The New York Times and NBC News reported recently that the CIA notified the Department of Justice and White House staff that a source had reported on President Trump’s attempt to pressure the president of Ukraine to open a criminal investigation of former Vice President Joe Biden and his son. Both outlets report that the CIA passed along this information before the same source filed a formal whistleblower complaint with the inspector general for the intelligence community. As described below, the CIA was obligated under existing legal and regulatory authorities to report, on an expedited basis, the information to the Justice Department, but aspects of how this report was made appear at variance with recommended procedures and raise questions as to why “standard procedures” were apparently not followed.

Both news organizations reported that CIA General Counsel Courtney Elwood held a series of telephone conversations with lawyers for both the Justice Department and the White House, during which she provided at least a general description of the allegations. Neither NBC nor the Times provide any details as to what was discussed. NBC states that while the CIA general counsel considered her conversations to be a “criminal referral,” the Justice Department did not understand these conversations to be a criminal referral and did not immediately undertake a full and independent investigation of the allegations. (It is not clear what the Justice Department considered the purpose of the CIA report to be.) The Times suggests that the CIA report may have threatened to compromise the identity of the whistleblower. It also reports that at some time after the CIA briefing, one of the participants in the briefings—White House Counsel John Eisenberg—took actions to electronically move a stored transcript of the president’s conversations with the Ukrainian president from a computer system in the White House that was broadly accessible, to a secure stand-alone system generally used to hold highly sensitive classified information.

Both the New York Times and NBC reports suggest that the CIA’s decision to report information about a possible violation of federal law directly to the office of the attorney general was an unusual, if not extraordinary event. That, however, is not the case. The “law” of whether, when and how the CIA must report possible violations of U.S. criminal law to the Department of Justice is well established and codified in formal regulations and guidance. These regulations provide a framework within which the actions in the current case can be assessed. Below is a summary of some key provisions of these authorities, which appear to pertain to the Ukraine case.

I. There are long-standing and binding requirements for senior officers of intelligence community departments and agencies to report to the Department of Justice information regarding possible violations of federal law.

28 U.S.C. § 535(b) generally requires that “any information, allegation or complaint received in a department or agency of the executive branch of government relating to violations of title 18 involving Government officers and employees shall be expeditiously reported to the Attorney General by the head of the department or agency” (emphasis added).

This requirement was enshrined for the intelligence community in Executive Order 12036, promulgated in 1978 and considered the foundational executive document for the conduct of intelligence activities and the duties and responsibilities of the intelligence community. The order explicitly required that senior officials of the intelligence community report information of potential violations of federal law to the attorney general. It distinguished between those violations that must be reported when possibly committed by an employee of the official’s agency and crimes that must be reported when possibly committed by persons who were not employees of the agency. It stated that senior officials must “[r]eport to the Attorney General evidence of possible violations of federal criminal law by an employee of their department or agency, and report to the Attorney General evidence of possible violations by any other person of those federal criminal laws specified in guidelines adopted by the Attorney General.”

The successor to that executive order, Executive Order 12333, promulgated in 1981 and still in effect, modified only slightly the requirements of the previous order. Section 1.6(b) of Executive Order 12333 restates the general obligation of “heads of elements of the Intelligence Community” to “[r]eport to the Attorney General possible violations [no longer “evidence”] of Federal criminal laws by employees and of specified Federal criminal laws by any other person as provided in procedures agreed upon by the Attorney General and the head of the department, agency, or establishment concerned, in a manner consistent with the protection of intelligence sources and methods…” (emphasis added).

This requirement has been supplemented by a formal memorandum of understanding (MOU) between the Department of Justice and the agencies and departments of the intelligence community. The MOU reiterates the general obligation of all employees of the intelligence community to report within their agency or department information of a possible violation of essentially any violation of federal criminal law that may have been committed by an employee of an intelligence community element, and the obligation of all intelligence community employees to report violations by persons not employed by an intelligence community element, of specified federal criminal statutes.

According to the Office of the Director of National Intelligence website and the Intelligence Community Legal Reference Book, the most recent unclassified “edition” of this MOU was promulgated in 1995 and appears to remain in effect today. It cannot be ruled out, however, that a new classified MOU may have superseded the 1995 edition or that there have been classified modifications or amendments to that MOU.

II. The scope of the crimes required to be reported is broad, and the level of proof that triggers the reporting requirement is relatively low.

