John Durham’s Igor Danchenko Case May Be More Problematic than His Michael Sussmann Case

Legal commentators who ignored the run-up to the Michael Sussmann trial and still have not reported on the evidence of abuse and incompetence are writing posts claiming it was always clear that the jury in that case would return an acquittal. The same people, however, are suggesting there might be more to the Igor Danchenko charges.

I wrote a whole series of posts laying out why that’s wrong — the last one, with links to the others, is here. In addition, I’ve been tracking Durham’s difficulties obtaining classified discovery from other parts of DOJ here. This post pulls together the problems Durham faces in his second trial, which is currently scheduled to start on October 11.

As a reminder, the Danchenko indictment charges the former Christopher Steele source with telling five lies to the FBI in interviews in which they tried to vet the Steele dossier:

  • One alleged lie on June 15, 2017  about whether he had spoken with Chuck Dolan “about any material contained in the” dossier.
  • Four alleged lies, told in interviews on March 16, May 18, October 24, and November 16, 2017, that he spoke to Sergei Millian in late July 2016 when Danchenko knew (variably in 2016 or in the interviews in 2017) that he had never spoken with him; one charged lie accuses Danchenko of wittingly lying about speaking to Millian more than once.

Durham will have to prove that these five statements were intentional lies and that they were material to the FBI’s operations.

Danchenko could get his former lawyer to testify

Before looking at the problems with each of those claimed lies and their materiality, consider that shortly after being charged, Danchenko replaced Mark Schamel, who represented Danchenko in his 2017 interviews with the FBI, with a team led by Lowenstein Sandler’s Stuart Sears. This makes it possible for Danchenko to do something risky but in this case potentially warranted: have his former attorney testify.

The interview report from his initial series of interviews in January 2017 shows that Danchenko was uncertain about the answer to some questions, but over the course of three days, checked his own records and corrected himself when he realized he had made an error in answering an affirmative question from the FBI. In at least one case, Danchenko also provided proof to back one of his claims. Schamel could explain how diligently he and Danchenko prepared for these interviews, how Danchenko corrected himself when he realized he was wrong, and the perceived focus — by all appearances, on Danchenko’s Russian sources — of the FBI interviews.

In short, Schamel’s testimony could go a long way to demonstrating that where Danchenko made an error, it was not willful.

The FBI didn’t ask the question about Chuck Dolan that Durham claims they did

Then there are the charges themselves. There are two potentially fatal problems with the single charge built around Chuck Dolan, which Durham has used to insinuate, with no evidence, that the minor Hillary supporter was the source of the pee tape allegation. The alleged lie Durham has accused Danchenko of, though, pertains to a more general question: whether Danchenko had “denied … that he had spoken to [Dolan] about any material” in the dossier.

Except, as happened repeatedly in his indictment of Danchenko, that’s neither what Danchenko was asked nor what he answered.

As I laid out in this post, it appears that Danchenko was asked whether Dolan was a source for Steele, not whether he was a source for Danchenko.

FBI AGENT-1: Um, because obviously I don’t think you’re the only …


FBI AGENT-1: Person that has been contributing. You may have said one – and this is the other thing we are trying to figure out.

[ … ]

FBI AGENT-1: Do you know a [PR Executive-1]?

DANCHENKO: Do I know [PR Executive-1]? Yeah.

FBI AGENT-1: How long have you known him? [laughing] [pause]

DANCHENKO: I’ve known [PR-Executive-1] for [pause] I don’t know, a couple years maybe.

FBI AGENT-1: Couple years?

DANCHENKO: But but but but but but but I’ve known of him for like 12 years.

[ … ]

DANCHENKO: Yeah. Yeah he likes Russia. I don’t think he is, uh, – would be any way be involved. But-but-uh-b-but he’s uh [UI] what I would think would be easily played. Maybe. Uh, he’s a bit naive in his, um liking of Russia. [emphasis Durham’s]

The question was premised on Steele having other primary subsources other than Danchenko and his response was a denial of the possibility that Dolan was one of them. All of Danchenko’s responses could be framed with that understanding of the question.

Durham’s alleged false statement appears to stem from a follow-up question. But there, Durham has completely misrepresented Danchenko’s answer.

FBI AGENT-1: Okay, so you’ve had … was there any … but you had never talked to [PR Executive-1] about anything that showed up in the dossier [Company Reports] right?


FBI AGENT-1: You don’t think so?

DANCHENKO: No. We talked about, you know, related issues perhaps but no, no, no, nothing specific. [emphasis Durham’s]

Danchenko explicitly told the FBI that he talked to Dolan about “related issues.” Particularly as regards the pee tape, Danchenko might consider using information from Dolan for further investigation a “related issue” but not the core issue that the FBI was interested in.

As to the report for which Durham presents compelling evidence that Dolan was the source, Durham presents no evidence of specific questioning about it, and there’s abundant evidence that Danchenko was never sure which reports came from him and which (he assumed) came from others.

Durham did not present any evidence that Danchenko denied, in response to specific questions about whether Dolan was involved in identified reports, that Dolan played a role in the dossier. He has evidence that Danchenko answered a question about something else, and then, in a follow-up, gave a much more equivocal response than Durham claims he gave.

Another Durham materiality claim fizzles after he actually investigates

Plus, it is virtually certain that Danchenko will be able to prove that his equivocal response could not have been material.

That’s because — as a declassified footnote of the DOJ IG Report makes clear — the reason the FBI asked these questions about Dolan on June 15, 2017 was because FBI had recently obtained Section 702 material showing conversations between Danchenko’s source, Olga Galkina, and Dolan.

The FBI [received information in early June 2017 which revealed that, among other things, there were [redacted]] personal and business ties between the sub-source and Steele’s Primary Sub-source; contacts between the sub-source and an individual in the Russian Presidential Administration in June/July 2016; [redacted] and the sub‐source voicing strong support for candidate Clinton in the 2016 U.S. elections. The Supervisory Intel Analyst told us that the FBI did not have Section 702 coverage on any other Steele sub‐source. [my emphasis]

That is, the reason the FBI was asking these questions in the first place is because they were trying to understand the communications they had just discovered between Dolan and Danchenko.

As the indictment lays out, Danchenko didn’t hide the key details about Dolan — that he was doing business in Russia, had ties with Dmitry Peskov, and had developed a business relationship with Galkina.

In a later part of the conversation, DANCHENKO stated, in substance and in part, that PR Executive-1 had traveled on the October “delegation” to Moscow; that PR Executive-1 conducted business with Business-1 and Russian Sub-source-1; and that PR Executive-1 had a professional relationship with Russian Press Secretary-1.

Durham claimed that Danchenko’s imagined lie was material because it deprived the FBI from obtaining information on Dolan.

DANCHENKO’s lies denying PR Executive-1 ‘s role in specific information referenced in the Company Reports were material to the FBI because, among other reasons, they deprived FBI agents and analysts of probative information concerning PR Executive-1 that would have, among other things, assisted them in evaluating the credibility, reliability, and veracity of the Company Reports, including DANCHENKO’s sub-sources.

We now know that, at the time Durham made this claim, he had barely begun the process of obtaining relevant evidence from DOJ IG. Even in the Michael Sussmann case, Durham first made a formal discovery request of Michael Horowitz’s office on October 13, 2021, almost a month after charging Sussmann (and just three weeks before indicting Danchenko). Durham didn’t receive materials that completely undermined his case against Sussmann until March.

From that, it’s fairly safe to assume that Durham (again) didn’t bother to test whether there was any basis for his materiality claims before building a long speaking indictment around them.

The FBI didn’t need Danchenko to tell them about Dolan’s Russian ties. They had discovered that already from 702 collection targeting Galkina. That’s precisely why they asked Danchenko whether Dolan could be another Steele source. And when asked for more details, Dahchenko offered up the details that FBI would have been looking for.

Durham’s due diligence problems on the Sergei Millian charges

There are several kinds of problems with the remaining four counts. As noted, four of the charges against Danchenko accuse him of hiding what Durham claims is affirmative knowledge (arguably in real time) that Sergei Millian never called him in late July 2016.

As a threshold matter, there’s no language in the Danchenko indictment suggesting Durham has affirmative proof that such a call didn’t happen — whether from Millian or anyone else. In his FBI interview, Danchenko suggested the call may have happened on a secure app and he said he had replaced the phone he used at the time. So it’s not clear that Durham can rule out a call on Signal or similar encrypted app. When Durham first rolled out this indictment, I thought such a claim would be reckless, but we now know Durham built his entire Sussmann indictment around billing records even though Durham had affirmative proof (in his taxi reimbursement) that Sussmann did not bill Hillary for his meeting with the FBI.

Worse still, even in the transcripts that Durham miscites in the indictment, Danchenko included a bunch of caveats that Durham does not include in his charging language: “I don’t know,” “at the time I was under the impression it was him,” “at least someone I thought was him.”

That creates a temporal problem with the way Durham has charged this. Even if Danchenko came to believe later in 2016 or in 2017 that he never spoke with Millian, in his interviews, Danchenko was answering about what he believed to be the case in July 2016, when he shared this report with Christopher Steele. All Danchenko was claiming was that he talked to some journalists at a Russian outlet, someone called Danchenko shortly thereafter (at a time, it should be said, when Oleg Deripaska likely already knew of the dossier project), and Danchenko assumed it was Millian because it was the most logical explanation. From the start, Danchenko always admitted his uncertainty about that call.

Durham is relying on a Twitter feed he has already said makes false claims about the Durham investigation

Then there’s the fact that Durham is relying on Sergei Millian as a witness against Danchenko.

As I noted last year, in his indictment, Durham claimed to prove that such a call had not happened based on Millian’s say-so. But not actual testimony. Rather, at that point, Durham was relying on Sergei Millian’s Twitter feed.

Chamber President-1 has claimed in public statements and on social media that he never responded to DANCHEKNO’s [sic] emails, and that he and DANCHENKO never met or communicated.

That was batshit insane then, not least because over the years journalists and others have raised real questions about the authenticity of Millian’s Twitter account. And since charging Danchenko, Millian has repeatedly made claims on Twitter that utterly demolishes the credibility of Millian’s Twitter feed.

Millian has played a key role in the “sleuths corner” that has ginned up all sorts of false claims about Durham’s investigation.

This explicit affiliation will entitle Danchenko to subpoena the activity of the group, and even if Millian were entirely credible, there are a number of people associated with the corner who are not.

Then, as part of his role in generating froth about the Durham investigation, Millian played a central role in misrepresenting a claim Durham had made in a filing in the Sussmann case, suggesting that Durham had proven that researchers had spied on the Trump White House.

This led Durham to formally state that those who made such claims were “misrepresent[ing] facts contained in the Government’s Motion.” So Durham has publicly accused his star witness — Sergei Millian’s Twitter feed — of making false claims about matters pertaining to Durham’s investigation.

