Posts

How the Wyden/Khanna Espionage Act Fix Works (But Not for Julian Assange)

Last week, Ron Wyden and Ro Khanna released a bill that they say will eliminate much of the risk of prosecution that people without clearance would face under they Espionage Act. They claim the bill would limit the risk that:

  • Whistleblowers won’t be able to share information with appropriate authorities
  • Those appropriate authorities (including Congress) won’t be able to do anything with that information
  • National security journalists will be prosecuted for publishing classified information
  • Security researchers will be prosecuted for identifying and publishing vulnerabilities

I want to look at how the bill would do that. But I want to do so against the background of claims about how the bill would affect the ability to prosecute Julian Assange.

After explaining that under the bill Edward Snowden could still be prosecuted, the summary of the bill states in no uncertain terms that the government could still prosecute Julian Assange under the bill.

Q: How would this bill impact the government’s prosecution of Julian Assange?

A: The government would still be able to prosecute Julian Assange.

It doesn’t say how, but immediately after that question, it explains that the government could still prosecute hackers who steal government secrets.

Q: What about hackers who break into government systems and steal our secrets?

A: The Espionage Act is not necessary to punish hackers who break into U.S. government systems. Congress included a special espionage offense (U.S.C § 1030(a)(1)) in the Computer Fraud and Abuse Act, which specifically criminalizes this.

Khanna, in an interview with The Intercept, seems to confirm that explanation — that Assange could still be prosecuted under CFAA.

Khanna told The Intercept that the new bill wouldn’t stop the prosecution of Assange for his alleged role in hacking a government computer system, but would make it impossible for the government to use the Espionage Act to charge anyone solely for publishing classified information.

Indeed, that is sort of what Charge 18 against Assange is, conspiracy to commit computer intrusion, though, as written, it invokes the Espionage Act and theft of government secrets as part of the conspiracy (the Wyden/Khanna bill would limit the theft of government property bill in useful ways). Never mind that as charged it’s a weak charge for evidentiary reasons (though that may change in Assange’s May extradition hearing); it would still be available, if not provable given existing charged facts, under this bill.

But given the claims the US government makes about Assange, that may not be the only way he could be prosecuted under this bill. That’s because the bill works in two ways: first, by generally limiting its application to “covered persons,” who are people who’ve been authorized to access classified or national defense information by an Original Classification Authority. Then, it defines “foreign agent” using the definition in FISA (though carving out foreign political organizations) and says that anyone who is not a foreign agent “shall not be subject to prosecution” under the Espionage Act unless they commit a felony under the act — by aiding, abetting, or conspiring in the act — or pays for the information and wants to harm the US. The bill further carves out providing advice (for example, on operational security) or an electronic communication or remote computing service (such as a secure drop box) to the public.

So:

  • If you don’t have clearance or are sharing information not obtained illegally or via your clearance and
  • If you aren’t an agent of a foreign power and
  • If you’re not otherwise paying for, conspiring or aiding and abetting in some way beyond offering operational security and drop boxes with the specific intent to harm the US or help another government

Then you shouldn’t be prosecuted under the Espionage Act.

Below, I’ve written up how 18 USC §793 and 18 USC §798 would change under the bill, with changes italicized (18 USC §794 already includes the foreign government language added by this bill so would not change).

In the wake of the 2016 election operation, where Julian Assange helped a Russian operation hiding behind thin denials, Assange might well meet the definition of “foreign agent.” Three of WikiLeaks’ operations — the Stratfor hack (in which Russians were involved in the chat rooms), the 2016 election year operation, and Vault 7 (in which Joshua Schulte, between the initial leak and the alleged attempts to leak from jail, evinced an interest in Russia’s help) — involved some Russian activity.

And it’s not clear how Congress’ resolution — passed in last year’s NDAA — that WikiLeaks is a non-state hostile intelligence service often abetted by state actors would affect Assange’s potential treatment as a foreign agent.

It is the sense of Congress that WikiLeaks and the senior leadership of WikiLeaks resemble a nonstate hostile intelligence service often abetted by state actors and should be treated as such a service by the United States.

But even with all the new protections for those who don’t have clearance, this bill specifically envisions applying it to someone like Assange. That’s because it explicitly incorporates aiding and abetting (18 USC § 2) — which is how Assange is currently charged in Counts 2-14 — as well as accessory after the fact (18 USC § 3), and misprison of a felony (18 USC § 4) into the bill. That’s on top of the conspiracy to commit an offense against the US (18 USC § 371), which is already implicitly incorporated in 18 USC § 793(g), which is Count 1 in the Assange indictment. Arguably, explicitly adding the accessory after the fact and misprison of a felony would make it easier to prosecute Assange for assistance that WikiLeaks and associated entities routinely provide sources after the fact, such as publicity and legal representation, to say nothing of the help that Sarah Harrison gave Edward Snowden to flee to Russia.

And those charges don’t require someone formally fit the definition of agent of a foreign power so long as the person has “the specific intent to harm the national security of the United States or benefit any foreign government to the detriment of the United States.” (I’ve bolded this language below.) That’s a mens rea requirement that might otherwise be hard to meet — but not in the case of Assange, even before you get into any non-public statements the US government might have in hand.

This is a bill from Ron Wyden, remember. Back in 2017, when he first spoke out when SSCI first moved to declare WikiLeaks a non-state hostile intelligence service, he expressed concerns about the lack of clarity in such a designation.

I have reservations about Section 623, which establishes a Sense of Congress that WikiLeaks and the senior leadership of WikiLeaks resemble a non-state hostile intelligence service. The Committee’s bill offers no definition of “non-state hostile intelligence service” to clarify what this term is and is not. Section 623 also directs the United States to treat WikiLeaks as such a service, without offering further clarity.

To be clear, I am no supporter of WikiLeaks, and believe that the organization and its leadership have done considerable harm to this country. This issue needs to be addressed. However, the ambiguity in the bill is dangerous because it fails to draw a bright line between WikiLeaks and legitimate journalistic organizations that play a vital role in our democracy.

I supported efforts to remove this language in Committee and look forward to working with my colleagues as the bill proceeds to address my concerns.

While this bill does much to protect journalists (and in a way that doesn’t create a special class for journalists or InfoSec researchers that would violate the First Amendment), it provides the clarity that would enable charging Assange, even for things he did after the fact to encourage leakers.

Update: Two more points on this. First, as I understand it, the explicit references to 18 USC §§ 2-4 are designed to protect reporters, meaning the protections apply to those as well.

I also meant to note that the way this bill is written — which is clearly meant to allow for prosecution of people working at state-owned media outlets (Russia, China, and Iran all use their outlets as cover for spies) — would then by design not protect reporters at the BBC or Al Jazeera, both of which have done reporting on stories implicating US classified information in the past.


