had seen the storage room at Mar-a-Lago was to put a lock on the facility.

Although Mr. Corcoran told the DOJ representatives that they were not going to go through boxes together that day, he fully expected DOJ to ask to return to Mar-a-Largo and examine all the boxes. Mr. Bratt reinforced this belief when, five days later, he wrote to Mr. Corcoran requesting that an additional lock be placed on the door. The lock was soon installed, and the boxes kept under lock and key in a facility guarded by armed Secret Service agents.

It’s like Tim Parlatore thinks Mike Turner’s staffers are too stupid to review the unsealed affidavit, which reveals that Bratt’s letter says something else entirely: that the storage facility is not a secure facility authorized to store classified documents.

As I previously indicated to you, Mar-a-Lago does not include a secure location authorized for the storage of classified information. As such, it appears that since the time classified documents (the ones recently provided and any and all others) were removed from the secure facilities at the White House and moved to Mar-a-Lago on or around January 20, 202 1, they have not been handled in an appropriate manner or stored in an approptiate location. Accordingly, we ask that the room at Mar-a-Lago where the documents had been stored be secured and that all of the boxes that were moved from the White House to Mar-a-Lago (along with any other items in that room) be preserved in that room in their current condition until further notice.

Because the staffers that deal with this document have security clearance they surely want to keep, they’ll undoubtedly know that this is a reference to CFR standards for storage, not a request to add an almost certainly non-compliant lock.

And that’s why I think this letter was ill-advised.

These are just the obvious, affirmatively false things in the letter. There’s a whole bunch more that Trump’s lawyers simply ignore, such as the surveillance video showing Trump’s staffers moving boxes out of the storage facility in advance of the search they’re claiming here was a diligent search or the fact that FBI found 70-some classified documents in the storage facility of which Corcoran had claimed to have done a diligent search.

The only way this document could have the desired effect is if Mike Turner likes being lied to, or is so in the tank that — like Richard Burr before him — he’s willing to risk his own legal exposure to obstruct a criminal investigation.

And that’s assuming Warner didn’t subpoena any or all of these lawyers to repeat these farcical claims to Congress under oath.

All that’s before you consider the asymmetry. Trump’s lawyers — just one of whom (they admit) actually has clearance — acknowledge they have no fucking clue what FBI caught Trump hoarding.

Despite our requests to DOJ, it has refused to tell us whether in its judgment any of the documents remain classified. Similarly, DOJ has refused to allow for inspection of the documents at any time during the last eight months despite the fact that one of our attorneys has sufficient clearance to view the majority of the documents marked as classified.

Mike Turner does know.

Trump’s lawyers claim — or rather confess — that among the files he originally had in his beach resort were call briefings with foreign officials, just like the ones hidden from Congress in the first impeachment.

The vast majority of the placeholder inserts refer to briefings for phone calls with foreign leaders that were located near the schedule for those calls.

Again, I can only imagine how stupid Parlatore thinks Turner’s staffers are to confess this.

But even I know that many of the things Trump kept after DOJ subpoenaed them are not similar. Even I know that Trump compiled two classified documents with messages from a pollster, a book author, and a faith leader. And Mike Turner has reviewed these documents and he knows it too. And I know that he knows it.

So unless Mike Turner is totally in the tank for Trump — worse even than Burr was! — this letter risks pissing Turner off.

Last month, before Evan Corcoran was forced to give crime-fraud excepted testimony against Trump and before Boris Epshteyn spent two days chatting with Jack Smith’s prosecutors, Tim Parlatore — lead author of this insulting letter — said the following about Epshteyn’s role in the stolen documents case.

Mr. Epshteyn’s legal role with Mr. Trump, while less often focused on gritty legal details, has been to try to serve as a gatekeeper between the lawyers on the front lines and the former president, who is said to sometimes roll his eyes at the frequency of Mr. Epshteyn’s calls but picks up the phone.

“Boris has access to information and a network that is useful to us,” said one of the team’s lawyers, Timothy Parlatore, whom Mr. Epshteyn hired. “It’s good to have someone who’s a lawyer who is also inside the palace gates.”

Mr. Parlatore suggested that he was not worried that Mr. Epshteyn, like a substantial number of other Trump lawyers, had become at least tangentially embroiled in some of the same investigations on which he was helping to defend Mr. Trump.

“Absent any solid indication that Boris is a target here, I don’t think it affects us,” Mr. Parlatore said.

Neither Corcoran nor Epshteyn signed this letter. It’s not yet clear why Epshteyn didn’t.

And that’s as telling as the embarrassing false claims that it makes.

DOJ Has at Least One Card Left to Play: Congress’ Instinct for Self-Preservation

Last night, Trump and DOJ submitted their competing plans for a Special Master to Judge Aileen Cannon. As I laid out, Trump’s plan is a transparent effort to stall the entire investigation for at least three months, and after that to bottle up documents he stole — those with classified markings and those without — at NARA, where he’ll launch new legal fights in DC to prevent further access.

Judge Cannon has ordered Trump to weigh in on the government’s motion for a partial stay of her order, asking her to permit the investigative team access to any documents marked as classified, by 10AM on Monday. Trump will object for the same insane logic he gave in his Special Master proposal: That if he can get a private citizen Special Master to override the government’s classification determination, then he can declare the documents — even Agency documents that would be government, not Presidential Records — part of his own records at NARA.

Because Trump didn’t share his choices until after close of business day on Friday, both sides also have to inform her what they think of the other’s Special Master suggestions — Barbara Jones (who was Special Master for the review of both Rudy Giuliani’s and Michael Cohen’s devices) and retired George W. Bush appellate judge Thomas Griffith for the government, and retired EDNY and FISC judge Raymond Dearie and GOP partisan lawyer Paul Huck Jr for Trump — on Monday.

Then, if Cannon has not relented on the investigative side for documents marked as classified by Thursday, DOJ will ask for a stay of that part of her decision from the 11th Circuit, pending the rest of their appeal (the scope of which remains unknown and may depend on her other decisions this week).

Cannon’s decision on whether to permit investigators to access the documents marked as classified may provide the government leverage over the Special Master choice, which could create new bases for appeal. None of the choices for Special Master are known to be cleared, much less at the TS/SCI levels that would be needed to review the documents Trump stole, though Dearie, who was on FISC as recently as 2019, surely would be easily cleared as such.

That doesn’t matter for the government’s preferred approach. The Special Master won’t get any known classified document under their approach.

They would, however, under Trump’s approach (which more closely matches Cannon’s current order). And so DOJ will have to agree to give clearance to whatever person ends up as Special Master under the Trump plan.

The same Supreme Court precedent that undergirds all these arguments about classification authority, Navy v. Egan, is specifically a ruling about the Executive’s authority to grant or deny clearances. The government could deny any of the proposed Special Masters clearance — and might well do so, to deny Huck access. Likewise, the government might well deny Trump’s lawyers (at least Evan Corcoran, who is likely either a witness or subject of the obstruction side of the investigation) clearance for such a review as well.

So if Cannon doesn’t grant the government’s motion for a stay, then she effectively gives the government several more levers over her control of the Special Master process.

She probably doesn’t give a damn.

There are two other developments we might expect this week, though.

First, last Wednesday, DOJ asked and Chief Judge Beryl Howell granted permission to unseal the parts of the search warrant affidavit mentioning the same two grand jury subpoenas that she unsealed for mention in DOJ’s response to Trump’s Special Master motion. (I’m looking for the person I owe a hat-tip to this for.) Since receiving that permission, DOJ has not yet gone back to Magistrate Judge Bruce Reinhart to request further unsealing of the affidavit; there’s not even the tell-tale sealed filings in the docket that ended up being prior such requests.

If and when DOJ does ask for further unsealing, it might reveal more information about Trump’s actions — and, importantly for the question of who can be cleared for the Special Master review, Evan Corcoran’s. There are several entirely redacted paragraphs that likely tell what happened in response to the May 11 subpoena. There’s also a likely detailed discussion of the probable cause that Trump — and others — obstructed the investigation, some of which could be unsealed with mention of the surveillance video.

The government response before Cannon didn’t address the evidence of obstruction (or the June 24 subpoena) in much detail. Simply unsealing references of that subpoena in the affidavit might provide more damning information about Trump’s efforts to hide classified documents from DOJ.

More importantly, on Tuesday, the House returns from August recess. It’ll be the first time since the search that both houses of Congress are in town. And in their Motion for a Stay, the government noted (and Judge Cannon did not object) that it did not understand Cannon’s order to prohibit a briefing to “Congressional leaders with intelligence oversight responsibilities.”

5 The government also does not understand the Court’s Order to bar DOJ, FBI, and ODNI from briefing Congressional leaders with intelligence oversight responsibilities regarding the classified records that were recovered. The government similarly does not understand the Order to restrict senior DOJ and FBI officials, who have supervisory responsibilities regarding the criminal investigation, from reviewing those records in preparation for such a briefing.

This seems to telegraph that DOJ plans to brief the Gang of Eight — which includes Nancy Pelosi, Adam Schiff, Kevin McCarthy, Mike Turner, Chuck Schumer, Mark Warner, Mitch McConnell, and Marco Rubio — about what documents Trump stole, possibly this week. Turner and to a lesser degree Rubio have been demanding such a briefing.

And at a minimum, after such a briefing you’d see everyone run to the press and express their opinions about the gravity of Trump’s actions. Because neither DOJ nor Aileen Cannon can prevent these members of Congress from sharing details about these briefings (especially if they’re not classified), you should be unsurprised everyone to provide details of what Trump stole.

