Posts

Donald Trump Agrees He Is Living By Barack Obama’s Rules

/51 Comments/in , /by

I’ve been waiting for something like this: the moment where Donald Trump concedes that Barack Obama — Hawaiian birth certificate and all — will play a key role in decisions about his ridiculous claims about hoarding classified documents.

Midway through Trump’s bid to convince Aileen Cannon to reject DOJ’s motion for a stay of her injunction against using the documents marked with classification marks seized from Trump’s beach resort, he notes that the only power he ever had to classify and declassify documents was governed by an Executive Order signed by Barack Obama on December 29, 2009.

The Government does not contest—indeed, it concedes—that the President has broad authority governing classification of, and access to, classified documents. [ECF No. 69 at 10, 18 (quoting Dep’t of Navy v. Egan, 484 U.S. 518, 529 (1988))]. In fact, the Government advocates that “the protection of classified information must be committed to the broad discretion of the agency responsible, and this must include broad discretion to determine who may have access to it.” [ECF No. 69 at 18 (quoting Egan, 484 U.S. at 529)]. Congress provided certain parameters for controlling classified information but primarily delegated to the President how to regulate classified information. 50 U.S.C. § 3161. At the same time, Congress exempted the President from complying with such requirements. See id. § 3163 (“Except as otherwise specifically provided, the provisions of this subchapter shall not apply to the President . . .”).

President Obama enacted the current Executive Order prescribing the parameters for controlling classified information in 2009. See Exec. Order 13526 (Dec. 29, 2009). That Executive Order, which controlled during President Trump’s term in office, designates the President as an original classification authority. See id. § 1.3(a)(1). In turn, the Executive Order grants authority to declassify information to either the official who originally classified the information or that individual’s supervisors—necessarily including the President. § 3.1(b)(1), (3). Thus, assuming the Executive Order could even apply to constrain a President, cf. 50 U.S.C. § 3163, the President enjoys absolute authority under the Executive Order to declassify any information. There is no legitimate contention that the Chief Executive’s declassification of documents requires approval of bureaucratic components of the executive branch. Yet, the Government apparently contends that President Trump, who had full authority to declassify documents, “willfully” retained classified information in violation of the law. See 18 U.S.C. § 793(e); [ECF No. 69 at 9].7 Moreover, the Government seeks to preclude any opportunity for consideration of this issue.

7 Of course, classified or declassified, the documents remain either Presidential records or personal records under the PRA. [ed: See this post for how Trump debunked this claim. My emphasis]

Donald Trump concedes that Executive Order 13526 governed the classification and declassification of information on December 29, 2009. It continued to govern the classification and declassification of information on January 20, 2017. It continued to govern the classification and declassification of information on January 20, 2021. It continues to govern the classification and declassification of information today.

Donald Trump agrees that he never altered this EO. He agrees that he is bound by it still, unless the lawful President, a guy named Joe Biden, decides to change it.

This is a virtual capitulation to the arguments DOJ is making, including that the classification review of the documents he stole, the review ongoing as we speak, will be determinative of the classification status of those documents.

But it’s also a concession that he is bound by everything in the EO. There’s a whole bunch of things Trump concedes when he concedes that point (including that classified information must be kept secure).

One of those things, however, is that former Presidents — and the propagandists who work for them — still must get waivers to bypass Need to Know restrictions on classified information.

Sec. 4.4. Access by Historical Researchers and Certain Former Government Personnel.

(a) The requirement in section 4.1(a)(3) of this order that access to classified information may be granted only to individuals who have a need to-know the information may be waived for persons who:

(1) are engaged in historical research projects;

(2) previously have occupied senior policy-making positions to which they were appointed or designated by the President or the Vice President; or

(3) served as President or Vice President.

(b) Waivers under this section may be granted only if the agency head or senior agency official of the originating agency:

(1) determines in writing that access is consistent with the interest of the national security;

(2) takes appropriate steps to protect classified information from unauthorized disclosure or compromise, and ensures that the information is safeguarded in a manner consistent with this order; and

(3) limits the access granted to former Presidential appointees or designees and Vice Presidential appointees or designees to items that the person originated, reviewed, signed, or received while serving as a Presidential or Vice Presidential appointee or designee. [my emphasis]

This part of the EO — an EO that Trump, who served but no longer serves as President, agreed he is bound by — does not say that such access must be waived. It says it may be.

May. Not must.

Moreover, this waiver requires that before waiving the Need to Know rule, agency heads first determine, in writing, that giving former Presidents and their propagandists access to classified information, “is consistent with the interest of national security.”

Right there, in the middle of his filing arguing that maybe the classification decisions Joe Biden’s Administration is making right now can be overridden by a Special Master, Donald Trump agrees that the Barack Obama order he says he is bound by means not even he gets access to this information without a waiver, and even then, only if the agency heads that own the information say it won’t make the country less safe.

In his bid to claw back classified information he stole, Donald Trump admits he’s still living by Barack Obama’s rules. And those rules, the rules Trump admits he is bound by, say he can only even access this information if Avril Haines and Paul Nakasone and William Burns and Chris Wray say he can.

Go to emptywheel resource page on Trump Espionage Investigation.

While Trump Was Secretly Loading Up Documents, Mike Ellis Was Hoarding an NSA Document at the White House

/86 Comments/in , /by

The WaPo continues to own the story of the Archives’ efforts to reclaim documents removed from the White House by Donald Trump. Yesterday, they reported that some of the documents Trump absconded with were marked as classified, including Top Secret.

Some of the White House documents that Donald Trump improperly took to his Mar-a-Lago residence were clearly marked as classified, including documents at the “top secret” level, according to two people familiar with the matter.

The existence of clearly marked classified documents in the trove — which has not previously been reported — is likely to intensify the legal pressure that Trump or his staffers could face, and raises new questions about why the materials were taken out of the White House.

While it was unclear how many classified documents were among those received by the National Archives and Records Administration, some bore markings that the information was extremely sensitive and would be limited to a small group of officials with authority to view such highly classified information, the two people familiar with the matter said.

But the more interesting part of WaPo’s latest is a description of Trump packing up boxes without letting his closest aides look at them (I take this to mean the repacking at Mar-a-Lago).

It is not precisely clear who packed up the classified materials at Mar-a-Lago, or how they got there in the first place. Trump was very secretive about the packing of boxes that were retrieved from Mar-a-Lago last month, and did not let other aides — including some of his most senior advisers — look at them, according to people close to him.

As this story has been snowballing, I can’t get a detail from the IG Report on White House Counsel Mike Ellis’ aborted hiring as NSA General Counsel out of my head.

The DOD IG found that Ellis’ hiring itself wasn’t a problem. But it also found that NSA Director Paul Nakasone correctly responded by holding up the process when Ellis was involved in two security incidents in the days after January 6. In both cases, Ellis was treating NSA information improperly.

First Security Incident

An NSA employee received a controlled, classified NSA notebook of documents on January 7, 2021, from a Department of State official who was not authorized to access that information. An initial NSA review further found that several copies of the notebook had been produced without NSA authorization. This event raised concerns that other individuals possessed copies of these sensitive materials without NSA authorization.

[NSA Deputy Director George] Barnes told us that “[they] were spending the last week or so of the administration trying to find out who had them, where they were, and trying to get them back into positive control before the administration members left.” NSA officials received information on January 13, 2021, that Mr. Ellis either created or directed the copying of these notebooks of documents with compartmented, classified information without NSA knowledge, consent, or control.

