The foreign intel angle on Spygate: What probably didn’t happen, and what probably did

A history of “knowing” things that never led anywhere.

This should more properly be titled “A slice of the foreign intel angle on Spygate,” because it’s not a comprehensive survey.  Such a survey would at a minimum have to include British, Australian, and Italian involvement in human intelligence (HUMINT) threads, among others.  The survey here isn’t that expansive.

Rather, it separates out a chunk of the purported information to date on one part of the larger story line.  The part in question is a combination of signals intelligence (SIGINT) and Russian intelligence, and in particular, U.S. and friendly intelligence on Russian intelligence.  The latter – or at least claims about the latter; i.e., claims about our intel on Russian intel – played a key role in perpetuating the Russiagate narrative when it was looking particularly seedy and ill-starred.

In retrospect, it appears skepticism about some claims of foreign-intel sourcing was always in order.  That’s a major point up front.  A companion to it is that the validity of the intel was always a matter of faith, and the high priest at the altar was John Brennan.

Another couple of major points.  One is that, to the extent the foreign intel was about Hillary Clinton and her emails, we should never have needed any affirmative reporting to assume that the Russians could have developed an intelligence community posture on the email issue and the emails’ contents at any time between 2009 and 2016.

News video, YouTube

The woman walked around handling classified national intelligence (and everything else in her correspondence) on non-secure IT devices, via Gmail servers, including on a trip to Russia as Secretary of State.  There’s credible evidence that a cyber actor – apparently China—was saving off a copy of every email she exchanged from 2009 to at least 2013.  We learned a lot about the reach of her email practices, in terms of leakage, from the 2013 reporting that emails she exchanged with Sidney Blumenthal had been hacked by Guccifer (the original).  What else, exactly, do we need to know, to be sure that the entire planet had a crack at Hillary’s emails?

The Trump campaign in 2016 would have arrived at the end of a long line, if it colluded with anyone in trying to “shop” the Hillary Clinton emails around.  Why wait for Joseph Mifsud to mention them as bait to a campaign advisor, when they could probably be bought off the dark web, with no red-flag paper trail, for a bargain price?

It never made sense to me that we were supposed to think it was a big revelation that a nefarious party might have gotten hold of Hillary’s emails.  That was kind of the whole point of the FBI investigating the “matter” – a process that started in early 2015, and which everyone in the country knew about by late spring of that year.  The likelihood that a nefarious party was reading and annotating the emails was through the roof.

Given the exposure of Hillary’s emails throughout the relevant timeframe, up to and including the general campaign season of 2016, as well as the now-established exposure of other Democrats’ informal communications to at least two sets of cyber actors (the Awan network, through Debbie Wasserman Schultz and other Hill Democrats, and Cozy and Fancy Bear), the wonder is not that these vulnerabilities were found.  It’s that they weren’t acknowledged – by the Democrats! – and dealt with sooner.

The story woven around select allusions to foreign intel has relied largely on the audience not thinking very hard about how it overlays with the rest of the narrative.  That introduces the last major point, which is that “foreign intelligence” has been something of a plot-filler in all this.  It has been brought in when a reason for staying with the narrative is needed, or an excuse for why things were done, and when.

For me, that has been a stand-out feature of the foreign intel from the beginning.  The foreign-intel claim is forensically impenetrable – the implied classification guarantees that – and it pops up only when it’s needed, and there’s nothing else.

MSNBC video

Tellingly, in fact, an important angle of the prism on this is how the whole narrative of improper contacts between Trump and the Russians got started, for the purposes of the alleged suspicions harbored by U.S. agencies in mid-2016.

Remember how America was treated for endless months to exclamation-filled accounts of the Flynn-Kislyak phone calls, the June 2016 meeting in Trump Tower, the DNC hacking, the WikiLeaks release, Carter Page’s attendance at conferences, the come-ons to George Papadopoulos, Trump’s national convention joke about Hillary’s emails, and of course the Steele dossier.  Each of those narrative points fell apart, however (including the dossier, whose credibility plummeted to zero within hours of its initial unveiling in January 2017).

One thing about these details was certain:  they couldn’t be made to tell a sensible story in sequence.  The inexorable reality of the calendar was not their friend.

It didn’t help at all that by the time Americans heard about the sum total of these things, the FBI had been formally investigating them for at least a year and had found nothing at all to link Trump to anything the Russians may have done.  There simply was no there there.