18 USC § 793

(a) Whoever, for the purpose of obtaining information respecting the national defense with intent or reason to believe that the information is to be used to the injury of the United States, or to the advantage of any foreign nation, goes upon, enters, flies over, or otherwise unlawfully obtains nonpublic information concerning any vessel, aircraft, work of defense, navy yard, naval station, submarine base, fueling station, fort, battery, torpedo station, dockyard, canal, railroad, arsenal, camp, factory, mine, telegraph, telephone, wireless, or signal station, building, office, research laboratory or station or other place connected with the national defense owned or constructed, or in progress of construction by the United States or under the control of the United States, or of any of its officers, departments, or agencies, or within the exclusive jurisdiction of the United States, or any place in which any vessel, aircraft, arms, munitions, or other materials or instruments for use in time of war are being made, prepared, repaired, stored, or are the subject of research or development, under any contract or agreement with the United States, or any department or agency thereof, or with any person on behalf of the United States, or otherwise on behalf of the United States, or any prohibited place so designated by the President by proclamation in time of war or in case of national emergency in which anything for the use of the Army, Navy, or Air Force is being prepared or constructed or stored, information as to which prohibited place the President has determined would be prejudicial to the national defense; or

(b) An individual who, while a covered person, for the purpose aforesaid, and with like intent or reason to believe, copies, takes, makes, or obtains, or attempts to copy, take, make, or obtain, any sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, document, writing, or note of anything connected with the national defense; or

(c) A foreign agent who, for the purpose aforesaid, and with like intent or reason to believe, receives or obtains or agrees or attempts to receive or obtain from any person, or from any source whatever, any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note, of anything connected with the national defense, knowing or having reason to believe, at the time the foreign agent receives or obtains, or agrees or attempts to receive or obtain it, that it has been or will be obtained, taken, made, or disposed of by any person contrary to the provisions of this chapter; or

(d) Whoever, lawfully having possession of, access to, control over, or being entrusted with any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note, or information relating to the national defense, which document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, note, or information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits or causes to be communicated, delivered, or transmitted or attempts to communicate, deliver, transmit or cause to be communicated, delivered or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it on demand to the officer or employee of the United States entitled to receive it; or

(e) An individual who—

(1) while a covered person, gains unauthorized possession of, access to, or control over any non public document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note of anything connected with the national defense; and

(2)(A) with reason to believe such information could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit, or cause to be communicated, delivered, or transmitted, the same to any person not entitled to receive it; or

(B) willfully—

(i) retains the same at an unauthorized location; and

(ii) fails to deliver the same to the officer or employee of the United States entitled to receive it; or’

(f) Whoever, being entrusted with or having lawful possession or control of any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance,  (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed, and fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer—

Shall be fined under this title or imprisoned not more than ten years, or both.

(g)(1) A foreign agent who—

(A) aids, abets, counsels, commands, induces, or procures the commission of an offense under this section shall be subject to prosecution under this section by virtue of section 2 of this title;

(B) knowing that an offense under this section has been committed by another person, receives, relieves, comforts, or assists such other person in order to hinder or prevent the apprehension, trial, or punishment of such other person shall be subject to prosecution under section 3 of this title;

(C) having knowledge of the actual commission of an offense under this section, conceals and does not as soon as possible make known the same to some judge or other person in civil or military authority under the United States shall be subject to prosecution under section 4 of this title; or

(D) conspires to commit an offense under this section shall be subject to prosecution under section 371 of this title.

(2) Any person who is not a foreign agent shall not be subject to prosecution under this section by virtue of section 2 of this title or under section 3, 4, or 371 of this 7 title, unless the person—

(A) commits a felony under Federal law in the course of committing an offense under this section (by virtue of section 2 of this title) or under section 3, 4, or 371 of this title;

(B) was a covered person at the time of the 13 offense; or

(C) subject to paragraph (3), directly and materially aids, or procures in exchange for anything of monetary value, the commission of an offense under this section with the specific intent to—

(i) harm the national security of the United States; or

(ii) benefit any foreign government to the detriment of the United States.

(3) Paragraph (2)(C) shall not apply to direct and material aid that consists of—

(A) counseling, education, or other speech activity; or

(B) providing an electronic communication service to the public or a remote computing service (as such terms are defined in section 2510 and 2711, respectively).

(h)

(1)Any person convicted of a violation of this section shall forfeit to the United States, irrespective of any provision of State law, any property constituting, or derived from, any proceeds the person obtained, directly or indirectly, from any foreign government, or any faction or party or military or naval force within a foreign country, whether recognized or unrecognized by the United States, as the result of such violation. For the purposes of this subsection, the term “State” includes a State of the United States, the District of Columbia, and any commonwealth, territory, or possession of the United States.

(2)The court, in imposing sentence on a defendant for a conviction of a violation of this section, shall order that the defendant forfeit to the United States all property described in paragraph (1) of this subsection.

(3)The provisions of subsections (b), (c), and (e) through (p) of section 413 of the Comprehensive Drug Abuse Prevention and Control Act of 1970 (21 U.S.C. 853(b), (c), and (e)–(p)) shall apply to—

(A)property subject to forfeiture under this subsection;

(B)any seizure or disposition of such property; and

(C)any administrative or judicial proceeding in relation to such property, if not inconsistent with this subsection.

(4)Notwithstanding section 524(c) of title 28, there shall be deposited in the Crime Victims Fund in the Treasury all amounts from the forfeiture of property under this subsection remaining after the payment of expenses for forfeiture and sale authorized by law.

(i) In this section—

(1) the term “covered person” means an individual who—

(A) receives official access to classified information granted by the United States Government;

(B) signs a nondisclosure agreement with regard to such classified information; and

(C) is authorized to receive documents, writings, code books, signal books, sketches, photographs, photographic negatives, blueprints, plans, maps, models, instruments, appliances, or notes of anything connected with the national defense by—

(i) by the President; or

(ii) the head of a department or agency of the United States Government which is expressly designated by the President to engage in activities relating to the national defense; and

(2) the term “foreign agent”—

(A) has the meaning given the term “agent of a foreign power” under section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801); and

(B) does not include a person who is an agent of a foreign power (as so defined) with respect to a foreign power described in section 101(a)(5) of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801(a)(5)).

18 USC §798

(a)Any individual who knowingly and willfully communicates, furnishes, transmits, or otherwise makes available to an unauthorized person, or publishes, or uses in any manner prejudicial to the safety or interest of the United States or for the benefit of any foreign government to the detriment of the United States any classified information obtained by the individual while the individual was a covered person and acting within the scope of his or her activities as a covered person

(1) concerning the nature, preparation, or use of any code, cipher, or cryptographic system of the United States or any foreign government; or

(2) concerning the design, construction, use, maintenance, or repair of any device, apparatus, or appliance used or prepared or planned for use by the United States or any foreign government for cryptographic or communication intelligence purposes; or

(3) concerning the communication intelligence activities of the United States or any foreign government; or

(4) obtained by the processes of communication intelligence from the communications of any foreign government, knowing the same to have been obtained by such processes—

Shall be fined under this title or imprisoned not more than ten years, or both.

(b)As used in subsection (a) of this section:

(1) The term ‘classified information’—

(A) means information which, at the time of a violation of this section, is known to the person violating this section to be, for reasons of national security, specifically designated by a United States Government Agency for limited or restricted dissemination or distribution and;

(B) does not include any information that is specifically designated as ‘Unclassified’ under any Executive Order, Act of Congress, or action by a committee of Congress in accordance with the rules of its House of Congress.