Second Security Incident

On January 8, 2021, an NSA employee tried to retrieve an NSA document from Mr. Ellis that contained information of a classified, controlled, compartmented NSA program “of some of the most sensitive information that NSA possesses.” Mr. Barnes told us that Mr. Ellis refused to return the document, retained it for the White House archives, and, based on what the NSA employee saw, placed the document in a container that did not meet the security storage requirements for such a sensitive program. Mr. Barnes told us that he contacted Mr. Eisenberg on January 9, 2021, for help obtaining the document, and the document was returned to the NSA on January 14, 2021. Mr. Barnes said, “The White House people were all leaving so every day new members were leaving and so we were prioritizing on identifying our documents that needed to be brought under positive control and accounted for.” [italicized brackets and bold mine]

When Nakasone was asked about this by the IG, he explained that the intelligence deals with a particular foreign actor.

I learned … that we had questions about the way that Mr. Ellis had handled our most sensitive intelligence that deals with a foreign actor when he was in the White House. … and I’m not able to get the actual full details until that Tuesday [January 19]. … I’m … growing concerned… I have an OGC that I’ve said is okay to be hired, now we have concerns about his clearance. We have concerns about merit. We have concerns about an ongoing inquiry by the DoD IG. And so, my sense was … let’s get this all resolved… before he actually becomes the General Counsel for the National Security Agency. [emphasis mine]

So at precisely the time when Trump was packing up documents to take with him, in the wake of his failed coup attempt, Mike Ellis was refusing to return an NSA document from the White House.

And the NSA’s concerns, even then, pertained to the possibility that White House staffers would move on and these documents would disappear.

Update: TF reminded me that in December 2020 (so during the period when Ellis’ nomination was pending), Mike Flynn and friends came up with a scheme to use NSA data to try to prove foreign interference in the election, one that Mike Lindell was trying to implement in January.

The memo used the banal language of government bureaucracy, but the proposal it advocated was extreme: President Donald Trump should invoke the extraordinary powers of the National Security Agency and Defense Department to sift through raw electronic communications in an attempt to show that foreign powers had intervened in the 2020 election to help Joe Biden win.

Proof of foreign interference would “support next steps to defend the Constitution in a manner superior to current civilian-only judicial remedies,” argued the Dec. 18, 2020, memo, which was circulated among Trump allies.

The document, a copy of which was obtained by The Washington Post, laid out a plan for the president to appoint three men to lead this effort. One was a lawyer attached to a military intelligence unit; another was a veteran of the military who had been let go from his National Security Council job after claiming that Trump was under attack by deep-state forces including “globalists” and “Islamists.”

[snip]

[North Dakota Senator Kevin] Cramer said Del Rosso sent the memo to his office after a Jan. 4 meeting that both men attended at the Trump International Hotel, which was organized by MyPillow chief executive Mike Lindell, a prominent backer of Trump’s bogus election fraud claims.

Cramer and Sen. Cynthia M. Lummis (R-Wyo.) joined some two dozen others crammed into a ground-floor hotel conference room to discuss election fraud allegations, according to Cramer and an aide to Lummis. Participants recalled that Johnson also attended, via videoconference. The details of the meeting, which took place two days before the attack on the U.S. Capitol, have not been previously reported. The meeting was similar to a briefing held in a congressional office building the next day for members of the House.

Michael Flynn, who resigned in 2017 as Trump’s national security adviser and had advocated using the military to “rerun” the election in battleground states, also extended an invitation to at least one senator and his staff, according to a person familiar with the meeting. Flynn did not respond to requests for comment.

 

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Paul Nakasone’s Concerns about Mike Ellis Hiring Vindicated

/18 Comments/in , , /by

DOD Inspector General released a report yesterday finding there was no evidence of impropriety in the hiring of Michael Ellis as General Counsel, but also suggesting that NSA Director Paul Nakasone was vindicated in his concerns about Ellis’ hiring. DOD IG made those conclusions without succeeding in getting Pat Cipollone — who might know a back story to Ellis’ hiring — to sit for an interview about his role in the process.

The hiring process

As the report lays out, Ellis was one of 29 candidates who were deemed qualified for the position to apply in early 2020. An initial vetting process did not work as one of the participants said it had in the past, partly because of how the panel considered the technical requirements, partly because they did not conduct interviews. But by all accounts Ellis was deemed one of the top seven candidates, and so qualified for the position.

In the next round, just three people were reviewed, including Ellis. Several of the three panel members deemed a different candidate to have had an exceptionally good interview, but all agreed Ellis did quite well and that it was a close decision.

After that DOD General Counsel Paul Ney, who had selection authority, chose Ellis. When asked why he preferred Ellis, he cited Ellis’ more extensive Intelligence Community experience and his experience both on the Hill (where he wrote dodgy reports for Devin Nunes) and in the White House (where he ran interference for Trump), though there’s no evidence Ney understood Ellis’ role on those bodies. Ney told DOD IG that he had several calls with John Eisenberg and one with Pat Cipollone where the lawyers spoke favorably of Ellis during the hiring process, but he did not regard those as being an attempt to pressure him.

The law requires that the NSA Director be consulted in this process. After the decision was made, Nakasone conducted interviews and decided that the same candidate who had had the exceptionally good interview would best manage the 100-person General Counsel department at the NSA. He also shared concerns with Ney about the way that Ellis had done the classification review of John Bolton’s book (probably reflecting that Ellis was pursuing a political objective on that front). Nevertheless, Ney picked Ellis, and after the election, his hiring was announced.

As the transition wore on and Congress got involved, Nakasone raised concerns about whether the Office of Personnel Management had done an adequate review of the hiring of a political appointee. The review is not required (the IG Report recommended that it be required going forward), and was not used with Obama’s General Counsels Raj De and Glenn Gerstell either. On January 15, Nakasone attempted to stall the on-boarding process, citing the OPM review and concerns from Congress. But then Ney got Christopher Miller to order Nakasone to hire Ellis by the end of the following day, which Nakasone did.

After that (but before the inauguration), Nakasone learned of two security incidents involving Ellis, and based on that and the ongoing IG investigation, put the newly hired General Counsel on leave.

The Eisenberg and Cipollone calls

The IG Report considered whether in calls from John Eisenberg and Pat Cipollone, they inappropriately influenced Ney. It credibly shows they did not. That’s true, first of all, because the IG Report makes it clear that Ney had regular interactions with Eisenberg, Ellis, and Cipollone. Ellis’ bosses at the White House wouldn’t have needed to push him — he was a known figure to Ney.

Eisenberg’s positive comments were credibly described as a supervisor expressing positive comments about someone.

When we asked Mr. Eisenberg about the rationale for his comments to Mr. Ney, he told us,“I would not have been happy with myself if somebody who … works so hard for me, that I … couldn’t be bothered to basically give a recommendation before somebody makes a decision.” Mr. Eisenberg told us, “[T]here’s nothing inappropriate about … somebody from the White House in an appropriate context, providing an evaluation of their employee.”

The IG Report doesn’t describe (and it would be beyond its scope) that Eisenberg played a central role in some key cover-ups for Trump, the most notable of which was Trump’s attempt to coerce election assistance from Ukraine. Ellis was a part of those cover-ups (indeed, that’s arguably what the Bolton classification review was). Eisenberg also played a key role, way back in 2008, in withholding information from FISC for the first programmatic review of PRISM.

