No connection between Manning and Jason Katz, CENTCOM video: trial report, day 5
Today’s afternoon session revealed more substantive and consequential testimony, so it precedes the morning session here. The defense, via forensic expert David Shaver, established that there was no evidence of a connection between Manning and Jason Katz, and that there is no evidence Manning downloaded a video from the CENTCOM database.
By Nathan Fuller. June 11, 2013.
No connection between Jason Katz and Bradley Manning
The live witnesses – as opposed to read-aloud stipulations – in this afternoon’s session discussed the investigation of Jason Katz’s computer, where a Farah video was found that the government believed to be connected to Bradley Manning. The Farah incident was a horrifying massacre on May 4, 2009, in Afghanistan, in which a U.S. airstrike killed scores of innocent Afghan women and children. Katz was fired from the Department of Energy for having password-evading programs.
The video, a version distinct from the one found on Bradley’s computer but matching the one hosted on the U.S. Central Command’s (CENTCOM) website, was encrypted, and investigators found decryption software on Katz’s computer. Adrian Lamo learned about Katz’s possession of the video and also turned him into the authorities. [See Lamo’s and Shaver’s December 2011 testimony on Katz and the video.]
The government wanted to connect Katz and Manning, but today forensic expert David Shaver confirmed that he found no connection whatsoever – no email, chats, or any other connection – between the two.
No proof that Manning downloaded Farah video from CENTCOM
Prosecutors were also unable to establish what they promised they’d prove in their opening statement (pg. 46, lines 11-15),
The TGT1.WMV doesn’t match the name of a file found on CENTCOM’s server, which is the charged video, BE22PAX.zip. That file matches the one found on Jason Katz’s computer, and was encrypted. Katz was known to have decryption software, and the government has tried to tie WikiLeaks’s January 8, 2010, tweet about an encrypted video to Bradley and the Farah incident:
That tweet also predates the only time Bradley is known to have downloaded a Farah video. The defense established that Bradley downloaded the TGT1.wmv video from the T drive – a shared drive among intelligence analysts in his unit, to which he was authorized access – in April 2010. There’s no proof that Bradley downloaded the zip file from CENTCOM, and no proof that he downloaded a Farah video in November 2009 as the government has charged.
This lines up with Bradley’s proposed substitution to the government’s charges and his subsequent plea and statement.
The government has long contended there were two disclosures of a Farah video, in November 2009 (Spec 11 of Charge 2 says between 11/09 and 1/8/10) and April 2010, but it chose to charge him with the earlier disclosure. The defense has contended that there was only one transmission, in April. (See Alexa O’Brien’s transcript of that claim here.)
The prosecution said it had the forensic evidence to prove that contention, but Shaver’s testimony does not support it. He said that data transmission logs show no transfer of the CENTCOM zip file to Bradley’s computer – there was only the transfer from the T drive in April.
Since the prosecution refused to accept Bradley’s plea on that charge with changed dates, he pled not guilty to Specification 11 as charged. Now it can’t go back and charge for the April offense, and thus far they can’t prove the November offense. Perhaps it should’ve charged Jason Katz for that video instead.
Original post, morning session
Yesterday at Ft. Meade, we learned that the government and defense have agreed to 19 new stipulations of expected testimony, but didn’t hear them in court. We heard several of those stipulations today, of Army criminal investigators who collected the charged documents, classification specialists who reviewed whether the documents were properly marked and classified, and from a U.S. Central Command officer who reviewed the classification of the Farah investigation.
The first live witness was Staff Sergeant Matthew Hosburgh, who monitored military networks and evaluated their potential threats and vulnerabilities. He testified largely about his report from a November 2009 conference in Berlin, called Here Be Dragons and hosted by the Chaos Communication Congress. The conference included presentations on net neutrality, hacking, security, and WikiLeaks.
Julian Assange gave the WikiLeaks presentation, attempting to elicit support for and raise awareness about the site’s launch and goals. SSG Hosburgh confirmed that WikiLeaks requested anonymous submissions of classified and sensitive documents withheld by governments and corporations, but that Assange never mentioned or indicated support for terrorists.
In his report, SSG Hosburgh’s noted terrorists’ use of the internet in his summary of the net neutrality presentation but not in the WikiLeaks portion. WikiLeaks, he confirmed, was focused on keeping the public informed, and wasn’t focused on the United States in particular.
Did Manning see Hosburgh’s report?
The prosecution contends Bradley accessed that report (along with the 2008 Counterintelligence special report) but has yet to prove that in court. The government again called Army Special Agent Mark Mander, who reviewed Intelink (the military’s Google) logs to view searches made on Bradley’s computers. He found results for Stf. Sgt. Hosburgh’s report, but as the defense established on cross-examination, he can’t determine if Bradley saved the report, printed it, or even was the one using his computer to view it.
If he did, the report would be relevant to Bradley’s knowledge of WikiLeaks at the time of his release, and therefore whether he “knowingly [gave] intelligence to the enemy.” But that he was the one on that computer, viewing that report, has not been definitively established.
As was established yesterday, there’s similar ambiguity about Bradley’s knowledge of the 2008 Counterintelligence report on WikiLeaks.
Stipulations on Farah investigation testimony
Prosecution lawyer Maj. Ashden Fein read expected testimony from Lt. Commander Thomas Hoskins and retired Lt. Colonel Martin Nehring, who both reviewed war documents, and spoke about the investigation of a massacre in Farah province. Lt. Com. Hoskins determined the war logs were properly classified at the time, while Lt. Col. Nehring explained more about what made them sensitive.
The Significant Activities (SigActs) reported on IED attacks, tactics and procedures for responding to those attacks, casualties, small arms fire, and “sources and methods of intelligence collection.”
By Nathan Fuller. June 11, 2013.
