In Indictment Accusing Michael Sussmann of Hiding Details about Researchers, John Durham Hid Details about Researchers

In my initial John Durham Is the Jim Jordan of Ken Starrs post pointing to all the problems with John Durham’s attempt to criminalize victims reporting on information operations, I described Durham’s description of why Michael Sussmann’s alleged lie was material.

SUSSMANN’s lie was material because, among other reasons, SUSSMANN’s false statement misled the FBI General Counsel and other FBI personnel concerning the political nature of his work and deprived the FBI of information that might have permitted it more fully to assess and uncover the origins of the relevant data and technical analysis, including the identities and motivations of SUSSMANN’s clients.

Had the FBI uncovered the origins of the relevant data and analysis and as alleged below, it might have learned, among other things that (i) in compiling and analyzing the Russian Bank-1 allegations, Tech Executive-1 had exploited his access to non-public data at multiple Internet companies to conduct opposition research concerning Trump; (ii) in furtherance of these efforts, Tech Executive-1 had enlisted, and was continuing to enlist, the assistance of researchers at a U.S.-based university who were receiving and analyzing Internet data in connection with a pending federal government cybersecurity research contract; and (iii) SUSSMAN, Tech Executive-1, and Law Firm-1 had coordinated, and were continuing to coordinate, with representatives and agents of the Clinton Campaign with regard to the data and written materials that Sussmann gave to the FBI and the media. [my emphasis]

John Durham says it is a crime to hide details about the researchers who first identified the Alfa Bank anomaly.

Yet, even based on the indictment, I identified a number of holes in Durham’s description of what the researchers had done. Yesterday, NYT and CNN both published stories identifying the four researchers — Rodney Joffe (Tech Executive-1), April Lorenzen (Tea Leaves, whom Durham needlessly renamed Originator-1), Manos Antonakakis (Researcher-1), and David Dagon (Researcher-2) — showing that the holes I identified in the indictment indeed left out information that totally undermined Durham’s insinuations.

For example, I noted that the date when what NYT identifies as DARPA shared information with the researchers is important to identify whether they obtained the data in order to research Trump.

At some point [Durham doesn’t provide even a month, but by context it was at least as early as July 2016 and could have been far, far earlier], TE-1’s company provided a university with data for a government contract ultimately not contracted until November 2016, including the DNS data from an Executive Branch office of the US government that Tech Exec-1’s company had gotten as a sub-contractor to the US government. [This date of this is critical because it would be the trigger for a Conspiracy to Defraud charge, if Durham goes there.]

NYT describes that DARPA first approached potential partners in the spring, long before Sussman or Joffe got involved.

The involvement of the researchers traces back to the spring of 2016. DARPA, the Pentagon’s research funding agency, wanted to commission data scientists to develop the use of so-called DNS logs, records of when servers have prepared to communicate with other servers over the internet, as a tool for hacking investigations.

DARPA identified Georgia Tech as a potential recipient of funding and encouraged researchers there to develop examples. Mr. Antonakakis and Mr. Dagon reached out to Mr. Joffe to gain access to Neustar’s repository of DNS logs, people familiar with the matter said, and began sifting them.

I noted that Durham didn’t give the date when Lorenzen first started looking at the the DNS data. That date is another read of whether she had done so out of malice targeting Trump.

By some time in late July 2016 [the exact date Durham doesn’t provide], a guy who always operated under the pseudonym Tea Leaves but whom Durham heavy-handedly calls “Originator-1” instead had assembled “purported DNS data” reflecting apparent DNS lookups between Alfa Bank and “” that spanned from May 4 through July 29.

NYT reveals that Lorenzen and Dagon first started talking about using the DNS data to check other election-related hacking at a conference that went from June 13 to June 16 (meaning, the DNC hack would have been revealed during the conference).

Separately, when the news broke in June 2016 that Russia had hacked the Democratic National Committee’s servers, Mr. Dagon and Ms. Lorenzen began talking at a conference about whether such data might uncover other election-related hacking.

Ms. Lorenzen eventually noticed an odd pattern: a server called appeared to be communicating almost exclusively with servers at Alfa Bank and Spectrum Health. She shared her findings with Mr. Dagon, the people said, and they both discussed it with Mr. Joffe.

