Everything we know about the Trump Administration’s first records seizure from a reporter

Gabe Rottman | Analysis | August 9, 2018
In early June 2018, the FBI arrested James Wolfe, the former security director for the Senate Select Committee on Intelligence (“SSCI”), on charges of lying to FBI investigators about his contacts with several reporters.1 During the investigation, the FBI seized years of phone and email records from national security and federal law enforcement reporter Ali Watkins—the first time that appears to have happened under the Trump administration.2
Some have raised concerns that the seizure of records from a reporter could presage an escalation in the Trump administration’s aggressive crackdown on what the attorney general called a “culture of leaks” in an August 2017 speech.
Central to this story are complex but important questions about how the Justice Department applied a set of internal news media guidelines that govern when and how it can investigate the press.3 In the materials below, we have tried to lay out everything we know to date about the Wolfe case and the Watkins subpoena. 
We do so in three parts: a brief factual summary and discussion of the key outstanding questions on how the guidelines were applied, a detailed timeline of the case, and an annotated copies of the Wolfe indictment and the notification letter Watkins received after her records were seized with observations and questions throughout.
Additionally, we are preparing a comprehensive spreadsheet listing pertinent details for every case we are aware of involving the unauthorized disclosure of government information to the press, back to the first such prosecution (of Daniel Ellsberg and Anthony Russo in connection with the disclosure of the Pentagon Papers). The spreadsheet, which will be released in the coming days, includes information for all of the Trump-era media leaks cases we know of, including Wolfe. It also includes cases such as Wen Ho Lee, where a criminal suspect has details leaked by government officials and then sues under the Privacy Act. 

Overview of the Case

On June 7, 2018, United States Attorney for the District of Columbia Jessie Liu charged Wolfe with three counts of making false statements to the FBI.4 The false statements allegedly occurred during or around a voluntary interview on December 15, 2017. He is alleged to have lied about contacts with four reporters.5
Reporter #1 wrote a story containing classified information about an individual referred to in the indictment as “MALE-1,”6 whom we know to be former Trump campaign aide Carter Page. Wolfe is accused of lying about whether he had had contact with Reporter #1, not about any specific disclosure.7
Based on the indictment, FBI investigators had records showing that Wolfe had communicated with Reporter #1 using his SSCI account at least five times between December 2015 and June 2017.8 The government, however, stated that it did not seize records from Reporter #1, which, as discussed below, raises the question of why the government felt Watkins’s records were essential to the investigation.9
Reporter #2, whom the New York Times identified as Ali Watkins,10 wrote a story for BuzzFeed on April 3, 2017, revealing that Page is the “MALE-1” referenced in a 2013 transcript of a recorded conversation between suspected Russian foreign intelligence agents discussing an attempt to recruit MALE-1 for espionage purposes.11 As reported in the Buzzfeed story, Page himself confirmed to Watkins that he is the “MALE-1” in the transcript.12
The indictment alleges that, in addition to being involved in a long-term romantic relationship, Watkins and Wolfe (who knew the identity of MALE-1 from a classified document he had received as security director) communicated frequently around the time of publication.13 The inference in the indictment is that Wolfe was the source for the identity of MALE-1 in Watkins’s BuzzFeed article, though the document never states that explicitly. Both Wolfe and Watkins deny that Wolfe was ever a source when Watkins was covering SSCI.14
Reporter #3 allegedly received a tip from Wolfe that he (Wolfe) had served Carter Page with a subpoena from the committee. The reporter wrote about the subpoena on October 7, 2017.15 Wolfe is accused of lying about these contacts in his FBI interview.16
Wolfe allegedly contacted Reporter #4 and offered himself as a source.17 Again, the basis for the criminal charge is that Wolfe lied when he told FBI investigators that he had no professional or official contacts with reporters.18
Wolfe was formally questioned by the FBI on December 15, 2017.19 Watkins had been approached by the FBI about the case the day before; she reportedly did not answer their questions.20 Wolfe made the alleged false statements about his contacts with the four reporters during his December 15 interview.21 The FBI arrested Wolfe on June 7, 2018, and he pleaded not guilty on June 13.22 During a court conference on June 19, Wolfe’s attorney asked the judge to bar government officials—including the president—from commenting on the case.23 President Trump had previously called Wolfe a “very important leaker.”24
As reporters at the New York Times were working on an article about Wolfe’s impending arrest, they learned that Watkins had received a letter from the United States attorney notifying Watkins that her records had been seized in connection with the investigation.25 On advice of her personal counsel, Watkins had not disclosed the letter.26 The letter, dated February 13, 2018, notified her that the FBI had seized years’ worth of email and phone records. 

