Posts

“Was Wiped:” A Grammar Lesson for the Frothers

The frothy right is in a tizzy again.

Judicial Watch got a FOIA response that the frothers are reading out of context — without even reading the existing public record much less asking the question they now claim to want to answer — and claiming that Mueller’s attorneys kept wiping their phones.

The FOIA was for records pertaining to Lisa Page and Peter Strzok’s use of DOJ-issued mobile phones while assigned to Mueller’s team. The FOIA was not for a description of the record-keeping in the Mueller office. The FOIA was not for a final accounting of every text that every Mueller team member sent while working for Mueller. If a document mentions Page or Strzok’s phones, it is included here; if it does not, it was withheld.

That said, the frothy right is largely ignoring what the documents show, and instead referring to a single tracking sheet in isolation from the rest, to conclude that multiple Mueller officials wiped their own phones.

To understand what the documents show, it’s best to separate it into what the documents show about Page and Strzok, and then what they show about everyone else.

Mueller’s Office discovered too late that Page and Strzok’s phones had been reset according to standard procedure

The documents show, first of all, that the available paper trail backs the explanations around what happened to Page and Strzok’s Mueller iPhones, which both used for less than 3 months in 2017 while they also used (and sent damning texts on) their FBI issue Samsung phones.

The documents show that Lisa Page was among the first people assigned a Mueller iPhone. Justice Management Department’s Christopher Greer asked for iPhones specifically to deploy a standard mobile technology (though a later document reflects Adam Jed appears to have gotten an Android). Then, after a 45-day assignment, Page left. As the first person to leave the team, she left before processes were put into place to document all that; Page is actually the one who initiated the bureaucratic process of leaving. “Since we have our first detail employee leaving us, it is time to roll out our first form/policy,” Mueller’s administrative officer explained. Mueller’s Records Officer noted she didn’t have to be at the meeting, but provided an Exit Checklist to use on Page’s out-processing. The Records Officer further directed, weeks before anyone discovered Page’s damning texts with Strzok,

Please make sure [Page] doesn’t delete any text messages off her DOJ iPhone, if any.

Everything else should be saved on her H drive on JCON and in her email. This will be good for me as the RSO to go behind and see how that function works.

Mueller’s Administrative Officer also couldn’t make the meeting. But he noted that Page had a laptop “which may already been in [redacted] area, a DOJ cell phone & charger” and noted that “All equipment that I need will be covered as you go through the form.”

The FOIAed documents don’t reveal this, but a DOJ IG Report released in December 2018 reveal that Page left her devices on a shelf in the office she was using.

The SCO Executive Officer completed Page’s Exit Clearance Certification, but said that she did not physically receive Page’s issued iPhone and laptop. During a phone call, Page indicated to SCO that she had left her assigned cell phone and laptop on a bookshelf at the office on her final day there.

On July 17, two days after she left, that Administrative Officer confirmed that, “I have her phone and laptop.”

That is, everyone involved was trying to do it right, but Page was the first person put through this process so everyone admitted they were instituting procedures as they went.

Out-processing of Peter Strzok in August, in the wake of the discovery of Strzok’s texts with Page, was a good deal more terse. That said, the Records Officer did review his phone for anything that had to be saved on September 6, 2017, and found nothing of interest.

Still, their Exit Forms show both returned their iPhone. (Strzok; Page)

It’s only in January 2018, as DOJ IG started to look into their texts, that Mueller’s office discovered they couldn’t account for Page’s iPhone. JMD ultimately found it, but not until September 2018. The phone showed that it had been reset to factory settings, which was standard DOJ policy, on July 31, 2017, two weeks after Page turned it over and left SCO.

In fall 2018 and again in January 2019, numerous people at DOJ tried to find alternative ways to reconstruct any texts Page and Strzok sent on their Mueller iPhones. Because the effort started over a year after they had stopped using the phones, neither DOJ nor Verizon had even log files from the texts anymore. So a DOJ official reviewed Strzok’s phone and found nothing, may not have reviewed Page’s phone, but nevertheless found no evidence Page tried to evade review.

That is, for the subject Judicial Watch was pursuing, the FOIA was a bust.

In response to the Page-Strzok scandal, Mueller appears to have adopted a standard higher than DOJ generally

The Page-Strzok files also suggest certain things about what Mueller did as his investigation was roiled by claims focusing on the two former FBIers.

  • It appears that, after the shit started hitting the fan, Mueller engaged in record-keeping above-and-beyond that required by DOJ guidelines (that’s what the frothers are complaining about)
  • When things started hitting the fan, Mueller’s Chief of Staff Aaron Zebley seems to have started taking a very active role in the response
  • FBI continued to issue Page and Strzok updated phones even while they had Mueller iPhones, which is probably the case for at least the FBI employees on Mueller’s team, making confusion about phones more likely
  • Both DOJ and Verizon would have some ability to reconstruct any texts for phones with problems identified in real time, as opposed to the year it took with Page and Strzok

Here’s the standard DOJ adopts with regards to the use of texts on DOJ-issued phones. DOJ guidelines for retaining texts all stem from discovery obligations — and DOJ, unlike FBI, puts the onus on the user to retain texts.

The OIG reviewed DOJ Policy Statement 0801.04, approved September 21, 2016, which establishes DOJ retention policy for email and other types of electronic messaging, to include text messages. Policy 0801.04 states that electronic messages related to criminal or civil investigations sent or received by DOJ employees engaged in those investigations must be retained in accordance with the retention requirements applicable to the investigation and component specific policies on retention of those messages.

OIG also reviewed DOJ Instruction 0801.04.02, approved November 22, 2016, which provides guidance and best practices on component use of electronic messaging tools and applications for component business purposes.

Section C of 0801.04.02 (Recordkeeping Guidance for Electronic Messaging Tools in Use in the DOJ) subsection 9 (Text Messaging), states that text messaging may be used by staff only if it has been approved by the Head of the Component and in the manner specifically permitted by written component policies. Additional guidance was provided in a memo from the Deputy Attorney General dated March 30, 20 I I, titled ‘Guidance on the Use, Preservation, and Disclosure of Electronic Communications in Federal Criminal Cases.’ The memo states that electronic communications should be preserved if they are deemed substantive. Substantive communications include:

    • Factual information about investigative activity
    • Factual information obtained during interviews or interactions with witnesses (including victims), potential witnesses, experts, informants, or cooperators
    • Factual discussions related to the merits of evidence
    • Factual information or opinions relating to the credibility or bias of witnesses, informants and potential witnesses; and
    • Other factual information that is potentially discoverable under Brady, Giglio, Rule 16 or Rule 26.2 (Jencks Act).

So people using DOJ phones are only required to keep stuff that is case related. DOJ IG had, in 2015, complained about DOJ’s retention of texts, but the standard remained unchanged in 2018.

In January 2018, after someone had leaked news of the Page-Strzok texts to the NYT and after DOJ released their texts to the press (possibly constituting a privacy violation and definitely deviating from the norm of not releasing anything still under investigation by DOJ IG) and after Senator Chuck Grassley and Ron Johnson started making unsubstantiated claims about the texts, Mueller’s Chief of Staff, Aaron Zebley appears to have taken a very active role in the response. That’s when Mueller Executive Officer Beth McGarry Mueller’s Chief of Staff sent Page and Strzok’s Exit Paperwork to Zebley. And that’s when Mueller and DOJ IG discovered no one could find Page’s phone.