I noted that Durham had left out all mention of the WikiLeaks release and Trump’s invitation to Russia to keep hacking his opponent.

It appears (though Durham obscures this point) that all the actions laid out in this indictment post-date the press conference. Virtually everyone in the US committed to ensuring America’s national security was alarmed by Trump’s comments in this press conference. Yet Durham doesn’t acknowledge that all these actions took place in the wake of public comments that made it reasonable for those committed to cybersecurity to treat Donald Trump as a national security threat, irrespective of partisan affiliation.

Durham will work hard to exclude detail of Trump’s press conference from trial. But I assume that if any of the named subjects of this investigation were to take the stand at trial, they would point out that it was objectively reasonable after July 27 to have national security concerns based on Trump’s encouragement of Russia’s attack on Hillary Clinton and his defensive denials of any business ties. Any of the named subjects of the indictment would be able to make a strong case that there was reason to want to, as a matter of national security, test Trump’s claim to have no financial ties to Russia. Indeed, the bipartisan SSCI Report concluded that Trump posed multiple counterintelligence concerns, and therefore has concluded that Durham’s portrayal of politics as the only potential motive here to be false.

Central to Durham’s theory of prosecution is that there was no sound national security basis to respond to anomalous forensic data suggesting a possible financial tie between Trump and Russia. Except that, after that July 27 speech — and all of these events appear to post-date it — that theory is unsustainable.

NYT reveals that when Dagon shared the data with Joffe on July 29, he did so in the context of those two events.

“Half the time I stop myself and wonder: am I really seeing evidence of espionage on behalf of a presidential candidate?” Mr. Dagon wrote in an email to Mr. Joffe on July 29, after WikiLeaks made public stolen Democratic emails timed to disrupt the party’s convention and Mr. Trump urged Russia to hack Mrs. Clinton.

I noted that Durham was probably wrong to believe that an August discussion about whether the data could have been spoofed was inculpatory.

Still others (such as the recognition that this could be spoofed data) will almost certainly end up being presented as exculpatory if this ever goes to trial, but Durham seems to think is inculpatory.

NYT describes that a later discussion doubted that the data could have been spoofed.

The indictment quotes August emails from Ms. Lorenzen and Mr. Antonakakis worrying that they might not know if someone had faked the DNS data. But people familiar with the matter said the indictment omitted later discussion of reasons to doubt any attempt to spoof the overall pattern could go undetected.

I noted that Durham attributed the view that the DNS traffic was a “red herring” to everyone involved, including Sussmann, even though Sussmann appears not to have been on the email.

In one place, Durham describes “aforementioned views,” plural, that the Alfa Bank data was a “red herring,” something only attributed to TE-1 in the indictment, seemingly presenting TE-1’s stated view on August 21 to everyone involved, including Sussmann, who does not appear to have been on that email chain.

NYT describes that after that, Joffe came to discount the marketing server explanation.

Mr. Tyrrell, his lawyer, said that research in the weeks that followed, omitted by the indictment, had yielded evidence that the specific subsidiary server in apparent contact with Alfa Bank had not been used to send bulk marketing emails. That further discussion, he said, changed his client’s mind about whether it was a red herring.

“The quotation of the ‘red herring’ email is deeply misleading,” he said, adding: “The research process is iterative and this is exactly how it should work. Their efforts culminated in the well-supported conclusions that were ultimately delivered to the F.B.I.”

It also explains that in context, Joffe referenced a June article describing Trump’s interest in a Trump Tower Moscow.

The indictment says Mr. Joffe sent an email on Aug. 21 urging more research about Mr. Trump, which he stated could “give the base of a very useful narrative,” while also expressing a belief that the Trump server at issue was “a red herring” and they should ignore it because it had been used by the mass-marketing company.

The full email provides context: Mr. Trump had claimed he had no dealings in Russia and yet many links appeared to exist, Mr. Joffe noted, citing an article that discussed aspirations to build a Trump Tower in Moscow. Despite the “red herring” line, the same email also showed that Mr. Joffe nevertheless remained suspicious about Alfa Bank, proposing a deeper hunt in the data “for the anomalies that we believe exist.”

He wrote: “If we can show possible email communication between” any Trump server and an Alfa Bank server “that has occurred in the last few weeks, we have the beginning of a narrative,” adding that such communications with any “Russian or Ukrainian financial institutions would give the base of a very useful narrative.”