Worse still, in the same time period, Millian claimed that he had called the White House and told them “who was working against them.”

That reflects the kind of knowledge that could only come from a concerted effort, in real time (seemingly in 2016), to fuck with the Fusion investigation, followed by a subsequent effort (at such time when Trump was in the White House), to exact a cost for the investigation. Effectively, with this tweet, Millian confessed to being part of the effort to undermine the Russian investigation. That makes Millian’s contact with Deripaska in 2016 all the more problematic, since Deripaska has seemingly carried out a sustained campaign to attack the Russian investigation. But it also suggests that Millian’s claims to have entirely blown off Danchenko’s quetions were false.

Millian has since claimed that Durham’s office was trying to keep him off Twitter, but that he refused because he wants to attack his enemies.

This is all just stuff that Millian has done since the indictment, and to the extent earlier Millian tweets are preserved showing professed knowledge of the 2016 Russian operation (as some are), Danchenko would be able to use those at trial as well.

Which may be why — at least according to Millian’s unreliable Twitter feed — Durham is now trying to get Millian to come testify at trial. But Millian suggests that testifying under oath to the claims he has been making on Twitter for years would amount to “using him.”

Durham’s star witness refuses to return to the US without some kind of “gentleman’s agreement” regarding his “safe return.” That’s not going to be a very credible witness on the stand, if he even shows up to testify.

The counterintelligence investigation against Millian was real in 2016 and may be realer now

Which leads us, again, to Durham’s failures to do basic investigation before charging these indictments.

We know Durham didn’t reach out to Michael Horowitz until weeks before charging Danchenko. The Sussmann case made it clear Durham had not received centrally relevant evidence in the Sussmann case until March.

That means Durham may not have been aware of the public evidence — in both the DOJ IG Report and declassified footnotes — describing the counterintelligence investigation opened on Millian in October 2016, which was opened in NY (where Millian lived at the time), not DC (where Fusion and others were also raising concerns).

In addition, we learned that [Millian] was at the time the subject of an open FBI counterintelligence investigation. 302 We also were concerned that the FISA application did not disclose to the court the FBI’s belief that this sub-source was, at the time of the application, the subject of such an investigation. We were told that the Department will usually share with the FISC the fact that a source is a subject in an open case. The OI Attorney told us he did not recall knowing this information at the time of the first application, even though NYFO opened the case after consulting with and notifying Case Agent 1 and SSA 1 prior to October 12, 2016, nine days before the FISA application was filed. Case Agent 1 said that he may have mentioned the case to the OI Attorney “in passing,” but he did not specifically recall doing so. 303

301 As discussed in Chapter Four, [Millian] [redacted]

302 According to a document circulated among Crossfire Hurricane team members and supervisors in early October 2016, [Millian] had historical contact with persons and entities suspected of being linked to RIS. The document described reporting [redacted] that [Millian] “was rumored to be a former KGB/SVR officer.” In addition, in late December 2016, Department Attorney Bruce Ohr told SSA 1 that he had met with Glenn Simpson and that Simpson had assessed that [Millian] was a RIS officer who was central in connecting Trump to Russia.

We know Durham has little familiarity with the Mueller Report, much less the underlying investigation. Which means he similarly may not have considered the evidence that Millian was cultivating George Papadopoulos during precisely the same weeks when Danchenko was contacting Millian for information on Trump.

Papadopoulos first connected with Millian via LinkedIn on July 15, 2016, shortly after Papadopoulos had attended the TAG Summit with Clovis.500 Millian, an American citizen who is a native of Belarus, introduced himself “as president of [the] New York-based Russian American Chamber of Commerce,” and claimed that through that position he had “insider knowledge and direct access to the top hierarchy in Russian politics.”501 Papadopoulos asked Timofeev whether he had heard of Millian.502 Although Timofeev said no,503 Papadopoulos met Millian in New York City.504 The meetings took place on July 30 and August 1, 2016.505 Afterwards, Millian invited Papadopoulos to attend-and potentially speak at-two international energy conferences, including one that was to be held in Moscow in September 2016.506 Papadopoulos ultimately did not attend either conference.

On July 31 , 2016, following his first in-person meeting with Millian, Papadopoulos emailed Trump Campaign official Bo Denysyk to say that he had been contacted “by some leaders of Russian-American voters here in the US about their interest in voting for Mr. Trump,” and to ask whether he should “put you in touch with their group (US-Russia chamber of commerce).”507 Denysyk thanked Papadopoulos “for taking the initiative,” but asked him to “hold off with outreach to Russian-Americans” because “too many articles” had already portrayed the Campaign, then-campaign chairman Paul Manafort, and candidate Trump as “being pro-Russian.”508

On August 23, 2016, Millian sent a Facebook message to Papadopoulos promising that he would ” share with you a disruptive technology that might be instrumental in your political work for the campaign.”509 Papadopoulos claimed to have no recollection of this matter.510

On November 9, 2016, shortly after the election, Papadopoulos arranged to meet Millian in Chicago to discuss business opportunities, including potential work with Russian “billionaires who are not under sanctions.”511 The meeting took place on November 14, 2016, at the Trump Hotel and Tower in Chicago.512 According to Papadopoulos, the two men discussed partnering on business deals, but Papadopoulos perceived that Millian’s attitude toward him changed when Papadopoulos stated that he was only pursuing private-sector opportunities and was not interested in a job in the Administration.5 13 The two remained in contact, however, and had extended online discussions about possible business opportunities in Russia. 514 The two also arranged to meet at a Washington, D.C. bar when both attended Trump’s inauguration in late January 2017.515

More recently, as part of charges against a different Russian-American who fled because of a counterintelligence investigation, DOJ made clear that Millian’s organization knew at least by 2013 they should have registered as agents of Russia.

a. On or about January 30, 2013, BRANSON received an email from an individual using an email address ending in “” Based on my review of publicly available information, I have learned that this individual was a Senior Vice President of the Russian American Chamber of Commerce in the USA. This email had the subject line “Problem.” and the text of the email included, among other things, a portion of the FARA Unit’s website with background on FARA. In response, BRANSON wrote, in part, “I am interested in the number of the law, its text in English[.]” The sender then responded with “Lena, read …” and copied into the email background on FARA and portions of the statute.

All of which to say that Durham likely cannot make any “gentleman’s agreement” on DOJ’s behalf with Millian about coming to the US to testify against Danchenko, because other parts of DOJ have equities that significantly precede Durham’s, equities that pertain more directly to harm to the United States and current national security priorities.

Plus, even if Durham did succeed in bringing his star witness against Danchenko to EDVA to testify against him, even if Millian weren’t arrested on sealed charges when he landed, the trial would end up being a circus in which the evidence against Millian and the false claims Millian has made about the Durham investigation playing a more central role than the evidence against Danchenko.

There are few things Durham could do that would make it more clear how his witch hunt has served Russia’s interests, and not those of the US.

I mean, I’m all for it. But at some point Durham may come to recognize that’s not a winning case.

There is affirmative evidence that any alleged lies Danchenko told were not material

It’s not clear whether Sussmann jurors ever got as far as considering the materiality problems in the case against Sussmann. But, even on top of the specific problem arising from the Section 702 directive targeting Galkina, described above, Durham may have bigger materiality problems with Danchenko.

That’s because — as explained in the DOJ IG Report Durham didn’t read closely — FBI repeatedly made decisions that affirmatively reflect finding claims in the dossier and Danchenko’s interviews were not material to their decision to keep surveilling Carter Page.

That’s true, first of all, because the initial FISA targeting Page obtained useful information. Notes from Tashina Gaushar that Durham belatedly discovered in the Sussmann case described the FISAs against Page this way:

So before the FBI ever spoke to Danchenko, they had independent reason (on top of the counterintelligence concerns NYFO had used in March 2016 to open an investigation on Page) to target Page.

Moreover, the FBI started identifying problems with the Millian allegations before the first FISA, but never integrated those or Danchenko’s own interviews into their FISA applications.

Regarding the information in the first bullet above, in early October 2016, the FBI learned the true name of Person 1 (described in Report 95 as “Source E”). As described in Chapter Six, the Primary Sub-source told the FBI that he/she had one 10- to 15-minute telephone call with someone he/she believed to be Person 1, but who did not identify him/herself on the call. We found that, during his/her interview with the FBI, the Primary Sub-source did not describe a “conspiracy” between Russia and individuals associated with the Trump campaign or state that Carter Page served as an “intermediary” between Manafort and the Russian government. In addition, the FBl’s summary of the Primary Sub-source’s interview did not describe any discussions between the parties concerning the disclosure of DNC emails to Wikileaks in exchange for a campaign platform change on the Ukrainian issue. To the contrary, according to the interview summary, the Primary Sub-source told the FBI that Person 1 told him/her that there was “nothing bad” about the communications between the Kremlin and Trump, and that he/she did not recall any mention of Wikileaks. Further, although Steele informed the FBI that he had received all of the information in Report 95 from the Primary Sub-source, and Steele told the OIG the same thing when we interviewed him, the Primary Subsource told the FBI that he/she did not know where some of the information attributed to Source E in Report 95 came from. 388 Despite the inconsistencies between Steele’s reporting and the information his Primary Sub-source provided to the FBI, the subsequent FISA renewal applications continued to rely on the Steele information, without any revisions or notice to the court that the Primary Sub-source had contradicted the Steele reporting on key issues described in the renewal applications. Instead, as described previously, FISA Renewal Application Nos. 2 and 3 advised the court:

In an effort to further corroborate [Steele’s] reporting, the FBI has met with [Steele’s] [redacted] sub-source [Primary Sub-source] described immediately above. During these interviews, the FBI found the [redacted] subsource to be truthful and cooperative [redacted]. The FBI is undertaking additional investigative steps to further corroborate the information provide [sic] by [Steele] and [redacted]

It cannot be the case that FBI at once ignored everything Danchenko said that should have raised concerns, but also that Danchenko’s repetition of the things he said in his first interview would be material to later parts of the investigation. There’s a 478-page report laying out why that’s not the case.

As to the Dolan tie, the FBI obtained intelligence that the reports that most mattered to the ongoing Russian investigation — the sketchy Cohen-in-Prague stories sourced to Olga Galkina, stories that may well have arisen because Dolan vouched for Galkina with Peskov — were disinformation a week before first speaking to Danchenko.

A January 12, 2017, report relayed information from [redacted] outlining an inaccuracy in a limited subset of Steele’s reporting about the activities of Michael Cohen. The [redacted] stated that it did not have high confidence in this subset of Steele’s reporting and assessed that the referenced subset was part of a Russian disinformation campaign to denigrate U.S. foreign relations. A second report from the same [redacted] five days later stated that a person named in the limited subset of Steele’s reporting had denied representations in the reporting and the [redacted] assessed that the person’s denials were truthful.

As I have shown, Mueller did not use the Cohen reports at all in predicating the investigation against Trump’s lawyer.