Section VI (A) of the MOU specifies that employees of elements of the intelligence community must report to their respective general counsel or inspector general facts or circumstances that reasonably indicate an employee of an intelligence community agency has violated or may violate federal criminal law. However, where the information indicates a possible violation of one or more specified federal crimes by a person not employed by an element of the intelligence community, the employee of the intelligence community must report that information to the general counsel of his or her agency, unless otherwise directed by the agency head.

The distinction between the reporting requirements for potential criminal acts suspected of having been committed by intelligence community employees and those suspected of being committed by non-employees is significant. The MOU generally requires each employee of an intelligence community agency to report facts or circumstances that reasonably indicate that another employee of an intelligence community agency has committed, is committing or will commit a violation of almost any federal criminal law. But the scope of the federal crimes that must be reported for acts believed to be committed by a person who is not an employee of an intelligence community agency is narrower and limited to crimes or types of crimes specifically designated by the attorney general. Section VI (B) of the MOU specifies that reports of suspected non-employee offenses shall be made to the general counsel of the intelligence community element that employs the officer who acquired the information.

Sections VII (A) 1 and 2 of the MOU designate several categories of crimes as “non-employee” reportable offenses. These categories of reportable offenses include “[c]rimes involving the intentional infliction or threat of death or serious physical harm” and crimes, including acts of terrorism, that are likely to affect the national security, defense or foreign relations of the United States.

A third category of reportable offenses delineated in the MOU is particularly pertinent to the current case. Section VII (A)(3) specifically requires reporting of “[c]rimes involving foreign interference with the integrity of U.S. governmental institutions or processes.” Among the specific offenses stipulated in the MOU within that category as reportable offenses are “[i]nterference with U.S. election proceedings or illegal contributions by foreign persons to U.S. candidates or election committees.” MOU Section VII (B) goes on to make any conspiracy or attempt to commit one of the designated offenses also a reportable offense.

The MOU instructs that a broad reading should be given to these categories and specific crimes, when determining whether a reportable offense may have been committed. Section VII(C) provides that even where information acquired by an agency may not indicate a violation of one of the stipulated federal crimes, the attorney general “encourages” agencies to report information about the commission of certain “other serious offenses by non-employees” including, specifically, “crimes involving interference with the integrity of U.S. governmental institutions or processes that would not otherwise be reportable” under the previous list of reportable offenses. Thus, when an intelligence community element has information at hand that indicates possible “interference with the integrity of governmental institutions or processes,” agencies are to err on the side of over-reporting, even if the potential offense is not clearly one of the stipulated reportable offenses.

When an employee of an intelligence community element has reported information that may indicate the commission of a reportable offense, the agency in question must determine whether the information meets the standard or level of “proof” for onward reporting to the Department of Justice. Section VI(B) of the MOU provides that the agency must report information regarding a possible reportable crime by a non-employee when the agency concludes that the reported information provides “a reasonable basis” to conclude that a violation of one of the specified crimes has occurred, is occurring or may occur. MOU Section II (E) states that “Reasonable Basis” exists:

when there are facts and circumstances, either personally known or of which knowledge is acquired from a source believed to be reasonably trustworthy, that would cause a person of reasonable caution to believe that a crime has been, is being or will be committed. The question of which federal law enforcement or judicial entity has jurisdiction over the alleged criminal acts shall have no bearing upon the issues of whether a reasonable basis exists.

This standard of “proof” for triggering the reporting requirement is more than a conclusion that the information is credible—which is the standard for intelligence community inspectors general to report similar crimes to Congress—but less than probable cause to believe that a specific individual has committed one of the reportable offenses.

III. The MOU provides a specific process for reporting sensitive or nonroutine information.

Section IX (A) provides that reports of suspected violations of designated federal criminal laws by non-intelligence community agency employees may be reported by agencies of the intelligence community to the Justice Department through one of two processes. If the crimes information is of a type that is routinely disseminated by the intelligence community element to the headquarters elements of cognizant federal investigative agencies and the information pertains to criminal activity of a kind normally collected and disseminated to law enforcement, the agency may meet its reporting obligation through “routine dissemination” to the Department of Justice This is often accomplished through the agency’s normal or routine information dissemination processes.

Section IX (B)3 stipulates, however, that routine dissemination may not be used for several specific types of crimes, including crimes involving foreign interference with the integrity of U.S. government institutions or processes. In those cases, the crimes reports are subject to the MOU’s “Procedures for Submitting Special Crimes Reports.”

