CNN reported today that Thomas Windom, the lead AUSA on January 6 investigations targeting Trump and his cronies, sent a second subpoena to NARA.
The Justice Department has issued a new grand jury subpoena to the National Archives for more documents as part of its investigation into the January 6, 2021, attack on the US Capitol, two sources familiar with the investigation tell CNN.
This latest subpoena, issued on August 17, is in addition to a subpoena the Department of Justice sent to the Archives earlier this year, requesting the same documents and information that the Archives had previously handed over to the House select committee investigating January 6.
This new subpoena, which has not been previously reported, is understood to request additional documents and data from the Archives, pertaining to a period of time both before and after January 6.
Thomas Windom, an Assistant US Attorney, who is leading the criminal probe into the effort to impede the transfer of power after the 2020 election, including the potential role played by former President Donald Trump and allies to organize a group of fake electors who could keep Trump in power despite losing the election.
Federal prosecutors investigating the role that former President Donald J. Trump and his allies played in the events leading up to the Jan. 6, 2021, attack on the Capitol have issued a grand jury subpoena to the National Archives for all the documents the agency provided to a parallel House select committee inquiry, according to a copy of the subpoena obtained by The New York Times.
The subpoena, issued to the National Archives in May, made a sweeping demand for “all materials, in whatever form” that the archives had given to the Jan. 6 House committee. Those materials included records from the files of Mr. Trump’s top aides, his daily schedule and phone logs and a draft text of the president’s speech that preceded the riot.
There are, to be sure, a number of possible explanations for this: Perhaps Windom believes he’ll get information on the Secret Service or DHS that eluded the deletion effort shortly after Joe Biden’s inauguration. Perhaps Windom knows of someone else covered by the Archives that the January 6 Committee hasn’t yet identified, one not covered by Executive Privilege.
But I can’t help but notice that Windom obtained the subpoena the day after Paul Sperry claimed the Trump had been hoarding documents at Mar-a-Lago with the intent of thwarting the January 6 Committee. (h/t Ron Filipkowski)
Anything seized in the raid would, by definition, be evidence of a crime (the obstruction already under investigation). And Windom might have been able to craft the subpoena to obtain everything January 6 related that Trump had withheld, without the privilege waiver from Biden.
And if Windom issued this subpoena in response to Sperry’s comment, then it’ll increase the likelihood that responsive materials will be turned over before any further legal stalling happens.
In other words, by hoarding the documents he most wanted to withhold from the Committee, he may have made it easier for prosecutors to get the materials.
https://www.emptywheel.net/wp-content/uploads/2022/08/Paul-Sperry.jpeg619680emptywheelhttps://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.pngemptywheel2022-08-23 14:05:532022-08-23 14:11:02The Day After Paul Sperry Claimed Trump Had Been Hiding January 6 Documents, DOJ Subpoenaed the Archives Again
Last December, when the DC Circuit ruled that the Archives should share Donald Trump’s materials relating to January 6 with the January 6 Committee, it emphasized the “rare and formidable alignment of factors supports the disclosure of the documents at issue.”
On this record, a rare and formidable alignment of factors supports the disclosure of the documents at issue. President Biden has made the considered determination that an assertion of executive privilege is not in the best interests of the United States given the January 6th Committee’s compelling need to investigate and remediate an unprecedented and violent attack on Congress itself. Congress has established that the information sought is vital to its legislative interests and the protection of the Capitol and its grounds. And the Political Branches are engaged in an ongoing process of negotiation and accommodation over the document requests.
It likewise pointed to the careful attention (and month-long reviews) the Biden White House gave to each tranche of materials at issue.
Still, when the head of the Executive Branch lays out the type of thoroughgoing analysis provided by President Biden, the scales tilt even more firmly against the contrary views of the former President.
Judge Patricia Millet’s opinion even found that the due consideration Biden exercised was enough to reject Trump’s claim that the Presidential Records Act had given him “unfettered discretion to waive” his own Executive Privilege claim.