Finally, the DOJ IG Report strongly suggests that the FBI was not going to get a fourth FISA targeting Page until they discovered two new facilities — probably one or more encrypted app and some financial accounts — they thought might answer some of their outstanding questions about Page.

[A]vailable documents indicate that one of the focuses of the Carter Page investigation at this time was obtaining his financial records. NYFO sought compulsory legal process in April 2017 for banking and financial records for Carter Page and his company, Global Energy Capital, as well as information relating to two encrypted online applications, one of which Page utilized on his cell phone. Documents reflect that agents also conducted multiple interviews of individuals associated with Carter Page.

Case Agent 6 told us, and documents reflect, that despite the ongoing investigation, the team did not expect to renew the Carter Page FISA before Renewal Application No. 2’s authority expired on June 30. Case Agent 6 said that the FISA collection the FBI had received during the second renewal period was not yielding any new information. The OGC Attorney told us that when the FBI was considering whether to seek further FISA authority following Renewal Application No. 2, the FISA was “starting to go dark.” During one of the March 2017 interviews, Page told Case Agent 1 and Case Agent 6 that he believed he was under surveillance and the agents did not believe continued surveillance would provide any relevant information. Cast Agent 6 said [redacted]

SSA 5 and SSA 2 said that further investigation yielded previously unknown locations that they believed could provide information of investigative value, and they decided to seek another renewal. Specifically, SSA 5 and Case Agent 6 told us, and documents reflect, that [redacted] they decided to seek a third renewal. [redacted]

This is yet another reason why nothing Danchenko could have said in his interviews would have changed the FBI’s actions.

That leaves the purported lies — the same alleged lies about Millian — told in October and November 2017 that Durham claims Danchenko had been telling all along. By that point, though, Mueller already had George Papadopoulos refusing to provide details pertaining to Millian that would have raised further questions about Millian’s activities in 2016.

Honestly, this post barely scratches the surface of problems with Durham’s Igor Danchenko case. Things get worse when you consider Oleg Deripaska’s role in the dossier and the very active investigation into him and more recent sanctions into Dmitry Peskov.

And, this time, Durham may realize that. Just weeks before the Sussmann trial, Durham made a frenzied effort to include details about the dossier and Millian in Sussmann’s case. For example, he got approved as exhibits and “accidentally” released Fusion GPS files entirely unrelated to the Sussmann case. He attempted, but failed, to make Christopher Steele a central issue at the Sussmann trial. And during the testimony of Jared Novick, he attempted to introduce the names of dossier subjects that were unrelated to the core Sussmann charge. That is, Durham expanded the scope of his already unhinged conspiracy theory to incorporate topics — most notably, the dossier — that he might otherwise present at the Danchenko trial.

In the next two weeks, Durham will — after over ten weeks of delay — have to face the challenges of obtaining the classified discovery that Danchenko can demand to prove this is the case. In light of those challenges, we’ll see whether Durham wants to barrel forward towards yet another humiliating loss at trial.

The Ongoing Investigation into Paul Manafort’s Handlers

In this post, I noted that 22 months after Andrew Weissmann’s team wrote a 37-page report, plus a classified supplement, describing what they had learned about Paul Manafort’s role in the 2016 election operation, SSCI dedicated 142 pages of their 966 page report on the counterintelligence threat posed by Trump’s former campaign manager. The latter report, which had fewer investigative tools and relied heavily on the earlier effort, just stuck classified information right into the text and then redacted great swaths of it.

Among the things known to but redacted by SSCI in 2020 but not included in the unclassified parts of the Team M Report in 2018 are:

In other words, by 2020, investigators working with derivative investigative tools found a great deal of evidence to suggest that Deripaska and Kilimnik were not only centrally involved in Russia’s intelligence operation targeting the US in 2016, but also a concerted plan to undermine in the investigation into it after the fact.

Around about the time SSCI finished their report, the FBI offered a $250,000 reward leading to Kilimnik’s arrest.

All that is why I’m interested that the Team M Report, released in 2022, after the statute of limitations has expired on most crimes tied to the 2016 election (though not a conspiracy that continued after it), was released with so many b7A redactions reflecting an ongoing investigation.

I’ve put a list of them all below.

There are three redactions I find particularly remarkable.


The treatment of Pericles, the investment fund that Manafort set up and Deripaska funded in 2007, is uneven among the four stories that tell Manafort’s story (it is mentioned in passing in the breach litigation). A paragraph introducing it in the Mueller Report serves to set up Rick Gates’ explanation that Manafort’s outreach to Deripaska during the campaign was an effort to settle Deripaska’s lawsuit relating to the fund. There’s a bit more in the SSCI Report, including the detail that while Kilimnik initially served as Manafort’s point of contact for the deal, Manafort later tried to hide aspects of it from him so as to hide it from the other Oligarchs. There’s a redacted paragraph as well, perhaps tied to the funding.

Pericles may be the one topic which the Team M Report dedicates more space to than the SSCI Report. After introducing the fund, a heavily-redacted paragraph, including a b7A exemption, describes the dispute that arose between Manafort and Deripaska. Then two of the lettered footnotes the Team M Report used to describe context are also redacted under a b7A redaction. There’s also a paragraph redacted using only a b5 (deliberative process) exemption describing the dispute.

Remember: That dispute was a key part of Deripaska’s double game in 2016, a way to make Manafort more insecure even as squeezing him to get cooperation on the campaign. Christopher Steele played a (as far as is known, unwitting) role in that double game, so if Deripaska injected the dossier with disinformation, that’s likely how he did so. But it’s the 13-year old business arrangement itself, and not the 6-year old exploitation of it, that remains redacted in the Team M Report as part of an ongoing investigation.

The August 2 Meeting

Then consider how the passage on the August 2, 2016 meeting between Manafort and Kilimnik appears in the Team M Report (as released under FOIA).

The story of the Havana Bar meeting is one that got told in depth by the Breach Litigation, the Mueller Report, and the SSCI Report — indeed, it was a central focus of the Breach Litigation, one that particularly impressed Judge Amy Berman Jackson. The Mueller Report provided a 3-page description that is, with just two exceptions, redacted only with grand jury redactions. The Mueller Report version describes the three topics discussed at the meeting this way:

As to the contents of the meeting itself, the accounts of Manafort and Gates–who arrived late to the dinner–differ in certain respects. But their version of events, when assessed alongside available documentary evidence and what Kilimnik told business associate Sam Patten, indicate that at least three principal topics were discussed.

In addition to redacting, under a b7A redaction, what else, besides campaign headquarters, was across the street from the Havana Club (possibly in Trump Tower), the Team M Report redacts much of the discussion about the differences between the three stories. Even the description of the three versions are structured differently.

The bulk of Manafort’s story — four and a half pages — focuses on the plan to carve up Ukraine, including the follow-up efforts made over the following two years. There’s an explicit reference — the only unredacted such reference within the body of the report — to more of the story appearing in the classified appendix. And just a short paragraph, partially redacted under a b7A exemption, discusses Manafort explaining to Kilimnik how he planned to win swing states.

Gates’ version focuses more on Manafort’s attempts to get paid (which may not appear in Manafort’s version at all). Whatever discussion Gates provided of the Ukraine plan is redacted under b7A; the most recent release of Gates’ 302s also redacts a lot about the August 2 meeting, including the cover story he told before he started cooperating.

Patten’s version of the meeting — which reflects what Kilimnik told Patten after the fact — is even more redacted than the Gates version in the Team M report. Those redacted passages may redact discussions that appear redacted in the most recent release of Patten’s 302s but which were cited in unredacted form in the SSCI Report. According to that, Manafort told Kilimnik that the way to win was to focus on increasing Hillary’s negatives.

Patten’s debriefing with the SCO provides the most granular account of what information Kilimnik obtained at the August 2, 2016 meeting:

Kilimnik told Patten that at the New York cigar bar meeting, Manafort stated that they have a plan to beat Hillary Clinton which included Manafort bringing discipline and an organized strategy to the campaign. Moreover, because Clinton’s negatives were so low [sic]-if they could focus on her negatives they could win the election. Manafort discussed the Fabrizio internal Trump polling data with Kilimnik, and explained that Fabrizio ‘s polling numbers showed that the Clinton negatives, referred to as a ‘therm poll, ‘ were high. Thus, based on this polling there was a chance Trump could win. 458

If that’s what does appear in the Team M Report, it remains redacted, in part under an ongoing investigation exemption. It focuses on the election, not the effort to carve up Ukraine.

Incidentally, the SSCI Report reveals one detail no other source I know did: Manafort met with Rudy and Trump before he went to meet Kilimnik. As the SSCI Report notes, this also happens to be the day before Stone started pitching Manafort on a way to save the candidate.

March, April, and May 2016

As noted above, the SSCI Report has heavily redacted passages discussing activities involving Kilimnik and Deripaska in March and April 2016. They don’t show up in the unclassified part of the Team M Report or the Mueller Report at all.

The May 2016 meeting between Manafort and Kilimnik does appear in the Mueller Report, though.

Manafort twice met with Kilimnik in person during the campaign period—once in May and again in August 2016. The first meeting took place on May 7, 2016, in New York City.905 In the days leading to the meeting, Kilimnik had been working to gather information about the political situation in Ukraine. That included information gleaned from a trip that former Party of Regions official Yuriy Boyko had recently taken to Moscow—a trip that likely included meetings between Boyko and high-ranking Russian officials.906 Kilimnik then traveled to Washington, D.C. on or about May 5, 2016; while in Washington, Kilimnik had pre-arranged meetings with State Department employees.907

Late on the evening of May 6, Gates arranged for Kilimnik to take a 3:00 a.m. train to meet Manafort in New York for breakfast on May 7.908 According to Manafort, during the meeting, he and Kilimnik talked about events in Ukraine, and Manafort briefed Kilimnik on the Trump Campaign, expecting Kilimnik to pass the information back to individuals in Ukraine and elsewhere.909 Manafort stated that Opposition Bloc members recognized Manafort’s position on the Campaign was an opportunity, but Kilimnik did not ask for anything.910 Kilimnik spoke about a plan of Boyko to boost election participation in the eastern zone of Ukraine, which was the base for the Opposition Bloc.911 Kilimnik returned to Washington, D.C. right after the meeting with Manafort.

There are two passages that reference the May meeting in the Team M Report, albeit in less detail than appears in the Mueller Report (notably leaving out Yuriy Boyko’s trip to Moscow, as well as Gates’ arrangements for the trip).

During the late spring of 2016, Kilimnik continued to collect information on the political situation in Ukraine.

[4 line b5 redaction]

Kilimnik further explained that he planned to be in Washington, D.C., between May 5 and May 8, 2016.8


On May 7, 2016, Kilimnik met with Manafort in New York City.97 Gates arranged the meeting and purchased Kilimnik’s Amtrak tickets from Washington, D.C. to New York.98 According to Manafort, he briefed Kilimnik on the Trump campaign, expecting Kilimnik to pass the information back to individuals in Ukraine and elsewhere.99 Manafort stated that Kilimnik did not ask for anything based upon Manafort’s position with the campaign.100 Kilimnik spoke about Boyko’s plan for election participation in the occupied zone of Ukraine.

