Everything We Know About the Trump-Era Records Demands From the Press

In a Lawfare post in March, based on the public record as it existed then, we considered the Obama and Trump administrations’ approaches to pursuing evidence from reporters in leak cases and concluded that President Trump’s record “wasn’t that different compared to previous presidencies” (emphasis in original).

Consider the following a front-page correction.

This spring, three separate news organizations reported that the Justice Department had notified their journalists that, during the Trump administration, the department had authorized broad, secret demands for the phone and email records of eight reporters across the three outlets to identify confidential sources.

In one case, the administration also secured a court order gagging CNN’s general counsel from informing anyone in the newsroom of an email records demand. The order remained in force until May, months into the Biden administration.

In another, the Trump administration obtained a court order that gagged an email provider from notifying its user, the New York Times. There, the Biden administration later agreed to permit notification to the organization’s deputy general counsel and top executives, who were barred from informing the newsroom. Not until early June did the Justice Department finally drop the demand and dissolve the gag order.

Shortly after the outlet broke the story of the second gag, the Justice Department announced that it would no longer seek source information from journalists in leak cases. Attorney General Merrick Garland directed Deputy Attorney General Lisa Monaco to refer the media seizures to the department’s inspector general.

And, on June 14, the Justice Department met with news executives and the Reporters Committee (where both authors of this post work). Directly following that meeting, the department released a readout stating that “the department will no longer use compulsory process to obtain reporters’ source information when they are doing their jobs,” meaning that the policy change is expected to extend beyond leak matters.

While we are encouraged by these developments, there are still many unanswered questions with respect to the records seizures, all of which the Justice Department authorized in 2020.

Topmost among these questions is why the Justice Department during the Trump administration failed to notify the affected news organizations in advance. One of the most important provisions of an internal policy at the department, often called the News Media Guidelines, includes a presumption that affected journalists be notified before the department attempts to seize their records, with very limited exceptions.

This presumption can be overcome only when “the Attorney General determines that, for compelling reasons, such notice would pose a clear and substantial threat to the integrity of the investigation, risk grave harm to national security, or present an imminent risk of death or serious bodily harm.” The presumption in favor of advance notice was a central reform implemented by the Justice Department under former Attorney General Eric Holder in 2014 after two high-profile cases revealed that prosecutors were snooping in journalists’ communications records without their knowledge. Notice provides journalists the opportunity to challenge the department’s legal demands before the government has seized any data or documents.

Given the age of the records in question, they all date back to newsgathering in 2017, and that at least one relevant investigation had been widely reported in the press, it remains unclear how any of these exceptions could plausibly apply.

In light of these recent revelations, it is now clear that the Justice Department at the end of the Trump administration was markedly more aggressive than the Obama administration in pursuit of journalists in its leak hunts. Before diving into the details, however, it is important to put the timing of these cases in context.

The department sought records from early to mid-2017. On Aug. 4, 2017, one day after reports surfaced in the media of President Trump’s conversations with foreign leaders, Attorney General Jeff Sessions announced a redoubled effort to investigate and prosecute leaks. Sessions noted that the department had received nearly as many criminal leak referrals that year as in the three previous years combined. (The precise number in 2017 was 120 referrals, versus an Obama administration high of 55 in 2013.) He announced that active leak investigations at the department had tripled since January 2017.

Sessions instructed Deputy Attorney General Rod Rosenstein and FBI Director Christopher Wray to “actively oversee” each case and directed that the National Security Division prioritize leak investigations. He also said that the FBI had set up a new counterintelligence unit, and announced that the department would be reviewing “policies that impact leak investigations,” though there is no indication that the Trump administration put in place any changes.

Additionally, the 2020 demands were likely authorized after Attorney General William Barr installed a new prosecutor at the National Security Division in February of that year to “revive” certain leak investigations, so the 2017 anti-leak initiative appears to have flowed into the waning days of the Trump administration.

Below, we survey what we know about the recent records seizures. As the procedural details regarding each affected outlet—the Washington Post, CNN and the New York Times—differ slightly, we discuss each separately and in the chronological order in which the Justice Department sent the relevant notifications to the affected journalists. We also note that the inspector general investigation will look into the seizure of cloud metadata related to members of Congress and Don McGahn (who was White House counsel at the time of the subpoenas) but explain how those incidents are distinct, factually, from the media seizures.