(2) The terms ‘code’, ‘cipher’, and ‘cryptographic system’ include in their meanings, in addition to their usual meanings, any method of secret writing and any mechanical or electrical device or method used for the purpose of disguising or concealing the contents, significance, or meanings of communications.

(3) The term “communication intelligence” means all procedures and methods used in the interception of communications and the obtaining of information from such communications by other than the intended recipients.

(4) The term ‘covered person’ means an individual who—

(A) receives official access to classified information granted by the United States Government;

(B) signs a nondisclosure agreement with regard to such classified information; and

(C) is authorized to receive information of the categories set forth in subsection (a) of this section—

(i) by the President; or

(ii) the head of a department or agency of the United States Government which is expressly designated by the President to engage in communication intelligence activities for the United States

(5) The term “foreign government” includes in its meaning any person or persons acting or purporting to act for or on behalf of any faction, party, department, agency, bureau, or military force of or within a foreign country, or for or on behalf of any government or any person or persons purporting to act as a government within a foreign country, whether or not such government is recognized by the United States.

(6) The term “unauthorized person” means any person who, or agency which, is not authorized to receive information of the categories set forth in sub10 section (a) of this section by—

(A) the President;

(B) the head of a department or agency of the United States Government which is expressly designated by the President to engage in communication intelligence activities for the United States; or

(C) an Act of Congress.

(c)Nothing in this section shall prohibit the furnishing of information to—

(1) any Member of the Senate or the House of Representatives;

(2) a Federal court, in accordance with such procedures as the court may establish;

(3) the inspector general of an element of the intelligence community (as defined in section 3 of the National Security Act of 1947 (50 U.S.C. 3003)), including the Inspector General of the Intelligence Community;

(4) the Chairman or a member of the Privacy and Civil Liberties Oversight Board or any employee of the Board designated by the Board, in accordance with such procedures as the Board may establish;

(5) the Chairman or a commissioner of the Federal Trade Commission or any employee of the Commission designated by the Commission, in accordance with such procedures as the Commission may establish;

(6) the Chairman or a commissioner of the Federal Communications Commission or any employee of the Commission designated by the Com2 mission, in accordance with such procedures as the Commission may establish; or

(7) any other person or entity authorized to receive disclosures containing classified information pursuant to any applicable law, regulation, or executive order regarding the protection of whistleblowers.

(d)

(1) In this subsection, the term ‘foreign agent’—

(A) has the meaning given the term “agent of a foreign power” under section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801); and

(B) does not include a person who is an agent of a foreign power (as so defined) with respect to a foreign power described in section 101(a)(5) of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801(a)(5)).

(2) A foreign agent who—

(A) aids, abets, counsels, commands, induces, or procures the commission of an offense under this section shall be subject to prosecution under this section by virtue of section 2 of this title;

(B) knowing that an offense under this section has been committed by another person, receives, relieves, comforts, or assists such other person in order to hinder or prevent the apprehension, trial, or punishment of such other person shall be subject to prosecution under section 3 of this title;

(C) having knowledge of the actual commission of an offense under this section, conceals and does not as soon as possible make known the same to some judge or other person in civil or military authority under the United States shall be subject to  prosecution under section 4 of this title; or

(D) conspires to commit an offense under this section shall be subject to prosecution under section 371 of this title.

(3) Any person who is not a foreign agent shall not be subject to prosecution under this section by virtue of section 2 of this title or under section 3, 4, or 371 of this title, unless the person—

(A) commits a felony under Federal law in the course of committing an offense under this section (by virtue of section 2 of this title) or under section 3, 4, or 371 of this title;

(B) was a covered person at the time of the offense; or

(C) subject to paragraph (4), directly and materially aids, or procures in exchange for anything of monetary value, the commission of an offense under this section with the specific intent to—

(i) harm the national security of the United States; or

(ii) benefit any foreign government to the detriment of the United States.

(4) Paragraph (3)(C) shall not apply to direct and material aid that consists of—

(A) counseling, education, or other speech activity; or

(B) providing an electronic communication service to the public or a remote computing service (as such terms are defined in section 2510 and 2711, respectively)

(e)

(1)Any person convicted of a violation of this section shall forfeit to the United States irrespective of any provision of State law—

(A)any property constituting, or derived from, any proceeds the person obtained, directly or indirectly, as the result of such violation; and

(B)any of the person’s property used, or intended to be used, in any manner or part, to commit, or to facilitate the commission of, such violation.

(2)The court, in imposing sentence on a defendant for a conviction of a violation of this section, shall order that the defendant forfeit to the United States all property described in paragraph (1).

(3)Except as provided in paragraph (4), the provisions of subsections (b), (c), and (e) through (p) of section 413 of the Comprehensive Drug Abuse Prevention and Control Act of 1970 (21 U.S.C. 853(b), (c), and (e)–(p)), shall apply to

(A)property subject to forfeiture under this subsection;

(B)any seizure or disposition of such property; and

(C)any administrative or judicial proceeding in relation to such property,
if not inconsistent with this subsection.

(4)Notwithstanding section 524(c) of title 28, there shall be deposited in the Crime Victims Fund established under section 1402 of the Victims of Crime Act of 1984 (42 U.S.C. 10601) [1] all amounts from the forfeiture of property under this subsection remaining after the payment of expenses for forfeiture and sale authorized by law.

(5)As used in this subsection, the term “State” means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any territory or possession of the United States.

Is Bill Barr Picking a Fight with Apple to Distract from the Failure of Trump’s Social Media Vetting?

To some degree, recent disclosures about Ahmed Mohammed al-Shamrani’s killing of three sailors in Pensacola make it seem like a mirror of the San Bernardino attack in 2015 in 2015. A man, steeped in Islamic propaganda, used a moment of vulnerability to attack Americans. He is killed in the attack, but not before he destroys a phone. At first, DOJ asks Apple for help getting the easier things from the phone, such as the materials stored in the iCloud account. Then, after a delay makes the most obvious work-arounds impossible, DOJ asks Apple to hack the phone, which would thereby make not just that phone accessible to law enforcement, but all iPhones vulnerable to cops, authoritarian governments, and criminals.

There’s even some reason to believe that the law enforcement officer grandstanding to use a terrorist attack as an opportunity to force Apple to weaken its products is lying both about what Apple and DOJ have respectively done, but about how certain it is that Apple is the only available option.

But investigators have been stymied in trying to access two key pieces of evidence — the gunman’s iPhones. Standing before giant photographs of two severely damaged devices, the attorney general publicly urged Apple to act.

“So far, Apple has not given us any substantive assistance,” Barr said, though aides later clarified that Apple had, in fact, given investigators access to cloud data linked to the gunman. “This situation perfectly illustrates why it is critical that investigators be able to get access to digital evidence once they have obtained a court order.”

[snip]

In a lengthy statement, Apple disputed the attorney general’s description of its role, saying the company began responding within hours of the first FBI request on Dec. 6, and has turned over “many gigabytes” of data in the case.