But this discussion has some big b7A redactions, including some redacting personal information and others redacting law enforcement techniques. In other words, whereas Mueller was able to include at least some discussion of the May meeting in the report, parts of it remain sensitive, three years later, even as Russia attempts to implement a plan to carve up Ukraine, now using force, pitched to Manafort at that Havana Bar meeting.

There seems to be increased investigative interest in those spring 2016 events as time has passed, so much so that DOJ may be sharing less than Mueller did in his initial release.

To be clear: none of these redactions mean that Manafort is at legal risk from these ongoing investigations. As noted, the statutes of limitation have expired for most criminal exposure (unless as part of a continuing conspiracy). More likely, all these b7A redactions indicate counterintelligence investigations, not criminal ones.

But what’s interesting about the release of this report, 40 months after it was written, is that it hasn’t gotten any less sensitive over time.

b7A redactions

  • Possible reference to Rick Gates’ role on the Inauguration Committee
  • Manafort’s consulting work for Deripaska
  • Pericles fund
  • Kilimnik’s ties to Russian intelligence services and IRI
  • Jonathan Hawker and Alex Van der Zwaan on Kilimnik’s ties to RIS
  • Kilimnik’s ties to Viktor Boyarkin
  • Kilimnik’s May 2016 trip to the US
  • The August 2 meeting with Kilimnik in the Havana Club
  • A reference to Kilimnik’s reference to black caviar
  • The plan to carve up Ukraine
  • Manafort’s plan to win the election
  • Gates’ version of the August 2 meeting
  • Sam Patten’s version of the August 2 meeting
  • Manafort’s sharing of polling data
  • The purpose behind Manafort’s trip to Spain
  • The second meeting in Spain

Four Stories about Paul Manafort from Andrew Weissmann’s Team M

The NYT recently liberated via FOIA the alternative report written by Andrew Weissmann’s Team M, focused on Manafort, as part of the Mueller investigation. As Josh Gerstein described when he wrote up the report, it is heavily redacted and as such includes virtually no new factual details from what has already been made public. But that doesn’t mean the report is uninteresting.

After all, even presenting exactly the same allegations that we’ve seen elsewhere as it does, the report tells us certain things about the investigation.

Before I lay out what the report shows, I want to review the four times this story has been told:

As I laid out in my Rat-Fucker Rashomon series on Roger Stone, by comparing the various stories and understanding how each meets the particular genre and purpose of the document, we can better identify the gaps and inclusions of each.

(Another place to find more of the investigation into Manafort is in interview 302s; I’ve pulled together all the 302s for Sam Patten and Rick Gates; many of the most recent versions of the Manafort 302s appear in this FOIA release.)

The four stories, read together, reveal that there was a great deal of evidence that Oleg Deripaska and Konstantin Kilimnik leveraged Manafort as part of their very active role in the 2016 operation, as well as follow-up efforts to undermine the investigation into the 2016 operation. The SSCI Report even suggests Kilimnik had a role in the hack-and-leak campaign. Yet none of that showed up in unclassified parts of the Mueller Report and related documents. That’s partly true because all three of those documents — the unclassified part of the Team M Report, the Breach Determination, and the Mueller Report itself — played specific legal functions.

As with the ongoing investigation into Roger Stone that continued past the conclusion of the Mueller Report, those specific legal roles do not entail laying out where an ongoing investigation is headed. That’s why one of the most informative parts of the Team M Report, as released 40 months after it was written, are the number of sections that remain redacted under a b7A ongoing investigation redaction.

N0vember 18, 2018: Team M Report

In the days after the mid-term election in 2018, Trump fired Jeff Sessions, foreboding a different approach to Mueller’s supervision. Whether or not Mueller might otherwise have continued the investigation, with Sessions’ firing, investigators moved to conclude their work and write up a report of prosecutions and declinations. Team M wrote this report with an eye to documenting all their work. As Weissmann explained in his book, this report arose out of frustration with the decisions that Mueller’s Chief of Staff, Aaron Zebley had made, both in limiting the scope of the investigation (which significantly excluded a review of Trump’s finances), and by obscuring gaps in the conclusions.

Teams M and R had many back-and-forths with Aaron with respect to this problem while drafting the report. Aaron was adamant that our report be conclusive, making only definitive conclusions, while the teams on the ground pushed back, noting the many gray areas and gaps in our evidence and the realms we decided not to examine, including the president’s financial ties to Russia; our failure to obtain the truthful cooperation of witnesses who’d been influenced by the president’s conduct in dangling the prospect of a pardon; what questions remained outstanding; what evidence we could not obtain; and our inability to interview certain other witnesses at all, up to and including the president. Only some of these limitations made it into the final report, as Team M and Team R did not have the pen—that is, the final say. To remedy this, at least for posterity, I had all the members of Team M write up an internal report memorializing everything we found, our conclusions, and the limitations on the investigation, and provided it to the other team leaders as well as had it maintained in our files.

We should have been more transparent. We knew our report would be made public and, while our superiors at the Justice Department understood the ultimate parameters of our investigation, the American people did not and cannot be expected to glean them all from our report.

In the end, the wrongdoing we found in the areas in which we chose to look, particularly in the one Russian financial deal we examined as a result of Cohen’s cooperation, left me with a deeply unsatisfying feeling about what else was out there that we did not examine. One of my strengths—and simultaneously one of my flaws—as an investigator is the desire to turn over every rock, go down every rabbit hole, try to master every detail. In this investigation, that tenacity was as much an asset as a curse: The inability to chase down all financial leads, or to examine all crimes, gnawed at me, and still does.

This report, then, was an attempt to capture significant findings that would not make it into the ultimate report.

The Team M Report is structured this way:

The Manafort Investigation — Overview

  • Manafort’s Background
  • Manafort, Gates, and Kilimnik’s Criminal Prosecutions
  • Manafort’s Ties to Russia and Ukraine
    • Deripaska Consulting Work
      • The Pericles Fund
    • Ukraine Political Consulting Work
    • Kilimnik
    • Manafort’s Work on the Trump Campaign (March–August 2016)
    • Russia & Ukraine Communications 2016-2018
      • Communications in March 2016
      • Communications in Spring/Summer 2016
      • The August 2, 2016 Meeting
        • [Manafort’s Account]
        • Gates’ Account
        • Patten’s Account
      • Manafort’s Sharing Trump Campaign Polling Data with Kilimnik
      • Post-Election Meetings and Contacts

In addition to that overview, the report includes three things:

  • Lettered footnotes: These seem to explain the context and gaps that Weissmann complained were not making it into the final report.
  • Numbered footnotes: These provide the sources and map directly onto the publicly identified sources in the Mueller Report itself.
  • “A supplemental submission which is classified:” We can identify some of what might appear in this supplemental submission from the SSCI Report.

December 7, 2018 through March 2, 2019: Breach Litigation

The Team M Report is dated just three days after a joint request to delay a status report in Manafort’s case and eight days before the delayed joint status report reported that Manafort had breached his plea agreement. So it was written at a time when the Weissmann team understood that Manafort had strung them out through the election and had presumably decided to hold him in breach of his plea agreement. But the Team M Report does not correlate, in structure or content, to the list of topics that Weissmann’s team asserted (successfully in three of five areas) that Manafort had been lying about.

The primary representations from Weissmann’s team in the breach litigation were:

In those documents and the hearing, Weissmann’s team laid out their case that Manafort had lied about:

Payment to Wilmer Hale: Manafort engaged in some kind of dodgy accounting — perhaps some kind of kickback involving two of Manafort’s firms — to get money to pay his lawyers at Wilmer Hale, who represented Manafort until August 2017.

Manafort’s efforts to protect Konstantin Kilimnik in the witness tampering conspiracy: In 2018, Kilimnik and Manafort were charged for conspiring to hide aspects of their Hapsburg Project, a front NGO used to hide lobbying for Ukraine behind high ranking former European officials. ABJ ruled that the government had not proven that Manafort lied about this topic, because Manafort quickly flip-flopped on his efforts to deny that Kilimnik had conspired with him to hide details of the front.

Interactions with Kilimnik: ABJ did rule that Manafort had lied to cover up details of his interactions with Konstantin Kilimnik, starting during the election and continuing through 2018. This accused lie covers much of the material presented in the Team M Report, but covers (at least in unclassified form, though the classified supplement to the Team M Report must include later communications) a broader time period.

Another DOJ investigation: ABJ judged that Weissmann’s team proved that Manafort lied to cover up details pertinent to another investigation. Given the timing of the allegations and a footnote that must modify the overview section links to Michael Cohen’s Criminal Information, the other investigation is likely the investigation into hush payments to Karen McDougal. The government’s initial submission describes that the information implicated Senior Administration Officials, which must implicate Trump himself and, likely, Kushner. In addition to Cohen and Don Jr., some parts of this lie also appear to implicate Roger Stone.

Manafort’s Contact with the Administration: The government tried, but failed, to prove that Manafort was hiding his ongoing contacts with the Trump Administration, including lobbying others were doing targeting the Department of Labor pertaining to ERISA. Significantly, prosecutors did not include ongoing communication conducted via lawyers.

March 22, 2019: Mueller Report

While Manafort shows up throughout the Mueller Report, the discussion of his case appears in four key areas:

All these prosecution, declination, and referral decisions — save the obstruction discussion pertaining to Trump himself — appear in a series of footnotes in Team M (curiously, Alex Van der Zwaan only appears in the Mueller Report in the “Referenced Persons” section, even though he is not referenced in the report itself). That reflects the stated difference in the documents. The legal purpose of the Mueller Report, as I’ve repeatedly reminded, was to lay out such prosecutorial decisions. Everything in the report should serve to explain those prosecutorial decisions and — at least in the Stone case — prosecutorial decisions that had not yet been reached don’t show up in the body of the Report.

The Manafort section is similar to, but does not quite map to, the structure of the Team M Report:


  • Paul Manafort’s Ties to Russia and Ukraine
    • Oleg Deripaska Consulting Work
    • Political Consulting Work
    • Konstantin Kilimnik
  • Contacts during Paul Manafort’s Time with the Trump Campaign
    • Paul Manafort Joins the Campaign
    • Paul Manafort’s Campaign-Period Contacts
    • Paul Manafort’s Two Campaign-Period Meetings with Konstantin Kilimnik in the United States
    • Post-Resignation Activities

For reasons I’ll lay out below, I’m most interested that the Team M Report — which has a classified supplement — has a heading for “Communications in Spring/Summer 2016” and “The August 2, 2016 Meeting,” whereas the Mueller Report splits this into “Campaign-Period Contacts” and “Two Campaign-Period Meetings with Konstantin Kilimnik in the United States.”