That is, a recommendation from Eisenberg is a recommendation from someone who did questionable things to protect the President, often with Ellis’ help. John Eisenberg is a very credible, experienced national security lawyer. He’s also someone who helped Trump undermine democracy.

Still, the IG Report credibly describes this as the normal kind of comment that a supervisor would make. It’s only important given who the supervisor was and what the supervisor had asked Ellis to do in the past.

I’m rather interested, however, that Cipollone blew off DOD IG’s request for information.

Shortly after interviewing Mr. Ney on March 15, 2021, we attempted to contact Mr. Cipollone. He did not respond; however, his assistant responded on July 12, 2021, and we asked to interview Mr. Cipollone. Neither Mr. Cipollone nor his assistant provided any response to our request. Based on the witness testimony and documents we reviewed, we determined that Mr. Cipollone likely did not have any additional information different from what we obtained from other sources, and we decided, therefore, not to further delay our review waiting for a response from Mr. Cipollone or his assistant.

Cipollone had no legal obligation to cooperate, and DOD IG had no legal means to coerce him to do so. But he’s also the kind of person who would know better than to get himself in an interview where he might have to reveal other pertinent details. For whatever reason, he just blew off the request.

In the days after January 6, Ellis was discovered to have two security violations

After determining, credibly, that Ellis was legally hired, DOD IG then considered whether Ellis was legally put on leave as soon as he was hired. The analysis involves the discovery of two security violations on January 7 and January 8, as laid out in this table.

In the first incident, NSA discovered that Ellis had put together and shared notebooks of documents of “compartmented, classified [NSA] information” without NSA knowledge or consent.

An NSA employee received a controlled, classified NSA notebook of documents on January 7, 2021, from a Department of State official who was not authorized to access that information. An initial NSA review further found that several copies of the notebook had been produced without NSA authorization. This event raised concerns that other individuals possessed copies of these sensitive materials without NSA authorization.

[NSA Deputy Director George] Barnes told us that “[they] were spending the last week or so of the administration trying to find out who had them, where they were, and trying to get them back into positive control before the administration members left.” NSA officials received information on January 13, 2021, that Mr. Ellis either created or directed the copying of these notebooks of documents with compartmented, classified information without NSA knowledge, consent, or control.

In the second, more alarming instance, two days after Trump’s coup attempt, an NSA employee tried to retrieve “some of the most sensitive information that NSA possesses” from Ellis, only to discover he was storing it with inadequate security and refusing to return it. (After DDIRNSA Barnes asked for help from Eisenberg, NSA got the information back.)

On January 8, 2021, an NSA employee tried to retrieve an NSA document from Mr. Ellis that contained information of a classified, controlled, compartmented NSA program “of some of the most sensitive information that NSA possesses.” Mr. Barnes told us that Mr. Ellis refused to return the document, retained it for the White House archives, and, based on what the NSA employee saw, placed the document in a container that did not meet the security storage requirements for such a sensitive program. Mr. Barnes told us that he contacted Mr. Eisenberg on January 9, 2021, for help obtaining the document, and the document was returned to the NSA on January 14, 2021. Mr. Barnes said, “The White House people were all leaving so every day new members were leaving and so we were prioritizing on identifying our documents that needed to be brought under positive control and accounted for.” Mr. Barnes added:

And then we started to get the pressure on the 15th is when Acting SecDef ordered us to issue a job offer to him. And so, in that intervening several days, all’s we knew his [sic]is we have a problem, we have to investigate the nature of how these documents were handled, distributed outside of our purview and control. And so that was—the flares were up but we didn’t have time to actually do anything yet and Mr. Ellis was not our employee so we didn’t have a chance to contact him yet for questioning for anything. We had to get security involved to do it right whenever we do an investigation because we didn’t know if there was a disconnect or an understanding that so these were just—the flares went up on the 7th and the 8th.

Effectively, at a time when NSA was trying to ensure that outgoing Trump officials didn’t walk out with NSA’s crown jewels, they learned that Ellis wanted to keep the crown jewels on White House servers.

Importantly, two aspects of these violations repeat earlier concerns about Ellis’ tenure: He shared information with people (like Nunes) not authorized to have it, and that he and Eisenberg played games with White House servers to avoid accountability. And while it’s not clear why Ellis was violating NSA’s security rules, it does seem of a part of his efforts to politicize classification with the John Bolton review.

DOD IG found that it was not proper to put Ellis on leave based on the then-ongoing IG investigation. But it did find Nakasone’s decision to put Ellis on leave was proper based on Nakasone having control over Ellis’ clearance.

The investigation into Ellis’ security violations appears to have ended when he resigned in April. The IG Report includes a recommendation that it be reconsidered.

The Office of the Undersecretary of Defense for Intelligence and Security should review the allegation and supporting material that Mr. Ellis improperly handled classified information on two occasions to determine what, if any, further actions the NSA or another agency should take regarding this allegation.

It’s possible, though, that this investigation didn’t go further for a different reason. That’s because the President is ultimately the Original Classification Authority for the entire US government. If Ellis was distributing these notebooks and withholding the NSA crown jewels based on Trump’s authorization, it wouldn’t be a violation at all.

That said, that seems reason enough to chase down why he did those things.

The Hack or Attack Debate: Answer Old Questions While Waiting to Learn Enough to Answer That One

/12 Comments/in , /by

As people in government, particularly members of Congress posturing for the cameras, start responding to the SolarWinds compromise, some have adopted a bellicose language unsupported by the facts, at least those that are public. Dick Durbin, for example, called it, “virtually a declaration of war.” That has led to some necessary pushback noting that as far as we know, this is an act of espionage, not sabotage. It’s the kind of thing we do as well without declaring war.

As usual, I substantially agree with Jack Goldsmith on these issues.

The lack of self-awareness in these and similar reactions to the Russia breach is astounding. The U.S. government has no principled basis to complain about the Russia hack, much less retaliate for it with military means, since the U.S. government hacks foreign government networks on a huge scale every day. Indeed, a military response to the Russian hack would violate international law. The United States does have options, but none are terribly attractive.

[snip]

The larger context here is that for many reasons—the Snowden revelations, the infamous digital attack on Iranian centrifuges (and other warlike uses of digital weapons), the U.S. “internet freedom” program (which subsidizes tools to circumvent constraints in authoritarian networks), Defend Forward, and more—the United States is widely viewed abroad as the most fearsome global cyber bully. From our adversaries’ perspective, the United States uses its prodigious digital tools, short of war, to achieve whatever advantage it can, and so adversaries feel justified in doing whatever they can as well, often with fewer scruples. We can tell ourselves that our digital exploits in foreign governmental systems serve good ends, and that our adversaries’ exploits in our systems do not, and often that is true. But this moral judgment, and the norms we push around it, have had no apparent influence in tamping down our adversaries’ harmful attacks on our networks—especially since the U.S. approach to norms has been to give up nothing that it wants to do in the digital realm, but at the same time to try to cajole, coerce, or shame our adversaries into not engaging in digital practices that harm the United States.

Goldsmith’s point about the Defend Forward approach adopted under Trump deserves particular focus given that, purportedly in the days since the compromise became known, Kash Patel is taking steps to split NSA and CyberCommand, something that would separate the Defend Forward effort from NSA.

Trump administration officials at the Pentagon late this week delivered to the Joint Chiefs of Staff a proposal to split up the leadership of the National Security Agency and U.S. Cyber Command. It is the latest push to dramatically reshape defense policy advanced by a handful of key political officials who were installed in acting roles in the Pentagon after Donald Trump lost his re-election bid.

