Posts

Trump Appears to Have Withheld the KT McFarland Email about the “Thrown Election”

/80 Comments/in , /by

This post explains what appears to be the real reason for the fake outrage about Mueller obtaining information from GSA: by doing so, he appears to have obtained proof that the Transition was withholding emails material to the investigation. Go to this post for a more general summary of what we know about the claim. 

Here’s the letter that Trump For America lawyer sent to Congress to cause a big hullabaloo about how Robert Mueller obtained transition period emails. I unpacked it in this Twitter thread and commented on it in an update to this post.

But this passage deserves a separate post, because it seems to go to the heart of why the Republicans are spewing propaganda like this.

Additionally, certain portions of the PTT materials the Special Counsel’s Office obtained from the GSA, including materials that are susceptible to privilege claims, have been leaked to the press by unknown persons. Moreover, the leaked records have been provided to the press without important context and in a manner that appears calculated to inflict maximum reputational damage on the PTT and its personnel, without the inclusion of records showing that PTT personnel acted properly – which in turn forces TFA to make an impossible choice between (a) protecting its legal privileges by keeping its records confidential and (b) waiving its privileges by publicly releasing records that counteract the selective leaks and misguided news reports. In short, since the GSA improperly provided them to the Special Counsel’s Office, the PTT’s privileged materials have not only been reviewed privately by the Special Counsel’s Office without notification to TFA – they have also been misused publicly.

Kory Langhofer is insinuating — without quite risking the claim — that after GSA shared certain emails with Robert Mueller’s office, “unknown persons” leaked them to the press. The insinuation is that Mueller’s team leaked them.

I can think of just one set of emails that fit this description: emails from KT McFarland that provided proof that Mike Flynn lied to the FBI about his conversations with Sergei Kislyak on December 29, 2016. The NYT quoted extensively from them in a December 2 story.

Among other things, McFarland stated in the emails that Russia “has just thrown the U.S.A. election to” Trump.

On Dec. 29, a transition adviser to Mr. Trump, K. T. McFarland, wrote in an email to a colleague that sanctions announced hours before by the Obama administration in retaliation for Russian election meddling were aimed at discrediting Mr. Trump’s victory. The sanctions could also make it much harder for Mr. Trump to ease tensions with Russia, “which has just thrown the U.S.A. election to him,” she wrote in the emails obtained by The Times.

[snip]

Mr. Obama, she wrote, was trying to “box Trump in diplomatically with Russia,” which could limit his options with other countries, including Iran and Syria. “Russia is key that unlocks door,” she wrote.

She also wrote that the sanctions over Russian election meddling were intended to “lure Trump in trap of saying something” in defense of Russia, and were aimed at “discrediting Trump’s victory by saying it was due to Russian interference.”

“If there is a tit-for-tat escalation Trump will have difficulty improving relations with Russia, which has just thrown U.S.A. election to him,” she wrote.

Contrary to Langhofer’s suggestion, NYT made some effort to mitigate the damage of McFarland’s comment seemingly confirming the Trump team knew the election had been stolen, including speaking to a White House lawyer about it.

It is not clear whether Ms. McFarland was saying she believed that the election had in fact been thrown. A White House lawyer said on Friday that she meant only that the Democrats were portraying it that way.

And while NYT’s explanation that they got the emails “from someone who had access to transition team communications” certainly could include Mueller’s team among the culprits, it could also include GSA officials themselves or — even more likely — a former Trump official with a grudge. At least three were CCed on the email in question: Bannon, Priebus, and Spicer.

Mr. Bossert forwarded Ms. McFarland’s Dec. 29 email exchange about the sanctions to six other Trump advisers, including Mr. Flynn; Reince Priebus, who had been named as chief of staff; Stephen K. Bannon, the senior strategist; and Sean Spicer, who would become the press secretary.

In other words, Langhofer uses the leak as an excuse to suggest wrong-doing by Mueller, when other possibilities are far more likely.

But consider the other implication of this: Langhofer is suggesting that this email chain (which included no named active lawyers, nor included Trump directly, though they were written in Trump’s presence at Mar a Lago) is “susceptible to privilege claims.” He is further suggesting that GSA is the only way this email could have been released (ignoring, of course, the Bannon/Priebus/Spicer) options.

If that’s right, then he’s suggesting that Trump was involved in this email chain directly. There’s no reason to believe he was CCed. But since the emails were written from Mar-a-Lago, it’s likely he was consulted in the drafting of the emails.

In addition, Langhofer is also admitting that Trump’s team didn’t release these emails directly — at least not to Congress.

Emails which couldn’t be more central to the point of Mueller’s investigation.

