Executive Branch

Counterintelligence Investigations and the Special Counsel’s Mandate: Part I

Aditya Bamzai
Friday, May 26, 2017, 9:51 AM

Ever since Acting Attorney General Rod Rosenstein appointed former FBI Director Robert Mueller as a Special Counsel to investigate allegations of Russian interference in the 2016 election, commentators have raised questions about the investigation’s scope.

FBI Director Robert Mueller leads a briefing for the President on the Boston Marathon bombings, April 2013 / Official White House Photo by Pete Souza

Published by The Lawfare Institute
in Cooperation With

Ever since Acting Attorney General Rod Rosenstein appointed former FBI Director Robert Mueller as a Special Counsel to investigate allegations of Russian interference in the 2016 election, commentators have raised questions about the investigation’s scope. Some have claimed that the Special Counsel’s mandate is too expansive; others, too narrow; and still others, simply too vague. On Lawfare, the issue has been addressed by Andrew Kent and David Kris. All appear to have assumed, however, that the scope of the investigation will be governed by 28 C.F.R. Part 600, the 1999 regulation authorizing the appointment of a “Special Counsel” that was enacted in the wake of the lapse of the independent-counsel statute.

But does this regulatory apparatus govern the Mueller investigation? I am not so sure. The order appointing Mueller (what I’ll call the “Rosenstein Order”) invokes—and commentators have naturally focused on—the regulations contained in 28 C.F.R. Part 600 (what I’ll call the “Part 600 regulations”), because they expressly authorize the appointment of a Special Counsel. But as I explain below, these regulations do not contemplate the delegation of a counterintelligence investigation to a Special Counsel; they focus on criminal investigations. The two kinds of investigations are significantly different in scope and function and rely on different investigative tools. The Rosenstein Order, however, appears to delegate a counterintelligence investigation to the Special Counsel under the criminal-prosecution-focused Part 600 regulations, thereby creating some confusion on the appropriate scope and type of investigation. By seemingly directing Mueller to conduct a counterintelligence investigation while at the same time limiting his authority to the criminal investigations authorized by the Part 600 regulations, the Rosenstein Order points in different directions on the scope of the Special Counsel’s mandate.

In this post, I will explain why the counterintelligence investigation that Rosenstein appears to have intended to delegate to the Special Counsel is inconsistent with the criminal focus of the Part 600 regulations. The delegated investigation, in short, does not comply with the limits on the Special Counsel’s authority imposed by the regulations. In a subsequent post, I will explain that Rosenstein may delegate a counterintelligence investigation to the Special Counsel under his general statutory authority, 28 U.S.C. § 510. But if he intends to do so, he should clarify that the Part 600 regulations are inapplicable.

A. The Rosenstein Order and the Difference between Counterintelligence and Criminal Investigations

The Rosenstein Order provides that Mueller shall be “appointed to serve as Special Counsel” in order “to ensure a full and thorough investigation of the Russian government’s efforts to interfere in the 2016 presidential election.” The Order does not itself specify the scope of the investigation, but rather cross-references congressional testimony by former FBI Director James Comey about a preexisting FBI investigation. It directs Mueller “to conduct the investigation confirmed by then-FBI Director James B. Comey in testimony before the House Permanent Select Committee on Intelligence on March 20, 2017, including . . . any links and/or coordination between the Russian government and individuals associated with the campaign of President Donald Trump.” (The Order also authorizes an investigation of matters “that arose or may arise directly from the investigation” or “other matters within the scope of 28 C.F.R. § 600.4(a).”) At the same time, the Order declares “applicable” the provisions in the Part 600 regulations, specifically “[s]ections 600.4 through 600.10 of Title 28 of the Code of Federal Regulations.”

The Comey testimony that the Order cross-references, in turn, discloses an FBI investigation, “as part of our counterintelligence mission,” into “the Russian government’s efforts to interfere in the 2016 presidential election” including “the nature of any links between individuals associated with the Trump campaign and the Russian government and whether there was any coordination between the campaign and Russia’s efforts.” The testimony also discloses that “[a]s with any counterintelligence investigation, this will also include an assessment of whether any crimes were committed.”

The Order thus appears to contemplate that Mueller will conduct a “counterintelligence investigation” that may include an “assessment of whether any crimes were committed.” Understanding the difference between a counterintelligence investigation and a criminal one is therefore critical to understanding the meaning of the Rosenstein Order and the resulting statutory and regulatory issues.

As the FBI’s website notes, its Counterintelligence Program is “responsible for identifying and neutralizing ongoing national security threats from foreign intelligence services.” The FBI is thus “the lead agency for exposing, preventing, and investigating intelligence activities on U.S. soil, and the Counterintelligence Division uses its full suite of investigative and intelligence capabilities to combat counterintelligence threats,” by (among other things) “[p]rotect[ing] the secrets of the U.S. Intelligence Community,” “[p]rotecting the nation’s critical assets,” and “[c]ountering the activities of foreign spies.”

Counterintelligence investigations are different from criminal investigations in several ways. For one thing, the goal of a counterintelligence investigation may be different from, and perhaps broader than, a criminal investigation. A criminal investigation would ordinarily pursue allegations of criminal conduct. A counterintelligence investigation, by contrast, may pursue allegations of “coordination” between U.S. persons and foreign hackers that may be unseemly and problematic if true, but potentially not criminal—such as, to use Professor Kent’s example, the possibility that a person within the United States coordinated to distribute material previously hacked by agents of a foreign government. As the Attorney General’s Guidelines for Domestic FBI Operations explain, the FBI is “not limited to ‘investigation’ in a narrow sense, such as solving particular cases,” but may also collect information to support “broader analytic and intelligence purposes.” In the case of the FBI, the line between counterintelligence and criminal investigations may not be a bright one. “In many cases,” as the Guidelines put it, “a single [FBI] investigation will be supportable as an exercise of a number of these authorities—i.e., as an investigation of a federal crime or crimes, as an investigation of a threat to the national security, and/or as a collection of foreign intelligence”—because the FBI has a role in enforcing both criminal law and “in collecting foreign intelligence as a member agency of the U.S. Intelligence Community.”

For another, a counterintelligence investigation may use tools distinct from a criminal investigation. The Foreign Intelligence Surveillance Act, for example, authorizes the government to conduct surveillance for “foreign intelligence” purposes where certain statutory requirements are met and “there is probable cause to believe that . . . the target of the electronic surveillance is a foreign power or an agent of a foreign power.” A similar kind of test exists for pen registers. In a similar vein, the FBI may obtain information from internet service providers using “National Security Letters” if the Bureau meets certain statutory requirements and certifies that the records are “relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities.” These statutes, and other comparable “foreign intelligence” authorities, require a showing that the government has reason to believe that the target is “a foreign power or an agent of a foreign power” and the information collected will be of a “foreign intelligence” nature. Critically, these tools do not require a showing that evidence of a crime will be discovered, which is the predicate for comparable criminal investigative tools contained in the Wiretap Act or the Pen Register Statute. While FISA surveillance may ultimately uncover evidence of criminal wrongdoing, each FISA application must establish that “a significant purpose of the surveillance is to obtain foreign intelligence information.”

In the case of the Rosenstein Order, the key questions are whether the purpose of the Special Counsel’s investigation will include the uncovering of noncriminal counterintelligence information, and whether the Special Counsel is authorized to rely on counterintelligence investigative techniques.

B. Delegation under the Part 600 Regulations

Although the Rosenstein Order suggests an intent to delegate a counterintelligence investigation to the Special Counsel, the Order’s application of the Part 600 regulations to the investigation calls into question this intention. That is because, on their face, the Part 600 regulations authorize the Attorney General to delegate a criminal investigation—and not a counterintelligence investigation—to a Special Counsel. There are four reasons why this interpretation makes the most sense of the regulatory scheme.

First, the Part 600 regulations authorize the Attorney General (or an Acting Attorney General in the case of recusal) to “appoint a Special Counsel when he or she determines that criminal investigation of a person or matter is warranted.”