A U.S. official confirmed on Saturday that Joint Chiefs Chairman Gen. Mark Milley — who along with Acting Defense Secretary Chris Miller must certify that the move meets certain standards laid out by Congress in 2016 — received the proposal in the last few days.

With Miller expected to sign off on the move, the fate of the proposal ultimately falls to Milley, who told Congress in 2019 that the dual-hat leadership structure was working and should be maintained.

As Reuters has reported, General Nakasone was pretty hubristic about NSA’s recent efforts to infiltrate our adversaries (Nakasone has, in unprecedented fashion, also chosen to officially confirm efforts CyberCom has made, which he must think has a deterrent effect that, it’s now clear, did not).

Speaking at a private dinner for tech security executives at the St. Regis Hotel in San Francisco in late February, America’s cyber defense chief boasted how well his organizations protect the country from spies.

U.S. teams were “understanding the adversary better than the adversary understands themselves,” said General Paul Nakasone, boss of the National Security Agency (NSA) and U.S. Cyber Command, according to a Reuters reporter present at the Feb. 26 dinner. His speech has not been previously reported.

Yet even as he spoke, hackers were embedding malicious code into the network of a Texas software company called SolarWinds Corp, according to a timeline published by Microsoft and more than a dozen government and corporate cyber researchers.

A little over three weeks after that dinner, the hackers began a sweeping intelligence operation that has penetrated the heart of America’s government and numerous corporations and other institutions around the world.

The failures of Defend Forward to identify this breach may raise questions about the dual hatting of NSA and CyberCommand, but there’s no good reason for these Trump flunkies to take any substantive steps in the last month of a Lame Duck period while it is serially refusing briefings to President Elect Biden’s team. All the more so because the more pressing issue, it seems, is giving CISA, the government’s defensive agency, more resources and authority.

More importantly, while it is too early to determine whether this goes beyond traditional espionage, there are questions that we can identify. For example, one detail that might suggest this was intended to do more than espionage is that the hackers stole FireEye’s Red Team tools. There are information gathering purposes for doing so, but they’re probably not important enough to risk blowing this entire operation, as happened. So we should at least consider whether the SolarWinds compromise aimed to pair intelligence (including that gathered from FERC, one of the agencies targeted) with the means to launch deniable sabotage on key critical infrastructure using FireEye’s tools.

Measurements of whether this is a hack or attack must also consider that the hackers are in a position where they could alter data. Consider what kind of mayhem Russia could do to our economy or world markets by altering data from Treasury. That is, the hackers are in a position where it’s possible, at least, to engage in sabotage without engaging in any kinetic act.

Finally, adopting the shorthand the industry uses for such things, there’s a bit of sloppiness about attribution. The working assumption this is APT 29, and the working reference is that APT 29 works for SVR, Russia’s foreign intelligence agency (even though when it was implicated in key hacks in 2016, it was assumed to work for FSB). I’ve been told by someone with more local knowledge that the relationship between these hackers and the intelligence agencies they work for may be more transactional. The people who’ve best understood the attack, including FireEye, think this may be a new “group.”

While intelligence officials and security experts generally agree Russia is responsible, and some believe it is the handiwork of Moscow’s foreign intelligence service, FireEye and Microsoft, as well as some government officials, believe the attack was perpetrated by a hacking group never seen before, one whose tools and techniques had been previously unknown.

Which brings me to a question we should be able to answer, one I’ve been harping on since the DNC leak first became public: what was the relationship between the hackers, APT 28 (the ones who stole files and shared the with WikiLeaks) and APT 29 (who then, and still, have been described as “just” spying). From the very first — and even in March 2017, after which discussions of the hack have become irredeemably politicized beyond recovery — there was some complexity surrounding the issue.

I have previously pointed to a conflict between what Crowdstrike claimed in its report on the DNC hack and what the FBI told FireEye. Crowdstrike basically said the two hacking groups didn’t coordinate at all (which Crowdstrike took as proof of sophistication). Whereas FireEye said they did coordinate (which it took as proof of sophistication and uniqueness of this hack). I understand the truth is closer to the latter. APT 28 largely operated on its own, but at times, when it hit a wall of sorts, it got help from APT 29 (though there may have been some back and forth before APT 29 did share).

When I said I understood the truth was closer to the latter — that there was some cooperated between APT 28 and 29, it was based on what a firsthand witness, who had been involved in defending a related target in 2016, told me. He said, in general, there was no cooperation between the two sets of hackers, but on a few occasions APT 29 seemed to assist APT 28. That’s unsurprising. The attack in 2016 was ambitious, years in planning, and Putin was personally involved. He would obviously have the ability to demand coordination for this operation, so intelligence collected by APT 29 may well have dictated choices made in where to throw GRU’s efforts.

The point is important now, especially as people like CrowdStrike’s former CTO Dmitri Alperovitch recommends responses based on the assumption that this is SVR and therefore that dictates what Russia intends.

So we should assume this is espionage and therefore avoid escalating language for the moment. But having had our assess handed to us already, with a sophisticated campaign launched as we were busy looking for election hackers, it would be a big mistake IMO to rely on easy old categories to try to understand this.

Update: Corrected to reflect that Alperovitch is no longer with CrowdStrike.

Palace Intrigue: Trump Prepares His Consolation Prize for Vladimir Putin

/137 Comments/in , , /by

In the last two days, Trump has prepared a coup of sorts. First, he fired Mike Esper and replaced him with Christopher Miller; several of Esper’s top deputies went with him. Then, Trump installed three different Devin Nunes flunkies at several places in the DOD bureaucracy:

  • Mike Ellis — the guy who hid the Ukraine transcript and one source for the unmasking hoax — to NSA as General Counsel
  • Ezra Cohen-Watnick — a key Mike Flynn loyalist and another source for the unmasking hoax — to DOD Undersecretary of Intelligence
  • Kash Patel — who ensured that no HPSCI Republicans got sound intelligence during their Russian investigation, then pretended to be a Ukraine expert during impeachment, and then served to conduct a purge in the Office of Director of National Intelligence — to DOD Chief of Staff

To be clear, unlike these others, Christopher Miller, the Acting Secretary of Defense, reportedly does care about US security, even if he’s several ranks too junior for the job and got appointed over a Senate confirmed Deputy.

But the Nunes flunkies are there, serving as gate-keepers for the hoaxes favored by Trump and Nunes, as they have done so successfully throughout Trump’s term.

Spook-whisperer David Ignatius reports that these changes come amidst a sustained debate about what to do with a piece of likely Russian disinformation that — Trump and feeble-minded partisans like Lindsey Graham believe — will prove that Russia didn’t prefer Trump over Hillary.

President Trump’s senior military and intelligence officials have been warning him strongly against declassifying information about Russia that his advisers say would compromise sensitive collection methods and anger key allies.

An intense battle over this issue has raged within the administration in the days before and after the Nov. 3 presidential election. Trump and his allies want the information public because they believe it would rebut claims that Russian President Vladimir Putin supported Trump in 2016. That may sound like ancient history, but for Trump it remains ground zero — the moment when his political problems began.

CIA Director Gina Haspel last month argued strongly at a White House meeting against disclosing the information, because she believed that doing so would violate her pledge to protect sources and methods, a senior congressional source said. This official said a bipartisan group of Republican and Democratic senators has been trying to protect Haspel, though some fear that Trump may yet oust her.