In my post, I noted that Durham neglected to describe that the researchers turned out to correctly suspect Trump was hiding efforts to broker a Trump Tower deal.

According to Michael Cohen, when Trump walked off the stage from that July 27 press conference, Cohen asked Trump why he had claimed that he had zero business ties with Russia when he had in fact been pursuing an impossibly lucrative deal to brand a Trump Tower in Moscow. And we now know that within hours of Trump’s request, GRU hackers made a renewed assault on Hillary’s own servers. By the time security researchers pursued anomalous data suggesting covert communications with a Russian bank, Cohen had already participated in discussions about working with two sanctioned Russian banks to fund the Trump Tower deal, had agreed to work with a former GRU officer to broker it, had spoken to an aide of Dmitry Peskov, and had been told that Putin was personally involved in making the deal happen. Just on the Trump Tower basis alone, Trump had publicly lied in such a way that posed a counterintelligence risk to America.

In my post, I noted that Durham downplayed that, when Joffe asked the researchers if the paper Sussmann wrote was plausible, they said it was.

On September 14, TE-1 [not Sussmann] sent the white paper he had drafted to Researcher 1, Researcher 2, and Tea Leaves to ask them if a review of less than an hour would show this to be plausible. Though some of them noted how limited the standard of “plausibility” was, they agreed it was plausible, and Researcher 2 said [Durham does not quote the specific language here] “the paper should be shared with government officials.”

NYT describes that Durham misrepresented the enthusiasm with which Lorenzen “wholeheartedly” expressed her belief the explanation was plausible.

The indictment also quoted from emails in mid-September, when the researchers were discussing a paper on their suspicions that Mr. Sussmann would soon take to the F.B.I. It says Mr. Joffe asked if the paper’s hypothesis would strike security experts as a “plausible explanation.”

The paper’s conclusion was somewhat qualified, an email shows, saying “there were other possible explanations,” but the only “plausible” one was that Alfa Bank and the Trump Organization had taken steps “to obfuscate their communications.”

The indictment suggested Ms. Lorenzen’s reaction to the paper was guarded, describing an email from her as “stating, in part, that it was ‘plausible’ in the ‘narrow scope’ defined by” Mr. Joffe. But the text of her email displays enthusiasm.

“In the narrow scope of what you have defined above, I agree wholeheartedly that it is plausible,” she wrote, adding: “If the white paper intends to say that there are communications between at least Alfa and Trump, which are being intentionally hidden by Alfa and Trump I absolutely believe that is the case,” her email said.

NYT shows several more ways that Durham utterly misrepresented how seriously the researchers took this thesis.

The indictment cited emails by Mr. Antonakakis in August in which he flagged holes and noted they disliked Mr. Trump, and in September in which he approvingly noted that the paper did not get into a technical issue that specialists would raise.

Mr. Antonakakis’ lawyer, Mark E. Schamel, said his client had provided “feedback on an early draft of data that was cause for additional investigation.” And, he said, their hypothesis “to this day, remains a plausible working theory.”

The indictment also suggests Mr. Dagon’s support for the paper’s hypothesis was qualified, describing his email response as “acknowledging that questions remained, but stating, in substance and in part, that the paper should be shared with government officials.”

The text of that email shows Mr. Dagon was forcefully supportive. He proposed editing the paper to declare as “fact” that it was clear “that there are hidden communications between Trump and Alfa Bank,” and said he believed the findings met the probable cause standard to open a criminal investigation.

“Hopefully the intended audience are officials with subpoena powers, who can investigate the purpose” of the apparent Alfa Bank connection, Mr. Dagon wrote.

One of the first things Michael Sussmann is going to do after this story is request information on what the grand jury was told, including whether any of this was affirmatively misrepresented to the grand jury.

The sheer amount of communications that, in days, these researchers have been able to prove were misrepresented, too, suggests DOJ has cause to review whether Durham misrepresented the substance of this indictment to those who approved it, up to and including Merrick Garland.

John Durham says it is a crime to lie about these researchers in an effort to launch an investigation. And yet, the available evidence suggests he did just that.

Update: To be clear, he can’t be prosecuted for any of this. Prosecutors have expansive immunity for such things.

