Content, access, and value of the State Department cables: trial report, day 10

Trial day 10: today’s testimony thus far has all dealt with the State Department’s diplomatic cables that Bradley Manning released to WikiLeaks, dealing with questions of his access to the database and what information it contained. Click here for all previous courtroom reports.

By Nathan Fuller, Bradley Manning Support Network. June 26, 2013. 

Charlie Wisecarver, sketched by Clark Stoeckley

Charlie Wisecarver, sketched by Clark Stoeckley

This morning, principal deputy chief information officer and chief technology officer at the Department of State (DOS) Charlie Wisecarver testified about the Net-Centric Diplomacy database, the set of DOS cables that Bradley Manning leaked to WikiLeaks. He was not established as an expert on the matter, since he wasn’t involved the database’s creation, but he discussed his first-hand knowledge of its use. Wisecarver said that the NCD was created to share information beyond the State Department, within the classified network SIPRNet.

No additional restrictions prevented user access: if you could get on SIPRNet, you had access to the NCD by default, he said. Wisecarver knew that significantly more than 20,000 people (the number of State Dept. workers then) could access the interagency database. Defense lawyer David Coombs asked, given that sized audience, if he’d agree that “closely held” secrets should be placed there. Wisecarver said, “Not necessarily,” but that it contained no Top Secret information and that certain other high-level markings kept categories of documents off of the database. For Manning to have violated the 1917 Espionage Act, the information had to have been “relating to the national defense.” Included in the government’s burden of proof is the requirement that the cables were “closely held.”

Wisecarver testified that while names were kept on the cables, all other Personal Identifying Information was purged. He also said that no mechanism was in place to prevent the downloading of cables from the NCD. 

The government asked Wisecarver about the budget for the maintenance of the NCD, because they’re working to prove that items they claim Manning did “steal, purloin, or knowingly converted” were worth more than $1,000, to meet the threshold required to violate the federal larceny statute 18 USC 641. He testified that the 2010 NCD budget would have well exceed $1,000, but the defense established that Wisecarver was shown budget requests for approval, and those requests were almost always inflated overestimations. Knowing they’d get cut down, those asking for money would “shoot for the sky” and “pad” their requests. 


Prosecutors read several stipulations of expected testimony, including from Gerald Mundy, from the DOS’s Information Resource Management, who pulled firewall logs from the DOS’s server, recording Manning’s computers’ activity. Those logs show what users searched for and clicked on the NCD. Mundy testified that there was no evidence that Manning “used any tools to defeat the firewall protection” – which goes to the question of whether he “exceeded authorized access,” an important element of the Computer Fraud and Abuse Act charges.

Afternoon testimony — David Shaver

Prosecutor Maj. Ashden Fein read stipulations from DOS Special Agent Ronald Rock, Army CID Special Agent Kirk Ellis, and James Downey to discuss their capturing of server, firewall, and CENTAUR logs from Manning’s computers, chiefly verifying that they transferred the logs appropriately and didn’t tamper with them. These sets of logs capture various transmissions and other computer activities, including Manning’s accessing the State Department’s NCD.

They called Special Agent David Shaver to testify in person, who reviewed these logs and testified that they showed the downloading of the program Wget and contained significant gaps, likely caused by CENTAUR failures. 

Shaver said the logs showed one day with 149,000 transmissions between Manning’s computer and the State Department’s database, likely automated. The defense established that this could include failed attempts to account for the vast number of transmissions.

The defense also established that the firewall would have prevented Manning’s computer from accessing the DOS database if he wasn’t authorized to access it – which again goes to the Computer Fraud and Abuse Act charges.

Shaver said that the Bradley.Manning user account one on computer had configured Mozilla Firefox to browse privately, so it didn’t save web history. 

He also testified about a screenshot he took of a folder of videos on Manning’s computer. It contained a file containing the 12 July 2007 Apache video and it also contained a shorter video that we know as Collateral Murder. He said the former video appeared to be the source for the latter, as the latter was cut down and had subtitles, an introductory quote, and graphics. The latter video was created on April 12, 2010.

Shaver testified that logs showed Manning downloading Wget, the automated downloading program, twice on his NIPRNet (unclassified) computer, and that it showed up on his SIPRNet (classified) computer shortly after one of those downloads.

The government then moved the court to a closed session, so Shaver could discuss classified information, which prosecutors said related specifically to Specification 3 of Charge 2 (see charges here). 

After closed session

The live video feed returned mid-testimony (we also had multiple audio-video cutouts this morning), and we heard Shaver testify that two accounts associated with Bradley Manning searched the Open Source Center for ‘WikiLeaks’ more than 20 times and ‘Iceland’ about 25 times, and he searched it for items relating to Iraq and other subjects many times.

Court is in recess until tomorrow at noon, because the parties are continuing to work on additional stipulations of expected testimony.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>