Second, the regulations grant the Special Counsel the “power and independent authority to exercise all investigative and prosecutorial functions of any United States Attorney.” By statute, U.S. Attorneys are authorized to “prosecute [ ] all offenses against the United States”; to litigate civil actions on behalf of the United States and certain of its officials; and to “make such reports as the Attorney General may direct.” Unlike the FBI, however, U.S. Attorneys do not have authority over counterintelligence investigations. A U.S. Attorney, for example, would not seek authorization for counterintelligence surveillance under FISA, but would rather request that a member of the U.S. intelligence community conduct such surveillance—at which point the U.S. intelligence community member would have to satisfy itself that the surveillance was being conducted for “foreign intelligence” purposes. Other parts of the regulation, moreover, confirm that its focus is on the Department of Justice’s litigating functions, by providing that the ground for appointment of a Special Counsel includes the Attorney General’s belief that “investigation or prosecution of that person or matter by a United States Attorney’s Office or litigating Division of the Department of Justice would present a conflict of interest for the Department or other extraordinary circumstances.”

Third, the Part 600 regulations confirm the intended “criminal” scope by carving out of the grant of authority to the Special Counsel the ordinary civil litigation functions of U.S. Attorneys. Thus, the regulations provide that a “Special Counsel shall not have civil or administrative authority unless specifically granted such jurisdiction by the Attorney General.” Instead, should the Special Counsel find appropriate “administrative remedies, civil sanctions or other governmental action outside the criminal justice system,” he must “consult with the Attorney General with respect to the appropriate component to take any necessary action.”

Fourth, the remaining parts of the regulations further confirm this interpretation of the operative provisions by repeatedly referring to criminal authorities. The regulations permit the Attorney General to establish the “original jurisdiction” of the Special Counsel “with a specific factual statement of the matter to be investigated,” which includes the “authority to investigate and prosecute federal crimes committed in the course of, and with intent to interfere with, the Special Counsel’s investigation.” The regulations also specify that the “Special Counsel shall notify the Attorney General of events in the course of his or her investigation in conformity with the Departmental guidelines with respect to Urgent Reports,” which the United States Attorneys’ Manual defines as reports that “United States Attorneys’ offices and Department litigating divisions must submit” under certain specified circumstances. In a similar vein, the regulations require that, at the close of an investigation, the Special Counsel “shall provide the Attorney General with a confidential report explaining the prosecution or declination decisions reached by the Special Counsel.” And they require the Special Counsel to treat “releases of information” pursuant to “generally applicable Departmental guidelines concerning public comment with respect to any criminal investigation, and relevant law.”

To sum up, the regulations focus on criminal prosecution. They anticipate a delegation of criminal investigative authority to the Special Counsel (§ 600.1); grant the Special Counsel the powers of a U.S. Attorney to pursue that investigation (§ 600.6); carve out of the grant of power the civil functions of a U.S. Attorney (§ 600.4); and repeatedly refer to the Department’s criminal jurisdiction and authorities as the touchstone for the scope of any investigation (§§ 600.4, 600.8, 600.9). They do not authorize, nor provide the appropriate tools to conduct, a counterintelligence investigation.

* * *

In Part II, I will address whether the Acting Attorney General can delegate a counterintelligence investigation to a Special Counsel under some other authority, irrespective of the Part 600 regulations. I will also address the significance of this analysis for the scope and type of investigation that Mueller conducts, as well as propose that the Rosenstein Order be clarified to avoid the risk of legal confusion.

This post has been reviewed by the Department of Justice to prevent the disclosure of classified or otherwise sensitive information.

Aditya Bamzai is an associate professor at the University of Virginia School of Law. He teaches and writes about civil procedure, administrative law, federal courts, national security law, and computer crime. He was previously an attorney at the U.S. Department of Justice, but all statements of fact, opinion, or analysis expressed are his own and do not necessarily reflect the official positions or views of the Department of Justice or any other U.S. government agency.

Subscribe to Lawfare