But whether it’s clear in your mind or not, what kept the narrative on course from the beginning was John Brennan’s claim, made in congressional testimony in May 2017, that he had received foreign intelligence about worrisome contacts between the Russians and Trump and/or his associates.

That statement is undisprovable.  It can’t be definitively refuted.  It never came with any kind of documentary verification; no one other than Brennan has ever attested to it, and no one in Congress has ever seen it in a form that would allow evaluation of it.  But it was the glue that held the whole narrative together all the way through the publication of the Mueller Report.  Nothing else might pan out, but Brennan had said he was told by foreign intelligence partners that they had suspicious clues to warn him of.

That statement by Brennan, vague and unverifiable as it was, seemed to endow the cereal-box-spy-kit dossier with a potential credibility that kept sleuths both professional and amateur employed for years.  At first it seemed to be hedged about with other “evidence” from “intelligence.”  But as time went by, all of that intel fell by the wayside (no, the Michael Cohen you’re thinking of was never in Prague, and Steele’s big sub-source was a Brookings fellow trolling a few bars in Moscow, and Hillary’s paid fixers story-boarding copy to the media may have had unauthorized access to SIGINT, but they were just making stuff up anyway, because the SIGINT had nothing), until the only thing left standing was Brennan’s statement from May 2017.

So now, keeping that in mind, let’s hop briefly through what we’ve been told about this corner of the Russiagate “intelligence.”

Just the major muscle movements

Taking it chronologically, the first date-range on the calendar when such intelligence was allegedly being noticed was in the spring of 2015.  That was when Dutch intelligence agencies, which had set up a Joint SIGINT Cyber Unit in June of 2014, reportedly began to inform their U.S. counterparts of intel they had on Russian activities from “a group of Russian hackers based at a university complex in Moscow.”  The hacker group was thought to work for the Russian foreign intelligence service, or SVR, and to be the “persistent threat” group (APT29) known as Cozy Bear.

Satellite ground station of the Dutch Nationale SIGINT Organisatie (NSO) (2012) near Burum, a village in the Dutch province of Fryslân. Wutsje / Wikimedia Commons

That’s actually one of the last things to be reported to the public.  It functions as the anchor for the beginning of the narrative, but was not made known through the media until January 2018, a year after the Steele dossier was published by BuzzFeed.

Notable about the information from the Dutch:  it didn’t indicate Trump was in any way involved.  The Dutch intel was reportedly a cue to Russian activities, but not those of the Trump campaign.

By January 2018, we had been given previous nuggets that included Brennan’s terse testimony.  Another nugget came from a BBC report on 12 January 2017, which claimed that Brennan had received intel about Russians and Trump from Britain’s SIGINT agency, GCHQ, starting sometime before the summer of 2016.  According to this report, the info stream cranked up as early as the fall of 2015, and seemed actionable to Brennan by April 2016.

On the face of it, that separate report seems to confirm that the intelligence existed, independently of how it was reaching U.S. agencies.  We’ll discuss that below; the narrative impact it had for Russiagate was to afford the story line a semblance of multi-source confirmation.

On the heels of April 2016 (said the Paul Wood report for BBC), Brennan was concerned enough to set up a “six-agency” task force in May or June.  This task force allegedly sought FISA authority in June, and again in July, for surveillance of two Russian banks that may have been involved in monetary transactions with someone in the U.S. presidential campaign.  (The story doesn’t say it was the Trump campaign.)  The FISA application was supposedly turned down both times.  There has yet to be verifiable pubic evidence that these applications were submitted.

GCHQ “The big Donut.” Wikipedia; By Ministry of Defence.

Meanwhile, sometime in the spring of 2016, according to James Comey, he became aware of “Russian intelligence” relating to emails among Democratic operatives about then-Attorney General Loretta Lynch and Hillary’s email “matter.”

The timeframe seems to have been March or April of 2016, if we accept the tale as Comey has told it.  Comey first mentioned the “Russian intel” to a House committee in March 2017, doubled down on it in follow-on testimony in June 2017, and recounted it again in his 2018 memoir, A Higher Loyalty.  He says the intel influenced his decision to refrain from pursuing Hillary’s “matter.”

Comey was already having his statement on the “matter” staffed by 2 May 2016 (two months before he actually delivered it on 5 July, and nearly a month before key witnesses were even deposed), so alertment to the “Russian intel” in March-April fits the scenario.