What We Don’t Know


Why did the government feel that seizing records directly from Watkins was essential?

It is clear on the face of the indictment that the FBI had access to Wolfe’s electronic communications records and the content of his communications, including those sent by encrypted applications. His Signal messages are quoted verbatim at several points in the indictment.27 This suggests that, not only did investigators have access to his communications records online, they likely had physical access to his mobile phone or phones and either a search warrant or Wolfe’s consent to search. 
Even with that level of access, the FBI nevertheless used several investigative tools to compel the production of many years of records from Watkins’s Google account, her Gmail, her phone and another email address (the specific accounts are all redacted in the version of the letter posted by the New York Times).28 Authorities also used a “(d)” order—named after the relevant section of the U.S. Code, 18 U.S.C. § 2703(d)—to seize six months of phone records, which may have included location information for her mobile phone. According to the Justice Department, no other reporter had his or her records seized as part of this investigation.
One of the fundamental protections of the news media guidelines is that information will be sought from the press only when it is “essential to the successful completion of the investigation” and is unavailable from non-media sources.29 There are important questions in this case about whether the Watkins records were truly essential.
First, the allegations against Wolfe involve false statements against three other reporters, none of whom had their records seized. If the FBI could prosecute Wolfe for those false statements, why include the Watkins allegations at all? What did one more count add to the case? Additionally, the investigators were clearly interested in the sourcing for the article by Reporter #1, which, the indictment claims, also included classified information about Carter Page. Why were Watkins’s records essential to the case but not Reporter #1’s?
Second, Wolfe was the security director for the Senate Intelligence Committee and would have had a security clearance commensurate with the level of classified information the committee handles (namely at the highest level). He would have been subject to various types of counter-intelligence monitoring, and agents would have had easier access to his communications. (Indeed, the claim against Wolfe regarding Reporter #1 is based on communications Wolfe had with the reporter on his SSCI account.) Why did they need Watkins’s records here?  
Third, agents did have extensive access to Wolfe’s personal communications records and the content of those communications, including the content of encrypted messages. The indictment quotes his texts and messages verbatim throughout. With such broad access, why did investigators need Watkins’s records to pinpoint when the two had communicated? Were they not able to get that information not just from the metadata on Wolfe’s devices, but from the communications themselves, which they had access to?

Why did the government delay notice?

The FBI seized these records without notifying Watkins about the seizure beforehand, despite the presumption in the guidelines that, when news media records are sought from a third-party electronic communications provider, the target of the request is to be notified unless there are compelling reasons to delay notification.30
The notice provision is a crucial part of the guidelines. Its procedural protections are essential to defending the press from government interference with newsgathering. Delaying notice is significant not just because the records are seized in secret, but because the targeted reporter or outlet loses the opportunity to negotiate over the scope of the subpoena or to challenge a potentially inappropriate or overbroad subpoena in court before it is executed. 
In practice, delayed notification means that even if the subpoena is improper, the “bell has rung”—that is, investigators have seen and used the records in an investigation. There is no legal recourse if the records are seized improperly. The Justice Department revised the notice provision for that reason several years ago, clarifying that notice should be given unless the attorney general finds that, for “compelling” reasons, such notice would threaten life or limb, pose a “clear and substantial threat” to the investigation or pose a risk to national security.31
We do not know why investigators felt the need to delay notice but could speculate that they felt that notification would present that “clear and substantial” threat to the investigation due to Watkins’s personal relationship with Wolfe. Prosecutors in such cases might feel that a person in Watkins’s position would seek to disrupt the probe or the preservation of evidence in some way. 
On the other hand, there are several points in the timeline where Wolfe was notified about the investigation prior to the seizure of Watkins’s records and could have gleaned that he was a subject (including when he was told about the Rambo incident, described directly below). Were the FBI aware that Wolfe knew about the investigation, the rationale for delayed notice—that he or Watkins could have deleted records—would appear to be less compelling. 
Additionally, it’s possible that the FBI felt that notice would prompt Ali Watkins to report publicly on the investigation. But that raises a similar question—what would the specific threat to the investigation be, even were it publicized in a news story? If Wolfe already knew about the investigation, news coverage of something he was already aware of wouldn’t obviously increase the chance he would delete information.

What’s up with Rambo?

About a week after the story broke, the Washington Post reported that Watkins was approached on June 1, 2017, by what seemed like a potential source (he emailed from a Gmail account and did not give his name).32 When she met the person at a bar, he asked Watkins about a specific story that she had bylined in Politico that day and how she developed her sources.33 He also discussed the Trump administration’s eagerness to identify individuals who disclose classified information.34
He presented her with the itinerary of an overseas trip she had taken with Wolfe, and said that it would “turn her world upside down” if the information about Wolfe appeared in the Washington Post.35 He then asked for her help in identifying government officials who were disclosing classified information to the press. Watkins reportedly took all this as a threat to reveal her relationship with Wolfe.36
Concerned by the encounter, Watkins notified her then-employer, Politico, of the exchange and her relationship with Wolfe, and went back to the restaurant and obtained the receipt with the man’s name on it.37 The receipt revealed he was Jeffrey A. Rambo, a Customs and Border Protection (“CBP”) agent stationed in California.38 As a CBP agent, Rambo would have had access to the Advanced Passenger Information System (“APIS”), which collects passenger manifest data for international flights.39 The New York Times also reported in mid-July that Rambo was assigned to the National Targeting Center in Sterling, Virginia, which administers highly sensitive databases that track travelers and cargo entering the United States for security threats.40
How Rambo knew to contact Watkins, and how he knew about the Wolfe investigation at all, is a mystery. At the time of the Rambo meeting, the Justice Department and FBI had increased the number of personnel and resources dedicated unauthorized disclosure investigations.41 But the FBI has said there is no evidence that Rambo was detailed to the bureau and has denied that he was part of the Wolfe investigation.42
The New York Times reported in July that Rambo is under investigation by the Department of Homeland Security’s inspector general and by CBP investigators to determine if he accessed the information illegally and if anyone else was involved.43
The fact that Watkins was approached in June by a CBP agent, who may have threatened to reveal her relationship with Wolfe in the hope that she would help identify “leakers,” raises a host of questions, both about the crackdown on unauthorized disclosures generally and about the application of the guidelines to this case. 
Most fundamentally, why is CBP involved in unauthorized disclosure investigations in the first place? Is it part of an inter-agency operation to ferret out anonymous media sources, or was Rambo freelancing? Both would be deeply concerning. Further, how did Rambo have access to travel records showing trips by Watkins and Wolfe together? If he accessed APIS or any other government database to blackmail or intimidate a reporter, not only should that raise towering red flags for press freedom advocates, but it might be illegal.
With respect to the guidelines, the Rambo factor implicates the notice requirement and when the Justice Department can delay telling a reporter or outlet about a records demand. Rambo told Watkins that he knew about her relationship with Wolfe in June, long before the government issued the subpoena and court order for her records. We know that Watkins told Wolfe.44 If the FBI knew about Rambo and the June encounter, would they not have assumed that Wolfe was aware about the investigation back then?
That said, it’s entirely possible that the Justice Department and FBI did not know about Rambo. If not, and Rambo was freelancing, that’s a problem. It means that a federal agent from an agency that has no institutional role in unauthorized disclosure cases felt it was acceptable practice to question a reporter about her confidential sources. Conversely, if the FBI knew about Rambo and knew that Wolfe and Watkins were aware of the investigation, did authorities reason that notifying Watkins would pose a threat beyond just Wolfe and Watkins deleting records, and, if so, what is it and is it truly “clear and substantial”? 

Is this really a case about classified information?

There are a number of elements here that suggest this case should not be considered one about the unauthorized disclosure of classified information, despite comments by the Justice Department linking the case to the ongoing crackdown on leaks45 and the president himself calling Wolfe a “very important leaker.”46
First, the only piece of classified information that is specifically mentioned in the indictment is the identity of MALE-1, which was contained in the March 2017 letter that was transmitted to SSCI. The indictment does not allege that Wolfe was the source of that piece of information. The indictment also does not allege that Wolfe disclosed classified information to Reporters #1, #3 or #4. His charges all stem from making false statements about contacts generally with reporters, not false statements about the disclosure of classified information.
Second, the Republican SSCI chair and Democratic vice chair issued a joint statement conspicuously pointing out that this does not appear to be a case about the mishandling of classified information (but nonetheless pledging to cooperate).47
And, third, although the government’s statement on Wolfe’s arrest prominently quotes John Demers, the head of the Justice Department’s National Security Division, saying that the unauthorized disclosure of government information is a priority of the department, he does not mention classified information. Rather, he cites the “unauthorized disclosure of controlled information” and the “unauthorized disclosure of sensitive and confidential information” (emphasis ours). That must have been a deliberate choice by the drafter to avoid using the term “classified.” “Controlled” information is a term of art that encompasses various unclassified but sensitive categories of government information.