“Our responses to their many requests since the attack have been timely, thorough and are ongoing,” the company said. “The FBI only notified us on January 6th that they needed additional assistance — a month after the attack occurred. . . . Early outreach is critical to accessing information and finding additional options.”

[snip]

Asked Monday whether the FBI’s technical experts on cellphones had agreed with the decision to send the letter pressing Apple to open the phones, Bowdich said he did not know.

An FBI spokesperson later said the bureau’s “technical experts — as well as those consulted outside of the organization — have played an integral role in this investigation. The consensus was reached, after all efforts to access the shooter’s phones had been unsuccessful, that the next step was to reach out to start a conversation with Apple.”

But the more important comparison may pertain to the role of social media in the attack.

Almost immediately after the 2015 attack, the FBI discovered that the woman involved in the attack, Tashfeen Malik, had pledged loyalty to Abu Bakr al-Baghdadi just before the attack. That led Congress to suggest the Obama Administration hadn’t vetted Malik’s immigration processing closely enough, even though nothing in place at the time would have identified her past extremist writing.

In response, Customs and Border Patrol started laying the groundwork for a policy that seemed like dangerous overkill at the time, but that Trump nevertheless adopted: requiring visa applicants to list their social media handles so their social media activity can be vetted.

Somehow, in spite of that requirement, 17 Saudis in the US for military training were found to have jihadist material on their social media accounts, on top of al-Shamrani, and 15 of them had child porn on their social media accounts.

Barr said investigators had found evidence that 17 Saudis had through social media shared ­jihadist or anti-American material and 15 — including some of those who had shared anti-American material — were found to have had contact with or possessed child pornography.

It’s one thing for CBP to have missed Malik’s Facebook comments before they used social media to vet visa applicants.

It’s an entirely different thing to institute social media vetting, but then somehow miss that 18 people admitted onto our military bases to be trained are anti-American or pro-jihadist. All the more so given that Trump’s Muslim ban excluded Saudi Arabia — the origin of most of the 9/11 hijackers and other attempted terrorists since — even while focusing closely on Muslims from country without a history of terrorism against the US.

Plus, in spite of Barr’s vague comments explaining how a “US Attorney” reviewed child porn engaged well beyond that which George Nader pled guilty to yesterday and decided that person could return home to Saudi Arabia.

Barr said only one of those people had a “significant number” of [CP] images, and U.S. attorneys had reviewed each case and determined such people would not normally be charged with federal crimes. He said 21 cadets from Saudi Arabia had been disenrolled from their training and would be returning to the kingdom later Monday. Justice Department officials said 12 were from the Pensacola base, and nine were from other military bases.

[snip]

U.S. attorneys had independently determined the child porn did not warrant charges. Justice Department officials said the most significant case involved a cadet who possessed more than 100 images of child porn and had searched terms for child porn, according to his browser history — but even that fell below the normal threshold for a case deemed worthy of prosecution by a U.S. attorney’s office.

This seems to be part of a pattern that Ron Wyden has already complained about, the serial impunity of Saudi students who commit crimes in this country.

Normally, I oppose politicizing the response to terrorist attacks. You can’t prevent all terrorism, and the drive to do so has eroded our civil liberties.

But if you’re going to erode our civil liberties, then you better be damn sure you’re doing so for a reason. And it seems like CBP (and DOD) failed to ensure we weren’t inviting Saudis to our country to train them to be better terrorists against us in the future.

Barr wants this to be about Apple. First, however, he should be asked why the vetting Trump championed failed to work in this case.

If DOJ is going to complain that Apple isn’t degrading security, it should first explain why the last policy it took that traded privacy for security failed.

The Other Servers and Laptops FBI Never Investigated: VR Systems and North Carolina Polling Books

Ron Wyden had a lot to say in his minority views to the SSCI Report on election security released yesterday, mostly arguing that there need to be national standards and assistance and that no one can make any conclusions about the effects of Russia’s efforts in 2016 because no one collected the data to make such conclusions.

But there’s one line in his section raising questions about the 2016 conclusions I find particularly interesting, pertaining to VR Systems (which he doesn’t name).

Assessments about Russian attacks on the administration of elections are also complicated by newly public information about the infiltration of an election technology company.

Since the Mueller Report came out, Wyden has been trying to chase down this reference in the report to the VR Systems hack.

Unit 74455 also sent spear-phishing emails to public officials involved in election administration and personnel a~ involved in voting technology. In August 2016, GRU officers targeted employees of [redacted; VR Systems], a voting technology company that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network.

In May, he sent a letter to VR Systems President Mindy Perkins, asking how the company could claim, in March 2018, that it had not experienced a security breach when the report said it had been infected with malware in August 2016. In response, the company told Wyden (according to a letter he and Amy Klobuchar sent FBI Director Chris Wray) that they had alerted the FBI that they found suspicious IPs in their logs in real time, but that FBI had never explained the significance of that.

In a May 16, 2019, letter to Senator Wyden, VR Systems described how it participated in an August 2016 conference call with law enforcement. Participants in that call were apparently asked by the FBI to “be on the lookout for certain suspicious IP addresses.” According to VR Systems, the company examined its website logs, “found that several of the IP addresses had, in fact, visited our website” and as a result, the company “notified the FBI as we had been directed to do.” VR Systems indicates they did not know that these IP addresses were part of a larger pattern until 2017, which suggests the FBI may not have followed up with VR Systems in 2016 about the nature of the threat they faced.

The implication from Wyden’s letters is that VR Systems only hired FireEye to conduct an assessment of what happened after Reality Winner leaked an NSA document making it clear they had been targeted by GRU in 2017. [Update: Kim Zetter actually reported this here.]

In their June 12 letter, Wyden and Klobuchar asked Wray whether the FBI followed up on VR Systems’ report.

  1. What steps, if any, did the FBI take to examine VR Systems’ servers for evidence of a successful cyber breach after the company alerted the FBI, in August of 2016, to the presence of suspicious IP addresses in its website logs? If the FBI did not examine VR Systems’ servers or request access to those servers, please explain why.
  2. Several months after VR Systems first contacted the FBI, electronic pollbooks made by the company malfunctioned during the November 8 general election in Durham County, North Carolina. In the two and a half years since that incident in Durham County, has the FBI requested access to the pollbooks that malfunctioned, and the computers used to configure them, in order to examine them for evidence of hacking? If not, please explain why.
  3. VR Systems contracted FireEye to perform a forensic examination of its systems in the summer of 2017. Has the FBI reviewed FireEye’s conclusions? If so, what were its key findings?

It’s unclear how Wray answered (or didn’t). But just before Wyden sent this letter, the WaPo reported that no one had yet conducted a forensic examination of the laptops used in the VR Systems polling books in North Carolina. After Democrats took over control, they finally persisted in getting DHS to agree to check the laptops.

On Tuesday, the Department of Homeland Security told The Washington Post it will conduct a forensic analysis of the laptops used in Durham County elections in 2016. Lawson said North Carolina first asked the department to conduct such a review more than 18 months ago, though he added that DHS has generally been a “good partner” on election security.