It’s possible this really happened; we can assume U.S. intelligence has suitable sources for unearthing such treasures from Russian intelligence.

We can also assume that whatever Comey knew about in this regard, Brennan knew as well.  Again, more on that below.

These nuggets were joined by another supplied by Luke Harding in his famous article in the Guardian, which clocked in fairly early, on 13 April 2017.  That article asserted that the head of Britain’s GCHQ, Robert Hannigan, was so concerned about intel he was seeing on the Russians and Trump that he betook himself to the U.S. in the summer of 2016 and briefed Brennan on it personally.

Former FBI Director James Comey does national security face in congressional testimony, 2017. CBS video

This report gives us a time-hack closer than the others to the late-July start-up of Crossfire Hurricane and Brennan’s brief to Obama in the Oval Office about Russian election interference, Trump, and Hillary’s campaign-contracted effort to develop dirt on Trump.  The Harding data point was used for a long time to reconstruct the Crossfire Hurricane timeline:  it was taken to have explanatory value similar to the Alexander Downer “intel” on Papadopoulos from their May 2016 meeting, which allegedly reached the FBI in July 2016.

In particular, analysts have speculated that information from Hannigan may have prompted the effort to bring Carter Page to the conference at Cambridge in July 2016, and to feature Page’s appearance at the Russian economic conference the same month in the Steele dossier.

The timing was obviously right for explaining the Oval Office brief to Obama at the end of July, and Brennan’s briefs to the Gang of Eight between 16 August and 6 September 2016.

Interestingly, the key reason for trying to make these alleged data points, about intel flowing to Brennan, fit a more skeptical timeline on other elements of Spygate is that a lot of observers continue to reflexively accept that there was some kind of intel data stream on Russia-Trump contacts.

Even with everything else shot down, the little-questioned original premise of the “foreign intelligence” has remained little if at all questioned.  People keep trying to make it all fit as if Brennan really did receive intel from foreign sources.

I imagine some number of analysts does assume the claims about foreign intel are just bogus, like everything else.  That’s probably not a bad conclusion, in its big strokes.

But it’s worth examining the timeline indicated by the foreign-intel claims, if they were planted.  Remember, they were planted – if there was potting soil involved – long after the alleged events.  So the stories and statements themselves weren’t about reacting to events at the time.  They were (again, if planted after the fact) about enhancing a narrative of when and why previous things were done.

That is interesting.

The simple strokes of “intel”

With that premise in mind, consider the basic parts of the Russiagate/Spygate narrative the supposed foreign intel has filled in for us.

There aren’t very many, but they shaped our thinking throughout the entire episode, and continue to shape it now.

First, Dutch intel alerted U.S. agencies to Russia-Trump contacts as early as the spring of 2015.  Some aspects of that may well be true, but if it was planted as an information theme, there was a reason, and that reason does not include its mere putative truth.  That’s never why intel is shopped to the public via the media.  We should look at actions taken by Spygate actors in 2015 to see if hindsight on them needed highlighting or justifying.

Headquarters of MI6 (SIS), Vauxhall; surprisingly, not the worst specimen of modern architecture in London.  Wikipedia: Laurie Nevay – IMG_4834.jpg

Second, Brennan may have been (presumably was) in the loop for that intel, again, as early as spring of 2015.  Others presumably were too; the article recounting this source wasn’t specific as to whose notice it came to.  Note that one of our media sources (BBC/Paul Wood), citing British intelligence sources, put the “earliest” date range as fall rather than spring of 2015.

Third, Cozy Bear, identified by CrowdStrike as Russian intelligence, had intruded on the DNC system by mid-summer of 2015.

Fourth, Brennan was reportedly confronted with foreign intel he saw as actionable by April 2016.  Whatever he may have seen before then, it was something he saw in or just before April 2016 that lit a fire under him, causing him to set up the six-agency task force in May/June 2016 (not to be confused with the interagency task force later set up in August 2016).

Fifth, in or just before the same period, Comey became aware of Russian intel on Hillary’s email “matter,” which implicated Loretta Lynch and a few Democratic operatives.  Of note, Comey – not the media – has told us what we know about that story, not once but three times.  Meanwhile, we have, in the Cozy Bear intrusion, a plausible specific explanation for the Russians’ intercept of the Democrats’ emails, even aside from the reasonable, more general assumption that the Russians had long been tracking emails sent to and from Hillary-linked accounts.