Lastly, former President Trump argues that, to the extent the Presidential Records Act is construed to give the incumbent President “unfettered discretion to waive former Presidents’ executive privilege,” it is unconstitutional. Appellant Opening Br. 47. There is nothing “unfettered” about President Biden’s calibrated judgment in this case.
Citing Mazars, the opinion also noted SCOTUS’ deference to information-sharing accommodations between the Political Branches, the Executive and Legislative Branches.
Weighing still more heavily against former President Trump’s claim of privilege is the fact that the judgment of the Political Branches is unified as to these particular documents. President Biden agrees with Congress that its need for the documents at issue is “compelling[,]” and that it has a “sufficient factual predicate” for requesting them. First Remus Ltr., J.A. 107; see also Third Remus Ltr., J.A. 173. As a result, blocking disclosure would derail an ongoing process of accommodation and negotiation between the President and Congress, and instigate an interbranch dispute.
The Supreme Court has emphasized the importance of courts deferring to information-sharing agreements wrestled over and worked out between Congress and the President. See Mazars, 140 S. Ct. at 2029, 2031.
In other words, the request of a coequal branch of government, made with the assent of the incumbent President, presented a very powerful legal case for sharing Trump’s January 6 records with Congress.
When the Supreme Court considered the question, only Ginni Thomas’ spouse disagreed (Brett Kavanaugh did attempt to limit the decision).
The courts may well have come to this same conclusion had Merrick Garland’s DOJ subpoenaed records from the Archives for its own investigation of Donald Trump directly. A “subpoena or other judicial process issued by a court of competent jurisdiction for the purposes of any civil or criminal investigation or proceeding” is one of the three exceptions the Presidential Records Act makes to the parts of the law that restrict access to the materials for a period after the President’s Administration.
But constitutionally, it would have been a very different legal and political question.
Importantly, the only way to obtain a privilege waiver from Biden in that situation would be to violate DOJ’s Contacts Policy that firewalls the White House from ongoing criminal investigations, and so the request would either have lacked that waiver from the incumbent President, or would risk politicizing the DOJ investigation.
The Biden White House’s strict adherence to that Contacts Policy is what allowed Karine Jean-Pierre to make a categorical denial of any advance warning of the search on Trump’s home and to use that as a reaffirmation of the rule of law last week.
She’ll probably get similar questions today, and make the same categorical denial of any White House knowledge.
All that is the predictable background to the NYT report that, after the January 6 Committee subpoenaed these records, and after the Archives gave both Presidents an opportunity to weigh in, and after the DC Circuit and Supreme Court ruled against Trump’s complaints, DOJ subpoenaed all the same material from the Archives themselves.
Federal prosecutors investigating the role that former President Donald J. Trump and his allies played in the events leading up to the Jan. 6, 2021, attack on the Capitol have issued a grand jury subpoena to the National Archives for all the documents the agency provided to a parallel House select committee inquiry, according to a copy of the subpoena obtained by The New York Times.
The subpoena, issued to the National Archives in May, made a sweeping demand for “all materials, in whatever form” that the archives had given to the Jan. 6 House committee. Those materials included records from the files of Mr. Trump’s top aides, his daily schedule and phone logs and a draft text of the president’s speech that preceded the riot.
While the NYT doesn’t say it, it seems likely that the Archives gave these already privilege-reviewed documents to prosecutor Thomas Windom with nary a squeak, and we’re just learning about it — indeed Trump may have just learned about it, which is where the subpoena probably came from — four months later. We’re just learning about it, importantly, after the FBI seized another 27 boxes of documents that Trump had refused to turn over to the Archives, including records (if you can believe Paul Sperry) pertinent to January 6.
When I predicted this would happen in December, I went out of my way to ask constitutional lawyers if they had another solution to the puzzle of getting Trump’s documents without violating that Contacts Policy, and no one even engaged with a question — how to overcome Executive Privilege — that had been a real problem for Robert Mueller, when he was investigating Donald Trump.
People will wail about the timing of this request and others, including the NYT, will falsely claim this is proof that DOJ is following the January 6 Committee.
Asking the National Archives for any White House documents pertaining to the events surrounding Jan. 6 was one of the first major steps the House panel took in its investigation. And the grand jury subpoena suggests that the Justice Department has not only been following the committee’s lead in pursuing its inquiry, but also that prosecutors believe evidence of a crime may exist in the White House documents the archives turned over to the House panel.
There were covert steps taken before that, including the (admittedly belated) request for call records at least a month earlier.
In addition, Justice Department investigators in April received phone records of key officials and aides in the Trump administration, including his former chief of staff, Mark Meadows, according to two people familiar with the matter.
And we’ve already seen proof that the fake electors investigation, at least, has pursued leads that the Committee had not yet made public before DOJ was including them in subpoenas.
Furthermore, the subpoena was issued before the Committee started its public hearings on June 9.
There are a couple of other notable details about this timing.
First, in addition to coming after the SCOTUS decision, this subpoena came after Mark Meadows and Ivanka made efforts to comply with the Presidential Records Act by providing the Archives copies of official business they conducted on their own email and Signal accounts. It also came after any responsive documents from the 15 boxes of records that Trump did provide to the Archives earlier this year were identified. DOJ made its request at a time when the Archives were more complete than they had been when the Committee started identifying big gaps in the records.
The only thing we know remains missing from those Archives (aside from documents seized last week) is Peter Navarro’s ProtonMail account, which DOJ sued to obtain earlier this month.
The Archives’ request also came after Trump had largely given up the effort to fight individual releases.
As NYT correctly noted, DOJ only issued this subpoena at a time when it was issuing other subpoenas (the fact of, but not the substance, of Brandon Straka’s cooperation had been made public in January, and Ali Alexander’s excuses for his actions at the Capitol had already been debunked in January after Owen Shroyer, who was arrested a year ago, made the very same excuses).
The subpoena was issued to the National Archives around the same time that it became publicly known that the Justice Department was looking beyond the rioters who were present at the Capitol and trying to assess the culpability of people who had helped organize pro-Trump rallies in Washington on Jan. 6. In the spring, for instance, Mr. Windom issued a grand jury subpoena to Ali Alexander, a prominent organizer of “Stop the Steal” events who complied by submitting records to prosecutors and testifying before the grand jury.
We don’t know what steps DOJ took before May (aside from those that have shown in cases like Straka’s). We do know that at that point, DOJ started taking overt steps that would build on previous covert ones. We also know that we keep learning about steps that DOJ took months ago, when people were wailing that they would know if DOJ had taken such steps.
I can’t prove that this was always the plan from the time, 375 days ago, when I first observed how DOJ was getting privilege waivers from Biden without violating their new Contacts Policy. I can’t prove it was the plan when I wrote an entire post in December about the puzzle of Executive Privilege waivers. I had no idea that DOJ was issuing that subpoena when I stated that it was probably doing so in May, the month it occurred.
We should assume the same kind of [synthesis with a Congressional investigation as happened with Mueller] is happening here. All the more so given the really delicate privilege issues raised by this investigation, including Executive, Attorney-Client, and Speech and Debate. When all is said and done, I believe we will learn that Merrick Garland set things up in July such that the January 6 Committee could go pursue Trump documents at the Archives as a co-equal branch of government bolstered by Biden waivers that don’t require any visibility into DOJ’s investigation. Privilege reviews covering Rudy Giuliani, Sidney Powell, and John Eastman’s communications are also being done. That is, this time around, DOJ seems to have solved a problem that Mueller struggled with. And they did so with the unsolicited help of the January 6 Committee.
