FOIA Files, Russia Edition: Reports The Government Used to Support its 2016 Joint Attribution

Many reports about Russiagate made the news when released in the last weeks, but others were only released after a fight, and attracted less attention. What follows is a summary of my efforts to obtain core Russiagate documents through Freedom of Information requests and litigation:

A government statement made a month before the 2016 presidential elections was shocking. The Department of Homeland Security and the Office of the Director of National Intelligence issued the first formal accusation against Russia for the hack of the DNC that summer.

The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process.

But what intelligence supported the government’s joint-attribution statement? The agencies didn’t provide any. In 2022, I first tried to find out by filing a FOIA for any reports or memoranda, then sued. It wasn’t until this spring, in 2025, that those reports and memoranda were provided. The government heavily relied on a September 16, 2016, Intelligence Community Assessment that provided little insight into any potential Russian influence.

There was, however, a much stronger version of that same ICA produced four days earlier, but we only know that because it was recently declassified by Director of National Intelligence Tulsi Gabbard.

Here’s a breakdown of the four reports I received through my FOIA lawsuit:

Intelligence Community Assessment

This ICA is labeled version 2616-37D and dated September 16, 2016:

As noted above, this is not the same September ICA report that Gabbard declassified on July 18. That report is instead version 2016-37HC, and dated September 12th, 2016. The distinction appears to be signified by the letters “D” for “declassified” or public and “HC” for “highly classified.”

Despite being drafted four days earlier, the version released by Gabbard is more robust, with additional sections on Russia’s interest in disrupting the U.S. presidential election, an evaluation of China’s plans to influence the election, and evaluations of other state and non-state actors.

The September 16 version supporting the October 7, 2016, joint-attribution statement contains little insight into any potential Russian influence on the election, but offers the conclusion that foreign adversaries “do not have and will probably not obtain the capabilities to successfully execute widespread and undetected cyber attacks on the diverse set of information technologies and infrastructures used to support the November 2016 US Presidential election.”

The draft version released by Gabbard has a completely different assessment and offers it with high confidence under a header of “Targeted Attack Within the Reach of Many Adversaries”:

“We judge that Russia, China, Iran, and North Korea can execute a variety of disruptive cyber attacks, including data corruption, distributed denial of service, and even data modification on some election infrastructure.” (Pg 3, Key Judgment #3).

Another distinction between the two reports seems to be that Gabbard’s version contains contributions from DHS, CIA, CTIIC, and other entities. The September 16 version lists only reflects the work of the National Intelligence Council.

Both ICA report versions were prepared for the National Intelligence Council (NIC) by the National Intelligence Officer for Cyber issues.

National Intelligence Council memorandum

An August 26, 2016 NIC memorandum was drafted by the National Intelligence Officers for Russia and Eurasia, Cyber Issues (including a preparer of the ICA), and Counterintelligence.

The report is somewhat inconsistent with what the NIO for Cyber Issues would draft as ICA version 2016-37D only weeks later. The heavily-redacted memorandum offers pointed suggestions that Russia has “moved to escalate” its use of intelligence and cyber capabilities against the United States and that Moscow will “probably consider” additional cyber operations to meddle in U.S. elections. The report does not indicate a preference between Trump or Clinton, and instead offers that Russia was seeking to weaken the next U.S. President’s standing.

DHS Talking Points

The third document supporting the 2016 joint attribution is an undated memo and talking points from the Department of Homeland Security.

It suggests that the hack of the DNC and the disclosures are consistent with “Russian-directed efforts” and suggests that only “Russia’s senior-most officials” could have authorized these activities.

Against a list of background questions, it provides talking points that the intelligence community has “high confidence” in the attribution of the hacks of the DNC and DCCC based on Crowdstrike’s reports (Spoiler: Crowdstrike had not provided all of the forensic data or images yet) and the intelligence community’s understanding of the Russian government. The context of the talking points suggests they were drafted in proximity to the joint-attribution statement and for that purpose.

CTIIC Report

A Cyber Threat Intelligence Integration Center report dated September 14, 2016, summarized state boards of election hacking activity, with the sources completely redacted.

CTIIC Memo

A separate CTIIC memo dated August 3, 2016, is heavily redacted, offering us only that “Russia has the capability and probably the intent” to commit the DNC hack. This appears to be a conclusion of exclusion.

The FOIA production omitted only one document, with no indication as to what it is. As it stands, the factual record supporting the joint attribution statement based on the produced reports is somewhere between sparse and redacted.

All of these documents will likely end up being crucial background, when it comes time to make the case that the Obama administration manipulated intelligence. As a reference, it’s important that the public have access to them.