Rumors have been flying this week about Haspel’s tenure, but a source familiar with her standing as CIA director said Tuesday that national security adviser Robert C. O’Brien and White House Chief of Staff Mark Meadows had both “assured her that she’s good,” meaning she wouldn’t be removed. Haspel also met personally with Senate Majority Leader Mitch McConnell (R-Ky.) Tuesday. She sees him regularly as a member of the “Gang of Eight” senior congressional leaders. But Tuesday’s visit was another sign of GOP support.

Haspel’s most unlikely defender has been Attorney General William P. Barr, who opposed a pre-election push to declassify the sensitive material, according to three current and former officials. At a showdown meeting at the White House, Barr pushed back against revealing the secret information.

Gen. Paul Nakasone, who heads U.S. Cyber Command and the National Security Agency, has also argued vehemently against disclosure, according to a senior defense official and the senior congressional source. Like Haspel, Nakasone took the unusual step of directly opposing White House efforts to release the intelligence, because he feared the damage that disclosure would cause.

With the new changes, General Nakasone reports through Cohen-Watnick and Patel and will have to rely on the legal “advice” of Ellis. So not only does this move put more senior votes in favor of declassifying this intelligence, but it puts them in places where Nakasone might be forced to accede to these demands.

Reporting suggests that Trump is seeking to make the full intelligence behind the reports described here available. Fundamentally, the intelligence shows that the US government obtained a Russian intelligence report that stated in late July 2016 — John Ratcliffe says it was July 26 but by handwriting it appears to be July 28 — Hillary approved of a plan to vilify Trump for his dalliance with Russian intelligence.

Already, this is a stupid hoax from the Republicans. It is public that, in the wake of the DNC release on July 22 — and particularly after Trump’s “Russia are you listening” comment on July 27 — Hillary started focusing on Trump’s coziness with Russia. In other words, the crack Russian analysts would have to do no more than read the paper to come to this conclusion. Nor would there be anything scandalous about Hillary trying to hold Trump accountable for capitalizing on an attack on her by a hostile foreign country.

I think Republicans are trying to suggest — by altering a date (July 26 instead of July 28) again and breathing heavy — that former government official Hillary Clinton was the reason why the FBI opened an investigation into Trump, rather than the Australians informing the US about Coffee Boy George Papadopoulos bragging about Russia offering help back in May. There’s not a shred of evidence for it, of course, but that has never stopped the frothy right.

The far more interesting part of this intelligence comes in the report that Peter Strzok wrote up, which is dated September 7. It makes it clear that Hillary’s alleged attack pertained to Russian hackers, notably Guccifer 2.0.

So a Russian intelligence report the US stole from Russia in late July 2016 claimed that, on July 26 0r 28, Hillary approved an attack on Trump pertaining to having help from Russian hackers, a report that did not get formally shared with the FBI until September 7. And either the report itself or FBI’s interpretation of it focuses on Guccifer 2.0.

Somehow this is the smoking gun — that over a month after opening up Crossfire Hurricane the FBI started investigating a claim that, starting on July 26 or 28, Hillary thought Trump was cuddling up with Russian hackers, interpreted by someone to be Guccifer 2.0 — the FBI learned that fact.

When I first wrote this up, I hadn’t started my Rashomon Rat-Fucker series, to say nothing of my report to the FBI that an American I knew may have served as an American cut-out for the Guccifer 2.0 operation (I’m jumping ahead of myself, but I’m certain the FBI investigated that claim for at least a year). At the time, I focused on how prescient the frothers were making Hillary look for anticipating that Roger Stone would first start doing propaganda for Guccifer 2.0 on August 5; best case for the frothers in this situation is that Stone somehow learned of the Russian report before the FBI did.

But now that I’ve written those posts, it’s clear that not only did the FBI have strong circumstantial evidence that Stone knew of the Guccifer 2.0 operation even before the first Guccifer 2.0 post, because he was searching for it on June 15 before the WordPress site went public, but that Stone probably had a face-to-face meeting with someone at the RNC from whom he got advance notice of the DNC drop.

In July 2016, this report is only mildly interesting, amounting to showing that the Russians read the newspaper like everyone else.

In 2020, after details from the Mueller investigation have become public, the Russian report makes far more sense as deliberate disinformation, an attempt to turn a direct contact with Stone into a hoax about Hillary.

Which makes Trump’s apparent determination to liberate this document all the more telling. It suggests that he wants to make public something, anything, he can use to counter what will be very damning allegations when this all becomes clear.

And, given how shoddy the actual intelligence itself is (at best showing that Russian intelligence officers read public sources and more credibly showing that Russia was building plausible deniability for contacts with Roger Stone in real time), Trump’s insistence on it, whether intentional or not, would serve to blow highly sensitive collection for a third-rate hoax.

I can see why Trump would prioritize this intelligence on his way out that the door. It comes at a time when he can be easily manipulated to burn the IC in ways that can only serve Russian interests.

In other words, one of Trump’s top priorities for the Lame Duck period is to give Vladimir Putin a consolation prize.

A Tale of Two National Security Advisors

/71 Comments/in , , /by

As you no doubt heard, in addition to suing John Bolton for breach of contract over his Trump book, the Trump Administration has also asked for a Temporary Restraining Order against Bolton, purportedly with the goal of getting him to do things that are no longer in his control. At one level, the legal actions seem designed to make Bolton’s book even more popular than it would otherwise be — while starving him of any royalties for the book. Judge Royce Lamberth, who has a history of pushing back against Executive abuse (including claims involving classification) has been assigned the case; he scheduled a hearing for tomorrow.

I agree with the bulk of the analysis that these legal efforts will fail, to the extent they’re really trying to prevent Bolton from releasing the book. I also agree with analysis about the uphill climb Bolton faces to avoid having his profits seized.

That said, I can’t help but notice the way the filings set Bolton up — possibly, even for prosecution (which LAT reports remains under consideration), but also for a remarkable comparison with Trump’s first National Security Advisor, Mike Flynn.

Legally, the filings do what they need to do to seize Bolton’s profits, and will probably succeed (meaning you can buy the book and your money will go to the US Treasury). But, as noted, they’re not written to actually win an injunction, most especially against Bolton’s publisher, Simon & Schuster.

The filings do something else, though. They tell how Bolton apparently shared drafts of his manuscript before it had been cleared, which in turn got shared with the press.

35. On January 26, 2020, the New York Times published an article describing information purportedly “included in drafts of a manuscript” that Defendant, apparently without any protections for classified national security information, had “circulated in recent weeks to close associates.” The article set forth information allegedly contained in “dozens of pages” of the manuscript. A true and correct copy of this article is attached hereto as Exhibit F.

36. On information and belief, the January 26, 2020 article led to a tremendous surge in publicity for the pre-sales of the book, including hundreds of news articles, discussion on major television networks, statements by members of Congress, and widespread circulation of the article’s content on social media.

37. On January 27, 2020, the Washington Post published a separate article describing content contained in The Room Where it Happened, relying on the statements of “two people familiar with the book,” indicating, on information and belief, that Defendant had disclosed a draft of the manuscript to others without receiving prior written authorization from the U.S. Government. A true and correct copy of this article is attached hereto as Exhibit G.

