Newly Declassified DOJ Watchdog Report Shows FBI Cut Corners in Clinton Email Investigation
I'm archiving "Clinton annex" here to make its text searchable. You can download the annex in PDF format via the link below:
Check my other posts for the previous parts. This is part 13.
__C. (redacted) FBI Cyber Division's 2018 Assessment of Information Potentially Relevant to the Midyear Investigation on the Thumb Drives
(redacted) As described in Section II, FBI analysts used a program to create a "word cloud" of words extracted from U.S. victim content on the first five thumb drives during the (redacted) searches, which they refer to as the "index." In August 2017, well after the conclusion of the Midyear investigation, an FBI OGC attorney granted permission to an FBI analyst to query this index using terms relevant to the Special Counsel investigation, and an FBI employee relied on this authorization to conduct additional keyword searches.9 The additional terms queried included "Clinton," which returned (redacted) results, and "clintonemail.com," which returned (redacted) results. However, based on review protocols in place at the time of these searches, the FBI employee did not review the underlying data for the indexed terms.
(redacted) We were told that in 2018, after the OIG learned about these thumb drives, the FBI resumed efforts to gain access to all eight thumb drives for counterintelligence purposes. As part of efforts to highlight the importance of the (redacted) data, the FBI Cyber Division drafted a memorandum summarizing potential information on the thumb drives related to the Midyear investigation ("Cyber Division memorandum"). The Cyber Division memorandum referenced the keyword search results and stated:
(redacted) Without further review, the FBI does not know whether the terms are included within email messages, documents created by (redacted), open source news articles, or other content present on the thumb drives. The FBI additionally cannot determine without further review whether the terms appear within content (redacted) exfiltrated from the Department of State, Executive Office of the President, House of Representatives, or other U.S. or foreign victims.
(redacted) The Cyber Division memorandum then identified the following "hypothetical scenarios" where content relevant to the Midyear investigation could be present on the thumb drives:
(redacted) Content emailed by or to victims during the time of cyber intrusions.
(redacted) Historic email content residing within victims' mailboxes.
(redacted) Victims forwarding or referencing historic email content in email messages sent from victim accounts during the time of cyber intrusions.
(redacted) Content referencing Secretary Clinton stored outside of the email system of victim networks and exfiltrated by (redacted).
(redacted) created materials referencing Secretary Clinton.
(redacted) Open source news articles referencing Secretary Clinton exfiltrated from victim entities or directly acquired by (redacted) cyber actors.
(redacted) Finally, the Cyber Division memorandum referenced the (redacted) reports that mentioned Lynch and stated that a failure to review the thumb drives "carries the risk that information potentially pertinent to the [Midyear] investigation, as well as information that could be used in future Russian influence operations, remains in the dataset."
(redacted) Anderson brought these documents to the attention of the OIG, and told us that she met with E.W. "Bill" Priestap, the Assistant Director of the Counterintelligence Division, and FBI Attorney 1, about the statements made in the Cyber Division memorandum. She said that they collectively agreed that while information relevant to the Midyear investigation might be on the thumb drives, such information was unlikely to be material, and the Midyear investigation was not a persuasive reason for obtaining access to the thumb drives.10 Anderson memorialized these points in an April 23, 2018 email to Cyber Division officials:
(redacted) With respect to the MIDYEAR EXAM-specific memo, I understand from speaking with Bill Priestap that it was not coordinated with [the Counterintelligence Division] or with the MIDYEAR EXAM team and therefore reflects only the Cyber Division's views about the potential relevance of the (redacted) data to the Clinton investigation. While there is an argument that the thumb drives hypothetically might contain emails to or from Secretary Clinton at her private email server (redacted), we think it highly unlikely that the thumb drives would contain any evidence that would be material to the investigation. As you know the MIDYEAR EXAM team concluded that the former Secretary lacked the requisite intent to be charged criminally. Unlike the emails found on Anthony Weiner's laptop that were from (redacted) and were to/from Huma Abedin, Clinton's closest aide, the (redacted) data could at the very most contain only further evidence of the transmission of classified information via the private server - evidence that would not change the investigative team's assessment of the former Secretary's intent in setting up the private server. For that reason, we do not think the MIDYEAR EXAM investigation supplies a persuasive reason for urging the DAG to permit the FBI to review the (redacted) data. The broader cyber and counterintelligence justifications for reviewing the data are sufficiently important and weighty to carry the day.
(redacted) Witnesses told the OIG that on June 1, 2018, the FBI submitted a memorandum from Deputy Director David Bowdich to DAG Rod Rosenstein requesting permission to conduct a comprehensive review of the thumb drives. According to Anderson, the memorandum requests permission to review the (redacted) data for foreign intelligence purposes, and would not permit review of the data for law enforcement purposes or in furtherance of any criminal investigation.
9 (redacted) As described above, after reviewing a draft of this classified appendix, an FBI witness told the OIG that the searches conducted in August 2017 revealed victim data, and thus likely did not comport with the review protocols approved by ODAG for searches of thumb drives 6 and 7.
10 (redacted) The Lead Analyst told us that he also discussed this issue with Priestap and FBI Attorney 1. The Lead Analyst stated that he concurred with Priestap and FBI Attorney 1 "that information relevant to the Midyear investigation might be on the thumb drives based on the index search." However, the Lead Analyst stated that he deferred to FBI OGC "on the likelihood of it being material to the prosecution decision."