Sixth, and finally, Brennan was visited by Robert Hannigan of GCHQ, probably in early summer 2016, and informed of intel that GCHQ was aware of regarding Russia-Trump connections.

Holding all this together – again – is the brief Brennan allusion in May 2017 to having become aware of intelligence on a Russian attempt to interfere in the U.S. election, and possible contacts with the Trump campaign.

I can’t stress enough that without that one vague, uncommunicative statement by Brennan, the “foreign intel” idea would long ago have ceased to live loudly in us.

So, first of all, recognize that his one statement is all Brennan had to say.  The media, and James Comey, did all the other work for the “foreign intel” thread in the Russiagate/Spygate narrative.  Brennan’s statement – a statement so vague it would be hard to hold him accountable for its contents – merely served to lend enduring credibility to the nuggets burbled out through others.

There is a great deal more involving Brennan, other intel actors, and the events of the Russiagate/Spygate timeline.  But these six points, and Brennan’s March 2017 statement, are the sum total of what has been affirmed to us as coming from foreign intelligence sources, and in particular as the product of SIGINT.

An example of “explanation” and “justification”

It would be prohibitively long to take all these dates and try to match them up with other events they may have been planted to justify.*  If I can get around to it I may make such an attempt.

For now, we can look briefly at just one.  The supposed April 2016 turning point was reported quite early, on 12 January 2017 (Paul Wood report for BBC).

It’s noteworthy, of course, that the story was trotted out just at exactly the time the dossier burst upon us, and the David Ignatius story on the Flynn-Kislyak phone calls.

That confluence of events can’t help making the reported disclosures to Wood look like part of a campaign, rather than a happenstance of that funny thing we call journalism.  The April 2016 date he was given was also the most specific one to be attached to the allegations about “foreign intel,” at any time before or since.  And it came through alleged sources that were likely to have the highest credibility with an American audience; i.e., British intelligence.  This nugget was meant to stand out and establish a semblance of facts.

So it’s professionally sound to give this data point about Brennan and April 2016 a look-over.  Things that obviously jump out immediately are that April 2016 is also when the DNC intrusion was reportedly discovered; and when money was being moved to pay for the Fusion GPS contract with Perkins Coie; and was shortly before Bill Priestap bore down on London when Alexander Downer invited George Papadopoulos to be badgered and plied with drinks there.

But to my eye, the most important thing that happened in April 2016, as it relates to intelligence per se, is that Admiral Rogers at NSA clamped down on the free-for-all he had discovered in unauthorized access by contractors to raw U.S. person identifying information in the NSA database.

ADM Michael Rogers testifies before a Senate committee in 2017. WaPo video, YouTube

The well-known date of that signal move by Rogers – 18 April 2016 – meant a subsequent scramble for Spygate to reconstruct data access by other means.

We can very reasonably assume the Spygate actors didn’t just give access up.  But – and this is key, so please take it in – the pre-18 April access had been available without auditable formal justification.  That’s a crucial implication of the procedural discrepancy called out by Rogers:  if contractors were accessing the data, we can be as sure as we need to be that they were doing “back door” Section 702 queries, without the audit trail of formal justification and the inconvenience of accountable people’s names being all over it.  Rogers decided to close that door.

After 18 April, if access was to resume in the atmosphere of heightened vigilance at NSA, there had to be at least a semblance of justification for what were essentially those same 702 queries, this time stamped with people’s names on it.

The Spygate enterprise needed something to prompt that justification.  Writing the post-operation narrative to say that Brennan got actionable intelligence in April 2016, and felt it necessary to put together a task force and seek more intelligence on Russia and members of the Trump campaign, would be a way to account for more formally justified mining of the NSA database starting in that month.

It would also be a way to deflect suspicion about what happened before.  Recall that the company Brennan had been president of, The Analysis Corporation (TAC), had long-term analysis and database maintenance contracts with both the FBI and the National Counterterrorism Center (NCTC) at the time Rogers made his discoveries.  (The FBI was the focus of the blow-up in March 2016 that led to the April 2016 clamp-down.)

The contracts had been in place since 2008 and 2009.  The contractors in question were people who basically walked out Friday with a U.S. government badge and walked back in Monday with a TAC badge to do the same job.  My estimate for some time has been that having contractors from the same company in both agencies was the essential condition needed for the system misuse Rogers uncovered.