45 replies
  1. Zirc says:

    “To be clear, he can’t be prosecuted for any of this. Prosecutors have expansive immunity for such things.”

    Interesting. So this means that prosecutors are allowed to break the law, or that if a prosecutor does something it is assumed to be within the law? Is “expansive immunity” a term of art? If so, how far does that immunity go? Is there a legal line a prosecutor can’t cross? And if a prosecutor can be proven to have crossed said line, how legally vulnerable his he/she?


  2. Silly but True says:

    “Expansive immunity” is not a term of art, but a bona fide accurate description.

    SCOTUS calls this differently: Absolute Immunity, and they’re not generally embellishing the absoluteness of “absolute.”

    In 1976, the SCOTUS decided that prosecutors have absolute immunity—and so cannot be sued—for misconduct related to their advocacy in the courtroom. Imbler v. Pachtman, 424 U.S. 409 (1976).

    SCOTUS expressed concern that if prosecutors could be sued for decisions they make, they may start second-guessing themselves: “[It is] better to leave unredressed the wrongs done by dishonest officers than to subject those who try to do their duty to the constant dread of retaliation.”

    That means prosecutors cannot be sued for injuries caused by their own misconduct—for example, coercing witnesses to lie, hiding evidence of innocence, or fabricating evidence of guilt—even when they’ve intentionally violated an individual’s constitutional rights or caused a wrongful conviction.

    • Zirc says:

      Wow!! That quote from the SCOTUS decision is eye-opening. You reference lawsuits. But “coercing witnesses to lie, hiding evidence of innocence, or fabricating evidence of guilt” sound like criminal activity to me rather than the basis for civil action. How far can a corrupt prosecutor go?


      • greengiant says:

        Maybe some research into Orange County California misconduct will provide one or more answers.

  3. Rugger9 says:

    Well, I suspect it would have to be deliberate actions and not merely incompetence to try to prosecute Durham. Note that Sussman would not be able to do so for lying about Sussman, but if Durham lied to the GJ I think he could be prosecuted by the US Attorney for lying to the GJ.

        • Silly but True says:

          Committing crimes is never in the prosecutors’ job description, and their profession does not protect them from penalties of committing crimes.

          In your example, a prosecutor accepting bribes could be subject to criminal proceedings for accepting the bribe.

          In Ahmaud Arbery case, Johnson was indicted on two crimes: 1) VIOLATION OF OATH OF PUBLIC OFFICER, O.C.G.A. § 16-10-1

        • BobCon says:

          The bit I’ve seen keeps referring to civil immunity but not criminal, and while I understand that it would take a whole lot to convince prosecutors to bring a criminal case against a prosecutor, it’s not clear to me what legal barriers there are to filing criminal charges.

          I’m not saying they don’t exist, just that what I can find about absolute immunity keeps referring to civil suits.

        • bmaz says:

          That is a complicated question. The first difference is the GA case is at the state/county level, not federal. The second is there has always been a differentiation between a prosecutor employing straight prosecutorial and charging authorities, as opposed to being “investigatory”.

          Did Durham turn himself into an “investigator” beyond his prosecutorial perch? There are not enough facts as to that. I’ll guess no, but we’ll see.

          That normally is played out in a civil context, but I have successfully used it to conflict off a prosecutor in a criminal case when they became too involved in the investigatory phase. Never led to prosecution though. Not sure that fully answers the question…

          • Silly but True says:

            It was certainly Manafort’s decision to take on or not the cost of his initial civil suit Manafort v Mueller dismissed by Jackson, but his was argument that would help clarify.

            Manafort sued on basis that the special counsel was given more authority than permitted under Justice Department regulations for such prosecutors.

            Manafort took issue with his Special Counsel rather than being strictly in prosecutor’s lane was also put in lead of an an FBI counterintelligence investigation identified by Dir. Comey to Congress, and also possibly due to the AG recusing certain issues, may also have been granted some other AG powers.

            Those would have been nice to get clarity, but admittedly it’s not a widespread problem.

      • vicks says:

        Can we assume that if Sussman can prove misconduct he has a good argument for dismissal?
        How does Sussman prove he didn’t receive due process if the process was secret?
        What does losing a case this way do to a prosecutor’s career?
        Why did this take two years?