“We appreciate the Department of Homeland Security’s willingness to make this a priority so the lingering questions from 2016 can be addressed in advance of 2020,” said Karen Brinson Bell, the newly appointed executive director of the State Board of Elections.

After the election, Durham County hired a firm called Protus3 to dig into what happened. The security consultant said it appeared the problems were caused by user error but ended its 12-page report with a list of recommendations that included examining computers in a lab setting and interviewing more election workers.

Durham County elections director Derek Bowens said he is comfortable with the report’s conclusions. Even so, in 2017, the county switched to electronic poll books created by the state. Bowens said in an interview that the state’s software would save money and is, in his view, better.

But for North Carolina officials, concerns resurfaced in June 2017 when the website Intercept posted a leaked National Security Agency report referencing “cyber espionage operations against a . . . U.S. company in August 2016.” The NSA report said that “it was likely that at least one account was compromised.”

VR Systems soon acknowledged that hackers had targeted the company but insisted that its network had not been breached.

North Carolina officials weren’t so sure.

“This was the first leak that indicated anything like a nation-state actor targeting a voting systems vendor,” Lawson said.

The state elections board soon launched its own investigation, seizing 40 laptops from Durham in July. And it suspended the certification that allowed more than 20 North Carolina counties to use VR Systems’ poll books during elections, an action that would later land in court. “Over the past few months there has been a considerable change in the election security landscape and the level of scrutiny we receive,” the board wrote in a letter explaining its decision to VR Systems.

No one working for the board had the technical expertise to do a forensic examination of the machines for signs of intrusion. Staffers asked DHS for technical help but did not get a substantive answer for a year and a half, Lawson said.

As noted, FireEye appears to have done an assessment at VR Systems itself in the wake of the Winner disclosure. The WaPo reports that FireEye declared VR Systems hadn’t been hacked, but wouldn’t share any information with Wyden or–apparently–DHS.

VR Systems said a cybersecurity firm it hired to review its computer network in 2017 found no evidence of a hack. A subsequent review by DHS also found no issues, the company said. VR Systems declined to give Wyden documentation of those reviews, citing the need to protect proprietary information.

Wyden in a statement to The Post accused VR Systems of “stonewalling congressional oversight.”

A senior U.S. official confirmed DHS’s review of VR Systems’s network to The Post and noted that by the time agency investigators arrived, a commercial vendor had already “swept” the networks. “I can’t tell you what happened before the commercial vendor came in there,” the official said, speaking on the condition of anonymity to discuss a sensitive matter.

The same day as the WaPo report, Kim Zetter reported that VR Systems used remote updates for their software, opening up a possible point of compromise for hackers.

For two years, GRU hack denialists have thought it was the most important thing that the DNC provided FBI Crowdstrike’s forensic images of the hacked laptops, rather than providing the servers themselves.

But that step has, apparently, not been done yet with VR Systems. And the laptops that failed on election day are only now being forensically examined.  Which is why, I presume, that Wyden believes it’s premature to claim no vote totals were affected on election day 2016.

Sergey Kislyak, Guccifer 2.0, and Maria Butina Walk into an Election Precinct

The Senate Intelligence Committee released a highly redacted version of their election security report. Much of it focuses on coded descriptions cataloging what happened in different states and what has happened as some states try to prepare better for that kind of election interference in the future; this discussion will be far more useful once reporters have carried out the fairly trivial work of identifying which states are referred to in the discussions.

That discussion also reflects a great deal of underlying tension not at all reflected in some of the early stories on the report. State officials bitched, justifiably, at coverage that doesn’t distinguish between scans and hacks, which fosters the panic that Russia probably hoped to create.

Many state election officials emphasized their concern that press coverage of, and increased attention to, election security could create the very impression the Russians were seeking to foster, namely undermining voters’ confidence in election integrity. Several insisted that whenever any official speaks publicly on this issue, they should state clearly the difference between a “scan” and a “hack,” and a few even went as far as to suggest that U.S. officials stop talking about the issue altogether. One state official said, “Wc need to walk a fine line between being forthcoming to the public and protecting voter confidence.

But Ron Wyden raised concerns that all these state level assessments rely on the states’ own data collection, meaning reports that no vote tallies were changed are probably not as reliable as people claim.

DHS’s prepared testimony at that hearing included the statement that it is “likely that cyber manipulation of U.S. election systems intended to change the outcome of a national election would be detected.” The language of this assessment raises questions, however, about DHS’s ability to identify cyber manipulation that could have affected a very close national election, particularly given DHS’s acknowledgment of the “possibility that individual or isolated cyber intrusions into U.S. election infrastructure could go undetected, especially at local levels.”‘^ Moreover, DHS has acknowledged that its assessment with regard to the detection of outcome-changing cyber manipulation did not apply to state-wide or local elections.

(U) Assessments about manipulations of voter registration databases are equally hampered by the absence of data. As the Committee acknowledges, it “has limited information on the extent to which state and local election authorities carried out forensic evaluation of registration databases.”

That is, we don’t actually know what happened in 2016, because so few states were collecting that data, and it remains true that few states are auditing their elections.

Perhaps one of the most interesting details about 2016, however, involves the Russian government’s efforts to get permission to act as election observers, something that shows up two times in the report. It appears that Russia went first to State, and then to localities.

The Russian Embassy placed a formal request to observe the elections with the Department of State, but also reached outside diplomatic channels in an attempt to secure permission directly from state and local election officials. ” 37 In objecting to these tactics, then-Assistant Secretary of State for European and Eurasian Affairs Victoria Nuland reminded the Russian Ambassador that Russia had refused invitations to participate in the official OSCE mission that was to observe the U.S. elections.38

There’s another, heavily redacted discussion of this later in the report, but that unredacted discussion does say that Russia was seeking access to voting sites in September, and that no one ever figured out what Russia planned to do.

Department of State were aware that Russia was attempting to send election observers to polling places in 2016. The true intention of these efforts is unknown.

[snip]

The Russian Embassy placed a formal request lo observe the elections with the Department of State, but also reached outside diplomatic channels in an attempt to secure permission directly from state and local election officials.”‘ For example, in September 2016, the State 5 Secretary of State denied a request by the Russian Consul General to allow a Russian government official inside a polling station on Election Day to study the U.S. election process, according to State 5 officials.

But the footnotes make it clear that Ambassador Sergey Kislyak was bitching about the response all the way up to November 7.

That section immediately precedes a partly redacted discussion of a possible Russian effort to sow misinformation about voter fraud.

What the report does not say, in unredacted form, is how Kislyak’s formal efforts overlap with two other Russian efforts. First, there’s the discussion Maria Butina and Aleksandr Torshin had about whether she should serve as an election observer.

Following this October 5, 2016 Twitter conversation, BUTINA and [Aleksandr Torshin] discussed whether BUTINA should volunteer to serve as a U.S. election observer from Russia and agreed that the risk was too high. [Torshin] expressed the opinion that the “risk of provocation is too high and the ‘media hype’ which comes after it,” and BUTINA agreed by responding, “Only incognito! Right now everything has to be quiet and careful.”