What I can say with no doubt, though, is that Merrick Garland’s DOJ solved one of the most challenging constitutional problems facing an investigation of a former President. And it solved that problem months ago.
https://www.emptywheel.net/wp-content/uploads/2022/08/Screen-Shot-2022-08-18-at-9.47.52-AM.png9341346emptywheelhttps://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.pngemptywheel2022-08-18 06:52:002022-08-18 12:38:38Rule of Law: DOJ Obtained Trump’s Privilege-Waived Documents in May
Late last year, a Foreign Affairs article by former Principal Deputy Director of National Intelligence Sue Gordon and former DOD Chief of Staff Eric Rosenbach asserted that the files leaked in 2016 and 2017 by Shadow Brokers came from two NSA officers who brought the files home from work.
In two separate incidents, employees of an NSA unit that was then known as the Office of Tailored Access Operations—an outfit that conducts the agency’s most sensitive cybersurveillance operations—removed extremely powerful tools from top-secret NSA networks and, incredibly, took them home. Eventually, the Shadow Brokers—a mysterious hacking group with ties to Russian intelligence services—got their hands on some of the NSA tools and released them on the Internet. As one former TAO employee told The Washington Post, these were “the keys to the kingdom”—digital tools that would “undermine the security of a lot of major government and corporate networks both here and abroad.”
One such tool, known as “EternalBlue,” got into the wrong hands and has been used to unleash a scourge of ransomware attacks—in which hackers paralyze computer systems until their demands are met—that will plague the world for years to come. Two of the most destructive cyberattacks in history made use of tools that were based on EternalBlue: the so-called WannaCry attack, launched by North Korea in 2017, which caused major disruptions at the British National Health Service for at least a week, and the NotPetya attack, carried out that same year by Russian-backed operatives, which resulted in more than $10 billion in damage to the global economy and caused weeks of delays at the world’s largest shipping company, Maersk. [my emphasis]
That statement certainly doesn’t amount to official confirmation that that’s where the files came from (and I’ve been told that the scope of the files released by Shadow Brokers would have required at least one more source). But the piece is as close as anyone with direct knowledge of the matter — as Gordon would have had from the aftermath — has come to confirming on the record what several strands of reporting had laid out in 2016 and 2017: that the NSA files that were leaked and then redeployed in two devastating global cyberattacks came from two guys who brought highly classified files home from the NSA.
The two men in question, Nghia Pho and Hal Martin, were prosecuted under 18 USC 793e, likely the same part of the Espionage Act under which the former President is being investigated. Pho (who was prosecuted by Thomas Windom, one of the prosecutors currently leading the fake elector investigation) pled guilty in 2017 and was sentenced to 66 months in prison; he is processing through re-entry for release next month. Martin pled guilty in 2019 and was sentenced to 108 months in prison.
The government never formally claimed that either man caused hostile powers to obtain these files, much less voluntarily gave them to foreign actors. Yet it used 793e to hold them accountable for the damage their negligence caused.
There has never been any explanation of how the files from Martin would have gotten to the still unidentified entity that released them.
But there is part of an explanation how files from Pho got stolen. WSJ reported in 2017 that the Kaspersky Anti-Virus software Pho was running on his home computer led the Russian security firm to discover that Pho had the NSA’s hacking tools on the machine. Somehow (the implication is that Kaspersky alerted the Russian government) that discovery led Russian hackers to subsequently target Pho’s computer and steal the files. In response to the WSJ report, Kaspersky issued their own report (here’s a summary from Kim Zetter). It acknowledged that Kaspersky AV had pulled in NSA tools after triggering on a known indicator of NSA compromise (the report claimed, and you can choose to believe that or not, that Kaspersky had deleted the most interesting parts of the files obtained). But it also revealed that in that same period, Pho had briefly disabled his Kaspersky AV and downloaded a pirated copy of Microsoft Office, which led to at least one backdoor being loaded onto his computer via which hostile actors would have been able to steal the NSA’s crown jewels.
Whichever version of the story you believe, both confirm that Kaspersky AV provided a way to identify a computer storing known NSA hacking tools, which then led Pho — someone of sufficient seniority to be profiled by foreign intelligence services — to be targeted for compromise. Pho didn’t have to give the files he brought home from work to Russia and other malicious foreign entities. Merely by loading them onto his inadequately protected computer and doing a couple of other irresponsible things, he made the files available to be stolen and then used in one of the most devastating information operations in history. Pho’s own inconsistent motives didn’t matter; what mattered was that actions he took made it easy for malicious actors to pull off the kind of spying coup that normally takes recruiting a high-placed spy like Robert Hanssen or Aldrich Ames.