Did the GOP just admit that Trump withheld this email? Because if so, it suggests the “thrown election” comment is far more damning than the NYT laid out.

Update: It’s not clear whether Mueller ever tried to obtain these records via GSA (though it’s possible FBI obtained emails before the inauguration). But this, from the letter, makes it clear at least Congress had made requests, which led TFA to try to take GSA out of the loop even though SCO had a document preservation request.

In order to comply with congressional document production requests, TFA ordered from the GSA electronic copies of all PTT emails and other data. Career GSA staff initially expressed concern that providing copies of PTT emails to TFA might violate a document preservation request that the GSA had received from the Special Counsel’s Office.

Withholding this email from Congress would be particularly problematic, as McFarland testified in conjunction with her now-frozen nomination to be Ambassador to Singapore that she knew nothing about Flynn’s communications with Kislyak. h/t SS

Update: Ah, this explains how Mueller was getting emails: via voluntary production, along with everything the Transition was giving Congress. Which means the email was withheld, and this October subpoena was an attempt to see whether they’d cough it up on their own.

Special counsel Robert Mueller’s team in mid-October issued a subpoena to President Donald Trump’s campaign requesting Russia-related documents from more than a dozen top officials, according to a person familiar with the matter.

The subpoena, which requested documents and emails from the listed campaign officials that reference a set of Russia-related keywords, marked Mr. Mueller’s first official order for information from the campaign, according to the person. The subpoena didn’t compel any officials to testify before Mr. Mueller’s grand jury, the person said.

The subpoena caught the campaign by surprise, the person said. The campaign had previously been voluntarily complying with the special counsel’s requests for information, and had been sharing with Mr. Mueller’s team the documents it provided to congressional committees as part of their probes of Russian interference into the 2016 presidential election.

[snip]

Mueller’s team had previously issued subpoenas individually to several top campaign officials, including former campaign chairman Paul Manafort and former national security adviser Mike Flynn.

[Correction: I’ve been corrected on this passage, which makes it clear this is about campaign emails, not transition ones. But I assume he made parallel requests for all three phases of Trump organization.]

Update: Mueller’s spox, Peter Carr, issued a statement saying, “When we have obtained emails in the course of our ongoing criminal investigation, we have secured either the account owner’s consent or appropriate criminal process.” Given what I’ve laid out here, I actually think “C” may have been the case:

  • Subpoena to Flynn, obtain voluntary compliance for specific things as well as evidence shared with Congress prior to August
  • In August (perhaps after being alerted to withheld documents by Priebus/Spicer/Bannon/Papadopoulos?) obtain emails from GSA, technically the device owners
  • In October, subpoena for Russian-related emails from the same ~13 people

Trump Transition Team Outraged To Be Treated as Transition Team!!

/23 Comments/in , /by

This is a general post on the GOP claim Mueller improperly obtained emails from ~13 Transition officials, updated as new news comes available. This post explains what is really going on: the Transition appears to have withheld emails — including the KT McFarland one referring to the election as having been “thrown” — and Mueller obtained proof they were withholding things. 

Both Fox News and Axios have pieces reflecting the outrage!!! among Trump people that they got asked questions about emails they thought they had hidden from Mueller’s investigation. Axios reveals that Mueller obtained the full contents of 12 accounts (Reuters says 13), one including 7,000 emails, from people on the “political leadership” and “foreign-policy team;” it says it includes “sensitive emails of Jared Kushner.”

Fox reveals that a transition lawyer wrote Congress today claiming that it was unlawful for government employees to turn over emails hosted on government servers for a criminal investigation.

A lawyer for the Trump presidential transition team is accusing Special Counsel Robert Mueller’s office of inappropriately obtaining transition documents as part of its Russia probe, including confidential attorney-client communications and privileged communications.

In a letter obtained by Fox News and sent to House and Senate committees on Saturday, the transition team’s attorney alleges “unlawful conduct” by the career staff at the General Services Administration in handing over transition documents to the special counsel’s office.

Officials familiar with the case argue Mueller could have a problem relating to the 4th Amendment – which protects against unreasonable searches and seizures.

Kory Langhofer, the counsel to Trump for America, wrote in the letter that the the GSA “did not own or control the records in question.”

But, Langhofer says, Mueller’s team has “extensively used the materials in question, including portions that are susceptible to claims of privilege.”

And Axios explains that the Trump people actually sorted through this stuff. “The sources say that transition officials assumed that Mueller would come calling, and had sifted through the emails and separated the ones they considered privileged.”