That might devolve into a matter of partisan bickering. But two things might moderate such bickering. First, Marco Rubio is on the ballot in November, and Val Demings has already criticized his knee-jerk defense of Trump.

Just as importantly, Mitch McConnell, who badly would like to prevent Democrats from expanding their majority in the Senate and just as badly would like the MAGA Republicans to go away, really doesn’t want to spend the next two months dodging questions about Trump’s crimes.

If not for Trump’s demand for a Special Master, DOJ likely would have put its head down and mentioned nothing of this investigation until after the election. But by demanding one — and by making such unreasonable requests — Trump has ensured that the investigation into his suspected violations of the Espionage Act and obstruction will dominate the news for at least a few more weeks.

Even if DOJ doesn’t brief the Gang of Eight, even if that doesn’t lead to damning new details and recriminations from being made public, the public nature of the Special Master fight will suck all the oxygen out of the next few weeks of campaign season, at least, just as it contributed to Joe Biden enjoying one of the most positive mid-term Augusts for any President in the last half-century.

But if new specifics about Trump’s negligence and efforts to obstruct the investigation are made public, then November’s election will be precisely what Republicans are trying to avoid it being: not just a response to the Dobbs ruling overturning protection for abortion access, but a referendum on the way Republicans have sacrificed American security in their fealty to Donald Trump.

FBI and DHS Aren’t Using the Free Expertise on Right Wing Terrorism While Looking to Pay for It

There was a remarkable moment in the Homeland Security/Rules hearing on January 6 the other day. Krysten Sinema asked whether FBI knew of the conversations on social media where people were openly planning for insurrection. FBI’s Assistant Director for Counterterrorism, Jill Sanborn, explained they did not know of them because the Bureau couldn’t collect on the social media of Americans without a predicated investigation.

Krysten Sinema: Was the FBI aware of these specific conversations on social media?

Jill Sanborn: To my knowledge, no ma’am, and I’ll just sort of articulate why that is. So under our authorities, because, being mindful of the First Amendment and our dual-hatted mission to uphold the Constitution, we cannot collect First Amendment protected activities without, sort of the next step, which is the intent, and so we’d have to have an already-predicated investigation that allowed us access to those comms and/or a lead or a tip or a report from a community citizen or a fellow law enforcement partner for us to gather that information.

Sinema: So the FBI does not monitor publicly-available social media conversations?

Sanborn: Correct, ma’am, it’s not within our authorities.

For what it’s worth, Sanborn’s first comment was about collecting on social media. Sinema then treated that as a limitation on monitoring it (and Sanborn didn’t correct her). Still, Sanborn explained away FBI’s failure to see the insurrection many of the rest of us were seeing develop in real time by saying that discovering it would have required tracking Americans’ protected speech.

A more revealing moment came elsewhere, when Sanborn revealed that just one person who has been arrested in the wake of the attack had already been under investigation. That means, in spite of the Proud Boys’ threat, with Roger Stone, against Amy Berman Jackson two years ago, the FBI didn’t have an enterprise investigation into them (or the Oath Keepers or a range of other extremist organizations involved in the attack). So, because the FBI was not investigating the Proud Boys, the Proud Boys were able to plan an insurrection in plain sight.

That has changed, of course.

Later in the hearing, Mark Warner — citing all the FBI’s warnings in recent years about what a lethal threat white supremacist terrorism is — asked both Sanborn and the woman currently running DHS’ Office of Intelligence and Analysis, Melissa Smislova, what they’re doing to improve things and whether they’re using any of the open source experts out there.

Sanborn talked about working with “partners” (which I took to mean social media companies) and Fusion centers. Smislova revealed that DHS is looking to contract with experts on the topic, rather than read what those experts produce on a regular basis.

Mark Warner: I appreciate Ms. Sanborn’s appropriate response that they not arbitrarily collect off of American citizens if there’s not some nexus, but I do think it’s important, I think others have mentioned this that Domestic Violent Extremists didn’t start with January 6. They didn’t start with Donald Trump. They’re not going to end with January 6. They’re not going to end with Donald Trump. In my state we saw, a few year’s back, the Unite the Right rally at Charlottesville where many of these same groups and affiliations came together in another violent effort where one protestor was killed, we unfortunately lost a couple members of our State Police. Director Wray has repeatedly said in testimony before the Intelligence Committee, the Worldwide Threat Assessment, that Domestic Violent Extremists are a major national security threat to this country. I personally believe that that message was downplayed during the previous Administration because they didn’t want to hear it. I want to start with Ms. Smislova and Assistant Director Sanborn — Director Sanborn it’s great to see you again — is that, recognizing the constraints that are placed upon you in terms of collections, and also acknowledging that this threat has been around for some time. The FBI in particular has acknowledged that it is an extraordinary major severe threat, what have you both been able to do in engaging in open source intelligence and independent research communities to better identify these DVEs. I know in the run-up to the January 6 insurrection there was research done by Harvard’s John Donovan and Elon University’s Megan Squire as well as other researchers that pointed to the fact that these DVEs and affiliated groups, oftentimes groups that are working in conjunction with groups in Europe, were planning this effort. So how are you both, DHS and FBI, utilizing these independent researchers, these open source activities, and making sure we’ve got a better handle on it, recognizing your appropriate constraints on what you can do directly?

Melissa Smislova: Yes, Senator, thank you for the question. We just last week met as, as inside I&A, to discuss contracting with some of those experts outside. We are aware that we need to invest more in our understanding of Domestic Terror, we understand as well that it will require a different approach than a traditional Intelligence Community approach, we must use different sources to understand this threat, we are looking to get outside experts, invest more in-house, we are secondly looking at how to better understand the social media world, so we can better focus on where we might find specific and insightful information about what the adversary is thinking about. We are additionally looking to partner more with our state and local colleagues who we know have a different perspective on this threat and have more information, in some cases, than we do, and we are also, again, partnering more across the department and with our federal partners, increasing our relationships with FBI.

Warner: Ms. Sanborn?

Jill Sanborn: Thank you Senator, nice to see you again as well. I’d sort of say what we’re trying to do, and I’ll put it in three buckets, really, for you. Increasing our private sector is 100%, I have a section just inside my division that does nothing but partner engagement. We have found that the better we educate them on the threat we’re facing and painting a picture for them of what those threats we are, they’re better able to pay attention and collect and refer information to us and that is helpful and that’s when we talk about the fact that 50% of our tips and leads to our cases, or predication for our cases come from that relationship and that education. We’re also, same as my colleague said, using the state and local partners, so we leverage the Fusion centers a lot and their ability and their expertise — and the Orange County Fusion Center is a great example of leading, sort of, the analytics of social media and leveraging their expertise to predicate cases and they were actually behind the predication of the case, The Base, that we disrupted. And then last, I’d say, challenging ourselves for better collection inside, right, trying to point our sources and our collection to be in the right places to collect the intelligence that we need and that is what led to the Norfolk SIR, that is us pointing our collection in a space that gathered that information.

Warner: I have to tell you, respectfully, I’m pretty disappointed with both of your answers. This is not a new threat, we’ve seen since 2016 election how foreign adversaries manipulate social media, hear repeatedly from DHS and FBI that we’re going to get better at collecting. We saw the Unite the Right rally in Charlottesville. We heard people say we’re gonna get better at collecting information and better partnering, neither one of your referenced — there’s literally a host of experts at academia, at organizations like Graphika, and others that are monitoring the DVEs and their activities, oftentimes in their connections to anti-government groups in Europe, again, oftentimes amplified by nations like Russia, and I guess we’re always going to get ready and we’re somehow surprised when we see the kind of chaos that took place on January 6th.

Mark Warner proceeded to chew out both FBI and DHS’s witnesses given that, even after he raised open source expertise available, neither mentioned relying on it.

I hope Warner is paying attention to Huffington Post’s recent reporting. On February 26, relying on the work of some anti-fascist researchers, HuffPo identified Danny Rodriguez as the likely culprit behind the tasing of DC cop Michael Fanone, which led him to suffer a mild heart attack. HuffPo also reported that the FBI had gotten tips IDing Rodriguez in January, but had done nothing to call those who submitted the tips until HuffPo called the Bureau for comment.

The man in the red “MAKE AMERICA GREAT AGAIN” hat seemed to think he was untouchable. He joined the mob as they yelled “HEAVE! HO!” and tried to force their way through a police line into the Capitol building. Once inside, he used a pole to ram against a window, trying to shatter it and bring more people into the Capitol. In the most disturbing footage of all, he was caught on camera appearing to shock D.C. Metropolitan Police Officer Mike Fanone with a stun gun. As rioters push Fanone down the stairs and away from other cops, video shows the man in the red cap pressing a small black device against the officer’s neck. Fanone instantly drops to the ground, swallowed by the mob.

[snip]

His assailant in the red MAGA hat, who has been at large since the insurrection, is 38-year-old Daniel Joseph Rodriguez from Fontana, California, HuffPost can confirm.

Rodriguez, who goes by “Danny” and “DJ,” is well known among Trump supporters in the Los Angeles area as a superfan of the former president. Multiple news outlets have featured him in their coverage of the local pro-Trump movement in recent years, in articles that included his name and photo. He regularly attended the weekly Trump rallies in Beverly Hills last year. He was recognizable there by his dark-rimmed glasses and the many distinctive pins on his hat, which has a big GOP elephant symbol on the brim.

[snip]

Two separate anti-fascist activists ― as well as a third witness who supported Trump and called himself a former friend of Rodriguez ― reviewed footage of the man at the Capitol and told HuffPost they recognized Rodriguez from the California rallies.

The FBI received tips about Rodriguez last month, including one from a man he assaulted on video at a Los Angeles-area rally. But it wasn’t until hours after a HuffPost inquiry to the bureau for this story that the tipster heard from an FBI special agent with questions specifically about a man named “Danny Rodriguez.”