Not said in any of these documents, but revealed in the DOJ IG Report, is that Page and Strzok continued to use their FBI Samsung phones, and indeed were issued updated Samsungs after being assigned to Mueller’s team.

Based on OIG’s examination of their FBI mobile devices, Page and Strzok also retained and continued to use their FBI mobile devices. Specifically, on or about May 18, 2017, Page received an FBI-issued Samsung Galaxy S7 mobile device to replace her previously-issued FBI Samsung Galaxy SS. On or about July 5, 2017, Strzok received an FBl-issued Samsung Galaxy S7 mobile device to replace his previously-issued FBI Samsung Galaxy S5.

This was already known, because that’s where all their compromising texts were. But among other things, it makes it clear that some Mueller team members (especially the FBI employees, virtually all of whose names are redacted), may also have continued to use their existing FBI issue phone even while using the Mueller iPhone. With the exception of the 70-something year old James Quarles, whose phone “wiped itself without intervention from him” in April 2018 and who did not use text or have any photos on it when it was wiped, the suspicious events Republicans are complaining about came from DOJ employees, who might be most likely to juggle multiple phones and passwords.

Finally, one more detail of note in the Page and Strzok documents pertains to the other revelations. As noted, as part of the effort to find any texts they might have sent, DOJ reached out to Verizon, to try to figure out what kind of text traffic had been on their phones. Verizon responded that it only keeps texting metadata for 365 days, with rolling age-off, so it couldn’t help (in fall 2018 and January 2019) to access what Page and Strzok had done with their phones in summer 2017. As part of that discussion, however, JMD’s Greer noted that “our airwatch logs may only go back 1 year.” Airwatch is the portal via which corporate users of iPhones track the usage of their employees. It means that so long as something happens with a phone within a year, some data should be available on Airwatch. That is to say, DOJ had two means by which to reconstruct the content of a phone with a problem discovered in real time, means not available given the delay in looking for Page and Strzok’s phones.

The log of phone reviews covering all Mueller personnel

Ultimately, Judicial Watch’s FOIA showed that the documents they were after — the paper trail on the Page and Strzok phones — backs up what has always been claimed about the phones. They were treated via routine process, but as a result there were no texts to review when DOJ IG got around to review them.

So they instead made a stink about just four pages in the release, what appears to be a log — probably started in January 2018, as the Page and Strzok issues continued to roil — of every instance where a Mueller staff phone got reviewed.

The log starts with Page, Strzok, and two other people whose identities are redacted. It has an additional number of entries interspersed with ones from January 2018 which may be those out-processed under DOJ’s normal terms, prior to the initiation of this log. After that, though, the log seems to show meticulous record-keeping both as people were out-processed and any time something went haywire with a phone.

Here, for example, is the entry showing that Kevin Clinesmith’s phone was reviewed on March 5, 2018, and two texts and three photos that were not required to be kept as a DOJ record were emailed to him.

Here, for example, is a record showing that the phone of Uzo Asonye, a local prosecutor added to Manafort’s tax cheat trial in EDVA, got cleared of ten voice mails that pre-dated his involvement with the Mueller team when he was out-processed from the Mueller team.

In other words, Mueller’s team made sure phones were clean, even if they hadn’t been when the came into the team.

Some of what the frothers are pointing to as suspicious is someone wiping their phone when they get it — good security practice and, since the phone is new to them, nothing that will endanger records.

In others of the instances the frothers are complaining about, the log shows that someone immediately alerted record-keepers when they wiped their phone, which (if there were a concern) would provide DOJ an opportunity to check Airwatch.

One thing Republicans are focusing most closely on is that Andrew Weissmann twice “accidentally” wiped his phone, having done so on March 8 and September 27, 2018.

Note, both these instances involve the same phone, and also the same phone he had in what appears to be the final inventory. So while this is not entirely above suspicion, it’s not the case that Weissmann kept wiping phones before DOJ had a chance to check what he had on there before he got a new one. Rather, it appears he wiped the same phone twice and told the record-keepers about it in real time. Moreover, the wipes do not correlate to one possible damning explanation of them, that Weissmann was trying to cover up leaks to the press that Manafort would later accuse him and the Mueller team generally of.

There appears to have been nothing unusual about Weissmann’s out-processing review in March 2019.

So when DOJ had a chance to look at how Weissmann had used his phone for the last six months he used a Mueller phone, it found nothing.

Another of the things Republicans find particularly suspicious is that the phones of Kyle Freeny and Rush Atkinson were both wiped within days of each other (Freeny is a woman, which some of the self-described experts on the Mueller investigation got wrong in their stories on this). For Freeny and one other person (likely an FBI agent), this appears to have been an out-processing review.

Note that here and in many other cases, the description uses the passive voice. “Was [accidentally] wiped,” with no subject identified. There’s good reason to believe — based on the Records Officer retroactive descriptions about Strzok’s phone, the occasional use of the first person, and multiple references to the Administrative Officer — that these are written from the voice of the Records Officer, not the lawyer or agent in question. That is, many of the incidences of descriptions that a phone “was wiped” in no way suggest the person used the phone wiped it. Rather, it seems to be the Records Officer or someone else in the review process. And for a number of those instances there’s a clear explanation why the phone was wiped, which would be normal process for most DOJ transitions in any case.

It does appear Atkinson’s phone was wiped just days after Freeny’s phone, though it was identified in plenty of time to obtain the metadata, if needed.

But like Weissmann, Atkinson’s out-processing review (curiously, the very last one from the entire Mueller team) showed nothing unusual.

In short, what the frothy right appears to have worked themselves up about is that after the conduct of Page and Strzok raised concerns, Mueller imposed record-keeping that DOJ would not otherwise have done, record-keeping that attempted (even though it is not required by DOJ policy) to track every single personal text sent on those phones. And for many of the instances that frothers look at with suspicion, they’re actually seeing, instead, a normal DOJ treatment of a phone.

Timeline

May 20, 2017: Add four accounts, give them iPhones, including Lisa Page and Brandon Van Grack.

May 31, 2017: Page and Strzok first logged into SCO laptops.

June 15, 2017: What kind of tracking do we need for phones? Answer: IMEI. [Includes non-exempt team through that date.]

July 13, 2017: Out-processing of Lisa Page, for whom the process was invented. [Includes list of admin personnel.]

July 17, 2017: Page had handed over her devices, SCO still working with JMD to figure out how to back up common drive.

July 27, 2017: Michael Horowitz tells Mueller of Page-Strzok texts he discovered.

July 31, 2017: Page phone reset to factory settings.

August 9, 2017: Strzok sends exit checklists.

August 10, 2017: Strzok separates from office.

September 6, 2017: Records Officer reviews Strzok’s phone.

November 30, 2017: Mike Flynn informed of Strzok’s texts.

December 2, 2017: NYT reports on Strzok’s texts.

December 13, 2017: DOJ releases first batch of Page-Strzok texts, while trying to hide they were the source.

January 19, 2018: Stephen Boyd informs Chuck Grassley of archiving problems.

January 22, 2018: Strzok’s Mueller iPhone located.

January 23, 2018: Attempt to get texts from Verizon, but both content and metadata no longer stored.

January 25, 2018: Beth McGarry sends Aaron Zebley exit forms from Strzok and Page.

January 26, 2018: LFW notes that they’ve lost Page’s phone, but hands the search off to JMD. Greer notes, specifically, however, that “SCO policy was to reuse them and not hold.”