Then there’s Guccifer 2.0’s announcement, at a time when Kislyak was bitching that Russia had been denied access to election sites, that he was going to serve as a (nonsensical) FEC election observer, watching the vulnerabilities in

SSCI doesn’t go there, but at a minimum, Guccifer 2.0’s disinformation paralleled an overt effort by the Russian state, one that Butina considered, but decided against, joining.

Of course, as I’ve noted before, it wasn’t just Russian entities volunteering to act as election observers so as to sow chaos. Where Russia threatened to do so, Roger Stone succeeded.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The Gina Haspel Honorary 2020 Intelligence Authorization Might Criminalize Linked In Resumes

The Intelligence Authorization for 2018-2020 is actually not named after CIA Director Gina Haspel. But it might as well be for the way it bears the marks of the first female head of an Intelligence Agency. It offers 12 weeks of paid parental leave for Intelligence personnel (a good thing!) and it also imposes a new rule prohibiting someone nominated to a Senate-confirmed position from making classification determinations about information needed to assess the nominees record, as Haspel did when she hid information on her role in the torture program during her own confirmation process.

But the Haspel related part of the authorization that has (rightly) gotten the most attention — such as in this NYT piece — is a move designed to dramatically expand the types of people covered under the Intelligence Identities Protection Act, which currently prohibits sharing the identities of classified intelligence officers who’ve spent time overseas in the last five years, to cover everyone — past or present — whose relationship with US intelligence is classified.

Most of the concern about the measure focuses — as highlighted in Ron Wyden’s concerns laid out in the bill report — on avoiding accountability for torture (his comment implicitly applies to both Haspel and torture architects Mitchell and Jessen).

I am concerned about a new provision related to the Intelligence Identities Protection Act (IIPA). In 2010, I
worked to pass legislation to increase the penalties for violations of the IIPA. This bill, however, expands the bill so that it applies indefinitely, including to individuals who have been in the United States for decades and have become senior management or have retired. I am not yet convinced this expansion is necessary and am concerned that it will be employed to avoid accountability. The CIA’s request that the Committee include this provision, which invoked “incidents related to past Agency programs, such as the RDI [Rendition, Detention and Interrogation] investigation,” underscores my concerns.

While I agree with Wyden that the intent of this measure is about shielding the CIA from accountability, I think the measure would have two other unintended consequences.

First, I think it more likely that Julian Assange will beat some of the charges against him. (Let me be very clear, for the charges this would affect — which I lay out under Theory Three here — I think this is a good thing.) The justification for the change liberated by Charlie Savage actually mentions WikiLeaks by name.

Undercover Agency officers face ever-evolving threats, including cyber threats. Particularly with the lengths organizations such as WikiLeaksare willing to go to obtain and release sensitive national security information, as well as incidents related to past Agency programs, such as the RDI investigation, the original congressional reasoning mentioned above for a narrow definition of “covert agent” no longer remains valid.

This language raises real questions for me about whether CIA really understands WikiLeaks, not least because WikiLeaks is not going to greater lengths than other media outlets to facilitate the sharing of information (what happens before and after that is another issue).

But one way or another, if this bill were to pass, it would pass after Assange got charged with disclosing databases of sensitive identities. (The timing on this is rather suspect: SSCI passed the authorization on May 14, Burr reported it to the full Senate on May 22, and Assange’s superseding indictment was approved by the grand jury on May 23.) It would be child’s play for Assange’s attorneys (and he has very good attorneys) to argue that the timing is proof that disclosing the identities of most of the people in those databases — who were sources rather than CIA officers — was not illegal at either the time he did it or the time he was charged for it. In addition, passing this bill would reiterate Congress’ belief, now in 2019, that it believes only US citizens should be protected in this way; Assange is accused of disclosing the identities of foreigners, not Americans.

So this law, if it passes, would likely make it easier for Assange to beat these charges, but make anyone else doing it — even if for good reasons and after considering the risk — a criminal.

It’s the other presumably unintended consequence of this bill that I think is even more problematic. It would criminalize all sorts of ways that former intelligence officials publicly identify themselves. The current law includes an exception for those who identify themselves as covert agents, meaning the expanded definition should not be used to prevent people from disclosing their own past affiliation with the agency (to the extent their Non-Disclosure Agreements don’t prohibit it).

It shall not be an offense under section 601 for an individual to disclose information that solely identifies himself as a covert agent.

It also generally requires malice on the part of the person releasing identities. Nevertheless, given the way that the government already uses past classified work to restrict people for the rest of their life, it is not inconceivable that the government would come to use this law to punish others who provide platforms for former intelligence personnel to talk about that openly, like Linked In. Imagine a situation, for example, where the IC deems making it easier for former intelligence professionals to find better paying jobs in the private sector to be, “a pattern of activities intended to identify and expose covert agents and with reason to believe that such activities would impair or impede the foreign intelligence
activities of the United States.” In such a situation, Linked In might be charged under a newly expanded IIPA.

Given the vast number of former intelligence personnel who move into the private sector and the degree to which it has become commonplace to discuss those past affiliations openly, the criminalization of sharing of those identities poses a particular risk. That’s definitely not the point of this bill. But by lowering the bar for who counts as covert and making covert status permanent, it certainly could be used for such ends in the future.

Trump Administration Still Gaming Intelligence on Election Interference

Last month, I tracked a disturbing exchange between Dan Coats and Martin Heinrich regarding whether any of the efforts to tamper with this year’s election succeeded.

At the Global Threats hearing on January 29, Heinrich asked Coats whether the committee was going to get the results of the assessment of whether any of the tampering had had an effect. A week later, DOJ and DHS issued a report saying “no harm no foul.” Then 10 days later, the entire Senate Intelligence Committee wrote Coats a letter asking for DNI’s findings.

That troubling exchange took place against another one, revealed in a letter sent yesterday from Heinrich, Ron Wyden, and Kamala Harris.

On September 26, 2018, Trump mucked up a UN meeting by claiming, without evidence, that China was tampering in the 2018 midterms. The Democratic Senators apparently asked Dan Coats about it, and he issued a classified response on October 31. During the same Global Threat Hearing where Heinrich raised the general assessment in open session, the Senators raised the China accusation in the closed session. In response, Coats sent a letter on February 8, basically covering for Trump.

As early as August, during a press conference, I stated that Russia was not the only country that had an interest in trying to influence our domestic political environment and that we knew others had the capability and may be considering influence activities. On October 19, 2018 and again on November 5, 2018 my office, in conjunction with the Federal Bureau of Investigation, Department of Justice, and Department of Homeland Security, released public statements detailing ongoing campaigns by Russia, China, and other foreign actors, including Iran, to influence public sentiment and government policies and undermine democratic institutions.

But that’s not what the Senators were getting at in their request. In yesterday’s letter, they noted,

The October 31, 2018, letter includes important information about the 2018 elections, as well as the 2016 elections, which your February 8, 2019 letter did not address.

