1 K243SCH1 2 UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK ------------------------------x 3 UNITED STATES OF AMERICA, 4 v. 1 5 JOSHUA ADAM SCHULTE, 6 7 S2 17 Cr. 548 (PAC) Defendant. Trial ------------------------------x New York, N.Y. February 4, 2020 10:15 a.m. 8 9 Before: 10 HON. PAUL A. CROTTY, 11 District Judge -and a Jury- 12 APPEARANCES 13 14 15 16 GEOFFREY S. BERMAN United States Attorney for the Southern District of New York BY: MATTHEW J. LAROCHE SIDHARDHA KAMARAJU DAVID W. DENTON JR. Assistant United States Attorneys 17 21 SABRINA P. SHROFF JAMES M. BRANDEN Attorneys for Defendant -andDAVID E. PATTON Federal Defenders of New York, Inc. BY: EDWARD S. ZAS Assistant Federal Defender 22 Also Present: 18 19 20 23 24 Colleen Geier Morgan Hurst, Paralegal Specialists Achal Formando-Peiris John Lee, Paralegals Daniel Hartenstine Daniella Medel, CISOs, Department of Justice 25 SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 2 K243SCH1 1 THE COURT: 2 (A jury of 12 and two alternates were impaneled and 3 Swear in the jury panel, please. sworn) 4 THE COURT: Here's how we are going to proceed. I am 5 going to read some preliminary instructions which will guide 6 you through the trial. 7 parties will make their opening statements, and then we'll 8 start calling witnesses. 9 We'll then take a short recess, and the So, after I give you the instructions, we'll take a 10 short break, and you'll go to the jury room. 11 your coats and you give Mr. Gonzalez your contact information 12 and we'll give you our contact information, so we can stay in 13 touch with one another, if anything happens that you want to 14 call to our attention. 15 You can hang up But ladies and gentlemen, I want to take a few minutes 16 now to give you some initial instructions about this case and 17 about your duties as jurors. 18 the lawyers have summed up, I will give you final instructions 19 and then you can begin your deliberations. 20 instructions during the trial, but unless I specifically tell 21 you otherwise, all such instructions, both those I give you now 22 and those I give you later, are equally binding on you and must 23 be followed. 24 25 After all the evidence is in and I may also give you Your duty is to find from the evidence what the facts are. You and you alone are the judges of those facts, and then SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 3 K243SCH1 1 you apply the law as I give it to you to the facts as you find 2 them to reach your verdict. 3 whether or not you agree with it. 4 You have to follow the law, Now, please remember that nothing I say or do during 5 the course of the trial is intended to indicate or should be 6 taken by you as indicating what your verdict should be. 7 your verdict should be will be strictly up to you. 8 9 What I've already told you about the charges alleged in this case. The defendant, Joshua Schulte, is charged in 11 10 counts in an indictment that has been filed by a grand jury 11 sitting in this district. 12 about 2016, the defendant allegedly took national defense 13 information from the CIA computer system without authorization, 14 and transmitted that information to WikiLeaks, which posted the 15 information online in 2017. 16 charges, account for seven of the counts in the indictment. 17 The indictment further charges Mr. Schulte with one count of 18 unlawful disclosure and attempted disclosure of national 19 defense information while he was in the Metropolitan Correction 20 Center, or MCC, a federal detention center. 21 indictment charges Mr. Schulte with two counts relating to 22 false statements he made allegedly made to the FBI during its 23 investigation, and one count related to his alleged violation 24 of a protective order entered by the Court in 2017. 25 government must prove these charges in the indictment beyond a The indictment charges that in or Those charges, the WikiLeaks SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 Finally, the The 4 K243SCH1 1 reasonable doubt. 2 The evidence from which you are going to find the 3 facts will consist of the testimony of witnesses from this 4 witness seat right here, documents and other things that will 5 be received in evidence, and occasionally facts that the 6 parties may agree to, which we call "stipulations." 7 Now, certain things are not evidence, and you should 8 not consider them. I am going to list them for you. 9 all, attorneys' arguments are not evidence. First of The attorneys are 10 not sworn as witnesses, they are not under oath and do not 11 testify. 12 either. 13 Attorneys' statements and questions are not evidence Let me emphasize this again: 14 that the lawyer asks. 15 answer to the question. 16 It is not the question What is important is the witness's Secondly, objections to questions are also not 17 evidence. 18 case to object to the other side's offers of testimony or other 19 evidence that the attorney believes is not properly admissible. 20 You should not be influenced by the objection, or by my ruling 21 on it. 22 "sustained," then you should ignore the question. 23 overrule the objection, then you should treat the answer just 24 like any other answer. 25 It is the duty of the attorney for each side of a If the objection is sustained, you will hear me say If I My job is to rule on what evidence comes in at the SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 5 K243SCH1 1 trial, but I have no view on what your verdict should be, 2 because that is strictly up to you, the jury, to decide. 3 If I instruct you that some items of evidence are 4 being received for a limited purpose only, you must follow that 5 instruction, as you must follow all of my instructions. 6 you don't have to worry about this right now, there may not be 7 any limiting instructions in this case. 8 will explain it to you at the time and will give you 9 instructions as clear as I possibly can on what the limitations 10 11 Now, But if there is, I are. I may well tell you that I'm excluding testimony or 12 tell you to disregard testimony. 13 have to follow my instructions and ignore the testimony as it's 14 not in evidence. 15 When I do that, it means you In addition, anything you may see or hear outside this 16 courtroom is not evidence, and should be disregarded. 17 to decide the case solely on the admissible evidence that is 18 presented here in the courtroom. 19 You are There are two kinds of evidence that I want to review 20 with you, direct evidence and circumstantial evidence. Direct 21 evidence is the direct proof of a fact. 22 would be testimony of an eyewitness, somebody who actually saw 23 the event as it occurred. 24 a fact or facts from which you may infer or conclude that other 25 facts exist. An example of that Circumstantial evidence is proof of Obviously I am going to give you further SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 6 K243SCH1 1 instructions on this and in more details on these and other 2 matters at the end of the case, but just keep in mind that you 3 can consider both kinds of evidence, both direct and 4 circumstantial. 5 An important task for you or for every jury is to 6 determine the credibility of the witnesses. And it is going to 7 be up to you to decide which testimony, which witnesses to 8 believe, which witnesses not to believe, and how much of any 9 witness's testimony to accept or reject. Again, in my 10 instructions to you at the end of the trial I will give you 11 some guidelines which I hope will be helpful to you in 12 determining witness credibility. 13 Remember what we discussed earlier. First, law 14 enforcement witnesses' testimony gets no greater or lesser 15 weight because of their law enforcement status. 16 cooperating witnesses can be considered, but as I will instruct 17 you, you should consider their testimony with great care. 18 This is a criminal case. Second, You must keep in mind that 19 there are three basic rules about criminal law that you always 20 have to have in the forefront of your mind. 21 defendant is presumed innocent. 22 the burden of proof. 23 case beyond a reasonable doubt. 24 these three important factors. 25 First of all, the Secondly, the government has Thirdly, the government must prove its Let me go through each of First, as I mentioned to you, the defendant is SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 7 K243SCH1 1 presumed innocent until proven guilty. 2 the defendant brought by the government is only an accusation 3 and nothing more. 4 The defendant, therefore, starts out with an absolutely clean 5 slate. 6 The indictment against It is not proof of guilt or anything else. Second, the burden of proof is on the government. The 7 defendant has no burden to prove his innocence or to present 8 any evidence or to testify. 9 silent, the law prohibits you from arriving at your verdict by 10 11 Since he has right to remain considering that the defendant may not have testified. Third, the government must prove the defendant's guilt 12 beyond a reasonable doubt. 13 detailed instructions on this point later in the case. 14 bear in mind that in this respect, a criminal case is different 15 from a civil case. The criminal standard of proof is beyond a 16 reasonable doubt. In a civil case we use preponderance of the 17 evidence. 18 the burden of beyond a reasonable doubt. 19 Again, I will give you further But But here, there is a higher burden, and it's called From time to time during the trial it may become 20 necessary for me to talk with the lawyers out of the hearing of 21 the jury, either by having a conference at the bench when the 22 jury is present in the courtroom -- that's called a sidebar, 23 you have seen some of that already -- or calling a recess. 24 Please understand that while you are waiting, we are working. 25 The purpose of any conference outside your viewing is not to SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 8 K243SCH1 1 keep relevant information from you, but to decide certain 2 procedural issues and how certain evidence is to be treated 3 under the federal rules of evidence and to avoid confusion. 4 Now just a few words about your own conduct as jurors. 5 First of all, do not discuss the case with anyone or permit 6 anyone to discuss it with you. 7 computers, but do not use your computers to do any 8 investigation in this case. 9 case includes discussing the case in person, in writing, by Most of you probably use My instructions to not discuss the 10 phone or electronic means, via text message, e-mail, Facebook, 11 Twitter, blogging or any other form of social media. 12 includes discussing the case with your fellow jurors in the 13 jury room while the trial is going on. 14 on what your verdict is until after you've been charged by me, 15 and that takes place at the end of the trial. 16 simply cannot talk about the case. 17 other about almost anything, but don't talk about the case. 18 This even You cannot deliberate Until then, you So you can talk to each This probably seems a little bit strange to you. 19 Here's the reason. Obviously, the evidence can be only be 20 presented one witness at a time and one exhibit at a time. 21 don't want you to start talking to each other and reaching 22 conclusions before you had the opportunity to see and hear all 23 of the evidence in the case, listen to the lawyers' summations, 24 and hear my instructions on the law. 25 you to begin your deliberations at the end, and until that time We So that is why we direct SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 9 K243SCH1 1 not to have any discussions about this case. 2 Think of the case as something like a painting when 3 you cannot tell from one stroke or one color what the painting 4 will look like. 5 judgment, and that's what we ask you to do. 6 You have to wait until it's finished to make a If at any time during the course of the trial any 7 person attempts to talk to you or communicate with you about 8 the case, either inside or outside the courthouse -- and I 9 certainly hope that doesn't happen -- you should immediately 10 report such an attempt to me. 11 attention of any other jurors, just send me a note directly. 12 In the same way, if anything should happen involving any of you 13 that is of an unusual nature, when you think of something the 14 Court should be told about, do not discuss it with any other 15 juror. 16 that effect that you want to speak to me about it, and I can 17 hear what it is and what you have to say. 18 expect anything unusual or improper to happen. 19 bring it to my attention. 20 Don't bring the matter to the Simply give my deputy, Mr. David Gonzalez, a note to Of course, I do not But if it does, Also, lawyers and other participants at the counsel 21 table have been instructed not to have any communication with 22 you as jurors. 23 wave. 24 this courthouse you may see people in the elevators, so if you 25 run into one another, please don't acknowledge them or expect That's the rule. You may not say hello or even That goes for you, the lawyers and the witnesses. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 In 10 K243SCH1 1 them to acknowledge you. They are under instructions not to 2 have any communication, and they are going to observe that 3 rule. 4 If at any point in the trial you recognize someone in 5 the courtroom, including a friend or family member, please let 6 me know immediately. 7 session, please simply raise your hand. 8 9 If this occurs while the trial is in Please don't read or listen to anything touching upon this case in any way. That means don't read any newspaper 10 publicity, TV news. 11 any research on your own or conduct your own investigation. 12 This means, for example, that you should not consult a 13 dictionary, search the internet, website or blogs or use any 14 electronic tools to obtain information about this case. 15 see something about the case in the newspaper, you must not 16 read it. 17 this case or issues involved in this case. 18 to decide this case solely and wholly on the evidence presented 19 in this courtroom. 20 If you see it, ignore it. Don't try to do If you You must avoid watching television discussions about Your sworn duty is If you wish, you may take notes while the evidence is 21 being presented to you. This is permitted because some people 22 find that taking notes helps them focus on the testimony being 23 given. 24 excellent court reporters who take down everything said 25 throughout the trial. You should not try to summarize the testimony. We have Your job is to listen to the testimony, SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 11 K243SCH1 1 and assess the credibility of the witnesses. 2 notes, do not let it distract you from your task. 3 your notes are for your private use only as a way to help you 4 recall the testimony when you begin your deliberations. 5 notes are not entitled to any greater weight than the 6 recollection of a juror who did not take notes. 7 may not take your notes away from the courtroom. 8 them in the jury room at the end of each court day. 9 If do you take Moreover, Your Finally, you Please leave Let me tell you again how important your service is 10 and how much we appreciate it. 11 to be here before any work can be done. 12 attorneys, the witnesses, the court reporters, the judge, and 13 you the jury. 14 That's what makes it a little bit different than work. 15 not a situation where you can simply call in sick. 16 of course extraordinary circumstances that may excuse you from 17 serving on this jury. 18 you to be here every day, and as best you can on time. 19 understand that this may impose a burden, but as I have said, 20 this is an important public service and one that is greatly 21 appreciated. 22 During a trial, all of us have That includes the If one person is missing, everything stops. This is There are But in all other circumstances, we need I I start my trial day at 9 o'clock in the morning 23 except for Fridays when we'll not sit for trial. About a half 24 an hour before we start, we'll open up the jury room and 25 provide you with a light breakfast. We also provide you an SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 12 K243SCH1 1 afternoon snack when we take our afternoon break. 2 provide you with lunch. We cannot 3 On Monday through Thursday, our first session will go 4 from 9 in the morning until 11:15, at which point we'll take a 5 10 or 15 minute break. 6 minutes around 1 p.m., and finish the day at 3 o'clock. 7 court will not sit for trial on Fridays. 8 9 We'll take a longer break of about 30 Now, here's how we're going to proceed. The The government will make an opening statement, which is an outline 10 of what it hopes to prove and to help you understand the 11 evidence as it comes in. 12 opening statement, but he does not have to. 13 remember, as you listen to the opening statements by the 14 lawyers, that these statements are not evidence. 15 government will start presenting witnesses and the defense may 16 cross-examine those witnesses. 17 case, defendant may, if he wishes, present evidence, but he 18 does not have to do so. 19 side has the opportunity to get up again, present their closing 20 arguments to you. 21 summarize and interpret the evidence for you, and then of 22 course I will instruct you on the law. 23 completed, you'll retire to begin your deliberations on this 24 case. 25 Next, the defendant may make an And please Then the Following the government's After all the evidence is in, each In these arguments they're going to After all that is Now for some housekeeping matters. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 You probably 13 K243SCH1 1 already met David Gonzalez, my courtroom deputy. 2 to be working with Mr. Gonzalez who will greet you in the 3 morning and make sure you're escorted in and out of the 4 courtroom. 5 notes. 6 Mr. Gonzalez. 7 You're going He will give you the notepads if you want to take If you have any troubles or problems, please see I am assisted by my two law clerks, Laura King and 8 Matthew DeLuca, and my court reporters are Rebecca Forman and 9 Carol Ganley. 10 That concludes my preliminary instructions. We'll 11 take our morning recess now for about 15 minutes. 12 up your coats and we'll give you notepads if you want notepads, 13 then we'll resume about quarter to 11. 14 (Jury excused) 15 THE COURT: 16 MR. DENTON: 17 THE COURT: 18 MR. DENTON: 19 THE COURT: 20 MS. SHROFF: 22 THE COURT: 23 MS. SHROFF: 25 Thank you very much. Who is opening for the government? I am, your Honor. How long are you going to be? 15, 20 minutes tops. Ms. Shroff, who is opening for Mr. Schulte? 21 24 You can hang I am, your Honor. How long will be you be? I don't know. It depends on what Mr. Denton says, but between 7 and 10 minutes. THE COURT: See you in 15 minutes. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 14 K243SCH1 Opening - Mr. Denton 1 (Recess) 2 (In open court; jury present) 3 THE COURT: 4 MR. DENTON: 5 Ladies and gentlemen, this case is about the single Mr. Denton. Thank you, your Honor. 6 biggest leak of classified national defense information in the 7 history of the CIA, the Central Intelligence Agency. 8 March 7, 2017, the website WikiLeaks began a catastrophic 9 public disclosure of sensitive national security secrets. On 10 Secrets that this man, Joshua Schulte, the defendant, stole 11 from a top secret CIA network. 12 built classified cyber tools that the CIA uses in our national 13 defense, tracking terrorists, collecting intelligence overseas 14 to protect the United States. 15 Files revealing the custom The leak was instantly devastating. Critical 16 intelligence gathering operations all over the world came to a 17 crashing halt. 18 wondered if America could be trusted to safeguard intelligence 19 they shared with us. 20 developing those tools went up in smoke, because secret tools 21 to gather intelligence only work if the targets don't see them 22 coming. 23 Digital weapons we had built, now out there for anyone to turn 24 against us. 25 CIA officers overseas were exposed. Allies Years of work and millions of dollars And now those tools were all over the internet. For the CIA, it was the ultimate act of betrayal by SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 15 K243SCH1 Opening - Mr. Denton 1 one of their own. 2 for the very same part of the agency that created the national 3 security information he stole. 4 oath to protect our country and safeguard those secrets. 5 violated the law. 6 Joshua Schulte was a CIA officer. He worked Joshua Schulte violated his He The defendant didn't do this out of any false 7 idealism. He's not some kind of whistleblower. He did it out 8 of spite. He did it because he was angry and disgruntled at 9 work. He did it to start what he in his own words called "an 10 information war," a war against the CIA he felt had wronged 11 him. 12 His information war didn't stop there. He continued 13 to wage it even after the FBI arrested him for stealing those 14 top secret files. 15 leaked more classified information, and plotted a campaign to 16 send even more CIA secrets to WikiLeaks. 17 From jail, he got an encrypted cell phone, What Joshua Schulte did wasn't just revenge, ladies 18 and gentlemen, it was a crime. 19 today. 20 And that's why we're here The evidence in this trial will prove the defendant 21 create committed serious federal crimes, crimes of espionage, 22 stealing secrets from the CIA. 23 tried to commit more espionage by leaking even more secrets 24 from his jail cell. 25 when he broke into parts of the CIA's network. The evidence will prove that he It will prove crimes of computer hacking SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 It will prove 16 K243SCH1 Opening - Mr. Denton 1 that the defendant obstructed justice, lied to the FBI, and 2 violated orders of this Court. 3 As Judge Crotty said, over the next few minutes I'll 4 give you a preview of what the evidence in this trial will 5 show. 6 from his co-workers, reading in logs of his computer hacking. 7 Evidence that will fit together to reveal the whole truth about 8 this man's crimes. Evidence that you will see in this man's own words, hear 9 You'll learn that Joshua Schulte used to work as a 10 software developer, in an elite group at the CIA where 11 programmers built sophisticated cyber tools to support national 12 defense and intelligence operations overseas. 13 fellow CIA officers in that group worked in a secret building, 14 protected by armed guards, accessed using special badges and 15 codes, inside offices that are literally vaults, combination 16 locks on the doors. 17 security clearance vetted by CIA investigators to be sure that 18 they could be trusted with the precious secrets of our national 19 defense. 20 Schulte and his Everyone who worked there had a top secret Behind those armed guards, those combination locks, 21 those vault doors, Schulte's group used a secret CIA computer 22 network to develop their cyber tools. 23 network; it was a special one. 24 developers to be able to perform their work, the network gave 25 them freedom to design cyber tools, to share information, to It wasn't just a secret For Schulte and the other SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 17 K243SCH1 Opening - Mr. Denton 1 work together. 2 the computers of America's adversaries, so their network had to 3 be set up to let them do. 4 CIA had to be able to trust that group of elite programmers. 5 Their work was to exploit vulnerabilities in In order for the system to work, the In 2015, Joshua Schulte was given a special level of 6 trust within the CIA. He was made a system administrator for 7 software on the CIA's developer's network. 8 say on tape, he had super access. 9 developers didn't have. As you'll hear him The kind of access normal The kind of access that let him 10 control all of the sensitive intelligence projects on that 11 network, and even let him control who else had access to those 12 project. 13 the systems that he and the other programmers worked on. 14 Backups that were saved every day in case of some catastrophe 15 that meant the system had to be restored. 16 catastrophe was Joshua Schulte, because he breached the special 17 trust the CIA placed in him. 18 As an administrator, Schulte helped make backups of Why did he do it? But the real Why did Joshua Schulte start an 19 information war? Because he was angry. You'll learn that in 20 2015 and 2016, Schulte started having problems at work. 21 into arguments, personal disputes with other people in his 22 branch. 23 out of hand, Schulte decided to retaliate against another 24 developer, by falsely accusing his co-worker of threatening to 25 kill Schulte. He got And you will learn that when of those arguments got Now, the CIA investigated that allegation SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 18 K243SCH1 Opening - Mr. Denton 1 thoroughly and determined it was baseless. 