The MOU stipulates that where an “[a]gency determines that a matter must be the subject of a special report to the Department of Justice, it may, consistent with paragraphs VIII.B and VIII.C … make such a report (1) by letter or other similar communication from the General Counsel, or (2), or by electronic or courier dissemination from operational or analytic units, provided that in all cases, the subject line and the text of such communication or dissemination clearly reflects that it is a report of possible criminal activity” (emphasis added).

The use of the term “may” in the statement of the reporting requirement arguably leaves latitude for the use of other means to convey the crimes report information. The referenced requirements for such a report, under Section VIII (B) and (C), however, seem to clearly contemplate that the information will be conveyed by a definitive written or electronic record of the information to be provided. Section VIII(A), for example, states that in “all cases” where an agency makes a special crimes report to the Justice Department, the reporting agency must ensure the “subject line and text of such communication or dissemination clearly reflects that it is a report of possible criminal activity.” Moreover, Sections VIII(B) and (C) require that a “copy” or copies of the original report must be provided to appropriate law enforcement authorities.

The MOU is also noteworthy for what it doesn’t require or provide. The crimes reporting procedures impose no explicit obligation on the reporting agency or the Justice Department to protect the identity of the source of the information. It contains only a permissive clause which states that agencies may, in “written documents associated with the reports … refer to persons who are subjects of the reports by non-identifying terms (such as John Doe #___)” (emphasis added). There is no similar provision for cloaking or otherwise protecting the identity of a source or concealing potentially source revealing information, though it appears that the reporting agency has reasonable discretion to determine in fashioning the report, when and how to protect the original source. In addition, there are no explicit limitations in the MOU restricting the provision of crimes reporting information to other agencies or limitations on what uses those agencies may make of such information.

It should be noted that there is no indication from the New York Times or NBC reports that, in the Ukraine case, the CIA provided any information regarding the identity of the source. That said, Justice Department and White House officials may have been able to deduce, from the nature of the allegations (i.e., reporting on internal White House matters) and the fact that the general counsel of the CIA was providing the report, that the source of the information was likely a CIA employee with access to White House information.

IV. Comments and Questions

During my tenure as an attorney at the CIA’s Office of General Counsel, programs were in place to ensure that, to the extent practicable, all employees were specifically instructed on their duties and obligations to report possible violations of federal crimes to either the Office of the General Counsel or the inspector general. Managers and senior officials received multiple briefings during their careers on these internal reporting requirements and the need for the CIA to report violations of certain federal crimes to the Department of Justice. There was generally a high degree of confidence within the CIA that the Justice Department officials who received crimes reporting information were knowledgeable about the sensitivity of information relating to intelligence sources and methods and could and would protect such information. In cases where there was uncertainty within the CIA as to whether a specific matter met the specific requirements for reporting to the Department of Justice, the case was carefully scrutinized by attorneys in the Office of General Counsel, and there was generally a strong presumption that the matter should be reported, unless there were clear and articulable reasons why the matter did not meet the reporting requirements.

Under normal circumstances, based on the information currently in the public domain, there appears to be a strong argument that the CIA was obligated to submit a crimes report concerning the Ukraine matter to the Department of Justice on an expeditious basis. This is particularly the case because of the explicit emphasis the MOU puts on reporting incidents relating to interference with the U.S. political process and the widely-reported fact that at the time the crimes report was prepared, the CIA did not know that the source was contemplating filing a formal complaint under the whistleblower authorities and regulations.

However, there are many material facts relating to the Ukraine crimes report which are currently unknown, or at least outside of the public domain. This leaves several factual issues unresolved, including why the White House was briefed in this process and what the White House did with the information. It also makes it impossible at this time to draw any definitive conclusions about whether the process here “worked” fully and efficiently. Nonetheless, the reports from NBC and the New York Times appear to indicate that there may be some specific issues regarding the current crimes reporting process which may warrant further consideration. These include:

Whether the initial dissemination of crimes reporting information should be limited to the Department of Justice, at least where the report may implicate the conduct of the White House or other federal agencies, at least until the Department of Justice agrees that further dissemination is appropriate and necessary;

Whether there should be an explicit obligation on agencies preparing crimes reports and those receiving crimes report information to protect the source of the information;

Whether there should be explicit limitations on the use and dissemination of crimes reporting information to, at least initially, law enforcement and national security purposes; and

Whether whistleblower type protections against retaliation should be explicitly extended to persons reporting apparent violations of federal crimes through the crimes reporting mechanism.

It is worth considering these questions carefully as the Ukraine story continues to unfold.