No connection between Jason Katz and Bradley Manning
The live witnesses – as opposed to read-aloud stipulations – in this afternoon’s session discussed the investigation of Jason Katz’s computer, where a Farah video was found that the government believed to be connected to Bradley Manning. The Farah incident was a horrifying massacre on May 4, 2009, in Afghanistan, in which a U.S. airstrike killed scores of innocent Afghan women and children. Katz was fired from the Department of Energy for having password-evading programs.
The video, a version distinct from the one found on Bradley’s computer but matching the one hosted on the U.S. Central Command’s (CENTCOM) website, was encrypted, and investigators found decryption software on Katz’s computer. Adrian Lamo learned about Katz’s possession of the video and also turned him into the authorities. [See Lamo’s and Shaver’s December 2011 testimony on Katz and the video.]
The government wanted to connect Katz and Manning, but today forensic expert David Shaver confirmed that he found no connection whatsoever – no email, chats, or any other connection – between the two.
No proof that Manning downloaded Farah video from CENTCOM
Prosecutors were also unable to establish what they promised they’d prove in their opening statement (pg. 46, lines 11-15),
The evidence will also show that on this work computer was a forensic match of the video charged in specification 11 of charge two, the BE 22 PAX dot zip video was on this computer. And forensic examiners will testify that that video was on the computer on 15 December 2009.
The video file found on Bradley’s computer, under a folder titled ‘Farah,’ was titled TGT1.wmv, and it couldn’t be matched to the charged video, because it was corrupted and couldn’t be viewed. The TGT1.WMV doesn’t match the name of a file found on CENTCOM’s server, which is the charged video, BE22PAX.zip. That file matches the one found on Jason Katz’s computer, and was encrypted. Katz was known to have decryption software, and the government has tried to tie WikiLeaks’s January 8, 2010, tweet about an encrypted video to Bradley and the Farah incident:
That tweet also predates the only time Bradley is known to have downloaded a Farah video. The defense established that Bradley downloaded the TGT1.wmv video from the T drive – a shared drive among intelligence analysts in his unit, to which he was authorized access – in April 2010. There’s no proof that Bradley downloaded the zip file from CENTCOM, and no proof that he downloaded a Farah video in November 2009 as the government has charged.
This lines up with Bradley’s proposed substitution to the government’s charges and his subsequent plea and statement.
The government has long contended there were two disclosures of a Farah video, in November 2009 (Spec 11 of Charge 2 says between 11/09 and 1/8/10) and April 2010, but it chose to charge him with the earlier disclosure. The defense has contended that there was only one transmission, in April. (See Alexa O’Brien’s transcript of that claim here.)
The prosecution said it had the forensic evidence to prove that contention, but Shaver’s testimony does not support it. He said that data transmission logs show no transfer of the CENTCOM zip file to Bradley’s computer – there was only the transfer from the T drive in April.
Since the prosecution refused to accept Bradley’s plea on that charge with changed dates, he pled not guilty to Specification 11 as charged. Now it can’t go back and charge for the April offense, and thus far they can’t prove the November offense. Perhaps it should’ve charged Jason Katz for that video instead.
Original post, morning session
Yesterday at Ft. Meade, we learned that the government and defense have agreed to 19 new stipulations of expected testimony, but didn’t hear them in court. We heard several of those stipulations today, of Army criminal investigators who collected the charged documents, classification specialists who reviewed whether the documents were properly marked and classified, and from a U.S. Central Command officer who reviewed the classification of the Farah investigation.
The first live witness was Staff Sergeant Matthew Hosburgh, who monitored military networks and evaluated their potential threats and vulnerabilities. He testified largely about his report from a November 2009 conference in Berlin, called Here Be Dragons and hosted by the Chaos Communication Congress. The conference included presentations on net neutrality, hacking, security, and WikiLeaks.
Julian Assange gave the WikiLeaks presentation, attempting to elicit support for and raise awareness about the site’s launch and goals. SSG Hosburgh confirmed that WikiLeaks requested anonymous submissions of classified and sensitive documents withheld by governments and corporations, but that Assange never mentioned or indicated support for terrorists.
In his report, SSG Hosburgh’s noted terrorists’ use of the internet in his summary of the net neutrality presentation but not in the WikiLeaks portion. WikiLeaks, he confirmed, was focused on keeping the public informed, and wasn’t focused on the United States in particular.
Did Manning see Hosburgh’s report?
The prosecution contends Bradley accessed that report (along with the 2008 Counterintelligence special report) but has yet to prove that in court. The government again called Army Special Agent Mark Mander, who reviewed Intelink (the military’s Google) logs to view searches made on Bradley’s computers. He found results for Stf. Sgt. Hosburgh’s report, but as the defense established on cross-examination, he can’t determine if Bradley saved the report, printed it, or even was the one using his computer to view it.
If he did, the report would be relevant to Bradley’s knowledge of WikiLeaks at the time of his release, and therefore whether he “knowingly [gave] intelligence to the enemy.” But that he was the one on that computer, viewing that report, has not been definitively established.
As was established yesterday, there’s similar ambiguity about Bradley’s knowledge of the 2008 Counterintelligence report on WikiLeaks.
Stipulations on Farah investigation testimony
Prosecution lawyer Maj. Ashden Fein read expected testimony from Lt. Commander Thomas Hoskins and retired Lt. Colonel Martin Nehring, who both reviewed war documents, and spoke about the investigation of a massacre in Farah province. Lt. Com. Hoskins determined the war logs were properly classified at the time, while Lt. Col. Nehring explained more about what made them sensitive.
The Significant Activities (SigActs) reported on IED attacks, tactics and procedures for responding to those attacks, casualties, small arms fire, and “sources and methods of intelligence collection.”