A fuller public accounting beyond what we were able to do here is essential. The public needs to know how the Justice Department attempted to comply with its guidelines, which decisions Attorney General Barr made and which escaped high-level review, and whether the guidelines were simply not up to the task of protecting press interests. The Justice Department’s recent commitments to introduce new policies and refrain from such moves in the future are promising. But full transparency is central to preventing a recurrence in the long term even if new rules are soon in place.

Washington Post

What was sought and what was obtained?

Of the records demands authorized in 2020 and disclosed this spring and summer, the Washington Post seizure was the first to be reported. In brief, perfunctory letters dated May 3, 2021, the Justice Department notified Greg Miller and Ellen Nakashima, currently at the Post, and Adam Entous, formerly at the Post and now at the New Yorker, that their phone records had been seized and that the department had tried to obtain “non-content” email records but had not actually obtained them.

There was no gag order in the Post case and, while the Post has reported that the Justice Department secured an order compelling the production of email non-content records under 18 U.S.C. § 2703(d) (a (d) order), for reasons that remain unclear, the government said it did not secure the records.

The phone records were likely sought using a grand jury subpoena under § 2703(c)(2) of the Stored Communications Act, though they can also be obtained with a (d) order. Courts can issue (d) orders under an intermediate standard—below probable cause but above a subpoena—that “there are reasonable grounds to believe” the records sought “are relevant and material to an ongoing criminal investigation.” Technically, § 2703(d) permits the use of (d) orders to obtain the contents of emails that are opened or have been in storage for more than 180 days, but, in practice, the department uses warrants for content seizures.

What time period was covered by the demands?

According to the department’s letters to the Post, the phone records obtained covered a three and a half month period from April 15 to July 31, 2017, which overlaps with the two-month CNN seizure (June and July 2017) and, for the two weeks between April 15 and April 30, with the New York Times seizure.

Why were the records pursued?

There is no public reporting on the reasons that the records were obtained. The Post noted that, during the relevant time period, the three reporters wrote a story “about classified U.S. intelligence intercepts indicating that in 2016 [then-Senator Jeff Sessions] had discussed the Trump campaign with Sergey Kislyak, who was Russia’s ambassador to the United States,” and that, about a month before, “the same reporters also wrote a detailed story about the Obama administration’s internal struggles to counter Russian interference in the 2016 election.”

But without a concrete, public accounting, observers can only speculate about the government’s reasons.

Who authorized the records demand?

Again, no one knows. The Justice Department confirmed to the Post that the decision to seek the records was made in 2020, during the Trump administration. The notification timeline in these cases is interesting, however.

Under the guidelines, when the presumption in favor of advance notification is overcome, the Justice Department can obtain a 45-day delay in notice and one additional 45-day delay only if the attorney general makes a separate determination that the criteria for delay continue to be met.

That clock is supposed to start to run after the department receives “any return” from the subpoena or court order at issue. Counting back 90 days from the May 3 notification letter would be Feb. 2, after President Biden’s inauguration. But, again, we still do not know the exact timing on when these subpoenas or court orders were authorized, obtained, or issued, or when the records were physically transmitted to the Justice Department.

It is also worth noting that the records seized in each of these cases are supposed to be subject to careful safeguarding rules under the guidelines laid out in additional detail in the Justice Manual, but we don’t know precisely where the records currently reside (though we have no reason to believe that the records are not being handled consistent with the guidelines and Justice Manual).

CNN

What was sought and what was obtained?

According to CNN, on May 13, 2021, the Justice Department notified Barbara Starr, its Pentagon correspondent, that it had sought and received toll records associated with multiple phone lines, including her Pentagon extension, the CNN Pentagon booth, and her home and cell numbers, as well as non-content information associated with Starr’s work and personal email accounts.

As with the Post, the toll records were likely seized pursuant to a grand jury subpoena under § 2703(c)(2) of the Stored Communications Act, while the email records were obtained using a (d) order.

The phone records would have revealed which numbers called or were called by the relevant Starr phone number, the duration of the call and when it took place. The email records would have contained the equivalent information, but, because of the nature of email metadata, could have included other details, like routing data and the size of the email. Also, because email can be “one-to-many,” its metadata is potentially more revelatory than phone records.