August 18, 2000: SSCI Report

Finally, there is the substantial section — 142 pages of the 966 page report — of the SSCI Report dedicated to explaining why Paul Manafort was a counterintelligence threat to Donald Trump. This section treats Manafort as a threat because of his close ties to Deripaska and Kilimnik, and as such, SSCI’s discussions of those men’s roles in the 2016 operation appear in the Manafort section.

As I observed when conducting a similar comparison for Stone, both because the SSCI Report came later and because it is the only report that attempted to be comprehensive, it included things that weren’t included in the earlier reports.

Importantly, for our purpose, the SSCI Report’s approach to secrets was different. Whereas the Team M Report included a classified supplement, the SSCI Report included such material in the body of the report. Large swaths of this section were deemed classified when the SSCI Report was released in 2020 and, in spite of the fact that Avril Haines promised a review of these classification decisions, nothing new has been released since.

Here’s how the Manafort section of the SSCI Report is organized:

  • Introduction and Findings (included three entirely classified bullets on Kilimnik’s role in the hack-and-leak)
  • Limitations on the Committee’s Investigation
  • Background on Manafort’s Foreign Activities
    • Manafort’s Work with Oleg Deripaska
      • Manafort’s Influence Operations in Ukraine
      • Manafort’s Global Influence Operations for Deripaska
      • Konstantin Kilimnik
      • Pericles
    • Manafort’s Work in Ukraine for the Party of Regions (PoR)
  • Manafort’s Activities from 2014 until Joining the Trump Campaign
    • Former-PoR Associates in Ukraine
    • Deripaska and Pericles Lawsuit
  • Manafort’s Activities While Serving on the Trump Campaign
    • Manafort’s Entry into the Trump Campaign
    • Kilimnik’s Awareness of Manafort’s Hiring Before the Public Announcement [including redacted section that, by context, must describe a March 2016 Kilimnik trip to the US]
    • Manafort Announces His Position on the Trump Campaign; Extends Private Offers to Russian and Ukrainian Oligarchs
    • [Heavily redacted section on] Kilimnik and Deripaska’s Activities in April
    • Manafort and Kilimnik Meet in New York City; Discuss Ukraine, Trump Campaign Strategy; Sharing of Internal Trump Campaign Polling Data with Kilimnik Begins
    • Manafort Offers to Brief Deripaska Through Kilimnik and Boyarkin; Kilimnik Appears to Have Insider Knowledge of Trump Campaign; [redacted] and Kilimnik Coordinate on [redacted] [includes redacted sections addressing Steele Report]
    • Manafort Meets with Kilimnik at the Grand Havana Room in New York City; They Discuss Polling Data, Ukraine Plan, and Debts
      • Internal Polling Information and Trump Campaign Strategy
      • Ukraine Peace Plan
    • [Heavily redacted section on] Possible Connections to GRU Hack-and-Leak Operation
    • The “Ledger” and Manafort’s Resignation
  • Manafort’s Activities For the Remainder of the Campaign
    • Manafort’s Continued Contact with the Trump Campaign; Kilimnik’s awareness of these contacts
    • Manafort’s Involvement in Ukrainian Government Outreach to the Campaign
  • Manafort’s Activities After the Election
    • [Redacted] Kilimnik Seeks to Leverage His Relationship with Manafort; Coordinates [redacted]
    • Manafort and Kilimnik Communicate with Yanukovych in Russia Related to Ukraine Plan; Attempt Communications Countermeasures
    • [Redacted] Kilimnik and Boyarkin Arrange Meeting for Manafort in Madrid; Manafort [redacted]
    • Kilimnik and Lyovochkin Travel to Washington D.C. for Inauguration, Meet with Manafort and Discuss Ukraine
    • Kilimnik and Manafort Meet in Madrid; Discuss Counter-Narratives and Ukraine
    • [Significantly Redacted] Russian Influence Operations to Undermine Investigations into Russian Interference [includes developments through late 2019, including Rudy Giuliani-related activities of John Solomon]
    • Manafort’s Continued Efforts with Kilimnik on Ukraine; Kilimnik’s Own Continued Activities [includes 8 mostly-redacted pages going through 2020]
    • Manafort and Gates Communications Regarding Investigations
  • Manafort’s Associates Ties to Russian Intelligence Services [Heavily redacted]
    • Oleg Deripaska and His Aides
      • Deripaska’s Kremlin Ties
      • Deripaska’s “Chief of Staff”: Viktor Boyarkin
      • Deripaska’s Strategic Advisor: Georgy Oganov
      • Deripaska’s Role in Russian Active Measures in Montenegro
      • Deripaska’s Involvement in Other Russian Active Measures
      • Deripaska’s Connections to Hacking Operations
    • Konstantin Kilimnik

The section of the Manafort materials dedicated to limitations on SSCI’s investigation makes it clear that it relies, in significant part, on the Mueller Report, with all the limitations on that given Manafort’s obstruction. That said, the SSCI Report scope goes through 2019, so obviously also includes later intelligence reporting for many of the mostly redacted later passages. Yet the SSCI Report includes great swaths of material that appear nowhere in the public Mueller materials — save, perhaps, in the classified supplement referenced in the Team M Report. That includes March 2016 visits — seemingly by both Kilimnik and Deripaska — to the US, as well as something that happened in April 2016 more closely linked to Trump’s campaign.

These vast redactions — going to core issues of the Mueller investigation, such as whether Trump’s own campaign manager and the campaign manager’s life-long rat-fucker friend had a direct role in the hack-and-leak campaign and disinformation injected through the Steele dossier — likely reflect both the redacted sections in the earlier reporting and, more importantly, the classified supplement of the Team M Report.

That all means it was likely that, when Trump fired Jeff Sessions in November 2018, the Mueller team had evidence directly linking Manafort, through Kilimnik and through him to Deripaska, to the hack-and-leak operation.

That may explain why Weissmann wanted to ensure his team captured their findings in the Team M Report.

There Was No Crime Predicating the Durham Investigation

Deep in a NYT piece that suggests but does not conclude that John Durham’s purpose is to feed conspiracy theories, Charlie Savage writes,

Mr. Barr’s mandate to Mr. Durham appears to have been to investigate a series of conspiracy theories.

That’s as close as any traditional media outlet has come to looking at the flimsy predication for Durham’s initial appointment.

Billy Barr, however, has never hidden his goal. In his memoir, he describes returning to government — with an understanding about the Russian investigation gleaned from the propaganda bubble of Fox News, not any firsthand access to the evidence — with a primary purpose of undermining the Russian investigation. He describes having to appoint Durham to investigate what he believed, again based off Fox propaganda, to be a bogus scandal.

I would soon make the difficult decision to go back into government in large part because I saw the way the President’s adversaries had enmeshed the Department of Justice in this phony scandal and were using it to hobble his administration. Once in office, it occupied much of my time for the first six months of my tenure. It was at the heart of my most controversial decisions. Even after dealing with the Mueller report, I still had to launch US Attorney John Durham’s investigation into the genesis of this bogus scandal.

In his shameless excuses for bypassing MLAT to grill foreigners about their role in the investigation, Barr describes “ha[ving] to run down” whether there was anything nefarious about the intelligence allies shared with the US — a rather glorified description for “chasing George Papadopoulos’ conspiracy theories around the globe.”

Durham’s investigation was up and running by the late spring. Pending IG Horowitz’s completion of his review of Crossfire Hurricane, I asked Durham to focus initially on any relevant activities by the CIA, NSA, or friendly foreign intelligence services. One of the more asinine aspects of media coverage about Durham’s investigation was all the heavy breathing during the summer as news seeped out that I had contacts with foreign governments on Durham’s behalf. Various journalists and commentators claimed this indicated that I was personally conducting the investigation and suggested there was something nefarious about my communicating with allied governments about Russiagate. [sic] This coverage was a good example of the kind of partisan nonsense that passes as journalism these days.

One of the questions that had to be run down was whether allied intelligence services had any role in Russiagate [sic] or had any relevant information. One question was whether US officials had asked foreign intelligence services to spy on Americans. Various theories of potential involvement by British, Australian, or Italian intelligence agencies had been raised over the preceding two years. Talking to our allies about these matters was an essential part of the investigation. It should not surprise anyone that a prosecutor cannot just show up on the door- step of a foreign intelligence agency and start asking questions. An introduction and explanation at more senior levels is required. So— gasp!—I contacted the relevant foreign ambassadors, who in turn put me in touch with an appropriate senior official in their country with authority to deal with such matters. These officials quite naturally wanted to hear from me directly about the contours of the investigation and how their information would be protected.

Much later, when Barr claimed that Durham would not lower DOJ standards just to obtain results, Barr again described an investigation launched to “try to get to the bottom of what happened” rather than investigate a potential crime.

I acknowledged that what had happened to President Trump in 2016 was abhorrent and should not happen again. I said that the Durham investigation was trying to get to the bottom of what happened but “cannot be, and it will not be, a tit-for-tat exercise.” I pledged that Durham would adhere to the department’s standards and would not lower them just to get results. I then added a point, meant to temper any expectation that the investigation would necessarily produce any further indictments:

[W]e have to bear in mind [what] the Supreme Court recently re- minded [us] in the “Bridgegate” case—there is a difference between an abuse of power and a federal crime. Not every abuse of power, no matter how outrageous, is necessarily a federal crime.

And then Durham lowered DOJ standards and charged two false statement cases for which he had (and has, in the case of Igor Danchenko) flimsy proof and for which, in the case of Michael Sussmann, he had not tested the defendant’s sworn explanation before charging. Durham further lowered DOJ standards by turning false statement cases into uncharged conspiracies he used to make wild unsubstantiated allegations about a broad network of others.

This entire three year process was launched with no evidence that a crime was committed, and it seems likely that only the Kevin Clinesmith prosecution, which DOJ Inspector General Michael Horowitz handed Durham months after he was appointed as a fait accompli and which could easily have been prosecuted by the DC US Attorney’s Office, provided an excuse to convene a grand jury to start digging in the coffers of Fusion GPS and Perkins Coie.

There was no crime. Durham was never investigating a suspected crime and then, as statutes of limitation started expiring, he hung a conspiracy theory on a claimed false statement for which he had no solid proof. Eight months into Durham repeating those conspiracy theories at every turn — conspiracy theories that Durham admitted would not amount to a crime in any case! — a jury told Durham he had inadequate proof a crime was committed and that the entire thing had been a waste of time and resources.

“The government had the job of proving beyond a reasonable doubt,” she said, declining to give her name. “We broke it down…as a jury. It didn’t pan out in the government’s favor.”

Asked if she thought the prosecution was worthwhile, the foreperson said: “Personally, I don’t think it should have been prosecuted because I think we have better time or resources to use or spend to other things that affect the nation as a whole than a possible lie to the FBI. We could spend that time more wisely.”