Why did the Justice Department use a “(d)” order for six months of phone records?

Finally, though a bit in the weeds, it’s notable that the Justice Department sought two different “buckets” of records from Watkins’s communications providers. The February 13, 2018, notification letter says that the department seized various transactional and subscriber records from Watkins’s Gmail and phone from the inception of her accounts until November 2017. Presumably, these records were sought using a grand jury subpoena, though the notification letter does not specify.
The letter also says that investigators used a court order under Section 2703(d) of the law that permits the government to compel the production of stored communications records (colloquially known as a “(d) order”) to obtain six months of other phone records. The Justice Department would have had to meet a higher evidentiary bar than it would to seize the records in the first bucket, and would have been able to get records beyond just who contacted whom, when and for how long (though not the content of those messages). 
It remains unclear why the Justice Department felt it needed to get a separate court order for six months of phone records, and what the records entail. It’s possible that the (d) order was necessary to secure mobile phone location records and the separate request means that the FBI seized six months of location data for Watkins. Such data would be highly revelatory of not just her interactions with Wolfe, but of her reporting activity across the board, including, potentially, face-to-face meetings with other sources.
Interestingly, if the FBI did in fact use a (d) order to get cell-site location information from Watkins, that’s precisely the type of information that the Supreme Court recently ruled can only be pursued with a warrant.48
Information continues to trickle out about the Wolfe indictment. This overview will be updated periodically, as will our timeline, annotation, and chart.

End Notes

1. Adam Goldman et al., Ex-Senate Aide Charged in Leak Case Where Times Reporter’s Records Were Seized, N.Y. Times, June 7, 2018, https://www.nytimes.com/2018/06/07/us/politics/times-reporter-phone-records-seized.html.
2. Id.
3. These news media guidelines can be found at 28 C.F.R. § 50.10 (2018). Although they do not create any legally enforceable protections for the press, they have served—for almost 50 years—as an important procedural and substantive check within the Department of Justice against the temptation to use the press as an evidence gathering tool. See Shawna Chen, In Remarks at National Security Conference, Reporters Committee Executive Director Underscores Need to Balance Press Freedom Protections and Law Enforcement Interests, RCFP.org, June 28, 2018, https://www.rcfp.org/browse-media-law-resources/news/remarks-national-security-conference-reporters-committee-executive-d.
4. Press Release, U.S. Attorney’s Office for the District of Columbia, Former U.S. Senate Employee Indicted on False Statements Charges (June 7, 2018), https://www.justice.gov/usao-dc/pr/former-us-senate-employee-indicted-false-statements-charges.

5. Indictment ¶¶ 31-35, United States v. Wolfe, No. ____ (D.D.C. June 7, 2018), https://www.
documentcloud.org/documents/4529875-Wolfe-Indictment.html (please note this links to our annotated indictment).

6. Indictment, supra note 5, ¶ 6.c.

7. Id. ¶¶ 11, 31.

8. Id. ¶ 11.

9. The Justice Department has confirmed that it did not seek records from the other two reporters as well. Matt Zapotosky, Justice Department Considered Relationship Between Reporter and Source Before Secretly Seeking Records, Wash. Post, June 13, 2018, https://www.washingtonpost.com/world/national-security/justice-dept-considered-relationship-between-reporter-and-source-before-secretly-seeking-records/2018/06/13/4dcad462-6f25-11e8-bd50-b80389a4e569_story.html?utm_term=.9f7fec79584e.

10. Goldman, Ex-Senate Aide Charged, supra note 1.

11. Ali Watkins, A Former Trump Adviser Met With a Russian Spy, Buzzfeed, Apr. 3, 2017, https://www.buzzfeed.com/alimwatkins/a-former-trump-adviser-met-with-a-russian-spy?utm_term=.evgBwEPX7#.tuk1BlANQ.

12. Id. (“Page confirmed to Buzzfeed News on Monday that he is ‘Male-1’ in the court filing . . . .”).

13. Indictment, supra note 5, ¶ 17-21.

14. Joe Pompeo, “Every Bone in my Body Wants to Defend Ali Watkins,” Vanity Fair, June 28, 2018, https://www.vanityfair.com/news/2018/06/sex-press-freedom-and-the-complicated-case-of-a-times-reporter.