2 Schulte mad. 3 his co-worker by reassigning them to different branches, he 4 just became angry. 5 agency, angry that the CIA didn't take his side. 6 breaking the rules. 7 sensitive national security secrets. 8 didn't think should apply to him. 9 he had been given as an administrator, secretly used his super 10 access to give himself control over sensitive projects he had 11 expressly been told he wasn't allowed to have. 12 But that just made Even when the CIA decided to separate Schulte and Angry at his bosses, angry at the whole So he started Critical rules that limit access to Rules that Joshua Schulte So he abused the trust that Now, you won't be surprised to learn that his network 13 tampering set off alarm bells at the CIA. The agency found out 14 what Schulte had done, and it was such a serious violation, 15 that the CIA decided they had to lock down the top secret 16 network that he had accessed. 17 tried to take away his super access, but they left a back door 18 unlocked. 19 warning about what he had done from his supervisors at the CIA. 20 They told him they knew he had abused his access, and he 21 admitted it. 22 They ordered Schulte to verify that he no longer had that super 23 access, and what did he do? 24 very moment that he sent an e-mail saying that he had checked, 25 he had no more super access, he knew that back door was still So they changed passwords, they A back door Schulte knew about. Schulte got a He signed a memo agreeing never to do it again. He lied. You'll see that at the SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 19 K243SCH1 1 Opening - Mr. Denton open. 2 Two days later, Schulte was told that parts of the top 3 secret system he worked on were going to be moved on to a new 4 server. 5 those programs moved on to a new server, that back door to his 6 secret access was going to be shut. 7 show that that day, on the evening of April 20, 2016, Joshua 8 Schulte stole the preciously guarded national security secrets 9 that WikiLeaks later posted on the Internet. That was important news for Schulte. Because when And so the evidence will On the evening of 10 April 20, Schulte used that back door, access he knew he wasn't 11 supposed to have, to do something called a reversion. 12 like restoring a phone. 13 system back in time to before the CIA tried to lock down the 14 system. Back to a time when Schulte had total administrative 15 control. For over an hour, from the computer sitting at his 16 desk at CIA, Schulte was in that system secretly restoring his 17 super access, giving himself back all the control he had before 18 it was taken away. 19 stored copies of the entire system. 20 Kind of He used a backup copy to take the Restoring his access to the backups that Remember that every day the CIA backed up all the 21 critical work that Schulte and the other developers were doing, 22 so that if something happened, it won't be lost forever. 23 way you back up a hard drive in case your computer crashes. 24 25 Same And the evidence will show that shortly after Schulte had broken back into the system, he stole an entire backup, a SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 20 K243SCH1 Opening - Mr. Denton 1 copy of all those secrets. 2 one that meant something to him. 3 March 3, 2016, the very day that Schulte felt the CIA had 4 wronged him, by dismissing his false accusations against his 5 co-worker. 6 WikiLeaks. 7 And not just any backup, actually He stole the backup from The exact backup, the exact secrets, put out by After stealing the backup, Schulte tried to cover his 8 tracks. During that hour on April 20, when he took the system 9 back in time, Schulte started carefully deleting every log file 10 that kept track of what he had done while he was in the system. 11 After destroying that evidence, he unwound the reversion. 12 Schulte restored the system to how it had been just before he 13 hacked in, erasing that hour of time as if it hadn't existed. 14 Trying to cover his tracks, that proved how he stole our 15 nation's secrets. 16 The evidence will prove that Schulte sent that stolen 17 classified backup, a copy of all the sensitive projects of the 18 CIA's programming group, to WikiLeaks. 19 backup that he stole that day, was exactly what WikiLeaks 20 posted on the internet. 21 Because the very same And in the days that followed April 20, Schulte 22 started doing everything he needed to do to send that stolen 23 backup to WikiLeaks. 24 computer that let him hide his identity on the internet. 25 bought computer equipment to copy hard drives and transfer data He downloaded programs on his home SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 He 21 K243SCH1 Opening - Mr. Denton 1 without leaving a record on a computer. 2 verify if huge files had transferred successfully over the 3 internet, and how to destroy evidence at home, the same way he 4 did at the CIA, like when he downloaded a program to nuke his 5 hard drive. He researched how to 6 And you will see that when all was said and done, two 7 weeks after his digital break in at the CIA, after he had sent 8 that precious trove of national defense information to 9 WikiLeaks, Schulte tried to completely reformat his entire home 10 computer. 11 clean of any remaining evidence. 12 He did it in another attempt to wipe the computer And you'll learn that those things Schulte did on his 13 home computer are exactly what WikiLeaks tells people to do 14 when transmitting stolen secrets. 15 A few unhappy months later, Schulte finally resigned 16 from the CIA. 17 on March 7, 2017, when WikiLeaks started to post the sensitive 18 national security information that he stole. 19 He took a job here in New York. After the leak went public, the FBI immediately 20 started to investigate. 21 including Schulte. 22 And he was here Agents interviewed hundreds of people, (Continued on next page) 23 24 25 SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 22 K24Wsch2 1 Opening - Mr. Denton MR. DENTON: And Joshua Schulte thought he could do 2 the same thing that he tried to do at the CIA, talk his way out 3 of it. 4 obstruct the investigation by sending them down false paths. 5 But the evidence will show that when that didn't work and 6 Schulte was arrested and put in jail to stand trial, he decided 7 to escalate his information war. 8 phone in jail, started writing a report, promising to give them 9 classified information. 10 And so he lied again. Lied to the FBI. Tried to He got an encrypted cell He created accounts on social media to post articles he had written that had more secrets in them. 11 The evidence will show that Joshua Schulte was so 12 desperate to wage his information war that he even violated a 13 court order to conduct it. 14 specifically told him not to, he sent more sensitive material 15 from the government to a reporter. 16 jail, he wrote a detailed battle plan for the next campaign in 17 his information war. 18 campaign, the FBI caught him in the act. 19 prison. 20 plan to destroy evidence and leak secrets, and they put a stop 21 to it, preventing Schulte from spilling even more of our most 22 preciously guarded intelligence. 23 Twice. And after this judge In notebooks he kept in But before Schulte could launch that new They found his secret phone. They searched the They found his written Now, ladies and gentlemen, that is just an overview of 24 what the evidence in this trial is going to prove. 25 a little bit about how we're going to prove it, because the SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 Let me say 23 K24Wsch2 Opening - Mr. Denton 1 evidence is going to come in many forms. You'll hear testimony 2 from several different kinds of witnesses, like Schulte's 3 coworkers at the CIA, covert officers responsible for 4 developing those cyber tools. 5 group and its important work for our national defense and about 6 that secret network they used to do that work. 7 about Schulte's arguments in the workplace, his spiral out of 8 control, his quest for revenge. 9 found Schulte's abuses of his administrative control on their They'll tell you about their They'll talk They'll talk about how they 10 secret network, his violations of the trust necessary to do 11 their vital work, and how they tried to keep him from doing it 12 again. 13 You're also going to hear from agents, experts, from 14 the FBI who investigated Schulte's crimes, specialists in cyber 15 crimes, digital forensics, counterintelligence. 16 you about the investigation. 17 that the FBI analyzed the classified information that was 18 posted on WikiLeaks and they compared it to what was on that 19 CIA network, and you'll see how they determined that the stolen 20 information posted by WikiLeaks came from one spot, that same 21 specific March 3 backup of the system, the very backup that 22 Schulte stole, a backup that very few people knew where it was 23 or even that it existed. 24 knew exactly about it because he helped create it and so he 25 knew exactly how to steal it. They'll tell You'll learn from these witnesses But you'll learn that Joshua Schulte SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 24 K24Wsch2 1 Opening - Mr. Denton Those forensic experts will also walk you through what 2 Schulte did on April 20, 2016, the day he stole those secrets. 3 Even though Schulte tried to delete any trace of his theft of 4 sensitive, classified information, his footprints were left 5 behind. 6 computer memory of Schulte's own desktop at the CIA, in spaces 7 where bits of data stayed behind even when Schulte tried to 8 erase them. 9 The FBI's experts found them in the recesses of the You're also going to see a lot of exhibits, things 10 like documents and physical evidence. 11 emails and all the records of Schulte's personnel disputes at 12 the CIA and the things the CIA did to try and address them. 13 You'll see the log files from Schulte's own computer showing 14 him sending the commands to take their classified system back 15 in time to get his access back, to delete evidence of what he 16 had done, to undo his reversion to make it seem like it never 17 happened. 18 exact source of the national-security secrets posted on the 19 internet, showing that the last time anyone accessed that file 20 on the CIA's network was the evening of April 20, 2016, right 21 in the middle of Schulte's digital break-in. 22 For example, you'll see You'll see data about that March 3 backup for the You'll see video of Schulte when he was in jail using 23 that secret, smuggled cell phone. You'll read encrypted emails 24 he wrote to a reporter attaching classified information and 25 documents that Schulte had been ordered by the Court not to SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 25 K24Wsch2 1 2 Opening - Mr. Denton disclose. And finally, you're going to see and hear Joshua 3 Schulte's own words. You'll watch the defendant admit on video 4 to having abused his administrative access, and you'll see him 5 declare to a CIA investigator that he wanted his supervisors to 6 be punished for the ways that he thought they had wronged him. 7 You'll read notebooks that the defendant wrote in jail, his 8 plans for disclosing even more sensitive national-defense 9 information and long drafts he wrote of what he was planning to 10 disclose, drafts he wrote revealing secret CIA bases and 11 operations conducted by the CIA overseas, precious technical 12 details about the way the CIA collects intelligence on 13 America's adversaries, all written by Schulte as part of his 14 plan for leaking to the world. 15 And you'll read in his own words his plan for 16 information war, things he wrote, like "I will look to break up 17 diplomatic relationships, close embassies"; things he wrote, 18 like, "Top secret? 19 "Send all your government secrets here, WikiLeaks." 20 Fuck your top secret"; and things like, Now, as I said, and Judge Crotty told you as well, 21 this is just a preview to give you some context for what you're 22 going to see and hear over the next few weeks. 23 this trial, after all the testimony is in and the exhibits have 24 been received, we'll get another opportunity to talk to you 25 about how the evidence specifically proves the defendant's SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 At the end of 26 K24Wsch2 1 guilt. 2 the law. 3 things. Opening - Ms. Shroff And after that Judge Crotty's going to instruct you on For now, I'm just going to ask you to do three 4 First, pay close attention to all the evidence. 5 Second, carefully follow any instructions Judge Crotty 6 gives you on the law. 7 And finally, just use your common sense, the same 8 common sense you use every day to size people up, make 9 decisions. Apply that common sense when you assess the 10 evidence that you're going to see and hear here. If you do 11 those three things, you will give Joshua Schulte a fair and a 12 just trial. 13 the only conclusion that is supported by all that evidence, 14 that the defendant is guilty. 15 Thank you. 16 THE COURT: 17 Ms. Shroff. 18 MS. SHROFF: And if you do those three things, you will reach Thank you, Mr. Denton. The evidence does not fit. 19 battle plan. 20 here simply has it wrong. 21 crimes, and at the end of the day, you will see that he is not 22 guilty. 23 There is no information war. There is no The prosecution Mr. Schulte has not committed these Good morning, ladies and gentlemen. Along with 24 Mr. Zas and Mr. Branden, we represent Mr. Schulte, and I'm here 25 to tell you what really happened on March 7 of 2017, and the SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 27 K24Wsch2 1 Opening - Ms. Shroff time frame before that. 2 On March 7, 2017, a trove -- literally thousands and 3 thousands -- of documents, CIA documents, CIA information, 4 showed up on WikiLeaks. 5 these documents were important to the CIA. 6 were about the CIA's secret electronic surveillance programs, 7 documents that the CIA never wanted the world to know about and 8 certainly not documents that they would want published on 9 WikiLeaks. As you just heard the prosecutor say, These documents 10 This was front-page news. It was front-page news all 11 over the world, and it was news to the CIA. 12 idea -- no idea at all -- how these documents were leaked. 13 They did not know how, they did not know when, they did not 14 know why, and they certainly did not know who had done it. 15 Just bear in mind the first time they find out is on March 7, 16 2017. 17 these things, and nor does the government. The CIA had no And the reality is, today, the CIA still doesn't know 18 At the time of the leak and ever since, there was 19 tremendous pressure, nothing but heat and pressure, to hold 20 someone responsible, someone responsible for this leak, someone 21 to blame, someone to whom the government can point the finger, 22 to take the heat off the CIA for not knowing how these 23 documents ended up on WikiLeaks. 24 Schulte. 25 evidence will show he's an easy target and an easy lay-up for So the CIA blamed Josh He's an easy lay-up for them, you will see. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 The 28 K24Wsch2 Opening - Ms. Shroff 1 the CIA. 2 throughout this trial, you will come to that same conclusion. 3 But they're wrong. Mr. Schulte is innocent, and I remind you now, as Judge Crotty will remind you 4 again, Mr. Schulte does not bear any burden of proof. He does 5 not have to prove to you that he's innocent. 6 government's burden to prove to you, beyond all reasonable 7 doubt, that he is guilty of each one of the 11 counts he is 8 charged with, and they will never be able to do it because 9 Mr. Schulte is simply not guilty. It is the After almost three years, 10 this massive CIA leak still remains a mystery, a mystery of who 11 did it, how it was done, when it was done. 12 You see, the CIA had to work backwards to go back and 13 try to explain, try to figure out exactly how these documents 14 were copied, how they were taken, how they were taken out of 15 the CIA's system without anyone knowing how they got to 16 WikiLeaks and when and why it happened. 17 government try to piece together a string of facts, and you 18 will see that they will not be able to give you credible 19 evidence that Mr. Schulte is the one who did this. You will hear the 20 So let's start with how. The first question is how. 21 You're going to learn that the CIA and the FBI still 22 don't know how. You've heard now Mr. Denton say that these 23 documents were kept under lock and key; they were so secure 24 that the CIA's computer system and the CIA's building were 25 guarded, and its system, which is called the DEVLAN system, was SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 29 K24Wsch2 1 Opening - Ms. Shroff super secret. 2 It wasn't. It simply wasn't. The CIA's DEVLAN system 3 was not adequately protected. 4 opposite. 5 you hear from the CIA witnesses, you will hear it was called 6 the wide, wide west. 7 wasn't a protected system. 8 hundreds of CIA employees to have access, not just CIA 9 employees but third parties and individuals who contracted with In fact, it's quite the It was wide open, wide as the Sargasso Sea, and when People who worked at the CIA knew it It was a system that allowed 10 the CIA, who contracted with the CIA to do work for the CIA. 11 And this is not even to mention the many foreign countries and 12 the many foreign agents who all vie with each other -- and we 13 all know this, they all vie with each other to try and get each 14 others' information. 15 And it isn't just that the system was unprotected, 16 that it wasn't super secure or even adequately secure; it's 17 that everybody knew that it wasn't secure. 18 knew that the computer system was wide open; it lacked 19 controls, and any one of these people -- literally hundreds of 20 people, any one of these people could have and did have the 21 opportunity to take that information. 22 information had been gone for almost a year before the CIA even 23 realized that it had been gone, that it had been taken. 24 God's sakes, a whole year. 25 knowing that their super-secure system had been hacked. People at the CIA And remember again that For They went a whole year without SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 30 K24Wsch2 1 Opening - Ms. Shroff In the prosecution's opening, they gave you a theory. 2 They told you this is how they think Josh Schulte took it. 3 This is how they think Josh Schulte stole the information, and 4 that is what it is. 5 proof beyond a reasonable doubt. 6 see as the evidence unfolds that this is pure speculation on 7 their part. It's their theory. It does not come with And more than that, you will 8 Let's talk about when this happened. 9 Does the government even know when this happened? 10 They claim to, but let's just examine that. 11 WikiLeaks published the information on March 7, 2017. 12 government's theory is that the information was stolen almost a 13 year before that, leaked to WikiLeaks, and for a whole year, 14 WikiLeaks just sat on the information. 15 you to believe that this information -- this is national 16 defense information that everybody wanted, that the CIA worked 17 so very hard to keep secret -- was released to WikiLeaks and 18 WikiLeaks sat on that information -- sensational, mind-blowing, 19 news-creating information -- for a year. 20 sense to you? 21 information, give out the news, sits on information for a whole 22 year. 23 All they know is The The government wants Does that make any An organization that wants to spread When you have an explosive story, think about The New 24 York Times or The Wall Street Journal, they have a mind-blowing 25 story, do they sit on it for a year? It makes no sense. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 You 31 K24Wsch2 Opening - Ms. Shroff 1 do not sit on information to go stale for a year. 2 the information you have. 3 You release Not only is the government's story implausible, it 4 keeps changing. 5 that the government and the FBI agents first said that the data 6 was taken from the CIA in March of 2016. 7 a very specific time period of when they think this data was 8 stolen, March 7th or 8th of 2016. 9 and now they have told you, in fact, that their first theory 10 And you will hear about this. You will hear They identify for you But now they will tell you, was wrong. 11 You just heard the prosecutor say that the 12 information, according to him, was stolen in April. 13 he gives you a very specific date: April 20 of 2016. 14 one is right? 15 They do not know, and you will learn that the CIA actually has 16 no idea when this information, when this data was taken from 17 the CIA. 18 publication of this data, it is likely that the CIA even today 19 would not know that their data was taken. 20 Was it March? Was it April? In fact, So which They don't know. And I remind you yet again that but for WikiLeaks's So that brings us to the last questions, the questions 21 at the heart of this case: who and why? Lots of people -- lots 22 of people -- at the CIA, very sophisticated, clever, smart 23 computer nerds just like Mr. Schulte have all the skill set to 24 do exactly what the government tells you to believe Mr. Schulte 25 did. I want to remind you again and again that the CIA itself SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 32 K24Wsch2 Opening - Ms. Shroff 1 has no sense of what exactly was taken. 2 who and why? 3 blame, and they need to blame someone quickly because they've 4 sat on this, looked foolish for not having realized for over a 5 year that their crown jewels were stolen. 6 No. They work backwards and they find someone to You think the CIA can just say a year later: 7 Sorry. 8 Forgive us, and let's all move on"? 9 cannot. 10 11 So do they tell you We messed up. "Oops. We don't know how this got out there. So what do they say? No. Obviously they They say it was Josh Schulte, because as I've already mentioned to you, he is an easy target. Why? He's an easy target because when he worked for 12 the CIA, he antagonized almost every single person there. 13 antagonized his colleagues. 14 a difficult employee. 15 being a difficult employee does not make you a criminal. 16 difficult employee does not translate to being a traitor. 17 difficult employee does not translate to somebody who would 18 sell out their country. 19 He antagonized management. He was He really was a difficult employee, but A A Josh Schulte's not a traitor. So, for a minute, let me just talk to you about who 20 Josh Schulte is. 21 He was born in Lubbock, Texas. 22 four boys born to Roger and Deanna Schulte. 23 He Mr. Schulte was born in September of 1988. He's 30 years old. He's one of From a young age, Mr. Schulte showed a strong interest 24 in math and computers. He was a smart kid, and he really 25 wanted to serve his country. He went to University of Texas, SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 33 K24Wsch2 Opening - Ms. Shroff 1 applied for an internship and was an intern at the NSA, the 2 National Security Agency. 3 CIA, and in 2010, his dream came true. 4 CIA. 5 did important work, tracking down terrorists; wrote programs 6 and tools to enable the United States to get rid of terrorists. 7 By all accounts, he was talented. 8 hardworking employee, and he worked on some important CIA 9 projects. His dream was to be hired by the He was hired by the He worked on developing programs in counterterrorism. He He was a talented, 10 He was also a pain in the ass to everybody at the CIA, 11 and by the middle of 2016, Mr. Schulte became very dissatisfied 12 with his job and his colleagues and his management at the CIA. 13 He had disputes with his colleagues. 14 disputes. 15 management. 16 Mr. Schulte was unhappy about that, so unhappy that he 17 eventually decided he was going to leave his dream job and move 18 on. 19 the CIA, moved to New York, and that was in November of 2016, 20 November 10, 2016, four months before there's any leak of this 21 information onto WikiLeaks. 