Late January 2018: FBI Inspection Division finds FBI Samsung phones, provide to DOJ IG.

February 8, 2018: Trump supporter Cesar Sayoc starts plotting attack on Strzok and others.

March 5, 2018: Kevin Clinesmith’s out-processing shows nothing unusual.

March 8, 2018: Andrew Weissmann wipes his phone.

May 4, 2018: Page resigns from FBI.

June 2018: DOJ IG discovers more texts, changes conclusion of Midyear Exam report.

June 14, 2018: Release of Midyear Exam report.

August 10, 2018: Strzok fired from FBI.

Early September 2018: Justice Management Division finds Page’s Mueller iPhone, provides to DOJ IG.

September 13, 2018: SCO Records Officer contacts DOJ IG about what status they got Page’s phone in.

September 21, 2018: Draft language between records officer and Aaron Zebley for DOJ IG Report. Also an attempt to check Airwatch for backups to the phones, but they only go back one year.

September 27, 2018: Andrew Weissmann wipes his phone.

October 17, 2018: DOJ IG informs SCO Records Officer that they have the phone, but that it had been reset to factory settings.

October 22, 2018: DOJ IG Cyber Agent follows up about DOJ IG Report language.

November 15, 2018: FBI Data Collection tool not archiving texts reliably.

November 27, 2018: Kyle Freeny’s phone wiped as part of out-processing.

November 29, 2018: Rush Atkinson’s phone accidentally wiped.

Late December 2018: DOJ IG releases report on archiving of DOJ phones.

December 27, 2018: Zebley responds to Rudy Giuliani claim about destruction of evidence.

January 18, 2019: JMD asks Verizon for texting data for Page and Strzok’s phones, but Verizon’s metadata records only go back 365 days.

January 30-31, 2019: LFW asks to cancel Strzok’s phone.

March 28, 2019: Andrew Weissmann’s out-processing review shows nothing unusual.

June 11, 2019: Rush Atkinson’s out-processing review shows nothing unusual.

December 9, 2019: DOJ IG releases Carter Page IG Report.

Unclear date: Inventory of all phones.

A Focus on Florida: What Happened to the Three Campaign Officials Chatting with Yevgeniy Prigozhin’s Trolls?

I want to go back to something I’ve been uniquely obsessed about for almost an entire year. As I’ve noted, the Internet Research Agency indictment describes the IRA trolls interacting with three Trump campaign officials that it describes in the manner used with possible co-conspirators.

74. On or about August 15, 2016, Defendants and their co-conspirators received an email at one of their false U.S. persona accounts from a real U.S. person, a Florida-based political activist identified as the “Chair for the Trump Campaign” in a particular Florida county. The activist identified two additional sites in Florida for possible rallies. Defendants and their co-conspirators subsequently used their false U.S. persona accounts to communicate with the activist about logistics and an additional rally in Florida.

75. On or about August 16, 2016, Defendants and their co-conspirators used a false U.S. persona Instagram account connected to the ORGANIZATION-created group “Tea Party News” to purchase advertisements for the “Florida Goes Trump” rally.

76. On or about August 18, 2016, the real “Florida for Trump” Facebook account responded to the false U.S. persona “Matt Skiber” account with instructions to contact a member of the Trump Campaign (“Campaign Official 1”) involved in the campaign’s Florida operations and provided Campaign Official 1’s email address at the campaign domain donaldtrump.com. On approximately the same day, Defendants and their co-conspirators used the email address of a false U.S. persona, [email protected], to send an email to Campaign Official 1 at that donaldtrump.com email account, which read in part:

Hello [Campaign Official 1], [w]e are organizing a state-wide event in Florida on August, 20 to support Mr. Trump. Let us introduce ourselves first. “Being Patriotic” is a grassroots conservative online movement trying to unite people offline. . . . [W]e gained a huge lot of followers and decided to somehow help Mr. Trump get elected. You know, simple yelling on the Internet is not enough. There should be real action. We organized rallies in New York before. Now we’re focusing on purple states such as Florida.

The email also identified thirteen “confirmed locations” in Florida for the rallies and requested the campaign provide “assistance in each location.”

77. On or about August 18, 2016, Defendants and their co-conspirators sent money via interstate wire to another real U.S. person recruited by the ORGANIZATION, using one of their false U.S. personas, to build a cage large enough to hold an actress depicting Clinton in a prison uniform.

78. On or about August 19, 2016, a supporter of the Trump Campaign sent a message to the ORGANIZATION-controlled “March for Trump” Twitter account about a member of the Trump Campaign (“Campaign Official 2”) who was involved in the campaign’s Florida operations and provided Campaign Official 2’s email address at the domain donaldtrump.com. On or about the same day, Defendants and their co-conspirators used the false U.S. persona [email protected] account to send an email to Campaign Official 2 at that donaldtrump.com email account.

79. On or about August 19, 2016, the real “Florida for Trump” Facebook account sent another message to the false U.S. persona “Matt Skiber” account to contact a member of the Trump Campaign (“Campaign Official 3”) involved in the campaign’s Florida operations. On or about August 20, 2016, Defendants and their co-conspirators used the “Matt Skiber” Facebook account to contact Campaign Official 3.

Since this indictment was rolled out last February, no one has identified these three Trump campaign officials nor what they did in response to dangles from Yevgeniy Prigozhin’s trolls.

That said, contrary to the assumption made when a DC-based team of US Attorneys joined the IRA prosecution team, DOJ’s investigation on this front has continued. Not only was IRA accountant Elena Alekseevna Khusyaynova charged in EDVA last September (the complaint was unsealed in October, during a pre-election disinformation campaign involving IRA trolls), but in August, Mueller prosecutor Rush Atkinson was still pursuing investigative action in the IRA case (this means it’s possible that the involvement of a DC prosecutor in Roger Stone’s prosecution serves largely to keep the Mueller team targeting him focused on other aspects of their investigation of him).

In any case, since the mention of three different campaign officials interacting with Prigozhin’s trolls, we’ve gotten a number of other reasons to be interested in what happened in Florida in 2016.

Obviously, there’s Roger Stone. The actions laid out in his existing indictment largely take place in DC and NY, but we know Mueller has pursued (and continues to pursue, with Andrew Miller) testimony from aides working for Stone elsewhere, including in Florida. We know in May 2016, for example, Stone met in Florida with a Russian using the name Henry Greenberg offering dirt on Hillary. In principle, his denials on that should be taken no more seriously than his denials pertaining to WikiLeaks, but he was willing to correct his testimony on that point, unlike his testimony on WikiLeaks.

And there are other connections in Florida of interest. In a piece adding to stuff we already knew about Sergei Millian (which bizarrely remains silent about Ivan Timofeev and Oleg Deripaska’s ties to him, or his promise to build a Trump Tower), the WaPo describes how Millian worked with a Florida-based Russian named Mikhail Morgulis to build support in Florida.

As he was working to build a relationship with Papadopoulos in 2016, Millian also offered to serve as a conduit to the Trump campaign for a Belarusan author in Florida with connections to the Russian government, according to emails obtained by The Washington Post.

The author, Mikhail Morgulis, who said he never ended up hearing from anyone in the campaign, later claimed that he rallied Russian Americans to back Trump.

[snip]

Morgulis took credit in interviews with Russian media for helping to elect Trump by organizing Russian-speaking voters.