Then, yesterday, HuffPo revealed another case where a researcher sent in a tip only to have no visible response from the FBI. Shortly after January 20, SeditionHunter “Amy” identified Robert Scott Palmer as the guy in an American flag jacket who sprayed a fire extinguisher at cops.

With bright red and white stripes across his body and stars down his sleeves, the man in the American flag jacket and “FLORIDA FOR TRUMP” hat wielded a fire extinguisher while charging the U.S. Capitol on the afternoon of Jan. 6. He shoved his way through the crowd of rioters to the police line, then sprayed officers at close range before chucking the emptied canister at them. By nightfall he himself had been lightly harmed, apparently by a police crowd control munition. He held up his shirt to show off his bruised gut during an interview with a female journalist filming him live as cops pushed the mob back from Capitol grounds. Then he looked straight into her livestreaming device and identified himself as Robert Palmer from Clearwater, Florida.

[snip]

Palmer is now publicly on the FBI’s radar, though not by name. Three photos of him are featured on the bureau’s Capitol violence page, where he’s listed only as “#246 – AFO [Assault on Federal Officer].” But the images didn’t appear there until nearly a month after Amy had already tipped off the FBI about his identity.

#FloridaFlagJacket was used as a hashtag on Twitter less than a week after the Capitol attack, when Trump was still in office. Amy sent in a tip naming Palmer not long after President Joe Biden was inaugurated. His photos were finally added to the FBI database in late February.

It’s not just online researchers whose tips the FBI isn’t moving on quickly. On January 11, someone who knew Peter Schwartz as a felon who had gotten released from prison due to COVID, alerted the FBI that Schwartz had skipped out on his halfway house to attend the rally (the tipster was friends with Schwartz but Schwartz owed him money). The FBI subsequently identified Schwartz as the person who maced some cops.

On January 11, 2021, the FBI National Threat Operations Center (NTOC) received a tip from an individual (hereinafter W-1) who is personally acquainted with SCHWARTZ. In the tip, W-1 reported that “Pete SCHWARTZ” was involved in the Capitol riots. W-1 stated SCHWARTZ is a felon and was released from prison due to COVID-19. W-1 also stated that SCHWARTZ is employed as a traveling welder. According to W-1, SCHWARTZ was supposed to be at a rehabilitation facility in Owensboro, Kentucky on January 6, 2021. However, W-1 saw a picture of SCHWARTZ on the Capitol Building steps that appeared to have been taken on January 6, 2021. As part of the tip, W-1 also provided the Facebook URL for what he claimed was SCHWARTZ’s Facebook page. W-1 did not provide any other photographs, however. Due to the volume of tips provided to the FBI since January 6, 2021 – which stands at over 150,000 as of January 26, 2021 – the FBI was not able to immediately contact W-1 regarding the information that W-1 provided and did not immediately link SCHWARTZ to the individual who repeatedly maced officers at the Capitol.

Schwartz wasn’t arrested until February 4.

Still, that’s less time than these other tips.

The FBI, perhaps justifiably given the flood of data they’re dealing with, seems to value tips from suspects’ direct associates rather than online tipsters. The vast majority of tips they have acted on do come from people who know a suspect directly, often their family or friends or high school classmates.

But many of these researchers have been doing what FBI claims it cannot do (or could not before an insurrection gave them the predicated investigation permitting them to do so): connect the dots from public social media.

Instead, DHS is looking to pay people for the assistance people are trying to give the FBI for free.

Chain of Command: The AWOL Descriptions of the Commander in Chief’s Role in the National Guard Non-Response on January 6

The only formal explanation Trump has offered to describe his role in deploying the National Guard in response to the attack on the Capitol on January 6 came in his impeachment defense. As part of that defense, Bruce Castor pointed to things he claimed happened before Trump’s speech ended. In Castor’s inaccurate portrayal of the timeline, he suggested that the first action Acting Secretary of Defense Christopher Miller took was when, at 1:05 (which Castor said was 11:05), Miller “received open source reports of demonstrator movements to the U.S. Capitol.” He continued to claim that,

At 1:09 PM, US Capitol Police Chief’s Steven Sund called the House and Senate Sergeants at Arms, telling them he wanted an emergency declared and he wanted the National Guard called. The point: given the timeline of events, the criminals at the Capitol were not there to even hear the President’s words. They were more than a mile away engaged in a preplanned assault on this very building.

Admittedly, this was probably no more than an incompetent parroting of the existing timeline released by DOD. It’s possible that Trump’s lawyers didn’t ask him what happened inside the White House that day, because if they did, it would not help their case.

Still: Trump’s own defense claimed that the first that Acting Secretary Miller did in the matter was at 1[1]:05 on January 6.

That’s mighty interesting because there have been two claims that Trump proactively offered up National Guard troops for January 6 in the days beforehand. The first came in a Vanity Fair piece written by a journalist that Trump’s DOD flunkies permitted to embed with them (he requested to do so before the insurrection, but didn’t start his embed until January 12, meaning the claims reported in this article were retrospective). That piece claimed that, the night before the attack, Trump told DOD they would need 10,000 people.

The president, Miller recalled, asked how many troops the Pentagon planned to turn out the following day. “We’re like, ‘We’re going to provide any National Guard support that the District requests,’” Miller responded. “And [Trump] goes, ‘You’re going to need 10,000 people.’ No, I’m not talking bullshit. He said that. And we’re like, ‘Maybe. But you know, someone’s going to have to ask for it.’” At that point Miller remembered the president telling him, “‘You do what you need to do. You do what you need to do.’ He said, ‘You’re going to need 10,000.’ That’s what he said. Swear to God.”

[snip]

“We had talked to [the president] in person the day before, on the phone the day before, and two days before that. We were given clear instructions. We had all our authorizations. We didn’t need to talk to the president. I was talking to [Trump’s chief of staff, Mark] Meadows, nonstop that day.”

[snip]

What did Miller think of the criticism that the Pentagon had dragged its feet in sending in the cavalry? He bristled. “Oh, that is complete horseshit. I gotta tell you, I cannot wait to go to the Hill and have those conversations with senators and representatives.”

[snip]

Miller and Patel both insisted, in separate conversations, that they neither tried nor needed to contact the president on January 6; they had already gotten approval to deploy forces. However, another senior defense official remembered things quite differently, “They couldn’t get through. They tried to call him”—meaning the president.

So according to Acting Secretary of Defense Christopher Miller, Trump had given him “clear instructions” to “do what you need to do,” and had warned him to have thousands of Guardsmen available. Miller said he was speaking non-stop to Mark Meadows, though an anonymous source stated that they tried but failed to get the President on the line.

Long after impeachment and even after his CPAC speech, Trump went to Fox to make the same claim that appeared in Vanity Fair.

Former President Trump told Fox News late Sunday that he expressed concern over the crowd size near the Capitol days before last month’s deadly riots and personally requested 10,000 National Guard troops be deployed in response.

Trump told “The Next Revolution With Steve Hilton” that his team alerted the Department of Defense days before the rally that crowds might be larger than anticipated and 10,000 national guardsmen should be ready to deploy. He said that — from what he understands — the warning was passed along to leaders at the Capitol, including House Speaker Nancy Pelosi — and he heard that the request was rejected because these leaders did not like the optics of 10,000 troops at the Capitol.

“So, you know, that was a big mistake,” he said.

Fox and other Trump mouthpieces have suggested that Nancy Pelosi rejected the Guard. That’s false. According to then Capitol Police Chief Steve Sund, House Sergeant at Arms Paul Irving did.

On Monday, January 4, I approached the two Sergeants at Arms to request the assistance of the National Guard, as I had no authority to do so without an Emergency Declaration by the Capitol Police Board (CPB). My regular interactions with the CPB, outside of our monthly meetings regarding law enforcement matters, were conducted with the House and Senate Sergeant at Arms, the two members of the CPB who have law enforcement experience. I first spoke with the House Sergeant at Arms to request the National Guard. Mr. Irving stated that he was concerned about the “optics” of having National Guard present and didn’t feel that the intelligence supported it. He referred me to the Senate Sergeant at Arms (who is currently the Chair of the CPB) to get his thoughts on the request. I then spoke to Mr. Stenger and again requested the National Guard. Instead of approving the use of the National Guard, however, Mr. Stenger suggested I ask them how quickly we could get support if needed and to “lean forward” in case we had to request assistance on January 6.

Notably, Sund’s request and Irving’s response occurred before the conversation between Miller and Trump purportedly took place the night before the attack (which was far too late to deploy 10,000 people in any case). Moreover, Pelosi, Zoe Lofgren, and Mark Warner, among others, raised concerns about staffing for the day, so it’s not like Democrats weren’t raising the alarm.

Still, over a month after making no such claim as part of his Impeachment defense, Trump and his flunkies want to claim that Trump was proactive about deploying 10,000 people to defend the Capitol against his most ardent supporters.

That’s interesting background to the testimony offered by Robert Salesses, the “Senior Official Performing the Duties of the Assistant Secretary for Homeland Defense and Global Security,” in a joint Rules/Homeland Committee hearing on January 6 yesterday. As several people noted during the hearing, for some reason DOD sent Salesses, who wasn’t involved in the key events on January 6, rather than people like General Walter Piatt or General [Mike’s brother] Charles Flynn — who were on a call with MPD Chief Robert Contee and Sund on January 6 and who have made disputed claims about what occurred, including that Piatt recommended against sending the Guard because of optics. Effectively, Salesses was repeating what others told him, offering no better (indeed, more dated) information than Vanity Fair was able to offer. Salesses apparently called General Piatt the day before and dutifully repeated Piatt’s claim that he did not use the word, “optics,” which DC National Guard Commander General William Walker had just testified did occur.