22 He didn't like the He didn't like the colleague. He complained to Management took the colleague's side, and yes, And he moved on. He found a job with Bloomberg. He left Unlike the CIA, Mr. Schulte had moved on from them. 23 At his new job, he made $200,000 a year, lived on 39th Street 24 and was doing fine. 25 to believe, that the government wants you to believe, a man who This is the person that the CIA wants you SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 34 K24Wsch2 Opening - Ms. Shroff 1 worked for government his entire life and who dedicated his 2 time and his energy to furthering the goals of the United 3 States, this is the man that they want you to believe was so 4 upset about fights at the CIA that he would literally throw 5 everything under the bus -- not just everything in terms of the 6 United States but everything that he now had in November of 7 2016 -- a new job, a new life, a new city; he would throw it 8 all under the bus because management had not supported him over 9 a year ago. 10 Look, they know that they have problems with the 11 WikiLeaks counts, as the judge has identified them, and you 12 will see those problems, and you will reach the only verdict 13 you can, which will be a verdict of not guilty, which is why 14 the government will focus a large part of its evidence on what 15 they will call the MCC counts. 16 evidence that Mr. Schulte was ever in contact with WikiLeaks. You will see that they have no 17 You will see that they have no evidence that WikiLeaks 18 was the first entity, person, government, foreign agency to get 19 that information. 20 evidence, so they will shift. 21 call his quote/unquote information war. 22 and convince you that Mr. Schulte is that person because that 23 is all that they have, and they will give you evidence in the 24 hope that it will make you think of Mr. Schulte as a bad 25 person. They will be able to give you no such And they will shift to what they They are going to try SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 35 K24Wsch2 1 Opening - Ms. Shroff Now, I've said this before and I'll say it again. 2 Mr. Schulte is a difficult man. 3 Mr. Schulte was incarcerated at the MCC, he was desperate. 4 really was desperate, desperate to prove that he was innocent. 5 He wanted the world to know he wasn't this person, he was not 6 the man who stole the information, he was not the man who 7 released the information to WikiLeaks, he had nothing to do 8 with that theft. 9 10 You will hear that after He So what does Mr. Schulte do? Mr. Schulte tries to go around and show the world that 11 he is innocent. 12 journal, he contacts the media to tell them, Look, I'm wrongly 13 arrested; I did not do this. 14 while sitting in the MCC. Does that mean that he stole the 15 information from the CIA? No. 16 And yes, he gets a cell phone, he keeps a Think about this. That is what Mr. Schulte does Think if you were Mr. Schulte, 17 wrongly accused, if you were in his shoes, sitting at the MCC 18 day after day hearing people say, This is the man, this is the 19 traitor, this is the guy who stole, would you be so desperate? 20 Would you be so upset? 21 and says I did not do this? 22 Would you be the person who reaches out That is what Mr. Schulte did. You may not like what Mr. Schulte did from the MCC, 23 but this case really isn't about whether or not you like 24 Mr. Schulte. 25 is a difficult person. It really isn't about whether or not Mr. Schulte It really isn't about whether or not SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 36 K24Wsch2 Opening - Ms. Shroff 1 Mr. Schulte was liked or disliked. 2 evidence, if you listen to the evidence on the WikiLeaks 3 counts, you will be no different than me. 4 the evidence simply does not show that Mr. Schulte had anything 5 to do with taking the information from the CIA and releasing it 6 to WikiLeaks. 7 If you pay attention to the You will see that The CIA still does not know, and as you hear the 8 government put in evidence after evidence, you will see that 9 they will never be able to tell you how the evidence was taken, 10 whether, in fact, WikiLeaks was the only entity that got it. 11 They will certainly never be able to show any relationship 12 between Mr. Schulte and WikiLeaks. 13 reasons, if you do as the government said -- just use your 14 common sense -- you will reach the only verdict that is proper 15 in this case, a verdict of not guilty. And for all of those 16 Thank you for listening to me. 17 THE COURT: 18 Call the first witness. 19 MR. DENTON: 20 21 Thank you, Ms. Shroff. Your Honor, the government calls Paul Rosenzweig. PAUL ROSENZWEIG, 22 called as a witness by the government, 23 having been duly sworn, testified as follows: 24 25 THE COURT: Please sit down, Mr. Rosenzweig. yourself right up to the microphone. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 Pull 37 K24Wsch2 Rosenzweig - Direct 1 THE WITNESS: Thank you. 2 Thank you very much. 3 THE COURT: Can I get a glass of water? Mr. Denton. 4 DIRECT EXAMINATION 5 BY MR. DENTON: 6 Q. Good morning. 7 A. Good morning. 8 Q. Mr. Rosenzweig, where do you work? 9 A. I work in Washington, D.C. 10 Q. And what do you do? 11 A. I principally have three jobs right now. 12 I'm a principal in my own private consultancy and law firm, 13 where I practice national security, cyber-security law as well 14 as some criminal defense law. 15 Q. And what are your other positions? 16 A. I'm also a senior fellow at the R Street Institute, which 17 is a think tank in Washington, D.C. 18 to propose new policies for consideration by the government. 19 The main one is We spend our time trying And my third job is as an adjunct professor -- professorial 20 lecturing was the official title -- at the George Washington 21 University School of Law. 22 Q. Is your current work in any particular field or specialty? 23 A. About 95 percent of what I do these days is in the broad -- 24 broadly defined area of cyber-security law and policy, issues 25 relating to the security of systems and the policy rules SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 38 K24Wsch2 Rosenzweig - Direct 1 relating to how we might better protect them. 2 Q. 3 background? 4 A. 5 clerkship, I spent the first seven years of my career as a 6 prosecutor in the Department of Justice in Washington, D.C. 7 Since then, I've been in and out of government and private 8 practice, back and forth. 9 counsel at a -- with a committee of Congress and the House of Could you tell us a little more about your professional Well, I graduated law school in 1986, and after a I did a stint as an investigative 10 Representatives. 11 investigation that looked at President Bill Clinton's conduct. 12 Most recently, in government, from 2005 to 2009, I was a deputy 13 assistant secretary for policy at the then brand-new Department 14 of Homeland Security. 15 Q. 16 WikiLeaks? 17 A. Yes, I am. 18 Q. How have you come to know about WikiLeaks? 19 A. Well, WikiLeaks has fed into my professional activity and 20 interests in three sorts of ways. 21 I was part of the independent counsel Mr. Rosenzweig, are you familiar with the website First, because I study and work in the national-security 22 field, I have been interested in and studied WikiLeaks because 23 of the effect that certain leaks of classified information on 24 WikiLeaks have affected national security of the United States. 25 Second, as a teacher of cyber security, I've been SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 39 K24Wsch2 Rosenzweig - Direct 1 interested in the ways in which information has been passed on 2 to WikiLeaks, I guess is the best way to say it, from where, 3 from what sources it came and how it gets to WikiLeaks and then 4 what they do with it. 5 Third, I've also had a position for a number of years as an 6 adjunct lecturer at the Northwestern University School of 7 Journalism, the McGill School of Journalism. 8 interested in WikiLeaks as a journalism phenomenon in terms of 9 how the disclosure of classified information in that forum has And so, I've been 10 kind of changed the nature of journalism, or is trying to 11 change the nature of journalism, today. 12 Q. Have you done research on WikiLeaks? 13 A. Yes, I have. 14 Q. How do you conduct research on WikiLeaks? 15 A. Well, because WikiLeaks is a relatively closed organization 16 with only a few known public members, most of the information 17 that you study about WikiLeaks to try and understand what it's 18 doing and how it operates comes from public sources. 19 prominent of them, of course, is WikiLeaks itself. 20 operate a website, WikiLeaks.org, and a Twitter that they said 21 are their public statement sources, so anything that's on 22 either of those is official. 23 Julian Assange, who frequently speaks in public about WikiLeaks 24 and his intent with respect to that organization. 25 The most They You can listen to their founder, Then, of course, there are lots of other areas in which SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 40 K24Wsch2 Rosenzweig - Direct 1 people have written about WikiLeaks and analyzed it, ranging 2 from reviews of certain of their prior large-scale disclosures, 3 publications that are related to national security, assessments 4 of what those mean and how they've affected the United States. 5 And then there's lots of secondary literature, people who 6 write, have written, about what they think WikiLeaks's intent 7 and meaning is and how it's going to do, why it does what it 8 does. 9 Q. Have you published any work related to WikiLeaks? 10 A. I have. 11 Q. Generally speaking, what have you published? 12 A. Back in 2010, 2011, when WikiLeaks first came to 13 prominence, I published a few articles about the application of 14 criminal law to WikiLeaks and potentially to Julian Assange and 15 how that might interact with First Amendment considerations. 16 In 2014, along with two of my teach -- co-faculty members 17 at the McGill School of Journalism, I co-edited a book that was 18 published by the McGill School of Journalism and the American 19 Bar Association, the title of which was Whistleblowers, Leaks, 20 and the Media, which was principally about WikiLeaks and also 21 about Edward Snowden and the phenomenon of those two events. 22 Q. 23 prepare for testifying in this case? 24 A. Yes, I have. 25 Q. Have you ever testified in court before? Have you conducted additional research specifically to SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 41 K24Wsch2 Rosenzweig - Direct 1 A. No, I haven't. 2 Q. Have you ever testified before Congress? 3 A. Yes, I have. 4 Q. Again, generally speaking, what did you testify about? 5 A. When I have testified before Congress in my personal 6 capacity, it's almost always been about cyber security-related 7 issues. 8 DHS, I probably testified a half dozen times, and there, the 9 topic matter ranged across all of the issues that are within When I was a deputy assistant secretary for policy at 10 the Department of Homeland Security's portfolio. 11 Q. 12 today and preparing to testify? 13 A. Are you being paid by the government for your time here Yes. 14 15 MR. DENTON: Rosenzweig as an expert on WikiLeaks. 16 THE COURT: 17 MS. SHROFF: 18 Your Honor, the government offers Paul Ms. Shroff. Your Honor, we object, and we'd like to voir dire. 19 THE COURT: You can have a short voir dire. 20 already ruled on this, but go ahead. 21 dire. 22 VOIR DIRE EXAMINATION 23 BY MS. SHROFF: 24 Q. 25 correct? I've You can have a short voir Sir, you testified that you've testified before Congress, SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 42 K24Wsch2 Rosenzweig - Direct 1 A. Yes. 2 Q. You've never testified as a WikiLeaks expert before 3 Congress, correct? 4 A. 5 generally, not about WikiLeaks specifically. No. 6 7 MS. SHROFF: Your Honor, could you instruct the witness to answer my question, please. 8 9 I have, however, testified about whistleblowers THE COURT: It will move along a lot faster if you listen to the question and just answer it. 10 THE WITNESS: Sure. 11 BY MS. SHROFF: 12 Q. 13 expert before Congress? 14 A. No. 15 Q. And you've never been qualified as an expert on WikiLeaks, 16 correct? 17 A. No. 18 Q. And in fact, you know no one in WikiLeaks, correct? 19 A. I don't know. 20 Q. And you've never talked to Mr. Assange, correct? 21 A. No. 22 Q. And you've never talked to anybody who represents 23 Mr. Assange, correct? 24 A. That's wrong. 25 Q. OK. So the answer is no, you've never testified as a WikiLeaks Who have you talked to that represents Mr. Assange? SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 43 K24Wsch2 Rosenzweig - Direct 1 A. I believe I've spoken with Mr. Ratner on a couple of 2 occasions in the past. 3 Q. You mean his lawyer? 4 A. Yeah. 5 Q. OK. 6 a lawyer would divulge any private information about 7 Mr. Assange to you, correct? 8 A. No, I didn't say that. 9 Q. Right. But certainly you're not suggesting to this jury that So you've never had -- I'll leave it alone. 10 Dr. Rosenzweig, is it fair to say that all of your 11 knowledge about WikiLeaks is derivative of public sources? 12 A. Yes, I think that is. 13 Q. Right. 14 WikiLeaks, churn it in your head and write about it, correct? 15 A. Analyze it, yes. 16 Q. Same thing. 17 A. Correct. 18 19 So you read what somebody else has written about Yeah. But that's it, right? MS. SHROFF: Your Honor, we object to Mr. Rosenzweig. He has no -- 20 THE COURT: 21 MS. SHROFF: OK. 22 MR. DENTON: Your Honor, may I approach? 23 THE COURT: 24 BY MR. DENTON: 25 Q. The objection's overruled. Yes, you may. Mr. Rosenzweig, I've handed you what's been marked for SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 44 K24Wsch2 Rosenzweig - Direct 1 identification as Government Exhibit 1702. 2 that? 3 A. Yes, I do. 4 Q. What is it? 5 A. It's a summary demonstrative exhibit that contains 6 information and pictures that will help me explain what I know 7 about WikiLeaks. 8 Q. Did you have help in preparing it? 9 A. I did. 10 11 I prepared it. MR. DENTON: Your Honor, the government offers Government Exhibit 1702 as a demonstrative. 12 MS. SHROFF: 13 THE COURT: 14 MR. DENTON: 15 Do you recognize We object, your Honor. Overruled. May we publish it to the jury, your Honor? 16 THE COURT: Yes, you may. 17 BY MR. DENTON: 18 Q. Mr. Rosenzweig, at a very high level, what is WikiLeaks? 19 A. Well, WikiLeaks is a self-described organization dedicated 20 to the publication and disclosure of confidential, classified 21 information. 22 uncensorable, untraceable, as a source of mass data sets. 23 Q. How does WikiLeaks disseminate its information? 24 A. Well, the principal method that it uses is a website, 25 WikiLeaks.org. It's been described by Julian Assange as SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 45 K24Wsch2 Rosenzweig - Direct 1 Q. What are we looking at on the screen here? 2 A. This is a screenshot of the front page of WikiLeaks.org as 3 it appears today. 4 Q. 5 information. You said a moment ago that WikiLeaks publishes classified What is classified information? 6 MS. SHROFF: 7 THE COURT: Objection. Overruled. 8 A. 9 States government has classified because its disclosure would 10 cause some form of harm to the national security interests of 11 the United States. 12 Q. 13 WikiLeaks. 14 Classified information is information that the United I want to talk a little bit about the background on MR. DENTON: Ms. Hurst, if we could go to the next 15 page, please. 16 Q. When was WikiLeaks founded? 17 A. WikiLeaks was founded in 2006 by Julian Assange. 18 Q. Who is Julian Assange? 19 A. Julian Assange is an Australian, a self-described 20 transparency advocate, who founded WikiLeaks for the public -- 21 for the purpose of providing a forum for the disclosure of 22 information he thought the public needed to know. 23 Q. When did WikiLeaks first post material? 24 A. Its first known public disclosure was in December of 20 -- 25 of 2006, when it disclosed information relating to Sheikh Ali's SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 46 K24Wsch2 Rosenzweig - Direct 1 decision or order to execute certain Somali government 2 officials. 3 Q. 4 the corner there's an image and then text that says WikiLeaks. 5 Do you see that? 6 A. Yes. 7 Q. What is that? 8 A. That's their symbol, but we put it on there just to 9 identify this as relating to WikiLeaks. Now, Mr. Rosenzweig, just looking at the screen here, in 10 Q. Just to be clear, WikiLeaks did not prepare this -- 11 A. Oh, absolutely not. 12 Q. After the first disclosure, in 2006, how would you 13 characterize the volume of material posted by WikiLeaks? 14 A. 15 millions of pages of information of various sorts and types. 16 It's impossible to get a precise number, but in the tens of 17 millions, for sure. 18 Q. 19 WikiLeaks disclosures that you consider especially notable? 20 A. 21 context of American national security, yes. 22 Q. Why are they notable? 23 A. In part, because of their volume; in part, because of their 24 large-scale effect on American national security and politics; 25 in part, because of the sensitivity of some of the things I prepared this. Well, from 2006 until today, they have disclosed tens of Based on your research, are there particular groups of There are certainly some that are especially notable in the SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 47 K24Wsch2 Rosenzweig - Direct 1 they've disclosed. 2 Q. Let's talk about some of those. 3 MR. DENTON: If we could go to the next page, please. 4 Q. Let's start at the top here, April 5, 2010. What did 5 WikiLeaks post then? 6 A. 7 sourced to the American military in Iraq, a U.S. helicopter. 8 What the video disclosed was, as the title that WikiLeaks gave 9 it, collateral murder, suggests, the accidental killing of a 10 number of Iraqi civilians as well as, it turns out later, two 11 journalists from Reuters who were also killed in the attack. 12 Q. And then next, July and October of 2010, what was that? 13 A. In July and October 2010, WikiLeaks published two groups of 14 documents known respectively as the Afghanistan and Iraq war 15 logs. 16 were essentially internal U.S. military logs and reports of 17 activity during the war in Iraq, everything ranging from 18 reports on patrols to reports on casualties to discussions with 19 Iraqis about assistance to the United States government. 20 Basically, the sum and substance of a lot of tactical-level 21 military activity on the ground. 22 Q. 23 a little more detail. 24 you've labeled Cablegate, what was Cablegate? 25 A. On April 5, 2010, WikiLeaks disclosed a video that had been There were, in total, about 450,000 of them, and these Now, I want to ask you about the other ones on this page in Looking at November 28, 2018, which 2010, Cablegate. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 48 K24Wsch2 Rosenzweig - Direct 1 Q. Sorry. 2 A. That was the disclosure of approximately a quarter million, 3 250,000, cables from the United States State Department. 4 United States -- a cable is really just a message, an email. 5 They call them cables because back in the old days they sent 6 them by trans-Atlantic cable, but it's essentially a message 7 from, say, the U.S. embassy in Germany to the secretary of 8 state saying, I just met with the minister of interior, and 9 this is what he said. The It's a report of that sort of 10 transaction. 11 Q. Where did the name Cablegate come from? 12 A. WikiLeaks gave the release that name. 13 Q. Where did the materials that were posted as part of 14 Cablegate come from? 15 A. 16 known as Bradley Manning and is today known as Chelsea Manning. 17 Q. How do you know that? 18 A. Ms. Manning admitted it. 19 Q. Did WikiLeaks's posting of these cables have an effect on 20 the United States? 21 A. It did. 22 Q. What effect did it have? They came from a U.S. Army private, who at the time was 23 MS. SHROFF: 24 THE COURT: 25 A. Objection. Overruled. Well, at the highest level, disclosure of confidential SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 49 K24Wsch2 Rosenzweig - Direct 1 communications within the State Department makes people less 2 willing to trust us, less willing to talk candidly to the 3 Department of State, since they don't know whether or not what 4 they are telling us in confidence is going to be held in 5 confidence by the government, or can be held in confidence by 6 the government. 7 More particularly, specific releases of information could 8 have individualized effect on the people mentioned in the 9 cables, their -- and their relationships with other people, who 10 would then know about their discussions with the United States. 11 MR. DENTON: Ms. Hurst, can I ask you to go to the 12 next page, please. 13 Q. 14 of the consequences you've described? 15 A. 16 pretty famous and well-known to describe how these leaks had 17 adverse consequences, I picked two out. 18 Have you identified a couple of particular examples of some Yeah. Simply as a way of picking out a couple that are The first is an effect that was had on our relationships 19 with Mexico. 20 Pascual, had sent back to the State Department a fairly 21 critical cable that suggested that there were very serious 22 weaknesses in the Mexican government; that we couldn't rely 23 upon them, that sort of thing, exactly the sort of candid 24 information you would want an ambassador to convey. 25 The U.S. ambassador to Mexico, a man named Carlos When that cable became public, the Mexican government was SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 50 K24Wsch2 Rosenzweig - Direct 1 upset. The Mexican president, Felipe Calderón, said that there 2 was severe damage to the relationship, and in the end, the U.S. 3 was obliged to re-call the ambassador to Mexico and replace him 4 with another in order to try and repair the relationship with 5 Mexico. 6 Q. Is re-calling an ambassador a significant event? 7 MS. SHROFF: 8 THE COURT: 9 A. Objection. Overruled. It is generally considered the most serious sort of 10 diplomatic event that can happen between two nations. 11 Q. 12 about that, please? 13 A. 14 the Free Democratic Party. 15 government. 16 largest, and so when Germany -- when one party doesn't get a 17 majority in a parliamentary government, they have to negotiate 18 a coalition with one of the smaller party members. 19 And then you've got another example here. Yes. Can you tell us Helmut Metzner was a member of the German FDP; that's Germany has a parliamentary The FDP is, was at the time the third or fourth Mr. Metzner was with the FDP, and he was providing the U.S. 20 embassy in Berlin with some insight into the ongoing 21 negotiations in the forming of a government in Germany at the 22 time. 23 the U.S. government was disclosed, he was fired from the FDP; 24 he'd been a rising star. 25 likewise, had said that it had significant difficulties and When his work with the U.S. government, his candor with He lost his job. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 And the FDP, 51 K24Wsch2 Rosenzweig - Direct 1 challenges working with the then U.S. ambassador, Ambassador 2 Murphy. 3 to work with that particular party especially. 4 Q. 5 identified before, but first, just as a matter of background, 6 are you familiar with the group Anonymous? 7 A. I am. 8 Q. What is Anonymous? 9 A. Anonymous is a decentralized, amorphous group of what -- And so there was a significant effect on our ability I want to talk about another WikiLeaks post you've 10 self-described hacktivists -- that's two words, "hackers" and 11 "activists," together -- who say that they do hacking for 12 political purposes, to make a political point. 13 first attack, hacking attack was on the Church of Scientology, 14 for example, because of its practices. 15 Q. Has Anonymous worked with WikiLeaks before? 16 A. It has. 17 Q. How do you know that? 18 A. Well, again, some Anonymous members have admitted so and 19 have said so publicly. 20 Q. 21 Anonymous in 2010? 22 A. 23 first part we've sort of already described. 24 became quite famous through a number of disclosures of public 25 information about the United States and really rose to Let's start with 2010. Their very What happened between WikiLeaks and Well, as we -- there are three parts to that, I think. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 The In 2010, WikiLeaks 52 K24Wsch2 Rosenzweig - Direct 1 prominence from its early beginnings. 2 generated a lot of attention, some of it positive and some of 3 it negative. 4 WikiLeaks had American -- America's best interests at heart. 5 That, naturally, A lot of American citizens didn't feel that One of the effects of that, the second part of this, is 6 that at the time, in 2010, WikiLeaks was using companies for 7 its services. 8 MasterCard; PayPal and MasterCard to get donations, Amazon for 9 web services, that sort of thing. It used PayPal and it used Amazon and it used Because of the adverse 10 reaction to WikiLeaks in the American public, Amazon, 11 MasterCard and PayPal all suspended their services to 12 WikiLeaks, pulled their services. 13 payments. 14 MS. SHROFF: 15 THE COURT: 16 MS. SHROFF: PayPal wouldn't process Your Honor, we have an objection. What's the objection? Well, first of all, your Honor, we ask 17 for a limiting instruction on these statements not being 18 admitted for the truth of the statements themselves. 