I’m really looking forward to hearing the full story about this, rather than just this partisan spin. For example, I’m interested in whether Mueller realized via some means (perhaps from someone like Reince Priebus or Sean Spicer — update, or George Papadopoulos) that the White House had withheld stuff that was clearly responsive to his requests, so he used that to ask GSA to turn over the full set.

I’m also interested in how they’ll claim any of this was privileged. The top 13 political and foreign policy people on the Trump team might include (asterisks mark people confirmed to be among those whose accounts were obtained):

  1. Pence
  2. Bannon
  3. Jared*
  4. Flynn*
  5. KT McFarland
  6. Spicer
  7. Priebus
  8. Nunes
  9. Sessions
  10. Seb Gorka
  11. Stephen Miller
  12. Hope Hicks
  13. Ivanka
  14. Don Jr
  15. Rebekah Mercer
  16. Kelly Anne Conway
  17. Rudy Giuliani
  18. Steven Mnuchin
  19. Rick Gates
  20. Corey Lewandowski
  21. Tom Bossert

Just one of those people — Sessions — is a practicing lawyer (and he wasn’t, then), and he wasn’t playing a legal role in the transition (though both Sessions and Nunes may have been using their congressional email, in which case Mueller likely would show far more deference; update: I’ve added Rudy 911 to the list, and he’d obviously qualify as a practicing lawyer). Though I suppose they might have been talking with a lawyer. But I would bet Mueller’s legal whiz, Michael Dreeben, would point to the Clinton White House Counsel precedent and say that transition lawyers don’t get privilege.

Furthermore, Trump wasn’t President yet! This has come up repeatedly in congressional hearings. You don’t get privilege until after you’re president, in part to prevent you from doing things like — say — undermining existing foreign policy efforts of the actually still serving President. So even if these people were repeating things Trump said, it wouldn’t be entitled to privilege yet.

Finally, consider that some of these people were testifying to the grand jury months and months ago. But we’re only seeing this complaint today. That’s probably true for two reasons. One, because Mueller used the emails in question (most notably, the emails between McFarland and Flynn from December 29 where they discussed Russian sanctions) to obtain a guilty plea from Flynn. And, second, because Republicans are pushing to get Trump to fire Mueller.

Update: I’ve added Pence, Don Jr., Ivanka, Hope Hicks, Kelly Anne Conway, Rudy Giuliani, Steven Mnuchin back in here.

Update: Here’s more from Reuters.

Langhofer, the Trump transition team lawyer, wrote in his letter that the GSA’s transfer of materials was discovered on Dec. 12 and 13.

The FBI had requested the materials from GSA staff last Aug. 23, asking for copies of the emails, laptops, cell phones and other materials associated with nine members of the Trump transition team response for national security and policy matters, the letter said.

On Aug. 30, the FBI requested the materials of four additional senior members of the Trump transition team, it said.

The GSA transfer may only have been discovered this week (probably as a result of Congress’ investigation). But the witnesses had to have known these emails went beyond the scope of what the transition turned over. And the request date definitely is late enough for Mueller to have discovered not everything got turned over, perhaps even from George Papadopoulos, who flipped in late July.

Update: One more thing. Remember that there were worries that transition officials were copying files out of a SCIF. That, by itself, would create an Insider Threat concern that would merit FBI obtaining these emails directly.

Update: Here’s a report dated June 15 on a transition lawyer instructing aides and volunteers to save anything relating to Russia, Ukraine, or known targets (Flynn, Manafort, Page, Gates, and Stone).

Update: AP reports that Flynn was (unsurprisingly) among those whose email was obtained.

Update: Here’s the letter. I unpacked it here. It’s a load of — I believe this is the technical term — shite. First, it stakes everything on PTT not being an agency. That doesn’t matter at all for a criminal investigation — Robert Mueller was no FOIAing this stuff. It then later invokes a bunch of privileges (the exception is the attorney client one) that only come with the consequent responsibilities. It then complains that Mueller’s team didn’t use a taint team.

Perhaps the craziest thing is they call for a law that would only permit someone to access such emails for a national security purpose — as if an espionage related investigation isn’t national security purpose!

Update: Chris Geidner got GSA’s side of the story. Turns out they claim the now dead cover up GC didn’t make the agreement the TFA lawyer says he did. In any case, GSA device users agreed their devices could be monitored.

“Beckler never made that commitment,” he said of the claim that any requests for transition records would be routed to the Trump campaign’s counsel.

Specifically, Loewentritt said, “in using our devices,” transition team members were informed that materials “would not be held back in any law enforcement” actions.

Loewentritt read to BuzzFeed News a series of agreements that anyone had to agree to when using GSA materials during the transition, including that there could be monitoring and auditing of devices and that, “Therefore, no expectation of privacy can be assumed.”