General Piatt told me yesterday, Senator, that he did not use the word, “optics.”

Salesses then gave more excuses, explaining,

Senator, in fairness to the committee, General Piatt is not a decision-maker. The only decision-makers on the Sixth of January were the Secretary of Defense and the Secretary of the Army Ryan McCarthy. It was a chain of command from the Secretary of Defense to Secretary McCarthy to General Walker. That was the chain of command.

General Walker, the Commander of the DC National Guard, responded by reiterating the response he had gotten from Piatt (and the brother of the guy who had incited many of the insurrectionists) implicitly correcting Salesses about chain of command. The Commander in Chief, of course, is in that chain of command.

Yes, Senator. So the chain of command is the President, the Secretary of Defense, the Secretary of the Army, [points to self] William Walker Commanding General District of Columbia National Guard.

After General Walker described more of the restrictions placed on him ahead of time, including the preapproval before moving a traffic control point from one block to another (which restriction, Walker said, he had never experienced in 19 years) and the issuance of riot gear, Salesses made more excuses (repeating his silence about the role of the President’s role in the chain of command). Remarkably, he described how Ryan McCarthy dithered from 3:04 until 4:10 because shots had been fired at the Capitol.

Salesses: Sir, Secretary Miller wanted to make the decisions on how the National Guard was going to be employed on that day. As you recall, Senator, the spring events, there was a number of things that happened during those events, that Secretary Miller as the Acting Secretary –

Rob Portman: Clearly he wanted to. The question is why? And how unusual. Don’t you think that’s unusual based on your experience at DOD?

Salesses: Senator, there was a lot of things that happened in the spring that the Department was criticized for — Sir, if I could. Civil Disturbance Operations? That authority rests with the Secretary of Defense. So if somebody’s gonna make a decision about employing military members against US citizens in a Civil Disturbance Operation —

Salesses: At 3:04, Secretary Miller made the decision to mobilize the entire National Guard. That meant that he was calling in all the National Guard members that were assigned to the DC National Guard. At 3:40–at 3:04 that decision was made. Between that period of time — between 3:04 and 4:10, basically, Secretary McCarthy had asked for — he wanted to understand, because of the dynamics on the Capitol lawn, with the explosives, obviously shots had been fired, he wanted to understand the employment of how the National Guard was going to be sent to the Capitol: what their missions were going to be, were they going to be clearing buildings, be doing perimeter security, how would they be equipped, he wanted to understand how they were going to be armed because, obviously, shots had been fired. He was asking a lot of questions to understand exactly how they were going to be employed here at the Capitol, and how many National Guard members needed to be deployed to the Capitol.

When asked whether restrictions placed on Walker hampered his defense, yes or no, Salesses again invoked the chain of command, again leaving out the Command-in-Chief.

Senator, General Walker, in fairness to him, can’t respond to a civil defense — a Civil Disturbance Operation without the authority of the Secretary of Defense.

Finally, Salesses explained a further 36-minute delay, from 4:32 until 5:08, when Walker was given approval to move, this way:

Salesses: In fairness to General Walker too, that’s when the Secretary of Defense made the decision, at 4:32. As General Walker has pointed out, cause I’ve seen all the timelines, he was not told that til 5:08.

Roy Blunt: How is that possible, Mr. Salazar [sic], do you think that the decision, in the moment we were in, was made at 4:32 and the person that had to be told wasn’t told for more than a half an hour after the decision.

Salesses: Senator, I think that’s an issue.

It’s not just that the people who were actually involved didn’t show up to explain all this to Congress. It’s not just that there were big gaps in the timeline, or gaps explained by dithering even after DOD learned about explosives and shots fired.

It’s that the guy sent to provide improbable answers seems to have removed the Commander-in-Chief, who was watching all this unfold on TV and now wants credit for proactively telling DOD they would need at least 10,000 people, from the chain of command he used to justify the delay.

That’s all the more striking given that — as Dana Milbank noted — the delay until Miller’s authorization (to say nothing of the 36-minute delay in informing Walker) also meant that DOD did not respond until after Trump had instructed his insurrection to go home.

Curiously, the Pentagon claims Miller’s authorization came at 4:32 — 15 minutes after Trump told his “very special” insurrectionists to “go home in peace.” Was Miller waiting for Trump’s blessing before defending the Capitol?

DOD’s selected witness yesterday said that General Walker couldn’t send the Guard to help protect the Capitol because of the chain of command. But the Commander-in-Chief seems to be AWOL from that chain of command.

Update: On Twitter AP observed that there is a discrepancy between Miller’s 10,000 person claim and Trump’s: Trump says it happened days before January 6, which would place it before Miller’s letter imposing new restrictions on the Guard.

Journalists May Be Most at Risk (as Described) from a Presumed January 6 GeoFence Warrant

On February 22, the Intercept had a thinly sourced story reporting (heavily relying on one “recently retired senior FBI official” whose motive and access weren’t explained and one other even less-defined source) on methods used in the January 6 investigation. It started by describing something unsurprising (some of which had been previously reported): that the FBI was using emergency legal authorities to conduct an investigation in the wake of an insurrection.

Using special emergency powers and other measures, the FBI has collected reams of private cellphone data and communications that go beyond the videos that rioters shared widely on social media, according to two sources with knowledge of the collection effort.

In the hours and days after the Capitol riot, the FBI relied in some cases on emergency orders that do not require court authorization in order to quickly secure actual communications from people who were identified at the crime scene. Investigators have also relied on data “dumps” from cellphone towers in the area to provide a map of who was there, allowing them to trace call records — but not content — from the phones.

From there, the story made conclusions that were not borne out by the evidence presented (which is not to say that such conclusions won’t one day be supported).

In particular, the story suggested that these investigative methods were used to investigate Congress, and likewise suggested that the involvement of Public Integrity prosecutors must mean members of Congress are already the focus of the investigation and further suggesting that the location data collection tied to the investigation of members of Congress.

The cellphone data includes many records from the members of Congress and staff members who were at the Capitol that day to certify President Joe Biden’s election victory.

[snip]

The Justice Department has publicly said that its task force includes senior public corruption officials. That involvement “indicates a focus on public officials, i.e. Capitol Police and members of Congress,” the retired FBI official said.

To make the insinuation, the story misstates the intent of a Sheldon Whitehouse statement aiming to use Congressional authorities to remove coup sympathizers from committees of jurisdiction (and ignores Whitehouse’s earlier statement that calls for the kind of data collection described in the story).

On January 11, Sen. Sheldon Whitehouse, D-R.I., released a statement warning against the Justice Department getting involved in the investigation of the attack, at least regarding members of Congress, asserting that the Senate should oversee the matter.

Thus far, the story seems tailor-made to get Congress — the Republican members of which are already trying to sabotage the investigation — to start tampering with it.

Far down in the story, it also describes the orders used with more specificity — but not yet enough specificity to substantiate the claims made earlier in it.

Federal authorities have used the emergency orders in combination with signed court orders under the so-called pen/trap exception to the Stored Communications Act to try to determine who was present at the time that the Capitol was breached, the source said. In some cases, the Justice Department has used these and other “hybrid” court orders to collect actual content from cellphones, like text messages and other communications, in building cases against the rioters.

At the time I suggested the story’s conclusions went well beyond the evidence included in it. I had several concerns about the story.

First, it didn’t address the granularity of location data collected, explaining whether the data collection focused just on the Capitol building or (as the story claimed) “in the area” generally. The Capitol is, according to multiple experts, incredibly wired up, meaning that one can obtain a great deal of data specific to the Capitol building itself. That matters here, because as soon as Trump insurrectionists entered the Capitol building, they committed the trespass crimes charged against virtually all the defendants. And the people legally in the Capitol that day were largely victims and/or law enforcement. It’s not an exaggeration to say that anyone collected off location collection narrowly targeted to the Capitol building itself is either a criminal, a witness, or a victim (and often some mix of the three).

If location collection was focused on the Capitol building itself (we don’t know whether it was or not, and the reports of collection aiming to the find the person who left pipe-bombs in the neighborhood on January 5 do pose real cause for concern), it mitigates some of the concerns normally raised by the use of IMSI-catchers at public events and protests, which is that such location collection would include a large number of people who were just engaging in protected speech, as many of the people outside the Capitol were. Similarly, unlike with most geofence warrants or tower dumps, which are used to find possible leads for a crime, here, FBI had an overwhelming list of suspects from its mass of tips and video evidence already: it wasn’t relying on location data to find suspects. Plus, with normal geofence warrants and tower dumps, the vast majority of the data obtained comes from uninvolved people, posing a risk that those unrelated people could become false positives who, as a result, would get investigated closely. Here, again, anyone collected from location data inside the Capitol was by definition associated with the crime, either as witness, victim, or perpetrator.

Finally, the story not only didn’t rely on, but showed little familiarity with the hundreds of arrest affidavits released so far, which provide some explanation (albeit undoubtedly parallel constructed) for how the FBI built cases against those hundreds of people.

Well before The Intercept article was written, there were a few interesting techniques revealed in the affidavits. Perhaps the most interesting (and not specifically covered in The Intercept article, unless as a hybrid order) described identifying Christopher Spencer from the livestreams on Facebook he posted from inside the Capitol.

The government received information as part of a search warrant return that Facebook UID 100047172724820 was livestreaming video in the Capitol during these events. The government also received subscriber information for Facebook UID 100047172724820 in response to legal process served on Facebook. Facebook UID 100047172724820 is registered to Chris Spencer (“SPENCER”). SPENCER provided subscriber information, including a date of birth; current city/state, and a phone number to Facebook to create the account.