Compare that to the Russian investigation, which was started to figure out which Trump associate had advance knowledge of Russia’s criminal hack-and-leak operation and whether they had any criminal exposure in it. Here’s how Peter Strzok described it in his book:

[A]gents often don’t even know the subject of a counterintelligence investigation. They have a term for that: an unknown subject, or UNSUB, which they use when an activity is known but the specific person conducting that activity is not — for instance, when they are aware that Russia is working to undermine our electoral system in concert with a presidential campaign but don’t know exactly who at that campaign Russia might be coordinating with or how many people might be involved.

To understand the challenges of an UNSUB case, consider the following three hypothetical scenarios. In one, a Russian source tells his American handler that, while out drinking at an SVR reunion, he learned that a colleague had just been promoted after a breakthrough recruitment of an American intelligence officer in Bangkok. We don’t know the identity of the recruited American — he or she is an UNSUB. A second scenario: a man and a woman out for a morning run in Washington see a figure toss a package over the fence of the Russian embassy and speed off in a four-door maroon sedan. An UNSUB.

Or consider this third scenario: a young foreign policy adviser to an American presidential campaign boasts to one of our allies that the Russians have offered to help his candidate by releasing damaging information about that candidate’s chief political rival. Who actually received the offer of assistance from the Russians? An UNSUB.


The FFG information about Papadopoulos presented us with a textbook UNSUB case. Who received the alleged offer of assistance from the Russians? Was it Papadopoulos? Perhaps, but not necessarily. We didn’t know about his contacts with Mifsud at the time — all we knew was that he had told the allied government that the Russians had dirt on Clinton and Obama and that they wanted to release it in a way that would help Trump.

The answer, by the way, was that at least two Trump associates had advance knowledge, George Papadopoulos and Roger Stone, and Stone shared his advance knowledge with Rick Gates, Paul Manafort, Steve Bannon, and Donald Trump, among others. By all appearances, DOJ was still investigating whether Stone had criminal exposure tied to his advance knowledge when Barr interfered in that investigation in February 2020, a fact that Barr hid until the day before the 2020 election.

With the Russian investigation, there was a crime: a hack by a hostile nation-state of a Presidential candidate, along with evidence that her opponent at least knew about the related leak campaign in advance. With the Durham investigation, there were only Fox News conspiracy theories and the certainty that Donald Trump shouldn’t be held accountable for encouraging Russia to hack his opponent.

The fact that this entire three year wild goose hunt was started without any predicating crime is all the more ridiculous given Durham’s repeated focus both on the predication of Crossfire Hurricane (in criticizing Horowitz’s report on Carter Page) and the Alfa Bank inquiry (during the Sussmann trial). John Durham, appointed to investigate conspiracy theories, deigns to lecture others about appropriate predication.

And that’s undoubtedly why, in the face of this humiliating result for Durham, Billy Barr is outright lying about what Durham’s uncharged conspiracy theories revealed about the predication of the Russian investigation.

He and his team did an exceptionally able job, both digging out very important facts and presenting a compelling case to the jury. And the fact that he … well, he did not succeed in getting a conviction from the DC jury, I think he accomplished something far more important, which is he brought out the truth in two important areas. First, I think he crystalized the central role played by the Hillary campaign in launching — as a dirty trick — the whole RussiaGate [sic] collusion [sic] narrative and fanning the flames of it, and second, I think, he exposed really dreadful behavior by the supervisors in the FBI, the senior ranks of the FBI, who knowingly used this information to start an investigation of Trump and then duped their own agents by lying to them and refusing to tell them what the real source of that information was.

That’s not what the trial showed, of course. Every witness who was asked about the centrality of the Alfa Bank allegations responded that there were so many other ties between Trump and Russia that the Alfa Bank allegations didn’t much stick out. Here’s how Robby Mook described it in questioning by Michael Bosworth.

[I]t was one of many pieces of information we had. And, in fact, every day, you know, Donald Trump was saying things about Putin and saying things about Russia. So this was a constituent piece of information among many pieces of information, and I don’t think we saw it as this silver bullet that was going to conclude the campaign and, you know, determine the outcome, no.

Q. There were a lot of Trump/Russia issues you were focused on?

A. Correct.

Q. And this was one of many?

A. Correct.

In response to questioning by Sean Berkowitz, Marc Elias traced the increased focus on Russia to Trump’s own request for Russia to hack Hillary.

Q. Let’s take a look — let me ask a different question. At some point in the summer of 2016, did Candidate Trump make any statements publicly about the hack?

A. Yes.

Q. What do you recall him saying and when?

A. There was a publication of emails, of DNC emails, in the days leading up to the Democratic National Convention. And it was in my opinion at the time clearly an effort by Russia to ruin what is the one clean shot that candidates get to talk to the American public. Right? The networks give you free coverage for your convention. And in the days before the convention, there was a major leak. And rather than doing what any decent human being might do and condemn it, Donald Trump said: I hope Russia is listening and, if so, will find the 30,000 Hillary Clinton emails that he believed existed and release them. That’s what I remember.

Q. Did you feel the campaign was under attack, sir?

A. We absolutely were under attack.

Q. And in connection with that, were there suggestions or possibilities at least in your mind and in the campaign’s mind that there could be a connection between Russia and Trump?

A. Again, this is, you know — this was public — Donald Trump — you know, the Republican Party historically has been very anti-Russia. Ronald Reagan was like the most anti-communist, the most anti-Soviet Union president.

And all of a sudden you had this guy who becomes the nominee; and they change the Russian National Committee platform to become pro-Russian and he has all these kind things to say about Putin. And then he makes this statement.

And in the meantime, he has hired, you know, Paul Manafort, who is, you know, I think had some ties to — I don’t recall anymore, but it was some pro-Russia thing in Ukraine.

So yeah. I thought that there were — I thought it was plausible. I didn’t know, but I thought it was an unusual set of circumstances and I thought it was plausible that Donald Trump had relations with — through his company with Russia.

Democrats didn’t gin up the focus on Trump’s ties to Russia, Trump’s own begging for more hacking did.

The trial also showed that this wasn’t an investigation into Trump. Rather, it was opened as an investigation into Kirkland & Ellis client Alfa Bank, which FBI believed had ties to Russian intelligence.

The investigation even considered whether Alfa Bank was victimizing Trump Organization.

Barr is similarly lying about whether supervisors revealed the source(s) of this information and what it was.

The source for the allegations was not Hillary, but researchers. And the trial presented repeated testimony that David Dagon’s role as one source of the allegations being shared with investigative agents. That detail was not hidden, but agents nevertheless never interviewed Dagon.

And even the purported tie to the Democrats was not well hidden. Indeed, the trial evidence shows that the FBI believed the DNC to be the source of the allegations, and that detail leaked down to various agents — including the two cyber agents, Nate Batty and Scott Hellman, whose shoddy analysis encouraged all other agents to dismiss the allegations — via various means.

Andrew DeFilippis made great efforts (efforts that lowered DOJ standards) to claim differently, but the evidence that key investigators assumed this was a DNC tip was fairly strong.

Three years after launching an investigation into conspiracy theories, Barr is left lying, claiming he found the result he set out to find three years ago. But the evidence — and the jury’s verdict — proves him wrong.

For years, Durham has been seeking proof that the predication of the Russian investigation was faulty. The only crime he has proven in the interim is that his own investigation was predicated on Fox News conspiracy theories.

The Visibility of FBI’s Close Hold: John Durham Will Blame Michael Sussmann that FBI Told Alfa Bank They Were Investigating

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs of transcripts. But if you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations. This coverage reflects the culmination of eight months work. 

According to an exchange at the end of they day yesterday, John Durham’s team plans to introduce “a hundred” exhibits through their paralegal acting as a summary witness today.

My understanding is that the defense objects to the PowerPoint presentation style of the process. But, again, we think it just streamlines it in terms of — the alternative is to have to put literally a hundred exhibits in through Ms. Arsenault one at a time.

Given the exhibits from Monday, I assume Durham will throw a bunch of Fusion documents at the jury in an attempt to insinuate, once again, that Michael Sussmann shared with the press that the FBI was investigating the Alfa Bank anomaly.

The coming onslaught of Fusion documents

I say that because Mark Hosenball wrote the FBI for comment at 1:33PM on October 5, 2016, attaching the Mediafire package, asking for comment and noting that, “it has been suggested to me that this information and scenario is under careful investigation by the FBI.”

Hosenball’s email to the FBI puts it right at the beginning (in red, below) of the known universe of Fusion emails we’ve seen from that day, the timestamps of which Durham has repeatedly tried to obscure. (Maybe while paralegal Kori Arsenault is on the stand, Sussmann’s team can ask her why Durham’s exhibits misleadingly don’t correct for UTC.)

That said, there’s still a Hosenball email unaccounted for in which he shared one of the publicly available links to Tea Leaves packaged data. It’s quite possible that email precedes Seago’s question to Fritsch, which is currently the earliest email in the list, asking whether one of the i2p sites hosting the data was safe. See this post for background.

5:23PM (likely 1:23?): Seago to Fritsch, Is this safe?

1:31PM: [not included] Fritsch to Hosenball email with Alfa Group overview

1:32PM: Fritsch sends Isikoff the September 1, 2016 Alfa Group overview (full report included in unsealed exhibit)

1:33PM: Hosenball to FBI, “careful investigation by the FBI”

1:33PM [not included] Fritsch to Hosenball, “that memo is OTR — tho all open source”

1:35/1:36PM: Hosenball replies, “yep got it, but is that from you all or from the outside computer experts?”

1:37PM: Fritsch responds,

the DNS stuff? not us at all

outside computer experts

we did put up an alfa memo unrelated to all this

1:38PM: [not included] Hosenball to Fritsch:

is the alfa attachment you just sent me experts or yours ? also is there additional data posted by the experts ? all I have found is the summary I sent you and a chart… [my emphasis]

1:41PM: [not included] Fritsch to Hosenball:

alfa was something we did unrelated to this. i sent you what we have BUT it gives you a tutanota address to leave questions.  1. Leave questions at: [email protected]

1:41PM: [not included] Hosenball to Fritsch:

yes I have emailed tuta and they have responded but haven’t sent me any new links yet. but I am pressing. but have you downloaded more data from them ?

1:43PM: [not included] Fritsch to Hosenball, “no”

1:44PM: Fritsch to Lichtblau:

fyi found this published on web … and downloaded it. super interesting in context of our discussions

[mediafire link] [my emphasis]

2:23PM: [not included] Lichtblau to Fritsch, “thanks. where did this come from?”