19 20 Secondly, I think that the testimony being elicited is far beyond any expertise the witness has. 21 THE COURT: I'll grant the instruction. Much of your 22 objection deals with the offering of statements to prove the 23 truth. 24 that WikiLeaks made these statements, when they did so and how 25 the classified information was published. It's not offered for that purpose but only to establish That's the limiting SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 53 K24Wsch2 1 Rosenzweig - Direct instruction I'll provide. 2 After that, your objection is overruled. 3 Go ahead, Mr. Denton. 4 THE WITNESS: 5 So, the third part of this story is where Anonymous and WikiLeaks come together. 6 After the companies had stopped serving WikiLeaks 7 because of -- because of their activity, Anonymous, this group 8 of hacktivists, announced an operation. 9 Operation Payback or also sometimes known as Operation Avenge They called it 10 Assange, in which the hacktivists launched cyber attacks 11 against MasterCard, PayPal, and -- and they announced one at 12 Amazon, but then they didn't carry it out. 13 generally not successful, but they were part of a process by 14 which Anonymous offered support for WikiLeaks. 15 Q. And again, how do you know that? 16 A. Again, it's a matter of public record. 17 participants in Operation Payback have admitted to the 18 substance of what I've just described. 19 Q. 20 WikiLeaks? 21 A. 22 The attacks were The -- 14 of the Has Anonymous ever served as a source of information for Yes, it has. In 2012, a WikiLeak -- an Anonymous hacktivist named Jeremy 23 Hammond stole a series of emails from a private intelligence 24 research company called Stratfor. 25 companies with the same type of intelligence gathering and Stratfor basically provides SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 54 K24Wsch2 Rosenzweig - Direct 1 collection that they think national-security people provide. 2 They tell them what's coming, who is going to win elections, 3 that sort of thing. 4 them to WikiLeaks, which then published them. 5 Q. And again, how do you know that? 6 A. Hammond has admitted to that. 7 Q. So then let's move to a little more recently, if we can. 8 Was WikiLeaks doing anything in the summer and fall of 2016? 9 A. Hammond stole these emails and provided WikiLeaks was involved in two instances of publication of 10 information that were related to the 2016 national election. 11 Q. Was there substantial press coverage of these leaks? 12 MS. SHROFF: 13 THE COURT: Objection. Overruled. 14 A. Yes. 15 Q. Starting with the top, what came first? 16 A. Well, the first such release of information came from data 17 that had been stolen from the Democratic National Committee, 18 the committee that runs the democratic party and that runs the 19 nomination process for candidates of the democratic party. 20 The -- 19,000-plus emails were released in July, just on the 21 eve of the national convention, and another 8,000 were released 22 on November 6, just on the eve of the national election. 23 Q. And what next, down below that? 24 A. John Podesta was the chairman or manager of Hillary 25 Clinton's election campaign. He, too, was hacked, and over SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 55 K24Wsch2 Rosenzweig - Direct 1 200,000 pages of his files, all relating to the campaign, were 2 subsequently published by WikiLeaks, almost daily, beginning in 3 October and running right up to the Election Day in early 4 November of 2016. 5 Q. 6 general matter, did these leaks happen over time? 7 A. 8 happened essentially daily over that time frame. 9 Q. I think you've highlighted a couple of dates, but as a Yes. The -- certainly the ones with respect to Mr. Podesta Mr. Rosenzweig, what do you know about how those emails 10 were provided to WikiLeaks? 11 A. 12 private-sector cyber security firms. 13 from the Senate intelligence committee. 14 insofar as they're public, from the intelligence community and 15 FROM the special counsel who investigated these matters. 16 so, on that basis, I -- I guess the question was what do I 17 know? 18 I have reviewed public reports about those from I've reviewed reports, And I know that all of these are in -- 19 20 I have reviewed reports MS. SHROFF: Your Honor, we have an objection based on hearsay. 21 THE COURT: Overruled. 22 A. All of these are of the view that the information was 23 stolen from both the DNC and the Clinton campaign by elements 24 of the Russian government and passed to WikiLeaks through 25 various sources, notably one called Guccifer 2.0, which is a SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 56 K24Wsch2 Rosenzweig - Direct 1 hacker name for what appears to be a fictitious, nonexistent 2 person. 3 Q. 4 possession of sensitive information can get it to WikiLeaks? 5 A. Does WikiLeaks provide any guidance on how people in Yeah, they have a whole page on how to do that. 6 MR. DENTON: Let's take a look at that, Ms. Hurst, 7 please. 8 Q. Mr. Rosenzweig, where does this page come from? 9 A. This is a screenshot from the "submit documents to 10 WikiLeaks" web page as it appears today. 11 Q. 12 over time? 13 A. I was. 14 Q. How were you able to do that? 15 A. Well, as you know, the internet -- web pages on the 16 internet change daily sometimes, and so, there is a function, 17 an archive organization that takes old screenshots -- or takes 18 screenshots of web pages periodically and keeps them in an 19 archive. 20 you can search in the archive and ask it whether or not it has 21 a snapshot of, say, how the U.S. Attorney's Office's web page 22 looked in 2012 or how my personal website looks in 2015. 23 Were you able to determine whether this page has changed It goes by the name of the Wayback Machine so that MR. DENTON: We can go to the next page, Ms. Hurst. 24 Q. Mr. Rosenzweig, what are we looking at here? 25 A. This is the Wayback Machine-archived picture of the SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 57 K24Wsch2 Rosenzweig - Direct 1 WikiLeaks.org "submit documents to WikiLeaks" page in April of 2 2016. 3 Q. How has it changed from April of 2016 to today? 4 A. Well, insofar as I can tell, the only difference is that 5 the website address that you are asked to use to submit a leak 6 to WikiLeaks through has changed. 7 Q. Is that a normal website address? 8 MS. SHROFF: 9 THE COURT: Objection. Overruled. 10 A. It's different from the ones that most people commonly see. 11 It is what's known as a dot-onion address. 12 Q. What is a dot-onion address? 13 A. Well, it's a reference to a type of web browser called TOR, 14 which stands for The Onion Router. 15 that is anonymized and, therefore, difficult, if not 16 impossible, to trace connections to. 17 Q. 18 WikiLeaks tell people to submit information to it? 19 A. 20 Router, which -- it looks just like any other browser, like 21 your Safari browser or your Firefox browser or something like 22 that, but it has this anonymizing function built into it. 23 it tells people to first install TOR, The Onion Router, browser 24 on their computer, and then use this address, copy it into the 25 TOR browser in order to access the secure, untraceable upload A dot-onion address is one Generally speaking, looking at this page, how does Well, they tell people to use this browser, TOR, The Onion SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 So 58 K24Wsch2 Rosenzweig - Direct 1 site. 2 Q. 3 about how to contact WikiLeaks and what is TOR, and so on? 4 A. Yeah, I do. 5 Q. What are those? 6 A. Those are click -- boxes where you click on them and it 7 answers the question. 8 Q. Mr. Rosenzweig, do you see these boxes down at the bottom Let's take a look at some of those. 9 MR. DENTON: Ms. Hurst, let's go to the next page. 10 Q. What does WikiLeaks say about TOR? 11 A. Well, it describes it, as I just described it, as an 12 encrypted anonymizing network that makes it hard to intercept 13 internet communications. 14 you probably know, people track you. 15 can track you, and that's how Google sells you ads, for 16 example. 17 extent possible, and attempts to make it difficult to trace 18 who's accessing a website so that you can do so in an anonymous 19 way. 20 Q. How does TOR do that? 21 A. This is a graphic that was put together by the Electronic 22 Frontier Foundation, which is a pro-privacy organization that 23 advocates for all citizens to use TOR. 24 25 Today, if you go to a web page, as You get cookies, and they TOR eliminates that possibility, to the maximum What it does, what TOR does is essentially create a random network for each transmission to bounce your information from SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 59 K24Wsch2 Rosenzweig - Direct 1 your computer to the web -- to the server that's hosting the 2 website that you want to go to. 3 form so each of the steps is encrypted, and it goes through a 4 series of hops that make it difficult, along with the 5 encryption, to bait -- backward trace it. 6 Bob, the ultimate recipient of the information from Alice, 7 could not know that it was Alice who was sending him the 8 information. 9 MR. DENTON: It does so in an encrypted So in this diagram, If we can go to the next page, I want to 10 look at the other thing that WikiLeaks talked about. 11 Q. What is Tails? 12 A. Well, Tails is a -- when you boot up your computer, it runs 13 an operating system inside your laptop that starts it. 14 you're a Microsoft person, it's Windows. 15 person, it's the macOS. 16 If If you're an Apple Tails is an operating system that resides in a thumb drive, 17 and when you boot up your computer with Tails in the -- stuck 18 in the USB port, instead of running your Microsoft Windows or 19 your Apple OS, it will run the operating system from your thumb 20 drive. 21 The reason people use Tails is that even if you use the 22 anonymizing connection of TOR, you can still leave evidence of 23 your communication on your personal laptop. 24 something on my keyboard today, it will -- it could reside in 25 some forms of memory for quite some time. If I type in If I use Tails SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 60 K24Wsch2 Rosenzweig - Direct 1 instead, if I run the operating system just from the thumb 2 drive instead of from what's in my laptop, then there is no 3 memory, or there's much less memory, of what happened on my 4 laptop in the laptop itself. 5 creating anonymity, by removing the evidence from my laptop in 6 the same way that TOR eliminates it from my transmission across 7 the network. 8 Q. 9 Tails? And so it's another way of Just for the record, can you read what WikiLeaks says about 10 A. 11 capacity to do so, you can also access the submission system 12 through a secure operating system called Tails. 13 operating system launched from a UBS stick or a DVD that aims 14 to leave no traces when the computer is shut down after use and 15 automatically routes your internet traffic from TOR. 16 will require you to have either a USB stick or a DVD and at 17 least 4GB" -- that's gigabytes -- "big and a laptop or desktop 18 computer." 19 Sure. It says, "If you are at high risk and you have the MR. DENTON: Tails If we can go to the next page. 20 Q. Does Tails stand for anything? 21 A. Oh, sorry. 22 Tails is an Yes, it stands for The Amnesic Incognito Live System. 23 That's because it forgets what it is. There's no memory of 24 what it does, and it allows you to act incognito, anonymously. 25 Q. What is this page here that we're looking at? SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 61 K24Wsch2 Rosenzweig - Direct 1 A. This is the download page from which you can download the 2 latest version of Tails. 3 Q. And where it says Tails 2.2.1, what does that mean? 4 A. That's a version control, like, like Tails 2.1, Tails 2.2, 5 Tails -- it's just the most recent revision or release of the 6 system. 7 Q. And what's the date for that revision? 8 A. That revision is March 18, 2016. 9 that particular version of Tails. 10 MR. DENTON: So that's the date of If we could go to the next page, please, 11 Ms. Hurst. 12 Q. How does someone get Tails, Mr. Rosenzweig? 13 A. Pretty much the same way that one gets any application for 14 one's system. 15 on the link and the files download and then they get installed, 16 in this case on a USB rather than on your computer, but, in 17 effect, the operation is the same. 18 Q. 19 torrent file"? 20 A. Yes. 21 Q. Sorry. 22 A. Yeah. 23 You go to one of the download pages. You click Do you see on the left where it says "download Tails On the right. OK. Thank you. Yes, I do see the torrent, bit torrent download, yes. 24 Q. What is a bit torrent download? 25 A. Bit torrent is another way of downloading information. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 62 K24Wsch2 Rosenzweig - Direct 1 It's what's known as a peer-to-peer system, so instead of 2 downloading from a server, you download directly from another 3 host who can transmit it to you directly. 4 different way of downloading, really. 5 MR. DENTON: It's just a If we could go back to WikiLeaks for a 6 moment. 7 Q. Mr. Rosenzweig, what are we looking at here? 8 A. Well, this is another pop-up from the buttons below. 9 is further information that WikiLeaks provides to people who This 10 are contemplating sending it information on how to avoid being 11 discovered and preserve their anonymity. 12 Q. 13 tips, generally? 14 A. 15 works hard to preserve your anonymity, but we recommend you 16 also take some of your own precautions. 17 basic guidelines." 18 Q. Can you focus on No. 2. 19 A. It recommends, under "what computer to use," that "if the 20 computer you are uploading from could subsequently be audited 21 in an investigation, consider using a computer that is not 22 easily tied to you. 23 ensure you do not leave any reference of your submission on the 24 computer." 25 Q. Can you read what WikiLeaks says at the top, just under Sure. It says, I think accurately: "Our submission system Please review these What does it say under No. 2? Technical users can also use Tails to help Finally, if we could talk about the last part of SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 63 K24Wsch2 Rosenzweig - Direct 1 WikiLeaks's page here, what are we looking at? 2 A. 3 but it's recommendations on behavior. 4 Q. Well, this is what to do afterwards. It's not technical, I'm going to ask you to focus on Nos. 2 and 3. 5 MR. DENTON: If we could go to the next, page, please, 6 and try and blow those up. 7 Q. Can you read No. 2t for us? 8 A. Yes. 9 source, avoid saying anything or doing anything after It says: "Act normal. If you are a high-risk 10 submitting which might promote suspicion. In particular, you 11 should try to stick to your normal routine and behavior." 12 Q. And then No. 3, please. 13 A. "Remove traces of your submission. 14 source and the computer you prepared your submission on or 15 uploaded it from could subsequently be audited in an 16 investigation, we recommend that you format and dispose of the 17 computer hard drive and any other storage media you used. 18 particular, hard drives retain data after formatting which may 19 be visible to a digital forensic team. 20 sticks, memory cards and SSD drives -- retain daft even after a 21 secure erasure. 22 data, it is important to destroy the media. 23 are a high-risk source, you should make sure there are no 24 traces of the cleanup, since such traces themselves may draw 25 suspicion." If you are a high-risk In And flash media -- USB If you use flash media to store sensitive SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 If you do this and 64 K24Wsch2 Rosenzweig - Direct 1 Q. Now I want to put aside some of this technical stuff for a 2 moment, Mr. Rosenzweig. 3 MR. DENTON: If we could go to the next page. 4 Q. Has WikiLeaks actively solicited any particular type of 5 information? 6 A. 7 the leak of classified U.S. government information. 8 Q. Are there particular examples of that? 9 A. Well, I've noted two, a couple, here. Yes. They are -- they have in the past actively solicited They have had, from 10 the beginning, a most-wanted list of leaks that they would like 11 to have. 12 Crowdfunding page on which you can pledge money to pay for the 13 work that might go into securing a leak. 14 Q. These two quotes at the bottom here, who said those things? 15 A. Both of them are from Julian Assange. 16 Q. I want to ask you in particular about the bottom one, and 17 in particular, I guess it's the end of the second and most of 18 the third line. 19 system administrator to have a very significant change." 20 They have a crowd -- and they also have a It says, "It is possible now for even a single Are you familiar with the term "system administrator"? 21 A. Yes. 22 Q. Is that a technical term? 23 A. Yes. 24 Q. What does it mean? 25 A. Well, it is, generally speaking, the person who is in SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 65 K24Wsch2 Rosenzweig - Direct 1 charge of a computer IT system. He's the person who you go to 2 to recover your password. 3 change access rules so that you can get access to different 4 parts of the system. 5 Q. 6 able to determine any sort of patterns or consistent practices 7 with respect to WikiLeaks's posts of sensitive information? 8 A. 9 studied the ways in which WikiLeaks redacts and does not redact He's the person that you go to to He's the guy in charge. Now, based on your research, Mr. Rosenzweig, have you been Yes, I -- I've studied, to some degree, the -- well, I've 10 information that it hosts on the page. 11 Q. 12 top. 13 A. 14 paper, at its simplest form, that deletes, say, personal 15 information or the name of a person who sent a piece of 16 information. 17 cuts out a piece of it. 18 Q. 19 practices with respect to redactions? 20 A. 21 started -- WikiLeaks started out with almost no redaction 22 practices at all. 23 that almost anybody could upload to. 24 redaction practices have changed. 25 their releases so that they are -- how shall I say? Let's talk a little bit about that. Let's start at the What do you mean by redacting information? Well, redaction is essentially a black box on a piece of It is a restriction on the data that you get that And what have you been able to determine about WikiLeaks's Well, they're inconsistent. They've changed over time. They were actually just operating a Wiki Over time, their They've curated some of SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 It 66 K24Wsch2 Rosenzweig - Direct 1 They've curated some of the releases so that they have 2 attempted to remove some personal information from them, often 3 incompletely. 4 realize that they've released something that, maybe, could hurt 5 an individual, and they apply redactions later. 6 variable, I would say. 7 Q. Does WikiLeaks generate any original material? 8 A. Not that I know of. 9 Q. What do they post when they post classified information or Sometimes they make releases and then they It's quite 10 other leaks that they're disclosing? 11 A. 12 450,000 logs, they post the logs themselves, the actual texts 13 of the communication, the pictures of the communique that were 14 accompanying it. 15 the cables in their original form. 16 Q. 17 all of that material? 18 A. 19 typically conduct any real analysis. 20 let the people decide, to provide them with the full 21 information that they can. 22 Q. 23 talking about, has WikiLeaks ever worked with, like, The New 24 York Times, Wall Street Journal -- 25 A. WikiLeaks posts the raw information, so if they have a -- If they have cables, they post the texts of Has WikiLeaks made any statements about whether they review WikiLeaks has said that it doesn't traditionally -Its goal, in fact, is to In connection with some of these disclosures we've been Yes. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 67 K24Wsch2 Rosenzweig - Direct 1 Q. -- entities like that? 2 A. Yes, they have. 3 Q. Tell us a little about that, please. 4 A. Well, at times, WikiLeaks has partnered with traditional 5 media organizations in order to provide those media 6 organizations with advance looks at the material that they're 7 going to release. 8 publish at the -- simultaneously along with their analysis and 9 their own reporting about the leaks, what they mean, what they 10 think, you know, who it might have come from, why it's coming 11 out now, that sort of thing. 12 Q. 13 comes from? 14 A. No, they don't. 15 Q. What, if anything, has WikiLeaks said about steps they take 16 with regard to sources of information? 17 A. 18 their sources of information both through the anonymizing steps 19 that we've already talked about and by giving inaccurate, 20 incomplete or incorrect information about their sources in 21 their public disclosures as a way of obscuring or assisting in 22 obscuring the identity of their sources. 23 said that they public -- they've publicly said that they 24 publish inaccurate information about their sources on purpose. 25 Q. Those media organizations, in turn, then When WikiLeaks posts information, do they say where it In fact, they've said that they do their best to protect In short, they've As a general matter, across the body of WikiLeaks SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 68 K24Wsch2 Rosenzweig - Direct 1 disclosures, has WikiLeaks focused on any particular target? 2 A. 3 majority of the information that they've published is about the 4 United States. 5 have had a number of leaks, but the overwhelming majority is 6 American. 7 Q. 8 disclosure known as Vault 7? 9 A. I have. 10 Q. When did WikiLeaks first mention Vault 7? 11 A. February of 2017, February 4, to be particular. 12 Q. And what are we looking at here, Mr. Rosenzweig? 13 A. Well, as we said at the beginning, WikiLeaks has two 14 sources of putting information out. 15 we've been focusing on. 16 Well, it is statistically true that the overwhelming There are other countries in a number -- which Mr. Rosenzweig, have you become familiar with a WikiLeaks One is its web page that The other's its Twitter account. This is a screenshot of the February 4, 2017, Twitter feed 17 from WikiLeaks. 18 Q. 19 tweet? 20 A. No. 21 Q. And there is a question here, "What is Vault 7?" 22 WikiLeaks answer that question? 23 A. Not at this time, no. 24 Q. You called this a teaser. 25 A. Yes, they did, for a number of days. Did WikiLeaks release any material at the same time as this This was a teaser tweet. Did Did those teasers continue? SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 69 K24Wsch2 1 Rosenzweig - Direct MR. DENTON: Let's take a look at those, if we could, 2 Ms. Hurst. 3 Q. What came next? 4 A. Well, this is the next day: 5 kind of spooky picture. 6 Q. And again, where do these pictures come from? 7 A. I don't know. 8 Q. Who posted those -- 9 A. Oh, I'm sorry. WikiLeaks. "Where is Vault 7?" With a WikiLeaks posted them. I don't 10 know what the source, original source of this is. 11 Q. What next? 12 A. "When is Vault 7?" 13 Q. And if we could keep going, please. 14 A. "Who is Vault 7?" 15 that's Mr. Assange in the middle. 16 Q. Again, who posted that particular picture? 17 A. WikiLeaks posted it on February 7, 2017. 18 Q. If we could go to the next one, please? 19 A. This is the WikiLeaks post from February 8, "Why is Vault 20 7?" 21 Q. And one more, please. 22 A. And this is the February 9 post: 23 way to WikiLeaks?" 24 Q. 25 WikiLeaks posted these tweets, did it provide answers to these That was the next day, February 6. And this is, again, a picture of -- "How did Vault 7 make its Again, we've been talking about a lot of questions. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 When 70 K24Wsch2 Rosenzweig - Direct 1 questions? 2 A. It did not. 3 MR. DENTON: Then one more, please. 4 Q. When did WikiLeaks first release substantive material 5 related to Vault 7? 6 A. 7 "The release of Vault 7, part 1, year zero, inside the CIA's 8 global hacking force." 9 Q. That would be this, this picture here, on March 7, 2017, And then down below that, do you see where it says "CIA 10 Vault 7 year zero decryption pass phrase"? 11 A. Yes. 12 Q. What is the pass phrase? 13 A. Well, the pass phrase is the decryption phrase that you 14 have to type in to unencrypt the release, and the phrase they 15 used is "splinter it into a thousand pieces and scatter it into 16 the winds." 17 Q. Do you recognize that phrase? 18 A. Yes. 19 Q. Where does it come from? 20 A. It's attributed to JFK, John Kennedy, who said it after the 21 Bay of Pigs failure in Cuba when he said that he was -- he said 22 that he was so angry at the CIA that he was going to splinter 23 it into a thousand pieces and scatter it into the wind. 24 Q. 25 WikiLeaks? Was there more than one disclosure tied to Vault 7 by SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 71 K24Wsch2 Rosenzweig - Direct 1 A. Yes, there was. 2 Q. Now, in terms of your testimony today, Mr. Rosenzweig, did 3 you review any of the actual material released by WikiLeaks 4 under Vault 7? 