[snip]

The government received three livestream videos from SPENCER’s Facebook UID 100047172724820 as part of a search warrant return. At different times during the videos, Spencer either used the rear facing camera to show himself talking, or turned the phone toward his face. Your affiant would note that the camera is capturing a reversed image of SPENCER in two of these sections of video as evidenced by the text on SPENCER’s hat. As such, reversed images are also provided below the original screenshot [my emphasis]

The first mention of the Facebook return appears before a paragraph describing an associate of Spencer’s who had seen the videos and recognized his wife, and the later paragraph describes the associate sharing a phone number for Spencer that the FBI seemed to have already received from Facebook. As written (and this structure is matched in the affidavit for Spencer’s wife, Jenny) the narrative may indicate that the FBI obtained the Facebook return before the tip and identified Spencer from the Facebook return even before receiving the tip. This is one of the strongest pieces of evidence that the FBI used data obtained from location-based collection in the Capitol from any social media source to identify an unknown subject. But, as described, it also has some protections built in. The data was obtained with a warrant, not PRTT or d-order. That means the FBI would have had to show probable cause to obtain the content (but, for the reasons I explained above, most people in the Capitol live-streaming were committing a crime). There’s also no indication here that this video was privately posted (though with a warrant the FBI would be able to obtain such videos).

All this is a read of what this paragraph might suggest about data collection. It doesn’t describe whether the data was obtained via a particularized warrant (targeting just Spencer), or whether the FBI asked Facebook to provide all live-streaming posted from within the Capitol during the insurrection (there are other early affidavits that targeted the content of Facebook via individualized warrants). In Spencer’s case, I suspect it’s the latter (there’s nothing that remarkable about Spencer’s video, except he was outside Speaker Pelosi’s office). Even so, for most people, posting from inside the Capitol during the insurrection would amount to probable cause the person was trespassing.

Even before The Intercept piece was posted I had also pointed to the affidavit for the Kansas cell of the Proud Boys. It uses location data to place one after another of the suspects “in or around” the Capitol during the insurrection: cell site data showed that the phones of Christopher Kuehne, Louis Colon, Felicia Konold were “in or around” the Capitol during the insurrection. That of Cory Konold, Felicia’s brother, was not shown to be, but,

Lawfully-obtained cell site records indicated that the FELICIA KONOLD cell called a number associated with CORY KONOLD while in or around the Capitol on January 6, 2021.

The most interesting detail in that affidavit pertained to William Chrestman. His phone wasn’t IDed off a cell site. Rather, it was IDed by connecting to Google services “in or around” the Capitol.

According to records produced by CHRESTMAN’s wireless cell phone provider in response to legal process, CHRESTMAN is listed as the owner of a cell phone number (“CHRESTMAN cell”). Lawfully-obtained Google records show that a Google account associated with the CHRESTMAN cell number was connected to Google services and was present in or around the U.S. Capitol on January 6, 2021.

A more recent document — the complaint against the southern Oath Keepers obtained on February 11 but unsealed long after that — describes the phones of those suspects in an area “includ[ing]” (but not necessarily limited to) the interior of the Capitol.

having utilized a cell site consistent with providing service to the geographic area that includes the interior of the United States Capitol building.

Unlike Spencer, the use of location data in the Proud Boys and Oath Keeper complaints seems to be used to establish probable cause. In both the militia group cases, the individuals appear to have been identified via different means (unsurprisingly, given their flamboyantly coordinated actions), with the location data being used in the affidavit to flesh out probable cause. (Undoubtedly, the FBI exploited this information far more thoroughly in an effort to map out other co-conspirators, but it is equally without doubt that the FBI had adequate probable cause to do so.)

The other day, DOJ unsealed an affidavit — that of Jeremy Groseclose — that provides more detail about the location collection at the Capitol. The FBI describes identifying Groseclose off of two tips, both on January 7, from people who had seen him post about being in the Capitol on Facebook (and in one case, remove his Facebook posts after he posted them).

Groseclose wore a gas mask for much of the time he was inside the Capitol (though wore the same clothes as he had outside), which undoubtedly made it more difficult to prove he was the person illegally inside the Capitol preventing cops from ousting the rioters.

The FBI affidavit describes times when Groseclose appears on security footage from inside the Capitol without the gas mask, but doesn’t include it. To substantiate his presence in the Capitol, the FBI included three paragraphs describing what must be a Google geofence warrant showing the device identifiers for everyone within a certain geographic area.

According to records obtained through a search warrant served on Google, a mobile device associated with [my redaction]@gmail.com was present at the U.S. Capitol on January 6, 2021. Google estimates device location using sources including GPS data and information about nearby Wi-Fi access points and Bluetooth beacons. This location data varies in its accuracy, depending on the source(s) of the data. As a result, Google assigns a “maps display radius” for each location data point. Thus, where Google estimates that its location data is accurate to within 10 meters, Google assigns a “maps display radius” of 10 meters to the location data point. Finally, Google reports that its “maps display radius” reflects the actual location of the covered device approximately 68% of the time. In this case, Google location data shows that a device associated with [my redaction]@gmail.com was within the U.S. Capitol at coordinates associated with the center of the Capitol Building, which I know includes the Rotunda, at 2:56 p.m. Google records show that the “maps display radius” for this location data was 34 meters.

Law enforcement officers, to the best of their ability, have compiled a list (the “Exclusion List”) of any Identification Numbers, related devices, and information related to individuals who were authorized to be inside the U.S. Capitol during the events of January 6, 2021, described above. Such authorized individuals include: Congressional Members and Staffers, responding law enforcement agents and officers, Secret Service Protectees, otherwise authorized governmental employees, and responding medical staff. The mobile device associated with [my redaction]@gmail.com is not on the Exclusion List. Accordingly, I believe that the individual possessing this device was not authorized to be within the U.S. Capitol Building on January 6, 2021. Furthermore, surveillance footage from the Rotunda, time-stamped within a minute of 2:56 p.m., shows GROSECLOSE, in his distinctive clothing, using his cell phone in an apparent attempt to take a picture.

Records provided by Google revealed that the mobile device associated with [my redaction]@gmail.com belonged to a Google account registered in the name of “Jeremy Groseclose.” The Google account also lists a recovery SMS phone number that matches [my redaction]. The recovery email address for this account appears to be in the name of GROSECLOSE’s significant other, with whom he has two children in common. Additionally, I have reviewed subscriber records from U.S. Cellular, related to the phone number [my redaction]. This number, along with another, are connected to an account in the name of GROSECLOSE’s significant other. The billing address for this account is [my redaction]. One of GROSECLOSE’s neighbors identified [my redaction] as GROSECLOSE’s address.

This seems to confirm that FBI obtained a geofence warrant from Google, but — at least as described — it was focused on those at the Capitol, perhaps focused on the Rotunda and anything 100 feet from it. This is the kind of granularity that will exclude most uninvolved people. They may have used it (or included it in the affidavit) because by wearing a gas mask, Groseclose made it difficult to show his face in the existing film of the attack.

The affidavit suggests that the Google geofence relied not just on GPS data of users’ phones, but also Wi-Fi access points (there’s another affidavit where the suspect’s phone triggered the Capitol Wi-Fi) and Bluetooth beacons. Again, given how wired the Capitol is, this would offer a granularity to the data that wouldn’t exist in most geofence warrants.

Finally, and most interestingly, this affidavit (obtained on the same day as the The Intercept story and so presumably after the Intercept called for comment) describes that the FBI has an “Exclusion List” of everyone who had a known legal right to be in the Capitol that day. That suggests that, after such time as the FBI completed this list, they could identify which of those present in the Capitol were probably there illegally.

There are concerns about FBI putting together a list like this. After all, Members of Congress might have good Separation of Power reasons to want to keep their personal phone numbers private. That said, there’s reason to believe that the FBI has used this method of separating out congressional identifiers and creating a white list in the past (including with the Section 215 phone dragnet), with congressional approval.

The concern arises in FBI’s definition of how it describes those legally present:

  • Members of Congress
  • Congressional staffers
  • Law enforcement responding to the insurrection (as distinct from law enforcement joining in it)
  • Secret Service Protectees (AKA, Mike Pence and his family)
  • Other government employees (like custodial staff)
  • Medical staff

Not on this list? Journalists, not even those journalists holding valid congressional credentials covering the vote certification.

Already, there have been several cases where suspects have claimed to be present as media, only to be charged both because of their comments while present and the fact that they don’t have congressional credentials. Three are:

  • Provocateur John Sullivan, who filmed the riot and sold the footage to multiple media outlets and “claimed to be an activist and journalist that filmed protests and riots, but admitted that he did not have any press credentials.”
  • Nick DeCarlo, who told the LA Times he and Nicholas Ochs were there as journalists but who FBI noted, “is not listed as a credentialed reporter with the House Periodical Press Gallery or the U.S. Senate Press Gallery, the organizations that credential Congressional correspondents.”
  • Brian McCreary, who on his own sent the video he took on his phone while inside the Capitol, but who later admitted to the FBI that entering the Capitol “might not have been legal” and also described admitting to cops present that he was not a member of the media.

If the FBI is going to use official credentials to distinguish journalists from trespassers, then it could also use those credentialing lists to white list journalists present at the Capitol. But to do that, the journalists in question would have to be willing to share identifying information for all the devices that were turned on at the Capitol, something they might have good reasons not to want to do.

Plus, I suspect there are a number of journalists without Congressional credentials who were covering the events outside the Capitol and, as the rally turned into a riot, entered the Capitol to cover it. Those journalists risked their lives and provided some of the most important early information about the riot and did so in ways that in no way glorified it. But in doing so, their devices may be in an FBI database relating to the attack.

There is clear evidence that the FBI obtained location data from the Capitol as part of its investigation, including Google and almost certainly Facebook. Thus far, the available evidence suggests that the ability to target that collection narrowly limits the typical concerns about tower dumps and geofence warrants (again, any similar data collection outside the Capitol in an effort to find the person who left the pipe bombs is another issue). Moreover, almost all those legal present in the Capitol appear to be whitelisted.

But not all. And the exception, journalists, include those who have the most at stake not having their devices identified and investigated by the FBI.

All that said, perhaps a similarly controversial question pertains to preservation orders. The Intercept describes a letter from Mark Warner calling on carriers to preserve data (and rightly questioning his legal authority to make such a request), then suggests the carriers have done so on their own.

Some of the telecommunications providers questioned whether Warner has the authority to make such a request, but a number of them appear to have been preserving data from the event anyway because of the large scale of violence, the source said.

The story doesn’t consider the — by far — most likely explanation, which is that FBI served very broad preservation orders on social media companies (though some key ones, such as Facebook, would keep data for a period even after insurrectionists attempted to delete it in the days after the attack as normal practice). In any case, broad preservation orders on social media companies would be solidly within existing precedent. But I suspect it may be one of the more interesting legal questions that will come out of this investigation.

Update March 7: Added McCreary.

As Richard Burr Rushes to Release Volume Five of SSCI’s Russian Investigation, the FBI Closes In

Update: As I was posting this, reports that Burr is stepping down as Chair of SSCI came out.

The LAT has a big scoop revealing that the FBI seized Richard Burr’s cell phone yesterday, having gotten a probable cause warrant incorporating information they obtained via a search of his iCloud.

Federal agents seized a cellphone belonging to a prominent Republican senator on Wednesday night as part of the Justice Department’s investigation into controversial stock trades he made as the novel coronavirus first struck the U.S., a law enforcement official said.

[snip]

Such a warrant being served on a sitting U.S. senator would require approval from the highest ranks of the Justice Department and is a step that would not be taken lightly. Kerri Kupec, a Justice Department spokeswoman, declined to comment.

A second law enforcement official said FBI agents served a warrant in recent days on Apple to obtain information from Burr’s iCloud account and said agents used data obtained from the California-based company as part of the evidence used to obtain the warrant for the senator’s phone.

[snip]

The same day Burr sold his stocks, Burr’s brother-in-law, Gerald Fauth, sold between $97,000 and $280,000 worth of six stocks, according to documents filed with the Office of Government Ethics. Fauth serves on the National Mediation Board, which provides mediation for labor disputes in the aviation and rail industries.

Burr has denied coordinating trading with his brother-in-law.

Given the progression from an iCloud warrant to the warrant for the cell phone, it’s likely the FBI is seeking out texts between Burr and his brother-in-law around the time of the stock sales. (The FBI often access iCloud to find out what apps someone has accessed, obtains a pen register to identify communications of interest using that app, then seizes the phone to get those encrypted communications.)

The public evidence again Burr is quite damning, so there’s no question that this is a properly predicated investigation.

Still, coming from a DOJ that has gone to great lengths to protect other looting (and has not taken similar public steps against Kelly Loeffler), the move does raise questions.

Particularly given the focus that Richard Burr gave, during the John Ratcliffe confirmation hearing, to getting the final volume of the SSCI Report on 2016 declassified and released by August.

Richard Burr: Congressman, over the course of the last three years this committee has issued four reports about Russia’s meddling in our elections covering Russia’s intrusions into state election systems, their use of social media to attempt to influence the election, and. most recently confirming the findings of the 2017 Intelligence Community Assessment. While being mindful of the fact that we’re, um, in an unclassified setting, what are your views on Russia’s meddling in our elections?

John Ratcliffe: Chairman, my views are that Russia meddled or interfered with Active Measures in 2016, they interfered in 2018, they will attempt to do so in 2018 [sic]. They have a goal of sowing discord, and they have been successful in sowing discord. Fortunately, based on the work–the good work of this committee, we know that they may have been successful in that regard but they have not been successful in changing votes or the outcome of any election. The Intelligence Community, as you know, plays a vital role on insuring we have safe, secure, and credible elections and that every vote cast by every American is done so properly and counted properly.

Burr: Will you commit to bringing information about threats to the election infrastructure and about foreign governments’ efforts to influence to Congress so we’re fully and currently informed?

Ratcliffe: I will.

Burr; Will you commit to testify at this committee’s annual worldwide threats hearing?

Ratcliffe: I will.

Burr: And last question, over the last three years we have issued four reports. Number five is finished. Number five will go for declassification. Do we have your commitment as DNI that you would expeditiously go through the declassification process?

Ratcliffe: You do.

Burr: Senator Warner.

Mark Warner: Thank you Mr. Chairman. You actually took some of my questions.

Burr: My eyesight is good.

Warner: Mr. Ratcliffe, good to see you again and I appreciated our time, um, um, last Friday. I want to follow-up on a couple of the Chairman’s questions first. As we discussed, we’re … Volume Five, and so far our first four volumes have all been unanimous. Or maybe with the exception of one dissenting vote. If we get this document to the ODNI we need your commitment not only that we do it expeditiously, but as much as possible to get that Volume Five reviewed, redacted, and released, ideally before the August, the August recess. Now, I know you’ve not seen the report yet. All I would ask is, aspirationally that you commit to that goal, because I think as we discussed, to have a document that could be [big pause] potentially significant come out in the midst of a presidential campaign isn’t good or fair on either side. So if I could clarify a bit, recognizing that you’ve not seen the document is a thousand pages, that you’d try to get this cleared prior to August.

Ratcliffe: Vice Chairman, I would again, commit that I would work with you to get that as expeditiously as possible.

During the 2018 election, Burr had — at a time when the committee assuredly did not have the ability to rule it out — twice said there was no evidence of “collusion.” Burr has made no such claims recently.

Even just the Roger Stone disclosures from his trial make it clear “collusion” happened, and that’s ignoring the ongoing Foreign Agent investigation involving Stone. And the Intelligence Committees have been briefed on the existence of — and possibly some details about — either that or other ongoing investigations.

If Richard Burr is prepping to reverse his prior public comments about “collusion,” it might explain why the Bill Barr DOJ, which has stopped hiding that it is an instrument used to enforce political loyalty to Trump, would more aggressively investigate Burr than others.

Again, there’s no question that this is a properly predicated investigation. But in the Barr DOJ, properly predicated investigations about political allies of Trump all get quashed. This one has, instead, been aggressively and overtly pursued.

Ric Grenell Declassified George Papadopoulos’ Brags about Fucking Older Women, but Not about Befriending Sergey Millian

In the name of exposing “FISA abuse,” Lindsey Graham got Ric Grenell to declassify details of George Papadopoulos bragging about fucking a woman who was 42.

CT: I was banging a 42-year-old. That’s the oldest I ever went. And she was the best sex I ever had in my life.

CHS: You know you can’t, uh, knock down them…

CT: But 42, that’s like borderline old, you know.

But Grenell left what DOJ IG treated as a reference to Sergey Millian living in Brooklyn classified (see page 66).

Grenell did so even though this reference to “Sergey” has already been formally declassified, for the DOJ IG Report (though I would argue that in places DOJ IG’s transcriptions are not always fair descriptions of what the transcripts show).

Papadopoulos did not say much about Russia during the first conversation with Source 3, other than to mention a “friend Sergey … [who] lives in … Brooklyn,” and invite Source 3 to travel with Papadopoulos to Russia in the summertime.

Perhaps this just stems from bureaucratic incompetence. But the Trump Administration made a fairly aggressive decision to declassify details about Sergey Millian for the DOJ IG Report because it served their narrative about Christopher Steele. But when it came time to claim–abundant evidence in the transcripts to the contrary–that George Papadopoulos wasn’t an obvious subject for a counterintelligence investigation, the Trump Administration treated one of the most damning details as classified.

This matters, because the frothy right has been ginning up a scandal over the delayed release of the House Intelligence transcripts, and the fact that, having been told everything is ready, Adam Schiff is taking a few days to review what Grenell has done to ensure the integrity of the redactions. They’re doing so even as both Mark Warner and Richard Burr spent the beginning of John Ratcliffe’s confirmation making sure the declassification of their report on the Russian operation would be quick and non-partisan.

But we’ve already got hints that Grenell is politicizing the declassification process. In a 90-page transcript, he redacted the detail that most undermined the frothy right narrative.

After Years of Squealing about “FISA Abuse,” Trump’s DNI Nominee Won’t Rule Out Warrantless Wiretapping

As I noted earlier, in his confirmation hearing to be Director of National Intelligence, John Ratcliffe made it crystal clear he will lie to protect Trump by stating that he believed Trump has always accurately conveyed the threat of COVID-19.

Ratcliffe made some other alarming comments. For example:

  • He repeatedly said that Russia had not changed any votes in 2016. The Intelligence Community did not review that issue and Ratcliffe has no basis to make that claim.
  • Ratcliffe also repeatedly refused to back SSCI’s unanimous conclusion that Russia intervened to help Trump.
  • He dodged when Warner asked him to promise to brief the committee even if Russia were trying to help Trump.
  • When asked whether he supported Inspectors General, Ratcliffe said that he supported Michael Horowitz when others attacked him but then suggested he disagreed with Horowitz’ “opinion,” making it clear he does not accept Horowitz’ conclusions that he found no evidence that bias affected the investigation into Trump’s flunkies.
  • Ratcliffe claimed he didn’t have enough information to address Michael Atkinson’s firing.
  • When Dianne Feinstein read his quotes about the Ukraine whistleblower to him, Ratcliffe pretended those quotes were about something they weren’t.
  • He might not provide intelligence on COVID-19 that showed how Trump blew it off.
  • He suggested that if only the IC had reviewed open source data, they might have warned of the dangers of COVID-19, which they did warn of using both OSINT and classified intelligence.
  • He refused to answer whether he thought there was a Deep State in the IC, and later suggested a few members of the IC were Deep State.
  • Ratcliffe refused to agree to release a report showing that Mohammed bin Salman had Jamal Khashoggi executed and chopped into bits, as required by last year’s Defense Authorization. He suggested that it might have been properly classified; as DNI, he would be the Original Classification Authority to make that decision.
  • He refused to answer clearly on whether Trump’s policies on North Korea and Iran have worked.
  • He later suggested he might not share intelligence if it were too sensitive, again ignoring that as OCA he gets to decide whether it’s really classified.
  • After saying he would appear for a Global Threats hearing, he then dodged when later asked whether he would appear before the committee generally.

Ratcliffe made several comments to make it clear he would side with expansive Unitary Executive interpretations holding that:

  • There are limits to whistleblower protection.
  • If torture were deemed legal it would okay to do it.
  • The executive can use warrantless wiretapping.

There were a few additional hints about stuff going on right now:

  • Mark Warner said that intelligence professionals have been pressured to limit information they share with Congress.
  • Warner also said that Ric Grenell was undermining the IC’s election security group.
  • Both Warner and Richard Burr seemed concerned that the DNI would not declassify their 1000-page Volume V of their Report on Russia’s 2016 election interference (I’m not sure whether this assess the Steele dossier or lays out whether and how Trump “colluded” during 2016).
  • Martin Heinrich made it clear that Grenell is reorganizing the IC, without any consultation or approval from Congress.

It’s not just unqualified, he’s a sycophant. But it seems like there’s so much that Grenell is already screwing up, Republicans on the committee, at least, prefer Ratcliffe.

Update: Here are Ratcliffe’s Questions for the Record. They’re particularly troubling on sharing with Congress.

He twice refused to say that he wouldn’t impose loyalty tests.

QUESTION 39: Personnel decisions can affect analytic integrity and objectivity. A. Would you consider an individual’s personal political preferences, to include “loyalty” to the President, in making a decision to hire, fire, or promote an individual?

Answer: Personnel decisions should be based on qualifications, skills, merit, and other standards which demonstrate the ability, dedication and integrity required to support the central IC mission of providing unvarnished intelligence to policymakers.

B. Do you commit to exclusively consider professional qualifications in IC personnel decisions, without consideration of partisan or political factors?

Answer: Personnel decisions should be based on qualifications, skills, merit, and other standards that demonstrate the ability, dedication and integrity required to support the central IC mission of providing unvarnished intelligence to policymakers.

He refused to promise to keep the Election Threats Executive Office open.

QUESTION 45: Would you commit to keep the Election Threats Executive Office in place to ensure continuity of efforts, and build on the successes of the 2018 midterms?

Answer: If confirmed, I will work with IC leaders and ODNI officials to ensure the IC is well-positioned to address the election security threats facing our Nation.

He refused to promise to notify Congress if Russia starts helping Trump again.

QUESTION 53: Do you commit to immediately notifying policymakers and the public of Russian attempts to meddle in U.S. democratic processes, to include our elections?

Answer: If confirmed, I would work with the Committee to accommodate its legitimate oversight needs while safeguarding the confidentiality interests of the Executive Branch, including the protection from unauthorized disclosure of classified intelligence sources and methods

He suggested he had no problem with Section 215 being used to access someone’s browsing records.

QUESTION 7: Do you believe that Section 215 of the USA PATRIOT Act should be used to collect Americans’ web browsing and internet search history? If yes, do you believe there are or should be any limitations to “digital tracking” of Americans without a warrant, in terms of length of time, the amount of information collected, or the nature of the information collected (e.g., whether particular kinds of websites raise special privacy concerns)?

Answer: I believe it is important for the Intelligence Community to use its authorities appropriately against valid intelligence targets. The amendments to Title V of FISA made by Section 215 of the USA PATRIOT Act expired on March 15, 2020 and, to date, have not been reauthorized.

Ratcliffe dodged several questions about whether FISA was exclusive means to collect

Extra-Statutory Collection

QUESTION 9: Title 50, section 1812 provides for exclusive means by which electronic surveillance and interception of certain communications may be conducted. Do you agree that this provision of law is binding on the President?

Answer: If confirmed, I would work with the Attorney General to ensure that IC activities are carried out in accordance with the Constitution and applicable federal law.

QUESTION 10: Do you believe that the intelligence surveillance and collection activities covered by FISA can be conducted outside the FISA framework? If yes, please specify which intelligence surveillance and collection activities, the limits (if any) on extra-statutory collection activities, and the legal authorities you believe would authorize those activities.

Answer: If confirmed, I would work with the Attorney General and the heads of IC elements, as well as the General Counsels throughout the IC, to ensure that intelligence activities are conducted in accordance with the Constitution and applicable federal law. As set forth in Section 112 of FISA, with limited exceptions, FISA constitutes the exclusive statutory means by which electronic surveillance, as defined in FISA, and the interception of domestic wire, oral, or electric communications for foreign intelligence purposes may be conducted.

QUESTION 11: What would you do if the IC was requested or directed to conduct such collection activities outside the FISA framework? Would you notify the full congressional intelligence activities?

Answer: Consistent with the requirements of the National Security Act, I would keep the congressional intelligence committees informed of the intelligence activities of the United States, including any illegal intelligence activities. As you know, not all intelligence activities are governed by FISA.

If confirmed, I would work with the Attorney General and the heads of IC elements, as well as the General Counsels throughout the IC, to ensure that intelligence activities are conducted in accordance with the Constitution and applicable federal law.

Senator Wyden asked a question about the IC purchasing stuff they otherwise would need a warrant for.

QUESTION 12: Do you believe the IC can purchase information related to U.S. persons if the compelled production of that information would be covered by FISA? If yes, what rules and guidelines would apply to the type and quantity of the information purchased and to the use, retention and dissemination of that information? Should the congressional intelligence committees be briefed on any such collection activities?

Answer: Elements of the IC are authorized to collect, retain, or disseminate information concerning U.S. persons only in accordance with procedures approved by the Attorney General. As you know, not all intelligence activities are governed by FISA, and it is my understanding that in appropriate circumstances elements of the IC may lawfully purchase information from the private sector in furtherance of their authorized missions. Nonetheless, any intelligence activity not governed by FISA would be regulated by the Attorney General-approved procedures that govern the intelligence activities of that IC element. Consistent with the requirements of the National Security Act, if confirmed, I would keep the congressional intelligence committees informed of the intelligence activities of the United States.

 

SSCI Has Already Dismissed One of the Key Issues John Durham Is Investigating

The other day, the NYT had an update on another area included in John Durham’s 9-month investigation of the Russian investigation. Durham appears to be chasing a theory (based on what predication, aside from Bill Barr’s fevered imagination, it’s unclear) that John Brennan tricked the FBI into investigating Trump by fooling them into believing Russia wanted Trump elected.

Questions asked by Mr. Durham, who was assigned by Attorney General William P. Barr to scrutinize the early actions of law enforcement and intelligence officials struggling to understand the scope of Russia’s scheme, suggest that Mr. Durham may have come to view with suspicion several clashes between analysts at different intelligence agencies over who could see each other’s highly sensitive secrets, the people said.

Mr. Durham appears to be pursuing a theory that the C.I.A., under its former director John O. Brennan, had a preconceived notion about Russia or was trying to get to a particular result — and was nefariously trying to keep other agencies from seeing the full picture lest they interfere with that goal, the people said.

[snip]

The Justice Department has declined to talk about Mr. Durham’s work in meaningful detail, but he has been said to be interested in how the intelligence community came up with its analytical judgments — including its assessment that Russia was not merely sowing discord, but specifically sought to help Mr. Trump defeat Hillary Clinton in the 2016 election.

A key part of this involves the credibility assigned to a Russian source and the CIA’s initial unwillingness to share his identity.

One fight, they said, concerned the identity and placement of a C.I.A. source inside the Kremlin. Analysts at the National Security Agency wanted to know more about him to weigh the credibility of his information. The C.I.A. was initially reluctant to share details about the Russian’s identity but eventually relented.

But officials disagreed about how much weight to give the source’s information, and the intelligence community’s eventual assessment apparently reflected that division. While the F.B.I. and the C.I.A. concluded with “high confidence” that Mr. Putin was specifically trying to help Mr. Trump win the election, the National Security Agency agreed but said it had only “moderate confidence.”

As with much of the Durham investigation, this likely came from a partisan investigation — specifically the HPSCI Report on Russian interference that the GOP released with little Democratic involvement. It found that

(U) Finding #16: The lntelllgence Communi· tv Assessment judgments on Putin’s strategic intentions did not employ proper ana· lytic tradecraft. (U) While the Committee found that most ICA analysis held-up to scrutiny, the investigation also identified significant intelligence tradecraft failings that undermine confidence in the JCA judgments regarding Russian President Vladimir Putin’s strategic objectives for disrupting the U.S. election. Those judgments failed to meet longstanding standards set forth in the primary guiding document for IC analysis, ICD 203, Analytic Standards including:

(U) ”Properly describe quality and credibilit:y of underlying sources.”

(U) “Properly express and explain uncertainties associated with major analytic judgments.”

(U) “Incorporate analysis of alternatives ·- [particularly] when major judgments must contend with significant uncertainties or … high-impact results.”

(U) Base confidence assessments on “the quantity and quality of source material.”

(U) “Be informed by all relevant information available.”

(U) “Be independent of political considerations.”

[snip]

The Committee’s findings on ICA tradecraft focused on the use of sensitive, [redacted] intelligence [redacted] cited by the ICA. This presented a significant challenge for classification downgrade. The Committee worked with intelligence officers from the agencies who own the raw reporting cited in the ICA to downgrade the classification of compartmented findings [redacted]

In short, in the same way that the HJC/OGR echo chamber of shoddy propaganda injected George Papadopoulos’ claims into Durham’s investigation, the HPSCI report likely gave Barr a way to demand this prong of the investigation.

The thing is, however, the Senate Intelligence Committee has also reviewed this intelligence — notably, at a time after the CIA source behind it had been exfiltrated (and after abundant other evidence proving that Putin really did prefer Trump came in). And SSCI had no problem with the conclusion.

The ICA states that:

We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the U.S. presidential election. Russia’s goals were to undermine public faith in the U.S. democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump.[2]

  • The Committee found that the ICA provided a range of all-source reporting to support these assessments.
  • The Committee concurs with intelligence and open-source assessments that this influence campaign was approved by President Putin.
  • Further, a body of reporting, to include different intelligence disciplines, open source reporting on Russian leadership policy preferences, and Russian media content, showed that Moscow sought to denigrate Secretary Clinton.
  • The ICA relies on public Russian leadership commentary, Russian state media reports, public examples of where Russian interests would have aligned with candidates’ policy statements, and a body of intelligence reporting to support the assessment that Putin and the Russian Government developed a clear preference for Trump.

The ICA also states that:

We also assess Putin and the Russian Government aspired to help President-elect Trump’s election chances when possible by discrediting Secretary Clinton and publicly contrasting her unfavorably to him.[3]

  • The Committee found that the ICA provided intelligence and open source reporting to support this assessment, and information obtained subsequent to publication of the ICA provides further support.
  • This is the only assessment in the ICA that had different confidence levels between the participating agencies—the CIA and FBI assessed with “high confidence” and the NSA assessed with “moderate confidence”—so the Committee gave this section additional attention.

The Committee found that the analytical disagreement was reasonable, transparent, and openly debated among the agencies and analysts, with analysts, managers, and agency heads on both sides of the confidence level articulately justifying their positions. [my emphasis]

Significantly, over time that conclusion has held up.

In fact, an even more recent SSCI Report — released in recent weeks — makes it clear that what is obviously this same reporting stream provided the “wake up” call that led the IC to take the Russian attack as seriously as they should have. The intelligence is introduced (but entirely redacted) on page 11, but the description of Brennan’s action — and the degree to which this intelligence was closely held thereafter — makes it clear that this is the CIA HUMINT.

According to Director Brennan, he recommended that the intelligence be briefed to the Gang of Eight, stating, “I think it’s important that this be a personal briefing.”

[snip]

According to multiple administration officials, the receipt of the sensitive intelligence prompted the NSC to being a series of restricted PC meetings to craft the administration’s response to the Russians’ active measures campaign. These restricted “small group” PC meetings, and the corresponding Deputies Committee (DC) meetings, were atypically restricted, and excluded regular PC and DC attendees such as the relevant Senior Directors within the NSC and subject matter experts that normally accompanied the principals and deputies from the U.S. Government departments and agencies.

According to former NSC Senior Director for Intelligence Programs, Brett Holmgren, no one other than the principals participated in the initial PC meetings, due to the sensitivity of the intelligence reporting. Mr. Holmgren further stated that the “reports were briefed verbally, often times by Director Brennan. So I didn’t get access to a lot of these reports until the November or December time frame.”

To be clear, ultimately this more recent SSCI Report comes down on the same side that the Durham inquiry seems to be — that CIA ended up holding this too close, making it difficult for other agencies to properly vet it. This SSCI Report argues that the close hold led to a less robust response than the US should have mounted.

So all four reviews — HPSCI’s, SSCI’s ICA assessment and 3rd volume, along with Durham’s current review — agree that the CIA held this information really closely. But the bipartisan reports that assess whether the conclusion held up over time — just the SSCI ones — not only find that CIA was right, but that that view marked the belated moment when the US IC started taking the attack seriously enough.

In other words, John Durham is investigating something that the proper oversight authorities already have deemed the correct result that actually came too late and not broadly enough, and trying to find fault with it. Bill Barr is trying to get Durham to criminalize an intelligence conclusion that is the one thing that didn’t lead us to get more badly damaged by the attack.

The Black Hole Where SSCI’s Current Understanding of WikiLeaks Is

Four years after it started, the Senate Intelligence Committee continues its investigation into Russia’s 2016 election interference, this week releasing the report on what the Obama Administration could have done better. For a variety of reasons, these reports have been as interesting for their redactions or silences as for what the unredacted bits say.

This latest report is no different.

Putin responded to Obama’s warnings by waggling his nukes

The most interested unredacted bit pertains to Susan Rice’s efforts, scheduled to occur just before ODNI and DHS released their report attributing the hack to Russia, to warn Russia against continuing to tamper in the election. That would place the meeting at just about precisely the moment the Access Hollywood video and Podesta email release happened, a big fuck you even as Obama was trying to do something about the tampering. The meeting also would have occurred during the period when Sergei Kislyak was bitching about FBI efforts to prevent Russia from sending election observers to voting sites.

The description of the meeting between Rice and Kislyak is redacted. But the report does reveal, for the first that I heard, that Russia responded to being warned by raising its nukes.

Approximately a week after the October 7. 2016. meeting, Ambassador Kislyak asked to meet with Ambassador Rice to deliver Putin’s response. The response, as characterized by Ambassador Rice, was “denial and obfuscation,” and “[t]he only thing notable about it is that Putin somehow deemed it necessary to mention the obvious fact that Russia remains a nuclear power.”

This exchange is all the more interesting given that there’s an entirely redacted bullet (on page 37) describing actions that “Russian cyber actors” took after Obama warned Putin. Given that the state and county scanning and the alleged hack of VR Systems shows up, there’s something we either still don’t know about or SSCI continues to hide more details of the VR Systems hack.

The page long post-election response to the election year attack

The longest subsection in a section devoted to describing Obama’s response is redacted (pages 39-41).

Here’s what the timing of the unredacted parts of that section is:

  • A: Expulsion of Russian diplomats (December 29, 2016)
  • B: Modifying the EO and sanctions (December 29, 2016)
  • C: redacted
  • D: Cybersecurity action in the form of the issuance of two technical reports (December 29, 2016 and February 10, 2017)
  • E: Tasking the ICA Report (initiated December 6, 2016; completed December 30, 2016; published January 5 and 6, 2017)
  • F: Protecting election infrastructure (January 5, 2017)

That might suggest that whatever secret action the Obama Administration took happened right in December, with everything else.

John Brennan was proved fucking right

There’s a redacted passage that may undermine the entire premise of the John Durham investigation, which purports to review what agencies, other than FBI, did to lead to an investigation focused on Trump’s campaign. Some reporting suggests Durham is investigating whether CIA tricked FBI into investigating Trump’s flunkies.

But this report describes how, in spite of knowing about related Russian hacks in 2015 and Russia’s habit of leaking information they stole, the IC really wasn’t aware of what was going on until John Brennan got an intelligence tip during the summer of 2016. That intelligence tip was described at length in a WaPo story that resembles this section of the report.

Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.

Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladi­mir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.

But it went further. The intelligence captured Putin’s specific instructions on the operation’s audacious objectives — defeat or at least damage the Democratic nominee, Hillary Clinton, and help elect her opponent, Donald Trump.

At that point, the outlines of the Russian assault on the U.S. election were increasingly apparent. Hackers with ties to Russian intelligence services had been rummaging through Democratic Party computer networks, as well as some Republican systems, for more than a year. In July, the FBI had opened an investigation of contacts between Russian officials and Trump associates. And on July 22, nearly 20,000 emails stolen from the Democratic National Committee were dumped online by WikiLeaks.

But at the highest levels of government, among those responsible for managing the crisis, the first moment of true foreboding about Russia’s intentions arrived with that CIA intelligence.

The section in this report is redacted.

Effectively, this report seems to confirm the WaPo reporting (which may have been based off sources close to those who testified to SSCI). It also emphasizes the import of this intelligence. But for this intelligence, the IC may have continued to remain ignorant of Putin’s plans for the operation.

The IC won’t let SSCI share its current understanding of WikiLeaks

But the most interesting redactions pertain to WikiLeaks.

There are four redacted paragraphs describing how hard it was for the IC to come up with a consensus attribution for the hack and leak operation.

Senior administration officials told the Committee that they hesitated to publicly attribute the cyber efforts to Russia m1til they had sufficient information on the penetration of the DNC network and the subsequent disclosure of stolen information via WikiLeaks, DCLeaks, and Guccifer 2.0.

More interesting still, almost the entirety of the page-plus discussion (relying on testimony from Ben Rhodes, Michael Daniel, Paul Selva, Mike Rogers, and others) of why it took so long to understand WikiLeaks remains redacted.

One reference that is unredacted, however, describes WikiLeaks as “coopted.”

This information would be of particular interest as the prosecution of Julian Assange goes forward. That — and the fact that some of this determination, relying as it does on former NSA Director Mike Rogers, appears to rely on NSA information — may be why it remains redacted.

Update: I’ve deleted the remainder of this post. It came from Wyden’s views, not the report itself.