“I personally visited 11 cities in Florida, where I said that if you want our new president to be a homosexual . . . vote for Hillary,” he said a July 2017 interview with the Russian government-funded outlet Sputnik, touting a false claim popular among some conservative conspiracy theorists. In the interview, he also said he had briefly met both Trump and his son-in-law, Jared Kushner.

Then consider this detail from BuzzFeed’s report on what Suspicious Activity Reports say about Rinat Akhmetshin’s finances. Rather than getting paid by Lanny Wiles — as had previously been portrayed — Akhmetshin was in fact paying Wiles.

Akhmetshin continued receiving checks and wires from Wiles Consulting, a Florida-based company controlled by Lanny Wiles, a longtime Republican operator. Those payments, which began in January 2016, extended to April 2017, and totaled $72,500.

Investigators at Akhmetshin’s bank said the direction of the payments — from Wiles to Akhmetshin — contrasted with how their working relationship had been portrayed publicly. Investigators, citing unspecified public information, said Wiles claimed he was paid by Akhmetshin to work on the Magnitsky lobbying issue, not the other way around. The investigators did not cite their source, but a 2016 Politico article quoted Wiles saying he had been paid by Akhmetshin. Investigators at Bank of America did find that the foundation had issued checks to Wiles, but the amount is unclear. Wiles, whose wife was the chair of Trump’s Florida campaign, did not return messages seeking comment.

In the same Politico article, Wiles said he didn’t want to register as a foreign agent, but that Akhmetshin had told him it wouldn’t be necessary, as he would be working for BakerHostetler.

In the wake of the Natalia Veselnitskaya indictment in December, the government will have an easy time arguing that Akhmetshin and Wiles’ lobbying will easily be demonstrated to be work on behalf of Russia.

As noted, Wiles’ wife, Susie, was Trump’s Florida campaign chair, and the woman who got Veselnitskaya a seat in a hearing on Magnitsky sanctions.

Update: The Wiles’ daughter, Caroline Wiles, quit her White House job as director of scheduling after it became clear she’d fail a background check. (h/t LR)

Among those who won’t be working at the White House was President Donald Trump’s director of scheduling, Caroline Wiles, the daughter of Susan Wiles, Trump’s Florida campaign director and former campaign manager for Governor Rick Scott. Wiles, who resigned Friday before the background check was completed, was appointed deputy assistant secretary before the inauguration in January. Two sources close to Wiles said she will get another job in Treasury.

There seems to be a lot more that happened with Trump’s campaign in Florida in 2016 than we currently know about. Including the three campaign officials mentioned in the still active investigation into Yevgeniy Prigozhin’s trolls.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

The Disinformation Campaign Targeting Mueller and the Delayed Briefing to SSCI on Russian Election Interference

A lot of people are reporting and misreporting details from this Mueller filing revealing that it had been the target of disinformation efforts starting in October.

1000 non-sensitive files leaked along with the file structure Mueller provided it with

To substantiate an argument that Concord Management should not be able to share with Yevgeniy Prigozhin the sensitive discovery that the government has shared with their trollish lawyers, Mueller revealed that on October 22, someone posted 1000 files turned over in discovery along with a bunch of other crap, partially nested within the file structure of the files turned over in discovery.

On October 22, 2018, the newly created Twitter account @HackingRedstone published the following tweet: “We’ve got access to the Special Counsel Mueller’s probe database as we hacked Russian server with info from the Russian troll case Concord LLC v. Mueller. You can view all the files Mueller had about the IRA and Russian collusion. Enjoy the reading!”1 The tweet also included a link to a webpage located on an online file-sharing portal. This webpage contained file folders with names and folder structures that are unique to the names and structures of materials (including tracking numbers assigned by the Special Counsel’s Office) produced by the government in discovery.2 The FBI’s initial review of the over 300,000 files from the website has found that the unique “hashtag” values of over 1,000 files on the website matched the hashtag values of files produced in discovery.3 Furthermore, the FBI’s ongoing review has found no evidence that U.S. government servers, including servers used by the Special Counsel’s Office, fell victim to any computer intrusion involving the discovery files.

1 On that same date, a reporter contacted the Special Counsel’s Office to advise that the reporter had received a direct message on Twitter from an individual who stated that they had received discovery material by hacking into a Russian legal company that had obtained discovery material from Reed Smith. The individual further stated that he or she was able to view and download the files from the Russian legal company’s database through a remote server.

2 For example, the file-sharing website contains a folder labeled “001-W773.” Within that folder was a folder labeled “Yahoo.” Within that folder was a folder labeled “return.” Within the “return” folder were several folders with the names of email addresses. In discovery in this case, the government produced a zip file named “Yahoo 773.” Within that zip file were search warrant returns for Yahoo email accounts. The names of the email accounts contained in that zip file were identical to the names of the email address folders within the “return” subfolder on the webpage. The webpage contained numerous other examples of similarities between the structure of the discovery and the names and structures of the file folders on the webpage. The file names and structure of the material produced by the government in discovery are not a matter of public record. At the same time, some folders contained within the Redstone Hacking release have naming conventions that do not appear in the government’s discovery production but appear to have been applied in the course of uploading the government’s production. For example, the “001- W773” folder appears within a folder labeled “REL001,” which is not a folder found within the government’s production. The naming convention of folder “REL001” suggests that the contents of the folder came from a production managed on Relativity, a software platform for managing document review. Neither the Special Counsel’s Office nor the U.S. Attorney’s Office used Relativity to produce discovery in this case. [my emphasis]

It sounds like Mueller’s office found out about it when being contacted by the journalist who had been alerted to the content on Twitter.

But before Mueller asked Concord’s trollish lawyers about it, the defense attorneys — citing media contacts they themselves had received — contacted prosecutors to offer a bullshit excuse about where the files came from.

On October 23, 2018, the day after the tweet quoted above, defense counsel contacted the government to advise that defense counsel had received media inquiries from journalists claiming they had been offered “hacked discovery materials from our case.” Defense counsel advised that the vendor hired by the defense reported no unauthorized access to the non-sensitive discovery. Defense counsel concluded, “I think it is a scam peddling the stuff that was hacked and dumped many years ago by Shaltai Boltai,” referencing a purported hack of Concord’s computer systems that occurred in approximately 2014. That hypothesis is not consistent with the fact that actual discovery materials from this case existed on the site, and that many of the file names and file structures on the webpage reflected file names and file structures from the discovery production in this case.

Without any hint of accusation against the defense attorneys (though this motion is accompanied by an ex parte one, so who knows if they offered further explanation there), Mueller notes any sharing of this information for disinformation purposes would violate the protective order in the case.

As stated previously, these facts establish a use of the non-sensitive discovery in this case in a manner inconsistent with the terms of the protective order. The order states that discovery may be used by defense counsel “solely in connection with the defense of this criminal case, and for no other purpose, and in connection with no other proceeding, without further order of this Court,” Dkt. No. 42-1, ¶ 1, and that “authorized persons shall not copy or reproduce the materials except in order to provide copies of the materials for use in connection with this case by defense counsel and authorized persons,” id. ¶ 3. The use of the file names and file structure of the discovery to create a webpage intended to discredit the investigation in this case described above shows that the discovery was reproduced for a purpose other than the defense of the case.

Update: Thursday evening, Mueller submitted another version of this clarifying that the @HackingRedstone tweets alerting journalists to the document dump were DMs, and so not public (or visible to the defense). The first public tweet publicizing the dump came on October 30, so even closer to the election.