5 A. No, I did not. 6 Q. Why not? 7 A. Well, two reasons. 8 expertise. 9 inactive security clearance, and my understanding is it's not 10 appropriate for me to look at things I'm not cleared to know 11 about. 12 Q. What material related to Vault 7 did you review? 13 A. I reviewed the WikiLeaks posts that released them and 14 announced them to the world. 15 MR. DENTON: First, that wasn't my area of And the second is that I continued to have an Let's take a look at those, if we could. 16 Q. What did WikiLeaks release from Vault 7 in March of 2017? 17 A. There were three releases in March of 2017: 18 that we've just discussed, which was the very first, "CIA 19 hacking tools revealed" announcement; and then the first of a 20 series of releases of particular, I guess, groups of 21 material -- on March 23, one known as Project Dark Matter, and 22 on March 31, one known as Marble Framework. 23 Q. 24 read what WikiLeaks described the Vault 7 release as on March 25 7? The first one If you could for a moment, Mr. Rosenzweig, could you just SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 72 K24Wsch2 Rosenzweig - Direct 1 A. "The WikiLeaks releases Vault 7 Marble," which is -- 2 Q. I'm sorry. 3 A. Oh, I'm sorry. 4 I meant March 7, on the left. I apologize. I probably misheard you. "A series of leaks on the U.S. Central Intelligence Agency 5 code named Vault 7 by WikiLeaks. 6 publication of confidential documents on the agency." 7 Q. I didn't mean to cut you off. 8 A. Sorry. 9 Q. If we can go back to the Marble Framework, please. 10 A. I misheard you. 11 It is the largest-ever "Today, March 31, WikiLeaks released Vault 7, Marble, 676 12 source code files with the CIA's secret, antiforensic Marble 13 Framework." 14 Q. Are you familiar with the term "source code"? 15 A. Yes. 16 Q. What is source code? 17 A. Source code are the lines of computer code that a computer 18 programmer will use to design, to create a program. 19 Q. 20 March 31, 2017? 21 A. Yes. 22 Q. About how many Vault 7 releases were there in total? 23 A. I think there were 26 in total. 24 Q. Let's take a look at the next set of them. 25 WikiLeaks release from Vault 7 in April of 2017? Did WikiLeaks release more information from Vault 7 after SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 What did 73 K24Wsch2 Rosenzweig - Direct 1 A. Weekly. On April 7, they released something known as the 2 Grasshopper Framework. 3 known as HIVE. 4 April 28 it was something called Scribbles. 5 Q. What about in May, Mr. Rosenzweig? 6 A. Only three in May. 7 Midnight along with one called Assassin that didn't make it 8 into the title. 9 Q. Did the leaks continue into June? 10 A. Yes. 11 Cherry Blossom. 12 Elsa, and June 29 was one known as Outlaw Country. 13 Q. If we could then talk about July. 14 A. They -- these are -- they continued on a more or less 15 weekly basis. 16 Dear Falcon. 17 UCL standing for Umbrage Component Library. 18 project known as Imperial. 19 Q. 20 where do these titles come from? 21 A. 22 the -- On April 14, they released something On April 21, 2017, it was Weeping Angel, and on May 5 was Archimedes. May 12 was After And on May 19, a project known as Athena. Five in June. June 1 was Pandemic. June 15 was June 22 was Brutal Kangaroo. June 28 was July 6 was Bothan Spy and another project called July 13 was High Rise. July 19 was UCL/Raytheon, July 27 was a Now, these titles that you're reading, Mr. Rosenzweig, I don't know. I assume that they are the CIA titles for 23 THE COURT: Don't assume. 24 THE WITNESS: 25 THE COURT: Huh. If you don't know, that's the answer. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 74 K24Wsch2 1 Rosenzweig - Direct THE WITNESS: I don't know. 2 BY MR. DENTON: 3 Q. What you're reading here, where did that come from? 4 A. Oh, I'm sorry. 5 their Twitter feed. 6 THE COURT: These are from WikiLeaks. They're from Members of the jury, let me remind you 7 these are offered not for the truth but for the fact that Wiki 8 made these statements. 9 MR. DENTON: 10 Not for the truth. Thank you, your Honor. Could we then talk about August, Ms. Hurst. 11 Q. What came in August? 12 A. August 3 was a release of a project called Dumbo. 13 10 was the release of a project called CouchPotato. 14 was the release of a project called Express Lane. 15 31 was one that the CIA called Angel Fire. 16 MR. DENTON: August August 24 And August And then September, Ms. Hurst, please. 17 A. Just one in September. Protego was released on September 18 7, 2017. 19 Q. 20 Mr. Rosenzweig? 21 A. There was another release that they called Vault 8. 22 Q. Talk about that then, please. 23 A. This is the last in the series. 24 it's the source code repository. 25 code repository for the CIA Hive project, and it was released After Vault 7, did WikiLeaks release any more information, It was called Hive, and It was styled as the source SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 75 K24Wsch2 1 Rosenzweig - Cross on November 29, 2017. 2 MR. DENTON: If I could just have a moment, your 3 Honor. 4 Q. 5 code repository. 6 about in connection with the earlier release? 7 A. 8 yes. 9 Q. Mr. Rosenzweig, you just read this here about the source Is that the same thing that we were talking The word -- yeah, it's -- source code is the same thing, Based on your research on WikiLeaks's publications, prior 10 to the Vault 7 and Vault 8 disclosures, did WikiLeaks ever 11 publish any source code? 12 A. As far as I know, they have not. 13 MR. DENTON: 14 THE COURT: 15 CROSS-EXAMINATION 16 BY MS. SHROFF: 17 Q. 18 WikiLeaks, correct? 19 A. Nothing further, your Honor. Ms. Shroff. Mr. Rosenzweig, you've never personally spoken to anyone at At where? I'm sorry. 20 THE COURT: 21 THE WITNESS: I didn't catch -- WikiLeaks. WikiLeaks. 22 A. No, not that I know of. 23 Q. Well, you'd know who you've talked to, correct? 24 A. Right, but I don't know who WikiLeaks members are. 25 don't announce themselves. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 They 76 K24Wsch2 Rosenzweig - Cross 1 Q. So your testimony today is you could have talked to 2 somebody from WikiLeaks -- 3 A. I don't -- 4 Q. -- but you just don't know? 5 A. Nobody has ever told me that they are a member of 6 WikiLeaks. 7 Q. 8 at WikiLeaks? 9 A. So as far as you know, you have spoken to no one who works As far as I know, I've never spoken to anyone who's told me 10 that they are from WikiLeaks. 11 Q. And you've never, obviously, worked at WikiLeaks, correct? 12 A. That's correct. 13 Q. You have no personal interaction with WikiLeaks, correct? 14 A. Correct. 15 Q. And all of the information that you have about WikiLeaks 16 comes from reading what other people tell you about WikiLeaks, 17 correct? 18 A. What WikiLeaks tells me about WikiLeaks, but yes. 19 Q. Well, not just what WikiLeaks tells you, right? 20 people tell you about WikiLeaks, correct? 21 A. Correct. 22 Q. And you've never had any personal interviews or any 23 interactions with United States officials regarding WikiLeaks 24 before, correct? 25 A. Before this interaction here? SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 What other 77 K24Wsch2 Rosenzweig - Cross 1 Q. Right. 2 A. That's correct. 3 Q. Right. 4 WikiLeaks, correct? 5 A. That's correct. 6 Q. The CIA's never consulted with you about WikiLeaks, 7 correct? 8 A. That's correct. 9 Q. Foreign nations have never consulted with you about So the FBI's never consulted with you about 10 WikiLeaks, correct? 11 A. That's correct. 12 Q. The State Department's never hired you as their expert on 13 WikiLeaks, correct? 14 A. Correct. 15 Q. And it's fair to say that you personally, as you testified, 16 do not know the contents of WikiLeaks's disclosures, correct? 17 A. That's correct. 18 Q. And you testified that that's because you have an inactive 19 clearance, correct? 20 A. And because it was outside my area of expertise, but yes. 21 Q. So what WikiLeaks releases is outside your expertise, 22 correct? 23 A. 24 expertise. 25 forensics. No. The substance of this release is outside my area of I'm not a computer scientist. I don't know the SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 78 K24Wsch2 1 Rosenzweig - Cross MS. SHROFF: Could you just pull up for me, please, 2 the various names the government had on the readout to each 3 program. 4 Q. 5 precluded you from reading anything about these leaks, correct? 6 A. That's one of the two reasons why I haven't read these -- 7 Q. Let's just focus on the first reason, the inactive 8 clearance. 9 A. Actually, that's the second reason, but yes. 10 Q. Then let's start with the second reason. 11 A. Yeah. 12 Q. So who grants you clearance? 13 A. The U.S. government. 14 Q. Who in the U.S. government? 15 A. My clearance is held by the Department of Homeland Security 16 at the moment. 17 Q. 18 your clearance, you worked for somebody in the Department of 19 Homeland Security, right? 20 A. I did. 21 Q. Right. 22 together after that, correct? 23 A. No. 24 Q. You didn't start a company together? 25 A. No. Let me see, starting on the Vault 7. Your testimony was you have an inactive clearance, which Right. Correct? Are you with me? And when the Department of Homeland Security holds Michael Chertoff, correct? And Michael Chertoff and you started a company SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 79 K24Wsch2 Rosenzweig - Cross 1 Q. Did you work for him? 2 A. I'm a senior adviser to a company that he started. 3 Q. Right. 4 A. He started it with his chief of staff, Chad Sweet. 5 for them now and then on projects. 6 Q. OK. 7 A. But I didn't start a company with him, and I'm not an 8 employee of his company. 9 Q. Are you a consultant to his company? 10 A. I'm an senior adviser to his company. 11 Q. What does that mean? 12 A. It means that at times if there are projects to which I can 13 add value, they will retain me as an additional participant, 14 independent of them. 15 large for me, I will refer it to them, because they're a big 16 company. 17 Q. 18 business, correct? 19 A. It's a cooperative business relationship, yes. 20 Q. And how much do they pay you, by the way? 21 A. Who? 22 Q. The Michael Chertoff company. 23 hour? I work If I get cases, matters that are too I'm a small, one-man shop. It's basically you give them business, they give you 24 MR. DENTON: 25 THE COURT: How much do they pay you an Objection. Overruled. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 80 K24Wsch2 Rosenzweig - Cross 1 A. They don't pay me by the hour. 2 Q. OK. 3 A. Depends on the size of the project. 4 Q. Give us a range. 5 A. The current project I'm working on right now will pay me 6 $25,000 this year. 7 Q. 8 homeland security, you are an expert for the Department of 9 Justice here, correct? What's the flat fee? Now, going back to the clearance that you said is held by 10 A. I've been retained by the Department of Justice, yes. 11 Q. Right. 12 correct? 13 A. That's correct. 14 Q. That's under the umbrella of the Department of Justice, 15 correct? 16 A. Yes. 17 Q. And they could certainly give you clearance to look at 18 these disclosures, correct? 19 A. I don't know. 20 Q. You don't know? 21 A. I don't know who would be authorized to grant me a 22 clearance to look at these matters. 23 Q. 24 would be one of the people who could give you permission to 25 look at them. And that's the United States Attorney's Office, I didn't ask you if you know who. I just asked you if they SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 81 K24Wsch2 Rosenzweig - Cross 1 A. I don't know if they have that authority. 2 Q. You're a national security expert, right? 3 A. I don't know who controls the security clearance for this 4 particular piece. 5 authorization is typically quite limited. 6 you're asking, that they -- the gentlemen there -- do not have 7 the authority to grant me that clearance. 8 Q. 9 sir. My experience is, actually, that I suspect, since I didn't ask you if the gentlemen there have the authority, I asked you if the Department of Justice had authority. 10 A. I don't know. 11 Q. OK. 12 get access to read any one of these disclosures, correct? 13 A. That's what I just said. 14 Q. OK. 15 hacking tools revealed. 16 disclosure, correct? 17 A. Correct. 18 Q. You don't know anything about what it disclosed, correct? 19 A. I -- nothing beyond what is on this -- what is -- what is 20 here, no. 21 Q. 22 were revealed, correct? 23 A. I do not know from this, no. 24 Q. Right. 25 released, correct? Let's just go with that. You don't know if you could Let's start with Vault 7 that he had you read, CIA All you saw is this particular So you don't even know if, in fact, the CIA hacking tools And you do not know if Project Dark Matter was SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 82 K24Wsch2 Rosenzweig - Cross 1 A. There have been -- 2 Q. No, no. 3 Project Dark Matter was actually released by WikiLeaks? 4 the question. 5 A. I have read public reports to that effect, yes. 6 Q. But you do not know? 7 A. I do not know personally, no. 8 Q. Right. 9 what the world knows. 10 Do you know or do you not know if anything about That's This is only about what you know, sir, not about MS. SHROFF: Let's turn to the next one, Marble 11 Framework. 12 Q. Again, you do not know, correct? 13 A. Only from public reports. 14 Q. It's a question about -- 15 A. No, because -- I mean, I'm sorry, but as an academic, I 16 rely exclusively on public reports. 17 that these did include hacking tools. 18 tools themselves, no, but -- 19 Q. So if the -- 20 A. But that, that is -- when you say you do not know, the 21 sources from which I normally gain information have told me so. 22 I have no reason to doubt them, but I have not verified them 23 any more than I know the results of the Iowa election tomorrow. 24 Q. 25 to know the results of the Iowa election, you could actually I have read public reports I have not examined the But that's not really true, correct? Because if you wanted SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 83 K24Wsch2 Rosenzweig - Cross 1 look at the tally of the Iowa elections, correct? 2 A. I don't think so. 3 Q. You couldn't? 4 A. I don't have them. 5 Q. OK. 6 reports. 7 Matter was, in fact, released by WikiLeaks, you would believe 8 The New York Post? 9 A. Not necessarily. 10 Q. So then you would make a decision as to whether or not you 11 would actually believe the secondary source about the leak that 12 is titled Project Dark Matter? 13 A. That's the function that I'm supposed to function at. 14 Q. Well, so -- 15 A. Evaluation of secondary sources. 16 conclusions. 17 Q. Well, you didn't check the primary source, correct? 18 A. I was asked -- I was told I cannot check this primary 19 source. 20 Q. No. 21 A. I did not. 22 Q. Right. 23 Framework, correct? 24 A. Correct. 25 Q. And you did not check the primary source for -- I don't have them. I would rely on public reports. So let's just keep going with your reliance on public If The New York Post told you that Project Dark Primary sources reach You did not check the primary source, correct? And you did not check the primary source for Marble SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 84 K24Wsch2 1 Rosenzweig - Cross MS. SHROFF: Next screen, please. 2 Q. -- Grasshopper Framework, correct? 3 A. Yes. 4 Q. In fact, all you know is that might just tell you about the 5 different kinds of grasshoppers there are in the government, 6 correct; you just don't know? 7 A. I only know what is on the screen. 8 Q. Right. 9 A. WikiLeaks has said that's not what it is. 10 Q. But you are basically reading a screen from WikiLeaks, and 11 that's it, correct? 12 A. That's correct. 13 Q. OK. 14 only, correct? 15 A. Correct. 16 Q. Right. 17 correct? 18 A. Correct. 19 Q. And if the secondary source is right, you are right, 20 correct? 21 A. Correct. 22 Q. And you decide which secondary source you are going to rely 23 on, correct? 24 A. In general, yes. 25 Q. Right. Now, you testified that you rely on secondary sources So if the secondary source is wrong, you are wrong, And you, it would be fair to say, have a specific SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 85 K24Wsch2 Rosenzweig - Cross 1 bias when you read a secondary source; all of us do, but 2 certainly you admit you do, right? 3 A. I don't know what you mean by bias. 4 Q. All right. 5 A. I have sources that I trust more than others based on prior 6 experience. 7 Q. Thank you. 8 A. Yes. 9 Q. All right. 10 Let's start with your prior experience. You're a lawyer, you testified, correct? 11 A. Yes. 12 Q. Right. 13 prosecutors here, by being a federal prosecutor, correct? 14 A. Yes. 15 Q. You worked for the United States Attorney's Office, 16 correct? 17 A. 18 section. 19 Q. Right. 20 A. Yes. 21 Q. And you worked for them as a prosecutor for about seven 22 years, correct? 23 A. Yes. 24 Q. OK. 25 called the Heritage Foundation, correct? No. And you started your career, much like the The Department of Justice environmental crimes Environment and natural resources division. You worked for the United States, correct? And after that, you went and got a job at something SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 86 K24Wsch2 Rosenzweig - Cross 1 A. That was many years later. 2 Q. As many years later as it was, you got a job at the 3 Heritage Foundation, correct? 4 A. That's correct. 5 Q. Tell the jury what is the Heritage Foundation? 6 A. It's a think tank in Washington, D.C. 7 Q. What kind of think tank? 8 A. I'm not sure what you mean. 9 advances generally conservative views on issues relating to It is a think tank that 10 everything from tax policy to education to national security. 11 Q. 12 right-wing think tank, correct? 13 A. I would call it a conservative think tank. 14 Q. Not a right-wing think tank? 15 A. Not when I worked there. 16 Q. I didn't ask you when you worked there or not. 17 to you is, is the Heritage Foundation known as a conservative, 18 right-wing organization? 19 A. I don't know. 20 Q. You don't know? 21 A. It is a conservative think tank. 22 conservative think tank, yes. 23 Q. 24 promoted. 25 Right. It's called, you would say, a conservative, My question It's a self-described Let's talk about what agenda the Heritage Foundation OK right? MR. DENTON: Objection, your Honor. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 87 K24Wsch2 Rosenzweig - Cross 1 THE COURT: 2 MS. SHROFF: 3 THE COURT: Sustained. Your Honor, it shows bias. Sustained. 4 BY MS. SHROFF: 5 Q. 6 the risk of gun violence? Is it fair to say, sir, that your bias includes minimizing 7 MR. DENTON: 8 THE COURT: 9 10 Q. It minimizes climate change, correct? THE COURT: Sustained. Try to stay to something relevant, please. 13 14 Sustained. BY MS. SHROFF: 11 12 Objection. MS. SHROFF: Your Honor, it is. Bias is always relevant. 15 THE COURT: The objection has been sustained. 16 BY MS. SHROFF: 17 Q. 18 that was from 2005 to 2009, correct? 19 A. Yes. 20 Q. And that was under President George W. Bush, correct? 21 A. Yes. 22 Q. And when you worked for George W. Bush, you worked on 23 issues about border security and immigration, correct? 24 A. Amongst many others, yes. 25 Q. OK. When you worked for the Department of Homeland Security, And when President Obama got the job after George SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 88 K24Wsch2 Rosenzweig - Cross 1 Bush, you were fired from that administration, correct? 2 A. 3 presidential term, yes. All political appointees leave their job at the end of a 4 5 MS. SHROFF: I move to strike, your Honor, and I ask that the witness be instructed to answer the question asked. 6 THE COURT: That was a good answer. The application 7 is denied. 8 BY MS. SHROFF: 9 Q. You were fired, correct? 10 A. No, I wasn't fired. 11 Q. You weren't fired by the Obama administration; you 12 continued to work for them? 13 A. 14 staff to President George W. Bush who told all political 15 appointees to submit letters of resignation that the Obama 16 administration was free to accept or reject, as they saw fit. 17 Q. They did accept yours, right? 18 A. A number of my colleagues continued on. 19 Q. Did they accept yours, sir? 20 A. Yes. 21 Q. Thank you. 22 Well, since you ask, I was asked to resign by the chief of Now, after you were let go by the Obama administration, you 23 then worked for Michael Chertoff or with Michael Chertoff; 24 that's when your relationship with Mr. Chertoff started, 25 correct? SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 89 K24Wsch2 Rosenzweig - Cross 1 A. Not immediately, no. 2 Q. Shortly thereafter? 3 A. It was about a year later that I took a senior adviser 4 position with them. 5 Q. 6 while you were working for the Bush administration, WikiLeaks 7 published many a material that was personally and 8 professionally embarrassing to the Bush administration? 9 A. I don't know about personally, but professionally for sure. 10 Q. Right. 11 publishing a copy of the standard operating procedures for the 12 Bush detention center, which is called Guantanamo Bay, correct? 13 A. That's correct. 14 Q. And George Bush wanted nothing more than to keep the 15 torture at Guantanamo Bay secret, correct? OK. And is it fair to say, sir, that throughout 2007, So WikiLeaks embarrassed the Bush administration by 16 MR. DENTON: 17 THE COURT: Objection. Sustained. 18 BY MS. SHROFF: 19 Q. 20 for the Bush administration, WikiLeaks was nothing but a thorn 21 in their side? 22 A. 23 characterize it that way. 24 Q. 25 important to keep Guantanamo Bay open and any information about Is it fair to say, sir, that for all the years you worked I wouldn't know how they would characterize it. I see. I wouldn't Did you not personally believe that it was SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 90 K24Wsch2 1 Rosenzweig - Cross it should not be shared with the American public? 2 MR. DENTON: 3 THE COURT: 4 MS. SHROFF: 5 THE COURT: 6 MS. SHROFF: 7 THE COURT: Objection. Sustained. Your Honor, may we have a sidebar? No. It's time for our lunch break anyway. No. No. No. Go ahead. 8 BY MS. SHROFF: 9 Q. You worked for Lawfare, correct? 10 A. I still do, yes. 11 Q. And in 2005, you wrote a blog or an article for Lawfare, 12 correct? 13 A. 14 you're referring to. 15 Q. 16 hysterical claims of prisoner abuse. 17 you? 18 A. Actually, no. 19 Q. OK. 20 A. But I certainly won't deny it if it's got my name on it. 21 Q. I see. 22 put it up for you so perhaps your recollection can be 23 refreshed. I write for them all the time. I don't know which one Yes. I'm referring to the one where you talked about the Does that ring a bell for So you remember writing an article. 24 MR. DENTON: 25 line of questioning. I'm going to Your Honor, I'm going to object to this SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 91 K24Wsch2 Rosenzweig - Cross 1 MS. SHROFF: It goes to his bias, your Honor. 2 THE COURT: 3 We'll go a little bit longer. The objection is overruled. What's the question, 4 Ms. Shroff? 5 BY MS. SHROFF: 6 Q. 7 WikiLeaks released information about the conditions at 8 Guantanamo Bay, you objected, correct? 9 A. To what? 10 Q. I'm sorry. 11 A. I'm sorry. 12 Q. The release of the information. 13 A. No. 14 Q. You didn't? 15 information and say that there was little evidence to back it 16 up and the information should not be made public? 17 A. In this article? 18 Q. No. 19 that not what your position was through the Bush 20 administration? 21 A. 22 could you read the quote again? 23 Q. 24 Bay abuse as frequent and hysterical claims with little 25 evidence to back them up. The question is during the Bush administration, when I objected to what? You did not object to the release of I'm just asking generally. I'm sorry. Right? During that time frame, is What is the quote that you're reading? Or You characterized, did you not, the claims about Guantanamo Isn't that correct? SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 92 K24Wsch2 Rosenzweig - Cross 1 A. 2 administration. 3 Q. 4 I put up for you? 5 A. Yes. 6 Q. You wrote that, right? 7 A. Yes. 8 Q. In the face of public information that WikiLeaks released 9 about the abuse at Guantanamo Bay, you wrote and called those This is from 2005, which is before I was in the Bush OK. You confused me by saying that. Could you take a look at the highlighted section that 10 claims frequent and often hysterical, correct? 11 A. 12 Guantanamo Bay information that you're talking about. 13 Q. 14 A. 15 No. This article predates WikiLeaks's release of the OK. So you've got the timing mixed up. (Continued on next page) 16 17 18 19 20 21 22 23 24 25 SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 93 K243SCH3 Rosenzweig - Cross 1 Q. Right. 