Because Starr’s “turner.com” email address was administered by WarnerMedia itself, WarnerMedia received the (d) order for that account’s metadata. It then notified David Vigilante, CNN’s general counsel. But (d) orders often include a “preclusion of notice” order—a gag—under § 2705(b) of the Stored Communications Act, which prohibits the service provider from notifying the subscriber of the records demand.

Vigilante was thus barred from notifying Starr of the (d) order for 10 months, during which time CNN sought to limit its scope before a magistrate judge, and then a district court judge, at the U.S. District Court for the Eastern District of Virginia. The magistrate judge initially granted CNN’s request, but, following submission of a supplemental classified declaration, he ordered CNN to comply with the initial order. On appeal to the district court judge in December 2020, the court agreed to exclude metadata for purely internal emails from the scope of the order.

On Jan. 26, 2021, following the government’s filing of a motion for reconsideration of the December 2020 order, CNN was able to negotiate a narrowing of the “turner.com” (d) order, which triggered the clock that led to the May 13 notification. Vigilante was able to inform Starr of the order on May 13, and CNN reported on the seizure on May 20.

Most of the material in that case has been unsealed. The case involved only the “turner.com” work account, not Starr’s personal account—though the reporting suggests that the Justice Department was successful in obtaining email metadata from that personal account as well.

What time period was covered by the demands?

According to CNN, the phone and email records sought covered a two-month period from June 1 to July 31, 2017. (Note that the Sessions speech happened four days later, on Aug. 4.)

Why were the records pursued?

That is a complete cipher. Starr’s beat is the Department of Defense, and she was not reporting on stories related to Russia and the 2016 election, unlike the Post reporters discussed above and the New York Times reporters discussed below. CNN noted that, during the two-month period, Starr reported on “US military options in North Korea that were ready to be presented to Trump, as well as stories on Syria and Afghanistan.”

Who authorized the records demand?

We still don’t know. Under the news media guidelines, the attorney general must approve both subpoenas and (d) orders. The “turner.com” (d) order was sent to WarnerMedia on or shortly before July 17, 2020, the day that CNN’s general counsel received the order, which aligns with Attorney General Barr’s time in office.

New York Times

What was sought and what was obtained?

According to the New York Times, on June 2, 2021, the government notified four reporters—three currently at the Times and one former Times reporter—that their phone records had been seized and email records sought but not obtained. The current Times reporters are Matt Apuzzo, Adam Goldman and Michael Schmidt; the former is Eric Lichtblau.

On June 4, the Times reported that the (d) order for the reporters’ email metadata included a § 2705(b) gag that initially barred Google, the Times’ email provider, from notifying anyone at the newspaper. Google apparently resisted the gag, insisting that it be able to notify the Times’s newsroom lawyer and deputy general counsel, David McCraw. On March 2, 2021, the government agreed and McCraw was then able to negotiate further notice to the Times’s publisher, chief executive and outside counsel.

The Times continued to urge the Justice Department to withdraw the (d) order entirely, arguing, among other things, that the order violated the news media guidelines, the First Amendment, and guidance from the department’s computer crime section that stipulates records should, when possible, be sought from the enterprise itself, rather than from a third-party communications provider. The Times said it was prepared to go to court to challenge the order if the Justice Department did not act on its own.

On June 2, 2021, following the revelations that records had been sought from CNN and the Washington Post, as well as President Biden’s statement that such seizures are “simply, simply wrong,” the Justice Department agreed to move to quash the (d) order. The department also notified the Times of the phone records seizure on June 2, which the Times then disclosed in a news story. The Times ran a story on the gag on June 4, the day the court signed the order quashing the email demand, ending the confidentiality obligations.

What time period was covered by the demands?

The phone and email records sought in the Times case covered the three and a half months between Jan. 14 and April 30, 2017, which, as noted, overlapped with the Post records demand for the second half of April.

Why were the records pursued?

In a March 16, 2021, letter to the Justice Department, the Times wrote it is “patently clear” that the underlying investigation in the Times case relates to the publication of allegedly classified information in an April 22, 2017, article by the four targeted reporters concerning former FBI Director James Comey’s handling of issues related to Russia and the 2016 presidential election.

The existence of that investigation had been reported by the Times and the Post in January 2020.

