March 6, 2022 / by emptywheel


John Durham Drops Claim that Rodney Joffe “Mined” EOP Data for Derogatory Information on Trump from Boilerplate

On Friday, John Durham’s team did two things. Publicly, they responded to Michael Sussmann’s motion to dismiss his indictment. I’ll deal with both those later, but the short summary is that Sussmann argued his alleged lie could not have been material, whereas Durham (predictably) cited precedent saying that’s a matter for the jury to decide.

Under seal, Durham’s team responded on Friday to a sealed motion to intervene in the Sussmann case and expunge references filed by Rodney Joffe’s attorneys.

Presumably, Joffe objected to the unsubstantiated and uncharged claims that Durham had made in a conflicts motion that led the former President to suggest Sussmann and Joffe should be put to death.

We may not find out about the substance of this dispute for some time. But it may already be reflected in Durham’s filings.

In his response to Sussmann, Durham obstinately repeated most of the inflammatory claims first floated in the conflicts memo that elicited the calls for death and other lies from Durham’s sources and witnesses. But there are two passages that Durham took out.

Durham removed the two passages italicized below.

The Government’s evidence at trial will also establish that among the Internet data Tech Executive-1 and his associates exploited was domain name system (“DNS”) Internet traffic pertaining to (i) a particular healthcare provider, (ii) Trump Tower, (iii) Donald Trump’s Central Park West apartment building, and (iv) the Executive Office of the President of the United States (“EOP”). (Tech Executive-1’s employer, Internet Company-1, had come to access and maintain dedicated servers for the EOP as part of a sensitive arrangement whereby it provided DNS resolution services to the EOP. Tech Executive-1 and his associates exploited this arrangement by mining the EOP’s DNS traffic and other data for the purpose of gathering derogatory information about Donald Trump.)

The Indictment further details that on February 9, 2017, the defendant provided an updated set of allegations – including the Russian Bank-1 data and additional allegations relating to Trump – to a second agency of the U.S. government (“Agency-2”). The Government’s evidence at trial will establish that these additional allegations relied, in part, on the purported DNS traffic that Tech Executive-1 and others had assembled pertaining to Trump Tower, Donald Trump’s New York City apartment building, the EOP, and the aforementioned healthcare provider. In his meeting with Agency-2, the defendant provided data which he claimed reflected purportedly suspicious DNS lookups by these entities of internet protocol (“IP”) addresses affiliated with a Russian mobile phone provider (“Russian Phone Provider-1”). The defendant further claimed that these lookups demonstrated that Trump and/or his associates were using supposedly rare, Russian-made wireless phones in the vicinity of the White House and other locations. The Special Counsel’s Office has identified no support for these allegations. Indeed, more complete DNS data that the Special Counsel’s Office obtained from a company that assisted Tech Executive-1 in assembling these allegations reflects that such DNS lookups were far from rare in the United States. For example, the more complete data that Tech Executive-1 and his associates gathered – but did not provide to Agency-2 – reflected that between approximately 2014 and 2017, there were a total of more than 3 million lookups of Russian Phone-Provider-1 IP addresses that originated with U.S.-based IP addresses. Fewer than 1,000 of these lookups originated with IP addresses affiliated with Trump Tower. In addition, the more complete data assembled by Tech Executive-1 and his associates reflected that DNS lookups involving the EOP and Russian Phone Provider-1 began at least as early 2014 (i.e., during the Obama administration and years before Trump took office) – another fact which the allegations omitted. 

The second of these passages was an innumerate claim that falsely suggested Russian YotaPhones were common in the United States because between 2014 and 2017, there had been three million such look-ups. As William Ockham explained, these three million look-ups aren’t much more than his own family’s DNS requests during the same four (or even three) year period.

Contra Durham, 3 million DNS requests for a related IP addresses over a four-year period means these requests are very rare.

For comparison purposes, my best estimate is that my family (7 users, 14 devices) generated roughly 2.9 million DNS requests just from checking our email during the same time frame. That’s not even counting DNS requests for normal web browsing.

This seeming concession that Durham was wrong makes the other removal especially interesting, particularly given Joffe’s motion to intervene.

Durham also removed a passage claiming that Joffe “exploited” his access to data from the White House “for the purpose of gathering derogatory information about Donald Trump.”

Remember, the data in question all preceded January 20, 2017. Even assuming “exploit” and “mine” are the appropriate verbs here, to suggest accessing data from before Trump became President was an effort to obtain derogatory information on him makes no sense. And the inclusion of Spectrum Health in all of this — for which people made baseless claims about the DeVoses — is further proof that Joffe wasn’t looking for derogatory information. He was looking for anomalies, and those anomalies ended up implicating Trump-related servers. Plus, even if Joffe were accessing just Trump-related data, finding some unexplained Russian traffic would normally be seen as a risk to Trump, not a political attack on him.

Durham claims he didn’t say anything in the conflicts memo that needed to be struck. That issue (and the claimed conflict) will be reviewed at a hearing on Monday. But in the meantime, Durham already dropped two claims.

Copyright © 2022 emptywheel. All rights reserved.
Originally Posted @