15. Indictment, supra note 5, ¶ 24-25.

16. Id. ¶ 35.

17. Id. ¶ 29-30.

18. Id. ¶ 31.

19. Id. ¶ 6, 8 (there is no paragraph 7).

20. Michael M. Grynbaum, Press Groups Criticize the Seizing of a Times Reporter’s Records, N.Y. Times, June 8, 2018, https://www.nytimes.com/2018/06/08/business/media/ali-watkins-records-seized.html?action=click&module=RelatedCoverage&pgtype=Article&region=Footer.

21. Indictment, supra note 5, ¶¶ 31, 33, 35.

22. Josh Gerstein, Ex-Senate Intelligence Aide Pleads Not Guilty to Lying in Leak Probe, Politico, June 13, 2018, https://www.politico.com/story/2018/06/13/wolfe-leak-probe-plea-644466.

24. Eileen Sullivan & Katie Benner, Trump Praises Arrest of Former Senate Committee Aide in Leaks Inquiry, N.Y. Times, June 8, 2018, https://www.nytimes.com/2018/06/08/us/politics/trump-leak-investigation.html.

25. Grynbaum, Press Groups, supra note 20.

26. Id.

27. Indictment, supra note 4, ¶¶ 24-25, 27, 30.

28. Letter from Jessie K. Liu, U.S. Attorney for the District of the District of Columbia, to Ali Watkins, Feb. 13, 2018, https://www.documentcloud.org/documents/4498451-Justice-Department-Records-Seizure.html.

29. 28 C.F.R. § 50.10(c)(5)(ii)-(iii) (2018) (essentiality requirement for third party records).

30. 28 C.F.R. § 50.10(e) (2018).

31. Id. § 50.10(e)(2)(i).   

32. Matt Zapotosky et al., Justice Department Considered Relationship Between Reporter and Source Before Secretly Seeking Records, Wash. Post, June 13, 2018, https://www.washingtonpost.com/world/national-security/justice-dept-considered-relationship-between-reporter-and-source-before-secretly-seeking-records/2018/06/13/4dcad462-6f25-11e8-bd50-b80389a4e569_story.html?utm_term=.8157faa81127; Shane Harris et al., Customs and Border Protection Agent Faces Inquiry After Questioning Reporter About Her Sources, Wash. Post., June 12, 2018, https://www.washingtonpost.com/world/national-security/customs-and-border-protection-examining-agents-questioning-of-national-security-reporter/2018/06/12/05dac696-6e74-11e8-afd5-778aca903bbe_story.html?utm_term=.2222e55fbba5.

33. That article is Ali Watkins, Russia Escalates Spy Games After Years of U.S. Neglect, Politico, June 1, 2017, https://www.politico.com/story/2017/06/01/russia-spies-espionage-trump-239003.

34. Harris et al., Faces Inquiry, supra note 32.

35. Michael M. Grynbaum et al., How an Affair Between a Reporter and a Security Aide Has Rattled Washington Media, N.Y. Times, June 24, 2018, https://www.nytimes.com/2018/06/24/business/media/james-wolfe-ali-watkins-leaks-reporter.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=first-column-region&region=top-news&WT.nav=top-news.

36. Id.

37. Id.

38. Id

39. Harris et al., Faces Inquiry, supra note 32.

40. Scott Shane and Ron Nixon, Border Agent Who Questioned Reporter is Investigated for Computer Misuse, N.Y. Times, July 12,
2018, https://www.nytimes.com/2018/07/12/business/jeffrey-rambo-james-wolfe-leaks.html.

41. Grynbaum, Rattled Washington, supra note 35.

42. Id.; Harris et al., Faces Inquiry, supra note 32.

43. Shane and Nixon, Border Agent, supra note 40.

44. Grynbaum, Rattled Washington, supra note 35.

45. See Press Release, supra note 4 (“The Attorney General has stated that investigations and prosecutions of unauthorized disclosure of classified information are a priority of the Department of Justice. The allegations in this indictment are doubly troubling as the false statements concern the unauthorized disclosure of sensitive and confidential information.”).

46. Eileen Sullivan & Katie Benner, Trump Praises Arrest of Former Senate Committee Aide in Leaks Inquiry, N.Y. Times, June 8, 2018, https://www.nytimes.com/2018/06/08/us/politics/trump-leak-investigation.html.

48. Carpenter v. United States, 585 U.S. ___, No. 16-402, slip op. at 19 (2018).