Shortly after the government filed, defense counsel drew the government’s attention to the following sentence, which appears on page nine of the filing: “On October 22, 2018, the newly created Twitter account @HackingRedstone published the following tweet: ‘We’ve got access to the Special Counsel Mueller’s probe database as we hacked Russian server with info from the Russian troll case Concord LLC v. Mueller. You can view all the files Mueller had about the IRA and Russian collusion. Enjoy the reading!’” Defense counsel pointed out that this sentence could be read to suggest that the Twitter account broadcast a publicly-available “tweet” on October 22. In fact, the Twitter account @HackingRedstone began sending multiple private direct messages to members of the media promoting a link to the online file-sharing webpage using Twitter on October 22. The content of those direct messages was consistent with, but more expansive than, the quoted tweet to the general public, which was issued on October 30. By separate filing, the government will move to file under seal the text of the direct messages. The online file sharing webpage was publicly accessible at least starting on October 22.

I’m not sure it makes the defense response any more or less suspect. But it does tie the disinformation even more closely with the election.

The Mueller disinformation was part of a month-long election season campaign

This thread, from one of the journalists who was offered the information, put it all in context back on November 7, the day after the election.

The thread shows how the release of the Mueller-related files was part of a month-long effort to seed a claim that the Internet Research Agency had succeeded in affecting the election.

Update: This story provides more background.

Other signs of the ongoing investigation into Yevgeniy Prigozhin’s trolls

Given how the Mueller disinformation functioned as part of that month-long, election oriented campaign, I’m more interested in this passage from the Mueller investigation than that the investigation had been targeted. Mueller argues that they shouldn’t have to share the sensitive discovery with Yevgeniy Prigozhin because the sensitive discovery mentions uncharged individuals who are still trying to fuck with our elections.

First, the sensitive discovery identifies uncharged individuals and entities that the government believes are continuing to engage in operations that interfere with lawful U.S. government functions like those activities charged in the indictment.

To be sure, we knew the investigation into Prigozhin’s trolls was ongoing. On October 19, just days before these files got dropped, DOJ unsealed an EDVA complaint, which had been filed under seal on September 28, against Prigozhin’s accountant, Alekseevna Khusyaynova. Along with showing Prigozhin’s trolls responding to the original Internet Research Agency indictment last February, it showed IRA’s ongoing troll efforts through at least June of last year.

Then, in December, Concord insinuated that Mueller prosecutor Rush Atkinson had obtained information via the firewall counsel and taken an investigative step on that information back on August 30.

On August 23, 2018, in connection with a request (“Concord’s Request”) made pursuant to the Protective Order entered by the Court, Dkt. No. 42-1, Concord provided confidential information to Firewall Counsel. The Court was made aware of the nature of this information in the sealed portion of Concord’s Motion for Leave to Respond to the Government’s Supplemental Briefing Relating to Defendant’s Motion to Dismiss the Indictment, filed on October 22, 2018. Dkt. No. 70-4 (Concord’s “Motion for Leave”). Seven days after Concord’s Request, on August 30, 2018, Assistant Special Counsel L. Rush Atkinson took investigative action on the exact same information Concord provided to Firewall Counsel. Undersigned counsel learned about this on October 4, 2018, based on discovery provided by the Special Counsel’s Office. Immediately upon identifying this remarkable coincidence, on October 5, 2018, undersigned counsel requested an explanation from the Special Counsel’s Office, copying Firewall Counsel on the e-mail.

[snip]

Having received no further explanation or information from the government, undersigned counsel raised this issue with the Court in a filing made on October 22, 2018 in connection with the then-pending Motion to Dismiss. In response to questions from the Court, Firewall Counsel denied having any communication with the Special Counsel’s Office.

This was a bid to obtain live grand jury investigative information, one that failed earlier this month after Mueller explained under seal how his prosecutors had obtained this information and Dabney Friedrich denied the request.

What this filing, in conjunction with Josh Russell’s explanatory Twitter thread, reveals is that the Mueller disinformation effort was part of a disinformation campaign targeted at the election.

Dan Coats doesn’t want to share the report on Russian election tampering with SSCI

And I find that interesting because of a disturbing exchange in a very disturbing Global Threats hearing the other day. After getting both Director of National Intelligence Dan Coats and FBI Director Christopher Wray to offer excuses for White House decisions to given security risks like Jared Kushner security clearance, Martin Heinrich then asked Coats why ODNI had not shared the report on election tampering even with the Senate Intelligence Committee.

Heinrich: Director Coats, I want to come back to you for a moment. Your office issued a statement recently announcing that you had submitted the intelligence community’s report assessing the threats to the 2018 mid-term elections to the President and to appropriate Executive Agencies. Our committee has not seen this report. And despite committee requests following the election that the ODNI brief the committee on any identified threats, it took ODNI two months to get a simple oral briefing and no written assessment has yet been provided. Can you explain to me why we haven’t been kept more fully and currently informed about those Russian activities in the 2018–

Chairman Richard Burr interrupts to say that, in fact, he and Vice Chair Mark Warner have seen the report.

Burr: Before you respond, let me just acknowledge to the members that the Vice Chairman and I have both been briefed on the report and it’s my understanding that the report at some point will be available.

Coats then gives a lame excuse about the deadlines, 45 days, then 45 days.

Coats: The process that we’re going through are two 45 day periods, one for the IC to assess whether there was anything that resulted in a change of the vote or anything with machines, uh, what the influence efforts were and so forth. So we collected all of that, and the second 45 days — which we then provided to the Chairman and Vice Chairman. And the second 45 days is with DHS looking, and DOJ, looking at whether there’s information enough there to take — to determine what kind of response they might take. We’re waiting for that final information to come in.

After Coats dodges his question about sharing the report with the Committee, Heinrich then turns to Burr to figure out when they’re going to get the information. Burr at least hints that the Executive might try to withhold this report, but it hasn’t gotten to that yet.

Heinrich: So the rest of us can look forward — so the rest of us can then look forward to reading the report?

Coats: I think we will be informing the Chairman and the Vice Chairman of that, of their decisions.

Heinrich: That’s not what I asked. Will the rest of the Committee have access to that report, Mr. Chairman?

[pause]

Heinrich: Chairman Burr?

Burr; Well, let me say to members we’re sort of in unchartered ground. But I make the same commitment I always do, that anything that the Vice Chairman and myself are exposed to, we’ll make every request to open the aperture so that all members will be able to read I think it’s vitally important, especially on this one, we’re not to a point where we’ve been denied or we’re not to a point that negotiations need to start. So it’s my hope that, once the final 45-day window is up that is a report that will be made available, probably to members only.

Coming as it did in a hearing where it became clear that Trump’s spooks are helpless in keeping Trump from pursuing policies that damage the country, this exchange got very little attention. But it should!

The Executive Branch by law has to report certain things to the Intelligence Committees. This report was mandated by Executive Order under threat of legislation mandating it.

And while Coats’ comment about DOJ, “looking at whether there’s information enough there to take — to determine what kind of response they might take,” suggests part of the sensitivity about this report stems from a delay to provide DOJ time to decide whether they’ll take prosecutorial action against what they saw in the election, the suggestion that only members of the committee (not staffers and not other members of Congress) will ever get the final report, as well as the suggestion that Coats might even fight that, put this report on a level of sensitivity that matches covert actions, the most sensitive information that get shared with Congress.

Maybe the Russians did have an effect on the election?

