The FBI is ignoring a court order directing the bureau to hand over records relating to murdered DNC staffer Seth Rich’s laptop.
This week, the Biden administration asked for more time to respond to U.S. District Judge Amos Mazzant’s September 22, 2022 order telling the FBI to release the evidence. The bureau is also withholding three reports produced by CrowdStrike in 2016 regarding the alleged hack of the DNC servers.
Lawflog.com reports: First the laptop. The FBI wants two more weeks so it can prepare a motion for reconsideration. As a courtesy, we have not objected to the request. According to the government’s motion, “the FBI is uncertain how to comply with the Court’s order as written, and the FBI is seeking input from a pending appellate consultation regarding the order to properly address this issue.
The order itself is pretty straightforward, at least with respect to Seth’s personal laptop, because it directs the FBI to “produce the information it possesses related to Seth Rich’s laptop and responsive to Plaintiff’s FOIA requests within 14 days of this Order.” On the other hand, the order does not discuss Seth’s work laptop, which is also in the possession of the FBI.
I’m waiting for the FBI to explain what it thinks needs to be clarified, then I may be filing my own motion for clarification. Meanwhile, the FBI has cited only one narrow basis for withholding the records related to Seth’s laptop, namely his privacy. I’m not sure why it takes four weeks and an appellate lawyer to figure out why the judge did or didn’t get that issue right.
In any event, I’m reminded of something that I learned almost thirty years ago when I was a newspaper reporter: people with nothing to hide don’t try to hide nothing.
The CrowdStrike Reports
Speaking of “nothing to hide,” FBI personnel originally ignored my request for the CrowdStrike reports, apparently hoping that I wouldn’t notice. After I called them out in front of the court, they produced cover sheets for the reports and nothing more. In fact, even the cover sheets were partially redacted. You can find the cover sheets here, here, and here.
As you can see, each of those reports is preceded by the statutory exemptions that purportedly allow the FBI to withhold certain pages or sections of the report. That’s where things get interesting. Here are the five exemptions in question, with my comments interspersed:
- 5 U.S.C. § 552(b)(3) “[the records are] specifically exempted from disclosure by statute (other than section 552b of this title), provided that such statute (A) requires that the matters be withheld from the public in such a manner as to leave no discretion on issue, or (B) establishes particular criteria for withholding or refers to particular types of matters to be withheld;”
- Comment: The FBI’s cover letter invokes 6 U.S.C. § 1501, which doesn’t make a lot of sense because it is only a list of definitions, although some of those definitions pertain to cybersecurity. The only other statute is 50 U.S.C § 3024(i)(1), which states “[t]he Director of National Intelligence shall protect intelligence sources and methods from unauthorized disclosure.” If a private company is hired by a hacking victim, then how does that pertain to the government’s “intelligence sources and methods”?
- 5 U.S.C. § 552(b)(4) “trade secrets and commercial or financial information obtained from a person and privileged or confidential;”
- Comment: If the government is farming out its responsibilities to a private company, it seems any purported “trade secrets” are out the window. It’s also hard to reconcile “trade secrets” with section (b)(3) above, where the FBI claims government “sources and methods” must be protected. Whose secrets and methods are we protecting?
- 5 U.S.C. § 552(b)(6) personnel and medical files and similar files the disclosure of which would constitute a clearly unwarranted invasion of personal privacy;
- Comment: Why would personnel, medical, and similar files be in a CrowdStrike report? And why can’t the names be redacted without redacting entire pages?
- (b)(7)(C) could reasonably be expected to constitute an unwarranted invasion of personal privacy;
- Comment: Whose personal privacy? Again, why can’t the names be redacted without redacting entire pages?
- (b)(7)(E) would disclose techniques and procedures for law enforcement investigations or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law.
- Comment: This one will raise a novel legal question for the court. So far as I am aware, the FBI had never before and has never since allowed a private company to conduct an investigation on its behalf. Is CrowdStrike “law enforcement” such that it can invoke the right to protect its investigations under (b)(7)(E)? I think not.
The FBI produced the cover pages in May of 2022, months after it was supposed to have produced all responsive documents. By now, the government should have filed a separate motion for summary judgment asking the court to rule that it does not have to search for or produce anything more related to CrowdStrike. If the government does not file that motion soon, I’ll be filing my own motion asking the court to order production of most if not all of the CrowdStrike reports.
The fun never stops.