Update: Mueller’s spox, Peter Carr, issued a statement saying, “When we have obtained emails in the course of our ongoing criminal investigation, we have secured either the account owner’s consent or appropriate criminal process.”

Why Did Tom Bossert Claim WannaCry Was Spread Via Phishing?

/4 Comments/in , /by

Writing this post made me look more closely at what Trump’s Homeland Security Czar Tom Bossert said in a briefing on WannaCry on Monday, May 15.

He claimed, having just gotten off the phone with his British counterpart and in spite of evidence to the contrary, that there had been minimal disruption to care in Britain’s DHS.

The UK National Health Care Service announced 48 of its organizations were affected, and that resulted in inaccessible computers and telephone service, but an extremely minimal effect on disruption to patient care.

[snip]

And from the British perspective, I thought it was important to pass along from them two points — one, that they thought it was an extremely small number of patients that might have been inconvenienced and not necessarily a disruption to their clinical care, as opposed to their administrative processes.  And two, that they felt that some of those reports might have been misstated or overblown given how they had gotten themselves into a position of patching.

 

Of course, this may be an issue in the upcoming election, so I can see why Theresa May’s government might want to downplay any impact on patient care, especially since the Tories have long been ignoring IT problems at DHS.

He dodged a follow-up question about whether there might be more tools in the Shadow Brokers haul that would lead to similar attacks in the future, by pointing to our Vulnerabilities Equities Process.

Q    I guess a shorter way to put it would be is there more out there that you’re worried about that would lead to more attacks in the future?

MR. BOSSERT:  I actually think that the United States, more than probably any other country, is extremely careful with their processes about how they handle any vulnerabilities that they’re aware of.  That’s something that we do when we know of the vulnerability, not when we know we lost a vulnerability.  I think that’s a key distinction between us and other countries — and other adversaries that don’t provide any such consideration to their people, customers, or industry.

Obviously, the VEP did not prevent this attack. More importantly, someone in government really needs to start answering what the NSA and CIA (and FBI, if it ever happens) do when their hacking tools get stolen, an issue which Bossert totally ignored.

But I’m most interested in something Bossert said during the original exchange on NSA’s role in all this.

Q    So this is one episode of malware or ransomware.  Do you know from the documents and the cyber hacking tools that were stolen from NSA if there are potentially more out there?

MR. BOSSERT:  So there’s a little bit of a double question there.  Part of that has to do with the underlying vulnerability exploit here used.  I think if I could, I’d rather, instead of directly answering that, and can’t speak to how we do or don’t do our business as a government in that regard, I’d like to instead point out that this was a vulnerability exploit as one part of a much larger tool that was put together by the culpable parties and not by the U.S. government.

So this was not a tool developed by the NSA to hold ransom data.  This was a tool developed by culpable parties, potentially criminals of foreign nation states, that was put together in such a way so to deliver it with phishing emails, put it into embedded documents, and cause an infection in encryption and locking. [my emphasis]

Three days into the WannaCry attack, having spent the weekend consulting with DHS and NSA, Bossert asserted that WannaCry was spread via phishing.

That is a claim that was reported in the press. But even by Monday, I was seeing security researchers persistently question the claim. Over and over they kept looking and failing to find any infections via phishing. And I had already seen several demonstrations showing it didn’t spread via phishing.

Now, Bossert is one of the grown-ups in the Trump Administration. His appointment — and the cybersecurity policy continuity with Obama’s policy — was regarded with relief when it was made, as laid out in this Wired profile.

“People that follow cybersecurity issues will be happy that Tom is involved in those discussions as one of the reasoned voices,” Healey says.

“Frankly, he’s an unusual figure in this White House. He’s not a Bannon. He’s not even a Priebus,” says one former senior Obama administration official who asked to remain unnamed, contrasting Bossert with Trump’s top advisers Stephen Bannon and Reince Priebus. “He has a lot of credibility. He’s very straightforward and level-headed.”

And (as the rest of the profile makes clear) he does know cybersecurity.

So I’m wondering why Bossert was stating that this attack spread by phishing at a time when open source investigation had already largely undermined that hasty claim.

There are at least three possibilities. Perhaps Bossert simply mistated here, accidentally blaming the vector we’ve grown used to blaming. Possibly (though this would be shocking) the best SIGINT agency in the world still hadn’t figured out what a bunch of people on Twitter already had.

Or, perhaps there were some phished infections, which quickly got flooded as the infection spread via SMB. Though that’s unlikely, because the certainty that it didn’t spread via email has only grown since Monday.

So assuming Bossert was, in fact, incorrect when he made this claim, why did have this faulty information?