That is, there’s something — apparently about both the 2018 and the 2016 elections — that Coats is hiding, information that surely would embarrass Trump.

And Coats isn’t giving it to us.

Given that just Democratic Senators are on the request (unlike the earlier request), this one seems to amount to Coats running partisan interference to prevent Trump from being embarrassed. Which, if true, would mean that the head of the Intelligence Community is using classification to hide the fact that the President is making bullshit claims about our elections.

Journalist Records from the “Last Five Years”

Some weeks ago, there was some concern raised by DOJ’s response to an October 10, 2017 letter from Ron Wyden, written in the wake of an August Jeff Sessions press conference asking how many times DOJ has seized journalists’ records.

  1. For each of the past five years, how many times has DOJ used subpoenas, search warrants, national security letters, or any other form of legal process authorized by a court to target members of the news media in the United States and American journalists abroad to seek their (a) communications records, (b) geo-location information, or (c) the content of their communications? Please provide statistics for each form of legal process.
  2. Has DOJ revised the 2015 regulations, or made any other changes to internal procedures governing investigations of journalists since January 20, 2017? If yes, please provide me with a copy.

In response, in a letter claiming to provide all the “requests for information from January 2012 to the present,” DOJ pointed to the 2013 collection of AP records and the 2014 subpoena of James Risen. It also claimed,

The Federal Bureau of Investigation does not currently use national security letters to advance media leak investigations.

DOJ’s letter was written after Ali Watkins received notice, on February 13, that her phone and email records had been seized in the investigation of James Wolfe. It also comes after DOJ subpoenaed the Twitter information of Dissent Doe and Popehat last spring in conjunction with DOJ’s dumb persecution of Justin Shafer, both of whom have websites providing original content.

Whether DOJ has gotten more aggressive about seizing reporters’ phone records or content is a question I’m unsurprisingly very interested in.

All that said, DOJ may simply be playing word games, at least thus far.

Note, first of all, that Wyden only asked for the “past five years.” While DOJ claimed to present records spanning into the present, had DOJ responded to the actual request, it might have only presented past requests. Additionally, if Watkins got 90 day notice of her records being seized, the request itself would have taken place after the Wyden request.

While more specious, the May 2017 Twitter subpoena may have been deemed to be the same year as Wyden’s request.

Note three other details. First, Wyden’s letter (though not DOJ’s response) describes “targeting” journalists. Obviously, that word has a specific meaning in the context of surveillance, and I could see DOJ claiming that the Shafer investigation, for example, targeted Shafer, not his Tweeps.

Additionally, Wyden only asks about US news media and US journalists overseas. That’s not going to include an obvious target (whether or not DOJ still considers him a publisher): Julian Assange, an Australian publisher living in what counts as Ecuadoran territory.

Finally, note that DOJ specifies they don’t use NSLs for “media leak investigations.” That, too, has a specific meaning, one that probably doesn’t include the Shafer investigation on trumped up cyberstalking charges.

The Watkins case, especially, demands explanation. But finding it might just require rewording the questions.

Did Trump Modify PPD-28 Last Year before Retaining It?

In a series of questions for the record about whether CIA will continue to publicly post its surveillance procedures, CIA Director nominee Gina Haspel suggested she wouldn’t note changes if doing so would expose sources and methods.

Yes, subject only to my duty to protect classified information and intelligence sources and methods.

One question to which she gave that answer pertained to PPD-28, the Obama directive that provided some protections to foreign citizens.

The CIA’s PPD-28 Section 4 policies and procedures are publicly available. Will you ensure that the CIA continues to post these procedures as well as any modifications, superseding policies and procedures, or significant interpretations?

When Wyden asked about the importance of PPD-28 to bilateral relationships, Haspel explained that the Trump Administration had reviewed and retained it last year (Mike Pompeo had floated ditching it in his confirmation hearing). But in discussions about modifications, she envisioned only substantial modifications might interest allies.

PPD-28 underlies the US commitment to the EU/US Privacy Shield. This administration reviewed PPD-28 last year and decided to retain it. If PPD-28 were substantially modified or eliminated, our European partners might re-evaluate their commitment to the Privacy Shield that support trans-Atlantic commercial data flows.

The answers certainly leave the possibility that, in reviewing PPD-28 last year, the Trump Administration did make classified modifications, but did not consider them major enough to tell our European friends about.

Ron Wyden Makes It Clear Gina Haspel Pushed for Torture to Continue in 2005

Among the many, many damning details of Gina Haspel’s confirmation hearing, one sticks out. Ron Wyden asked her whether, during the 2005 to 2007 period, whether she ever asked for the torture program to be continued or expanded. She didn’t answer. Instead, she dodged:

Haspel: Like all of us who were in the counterterrorism center and working at CIA in those years after 9/11, we all believed in our work, we were committed, we had been charged with making sure the country wasn’t attacked again. And we had been informed that the techniques in CIA’s program were legal and authorized by the highest legal authority in our country and also the President. So I believe, I and my colleagues in the counterterrorism center were working as hard as we could with the tools that we were given to make sure that we were successful in our mission.

Wyden: My time is short and that, respectfully, is not responsive to the question. That was a period where the agency was capturing fewer detainees, waterboarding was no longer approved, and especially in light of that Washington Post story, I would really like to have on the record whether you ever called for the program to be continued, which it sure sounds to me like your answer suggested. You said, well we were doing our job it ought to be continued.

This makes it clear that Haspel was involved in reauthorizing torture in 2005, in a process that was as rife with lies to DOJ as the original authorization process had been.

It also makes Haspel directly responsible for the torture of people like Abu Farj al-Lbi, which the torture report describes this way.

On May 2005, one day after al-Libi’s arrival at DETENTION SITE BLACK, CIA interrogators received CIA Headquarters approval for the use of the CIA’s enhanced interrogation techniques on Abu Faraj al-Libi. CIA interrogators began using the CIA’s enhanced interrogation techniques on Abu Faraj al-Libi on May 28, 2005, two days before the OLC issued its memorandum analyzing whether the techniques violated U.S. obligations under the Convention Against Torture.891

The CIA interrogated Abu Faraj al-Libi for more than a month using tlie CIA’s enhanced interrogation techniques. On a number of occasions, CIA interrogators applied the CIA’s enhanced interrogation techniques to Abu Faraj al-Libi when he complained of a loss of hearing,repeatedly telling him to stop pretending he could not hear well.892 Although the interrogators indicated that they believed al-Libi’s complaint was an interrogation resistance technique, Abu Faraj al-Libi was fitted for a hearing aid after his transfer to U.S. military custody at Guantanamo Bay in 2006.893 Despite the repeated and extensive use of the CIA’s enhanced interrogation techniques on AbuFaraj al-Libi, CIA Headquarters continued to insist throughout the summer and fall of 2005 that Abu Faraj al-Libi was withholding information and pressed for the renewed use of the techniques. The use of the CIA’s enhanced interrogation techniques against Abu Faraj al-Libi was eventually discontinued because CIA officers stated that they had no intelligence to demonstrate that Abu Faraj al-Libi continued to withhold information, and because CIA medical officers expressed concern that additional use of the CIA’s enhanced interrogation techniques “may come with unacceptable medical or psychological risks.894 After the discontinuation of the CIA’s enhanced interrogation techniques, the CIA asked Abu Faraj al-Libi about UBL facilitator Abu Ahmad al-Kuwaiti for the first time.895 Abu Faraj al-Libi denied knowledge of al-Kuwaiti.896

That Haspel appears to have pushed to use torture with al-Libi is significant for multiple reasons. First, as noted, the CIA tortured al-Libi immediately after taking him into custody. There was no show of seeing whether he would cooperate. The CIA used his claim of hearing problems — a claim that turned out to be true — as an excuse to do more torture. CIA apparently kept asking to resume torture with him, even though it didn’t work.