The Spygate narrative needed April 2016 to be highlighted as a month when intel supposedly began driving queries that produced Trump-related results.  And it wouldn’t hurt Brennan at all, to reset the spotlight away from what the improper pre-April 2016 queries were about, and toward the Spygate narrative covering why queries were made after Rogers intervened.

The whole Carter Page FISA application saga was ultimately necessary because Rogers had caught the other agencies running back-door 702 queries that yielded very specific results.  We can conclude at least some of those results were Trump-related based on Devin Nunes’s findings from 2017 on.  With Rogers aware of what had been happening, Spygate needed a formal basis for monitoring a Trump-related set of targets.

Some work could be done under a Brennan task force (i.e., the one he reportedly set up in May/June 2016), but it had its limits.  It had to focus on justifiable use of data gathered under national security letters.  To focus outright on U.S. persons with specific discriminators, the Spygate actors needed explicit FISA authorization for such monitoring – and it had to be for the FBI.

Brennan’s alleged receipt of foreign intelligence would justify kicking off that process, and doing so in April 2016 if that’s when the intel supposedly came in.  (We’d find, if we hashed it through, that the alleged foreign intel could also be used to justify springing Stephen Halper’s HUMINT approaches on Papadopoulos, Page, and Sam Clovis – an activity attended by stiff constraints when tried against U.S. persons for national security purposes.)

That’s an example of what may have been justified by the part of the Spygate narrative that’s been based on “foreign intelligence.”

As for how valid any of the foreign-intel claims have ever been, my conclusion at the moment is that the Dutch did in fact have a pipeline into the university facility in Moscow, and a stream of intel to pass on to the U.S.  Whether the data stream had anything about Trump in it is a more dubious proposition.  The main thing any agency of the U.S. government seems to have gotten out of it is potentially Robert Mueller’s goofy, unconsummatable indictments of Russians for setting up fraudulent Internet entities to pay for ads on Facebook.

And when it comes to the other claims, about British intel, or Estonian, or any other source, I’m decreasingly convinced it ever actually happened at all.



* Note: for those wondering why I’m even considering the possibility that they were planted as part of a narrative, it’s because the information itself, if it was valid, quite evidently never went anywhere, in terms of fingering Trump in anything.  Indeed, it gave us very little, if anything, that was useful about Russia.  If the alleged intel had done either of those things, we would have known about it five years ago.  It literally all happened before the public first heard of the dossier in January 2017, and every relevant agency in the U.S. government – if we are to accept the narrative – already knew about it before then too.

So suspicion that the “intel” data points were planted isn’t a conspiracy theory.  It’s a logical deduction, as a very reasonable possibility, from the complete lack of consequences we’d expect to ensue on the “intel” we were alleged to have.

“Planting,” incidentally, doesn’t mean none of the details were valid.  It does mean that, if one or more details was valid, that was a bootstrap to spinning a story from it.  Using real but limited data points doesn’t signify that all aspects of the story are valid or verifiable.

Feature image:  The brain trust, briefing Congress in 2014.  Defense Intelligence Agency image.

4 thoughts on “The foreign intel angle on Spygate: What probably didn’t happen, and what probably did”

  1. Thanks for going through the slog to document what always seemed likely: that this was a Brennan operation with no substantive ‘foreign intelligence’. In the process, though, do you accept what is also unproven, that ‘Cozy Bear hacked the DNC’? Podesta’s emails aside, is there any hard evidence that a DNC server was hacked from the outside (as opposed to compromised from the inside)?

  2. “We can very reasonably assume the Spygate actors didn’t just give access up.”

    No need to assume, Judge James Boasberg stated as much in his 2018 FISC Opinion (declassified in Oct 2019).

    1. Thanks, uncajohn, I’d forgotten that. I reven recall writing about it at the time.

      Apologies for the delay in getting to your comment. Two links always go to moderation; I’ve tried it with the filter set wider in the past, but it admits too much spam.

      But again, thanks for stopping by.

  3. Hillary Clinton was a partner in a law firm. Lawyers have a duty to keep clients’ information secret (that’s what we are taught in law school.) As First Lady she was probably instructed on what she had to stay away from. Certainly as Senator and Secretary of State she had an obligation to be informed of security issues (which apparently she blew off as SoS.)

    Accepting money from foreign sources while at the same time ignoring any pretense of secure communications may not be Aldrich Ames level of selling out your country. but it’s just one step short. Omission vs. commission.

Comments are closed.

%d bloggers like this: