WASHINGTON — Rudy Giuliani’s mixing of his business interests, closeness with President Trump and involvement in government actions involving Ukraine is the subject of much attention from Congress as the impeachment case against the president moves toward the Senate.

But a Chronicle investigation has found that Giuliani’s blurring of White House and personal business didn’t start with Ukraine. It began in the early days of the Trump administration, when Giuliani was named as a White House adviser in an area where he had limited experience but was trying to build a clientele: cybersecurity.

His unpaid position with the new administration was vague, because Trump never gave him an official title or created a formal advisory committee for him to serve on or to chair. If Trump had done so, federal ethics laws would have obliged Giuliani to reveal any financial connections that might enable him to profit from his position.

Without an official government job — but with a publicized informal role — the former U.S. attorney and two-term mayor of New York was able to present himself to prospective clients as someone with a direct line to the president, without any transparency for the public.

How this story was reported Washington correspondent Tal Kopan began looking into Rudy Giuliani’s cybersecurity role in 2017, speaking with sources in the industry about potential business he was doing while he had an unofficial White House advisory position on cybersecurity. After Giuliani’s role in the Ukraine affair came to light, she re-reported the information. Kopan filed Freedom of Information Act requests with the Office of Government Ethics and disclosure requests for the White House and State Department ethics offices. She spoke with dozens of people in cybersecurity, including current and former government officials, about their understanding of Giuliani’s role. Most asked to remain anonymous because of the sensitivity of the subject and the small circles in the industry. Once she collected the information, she submitted detailed questions to Giuliani, companies he worked with, the White House and other key figures, most of whom declined to comment.

Read More

And because Giuliani’s job was not made official, he was not required to disclose how much money he made in the field as he publicized his White House role, or who he might have done business with.

That included how much he may have earned from speaking engagements where he was introduced as a cybersecurity adviser to the president. In earlier years, however, when Giuliani disclosed fees he had earned as an out-of-office politician, such speaking engagements brought him tens of thousands of dollars apiece.

Giuliani never had contact with the Office of Government Ethics and filed no disclosure paperwork there or with the White House about his business dealings after Trump introduced him as a cybersecurity adviser, The Chronicle confirmed through Freedom of Information Act requests.

Trump announced Giuliani’s role as a cybersecurity adviser days before taking office in January 2017. Giuliani was on hand for a televised White House meeting of cybersecurity experts and Cabinet officials that month, as well as for a meeting on cybersecurity issues in June with unnamed energy sector leaders that was not open to reporters.

In the January meeting, Trump said Giuliani would be working with then-Homeland Security Adviser Tom Bossert and Trump’s son-in-law and adviser, Jared Kushner. Giuliani described his role as convening private sector representatives to communicate with the administration about their cybersecurity-related problems and possible solutions. The burgeoning cybersecurity field seeks to secure computer networks and digital devices from hacking and fraud.

Giuliani made similar comments in a “Fox and Friends” TV interview, saying the private sector held “the answer to cybersecurity” and that he would coordinate meetings between the president and companies on the topic.

However, dozens of cybersecurity experts in and out of government interviewed for this story said they knew of little activity on Giuliani’s part in the cybersecurity field, aside from a few meetings and numerous speaking engagements.

Sources familiar with the inner workings of the White House at the time say Giuliani provided little input into a cybersecurity executive order that Trump signed that spring. Bossert and Kushner took a more active interest in the policy area, the sources said. Most of those who commented on Giuliani’s role asked to remain anonymous because of the sensitivity of the subject and the small circles in the industry.

The White House did not respond to a request for comment. Giuliani declined to answer questions about his role, saying in a text message that he had “no time.”

In the months before and after Trump introduced him as a cybersecurity adviser, Giuliani was building his profile in the field. He was named chairman of the cybersecurity practice at the global law firm Greenberg Traurig in January 2016. He also continued running his longtime consulting firms — Giuliani Partners, where he sought to beef up its cybersecurity work, and Giuliani Security and Safety, which does physical security and emergency management.

His Greenberg Traurig online biography noted his White House role, saying he “leads a group of private sector representatives who share information about cyber security with President Trump and the Administration.” Giuliani was presented as representing the president’s efforts in at least one meeting with private sector entities that Greenberg Traurig hosted in the Bay Area. The firm declined last month to comment about his work, other than to say he resigned in mid-2018.

It’s not clear how Giuliani’s companies handled his White House advisory role. The website for Giuliani Partners was taken down and an internet archive does not contain a contemporaneous version of it, while Giuliani Security and Safety’s site makes no mention of it currently or in an available archive from early 2018.

There are several federal laws governing his private sector work that would have applied to Giuliani had he held a formal administration position. For example, career federal ethics officials would have reviewed his financial holdings and connections for possible conflicts of interest. In Giuliani’s case, because he didn’t hold an official position, no such reviews were conducted, and there is no documentation revealing how much he may have made — if anything — by being promoted as a White House cybersecurity adviser.

Richard Painter, a University of Minnesota law professor who was a White House ethics official under President George W. Bush, said such disclosure rules exist so that the public knows just what financial stake someone advising the president or performing government business has. The point is to keep presidential or other government advisers from secretly enriching themselves through their service, he said.

Painter said Giuliani should have been designated as a formal adviser, to bring his activity under ethics laws.