  4. P J Evans says:

    I’m wondering if Durham was fed information to make this look far worse, because if true it would affect the former guy’s business. In any case, it makes him look worse, for not looking at all the evidence before jumping to a (possibly predetermined?) conclusion.

  5. WilliamOckham says:

    I don’t understand Durham’s play here. He had to know that all this would come out. Maybe it’s just standard federal prosecutor arrogance. Seems foolish in this case.

    • emptywheel says:

      I think he believes if he can pull together a conspiracy case, presumably including Fusion, it’ll all make it stronger.

      • Rugger9 says:

        Or, as I’ve seen it described on the web, a “parking ticket wrapped in a Hannity rant”. The point to be made was to link HRC to “spying” on DJT’s campaign and how “unfair” it was. The indictment is now “out there” for the RWNM to harp on to distract from the revelations du jure about DJT and his minions. How long did the RWNM beat on Benghazi, the HRC emails, Vince Foster and Seth? It is and will always be about the smear, not the truth.

        OT: Anyone care to comment on Alito’s whine about reporters?

        • Ginevra diBenci says:

          Alito’s rant was even more vacuous than his predecessor’s at what seems to be their forum of choice, Notre Dame, Clarence Thomas. You can tell when rhetoric is intellectually hollow when it employs mainly adjectives (like “sinister”) for its impact. Take out the adjectives and what’s left? Just as you said, whining.

    • Silly but True says:

      There’s some competing interests.

      Prosecutors seek to force pleas. According to NBC News, more than 97 percent of federal criminal convictions are obtained through plea bargains, and the states are not far behind at 94 percent. Before it goes to court, prosecutor has wide latitude on what the Grand Jury considers, and how much of their hand they choose to show a defendant. There are numerous — too many to be sure — accounts of “heavy-handed” prosecution.

      A 2018 National Registry of Exonerations (NRE) report found that 79 percent of wrongful homicide convictions came as a result of prosecutorial and/or police misconduct; a 2020 NRE report concluded that the same factor underlies half of all exonerations.

      The State of Illinois infamously halted executions in 2003 after an initial review identified more bona fide innocent men on death row, 13, had been exonerated than the 12 guilty it had executed. The number of innocent quickly rose further. Gov. Ryan, a death penalty proponent, in halting death penalty bitterly questioned the system:
      “ After Mr. Porter’s case there was the report by Chicago Tribune reporters Steve Mills and Ken Armstrong documenting the systemic failures of our capital punishment system. Half of the nearly 300 capital cases in Illinois had been reversed for a new trial or resentencing. Nearly Half! 33 of the death row inmates were represented at trial by an attorney who had later been disbarred or at some point suspended from practicing law. Of the more than 160 death row inmates, 35 were African American defendants who had been convicted or condemned to die by all-white juries. More than two-thirds of the inmates on death row were African American. 46 inmates were convicted on the basis of testimony from jailhouse informants. I can recall looking at these cases and the information from the Mills/Armstrong series and asking my staff: How does that happen? How in God’s name does that happen? I’m not a lawyer, so somebody explain it to me. But no one could. Not to this day. Then over the next few months. There were three more exonerated men, freed because their sentence hinged on a jailhouse informant or new DNA technology proved beyond a shadow of doubt their innocence. We then had the dubious distinction of exonerating more men than we had executed. 13 men found innocent, 12 executed. As I reported yesterday, there is not a doubt in my mind that the number of innocent men freed from our Death Row stands at 17, with the pardons of Aaron Patterson, Madison Hobley, Stanley Howard and Leroy Orange. That is an absolute embarrassment. 17 exonerated death row inmates is nothing short of a catastrophic failure…”

    • Zirc says:

      Well, Trump does have one superpower. He seems to be able to entice people who may have had squeaky clean images into his orbit and get them to completely trash their own reputations.


      • MB says:

        He has another superpower: he has cultivated himself to be (or maybe was born as) the perfect public vehicle for his adoring public base to project all their biases, all their hatred, and all their irrational loyalty onto. So…the power seekers willingly abase themselves, as you correctly point out. Similarly, the larger numbers of followers stick to him (or rather his projected public image) like superglue.

        Ever try to get a glob of dried superglue off your skin? Ain’t easy…ya might have to tear some skin to do it.