In any case, going back to the Mueller disinformation effort, that feels like very familiar dick-wagging, an effort to make key entities in the US feel vulnerable to Russian compromise. Mueller sounds pretty sure it was not a successful compromise (that is, the data came from Concord’s lawyers, not Mueller).

But if the disinformation was part an effort to boast that Putin’s allies had successfully tampered with the vote — particularly if Russia really succeeded in doing so — it might explain why this report is being treated with the sensitivity of the torture or illegal spying program.

Update: I’ve corrected this to note that in the end the Intelligence Authorization did not mandate this report, as was originally intended; Trump staved that requirement off with an Executive Order. Still, that still makes this look like an attempt to avoid admitting to Congress that your buddy Putin continues to tamper in US elections.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Putin’s Chef, Evgeniy Prigozhin, Says He Needs Discovery So He Can Figure Out if He’s Putin’s Boss or His Chef

Among the more trollish arguments in Yevgeniy Prigozhin’s latest troll argument in defense of his troll attack on the 2016 election is that Prigozhin has to get all the discovery turned over to Concord’s lawyers because only he can tell whether he’s Putin’s boss, or his chef.

[T]he documents that the government appears to contend are statements of Concord under Fed. R. Civ. P. 16(C)(i) and (ii) are primarily in Russian. While defense counsel has engaged translators to begin its review of the discovery materials, the only way to get fully accurate translations and prepare for trial is to speak to the individuals who allegedly wrote the documents. See United States v. Archbold-Manner, 577 F. Supp. 2d 291, 292-93 (D.D.C. 2008) (noting the need for translations of voluminous foreign language discovery in ruling relating to Speedy Trial Act). This is particularly true with respect to Russian, which is highly dissimilar to English and literal translations of words often result in lost meaning or context. See, e.g., https://www.state.gov/m/fsi/sls/c78549.htm (Department of State’s Foreign Service Institute School of Language Studies identifying Russian as a Category III Language “with significant linguistic and/or cultural differences from English”). Again, by way of example, certain allegedly sensitive documents contain the Russian word “шеф.” This word can be translated into the English words “chief,” “boss” or “chef”—a distinction that is critically important since international media often refers to Mr. Prigozhin as “Putin’s Chef.”

Each logical step in this paragraph is nonsense, because it’s clear the documents in question are getting translated by people who do not suffer from the “significant linguistic and cultural differences” cited by the State Department in an off-point citation. Ultimately, this argument amounts to Prigozhin claiming that only he knows whether — all this time! — has has actually been Putin’s boss, not his chef, as usually claimed.

That said, the argument is telling, because it suggests that Prigozhin has to get discovery because documents turned over in discovery directly implicate his relationship with Putin.

“The Russian national who controls the Defendant but has not personally appeared”

The main gist of this filing, however, is an attempt to revisit an earlier order in this case and force the government (the troll lawyers pretend this case is being exclusively prosecuted by Mueller and not also by lawyers from two other DOJ components) to turn over 3 million pages in discovery to Prigozhin, even though he hasn’t appeared before the court personally.

Since the entry of the Protective Order, the Special Counsel has produced nearly 4 million documents, 3.2 million of which it has designated as “sensitive.” The Special Counsel has not explained to defense counsel the reason for the designation of any particular document or category of documents, nor has he explained why—with non-classified material—defense counsel should not have access to his secret communications with the Court.

Remember, Prigozhin made himself General Manager of Concord Management after it got indicted in the same indictment in which he got indicted so he could insist that he get this discovery in his corporate form, even while dodging prosecution in his natural form (it’s sort of the reverse effect of the Trump Organization consubstantiation that is going to get Trump in trouble). As a result, Concord argues (for the second time) that Prigozhin must get discovery because he is the defendant, and not a co-defendant currently avoiding any court appearance.

Undersigned counsel has been unable to identify a single reported case where a corporate defendant was prohibited from viewing discovery,

[snip]

Second, co-defendant Mr. Prigozhin is the only person directly affiliated with Concord identified in the Indictment. As such, Concord cannot be expected to make informed decisions regarding its defense or meaningfully confer with its counsel unless it—and specifically Mr. Prigozhin—understands the evidence the Special Counsel intends to use against it at trial. Maury, 695 F.3d at 248 (recognizing that “[a]n organization has no self-knowledge of its own Undersigned counsel has been unable to identify a single reported case where a corporate defendant was prohibited from viewing discovery,

Yet the troll lawyers don’t address the issue that proved key the last time: that this an attempt for Prigozhin, who because he has not made an appearance is not bound by the protective order, to obtain discovery as a defendant without risking his neck. Indeed, it turns that scenario on its head, searching for instances where corporations have been denied discovery as opposed to where indicted co-conspirators obtain discovery without showing up in court first.

In a related filing, the government calls Prigozhin “the Russian national who controls the Defendant but has not personally appeared” and cite national security concerns about “certain facts regarding Prigozhin and other Russian nationals associated with him.” Perhaps the government needs to present details to Friedrich about just what Putin’s chef has cooked up for him.

The troll lawyers also don’t address the terms of the discovery order. Prigozhin has a means of getting the discovery he wants: he only needs to come to the United States and enter into the protective order to do that. Indeed, two of the cases Concord cites seem to support the existing protective order, which requires those who access this information to be bound by the court before they do so and prohibits discovery from being removed from the US.

United States v. Carriles, 654 F. Supp. 2d 557, 562, 570 (W.D. Tex. 2009) (rejecting the government’s proposed protective order related to sensitive but unclassified discovery which would have prevented defendant from disseminating any sensitive discovery material to prospective witnesses without first obtaining court approval, and instead allowing defendant to disclose materials necessary for trial preparation after obtaining a memorandum of understanding related to the protective order); Darden, 2017 WL 3700340, at *3 (rejecting the government’s proposed protective order that prohibited the defendants from reviewing discovery materials unless in the presence of counsel and adopting a less restrictive protective order which specified precisely which discovery materials defense counsel could review with the defendants but could not provide or leave with the defendants).

Admittedly, Judge Dabney Friedrich invited Concord to return to these issues (albeit at a slightly later stage than where we’re at). But Concord doesn’t even address that there are means for Prigozhin to access materials under the existing protective order.

There are two more interesting sub-arguments here.

Concord argues that because the US government has charged accountant Elena Khusyaynova — but not in this case — the ongoing investigation is done

First, Concord uses the fact that Eastern District of VA charged Concord accountant in a parallel case, the “ongoing investigation” the government cited to justify its secrecy has ended.

Nevertheless, the Special Counsel has publicly invoked—in the Protective Order itself and its briefing—both an “ongoing investigation” and “sensitive investigatory techniques” as grounds for preventing disclosure, neither of which should apply here.

Undersigned counsel must assume for now that the “ongoing investigation” referred to in the Protective Order is related to the criminal complaint recently unsealed in the Eastern District of Virginia. Ex. A. Because this complaint is now unsealed, and the ongoing investigation has been publicly revealed, there is no further need to protect this investigation from disclosure.

It later says that some of the documents cited in the affidavit submitted in Elena Khusyaynova’s case are “the very same documents” turned over in discovery here.