Really importantly for the legacy of the torture program, al-Libi not only didn’t reveal the identity of Abu Ahmad al-Kuwaiti while he was being tortured, he continued to lie about it after he was tortured.

But Haspel’s involvement in this might be most problematic given the timing of it. As noted, the CIA asked for custody of al-Libi while they were still getting torture reauthorized; the first two Bradbury memos, authorizing torture and then their use of them in combination, were approved on May 10. As further noted, however, CIA started torturing al-Libi before the last Bradbury memo was signed on May 30. We know from Jim Comey’s memos about that process that DOJ was pushed very hard to approve them. Critically important, however, is that Alberto Gonzales made a case against reapproving torture at the May 31 principals meeting. In spite of DOJ concerns, the principals committee reapproved all the techniques.

That’s because CIA had already started torturing al-Libi. Effectively, CIA (so, presumably, Haspel, among others), rushed to torture al-Libi so that the government would have no choice but to reauthorize it.

In 2017, the Government Withdrew Three FISA Collection Requests Rather than Face an Amicus Review

Last year’s Section 702 Reauthorization law included a bunch of technical fix language describing how appeals of FISA Court of Review decisions should work.

In this post on that technical language, I speculated that Congress may have added the language in response to a denial of a request by the FISCR, about the only thing that would have identified the need for such language.

As one piece of evidence to support that hypothesis, I noted that one of the times the FISC consulted with an amicus (probably Amy Jeffress), it did not make the topic or the result public.

There’s one other reason to think there must have been a significant denial: The report, in the 2015 FISC report, that an amicus curiae had been appointed four times.

During the reporting period, on four occasions individuals were appointed to serve as amicus curiae under 50 U.S.C. § 1803(i). The names of the three individuals appointed to serve as amicus curiae are as follows:  Preston Burton, Kenneth T. Cuccinelli II  (with Freedom Works), and Amy Jeffress. All four appointments in 2015 were made pursuant to § 1803(i)(2)(B). Five findings were made that an amicus curiae appointment was not appropriate under 50 U.S.C. § 1803(i)(2)(A) (however, in three of those five instances, the court appointed an amicus curiae under 50 U.S.C. § 1803(i)(2)(B) in the same matter).

We know of three of those in 2015: Ken Cuccinelli serving as amicus for FreedomWorks’ challenge to the restarted dragnet in June 2015, Preston Burton serving as amicus for the determination of what to do with existing Section 215 data, and Amy Jeffress for the review of the Section 702 certifications in 2015. (We also know of the consultation with Mark Zwillinger in 2016 and Rosemary Collyer’s refusal to abide by USA Freedom Act’s intent on amici on this year’s reauthorization.) I’m not aware of another, fourth consultation that has been made public, but according to this there was one more. I say Jeffress was almost certainly the amicus used in that case because she was one of the people chosen to be a formal amicus in November 2015, meaning she would have been called on twice. If it was Jeffress, then it likely happened in the last months of the year.

I raise that background because of a detail in the FISC report released yesterday, showing its approvals for 2017. It revealed that FISC told the government on three occasions it might appoint an amicus. On all three occasions, the government withdrew the request rather than undergo a FISC review with even a limited adversary.

During the reporting period, no individual was appointed to serve as amicus curiae by the FISA courts. No findings were made in 2017, pursuant to 50 U.S.C. § 1803(i)(2)(A), that an amicus curiae appointment was not appropriate. There were three matters in which the Court advised the government that it was considering appointment of an amicus curiae to address a novel or significant question of law raised in proposed applications, but the government ultimately did not proceed with the proposed applications at issue, or modified the final applications such that they did not present a novel or significant question of law, thereby obviating a requirement for consideration as to the appropriateness of appointment of amicus. These matters are reflected in the table above as, respectively, a modification to a proposed order, an application denied in full, and an application denied in part. This is the first report including information about such occurrences. A similarly small number of such events occurred during prior reporting periods but were not discussed in the reports for those years.

In one case, the government withdrew an entire application after learning the FISC might appoint an amicus to review the proposed technique. In two others, the final order in one or another way did not include the requested practice.

These three instances are not the first time the government has withdrawn a request after learning FISC would invite adversarial review. While the court doesn’t reveal how many or in what years, it does say that a “similarly small number of such events occurred during prior reporting periods.” Given that there have been just two other reporting periods (the report for part of 2015 and the report covering all of 2016), the language seems to suggest it happened in both years.

That the government has been withdrawing requests rather than submitting them to the scrutiny of an amicus suggests several things.

First, it may be withdrawing such applications out of reluctance to share details of such techniques even with a cleared amicus, not even one of the three who served as very senior DOJ officials in the past. If that’s right, that would reflect some pretty exotic requests, because some of the available amici (most notably former Assistant Attorney General David Kris) have seen all that DOJ was approving with NatSec collection.

Second, remember that for at least one practice (the collection of location information), the government has admitted to opting to using criminal process rather than FISA where more lenient precedents exist in particular jurisdictions. That might happen, for example, if a target could be targeted in a state that didn’t require a warrant for some kinds of location data whereas FISC does.

Starting in 2017, the government would have the ability to share raw EO 12333 with the FBI, which might provide another alternative means to collect the desired data.

All of which is to say these withdrawals don’t necessarily mean the government gave up. Rather, past history has shown that the government often finds another way to get information denied by the FISC, and that may have happened with these three requests.

Finally, remember that as part of 702 reauthorization last year, Ron Wyden warned that reauthorization should include language preventing the government from demanding that companies provide technical assistance (which obviously includes, but is probably not limited to, bypassing or weakening encryption) as part of 702 directives. The threat the government might do so under 702 is particularly acute, because unlike with individual orders (which is what the withdrawn requests here are), the FISC doesn’t review the directives submitted under 702. Some of these withdrawn requests — which may number as many as nine — may reflect such onerous technical requests.

Importantly, one reason the government might withdraw such requests is to avoid any denials that would serve as FISC precedent for individualized  and 702 requests. That is, if the government believed the court might deny an individual request, it might withdraw it and preserve its ability to make the very same demand in a 702 context, where the FISC doesn’t get to review the techniques use.

Whatever the case, the government has clearly been bumping up against the limits of what it believes FISC will approve in individualized requests. But that doesn’t mean it hasn’t been surpassing those limits via one or another technical or legal means.