“The bottom line is, you can’t just delegate any U.S. government function to somebody and simply because they’re not getting a salary from the government, they get to ignore all the conflict-of-interest rules,” Painter said. “That’s a nonstarter in terms of ethics. It’s a disaster.”

Giuliani’s cybersecurity work was gaining more attention at the time the president was taking office. Shortly before Trump announced Giuliani’s cybersecurity role, Giuliani Partners and BlackBerry said they had reached an agreement for the mobile phone company to provide a security platform that Giuliani Partners could provide to its clients. In a Jan. 5, 2017, interview with Bloomberg at the Consumer Electronics Show in Las Vegas, Giuliani said clients would include companies and governments.

He sat next to BlackBerry CEO John Chen, who did not directly answer a question about the dollar scope of the deal. Chen said Giuliani brought to the table “a rich client base across the world” and predicted a “long-term relationship,” though with respect to working out dollar amounts, Chen said, “it’s going to take a while.”

In that interview, Chen also did not answer a question about whether Giuliani’s connections to Trump would be beneficial for BlackBerry. Giuliani said his company would do no lobbying, only consulting, and added that it already had business on every continent.

It’s unclear what the relationship between Giuliani Partners and BlackBerry generated, if anything. A BlackBerry spokesman would say only that the company has no relationship now with Giuliani or Giuliani Partners, and he declined to say when the relationship ended or what it amounted to.

BlackBerry never mentioned the deal in reporting paperwork it filed with the Securities and Exchange Commission, which requires publicly traded companies to report deals and activities with a meaningful impact on their bottom line. The last mention of the deal on BlackBerry’s website was in April 2017, and a former executive who left the company at the end of that year who spoke with The Chronicle could not recall anything substantive coming out of it.

Giuliani told the Washington Post in October that at some point he had worked with Qatar on cybersecurity, including “solving a hack.” He was not specific about what the work involved or when it happened.

After Trump introduced him as an adviser, Giuliani began racking up travel miles as a speaker at cybersecurity conferences.

Although there is no documentation showing how much he earned from giving speeches, Giuliani had a track record of bringing in tens of thousands of dollars for such appearances. A financial disclosure document that Giuliani filed when he was running for president as a Republican in 2008 showed he commanded $40,000 to $270,000 per speech in 2006 and early 2007. In all, the records show, he made more than $9 million giving speeches during that period.

In 2017, Giuliani gave numerous public speeches on cybersecurity and related topics, and was identified at several as a cybersecurity adviser to Trump.

In March of that year, he made remarks at a cybersecurity gathering in Washington of the Visograd Four countries — the Czech Republic, Hungary, Poland and Slovakia. He was a featured speaker at Israel’s Cyber Week in June, and in July he took part in a panel discussion on Trump’s policy influence in Europe at a global security forum in Poland.

In October, he was the keynote speaker at a cybersecurity conference in New York. Four months later, Giuliani gave a keynote address at a seminar in Bogota, Colombia, which was affiliated with Greenberg Traurig, the law firm where he chaired the cybersecurity practice.

He was not paid for the Poland forum, and other event organizers did not respond to questions about whether he received compensation or were unreachable.

Giuliani was the featured participant at an April 2017 meeting on cybersecurity in East Palo Alto, hosted by Greenberg Traurig. According to two people present, the lengthy meeting consisted of local startups describing their products to Giuliani, after he said he would be bringing good ideas to the president.

Giuliani told those present that he was working with the White House and was looking for solutions. One of the startup leaders present was Graeme Speak, the founder of a company named BankVault, who splits his time between his native Australia and San Francisco. Speak wrote a blog post at the time about describing his firm’s product to Giuliani, saying the former mayor expressed interest in bringing BankVault to Trump’s attention.

In an interview, Speak said he was in contact for the rest of 2017 with an associate of Giuliani’s about trying to line up government users for BankVault’s technology, which is designed to protect login credentials from hackers.

No contracts or other business deals were ever signed, however, and Speak never got a meeting with the administration.

“The experience overall was really, really exciting,” Speak said. “It was a highlight for me to be one whisper away from the president’s ear. If something had come of it, it would have been amazing.”

Giuliani’s cybersecurity activities largely ended when Trump hired him as his private attorney in April 2018. After an initial leave of absence, Giuliani resigned from Greenberg Traurig the next month.

It was around that time that Giuliani escalated his engagements with Ukraine and began serving as an unofficial point of contact for the administration with the country. Those interactions were part of Trump’s efforts to get Ukraine to announce investigations that Democrats believe were intended to benefit his 2020 re-election campaign. Two of Giuliani’s associates in that effort have been indicted by federal authorities for alleged campaign finance violations.

Investigations by the New York Times and Washington Post have found that as Giuliani was representing Trump in foreign affairs with Ukraine, he also was negotiating with Ukrainian officials to make hundreds of thousands of dollars personally. Giuliani said none of those deals was finalized. “I never received a penny,” he told the Times.

Painter, the law professor, said the 2017 cybersecurity advisory position also had the potential for Giuliani to enrich himself. Because Trump never made the job official, he said, the public may never know whether that happened.

“It’s just another example with this administration,” Painter said, “and we see with Ukraine it’s the same thing.”

Tal Kopan is The San Francisco Chronicle’s Washington correspondent. Email: tal.kopan@sfchronicle.com Twitter: @talkopan