Special counsel Robert Mueller’s indictment two weeks ago of 13 Russian trolls has been viewed as a landmark in the Trump-Russia investigation — but perhaps for the wrong reasons.
While the indictment provides unprecedented clarity about Russian efforts to sway the 2016 presidential election to Donald Trump, it is equally significant as a testament to the US government’s ability to penetrate an overseas adversary — an observation that continues to resonate among followers of the probe.
Mueller discovered the Russians’ names, employment histories, job titles, and internal communications.
He learned that the internet “specialists” in Moscow worked day shifts and night shifts stoking rancor in the US, that their monthly budget was $1.25 million, and that they created a “United Muslims of America” Facebook group to undermine Hillary Clinton.
When Aleksandra Krylova and Anna Bogacheva flew to the US on June 4, 2014, Mueller’s team figured out that they visited Nevada, California, New Mexico, Colorado, Illinois, Michigan, Louisiana, Texas, and New York to gather intelligence before returning to Russia on June 26, 2014.
And they knew that employee Irina Kaverzina destroyed evidence because they read her Sept. 13, 2017, email to a relative saying that “the FBI busted our activity” and that she’d been “preoccupied with covering tracks.”
“That should scare the bejesus out of anybody connected to the Trump campaign who committed malfeasance or is considering being anything other than 110% truthful when they talk to investigators,” said Alan Rozenshtein, a former attorney in the Justice Department’s National Security Division who specialized in cybersecurity and foreign intelligence.
Mueller has not disclosed how he got inside the Internet Research Agency, the Russian troll farm whose election meddling included interactions with unsuspecting Trump campaign workers. He indicted 13 Russian employees, including Yevgeny Prigozhin, an oligarch close to Russian President Vladimir Putin and the operation’s financier.
Some details in the indictment had emerged last October in a major investigation by the Russian news outlet RBC, which identified, for example, the Internet Research Agency's links to a Twitter account, @TEN_GOP, something that Mueller also detailed.
But the indictment contains so much additional information that one former senior government official has complained that it could give Russians a road map to avoid detection of their cyber mischief. “The indictment might reveal something about US intelligence collection methods that will make it easier for Russians to hide their tracks in the future,” Jack Goldsmith, a former Defense Department general counsel, wrote in a blog post. “It will definitely educate other US adversaries.”
Retired CIA officer John Sipher, who was deputy of the CIA’s Russia program in the early 2000s, said seeing that level of detail in public was startling. If it came from intelligence collection, Sipher said, it would be classified.
“It’s not unusual to collect this information,” Sipher said. “But it’s unusual for it to be out in public, for sure. You don’t usually get it declassified and put it into a public document.”
Experts familiar with evidence collection say Mueller likely tapped into enormous communications archives maintained by internet companies such as Google, Facebook, and Twitter, and gained access through laws that require companies to turn over records.
“The thing that is not sufficiently appreciated is that the evidence of all of the crimes in the world has become digitized and is largely in the hands of American technology companies. They are de facto intelligence companies. Internet companies are doing the NSA’s work now,” said Andrew Keane Woods, an expert in cybersecurity and international law at the University of Kentucky College of Law.
The NSA is the National Security Agency, which collects hundreds of millions of emails and other electronic records.
According to a partially declassified 2011 opinion of the court that oversees foreign intelligence collection, the NSA collects an average of 228 million internet communications per year “directly from Internet Service Providers.”
“The first move for investigators is often to go straight to internet companies, which have profiles about all of us that reveal an enormous amount of information,” Woods added. “They are sitting on a treasure trove of evidence for all kinds of investigations.”
The global dominance of US internet companies would have been a huge benefit to Mueller. The companies are subject to US laws that require them to give records to the government in response to a legal order. And they have records from internet users around the world.
Less clear is the legal strategy Mueller would have used to get the records.
Mueller’s simplest and safest option would have been to get a warrant from a federal judge by showing that he had probable cause. The warrant — like any warrant in a criminal case — would direct an internet company to give Mueller specified communications records such as emails, text messages, phone records, and website services.
“Google, Microsoft, and Yahoo will all respond to search warrants. This is not controversial,” said Columbia University computer scientist Steven Bellovin, who specializes in security and privacy. “You have a search warrant, you serve it, the provider responds.”
Microsoft, Yahoo, and Google did not respond to a question about whether they'd received a warrant for IRA employees' emails.
The indictment states that the Russian trolls used YouTube, Facebook, Instagram, and Twitter — all US-based platforms owned by US companies — to conduct their social-media operations during the 2016 campaign. The operations included creating social groups, posting messages, and buying ads to boost Trump and weaken his electoral opponents, particularly Clinton.
But it’s not clear that Mueller would have had sufficient evidence that the Internet Research Agency had committed a crime to obtain a warrant.
“It would have required some fancy legal footwork to make that case. You’d have to know enough about the IRA to put in an affidavit and give it to a judge to say this establishes probable cause,” said Timothy Edgar, a former White House adviser on privacy issues in cybersecurity. Mueller’s indictment clearly describes criminal activity by Russian trolls, but his team might not have known about the activities before getting electronic records, Edgar said.
Mueller’s other route to obtain internet-company records would have been to use the Foreign Intelligence Surveillance Act, or FISA. He would not have needed a warrant or any court approval and instead could have gone directly to an internet company with a demand for records of Russians. Under FISA, internet companies receive broad court orders requiring them to comply with such requests.
“It’s a nice little trick because you don’t need a warrant at all,” Edgar said.
The warrantless nature of FISA has created controversy, particularly after documents released by Edward Snowden in 2013 showed that the NSA had been using the law to secretly collect logs of Americans’ domestic phone calls. A federal court ruled the program illegal in 2015, and Congress reformed the program.
But there is no indication, the experts say, that Mueller used any controversial laws to get electronic records. One non-controversial section of FISA, renewed in January by Congress and Trump, lets the government get electronic communications of foreigners when they are outside the US.
“I don’t see any red flags that suggest improper surveillance, but I wouldn’t really expect the indictment to contain enough details about the surveillance to raise those issues anyway,” said Elizabeth Goitein, codirector of the Liberty and National Security Program at the Brennan Center for Justice in New York.
Several experts told BuzzFeed News that getting records under FISA would be a risky step because, even though Russia is unlikely to extradite any of the accused to face trial in the United States, a Russian defendant who did find himself arrested could argue that Mueller had obtained the communications illegally. In response, Mueller might have to disclose how he got the records and potentially reveal intelligence secrets.
“You run the risk of exposing sensitive sources and methods,” said Robert Litt, a former general counsel for the director of national intelligence and now an attorney for the law firm Morrison & Foerster.
A legal challenge also could result in a judge declaring the data-gathering under FISA unconstitutional. The risk of an adverse court ruling is huge, Edgar said.
“If they won that case, then the government would lose this extremely valuable tool,” Edgar said.
One other possible source for Mueller could have been a Russian agent who gave the US records or inserted a device in the Internet Research Agency’s computer system that allowed US officials to read all communications. A possible clue is the indictment’s reference to an unnamed coconspirator who worked for the agency and was in Atlanta for several days in November 2014.
But Russia is a difficult country in which to develop intelligence sources. To Sipher, the retired CIA officer, who lived in Russia in the 1990s, it seemed unlikely that Mueller has an inside source. “The sources handled inside Moscow are small in number,” he said.
Kevin Collier contributed reporting.