38. Thus, notwithstanding this admonition, in late January 2020, prominent news outlets reported that drafts of Defendant’s manuscript had been circulated to associates of Defendant. These articles included reports from individuals supposedly familiar with the book, which indicates, on information and belief, that Defendant had already violated his non-disclosure agreements while purporting to comply with the prepublication review process. See supra ¶¶ 27, 29; see also Exhs. E & F

They lay out evidence that Bolton specifically knew the dangers of disclosing classified information, most ironically with a citation of his complaints about Edward Snowden (who also had his profits seized).

Defendant knows well the threat posed by disclosing classified information that might benefit the Nation’s adversaries. See John Bolton, “Edward Snowden’s leaks are a grave threat to US national security,” The Guardian, https://www.theguardian.com/commentisfree/2013/jun/18/edwardsnowden-leaks-grave-threat (June 18, 2013). Congress does as well, as reflected in its decision to criminalize the unauthorized disclosure of classified information. See, e.g., 18 U.S.C. §§ 641, 793, 794, 798, 952, 1924.

They provide multiple declarations — from Mike Ellis, the Trump hack who has politicized classified information in the past, from National Counterintelligence Director Bill Evanina claiming this is the kind of information our adversaries look for, from Director of NSA Paul Nakasone talking about the specific vulnerability of SIGINT, and from Director of National Intelligence John Ratcliffe, whose name the TRO misspells and whose experience looks exceedingly thin compared to the others, along with classified declaration from Ellis. Even though the declarations were obviously carefully curated by Ellis, these are nevertheless the kinds of things courts usually bow to, when the government makes claims about classification. While neither we nor Bolton or his lawyer will get to review the actual claims being made, such declarations are usually sufficient to get the desired recourse.

Perhaps notably, the filings include a letter from John Eisenberg (whose shenanigans regarding the Ukraine call Bolton made more significant), written on June 11, at a time when the White House already knew Bolton was moving to publish, accusing Bolton of publishing this information for financial gain.

Fourth, your self-serving insinuations that the NSC review process has been directed at anything other than a good faith effort to protect national security information is offensive. Your client has taken classified information, including some that he himself classified, and sold it to the highest bidder in an attempt to make a personal profit from information that he held in trust as a public servant–and has done so without regard for the harm it would do to the national security of the United States.

Effectively, this package of filings does nothing to prevent the book from coming out. But it very carefully lays a record to meet the elements of an Espionage charge. Given this notice, the government would be in a position to point to the publication of the book (that Bolton couldn’t stop now if he wanted) and prove that Bolton had an obligation to keep these things secret, he knew the damage that not doing so could cause, and yet nevetheless published the information.

Whether they will prosecute or not is unclear. But these filings make it far easier to do so.

The White House is preparing to claim that John Bolton is akin to Edward Snowden, solely because he aired Trump’s dirt in a book.

This all comes at the same time as the government is making extraordinary efforts to prevent Mike Flynn from being punished for secretly working for a frenemy country while getting classified briefings, and calling up the country that just attacked us in 2016 and discussing how Russia and the Trump Administration had mutual interests in undermining Obama’s policies.

The same DOJ that is magnifying Bolton’s risk for an Espionage prosecution found nothing inappropriate in Flynn calling up the country that had just attacked the US and teaming with that hostile country against the current government of the United States.

Nor was anything said on the calls themselves to indicate an inappropriate relationship between Mr. Flynn and a foreign power. Indeed, Mr. Flynn’s request that Russia avoid “escalating” tensions in response to U.S. sanctions in an effort to mollify geopolitical tensions was consistent with him advocating for, not against, the interests of the United States. At bottom, the arms-length communications gave no indication that Mr. Flynn was being “directed and controlled by … the Russian federation,” much less in a manner that “threat[ened] … national security.” Ex. 1 at 2, Ex. 2 at 2.

Indeed, the Attorney General even claimed the call was “laudable,” even while lying that it didn’t conflict with Obama’s policies.

But it’s not just in the courts where DOJ is working hard to protect the guy who really did harm the US. In an effort to sow the propaganda case for Mike Flynn, the Trump Administration has been on a declassification spree, including — by Ratcliffe — the transcripts of some (but not all) of Flynn’s calls with Sergey Kislyak, something that has never been done before. Significantly, the claims that Nakasone and Ratcliffe make in their declarations in the Bolton case, especially with regards to disclosing SIGINT burns the collection going forward, were clearly violated when Ratcliffe declassified the transcripts.

To be honest, I won’t weep if Bolton is prosecuted. He would have had more legal protection had he testified during the impeachment inquiry, which would have done more good for the country. It would be an abuse, but such abuse has been directed against far more vulnerable and admirable people.

But the comparison of the claims Mike Ellis is making about Trump’s third National Security Advisor with the treatment given his first — the guy who actively sold out his country rather than did so with his inaction — only serves to emphasize how Trump subjects what traditionally gets called national security to loyalty.

The greatest “national security” sin a Trump Administration official can commit, this comparison shows, is disloyalty to Donald Trump.

Of over 40 Potential Unmaskings of Mike Flynn During the Transition, Just One Led to Criminal Charges

/27 Comments/in , /by

Chuck Grassley and Ron Johnson have just posted what they seem to think is a list of people who may have unmasked Mike Flynn’s identity in the transcripts of his conversations on December 29 and 31 with Sergey Kislyak.

As a threshold matter, what it actually shows, is that over 40 recipients of intelligence may have unmasked Mike Flynn’s identity in a finished NSA intelligence product between the 2016 election and inauguration. If they did, they did it by the book, with NSA approval per the accompanying letter from Paul Nakasone. And even if they unmasked Flynn’s identity, the person who did so may not have read it.

The implication is that one of these unmaskings was the one (or were the ones) that led to the discovery that Mike Flynn had secretly called up the Russian Ambassador and undermined US foreign policy, acting without specific orders from Trump (at least as the public record currently stands).

Mind you, almost all of them could not be. Only 8 of them post-date the calls between Flynn and Kislyak:

  • US Ambassador to the UN Samantha Power (1/11/17)
  • DNI James Clapper (1/7/2017)
  • Secretary of the Treasury Jacob Lew (1/12/17)
  • White House Chief of Staff Denis McDonough (1/5/17)
  • DDNI Michael Dempsey (1/7/17)
  • PDDNI Stephanie O’Sullivan (1/7/17)
  • CIA/CTMC 1/10/17
  • Vice President Joe Biden 1/12/17

And of those, only the McDonough unmasking corresponds even remotely to the time the IC discovered Flynn’s call, except we know FBI had already discovered it on January 4. Which is to say zero of these unmaskings could be the original one. A few people could be someone reading a transcript from the calls after the fact.

Except that some of these — such as the January 11 unmasking — are believed to relate to Mohammed bin Zayed’s secret trip to the US to meet Flynn and Steve Bannon and Jared Kushner, and so are of another intercept.

There’s probably a very good reason why the original unmasking doesn’t show up on this list, which reflects only NSA products and only finished intelligence reports. According to Jim Comey’s testimony, the FBI found the Kislyak-Flynn calls, not the NSA.

And so the last couple days of December and the first couple days of January, all the Intelligence Community was trying to figure out, so what is going on here? Why is this — why have the Russians reacted the way they did, which confused us? And so we were all tasked to find out, do you have anything [redacted] that might reflect on this? That turned up these calls at the end of December, beginning of January. And then I briefed it to the Director of National Intelligence, and Director Clapper asked me for copies [redacted], which I shared with him.

That’s consistent with Mary McCord’s testimony, which made it clear no one had to refer this transcript to the FBI, because it was the FBI’s.

Also on page 2 of her notes, McCord noted mention of a “referral,” and noted that ultimately no referral was required, as the FBI maintained the information and would not refer a matter to themselves.

Plus, Jim Comey says this never became a finished intelligence product, even while he admitted that the FBI unmasked his identity.

We did not disseminate this [redacted] in any finished intelligence, although our people judged was appropriate, for reasons that I hope are obvious, to have Mr. Flynn’s name unmasked. We kept this very close hold, and it was shared just as I described.

So if this transcript was an FBI intercept that never made it into a finalized intelligence product, then it wouldn’t show up in a list of finalized NSA products.

All of which is to say this list — which Politico is running with as if it’s the Holy Grail — most likely has nothing to do with Flynn’s conversations with Sergey Kislyak, and shows that the Deep State picked up Mike Flynn during the transition in a good deal of reporting, with reports that more than 40 people had a glimpse at. But only one recording launched an investigation.

There Were Two Dick-Waggings Directed at Iran This Week

/93 Comments/in , /by

By all appearances President Trump casually released highly classified information yesterday, as he has done repeatedly in the past.

Within hours of this tweet, CNBC confirmed that this image comes from one of Trump’s intelligence briefings, which led experts to assume Trump had been careless.

A U.S. defense official told CNBC that the picture in Trump’s tweet, which appeared to be a snapshot of a physical copy of the satellite image, was included in a Friday intelligence briefing.

[snip]

But the quality of the photograph quickly raised the eyebrows of national security experts, who say that images this clear are rarely made public.

“I’m not supposed to see stuff this good. He’s not supposed to share it. I’ve honestly never seen an image this sharp,” said Melissa Hanham, deputy director of the Open Nuclear Network and director of the Datayo Project at the One Earth Future Foundation.

Hanham suspected the shot was taken from a high-altitude aerial vehicle using tracking technology, such as an RC-135S Cobra Ball or a similar aircraft.

“This will have global repercussions,” said Joshua Pollack, a nuclear proliferation expert and editor of the Nonproliferation Review.

“The utter carelessness of it all,” Pollack said. “So reckless.”

Even before the NYT weighed in last night, I had my doubts whether this was reckless, or whether it was a calculated decision to dick-wag over the sabotage of a missile program the Iranians deny.

First, the tweet was almost certainly not written by Trump. It has no grammatical errors or typographical anomalies. It uses technical terms and consists of full sentences.

In other words, the tweet has none of the hallmarks of Trump’s reflexive tweeting. Someone helped him tweet this out.

Then there’s the fact that, earlier this week, the US dick-wagged about another successful operation against Iran, a cyberattack that took out the IRGC database that they were using to target western shipping.

The head of United States Cyber Command, Army Gen. Paul M. Nakasone, describes his strategy as “persistent engagement” against adversaries. Operatives for the United States and for various adversaries are carrying out constant low-level digital attacks, said the senior defense official. The American operations are calibrated to stay well below the threshold of war, the official added.

The strike on the Revolutionary Guards’ intelligence group diminished Iran’s ability to conduct covert attacks, said a senior official.

The United States government obtained intelligence that officials said showed that the Revolutionary Guards were behind the limpet mine attacks that disabled oil tankers in the Gulf in attacks in May and June, although other governments did not directly blame Iran. The military’s Central Command showed some of its evidence against Iran one day before the cyberstrike.

[snip]

The database targeted in the cyberattacks, according to the senior official, helped Tehran choose which tankers to target and where. No tankers have been targeted in significant covert attacks since the June 20 cyberoperation, although Tehran did seize a British tanker in retaliation for the detention of one of its own vessels.

Though the effects of the June 20 cyberoperation were always designed to be temporary, they have lasted longer than expected and Iran is still trying to repair critical communications systems and has not recovered the data lost in the attack, officials said.

Officials have not publicly outlined details of the operation. Air defense and missile systems were not targeted, the senior defense official said, calling media reports citing those targets inaccurate.

In the aftermath of the strike, some American officials have privately questioned its impact, saying they did not believe it was worth the cost. Iran probably learned critical information about the United States Cyber Command’s capabilities from it, one midlevel official said.

That story described the views of CyberCommand head General Nakasone, who did some dick-wagging in February over CyberCommand’s role in thwarting Russia’s efforts to tamper in the elections.

Whatever else Nakasone has done with his command, he seems to have made a conscious decision that taking credit for successful operations adds to its effectiveness. There certainly was some debate, both within the NYT story and in discussions of it, whether he’s right. But Nakasone is undoubtedly a professional who, when stories boasting of successful CyberCommand operations get released, has surely thought through the implications of it.

But as I said, last night NYT weighed in on the destroyed missile launch, with a story by long-standing scribes for the intelligence community, David Sanger and William Broad and — listed at the end in the actual story but given equal billing in Sanger’s tweet of it — Julian Barnes, the guy who broke Nakasone’s dick-wagging earlier in the week. It’s a funny story — as it was bound to be, given that virtually no one reported on the explosion itself and while this spends a line doing that, it’s really a story exploring what kind of denial this is.

Trump Denies U.S. Responsibility in Iranian Missile Base Explosion

[snip]

As pictures from commercial satellites of a rocket’s smoking remains began to circulate, President Trump denied Friday on Twitter that the United States was involved.

[snip]

Mr. Trump also included in his tweet a high-resolution image of the disaster, immediately raising questions about whether he had plucked a classified image from his morning intelligence briefing to troll the Iranians. The president seemed to resolve the question on Friday night on his way to Camp David when he told reporters, “We had a photo and I released it, which I have the absolute right to do.”

There is no denying that, even if it runs the risk of alerting adversaries to American abilities to spy from high over foreign territory. And there is precedent for doing so in more calculated scenarios: President John F. Kennedy declassified photographs of Soviet missile sites during the Cuban Missile Crisis in 1962, and President George W. Bush declassified pictures of Iraq in 2003 to support the faulty case that Saddam Hussein was producing nuclear and chemical weapons.

[snip]

Mr. Trump’s denial and the satellite image he released seemed meant to maximize Iran’s embarrassment over the episode.

[snip]

If the accident was linked to a covert action by the United States — one that Mr. Trump would have been required to authorize in a presidential “finding” — he and other American officials would be required by law to deny involvement.

The laws governing covert actions, which stretch back to the Truman administration, focus on obscuring who was responsible for the act, not covering up the action itself. Most American presidents have fulfilled that requirement by staying silent about such episodes, but Mr. Trump does not operate by ordinary rules — and may have decided that an outright denial was his best course. [my emphasis]

Not everyone agrees with the claim that Trump would be required by law to deny a covert operation. He’s the President. He can do what he wants with classified information.

That said, the story may be an attempt to use official scribes to reframe this disclosure to make it closer to the way the intelligence community likes to engage in plausible deniability, with a lot of wink wink and smirking. Amid all the discussion of deny deny deny, after all, the NYT points to several pieces of evidence that this explosion was part of a successful program to sabotage Iran’s missile capabilities.

Two previous attempts at launching satellites — on Jan. 15 and on Feb. 5 — failed. More than two-thirds of Iran’s satellite launches have failed over the past 11 years, a remarkably high number compared with the 5 percent failure rate worldwide.

[snip]

It was the third disaster to befall a rocket launching attempt this year at the Iranian space center, a desert complex east of Tehran named for the nation’s first supreme leader. The site specializes in rocket launchings meant put satellites into orbit.