In the aftermath of the Shadow Brokers investigation, the government’s counterintelligence investigators may have begun to place more weight on the gravity of merely bringing home sensitive files, independent of any decision to share them with journalists or spies.
Consider the case of Terry Albury, the FBI Agent who shared a number of files on the FBI’s targeting of Muslims with The Intercept. As part of a plea agreement, the government charged Albury with two counts of 793e, one for a document about FBI informants that was ultimately published by The Intercept, and another (about an online terrorist recruiting platform) that Albury merely brought home. The government’s sentencing memo described the import of files he brought home but did not share with The Intercept this way:
The charged retention document relates to the online recruitment efforts of a terrorist organization. The defense asserts that Albury photographed materials “to the extent they impacted domestic counter-terrorism policy.” (Defense Pos. at 37). This, however, ignores the fact that he also took documents relating to global counterintelligence threats and force protection, as well as many documents that implicated particularly sensitive Foreign Intelligence Surveillance Act collection. The retention of these materials is particularly egregious because Albury’s pattern of behavior indicates that had the FBI not disrupted Albury and the threat he posed to our country’s safety and national security, his actions would have placed those materials in the public domain for consumption by anyone, foreign or domestic.
And in a declaration accompanying Albury’s sentencing, Bill Priestap raised the concern that by loading some of the files onto an Internet-accessible computer, Albury could have made them available to entities he had no intention of sharing them with.
The defendant had placed certain of these materials on a personal computing device that connects to the Internet, which creates additional concerns that the information has been or will be transmitted or acquired by individuals or groups not entitled to receive it.
This is the scenario that, one year earlier, was publicly offered as an explanation for the theft of the files behind The Shadow Brokers; someone brought sensitive files home and, without intending to, made them potentially available to foreign hackers or spies.
Albury was sentenced to four years in prison for bringing home 58 documents, of which 35 were classified Secret, and sending 25 documents, of which 16 were classified Secret, to the Intercept.
Then there’s the case of Daniel Hale, another Intercept source. Two years after the Shadow Brokers leaks (and five years after his leaks), he was charged with five counts of taking and sharing classified documents, including two counts of 793e tied to 11 documents he took and shared with the Intercept. Three of the documents published by The Intercept were classified Top Secret.
Hale pled guilty last year, just short of trial. As part of his sentencing process, the government argued that the baseline for his punishment should start from the punishments meted to those convicted solely of retaining National Defense Information. It tied Hale’s case to those of Martin and Pho explicitly.
Missing from Hale’s analysis are § 793 cases in which defendants received a Guidelines sentence for merely retaining national defense information. See, e.g., United States v. Ford, 288 F. App’x 54, 61 (4th Cir. 2008) (affirming 72-month sentence for retention of materials classified as Top Secret); United States v. Martin, 1:17-cr-69-RDB) (D. Md. 2019) (nine-year sentence for unlawful retention of Top Secret information); United States v. Pho, 1:17-cr-00631 (D. Md. 2018) (66-month sentence for unlawful retention of materials classified as Top Secret). See also United States v. Marshall, 3:17-cr-1 (S.D. TX 2018) (41-month sentence for unlawful retention of materials classified at the Secret level); United States v. Mehalba, 03-cr-10343-DPW (D. Ma. 2005) (20-month sentence in connection with plea for unlawful retention – not transmission – in violation of 793(e) and two counts of violating 18 U.S.C. 1001; court departed downward due to mental health of defendant).
Hale is more culpable than these defendants because he did not simply retain the classified documents, but he provided them to the Reporter knowing and intending that the documents would be published and made available to the world. The potential harm associated with Hale’s conduct is far more serious than mere retention, and therefore calls for a more significant sentence. [my emphasis]
Even in spite of a moving explanation for his actions, Hale was sentenced to 44 months in prison. Hale still has almost two years left on his sentence in Marion prison.