2 administration took great umbrage at the release by WikiLeaks 3 of any information about Guantanamo Bay, correct? 4 A. I didn't participate in that. 5 Q. You worked for the Bush administration, right? 6 A. It's 300,000 political appointees in every political 7 administration. 8 that wasn't my issue. 9 Q. You are a WikiLeaks expert, sir. 10 A. I've been -- what do you want me to say? 11 I've been qualified as one, yes. 12 Q. 13 looked at all of the WikiLeaks posts, correct? 14 A. Correct. 15 Q. You read about their Twitter feed, correct? 16 A. Yes. 17 Q. You read about all of their exploits, correct? 18 A. Yeah. 19 Q. You put together charts, correct? 20 A. Yes. 21 Q. Right. 22 work that you did, you did not go back and check to see if 23 WikiLeaks released information about Guantanamo Bay during the 24 Bush administration. 25 A. Right. Let's try and see if you can help me out. The Bush WikiLeaks was not, during the administration, The judge has -- And to qualify as an expert, you went back and And you're telling this jury that in all of that I did not say that. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 94 K243SCH3 Rosenzweig - Cross 1 Q. I'm asking you the question. Did you or did you not, as 2 the WikiLeaks expert, for the United States of America, review 3 that information? 4 A. 5 the Bush administration. 6 Q. Okay. 7 A. That's correct. 8 Q. Throughout your time studying WikiLeaks, you personally 9 have advocated, have you not, for stringent criminal laws to WikiLeaks released information about Guantanamo Bay during Correct. Let's -- 10 prosecute Assange, correct? 11 A. 12 in this context, yes. 13 Q. And the context is to prosecute Julian Assange, correct? 14 A. That's the possibility that was being discussed, yes. 15 Q. And you advocated for that, correct? 16 A. Correct. 17 Q. Right. 18 correct? 19 A. I wrote several publications, yes. 20 Q. Right. 21 updated, correct? I have advocated for the application of the espionage laws And you wrote an online publication about that, In 2010, you argued that the laws should be 22 THE COURT: 23 MS. SHROFF: The law being? The law to prosecute Julian Assange. 24 Q. You advocated for that, correct? 25 A. The Espionage Act. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 95 K243SCH3 Rosenzweig - Cross 1 Q. Yes. 2 A. The Espionage Act is out of date. 3 Q. That's your personal opinion, correct? 4 A. It's mine and many others; but yes, it is mine. 5 Q. We're only talking about you, sir, today. 6 A. That's right. 7 Q. Okay. 8 A. Yes. 9 Q. Okay. It's yours, right? Congress hasn't listened to you and updated right 10 now, correct? 11 A. Not yet, no. 12 Q. So, in 2013, correct, you wrote an article about it, 13 correct? 14 A. I think it was 2010, but -- 15 Q. Okay. 16 the American government should shut down WikiLeaks, correct? 17 A. 18 article. 19 Q. 20 American government should shut down WikiLeaks? 21 A. No. 22 Q. You do not now think that the American government should 23 shut down WikiLeaks? 24 A. No. 25 Q. So as the WikiLeaks expert who just testified about all the In 2010, you wrote about it, and you thought that I don't remember what I -- what precisely I said in the All right. Well, you're here now. Do you think the SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 96 K243SCH3 Rosenzweig - Cross 1 harm to the United States, your position is that the United 2 States government should not shut down WikiLeaks? 3 A. No. 4 Q. Okay. 5 A. No meaning that the -- no, meaning you're correct. 6 not think today that the U.S. government should shut down 7 WikiLeaks. 8 Q. 9 remain up, correct? "No" meaning that's not your opinion? I do So according to your expertise, WikiLeaks website should 10 A. If that's the consequence of not shutting them down, yes. 11 Q. It should allow for the dissemination of information, 12 correct? 13 A. Some, yes. 14 Q. Well, only some? 15 A. I do not think that the U.S. government should be in the 16 business of shutting down a private organization. 17 however, that individuals in that private organization should 18 be responsible for what they publish, and if in doing so they 19 violate the law, then they should suffer those legal 20 consequences. 21 I do think, So what I've come to conclude is that there is a 22 balance between freedom and transparency on one hand and the 23 criminal law on the other. 24 answer for you. 25 Q. I see. So case-by-case basis is my best So, your testimony today is that WikiLeaks is a SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 97 K243SCH3 Rosenzweig - Cross 1 private organization. 2 A. It's not a governmental organization. 3 Q. Just a simple yes or no will do the job and will go faster 4 for you, sir, okay? 5 A. Yes. 6 Q. So it is a private organization? 7 THE COURT: Correct? He said it's a private organization. 8 Q. Right? 9 A. Yes. 10 Q. It releases information, correct? 11 A. Correct. 12 Q. And as you testified on direct, it works with other 13 newspapers at times to properly publish this information, 14 correct? 15 A. It has in the past, yes. 16 Q. So it's worked with The New York Times, correct? 17 A. In the past, yes. 18 Q. Right. 19 A. That's right. 20 Q. So it's worked with The Wall Street Journal, correct? 21 A. I don't remember that one. 22 Q. Okay. 23 what are the newspapers it's worked with. 24 A. 25 has work in the past with The Guardian in the U.K. You don't know what it's going to do in the future? Well, let's try, since you are the expert, tell us I know it's worked with The Times, The Washington Post, it SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 98 K243SCH3 Rosenzweig - Cross 1 Q. 2 correct? 3 A. Yes. 4 Q. Now, at times, when these other newspapers such as the ones 5 you just mentioned, for example, Washington Post, when The 6 Washington Post published information that you did not like, 7 you also wrote an editorial and called it "Stop Leaking," 8 correct? 9 A. Correct. 10 Q. Right. 11 transcript of President Donald Trump's phone calls with foreign 12 leaders, correct? 13 A. Correct. 14 Q. And you wrote with great umbrage and told The Washington 15 Post and others to stop publishing this information, correct? 16 A. Incorrect. 17 Q. Okay. 18 A. I said that the people who were releasing it to The Post 19 should stop doing so. The Post as a news organization is not 20 who I was talking to. It was to the members of the NSC who 21 were leaking the transcripts of the president's calls. 22 Q. 23 24 25 And you agree then now that WikiLeaks serves a purpose, Right. And that was The Washington Post that published a And -- THE COURT: Ms. Shroff, would this be a convenient place to break for lunch? MS. SHROFF: Whenever the Court wants. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 99 K243SCH3 Rosenzweig - Cross 1 THE COURT: 2 resume around 1:30. We're going to take a break now. 3 (Jury excused) 4 THE COURT: 5 We'll Mr. Rosenzweig, don't talk to the government's attorneys. 6 THE WITNESS: 7 THE COURT: 8 (Recess) 9 (Continued on next page) Wouldn't think of it, your Honor. Thank you. See you at 1:30. 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 100 K243SCH3 1 AFTERNOON SESSION 2 1:40 p.m. 3 4 (In open court; jury not present) THE COURT: Before we bring the jury in, Ms. Shroff, 5 is there something that happened at lunchtime that you want to 6 call to my attention? 7 8 9 10 11 12 MS. SHROFF: Mr. Gonzalez. THE COURT: Do you want to put it on the record? Put it on the record now, yes. MS. SHROFF: Your Honor, we had thought everybody, all of the jurors had left the courtroom. THE COURT: 14 MS. SHROFF: Yes. I was speaking to I believe my colleagues and my expert. 16 THE COURT: 17 MS. SHROFF: 18 the jurors had walked back in. 19 THE COURT: 20 MS. SHROFF: 21 I did call Should I put it on the record now? 13 15 Oh yes, your Honor. Yes. When I turned around, I saw that one of Yes. I told my expert to stop talking. And I, we all stopped talking, and then we called Mr. Gonzalez. 22 THE COURT: 23 MS. SHROFF: What do you want me to do? I don't want you to do anything. 24 letting you know. I forgot to let the government know. 25 wanted to let you know. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 I'm I just 101 K243SCH3 1 THE COURT: 2 MS. SHROFF: Do you know which juror it was? I think so. I think it was the juror 3 with the cane, because it took a while for the person to leave. 4 But I really was freaked out, so I didn't pay a lot of 5 attention to who it was, to be honest. 6 THE COURT: 7 MS. SHROFF: That's Ms. Gallo I think. I think it was the last alternate. 8 Somehow or other she had returned back to the courtroom for 9 some reason. 10 THE COURT: 11 MS. SHROFF: 12 I don't know. Honestly, I was talking toward my expert and when I turned is when I saw her. 13 14 Do you think she heard anything? THE COURT: Which voice were you using, your low voice, your medium voice? 15 MS. SHROFF: I don't have a low voice, your Honor. 16 is the one voice, the voice that my mother gave me. 17 I got. That's all I'm pretty sure she heard me, whatever I was saying. 18 THE COURT: 19 MS. SHROFF: 20 I do on cross. 21 don't remember. 22 It What were you talking about? I think I might have been asking how did I don't know. THE COURT: I mean, you know. I'm being serious now. I really If you were 23 transmitting confidential information or legal requirements, 24 legal information, I'd go one way. 25 am I doing, and trying to be Ed Koch, how am I doing. If you were just saying how SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 102 K243SCH3 1 MS. SHROFF: I don't know who Ed Koch is, but I don't 2 think I was transmitting. 3 just making general convo, normal stuff, like oh my God, I 4 can't believe I have to do this. I don't think -- I think we were 5 THE COURT: 6 I'm not going to do anything. 7 MS. SHROFF: 8 9 Okay. Well, you put it on the record. Thank you, your Honor. inadvertent, obviously. (Continued on next page) 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 It was truly 103 K243SCH3 Rosenzweig - Cross 1 (Jury present) 2 THE COURT: 3 MS. SHROFF: Ms. Shroff. Thank you, your Honor. 4 BY MS. SHROFF: 5 Q. 6 1702 that you helped prepare, okay? 7 A. Yes. 8 Q. If you could just take a look at the first page of the 9 demonstrative. Mr. Rosenzweig, I am going to turn to Government Exhibit 10 A. Yes. 11 Q. This is the compilation that you put together along with 12 the prosecutors, correct? 13 A. They assisted me in putting it together, yes. 14 Q. Okay. 15 or the WikiLeaks logo? 16 A. The WikiLeaks logo. 17 Q. So you took WikiLeaks' logo and implanted it on your 18 demonstrative; is that correct? 19 A. It's, yes. 20 Q. If you could, who chose these, OPCW Douma, Fishrot, Popes 21 Orders. 22 A. WikiLeaks did. 23 Q. Who picked it? 24 A. That's a screen shot of the first page as it existed on the 25 day I screen shot it. And the logo on the top-left side, is that your logo Did you pick it? So that, whatever was on the front page SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 104 K243SCH3 Rosenzweig - Cross 1 from WikiLeaks is what I depicted here. 2 Q. 3 together and sent it to the prosecutors, correct? 4 A. 5 yes. 6 Q. 7 about this, yes? 8 A. 9 well, yes. And is it fair to say that you put this compilation I gave them some ideas, they sent back a draft, I fixed it, You and the prosecutors e-mailed each other back and forth We spoke about it. I must have sent them an e-mail as 10 Q. If you could just take a look at the page that's titled 11 "notable leaks before 2017." 12 A. Yes. 13 Q. That's your compilation, correct? 14 A. That's correct. 15 Q. WikiLeaks has never put it together this way, correct? 16 A. That's correct. 17 Q. So the WikiLeaks logo on the left side is not really the 18 WikiLeaks logo. 19 A. That's correct. 20 Q. And you decided which one of these topics to highlight, 21 correct? 22 A. Yes. 23 Q. You could have picked any of them, correct? 24 A. I picked the most notable ones. 25 Q. Right. It's you putting the logo on there, correct? That you thought were most notable? SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 105 K243SCH3 Rosenzweig - Cross 1 A. That's correct. 2 Q. Okay. 3 where the WikiLeaks logo is on the left side, correct? 4 A. That's correct. 5 Q. So let's go to the one where it says WikiLeaks and 6 Anonymous. 7 correct? 8 A. I'm sorry, I don't understand. 9 Q. Okay. It's the same for almost every one of the pages You don't know anything about anonymous either, You ever met anybody who is in the Anonymous hacker 10 group? 11 A. Yes. 12 Q. Did you talk to them about putting this demonstrative 13 together? 14 A. No. 15 Q. So when you picked out this quote, "We Anonymous just 16 happen" blah, blah, blah, you decided to put that quote on, 17 correct? 18 A. That's correct. 19 Q. And nobody told you to have a different quote or put 20 something different on your demonstrative, because you only 21 discussed it with the government, right? 22 A. 23 yes, nobody told me what to put on. 24 Q. 25 leakers: overview." The government didn't tell me what to put on either. But Now, let's go to this page where it says "Instruction to SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 106 K243SCH3 Rosenzweig - Cross 1 A. There are two of those. Which one do you want? 2 Q. Let's start with the first one. 3 documents to WikiLeaks"? 4 A. Yes. 5 Q. That's on the WikiLeaks website, correct? 6 A. Correct. 7 Q. You never tried to upload a document to WikiLeaks, correct? 8 A. That's correct. 9 Q. And so you don't know if this actually works out properly, Do you see it says "submit 10 right? 11 A. Oh, no. 12 Q. I didn't ask you if you went to the web page. 13 if you know how to upload a document to WikiLeaks. 14 A. 15 the web page address does work. 16 Q. 17 actual process of uploading works. 18 correct? 19 A. That's correct. 20 Q. You don't know if it works, correct? 21 A. That's correct. 22 Q. Next one, "Instructions to leakers: overview." 23 A. Yes. 24 Q. When you talked about this IP address, you testified this 25 is an unusual IP address; is that right? I did go to the web page. I am asking You asked me if I uploaded documents, the answer is no, but I didn't ask you if the address worked. I am asking if the You've never tried it, SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 Right? 107 K243SCH3 Rosenzweig - Cross 1 A. I don't think I used the word "unusual." 2 Q. Okay. 3 A. It's not the typical one that the average citizen would 4 see. 5 Q. Okay. 6 A. It is a specific address for the Tor Onion network. 7 Q. So let's talk about this. 8 does Tor come from? 9 A. It was invented by the U.S. government. 10 Q. The United States government invented Tor? 11 A. Yes. 12 Q. Okay. 13 A. I think it was the Navy, but I'm not one -- I don't have 14 100 percent recollection. 15 Q. Right. 16 A. By the U.S. government. 17 the Navy. 18 Q. Who funds it now, Department of Defense? 19 A. Tor now? 20 an independent organization. 21 Q. Who contributes to its activity? 22 A. They take donations from people who use it. 23 them money if you wanted. 24 Q. Do you know if the Department of Defense helps them out? 25 A. I don't know. What word did you use? Tor and Onion network. Where Which part of the United States government? I think it was the Navy. So the Tor was invented by the U.S. Navy, correct? I am not 100 percent sure it was No, Tor is operated by the Tor Project, which is SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 You could give 108 K243SCH3 Rosenzweig - Cross 1 Q. Do you know if the State Department helps them out? 2 A. I believe they do. 3 Q. The State Department you know helps them out, correct? 4 A. No, I believe I've read reports that they do. 5 Q. Okay. 6 read, you then make a decision whether to believe them or not, 7 correct? 8 A. That's correct. 9 Q. Right. 10 A. I've never actually formed an opinion about that. 11 Q. You are testifying as the WikiLeaks expert today before 12 this jury. 13 A. You are asking me about Tor and its funding. 14 Q. Right. 15 A. Yes. 16 Q. You testified all about Tor when Mr. Denton was asking you 17 these questions, correct? 18 A. Yes. 19 Q. Did they ask you who funds Tor? 20 A. No, they didn't. 21 Q. Okay. 22 A. What about it? 23 Q. Who funds Tails? 24 A. I don't know. 25 Q. Did you ever try to find out, as the national security I believe I read reports that they do. But you testified before that whatever reports you So do you believe that report or you don't? But WikiLeaks is talking about Tor, right? How about Tails? SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 109 K243SCH3 Rosenzweig - Cross 1 expert that you are, who contributes money to Tails? 2 A. No. 3 Q. Okay. 4 before Congress, you never asked them or they asked you who 5 funds Tor, correct? 6 A. No. 7 Q. Okay. 8 according to you? 9 A. Who else besides WikiLeaks? 10 Q. Yeah. 11 A. Wide range of institutions and organizations. 12 malicious, like criminals and terrorists; some well meaning, 13 like journalists and protest groups. 14 Q. 15 York Times? 16 A. I don't know. 17 Q. How about Wall Street Journal? 18 A. I don't know. 19 Q. How about the Department of Defense? 20 A. I assume so, but I don't know. 21 Q. How about the State Department? 22 A. I don't know. 23 Q. How about you? 24 A. Yes. 25 Q. You use Tor? I am assuming that in all of the times you testified So let's talk about Tor. Who else uses Tor, So let's start with the well meaning. Some How about The New SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 110 K243SCH3 Rosenzweig - Cross 1 A. Yes. 2 Q. Okay. 3 Onion router." 4 this slide together? 5 A. This one? 6 Q. Right. 7 A. The graphic is from the Electronic Freedom Foundation, and 8 the Tor logo is from Tor. 9 Q. Right. 10 A. Yes. 11 Q. You had no idea if this is how Tor actually works, correct? 12 A. No. 13 Q. You don't know if Alice is really going through that plus, 14 plus, plus and getting to Bob or getting to Jane. 15 don't know anything about this demonstrative, correct? 16 A. 17 Tor operates. 18 those articles says it operates. 19 So, no, I don't code Tor. 20 Q. You don't know this is how it operates. 21 A. Yes, this is how it operates. 22 Q. You do know how Tor operates? 23 A. As I said, every secondary source that I know of says that 24 this is how it operates. 25 Q. Now, let's turn to this page that you see, "Tor the You testified about how Tor works. You put You put together this demonstrative, correct? In fact, you Literally thousands of articles have been written about how Okay. And this is a depiction of how every one of Including articles -- well. But yes, this is how it operates. So if you were to read a secondary source on heart SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 111 K243SCH3 Rosenzweig - Cross 1 surgery, you would know how heart surgery works, according to 2 you? 3 A. No. 4 Q. Okay. 5 use Tails? 6 A. I've tried it once, but no, I don't use it routinely. 7 Q. How about The New York Times? 8 A. Don't know. 9 Q. Wall Street Journal? 10 A. Don't know. 11 Q. Law 360? 12 A. Don't know. 13 Q. Daily News? 14 A. No, don't know. 15 Q. Washington Post? 16 A. Don't know. 17 Q. United States attorney's office? 18 A. I don't know. 19 Q. Let's go to the screen that says "instructions to leakers: 20 tips." 21 Let's move on from Tor. Let's move to Tails. You By the way, do you know if the CIA uses Tor? 22 A. I don't know. 23 Q. You read this, you testified about this page, correct, on 24 direct? 25 A. Yes. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 112 K243SCH3 Rosenzweig - Cross 1 Q. And basically, you read what was written on the screen, 2 right? 3 A. That was what I was asked to do, yes. 4 Q. And then you said that this is WikiLeaks' explanation, 5 correct? 6 A. I said this is what WikiLeaks has published. 7 Q. Okay. 8 A. Yes. 9 Q. Right. Beyond that, you don't really know much, right, 10 about this screen? 11 A. Like what? 12 Q. Well, you don't really know if it works, right? 13 person has a very large submission, with a complex format, this 14 is how you should move forward. 15 works, right? 16 A. I know what's here. 17 Q. Right. 18 juror knows by reading this screen? 19 A. In this particular screen, it's self-explanatory, yes. 20 Q. That's not what I asked you. 21 anything more than the average reader of this screen knows. 22 A. For this screen? 23 Q. Yes. 24 A. No. 25 Q. Okay. I'm sorry, I don't understand the question. That if a You don't know in if this I know they say contact us. So if a juror read it, you basically know what a I asked you if you know Let's go to the screen that says "solicitation of SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 113 K243SCH3 Rosenzweig - Cross 1 classified information." 2 "WikiLeaks as a whole, and Assange in particular, has actively 3 promoted leaking of classified information." 4 The first line that you have there, You just wrote that sentence up, right? 5 A. I wrote that sentence, yes. 6 Q. Okay. 7 A. That's my summary, yes. 8 Q. Right. 9 wrote that sentence? That's it, right, you wrote it? You put the WikiLeaks logo on there and then you 10 A. Yes. 11 Q. Okay. 12 those in, correct? 13 A. Correct. 14 Q. Okay. 15 A. Yes. 16 Q. And one of the quotes you chose was specifically about this 17 language about the CIA, right? 18 A. Correct. 19 Q. And you knew this case was about the CIA, correct? 20 A. Correct. 21 Q. And you work for the United States attorney's office, 22 correct? 23 A. I'm contracted to them as an expert witness, yes. 24 Q. By the way, how much do they pay you per hour? 25 A. $400 an hour. And then you pulled out two quotes, and you put And you chose the quotes, right? SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 114 K243SCH3 Rosenzweig - Cross 1 Q. $400 an hour to talk to them? 2 A. Yes. 3 Q. $400 every time you e-mail them? 4 A. I don't charge for every minute I spend. 5 Q. Okay. 6 A. Yes. 7 Q. Who paid for you to come up? 8 A. They'll pay, they'll reimburse me the expenses. 9 Q. Who pays for you to stay over? 10 A. The U.S. attorney's office will reimburse me for the 11 expenses. 12 Q. 13 right? 14 A. Yes. 15 Q. They paid you for researching the quotes? 16 A. Yes. 17 Q. They paid you for the compilation? 18 A. Yes. 19 Q. Let's look at the next screen where it talks about leak 20 practices. 21 redaction are inconsistent." 22 A. Yes. 23 Q. Your opinion, correct? 24 A. Yes. 25 Q. You're not a statistician, correct? $400 an hour to testify here today? Okay. And they paid you for putting all of this together, You said "WikiLeaks practices with respect to Right? SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 115 K243SCH3 Rosenzweig - Cross 1 A. Not a statistician, no. 2 Q. And you didn't contract out a statistician to help you come 3 to that conclusion, correct? 4 A. No. 5 Q. So basically, you looked at WikiLeaks, you couldn't figure 6 out a pattern to the redactions, so you said the redactions are 7 inconsistent, right? 8 A. No. 9 Q. You didn't see a pattern, right? 10 A. That's correct. 11 Q. Okay. 12 contact a statistician. 13 inconsistent? 14 A. No. 15 Q. Okay. 16 A. I reviewed all of them, and then I reviewed the other 17 people's analysis of them. 18 articles that have reviewed WikiLeaks' redaction patterns, and 19 most of those reach the same conclusion. 20 secondary sources that support this summary. 21 Q. 22 pattern of redactions, and then you decided that the pattern of 23 redaction was inconsistent? 24 A. 25 historical materials myself, and both of those led me to the Okay. So, when you didn't see a pattern, you didn't You just concluded that they were So tell us what you did. There is a longstanding series of So I also relied on So you looked at other people's analysis of the I looked at other people's analysis, I looked at the SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 116 K243SCH3 Rosenzweig - Cross 1 conclusion that WikiLeaks has been inconsistent in its 2 application of redaction rules. 3 Q. So if the underlying source is wrong, you are wrong. 4 A. This isn't a -- well, that's always true. 5 an underlying source. 6 WikiLeaks' website as well as reading secondary sources, so 7 it's not exclusively the secondary sources. 8 Q. 9 way to 2020, you made a graph and a chart, and then you came to But this isn't I read the original materials on So you looked at WikiLeaks' redaction pattern from 2006 all 10 this conclusion? 11 A. No. 12 Q. So, where is the math? 13 A. I don't think it needs math to say that something is 14 inconsistent. 15 Q. 16 stats, and you just didn't find a pattern, so you call it 17 inconsistent. 18 A. 19 conclusion. 20 we could have a discussion about that. 21 Q. 22 performs minimal, if any, analysis," again, your conclusion? 