Tehran announced its January rocket failure but said nothing the one in February that was picked up by American intelligence officials. It has also said nothing officially about Thursday’s blast. Like many closed societies, Iran tends to hide its failures and exaggerate its successes.

The NYT also helpfully links earlier stories on on Iran’s missile program, including one from February by Sanger and Broad that states as fact that the US has accelerated a program to sabotage Iran’s missile program.

The Trump White House has accelerated a secret American program to sabotage Iran’s missiles and rockets, according to current and former administration officials, who described it as part of an expanding campaign by the United States to undercut Tehran’s military and isolate its economy.

Officials said it was impossible to measure precisely the success of the classified program, which has never been publicly acknowledged. But in the past month alone, two Iranian attempts to launch satellites have failed within minutes.

Those two rocket failures — one that Iran announced on Jan. 15 and the other, an unacknowledged attempt, on Feb. 5 — were part of a pattern over the past 11 years. In that time, 67 percent of Iranian orbital launches have failed, an astonishingly high number compared to a 5 percent failure rate worldwide for similar space launches.

Every astute reader who read the earlier Sanger and Broad story would have assumed this explosion was part of the American operation they described. Trump’s tweet would not have changed the extent to which the US could plausibly deny its sabotage operation.

Which means, among all the coyness and winking, this is the most interesting line of the NYT story.

It was unclear if Mr. Trump was using the explosion and the lurking suspicions among Iranians that the United States was again deep inside their nuclear and missile programs to force a negotiation or to undermine one.

Not discussed, however, is the other risk to Trump’s tweet: it has effectively given Iran and our other adversaries a sense of what kind of imagery capabilities we’ve got. That’s what some of the proliferation experts are most troubled by, the possibility that by tweeting out the image, Trump will make it easier for others to evade our surveillance.

But that should be discussed in the same breath as the earlier dick-wagging. While Iran surely suspected the database strike was US work, the earlier NYT story confirms it.

Yes, it’s clear that Trump’s tweet yesterday was dick-wagging. But so was the earlier report on the database hack. So this could reflect a broader change in the US approach to deniability.

Dan Coats Still Refusing to Provide the Evidence that Russia Didn’t Affect the Election

/75 Comments/in /by

Last month, I noted a troubling exchange between Martin Heinrich, Dan Coats, and Richard Burr in the Global Threats Hearing.

Martin Heinrich then asked Coats why ODNI had not shared the report on election tampering even with the Senate Intelligence Committee.

Heinrich: Director Coats, I want to come back to you for a moment. Your office issued a statement recently announcing that you had submitted the intelligence community’s report assessing the threats to the 2018 mid-term elections to the President and to appropriate Executive Agencies. Our committee has not seen this report. And despite committee requests following the election that the ODNI brief the committee on any identified threats, it took ODNI two months to get a simple oral briefing and no written assessment has yet been provided. Can you explain to me why we haven’t been kept more fully and currently informed about those Russian activities in the 2018–

Chairman Richard Burr interrupts to say that, in fact, he and Vice Chair Mark Warner have seen the report.

Burr: Before you respond, let me just acknowledge to the members that the Vice Chairman and I have both been briefed on the report and it’s my understanding that the report at some point will be available.

Coats then gives a lame excuse about the deadlines, 45 days, then 45 days.

Coats: The process that we’re going through are two 45 day periods, one for the IC to assess whether there was anything that resulted in a change of the vote or anything with machines, uh, what the influence efforts were and so forth. So we collected all of that, and the second 45 days — which we then provided to the Chairman and Vice Chairman. And the second 45 days is with DHS looking, and DOJ, looking at whether there’s information enough there to take — to determine what kind of response they might take. We’re waiting for that final information to come in.

After Coats dodges his question about sharing the report with the Committee, Heinrich then turns to Burr to figure out when they’re going to get the information. Burr at least hints that the Executive might try to withhold this report, but it hasn’t gotten to that yet.

Heinrich: So the rest of us can look forward — so the rest of us can then look forward to reading the report?

Coats: I think we will be informing the Chairman and the Vice Chairman of that, of their decisions.

Heinrich: That’s not what I asked. Will the rest of the Committee have access to that report, Mr. Chairman?

[pause]

Heinrich: Chairman Burr?

Burr; Well, let me say to members we’re sort of in unchartered ground. But I make the same commitment I always do, that anything that the Vice Chairman and myself are exposed to, we’ll make every request to open the aperture so that all members will be able to read I think it’s vitally important, especially on this one, we’re not to a point where we’ve been denied or we’re not to a point that negotiations need to start. So it’s my hope that, once the final 45-day window is up that is a report that will be made available, probably to members only.

Coming as it did in a hearing where it became clear that Trump’s spooks are helpless in keeping Trump from pursuing policies that damage the country, this exchange got very little attention. But it should!

DOJ missed its 45 day plus 45 day deadline of reporting whether any election tampering had had an effect. But just by one day. The day after their deadline, the Big Dick Toilet Salesman Matt Whitaker and serial liar Kirstjen Nielsen gave Trump a report claiming that any tampering had not had any impact on the election.

Although the specific conclusions within the joint report must remain classified, the Departments have concluded there is no evidence to date that any identified activities of a foreign government or foreign agent had a material impact on the integrity or security of election infrastructure or political/campaign infrastructure used in the 2018 midterm elections for the United States Congress. This finding was informed by a report prepared by the Office of the Director of National Intelligence (ODNI) pursuant to the same Executive Order and is consistent with what was indicated by the U.S. government after the 2018 elections.

While the report remains classified, its findings will help drive future efforts to protect election and political/campaign infrastructure from foreign interference.

Then, today, CyberComm boasted that that they had helped deter Russia during the midterms.

Senators from both political parties on Thursday praised the military’s cyber force for helping secure last year’s midterm elections, with one suggesting it was largely due to U.S. Cyber Command that the Russians failed to affect the 2018 vote.

“Would it be fair to say that it is not a coincidence that this election went off without a hitch and the fact that you were actively involved in the protection of very important infrastructure?” Sen. Mike Rounds (R-S.D.) asked Gen. Paul Nakasone, the command’s leader, at a hearing of the Senate Armed Services Committee.

Military officials have said new authorities, approved over the last year, enabled CyberCom to be more aggressive — and effective — in what they privately say was an apparent success. Nakasone, who also heads the National Security Agency, stopped short of saying it was CyberCom that made the difference, telling Rounds that safeguarding the election was the agencies’ “number-one priority.”

But ODNI is still not providing SSCI — the people who are supposed to see such evidence — proof. Heinrich wrote Dan Coats a letter, signed by every member of SSCI,

Your office a statement in December that you had submitted the Intelligence Committee’s report assessing threats to the 2018 elections to the president and appropriate executive agencies. This month, the acting Attorney General and the Secretary of Homeland Security announced they had submitted their joint report evaluating the impact of any foreign interference on election infrastructure for the infrastructure of political organizations during the midterm elections.

While the agencies provided brief unclassified summaries of the reports’ findings, the Select Committee on Intelligence has not been provided either report. We request that you provide to all Committee Members and cleared staff both classified reports required by EO 13848 as soon as possible. Those reports are necessary for the Committee to meet its mission and charter to conduct vigorous oversight over the intelligence and intelligence-related activities of the United States Government.

They’re clearly hiding something. The question is whether it’s that Trump didn’t try to prevent tampering, or that some of the efforts — included the known effort to hack Claire McCaskill — actually did have an effect.