        • P J Evans says:

          It will eventually come off, but it will take a couple-three weeks. (They use the surgical kind for instant “scabs”.)

    • Commander Ogg says:

      Bill “Coverup General” Barr also knew that the sh*t he pulled would come out as well. He just did not care.

      For example, 5 Cabinet Secretaries were referred to the DOJ for potential criminal prosecution. AG Barr refused to prosecute. It is best summed up by a quote from the smug Bast*rd during a CBS interview:

      REPORTER: How will history look back on your decision to drop charges against Flynn?

      BILL BARR: “Well, history is written by the winners. So it largely depends on who’s writing the history.”

  6. LaNita Jones says:

    Has anyone thought to follow up with David Shed regarding his through the looking glass comment during this time. Thought it was an odd comment to make to the press then no follow up.

    • subtropolis says:

      Perhaps, if you’d thought to include some hint of the specific comment that you’d had in mind, others might be able to discuss it.

      Shedd, btw.

  7. J R in WV says:

    Some few years back I saw a video of a presentation made by former LEOs and attorneys wherein they tell people to never talk to police or investigators without a lawyer present, and really, to decline to talk to LEOs or investigators under any circumstances.

    Because they can lie about what you said, distort what you said, find any contradiction to what you said and use that to create a criminal case even if it has nothing to do with the original investigation. And you have no recourse once you have talked to any LEOs. They are immune from the things they can charge you with, if you talk to them. Better to just refuse to speak to them at all.

    Wife ( long time professional reporter who covered lots of criminal things ) won’t speak to a cop who pulls her over for traffic violations, hands them her license, registration, insurance, shuts up. Other than “here you are officer” as she hands them her papers.

    The last time I was pulled over (50 in a 40 zone, 15 or 20 years ago) I did point out to the officer that once I stopped promptly I was 20 feet from the 50 mph speed limit sign. Got a warning ticket rather than a moving violation, so sometimes maybe a polite comment is in order.

  8. joel fisher says:

    First off, bless EW for dragging the details of 2016-2021 out into the open. But, may I say, that a too deep descent into the weeds should be accompanied by frequent returns to the big picture, lest it be thought that if Durham makes a valid point–he didn’t, but if–then the whole Trump Russia thing is a collapsing house of cards. This is the lie that must be confronted whenever it rears its ugly orange head. As even the milquetoast* Mueller discovered, Trump almost certainly had treasonous assistance from Russia. Everything about the Durham investigation must be seen from the perspective of actual Russian interference in 2016. Anybody who was trying to prevent what happened was doing the lord’s work, even if they had to tell a few stretchers to do it. Okay, back to the weeds.

    * Milquetoast: a special prosecutor, who, unlike Ken Starr, is unaware of the potential of compelling a witness to give testimony before a grand jury. See also, chickenshit.

    • BobCon says:

      There is a miserable shortage of people who do the deep fact-based analysis MW does. I really can’t see the point of more surface takes.

      • joel fisher says:

        Most voters get their info from the “surface” where “witch hunt” is just another point of view.

        • BobCon says:

          Most voters don’t go to the American Journal of Epidemiology for Covid information, and I’m not sure it makes any sense to urge the Johns Hopkins School of Public Health to stop being in “the weeds.” They’re a technical journal. It’s what they do.

  9. hollywood says:

    Durham, just wrap it up, save face and go back to being a relatively anonymous US Attorney in Connecticut.

  10. P J Evans says:

    The former guy is demanding that the 2018 Pulitzer (for the reporting on his campaign’s Russia connections) be rescinded, because Durham’s indictment of Sussman somehow proves it was all Hillary’s doing.

  11. Finn Glimmorance says:

    Trump was so diabolical that he figured out a way to talk to Putin by 1) Asking the Russians to search for Hillary’s emails while standing in front of a crowd of reporters, and 2) getting his promoter’s computers to exchange emails with the Alfa Bank Putin machine. You have to admit, it’s brilliant! I hate to say it, but he might have been right about being a “very stable genius.” He only said it because he knows how much it irritates us. You have to give the devil his due.

    • bmaz says:

      No. Nobody needs to give that sick jackass any “due”. And don’t troll in here with that weak sauce.

Comments are closed.