23 A. 24 the review of what WikiLeaks has published, and what others 25 have written about what they've published, yes. Exactly. So you didn't have any math, you didn't have any I think that anybody who reviews it would reach the same Okay. But if they wanted to say there was a consistency, All right. Let's move on. When you say "WikiLeaks My conclusion, that of the secondary sources, based upon SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 117 K243SCH3 Rosenzweig - Cross 1 Q. And you said "WikiLeaks does not review all leaked material 2 it posts." 3 A. That's what WikiLeaks has said. 4 Q. Right. 5 A. So I assumed that when they declare it -- perhaps they are 6 lying about that as well. 7 Q. Okay. 8 A. So perhaps it should say "WikiLeaks says it does not review 9 all leaked materials it posts." 10 You have no way to know that, right? But it seems to be consistent with their practices as 11 well. 12 Q. You think it's consistent? 13 A. What? 14 Q. You think it's consistent? 15 A. It appears as though they have not done that in the past. 16 Yes. 17 Q. 18 sometimes partners with traditional media organizations." 19 A. Correct. 20 Q. Right? 21 the identity of sources." 22 A. That's correct. 23 Q. And then you have "The vast majority of WikiLeaks 24 disclosures target the United States." 25 A. Okay. The next sentence you have, you have "WikiLeaks And then you have "WikiLeaks takes steps to protect Correct? Correct? Correct. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 118 K243SCH3 Rosenzweig - Cross 1 Q. Okay. Let's talk about that. The first set of documents 2 that WikiLeaks ever released had to do with what nation? 3 A. Somalia. 4 Q. And not America? 5 A. Somalia is not America, yes. 6 Q. One thing we agree on. 7 Somali rebel leader's plans to assassinate Somali government 8 officials, correct? 9 A. That's right, yes. 10 Q. It published information identifying a corrupt Kenyan 11 leader named Mwai, correct? 12 A. That's correct. 13 Q. Right. 14 right? 15 A. No. 16 Q. Okay. 17 documents revealing corruption in Peru around the management of 18 Peru's oil resources? 19 A. That's correct. 20 Q. You didn't put that in here either, right? 21 A. No. 22 Q. Published a report detailing a nuclear accident in Iran, 23 correct? 24 A. I don't remember that one. 25 Q. You didn't put it in? It published information about a That was in 2007 I think. And you didn't include that in your presentation, How about the fact that WikiLeaks published But I don't disagree with you. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 119 K243SCH3 Rosenzweig - Cross 1 A. No. 2 Q. Okay. 3 French company and the UAE, United Arab Emirates, correct? 4 A. I believe that's correct, yes. 5 Q. Of course it is. 6 A. No. 7 Q. Okay. 8 presidential campaign of Macron? Published documents related to arms deals between a You didn't put it in, right? How about all of those e-mails about the French 9 THE COURT: 10 MS. SHROFF: Of what? Emmanuel Macron. 11 Q. Did you put them in? 12 A. No. 13 Q. Oh. 14 A. The French president is France. 15 Q. Right. 16 A. No. 17 Q. So you have France, Peru, Iran, Africa. 18 of those in, right? 19 A. No. 20 Q. Let's keep going. 21 WikiLeaks publishes about non-governmental entities. 22 those at all, or no, skip those? 23 A. Not for this case, no. 24 Q. Not for this case? 25 A. No. What country is that? You didn't put that in either, right? You didn't put any How about all of the information SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 Focus on 120 K243SCH3 Rosenzweig - Cross 1 Q. You are the WikiLeaks expert, right? 2 fair and balanced opinion of WikiLeaks, right? 3 to support the government here. 4 just focus on what you didn't focus on. 5 How about Apple. You want to give a Or no, you want I'll take that back. Let's How about Apple's restrictive 6 contracts with the iPhone application developer that WikiLeaks 7 released. 8 A. No. 9 Q. How about documents that WikiLeaks released that relate to Did you talk about that? 10 the Church of Scientology? 11 A. No. 12 Q. By the way, did you do a harm analysis on those documents? 13 A. Not for this case, no. 14 Q. Ever? 15 A. No. 16 Q. Okay. 17 the internal power struggle with the Catholic Church? 18 A. 19 no, I did not include them. 20 Q. 21 WikiLeaks expert. 22 But there could be a whole ton of other countries, right? How about WikiLeaks' publishing of documents showing I did not include them. I mean, I just Googled it and found this. THE COURT: 24 MS. SHROFF: Q. But So, we have at least five or six governments, and I'm not a 23 25 I assume there is a question. Ms. Shroff, could you not testify, please. Sure. Sitting here today you are aware, right, that WikiLeaks SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 121 K243SCH3 Rosenzweig - Cross 1 publishes information all over the world, right? 2 A. It does. 3 Q. Okay. 4 You testified about that, right? 5 slide which looks like this one. 6 A. Yup. 7 Q. That started on February 4, correct? 8 A. Yes. 9 Q. As a WikiLeaks expert, do you know if the FBI follows the Let's turn to the WikiLeaks Twitter feed, shall we. You testified about the first 10 WikiLeaks' Twitter? 11 A. I do not know. 12 Q. Do you know if the CIA follows the WikiLeaks' Twitter? 13 A. I do not know. 14 MR. DENTON: 15 THE COURT: I am going to object to this, your Honor. Overruled. 16 Q. You testified, sir, that you did not read Vault 7 because 17 it was code, correct? 18 A. 19 and because that wasn't the subject of my expertise today. 20 it happens, I probably wouldn't understand the code if I did 21 read it, as I -- to the extent I understand what's in it, seems 22 it's beyond my understanding, yes. 23 Q. He's charged with stealing Vault 7 information, correct? 24 A. He who? 25 Q. Mr. Schulte. You don't understand code? No, I testified I didn't read it because it was classified SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 As 122 K243SCH3 Rosenzweig - Cross 1 A. I don't know which one Mr. Schulte is. 2 Q. Okay. 3 A. Oh, yeah. 4 Q. I simply asked if you knew that's what you knew the charges 5 to be. 6 A. That's what I understand the case is about, yes. 7 Q. And you testified that you wouldn't understand Vault 7 8 anyway because it was code, right? 9 A. I personally would probably not be able to understand it. 10 Q. Did you know that there's no code in Vault 7? 11 A. I don't know what's in Vault 7. 12 Q. Did you read The New York Times articles about Vault 7? 13 A. Probably did at the time they came out. 14 Q. Okay. 15 Vault 7? 16 A. I don't read The Journal regularly, no. 17 Q. Okay. 18 Vault 7, right? 19 A. Probably did when they came out, but I don't remember. 20 Q. And when you were retained here on this case, you knew it 21 was about Vault 7 and Vault 8, right? 22 A. Of course. 23 Q. And you took no steps to find out whether or not you were 24 able to read the disclosure of Vault 7 and Vault 8? 25 A. I didn't ask if you knew who Mr. Schulte was. Did you read The Wall Street Journal articles about So, you read The New York Times articles about I wasn't asked to, no. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 123 K243SCH3 Rosenzweig - Cross 1 Q. And you only did what you were asked to do, correct? 2 A. That's correct. 3 Q. Let's look at the slide where you have "How did Vault 7 4 make its way to WikiLeaks." 5 A. Yes. 6 Q. Okay. 7 WikiLeaks, right? 8 A. None. 9 Q. None. 10 A. No. 11 Q. You don't know if Russia sent it to WikiLeaks, correct? 12 A. No. 13 Q. You just put the slide on there because you thought it 14 would make a nice presentation? 15 A. No. 16 Q. Oh. 17 the CIA logo there, and the Twitter feed up top? 18 A. Yes. 19 Q. You took a screen shot and put it as part of your 20 demonstrative, correct? 21 A. Yes. 22 Q. And you testified that you did not read any single 23 disclosure, correct? 24 A. That's correct. 25 Q. Okay. You included that slide, correct? You have no idea how Vault 7 made its way to You don't know how it got to WikiLeaks, correct? Okay. Let's look at the next one. You see Vault 7, So you had no idea whether there's code, language, SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 124 K243SCH3 1 Rosenzweig - Cross articles, or whatever else is in each one of these. 2 Can you move to the next screen, please. Next one. 3 I am just going to ask you any one of these, right. 4 So Hive, Weeping Angel, Scribbles, After Midnight, Athena. 5 don't know what's in it at all. 6 A. That's correct. 7 Q. You don't know what's in them? 8 A. I only know what the Twitter feed says is in them. 9 Q. Right. Nobody asked you to verify? So as far as you know, there's no harm that you can 10 testify to from these leaks, correct? 11 A. I have no idea. 12 Q. Good to know. 13 You MS. SHROFF: You can take that down, thank you. 14 Q. Let me ask you this. As the WikiLeaks expert here today, 15 do you keep a list of all the awards and recognition that 16 WikiLeaks has received for its journalistic work? 17 A. 18 record, but I am aware of that, yes. 19 Q. You didn't put it in a slide show? 20 A. No. 21 Q. How many times was WikiLeaks nominated for the Nobel Peace 22 Prize? 23 A. I don't know the number. 24 Q. You are the WikiLeaks expert. 25 times it was nominated for the Nobel Peace Prize? I have reviewed all that. I keep a list, I don't keep a You don't know how many SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 125 K243SCH3 Rosenzweig - Cross 1 THE COURT: 2 MS. SHROFF: 3 THE COURT: I guess not. I withdraw that question, your Honor. Yes, I'm glad. 4 Q. Do you know how many other awards WikiLeaks has won? 5 A. Dozens. 6 Q. Dozens. 7 Media award? 8 A. Yes. 9 Q. How many times? 10 A. I think twice, but I'm not sure. 11 Q. And do you know what it won for? 12 A. I'm sorry, what what was for? 13 Q. What was the award for. 14 A. I don't remember. 15 Q. Didn't put it in the slide show? 16 A. No. 17 Q. 2013, it won an award; do you remember that? 18 A. Don't remember. 19 Q. Okay. 20 this case because your colleague was a professor of 21 Mr. Denton's, correct? 22 A. That's my understanding. 23 Q. So he asked his professor, and his professor sent him to 24 you, and you were delighted to make that introduction, correct? 25 A. Do you know it won the Amnesty International News Which disclosure; do you know? Mr. Rosenzweig, you were contacted as an expert for I don't know for sure. That's my understanding, yes. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 Yes. 126 K243SCH3 Rosenzweig - Redirect 1 Q. And you sitting here today have zero personal knowledge 2 about this case, correct? 3 A. Except what I've read in the indictment, that's correct. 4 Q. You've never met Mr. Schulte, correct? 5 A. As I said, correct. 6 Q. You've never spoken to Mr. Schulte, correct? 7 A. I don't believe so, no. 8 Q. Sitting here today, you have no idea if Mr. Schulte 9 accessed any information, let alone classified information, 10 correct? 11 A. I have no knowledge of that. 12 Q. And sitting here today, you have absolutely zero knowledge 13 about whether or not Mr. Schulte ever communicated with 14 WikiLeaks, correct? 15 A. I have no information on that. 16 Q. In fact, you have no idea how Vault 7 and Vault 8 got to 17 WikiLeaks, correct? 18 A. I do not. 19 MS. SHROFF: I have nothing further. 20 THE COURT: 21 MR. DENTON: 22 REDIRECT EXAMINATION 23 BY MR. DENTON: 24 Q. 25 you had conducted a harm analysis in this case. Mr. Denton. Very briefly, your Honor. Mr. Rosenzweig, Ms. Shroff asked you a moment ago whether SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 Do you 127 K243SCH3 Rosenzweig - Redirect 1 remember that? 2 A. Yes. 3 Q. Were you asked to do that? 4 A. No. 5 Q. I think you said you did what you were asked to do, right? 6 A. That's correct. 7 Q. What were you asked to do? 8 A. I was asked to provide the United States and the jury with 9 an overview of WikiLeaks, its history, past instances in which 10 consequences had been identified, and a summary of the 11 assertions it had made through the public -- through the 12 posting of information to its Twitter feed. 13 MR. DENTON: Ms. Hurst, can we put up Government 14 Exhibit 1702 and go to page five, please. 15 Q. 16 series of questions about time you spent in the Heritage 17 Foundation? 18 A. Correct. 19 Q. And about potential biases that the Heritage Foundation 20 might have? 21 A. Yes. 22 Q. In 2010, when President Felipe Calderón said WikiLeaks 23 caused severe damage to diplomatic relations, was he a member 24 of the Heritage Foundation? 25 A. Mr. Rosenzweig, do you remember Ms. Shroff asking you a No. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 128 K243SCH3 Rosenzweig - Redirect 1 Q. You were asked a series of questions about your time in the 2 Bush administration. 3 A. Yes. 4 Q. Who was president when Cablegate happened? 5 A. President Obama was president when that release happened. 6 Q. Did the fact that Barack Obama was president when this 7 happened affect your view of the consequences of the 8 disclosure? 9 A. No. 10 Q. Do you remember Ms. Shroff asked you some questions about 11 an article you wrote about leaking of a transcript to The 12 Washington Post? 13 A. Yes. 14 Q. Why was that something you were concerned about? 15 A. I was concerned because too many people were leaking 16 information to the press in response to perceived pressures, 17 what they perceived as necessity because of their disagreement 18 with President Trump's views. 19 Do you remember that? My point was that even if you thought that you didn't 20 like President Trump's policy, leaking classified information 21 like confidential calls with -- like the transcripts of 22 confidential calls with governments, was not the way to redress 23 that. 24 Q. What's problematic about leaking information like that? 25 A. Well, it breaks -- it breaks the classification SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 129 K243SCH3 Rosenzweig - Redirect 1 requirements, it's probably against the law, and in the end, if 2 we cannot, as I said with respect to the WikiLeaks leaks, that 3 we were talking earlier, if we cannot assure people we interact 4 with of the confidentiality of the discussions, people stop 5 talking to us. It degrades the government's ability to act. 6 MR. DENTON: Nothing further, your Honor. 7 MS. SHROFF: May I, your Honor? 8 THE COURT: 9 MS. SHROFF: 10 THE COURT: 11 No. You are excused, Mr. Rosenzweig. Your Honor, I have recross. Okay. (Witness excused) 13 MR. LAROCHE: 15 Direct, cross, redirect. Call your next witness. 12 14 No. Your Honor, the government calls Special Agent Steven Deck. (Continued on next page) 16 17 18 19 20 21 22 23 24 25 SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 130 K24Wsch4 1 Deck - Direct STEVEN DECK, 2 called as a witness by the government, 3 having been duly sworn, testified as follows: 4 THE COURT: Go ahead, Mr. Laroche. 5 MR. LAROCHE: Thank you, your Honor. 6 DIRECT EXAMINATION 7 BY MR. LAROCHE: 8 Q. Special Agent Deck, where do you work? 9 A. At the FBI office here in New York. 10 Q. And how long have you worked at the FBI? 11 A. Just a little over ten years. 12 Q. What's your current title? 13 A. My current title is special agent. 14 Q. Do you work within a particular division of the FBI? 15 A. I do. 16 in New York. 17 Q. 18 division do? 19 A. 20 the United States and then effecting investigations along those 21 lines. 22 threats here in the U.S., which are agencies, other countries' 23 version of the CIA that may have a presence here. 24 investigate them, arrest them if necessary, possibly expel them 25 from the country. I work within the counterintelligence division here And generally speaking, what does the counterintelligence So, we're charged with protecting the national interest of So we essentially investigate foreign-intelligence SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 So we 131 K24Wsch4 1 Deck - Direct And then we also investigate people who may have misused 2 their access to U.S. information, classified information, and 3 we call that espionage investigations. 4 Q. 5 counterintelligence division? 6 A. I do. 7 Q. Generally speaking, what is an FBI squad? 8 A. It's a group of about anywhere from approximately six to 9 ten people. Do you work on a particular squad within the It's called CD-6. We refer to them as squads. Private sector, most 10 of the time call them teams. Where we work, we address the 11 same threat, same type of investigations and normally have one 12 supervisor. 13 Q. You said you work on the squad CD-6, is that right? 14 A. Correct. 15 Q. What does that squad do? 16 A. So, we're tasked with investigating espionage-related 17 allegations, economic espionage, as well as unauthorized 18 disclosures. 19 Q. The unauthorized disclosure of what? 20 A. Classified information. 21 Q. Where is the squad CD-6 physically located? 22 A. We're at the federal building here in downtown Manhattan. 23 Q. Is that within the New York field office of the FBI? 24 A. It is. 25 Q. What are your responsibilities on that squad? SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 132 K24Wsch4 Deck - Direct 1 A. So, as an agent on that squad, we get leads and information 2 from our office in general and potentially other partners in 3 the U.S. intelligence agencies, and then we try to determine if 4 that information should be used to open an investigation, if it 5 rises to a certain threshold. 6 information and open an investigation, which could mean 7 conducting interviews, serving legal process, surveillance, to 8 determine whether or not the veracity of the initial allegation 9 was true. And then we'll take that 10 Q. 11 investigate the disclosure of classified information, correct? 12 A. Correct. 13 Q. What is classified information? 14 A. So, classified information is U.S. government information 15 that could -- if compromised, would be deemed damaging to U.S. 16 national-security interests. 17 Q. Are there different levels of classified information? 18 A. There are. 19 Q. What are they? 20 A. So, they're classified at different levels because the 21 contents of the information could damage U.S. national-security 22 interests differently. 23 secret and top secret. 24 25 One of the things I think you said your squad does is So the three levels are confidential, Confidential level, if disclosed, could cause damage to U.S. interests. Secret could -- is the next level up, could SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 133 K24Wsch4 Deck - Direct 1 cause serious damage to the U.S. national-security interests. 2 And then top secret information, if compromised, disclosed in 3 an unauthorized manner, would cause exceptionally great damage 4 to the U.S. 5 Q. Generally, where is classified information stored? 6 A. On either physical space if it's a hard-copy document, or 7 on computer systems that are rated or accredited for the nature 8 of that classification. 9 Q. Let's start with the physical space. What type of physical 10 space stores classified information? 11 A. 12 secure FBI space, so it can be there. 13 what's called our SCIF, so it's a sensitive compartmented 14 information facility where we process top secret information as 15 well as information at lower levels that are deemed more 16 sensitive. 17 Q. 18 that stored generally? 19 A. 20 networks of computers -- at the appropriate level. 21 Q. What do you mean at the appropriate level? 22 A. So, classified -- confidential information would be stored 23 at a system that's rated for that. 24 And a top secret information on a top-secret system. 25 higher class -- so everything under top secret could be So, we can have secret-level information in FBI offices or And then we also have And what about electronic classified information; where is Those are stored on internal information systems -- they're Secret, on a secret system. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 But the 134 K24Wsch4 Deck - Direct 1 processed on a top-secret system whereas top secret processed 2 on a secret system would be a spill and in violation of our 3 security policy as well as being a U.S. government clearance 4 holder. 5 Q. I think you used the word "spill," is that correct? 6 A. Yes. 7 Q. What did you mean by spill? 8 A. It's, in the government, what we describe as a mishandling, 9 misuse of -- or storage of classified information. So it could 10 just be you taking classified documents out of a secured space. 11 It could be you accidentally putting top secret material on a 12 secret system. 13 information existing outside of our systems that aren't 14 accredited to hold them. 15 Q. Generally, who is permitted to view classified information? 16 A. People who have a clearance at the appropriate level as 17 well as a need to know. 18 Q. 19 need? 20 A. 21 need to know, you would need a secret-level clearance. 22 then top secret, top secret. 23 Q. How do you get a security clearance? 24 A. It's a variety of methods, but based on your job 25 qualification, job description, you'll undergo -- for my It could also be secret or classified Let's start with clearance. What type of clearance do you So, if you want to use secret information and you have a SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 And 135 K24Wsch4 Deck - Direct 1 position, I need a top-secret SCI clearance, so I underwent a 2 background investigation, a polygraph, and then given where I 3 work, also a demonstrate a need to know to access that. 4 Q. Do you hold a security clearance? 5 A. I do. 6 Q. At what level? 7 A. Top-secret SCI. 8 Q. What does the SCI mean? 9 A. It's sensitive compartmented information, so it's a 10 controlled system within -- to further kind of contain more 11 sensitive information, whether it's at the secret or the 12 top-secret level. 13 Q. You also said "a need to know"; you used that phrase? 14 A. Correct. 15 Q. What do you mean by need to know? 16 A. Just because you have a security clearance at a certain 17 level doesn't mean you're just granted blanket access to all 18 information at that level, so it's just a way to further 19 restrict or kind of validate your ability to view the 20 information. 21 Q. 22 I want to switch gears a bit. Special Agent derrick, are you familiar with the terms 23 "Vault 7" and "Vault 8"? 24 A. I am. 25 Q. What do those terms refer to? SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 136 K24Wsch4 Deck - Direct 1 A. Those refer to a series of leaks put out during the year of 2 2017 by WikiLeaks on their website. 3 Q. 4 was published by WikiLeaks belonged to? 5 A. Yes, from the CIA. 6 Q. To be clear, did WikiLeaks make public statements in 7 connection with those leaks? 8 A. They did. 9 Q. But did they actually disclose information with those Do you have an understanding of who the information that 10 leaks? 11 A. They did. 12 Q. And how do you know that? 13 A. Because I visited the website and downloaded the 14 information. 15 Q. 16 classified information did WikiLeaks make on its website? 17 A. Approximately 26. 18 Q. Over what time period? 19 A. From around March 2017 to November of 2017. 20 Q. Did your squad, CD-6, participate in that investigation? 21 A. Yes, we did. 22 Q. What was the extent of your participation in the 23 investigation? 24 A. 25 website and download the information which they had released Approximately how many separate disclosures of CIA So, my role in the investigation was to visit the WikiLeaks SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 137 K24Wsch4 Deck - Direct 1 from the CIA to a computer so that we could document it for 2 evidentiary purposes. 3 Q. Let's talk about how you downloaded that information. 4 A. OK. 5 Q. You said that Vault 7 and Vault 8 releases were posted on 6 WikiLeaks's website, is that correct? 7 A. Correct. 8 Q. Generally, are FBI agents permitted to visit WikiLeaks's 9 website? 10 A. No. 11 Q. Why not? 12 A. Because it would be in violation of our security policy as 13 well as being a clearance holder, you're supposed to view 14 classified information, which the releases still were, still 15 are, on the correct system, which viewing it in the public 16 domain as a clearance holder would be in violation of that. 17 Q. Why is that a violation of your security policy? 18 A. FBI policy, because you need to view classified information 19 on a classified system and/or in a secure space. 20 Q. 21 of this investigation? 22 A. I did. 23 Q. How did you get that permission? 24 A. So, there was a conversation between my squad, my 25 supervisor, our security office and the attorney's office to Did you get permission to go to WikiLeaks's website as part SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 138 K24Wsch4 Deck - Direct 1 come up with a best method for the investigation to download 2 this information. 3 Q. Why did you talk to your security office? 