2:27PM: [not included] Hosenball to Fritsch:

tuta sent me this guidance


Since I am technically hopeless I have asked our techie person to try to get into this. But here is the raw info in case you get there first. Chrs mh

2:32PM: Fritsch to Lichtblau:

no idea. our tech maven says it was first posted via reddit. i see it has a tutanota contact — so someone anonymous and encrypted. so it’s either someone real who has real info or one of donald’s 400 pounders. the de vos stuff looks rank to me … weird

6:33PM (likely 2:33PM): Fwd Alfa Fritsch to Seago

6:57PM (like 2:57PM): Re alfa Seago to Fritsch

7:02PM (likely 3:02): Re alfa Seago to Fritsch

3:27PM: [not included] Fritsch to Hosenball cc Simpson: “All same stuff”

3:58PM: [not included] Hosenball to Fritsch, asking, “so the trumpies just sent me the explanation below; how do I get behind it?”

4:28PM: [not included] Fritsch to Hosenball, “not easily, alas”

4:32PM: Fritsch to Hosenball, cc Simpson:

Though first step is to send that explanation to the source who posted this stuff. I understand the trump explanations can be refuted.

So I assume that Durham will argue that Fusion must have passed on the information that the FBI was investigating — and they may have! (though none of the currently public emails reflect that — and suggest that was all part of Michael Sussmann’s devious plan on September 19.

When, under threat of prosecution, an attempt to prevent politicization turns into an attempt to hide political bias

That’s where things will get interesting. One key dispute in this case is why one keeps secrets. Durham wants to argue that keeping secrets can only serve a political purpose.

Sussmann will argue that keeping secrets facilitates national security interests.

Sussmann will show that everyone at the FBI recognized the value, to the FBI, of stalling a newspaper article about a potentially important threat so the FBI could covertly investigate it. All the more so during election season when — investigation after investigation into the Russian investigation has shown — the FBI was, if anything, being too careful in an attempt to avoid impacting Trump’s political fortunes, even while Jim Comey was tanking Hillary’s campaign. According to Sussmann’s own sworn testimony — testimony that Durham didn’t bother testing before charging Sussmann — allowing the FBI the opportunity to do that was the reason Sussmann shared the Alfa Bank anomaly with the FBI. Durham wants to imprison Sussmann for giving the FBI that heads up, arguing that because he hid his purported clients, it led the FBI to open a Full Investigation more quickly than they otherwise would have (even though, as Sussmann’s team has demonstrated, the FBI did nothing that would have required a Full Investigation in the short period during which they investigated).

A key part of that story Durham wants to tell — needs to tell, given all the evidence that the FBI perceived this to be a DNC-related tip — is that some of his key villains were attempting to hide the perceived political nature of the tip, rather than ensuring the integrity of the investigation itself (or possibly, but I’m still working on this, protecting the identity of a CHS).

Central to that narrative is the changing testimony of FBI Agent Ryan Gaynor — his stated reasons for refusing to let the case agents in Chicago interview either Sussmann or Georgia Tech professor David Dagon. In an interview on October 30, 2020 (a week after Durham had been granted Special Counsel status), Gaynor explained that he had intervened to make sure agents couldn’t conduct interviews that would have led to a more robust investigation to ensure the integrity of the investigation.

Q. Okay. So you remember telling the government that you believed that the agents in Chicago would have been biased by Mr. Sussmann’s perception of the issue — the source’s perception of the issue if they had interviewed him before they got all of the data and analyzed it?

A. Yes.

Q. Okay. And that’s because, at the time, you believed the DNC was the source of the information itself. Right?

A. That’s because, at the time, I believed that he was a DNC attorney associated with the Democratic party and it would be potentially highly-biasing information.

Q. And you told the government, if you had provided the identity of the DNC as the source of the information, they would have known there was possible political motivation. rignt?

A. I recall that exact statement.

Shortly after he gave this testimony, prosecutors took a break, and told his lawyer they were moving towards treating Gaynor as a subject of, rather than just a witness in, the investigation.

Q. Okay. Well, at or around the time you were talking about passing along the source’s name or not, you took a break in the meeting. Do you remember taking breaks during the meeting?

A. I do.

Q. And do you remember when you broke at that point that the government told your attorney that your own status in the investigation had changed. Do you remember hearing that?

A. So I didn’t hear that, but when my attorney came back in, he advised me that my status was in jeopardy.

After that, Gaynor went back, looked at two sets of scribbled notes (Gaynor, because he remains at FBI, was able to review his notes, unlike a number of other Durham witnesses), and decided that now that he thought about it, Jonathan Moffa had actually instructed him to keep a close hold on Sussmann’s identity. It wasn’t his decision anymore, it was Moffa’s, and the dastardly Peter Strzok was in on it. Once Gaynor testified that way, he became a — to Andew DeFilippis, anyway — credible witness again.

Q. Okay. And when you told the government there was a close hold, were you told that your status changed back to being a witness?

A. At the conclusion of the interview, once I had gone over all of the material that I brought and walked through what I had reconstructed and what I could recollect after doing so, I was informed that my status had changed, yes.

Q. Changed back to being a witness?

A. To a witness, yes.

Q. So you go into meeting one being told you are a witness, telling them you decided not to share the agents’ names among other things. Then you are told you are a subject facing criminal charges, potentially. You come back. You tell them about a close hold, and you go back to being a witness; is that right?

Politico may have been the only outlet that described this fairly shocking testimony.

These conflicting claims about the purported reasons to keep Sussmann’s identity (as opposed to the investigation itself) a secret are important background to that Hosenball email on October 5, which I suspect Durham will use to claim that the Democrats were leaking about the investigation.

Starting almost immediately after getting the investigation, Chicago case agents started asking to interview the source, variously defined to be either Sussmann or the person who wrote the white paper. Gaynor kept pushing the agents to go review the logs again — though the file memorializing the contents of what it describes as a single thumb drive (Sussmann shared two) was not written up until October 4. But then, by October 5 (the same day that Hosenball asked the FBI for comment, albeit this report comes in four hours later), FBI had learned from one of their confidential human sources that David Dagon had a role in the white paper and he — and the FBI’s own source! — would be going public pushing the credibility of the allegations.

In that email, newbie agent Allison Sands explained that they were going to contact Dagon.

So, among other things, on the same day Hosenball writes in reflecting an awareness that there was an ongoing investigation, the FBI hears from a CHS who says he or she has already been talking with David Dagon and was going public backing the claims (though this source was speaking to the WaPo, not Reuters).

Note that, as of that date, the FBI still hadn’t received logs from Listrak.

By the time Allison Sands wrote that email, it appears from Lync messages that like others probably haven’t been noticed to reflect UTC time zone, had already contacted Rodney Joffe’s handler to contact Dagon.

Fun with missing Bates stamps

Side note. There are actually two versions of the notes that purportedly caused Gaynor to change his mind about there being a close hold and on what source that close hold was on. There’s Defense Exhibit 524, which has a slew of Bates stamps, and 7 redactions.

And then there’s a page from Government Exhibit 279, which appears between a page with Bates stamp SC-6454 and one with Bates stamp SC-6456, which has no Bates stamp at all (and lacks the protective order stamp that appears on the other pages of the exhibit).

That version of the exhibit has just four redactions, one of which is smaller. The unredacted bits on the exhibit reveal discussions of the informant and recognition that the statements of the informant “likely triggered” the press attention.

Incidentally, Durham’s team took an entire day to upload this set of exhibits. I’m wondering if the exhibit that was viewed by Gaynor and entered into evidence actually looked like this one does.

Calling the agent of a foreign agent to ask for comment

There’s one other thing going on. On the stand, Gaynor spent a great deal of time explaining about how important it was to hide an investigation — particularly from anyone who might have a partisan interest — during an election.

Except for all the talk of a close hold, the FBI wasn’t holding this very close. They were stomping around to a bunch of sources asking for data logs, even before they had checked what was on (one of) the thumb drives that Sussmann had dropped off. They fairly demonstrably were stomping around before they understood what they should be looking for.

They also were calling Mandiant, which was working for Alfa Bank, which by October 19 when they were formally interviewed discovered Alfa Bank had no logs, but which knew of the investigation by October 5.

Q. Uh-huh. You testified about the reasons why you’d want to keep it covert, you wouldn’t want to do anything that could affect the election so close to the election. Right?

A. Yes.

Q. The FBI, as part of the Alfa-Bank investigation, talked to a number of different individuals outside of the FBI to acquire information, to get you information so that you could investigate the allegations. Right?

A. Yes.

Q. Okay. You spoke to people at Central Dynamics?

A. Yes, and I believe the investigative team documented in the email that I saw that they had done it in a manner to attempt to avoid it outing the allegation.


A. I’m sorry?

Q. And how is that that they could conduct an interview with a third party in a way that the third party wouldn’t tell other people about it?

A. They described it in a manner that they had obfuscated what their direct interest was.

Q. So from the Central Dynamics’ perspective, they didn’t know what you were looking at?

A. That is what I had in the email chain, yes. n

Q. But you testified that the FBI interviewed Mandiant as part of the investigation. Correct?

A. Yes. My understanding there is that was a private liaison relationship that occurred.

Q. Mandiant — just to be clear — Alfa-Bank itself hired Mandiant to analyze whether there was a secret communications channel. Correct?

A. Yes.

Q. So Alfa-Bank paid Mandiant to look into whether there was a secret communications channel. Right?

A. Yes.

Q. And Alfa-Bank obviously had a relationship with Mandiant that was put at issue by hiring Mandiant. Right?

A. Yes.

Q. Okay. So the FBI went to Alfa-Bank’s paid consultant and asked them for their view on the allegation. Correct?

A. I believe the FBI had a prior relationship with one of the employees, and they utilized that in the field. Plus, I don’t think the Bureau would violate policy on a sensitive investigative matter when the Chief Division Counsel of the office is involved. So I would assume that they did that in a manner that they did not feel would be alerting or go to the media.

Q. Mr. Gaynor, the FBI in this investigation went to Alfa-Bank’s paid consultant and asked them for their views of the allegations. correct?

A. Yes.

Q. And Alfa-Bank’s paid consultant could have told Alfa-Bank. Correct?

A. Yes.

Q. And could have told the press for all you know. Correct?

A. Yes. And I don’t know how Chicago mitigated that.

Q. And is it your testimony that going to Alfa-Bank, the Russian bank that is the focus of this investigation, and asking their paid consultant for their views on the matter wasn’t going to overt?

A. Again, I don’t know how Chicago mitigated that issue.


Q. Did you ever have a conversation with anybody at headquarters about whether to provide the names of the source to the Chicago agents?

A. Yes. There was a conversation about the close hold, as I mentioned, although it wasn’t correctly, I guess, documented between Pete Strzok, myself and Mr. Moffa at some point during that time period.


Q. And the reason that you say no one talked to him is because, as of that point, October 6th, you had already concluded that there was nothing to these allegations. Right?

A. As of October 5th, evening of October 5th, we had come to a pretty solid conclusion that these allegations did not have merit and there wasn’t a national security threat.

Q. Are you aware that the agents first interviewed Alfa-Bank’s paid consultant, Mandiant, merely two weeks later on October 19th?