That focus on other retention cases from the Hale filing was among the most prominent national references to yet another case of someone prosecuted during the Trump Administration for taking classified files home from work, that of Weldon Marshall. Over the course of years of service in the Navy and then as a contractor in Afghanistan, Marshall shipped hard drives of classified materials home.
From the early 2000s, Marshall unlawfully retained classified items he obtained while serving in the U.S. Navy and while working for a military contractor. Marshall served in the U.S. Navy from approximately January 1999 to January 2004, during which time he had access to highly sensitive classified material, including documents describing U.S. nuclear command, control and communications. Those classified documents, including other highly sensitive documents classified at the Secret level, were downloaded onto a compact disc labeled “My Secret TACAMO Stuff.” He later unlawfully stored the compact disc in a house he owned in Liverpool, Texas. After he left the Navy, until his arrest in January 2017, Marshall worked for various companies that had contracts with the U.S. Department of Defense. While employed with these companies, Marshall provided information technology services on military bases in Afghanistan where he also had access to classified material. During his employment overseas, and particularly while he was located in Afghanistan, Marshall shipped hard drives to his Liverpool home. The hard drives contained documents and writings classified at the Secret level about flight and ground operations in Afghanistan. Marshall has held a Top Secret security clearance since approximately 2003 and a Secret security clearance since approximately 2002.
Outside DOJ, pundits have suggested that Trump’s actions are comparable to those of Sandy Berger, who like Trump stole files that belong to the National Archives and after some years pled guilty to a crime that Trump since made into a felony, or David Petraeus, who like Trump took home and stored highly classified materials in unsecured locations in his home. Such comparisons reflect the kind of elitist bias that fosters a system in which high profile people believe they are above the laws that get enforced for less powerful people.
But the cases I’ve laid out above — particularly the lesson Pho and Martin offer about how catastrophic it can be when someone brings classified files home and stores them insecurely, no matter their motives — are the background against which career espionage prosecutors at DOJ will be looking at Trump’s actions.
And while Trump allegedly brought home paper documents, rather than the digital files that Russian hackers could steal while sitting in Moscow, that doesn’t make his actions any less negligent. Since he was elected President, Mar-a-Lago became a ripe spying target, resulting in at least one prosecution. And two of the people he is most likely to have granted access to those files, John Solomon and Kash Patel, each pose known security concerns. Trump has done the analog equivalent of what Pho did: bring the crown jewels to a location already targeted by foreign intelligence services and store them in a way that can be easily back-doored. Like Pho, it doesn’t matter what Trump’s motivation for doing so was. Having done it, he made it ridiculously easy for malicious actors to simply come and take the files.
Under Attorneys General Jeff Sessions and Bill Barr, DOJ put renewed focus on prosecuting people who simply bring home large caches of sensitive documents. They did so in the wake of a costly lesson showing that the compromise of insecurely stored files can do as much damage as a high level recruited spy.
It’s a matter of equal justice that Trump be treated with the same gravity with which Martin and Pho and Albury and Hale and Marshall were treated under the Trump Administration, for doing precisely what Donald Trump is alleged to have done (albeit with far fewer and far less sensitive documents). But as the example of Shadow Brokers offers, it’s also a matter of urgent national security.
https://www.emptywheel.net/wp-content/uploads/2017/08/NationalSecurityAgency_HQ-FortMeadeMD_Wikimedia.jpg10001500emptywheelhttps://www.emptywheel.net/wp-content/uploads/2016/07/Logo-Web.pngemptywheel2022-08-14 09:19:492022-08-14 09:59:2218 USC 793e in the Time of Shadow Brokers and Donald Trump
![[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]](https://www.emptywheel.net/wp-content/uploads/2017/08/NationalSecurityAgency_HQ-FortMeadeMD_Wikimedia.jpg)