Relatedly, the government itself has described some of the “sensitive” discovery in great detail in public filings, yet has made no effort to subsequently re-categorize those very same documents as no longer sensitive. For example, in an affidavit in support of a criminal complaint filed under seal on September 28, 2018 in the Eastern District of Virginia and unsealed on October 19, 2018, an FBI Special Agent described “detailed financial documents that tracked itemized Project Lakhta expenses” allegedly transmitted between an employee of Concord and an employee of its co-defendant, Internet Research Agency. See Ex. A, Criminal Compl., United States v. Elena Khusyaynova, 1:18-mj-464 (E.D. Va.) (filed Sept. 28, 2018; unsealed Oct. 19, 2018) (“the Holt Affidavit”). The Holt Affidavit goes on to state that “[b]etween at least January 2016 and July 2018, these documents were updated and provided to Concord on approximately a monthly basis,” and provides “illustrative examples” of these documents, including identifying the individual who sent the document (the defendant identified in the complaint); describing the date on which the documents were allegedly sent and the approximate dollar value contained in the document; and even quoting from the documents. Id. ¶ 21. To the extent that these very same documents are among those designated by the Special Counsel as “sensitive,” it is impossible to understand why they cannot be shared with Concord in order to defend itself against criminal charges in this case. [my emphasis]

The argument that any investigation into Concord is complete is undermined by the other motion Concord submitted the same day they submitted this motion. It complains that Mueller prosecutor Rush Atkinson somehow took investigative action on information a week after Concord provided  the same information to the Firewall Counsel, on August 30.

On August 23, 2018, in connection with a request (“Concord’s Request”) made pursuant to the Protective Order entered by the Court, Dkt. No. 42-1, Concord provided confidential information to Firewall Counsel. The Court was made aware of the nature of this information in the sealed portion of Concord’s Motion for Leave to Respond to the Government’s Supplemental Briefing Relating to Defendant’s Motion to Dismiss the Indictment, filed on October 22, 2018. Dkt. No. 70-4 (Concord’s “Motion for Leave”). Seven days after Concord’s Request, on August 30, 2018, Assistant Special Counsel L. Rush Atkinson took investigative action on the exact same information Concord provided to Firewall Counsel. Undersigned counsel learned about this on October 4, 2018, based on discovery provided by the Special Counsel’s Office. Immediately upon identifying this remarkable coincidence, on October 5, 2018, undersigned counsel requested an explanation from the Special Counsel’s Office, copying Firewall Counsel on the e-mail. The Special Counsel’s Office responded to the email on October 7, 2018, but did not explain how it obtained the confidential information, stating instead that the trial team was unaware that undersigned counsel was in communication with Firewall Counsel and that “[n]o criminal process that has been turned over in discovery is derived from [those] communications.”

Having received no further explanation or information from the government, undersigned counsel raised this issue with the Court in a filing made on October 22, 2018 in connection with the then-pending Motion to Dismiss. In response to questions from the Court, Firewall Counsel denied having any communication with the Special Counsel’s Office.

In a footnote, Concord makes the kind of vague claim I expect to be corrected by Mueller, suggesting that its one request to Firewall Counsel hasn’t gotten a response.

Concord initially requested authorization from the Court pursuant to the Protective Order to disclose a small number of specifically identified allegedly sensitive documents to particular Russian individuals, but to date the Court had not required the Firewall Counsel to respond to that request in writing.

While it’s certainly possible Atkinson’s investigative action fed into the September 28 charges against Khusyaynova, one way or another, it suggests the parts of the Concord investigation under Mueller also remain ongoing.

Interestingly, Atkinson wasn’t on October 23 and  November 27 filings in this case, though he was on yesterday’s brief; during October and November, however, Atkinson was dealing with red-blooded American trolls like Jerome Corsi.

In any case, the complaint about Atkinson feels like a parallel construction issue to me. After all, Concord surely remains under close surveillance by the US government, and so long as Progozhin does not have a lawyer who files an appearance for him personally in this matter, he likely remains a legitimate surveillance target. So Atkinson might have means to obtain such information independent of the Firewall Counsel.

Reverse engineering the parallel construction on 3 million documents

Indeed, that’s what this entire thing feels like: an attempt to obtain the non-classified discovery from US providers to reverse engineer it to understand what surveillance the underlying investigation is conducting. As Concord describes, its lawyers are seeing millions of documents obtained via subpoena.

The Special Counsel has explicitly acknowledged that none of the discovery is classified. Moreover, the allegedly “sensitive” discovery appears to have been collected exclusively through the use of criminal subpoenas, search warrants, and orders issued pursuant to 18 U.S.C. § 2703, as opposed to any classified collection method.

It then goes on to suggest that what US tech companies turn over in response to legal process is all laid out in public. It also helpfully names a bunch of providers from which discovery has been provided: Google, Facebook, Twitter, Apple, Microsoft, Yahoo!, Instagram, WhatsApp, Paypal, and Verizon.

With respect to “sensitive investigatory techniques,” the discovery produced to date comes from legal process issued to various companies, including email providers, internet service providers, financial institutions, and other sources. See Government’s Mot. For a Protective Order Under Federal Rule of Criminal Procedure 16(d)(1) at 2, Dkt. 24. But any person anywhere in the world connected to the Internet already knows that law enforcement agencies can and do gather evidence from these types of companies through legal process in criminal matters, and specifically what can be gathered through those various processes is widely known and is not in need of protection. For example, Google explains in detail on its website precisely what information it will disclose in response to legal process in the form of a subpoena, court order, or search warrant. See https://support.google.com/transparencyreport/answer/ 7381738?hl=en. Google specifically publicizes that in response to a subpoena for Gmail data, it can be compelled to disclose subscriber registration information (e.g., name, account creation information, associated email addresses, phone number), and sign-in IP addresses and associated time stamps. Id. In response to a court order for Gmail data, Google may provide “non-content information (such as non-content email header information)” and in response to a search warrant Google can be compelled to produce email content, in addition to the data produced in response to a subpoena or court order. Id. Facebook publishes similar information, explaining that in response to a subpoena, it may disclose “basic subscriber records,” which may include name, length of service, credit card information, email addresses, and recent login/logout IP addresses. See https://www.facebook.com/safety/groups/law/guidelines/. In response to a court order, Facebook may disclose message headers and IP addresses, as well as basic subscriber records. Id. In response to a search warrant, Facebook may disclose stored contents of the account, including messages, photos, videos, timeline posts, and location information. Id.

Twitter, Apple, Microsoft, Yahoo!, Instagram, and WhatsApp, all publish similarly detailed information about the types of data available to law enforcement through subpoenas, court orders, and search warrants. See https://help.twitter.com/en/rules-and-policies/twitter-lawenforcement-support (explanation from Twitter that obtaining non-public information requires valid legal process like a subpoena, court order, or other legal process and that requests for the contents of communications require a valid search warrant or equivalent); https:// www.apple.com/privacy/government-information-requests/ (explanation from Apple, Inc. of what government and law enforcement agencies can obtain through legal process); https:// www.microsoft.com/en-us/corporate-responsibility/lerr (explanation from Microsoft that a subpoena is required for non-content data, and a warrant or court order is required for content data); https://r.search.yahoo.com/_ylt=A0geK.OJvA5cPPUAkCJXNyoA;_ylu= X3oDMTEyaDM4Z2dkBGNvbG8DYmYxBHBvcwMxBHZ0aWQDQjQ4NTNfMQRzZWMDc3I-/RV=2/ RE=1544498442/RO=10/RU=https%3a%2f%2fwww.eff.org%2ffiles%2ffilenode%2fsocial_net work%2fyahoo_sn_leg-doj.pdf/RK=2/RS=sXU4pB1SMj3WwjZBx3ltlU4S6v w- (explanation from Yahoo of precisely what data may be disclosed in response to a subpoena, 2703(d) order, or Search Warrant); https://faq.whatsapp.com/en/android/26000050/?category=5245250 (explanation from WhatsApp detailing what information is available through various forms of legal process); https://help.instagram.com/494561080557017 (explanation from Instagram describing the information it will disclose in response to subpoenas, search warrants, and court orders). Financial institutions and internet service providers also openly describe what information is available to law enforcement through various legal process. See, e.g., https://www.paypal.com/us/webapps/mpp/law-enforcement (explanation from PayPal describing the type of data it collects and when that data is made available to law enforcement as required by law); https://www.verizon.com/about/portal/transparency-report/faqs/ (explanation from Verizon of the types of information it is required to disclose when properly requested by law enforcement or court order).