4 A. Any time you're up against a security policy or need for an 5 investigative measure to kind of find a best practice for a way 6 to obtain information, you need to consult them. 7 Q. 8 download the Vault 7 and Vault 8 leaks? 9 A. It was. 10 Q. What were some of the parts of that plan? 11 A. So, one of the parts would be to obtain a separate computer 12 that wasn't connected, that wasn't a previous government 13 computer or connected to our network. 14 And based on those discussions, was a plan put in place to Another component was to just use public wi-fi and not a 15 government-attributable internet connection. 16 part would be to find the best way to store this unique piece 17 of evidence in the best way possible. 18 Q. 19 that you got a nongovernment computer, is that correct? 20 A. Correct. 21 Q. Why is that? 22 A. Just so that when we entered it into evidence, we wouldn't 23 be taking something from the network and essentially putting it 24 aside indefinitely. 25 information from the internet, which could potentially contain Let's talk about each of those steps. And the third I think you said And then also, we did not want to download SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 139 K24Wsch4 Deck - Direct 1 viruses or malware, to an FBI system. 2 Q. 3 the disclosures made by WikiLeaks? 4 A. I do. 5 Q. And what is that information? 6 A. They were information about CIA hacking tools and 7 cyber-exploitation tools. 8 Q. 9 a nongovernment computer? Do you have an understanding of what was contained within What, if any, impact did that have on your decision to use 10 A. Anytime you download something from the internet, you take 11 a risk. 12 to acquire, we wanted to take an extra -- many extra steps of 13 security to maintain the integrity of our systems as well as be 14 able to get the information and then store it properly. 15 Q. 16 to download the leak. 17 A. Correct. 18 Q. Why didn't you download the leak from an FBI facility? 19 A. So, anytime actions on the internet are traceable as well 20 as downloads, and we didn't want to use an FBI system. 21 given the type of information we were going to acquire, we 22 didn't want to use an FBI system to download the information 23 which could then be traced back to us and potentially implicate 24 the IP address and potentially other investigations. 25 Q. And then given what type of information we were going I think the second part of the plan was using public space Is that correct? And why would that be problematic for the FBI? SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 And 140 K24Wsch4 Deck - Direct 1 A. Because it would reveal a source's methods and potentially 2 negatively impact our ability to properly investigate things. 3 Q. 4 leak? 5 A. I did. 6 Q. And what location did you identify? 7 A. Starbucks. 8 Q. Why did you identify Starbucks? 9 A. Ease of use, quick wi-fi and reliability given the nature Did you identify a public location where you downloaded the 10 of what we were doing. 11 Q. 12 storing the computer in a certain location. 13 A. Correct. 14 Q. Can you describe that part of the plan? 15 A. So, we determined the best place would be the safe in my 16 supervisor's office, which is inside our SCIF, which is where 17 you would normally store top secret information. 18 locker, where we -- you know, you acquire anything related to 19 investigations, drugs, money, we store there. 20 credited to the secret level, and this had some top secret and 21 SCI information in it, so we needed to find a solution to be 22 able to store it in the best manner possible. 23 Q. When did you first go to Starbucks to download the leak? 24 A. In March of 2018. 25 Q. And how did you download the leak once you were there? And I think the third aspect of the plan, you said, was SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 Is that correct? Our evidence But it's only 141 K24Wsch4 Deck - Direct 1 A. I went to the -- used an internet browser, went to the 2 WikiLeaks website first. 3 download all the -- the large volume of information, so 4 WikiLeaks had also provided a torrent website, which is 5 essentially just -- it was about 15 hyperlinks that connected 6 to zip files to download the bulk of the information that they 7 released. 8 Q. What is a torrent website? 9 A. It's a -- it looked -- just a blank website, but it had 15 Didn't really see a quick way to 10 hyperlinks, and each time you clicked on one of the links, it 11 asked if you wanted to save the associated zip file. 12 I saw there were 15 of those, and then I just downloaded it 13 that way. 14 Q. And what is a zip file? 15 A. Zip file is just a way to compress information. 16 want to send a ton of files over an email or kind of website to 17 website, you can use software to compress that information in a 18 more easily storable format. 19 Q. 20 directly from the website? 21 A. 22 didn't see -- given the volume of the information, there 23 wasn't, to my appearance, a good way to capture all of it. 24 I knew of this -- from our investigation I knew of this torrent 25 address, which had been provided by WikiLeaks too, if you And then So if you Why did you go to the torrent instead of downloading it I did -- I tried -- I perused the website for a little and SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 And 142 K24Wsch4 Deck - Direct 1 wanted to essentially bulk download all the information. 2 Q. Did you download those zip files to the computer? 3 A. I did. 4 Q. And were you able to unzip those zip files? 5 A. I was. 6 Q. Were you able to download any of WikiLeaks's public 7 statements on that computer? 8 A. I was. 9 Q. And how did you do that? 10 A. Via screenshots. 11 Q. And you said you downloaded the zip files to the computer? 12 A. Correct. 13 Q. How long did that downloading process take? 14 A. Around an hour. 15 Q. And approximately how much data was found on those zip 16 files? 17 A. Approximately 1.4 gigabytes. 18 Q. After you downloaded the information on the computer that 19 day, did the classification level of that computer change? 20 A. It did. 21 Q. How did it change? 22 A. So, the computer -- we had just obtained it from a store, 23 and it was just any other computer you would buy. 24 as you store classification -- classified material on a device 25 like that, it immediately assumes the highest classification of SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 But as soon 143 K24Wsch4 Deck - Direct 1 the material contained within it. 2 Q. 3 download additional materials? 4 A. I did. 5 Q. Approximately when did that happen? 6 A. In May of 2018. 7 Q. And why did you go back to download additional materials? 8 A. Through the investigation, we determined that the zip files 9 which I had downloaded contained Vault 7, but it did not 10 contain the Vault 8 release, and we wanted to capture the 11 entirety of what WikiLeaks had put out there from March 2017 to 12 November of 2017. 13 Q. Were you able to download Vault 8 when you went back? 14 A. I was. 15 Q. How did you do that? 16 A. So, it was a lot less information. 17 to the release that WikiLeaks specified as Vault 8 and download 18 the singular files in that way. 19 like right click, save as. 20 Q. 21 that you downloaded the Vault 7 leaks? 22 A. I did. 23 Q. Did there come a time when you confirmed that you had 24 downloaded all of the Vault 7 and Vault 8 leaks onto that 25 computer? Did there come a time when you went back to Starbucks to I was able to just go It's just -- it's a kind of And did you download the Vault 8 leak on the same computer SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 144 K24Wsch4 Deck - Direct 1 A. I did. 2 Q. How did you do that? 3 A. So, I matched -- the first release on March 7 is a long web 4 page of about a few thousand embedded hyperlinks, so I went to 5 WikiLeaks's website. 6 had downloaded appeared to be the same. 7 all of the subsequent leaks were essential -- like a one- to 8 two-page summary of what WikiLeaks was going to release in 9 addition to the provided original documents from the CIA. 10 clicked through on WikiLeaks's website each of their press 11 releases, made sure I had those, and then also made sure that 12 in the downloads I had appeared each of the documents which 13 WikiLeaks had embedded. I scrolled through that to see if what I 14 MR. LAROCHE: 15 THE COURT: And it did. And then So I Your Honor, may I approach? Yes. 16 BY MR. LAROCHE: 17 Q. 18 marked Government Exhibit 1. 19 A. I do. 20 Q. And what is it? 21 A. That's the computer I used to download the Vault 7 and 22 Vault 8 releases. 23 Q. And how do you know it's that computer? 24 A. I purchased it. 25 space. Special Agent Deck, one of the things I've handed you is Do you recognize that? I used it, and it had been stored in our SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 145 K24Wsch4 1 2 Deck - Direct MR. LAROCHE: Your Honor, the government offers Government Exhibit 1 into evidence. 3 MR. BRANDEN: 4 THE COURT: 5 MR. LAROCHE: 6 (Government Exhibit 1 received in evidence) 7 BY MR. LAROCHE: 8 Q. 9 to see. 10 No objection, Judge. No. 1 will be received in evidence. Thank you, your Honor. Special Agent Deck, can you just hold that up for the jury Special Agent Deck, I've also handed you a binder that 11 contains Government Exhibits 2 through 16. 12 that? 13 A. I do. 14 Q. And have you reviewed this binder? 15 A. I have. 16 Q. And how do you know you've reviewed it? 17 A. Excuse -- sorry. 18 Q. How do you know you've reviewed it? 19 A. Oh. 20 material that I downloaded. 21 Q. And what is contained in Government Exhibits 2 through 16? 22 A. Information related to the Vault 7 release. 23 Q. And is that contained within Government Exhibit 1? 24 A. It is. 25 Do you recognize Sorry. Because I've reviewed the binder and also on the MR. LAROCHE: Your Honor, the government would offer SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 146 K24Wsch4 1 Deck - Direct Government Exhibits 2 through 16 into evidence. 2 MR. BRANDEN: 3 THE COURT: 4 No objection, Judge. They're received in evidence, 2 through 16. 5 MR. LAROCHE: 6 (Government Exhibits 2-16 received in evidence) 7 MR. LAROCHE: 8 Thank you, your Honor. You can put that to the side for a second. 9 Ms. Hurst, can you please publish to the parties, the 10 jury and the Court what is marked as Government Exhibit 2. 11 Q. 12 on your screen? 13 A. I do. 14 Q. What is this showing? 15 A. This is a screenshot from the release on March 7. 16 showing part of the Confluence software which was used, and 17 it's kind of a joint project, collaboration software. 18 would appear -- this release was a very long web page with a 19 lot of links taking -- that would go to their associated 20 address. 21 Q. And you said March 7. 22 A. 2017. 23 Q. And was this the first leak posted by WikiLeaks? 24 A. It was. 25 Q. And you said that there was a long list on this page, is Special Agent Deck, do you recognize Government Exhibit 2 It's So it And this is just a snippet of that. March 7 of what year? SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 147 K24Wsch4 Deck - Direct 1 that correct? 2 A. Correct. 3 Q. Where would that list appear if you were on the website? 4 A. If you would just keep scrolling. 5 Q. Scrolling in which direct? 6 A. Down. 7 Q. And where would that list appear? 8 A. Under directory departments, branches and groups. 9 Q. And could you click on parts of the list? 10 A. You could. 11 Q. What would happen if you clicked on parts of the list? 12 A. It would take you to whatever associated page that was. 13 Q. And did you download the information by clicking on those 14 parts? 15 A. I did not. 16 Q. Why not? 17 A. It was too cumbersome and time-consuming, especially when 18 we had the torrent address provided, which had been provided by 19 WikiLeaks's Twitter, verified Twitter account. 20 Q. 21 on this first March 7 leak? 22 A. 23 And you said cumbersome. Approximately how many links were Over a few thousand. MR. LAROCHE: 24 Exhibit 3. 25 Q. Ms. Hurst, can you publish Government Special Agent Deck, do you recognize Government Exhibit 3? SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 148 K24Wsch4 Deck - Direct 1 A. I do. 2 Q. What is this showing? 3 A. This is a continuation of the release on March 7 and the 4 Confluence page. 5 a WikiLeaks -- or a Wikipedia page or any sort of very 6 hyperlinked, content-heavy web page, and this is what that 7 represents. 8 Q. Did each of the lines on this page link to something else? 9 A. They do. 10 Q. What would happen if you clicked on one of these links? 11 A. It would take you to whatever associated web page was 12 embedded there. 13 Q. And again, this is from the March 7 leak, is that correct? 14 A. Correct. So just imagine you keep scrolling down like 15 MR. LAROCHE: 16 Government Exhibit 6. 17 Q. And again, what is this showing? 18 A. Continuation of the March 7 release, and what you would see 19 is in the Confluence software if you're on there for joint 20 project collaboration. 21 MR. LAROCHE: Ms. Hurst, can you please publish Ms. Hurst, can you please publish 22 Government Exhibit 6-1. 23 Q. What is this exhibit showing? 24 A. So, this is a screenshot of -- continuing from Confluence 25 of the transferring data using NTFS viewed previously -- on the SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 149 K24Wsch4 1 Deck - Direct previous exhibit if you had clicked on that hyperlink. 2 MR. LAROCHE: Ms. Hurst, if you can, could we please 3 put Government Exhibits 6 and 6-1 next to each other. 4 Q. 5 left link, it would bring you to the right, is that correct? 6 A. 7 clicked on that, it would have taken you, depending how you had 8 it set up, either a new tab or the same web page, but it would 9 have the information which it described. I'm sorry. Correct. 10 You said that if you clicked on one side of the If you -- the third-from-the-top link, if you had MR. LAROCHE: Let's zoom in on that. If we can go to 11 Government Exhibit 6 again and then zoom in on the third line 12 down, please. 13 Q. Is that the link you're referring to? 14 A. Correct. 15 MR. LAROCHE: Now we can go back to Government Exhibit 16 6-1. 17 starts "transferring data." 18 Q. 19 correct? 20 A. 21 Let's first focus on, please zoom in on the line that And that's tied to the link from the previous page, is that Correct. MR. LAROCHE: If you can zoom out again, please. 22 Q. 23 the middle that says secret/noforn. 24 25 Special Agent Deck, I want to focus you on the banner in MR. LAROCHE: Q. If we could zoom in on that, please. Do you recognize that banner? SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 150 K24Wsch4 Deck - Direct 1 A. I do. 2 Q. And what is it? 3 A. It's a classification banner at the secret level, and it 4 has -- the noforn is a dissemination caveat. 5 there's a lot of those, but this one means that it is for U.S. 6 government personnel only, not to be disseminated outside the 7 government. 8 Q. Did you put the banner on this page? 9 A. I did not. 10 Q. Was this banner present when you downloaded it from 11 WikiLeaks? 12 A. Essentially -- It was. 13 MR. LAROCHE: Ms. Hurst, you can take that exhibit 14 down. 15 Q. 16 leak, I believe, Government Exhibits 2, 3 and 6. 17 correct? 18 A. Uh-huh. 19 Q. And all of those came from the March 7 leak, right? 20 A. Correct. 21 Q. And that was the first disclosure made by WikiLeaks? 22 A. That's correct. 23 Q. How, if at all, were the subsequent disclosures by 24 WikiLeaks different? 25 A. Special Agent Deck, we talked about three exhibits from the Is that So, I described that release as just a very long web page SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 151 K24Wsch4 Deck - Direct 1 of a kind of collaboration site, similar to how -- ton of links 2 to, like, a Wikipedia page. 3 to two-page summary by WikiLeaks of what they were going to 4 release. 5 summary, they would have all of the original CIA documents. 6 All the other releases were a one- And then next to the article -- next to their MR. LAROCHE: Ms. Hurst, can you please publish 7 Government Exhibit 13. 8 Q. Special Agent Deck, do you recognize this? 9 A. I do. 10 Q. And what is this? 11 A. This is a, the Brutal Kangaroo user guide. 12 Q. What leak was this from? 13 A. This was on or about June 22, 2017. 14 MR. LAROCHE: Let's start at the top of the page, if 15 we could zoom in on the secret/noforn. 16 Q. What is that? 17 A. That's the banner classification identifying this document 18 at the secret/noforn level. 19 Q. And again, did you put the banner on this document? 20 A. I did not. 21 Q. Was this banner on the document when you downloaded it? 22 A. It was. 23 MR. LAROCHE: If you could zoom out again, please, and 24 then zoom in on the three lines starting "Brutal Kangaroo 25 program." SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 152 K24Wsch4 Deck - Direct 1 Q. Are you familiar with these terms? 2 A. I am. 3 Q. How are you familiar with them? 4 A. From my knowledge on the investigation, I know that Brutal 5 Kangaroo was a cyber tool developed and used by the CIA. 6 MR. LAROCHE: Put up page 4 of the PDF, please, 7 Ms. Hurst, and if we could just zoom in from the top down to 8 the paragraph that has an S, "the Brutal Kangaroo project 9 consists of." 10 Perfect. Thank you. 11 Q. First, let's just start with, there's a 1 and then U in 12 parentheses and scope. 13 A. That means unclassified. 14 Q. Are you familiar with those markings on classified 15 documents? 16 A. I am. 17 Q. Just generally, what do they designate? 18 A. So, if the overall classification of the document, which, 19 as you saw, was the banner line at the top and the bottom, 20 classifies it as secret or top secret, then even though -- if 21 there is unclassified information in the document, you must 22 delineate it as unclassified. 23 information regardless of what it's classified at. 24 Q. 25 of Brutal Kangaroo tool suite." What does that U in parentheses mean? Or you must portion mark all There's a 1.1 that reads, "System overview and description Can you read the paragraph SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 153 K24Wsch4 Deck - Cross 1 below that? 2 A. 3 networks by air gap jumping using thumb drives. 4 Kangaroo components create a custom covert network within the 5 target closed network and provide a functionality for executing 6 surveys, directory listings and arbitrary executables." "Brutal Kangaroo is a tool suite for targeting closed 7 MR. LAROCHE: 8 THE COURT: 9 Thank you. Brutal No further questions. Mr. Branden. CROSS-EXAMINATION 10 BY MR. BRANDEN: 11 Q. 12 attorney for Mr. Schulte. 13 A. OK. 14 Q. First of all, in March and May of 2018, on two specific 15 dates, you were tasked with essentially downloading Vaults 7 16 and 8 from the WikiLeaks website, correct? 17 A. Correct. 18 Q. And then as a result of downloading those Vault 7 and Vault 19 8, you were able to produce to the government exhibits 1 and 20 then 2 through 16 which were introduced here today, correct? 21 A. Correct. 22 Q. OK. 23 used at Starbucks, correct? 24 A. Correct. 25 Q. OK. Special Agent Deck, I'm Jim Branden. I'm a defense I just have a few questions for you. And exhibit 1 is the computer that you bought and then Nothing in the exhibits that were introduced on direct SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 154 K24Wsch4 Deck - Cross 1 through you would show how that information, the Vaults 7 and 8 2 information, was originally provided to WikiLeaks, is that 3 correct? 4 A. Correct. 5 Q. Is it also true that nothing in those exhibits would show 6 when that information was provided to WikiLeaks? 7 A. Not -- not to my knowledge. 8 Q. And finally, nothing in those exhibits or through your 9 investigation would specifically show who provided the Vault 7 10 and Vault 8 information to WikiLeaks? 11 A. Yeah. 12 13 Not to my knowledge. MR. BRANDEN: Thank you very much. 14 THE COURT: 15 MR. LAROCHE: 16 That's all I have, Judge. All right. Nothing further for this witness, your Honor. 17 THE COURT: 18 THE WITNESS: 19 (Witness excused) 20 THE COURT: 21 MR. LAROCHE: 22 THE COURT: 23 (Continued on next page) You're excused. Thank you very much. Thank you, your Honor. Call your next witness. Your Honor, may we approach? Yes. 24 25 SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 155 K24Wsch4 1 (At sidebar) 2 THE COURT: You're going to tell me that it's a 3 classified witness and you don't want to start at quarter to 4 three. 5 MR. LAROCHE: It's not that we don't want to start. 6 It just takes some time to get him up here. 7 with the marshals, it takes some time to get up here. 8 9 10 11 12 13 14 15 16 17 18 19 20 MS. SHROFF: The problem is Your Honor, may I just ask why it's necessary for the marshal to escort him to his seat? It doesn't seem needed. THE COURT: Access to the elevator is through the marshal's office. MS. SHROFF: Yes, but the marshal doesn't have to walk him into the courtroom. MR. LAROCHE: They have to bring him up through that access route, which I think takes some time. MS. SHROFF: No, I don't care when you start. I just don't want the marshal, or whoever it is, walking him in. THE COURT: They're going to walk through the door. The marshals aren't going to escort him through the courtroom. 21 MR. LAROCHE: 22 THE COURT: 23 MR. LAROCHE: 24 MS. SHROFF: 25 MR. LAROCHE: No. He's going to open the door for him. Yes. This door, the marshal's door? This one? We can confirm that, but that's our SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 156 K24Wsch4 1 understanding. 2 chair. I don't think he's going to walk him to the 3 THE COURT: 4 MR. LAROCHE: 5 MS. SHROFF: 6 MR. LAROCHE: 7 I don't think so. So we're going to start him tomorrow? I think it makes sense. By the time he gets up here, it's going to be three. 8 9 Why would he walk him to the chair? THE COURT: Listen, you have to do a better job of getting your witnesses up here. We're not going to waste 15 10 minutes every time you have a witness. 11 the witness room. 12 MS. SHROFF: You can stick him in You don't know who they are, right? It's 13 kind of hard to accost somebody when you don't know who they 14 are. Just saying. 15 MR. LAROCHE: Well, you never know. 16 Understood, Judge. 17 (Continued on next page) 18 19 20 21 22 23 24 25 SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 157 K24Wsch4 1 (In open court) 2 THE COURT: All right. The parties agreed to adjourn 3 for the day, so we're going to close. 4 3:00. 5 6 We're going to end a little bit sooner. You heard what I said. case. 7 Don't do any research on the Don't talk about the case. Keep an open mind. We'll resume tomorrow morning at 9:00. 8 time. 9 coming early. 10 Normally we'd end at Try to be on We'll have breakfast and a little snack, a reward for We'll get started at nine and we'll break at 3:00 for the day. 11 Thank you very much. 12 (Continued on next page) Safe home tonight. 13 14 15 16 17 18 19 20 21 22 23 24 25 SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 158 K24Wsch4 1 (Jury not present) 2 THE COURT: 3 Anything you want to take up? 4 Mr. Laroche. 5 MR. LAROCHE: 6 THE COURT: 7 MS. SHROFF: 8 THE COURT: 9 10 11 OK. No, your Honor. All right. See you tomorrow morning at 9:00. Will the first witness tomorrow have protective measures coming in? MR. LAROCHE: 13 THE COURT: 14 MR. LAROCHE: 15 THE COURT: 16 MR. LAROCHE: 17 THE COURT: 18 MR. LAROCHE: Yes, your Honor. Limit the attendance of the courtroom. Yes, your Honor. And you'll take care of that? Yes, your Honor. How are you going to do that? We'll consult with Mr. Gonzalez before and make sure everybody's on the same page. 20 THE COURT: 21 MR. LAROCHE: 22 THE COURT: 23 MR. LAROCHE: 24 THE COURT: 25 No, your Honor. Ms. Shroff. 12 19 Please be seated. Consult with the marshal's office as well. Yes, your Honor. And be mindful of what I say. Yes, your Honor. Get the witnesses subject to protection up here so that we don't have to wait 15 minutes for the elevator. SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 159 K24Wsch4 1 MR. LAROCHE: 2 THE COURT: 3 MR. LAROCHE: 4 (Adjourned to February 5, 2020, at 9:00 a.m.) Yes, your Honor. Understood. Thank you. Yes, your Honor. 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300 160 1 2 3 INDEX OF EXAMINATION Examination of: Page PAUL ROSENZWEIG 4 Direct By Mr. Denton . . . . . . . . . . . . . .37 5 Cross By Ms. Shroff 6 Redirect By Mr. Denton . . . . . . . . . . . . 126 7 . . . . . . . . . . . . . .75 STEVEN DECK 8 Direct By Mr. Laroche 9 Cross By Mr. Branden . . . . . . . . . . . . . 153 10 11 . . . . . . . . . . . . 130 GOVERNMENT EXHIBITS Exhibit No. 12 1 13 2-16 Received . . . . . . . . . . . . . . . . . . . . . 145 . . . . . . . . . . . . . . . . . . . . 146 14 15 16 17 18 19 20 21 22 23 24 25 SOUTHERN DISTRICT REPORTERS, P.C. (212) 805-0300