According to the Post, prosecutors had begun “asking questions about news reporting in 2017 about a classified document—thought to be a Russian intelligence product—that described how then-Attorney General Loretta E. Lynch had purportedly assured someone in Hillary Clinton’s presidential campaign that the investigation into Clinton’s use of a private email server while secretary of state would not push too deep.”

That fact is directly relevant to the Times’s (d) order because the magistrate judge at the U.S. District Court for the District of Columbia had found reasonable grounds to believe that notifying the Times would “seriously jeopardize the ongoing investigation, including by giving targets an opportunity to destroy or tamper with evidence.”

As the investigation itself was public knowledge, notification would not have increased that risk when prosecutors applied for the gag. Separately, the Justice Department has confirmed that none of the reporters at the Post, CNN or the Times were the targets of the relevant investigation, further reducing any risk that notice to the reporters or the affected news organizations could have led to evidence tampering.

Who authorized the records demand?

Again, we do not know. The initial (d) order was signed by the magistrate judge in D.C. on Dec. 30, 2020, and filed on Jan. 5, 2021, when Jeffrey Rosen was the acting attorney general. But the initial authorization for the (d) order (and both the authorization and transmittal of the phone records demand) could have come at some point before, when Attorney General Barr was still in office.

On June 8, the Times asked the court to unseal the legal filings in the (d) order case, including the application for the order, the order’s modification to permit notice to McCraw, and all related filings. That case is pending, and the government’s response to the Times’s application is due July 21.

The Public Officials’ Metadata

The inspector general investigation looking into the media records seizures was announced a day after reports that the Justice Department under the Trump administration used subpoenas to cloud communications providers to obtain subscriber information that ended up collecting metadata from public officials and their families.

These public official subpoenas are distinguishable from the media records seizures for the reasons outlined below.

On June 10, 2021, the Times reported that Apple had notified at least a dozen people tied to the House Permanent Select Committee on Intelligence, including current chair Adam Schiff of California and Rep. Eric Swalwell, also of California, as well as aides and family members (one was a minor), that their account data had been subpoenaed in 2017 and early 2018 (when Schiff was the ranking member). Three days later, the Times reported that the leak investigation prompting the subpoenas “appeared to have been primarily focused on Michael Bahar, then a staff member on” the committee.

In that story, the Times reported that Apple also notified former White House counsel Don McGahn in May, and earlier his wife, that their data had been subpoenaed in 2018. It is unclear whether the McGahn subpoenas were related to a leak investigation, though the report noted that there was a possible leak around that time that alleged President Trump had ordered McGahn in June 2017 to have Special Counsel Robert Mueller removed from the Russia probe.

Based on the public reporting, it appears that the subpoenas to Apple were for subscriber information that would help match phone numbers, email addresses or devices with their owners. In other words, investigators may have obtained the communications logs from an identified suspect and then tried to figure out who that suspect had spoken to, which swept in the congressional and McGahn data.

Further details could change this analysis. But it’s important to note that the media subpoenas and court orders were directly targeted at the reporters in a search for their alleged sources. Prosecutors were trying to peer into the newsroom and journalistic process—that was the point.

This should not diminish concern over the potential that leak investigations themselves could be misused to investigate and potentially prosecute disclosures that are merely embarrassing to public officials, or where the newsworthiness outweighs any risk to national security. That potential means that leak investigations can be unduly intrusive beyond just the press.

But turning the investigative focus directly to the reporter, which can identify confidential sources other than the specific suspect and give the government visibility into the vast web of stories about the government that the reporter might be working on, is, as the guidelines confirm, an “extraordinary” move.

* * *

The Holder-era revisions to the news media guidelines were significant because they were supposed to ensure that notice to the newsroom of a possible legal demand was the name of the game. Without it, news organizations could not avail themselves of the protections of the guidelines. The cluster of 2020 cases suggests that in the Trump administration, despite the rules, no-notice subpoenas were still a regular occurrence, undercutting the earlier reforms.

We are heartened by President Biden’s statements and encouraged by Attorney General Garland’s commitment not to use compulsory process against reporters in department cases going forward. But tension in government-press relations transcends parties, presidents and attorneys general. We need durable protections for newsgathering beyond the current administration. A full accounting of what happened in these three Trump-era cases will help both the Justice Department and the press figure out exactly what durability should look like.