Thus, if it is the so-called “manner of collection” of the discovery that the Special Counsel seeks to protect—that is, the fact that law enforcement agencies can collect a certain type of data—that fact is widely known and does not justify the burdens the Protective Order imposes on Concord’s right to present a defense.3

Concord goes on to dismiss the concerns of exposing “witnesses.”

3 To the extent that the government argues that limiting access to discovery will ensure the safety of witnesses, there is no valid basis for such argument. Specifically, even in cases where there is such a risk (and undersigned counsel knows of no such risk here), there must be more than “broad allegations of harm, unsubstantiated by specific examples or articulated reasoning.” Johnson, 314 F. Supp. 3d at 251. In those instances, courts are still willing to allow a defendant to review the evidence, subject to certain parameters. See, e.g., id., at 254 (requiring government redaction of discovery materials); Darden, 2017 WL 3700340, at *3 (adopting less-restrictive measure to ensure witness safety). If the government has a legitimate concern about witness safety, the burden is on it to specifically articulate the concern, identify precisely the documents that would lead to the identification of a witness, and redact that information or propose an alternative means of restricting disclosure.

The FBI hides a great deal of detail about precisely what it can obtain from providers by deeming service providers witnesses, and this feels like the same.

Still, even the public record in past dockets reveals that discovery from providers can be vastly more extensive than the public imagines.

Which is, I imagine, what Concord is trying to provide Putin’s chef.

The troll lawyers implicitly troll Judge Freidrich’s past rulings

Don’t get me wrong. What kind of protective order Friedrich sustains against Concord so long as it insists co-defendant Prigozhin is the only one at Concord who can handle that discovery is an interesting legal question.

That said, Concord’s signature style might start wearing on Friedrich’s patience given claims that seemingly defy her decision on the last major challenge to the Mueller prosecution.

In this first-of-its-kind prosecution of a make-believe crime, the Office of Special Counsel maintains that it can unilaterally—and for secret reasons disclosed only to the Court— categorize millions of pages of non-classified documents as “sensitive,” and prohibit defense counsel from sharing this information with Defendant Concord for purposes of preparing for trial. This, apparently only because the Defendant and its officers and employees are Russian as opposed to American. The Special Counsel’s unique argument appears rooted in the maxim, “Happy the short-sighted who see no further than what they can touch.”1

Maillart, Ella K., The Cruel Way (1947).

Friedrich has already ruled that this is not a made-up crime.

In Concord’s view, that omission is dispositive: the indictment cannot accuse Concord of conspiring to obstruct lawful government functions “without any identified or recognized statutory offense” because a conspiracy conviction cannot be “based strictly on lawful conduct” even if that conduct is “concealed from the government.” Id. (emphasis omitted).

Concord is correct that the indictment must identify the lawful government functions at issue with some specificity. And it does. See Indictment ¶¶ 9, 25–27. A defraud-clause conspiracy need not, however, allege an agreement to violate some statutory or regulatory provision independent of § 371. 3

[Citations of 5 cases demonstrating the point]

Put simply, conspiracies to defraud the government by interfering with its agencies’ lawful functions are illegal because § 371 makes them illegal, not because they happen to overlap with substantive prohibitions found in other statutes.

Similarly, as part of a complaint that the prosecutors haven’t had to bear any burden of this protective order, Concord says they should have to redact Personally Identifiable Information rather than deeming materials including it “sensitive.”

But rather than impose on the government the burden of identifying the materials that actually contain PII, so that the specific documents or information can be redacted or restricted, the Special Counsel has used the Protective Order to designate the entirety of various data productions to completely restrict Concord’s ability to view the vast majority of discovery regardless of whether specific documents contain PII.

This is another issue that Friedrich has already ruled against the defense on, ruling against their request to make Mueller strip the PII.

Friedrich already seemed predisposed to honor the government’s security concerns, which they just teed up again. If she feels like she’s the one being trolled, as opposed to Democratic voters or Special Counsel lawyers, she may not look too kindly on this request.

As I disclosed in July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Mueller Frees Up the Troll Team

In the background of the celebrating over the Carpenter SCOTUS decision — which held that the government generally needs a warrant to access historical cell phone location — there were a few developments in the Mueller investigation:

  • The George Papadopoulos parties moved towards sentencing, either on September 7 or in October. If Mueller told Papadopoulos his wife Simon’s Mangiante seeming coordination of the Stefan Halper smear with Sam Clovis (and his lawyer, Victoria Toensing) and Carter Page got him in trouble, we got no sign of that.
  • Amy Berman Jackson dismissed a Paul Manafort attempt to limit the criminal penalties of his Foreign Agent Registration Act violations; this isn’t very sexy, but if the well-argued opinion stands, it will serve as a precedent in DC for other sleazy influence peddlers.
  • After ABJ made sure Rick Gates ask Mueller if he really didn’t mind Gates going on a trip without his GPS ankle bracelet, Gates got permission to travel — with the jewelry.
  • Kimba Wood accepted Special Master Barbara Jones’ recommendations, which among other things held that just 7 of the files reviewed so far pertain to the privilege of anyone, presumably including Trump,  to whom Michael Cohen was providing legal services. So Cohen and Trump just paid upwards of $150,000 to hide the advice Cohen has gotten from lawyers and seven more documents — that is, for no really good reason.
  • In two separate filings, four DOJ lawyers filed notices of appearance in the Internet Research Agency/Concord Management case.

It’s the latter that I find most interesting. Mueller has added a team of four lawyers:

  • Deborah A. Curtis
  • Jonathan Kravis
  • Kathryn Rakoczy
  • Heather Alpino

To a team with three (plus Michael Dreeben):

  • Jeannie Sclafani Rhee
  • Rush Atkinson
  • Ryan Kao Dickey

Devlin Barrett (he of the likely impressive link map) reported that Mueller did this to prepare for the moment when his office shuts down and the Concord Management nuisance defense drags on for years.

People familiar with the staffing decision said the new prosecutors are not joining Mueller’s team, but rather are being added to the case so that they could someday take responsibility for it when the special counsel ceases operation. The case those prosecutors are joining could drag on for years because the indictment charges a number of Russians who will probably never see the inside of a U.S. courtroom. Russia does not extradite its citizens.

The development suggests Mueller is contemplating the end of his work and farming out any potentially outstanding prosecutions to other parts of the Justice Department.

Except this doesn’t make sense. Not only are Concord and the judge, Dabney Friedrich, pushing for a quick trial, but Atkinson and Dickey are themselves DOJ employees, so could manage any residual duties.

Far more likely, Mueller is ensuring one of his A Teams — including Dickey, DOJ’s best cyber prosecutor — will be able to move on to more important tasks on the central matters before him.