A. So I’m aware that we had information from Mandiant as of October 5th that they had looked at this allegation and found that it didn’t have merit. And then I’m also aware that there was an interview that was conducted later, October 19th or so, when I was made aware of it, yes.

A text between Allison Sands and Scott Hellman reflects the FBI had contact with Alfa Bank by October 4.

It appears that contact occurred in London — a place where Mark Hosenball has strong source ties since the time in 1976 when he got expelled for reporting on Northern Ireland.

In other words, Gaynor’s currently operative stance is that case agents couldn’t contact David Dagon — much less Rodney Joffe, who had business ties with the FBI — to find out what was going on, because that would present a conflict.

But it was okay for the FBI to contact the agent of the subject of the investigation overtly.

Agent Gaynor belatedly rediscovers the Mediafire package

Incidentally, when that original request for comment from Hosenball came in, it got transferred to people in the cyber division, then shared with the investigative team. In response, the senior-most person on that team sent it to Peter Strzok. Strzok forwarded it, at 3:02 on October 5, to Ryan Gaynor.

On October 13, just over a week after he had originally received it, Gaynor sent the Mediafire package to the case team, noting that the observations in it reflected actions taken in response to their investigation, but asking for their technical opinion.

He included Moffa and Joe Pientka on that email.

But not Strzok, who knew he had received it 8 days earlier.


Scene-Setter for the Sussmann Trial, Part One: The Elements of the Offense

Scene-Setter for the Sussmann Trial, Part Two: The Witnesses

The Founding Fantasy of Durham’s Prosecution of Michael Sussmann: Hillary’s Successful October Surprise

With a Much-Anticipated Fusion GPS Witness, Andrew DeFilippis Bangs the Table

John Durham’s Lies with Metadata

emptywheel’s Continuing Obsession with Sticky Notes, Michael Sussmann Trial Edition

Brittain Shaw’s Privileged Attempt to Misrepresent Eric Lichtblau’s Privilege

The Methodology of Andrew DeFilippis’ Elaborate Plot to Break Judge Cooper’s Rules

Jim Baker’s Tweet and the Recidivist Foreign Influence Cheater

That Clinton Tweet Could Lead To a Mistrial (or Reversal on Appeal)

John Durham Is Prosecuting Michael Sussmann for Sharing a Tip on Now-Sanctioned Alfa Bank

Apprehension and Dread with Bates Stamps: The Case of Jim Baker’s Missing Jencks Production

Technical Exhibits, Michael Sussmann Trial

Jim Baker’s “Doctored” Memory Forgot the Meeting He Had Immediately After His Michael Sussmann Meeting

The FBI Believed Michael Sussmann Was Working for the DNC … Until Andrew DeFilippis Coached Them to Believe Otherwise

The FBI Believed Michael Sussmann Was Working for the DNC … Until Andrew DeFilippis Coached Them to Believe Otherwise

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs of transcripts. But if you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations. This coverage reflects the culmination of eight months work. 

There’s accumulating evidence that at least some people — including some key decision-makers — believed the FBI believed that the Alfa Bank tip came from the DNC — and that Andrew DeFilippis has engaged in a lot of coaching to try to make that evidence go away.

The first time FBI Agent Ryan Gaynor testified to John Durham about the investigation into the Alfa Bank anomaly in October 2020, he told prosecutors that the DNC was the source of the allegation.

Q. Okay. So in your first meeting with the government, you — this is October of 2020, correct?

A. Yes.

Q. You told them multiple times that you believed that the Democratic National Committee was the source of the allegations of connections between Alfa-Bank and Russia, correct?

A. Correct, which was wrong.

Q. Okay. But you said that you thought the Democratic party itself was who provided the information, correct?

A. I did say that in the meeting.

That’s even what he has written down in a briefing document he kept in Fall 2016.

At the end of that October 2020 interview, prosecutors threatened Gaynor with prosecution.

His more recent testimony, starting for the first time on May 13, was that Sussmann was representing himself. The reason he now remembers that to be true goes to the heart of Durham’s materiality: it would have mattered if Sussmann was representing the DNC, so he must have been representing himself.

Q. Okay. I want to ask you, first, about testimony that you gave today where you said that when Mr. Moffa told you that Mr. Sussmann was a DNC attorney, you said, “I understood that to mean that he had been affiliated with the Democratic party but that he had come representing himself on the Alfa-Bank allegations.” Do you remember giving that testimony?

A. That was my take-away.

Q. And you gave that testimony that I just read?

A. Yes; that he was a DNC attorney, but that my take-away from that discussion was that he wasn’t there representing the DNC.

Q. When you were asked, “When Mr. Moffa said Mr. Sussmann was an attorney for the DNC, what impression did you come away with?” what did you understand that to mean? And your answer was: “I understood that to mean that he had been affiliated with the Democratic party, but that he had come representing himself,” right?

A. So he’s affiliated with the Democratic party because he was a DNC attorney.

Q. And your impression was he had come representing himself?

A. My take-away from that meeting, what I recall, is that I did not believe that he was there representing the DNC specifically because, had he been, that would have been information that would have impacted it.

This is a tautology: If Sussmann had been representing the DNC it would have mattered so it must be the case that Gaynor believed he was not representing the DNC. It also happens to be the central argument of DeFilippis’ materiality claim.

Meanwhile, Scott Hellman — Durham’s star cyber witness — received a text from his boss, Nate Batty (with whom he compared notes before his first interview with Durham), referring to the white paper as a “DNC report” on September 21, 2016, two days after Jim Baker received the materials.

Michael Sussmann lawyer Sean Berkowitz asked Hellman about that the other day. At first, Hellman expressed surprise about that text.

Q. All right. And then, with respect to Stranahan, he asks you and Nate to write a report about the — write a summary of the DNC report. Correct? That’s what it says?

A. That’s what it says in this chat, yes.

Q. And did you understand, sir, that the information had come from a DNC, meaning Democratic National Committee, source?

A. I did not understand that, no.

Q. Did you know what Nate Batty knew about it?

A. I don’t think he knew anything about it.

Q. Did you call up Tim and say, what a second. This is a DNC report? That’s political motivation.

A. No.

Q. Didn’t do anything or it didn’t occur to you?

A. The first time I saw this was two years ago when I was being interviewed by Mr. DeFilippis, and I don’t recall ever seeing it. I never had any recollection of this information coming from the DNC. I don’t remember DNC being a part of anything that we read or discussed.

Q. Okay. When you say, the first time you saw it was two years ago when you met with Mr. DeFilippis, that’s not accurate. Right? You saw it on September 21st, 2016. Correct?

A. It’s in there. I don’t have any memory of seeing it.

Later in Berkowitz’ cross-examination he returned to the text. He asked how it could be that a white paper from a DNC lawyer could be referred to as a DNC report.

Q. And although you were surprised to see it today, it appears that at least somebody, such as Mr. Batty was aware and you were aware that somebody was calling this white paper a DNC report. Correct?

A. I was not aware that anybody was calling it a DNC report, and I don’t believe Mr. Batty knew that either.

Q. But you saw the link message. Right?

A. I did see the link message, yes.

Berkowitz asked Hellman how it could be that he would see a reference to a DNC report and not take from that it was a DNC report. Hellman describes “the only explanation that … was discussed” — which is that it was a typo.

Q. What’s your explanation for it?

A. I have no recollection of seeing that link message. And there is — have absolutely no belief that either me or Agent Batty knew where that data was coming from, let alone that it was coming from DNC. The only explanation that popped or was discussed was that it could have been a typo and somebody was trying to refer to DNS instead of DNC.

Q. So you think it was a typo?

A. I don’t know.

Q. When you said the only one suggesting it — isn’t it true that it was Mr. DeFilippis that suggested to you that it might have been a typo recently?

A. That’s correct.

Q. Okay. You didn’t think that at the time. Right?

A. I did not. I had never seen it or had any memory of seeing it ever before it was put in front of me.

With some prodding, Hellman admitted that when he referred to “discussing explanations,” he meant doing so with Andrew DeFilippis. This exchange was, quite literally, Berkowitz eliciting Hellman to provide an answer that DeFilippis thought up — one necessary to sustain DeFilippis’ narrative — without, at first, admitting it was DeFilippis’ opinion of what the truth must be.

So after DeFilippis threatened Gaynor with prosecution, he came to remember something other than what the note, tying the white paper to DNC lawyer Michael Sussmann, that he used to “refresh his memory” said.

And when faced with the possibility, two years or maybe six after the fact, that Scott Hellman’s epically shitty analysis of the white paper could have been influenced by being told that it was a DNC white paper, Hellman offered up the explanation that DeFilippis offered him.

At least twice, then, under coaching from Durham’s lead prosecutor, key witnesses have come to believe something other than what the documentary evidence suggests.

The fact that DeFilippis has twice coached witnesses to deny any understanding at FBI that this was a DNC tip — whether it was a DNC tip or not — is really telling. That’s because DeFilippis has to try to pitch a nearly unsustainable position: how his single witness to Sussmann’s alleged crime, Jim Baker, can in 2016 have told Bill Priestap the following:

Q. I think you testified yesterday that by this time you were at least generally aware that Mr. Sussmann represented the DNC in connection with hacks; is that right?

A. That’s correct.

Q. And what, if anything, did you say to Mr. Priestap about that?

A. I think I told him like, okay, this is who Michael is. He’s represented the Democratic party in the Russian hack that we were also investigating and/or the Hillary Clinton Campaign. So just, again, to orient Bill to who Michael was. I mean, that’s a serious credential in terms of being a cyber security expert. And then to explain: But in this case he said he’s not appearing on behalf of them. In this case he’s coming in as a good citizen.

And then, in 2018, have told Jim Jordan the following:

Q. Mr. Jordan then says: “And he was representing a client when he brought this information to you or just out of the goodness of his heart? Someone gave it to him and he brought it to you?”

A. In that first interaction, I don’t remember him specifically saying that he was acting on behalf of a particular client.

Q. Did you know at the time that he was representing the DNC in the Clinton campaign?

A. I can’t remember. I had learned that at some point. I don’t, as I said — as I think I n said last time, I don’t specifically remember when I learned that — excuse me — so I don’t know that I had that in my head when he showed up in my office. I just can’t remember.

Q. Did you learn that shortly thereafter if you didn’t know it at the time?

And then testify last week this way.

Q. Okay. Number two, did you know on the September 19th, 2016 meeting that Mr. Sussmann had been representing Hillary For America’s campaign and the DNC in connection with the hack investigation. Did you know that on September 19th when he met with you?

A. Sitting here today, I think the answer is, yes, I did know that by that point in time.

Q. I’ve written down, “yes, DNC and HFA and hack”. I want to be really clear. You’re not saying that he said that in the meeting. correct?

A. Correct.

Q. And you’re not saying he said he was there on behalf of them? You’re just saying that in your mind you knew that he had been acting as a lawyer for those two entities in connection with the hack. Correct?

It’s not just a question of whether Baker will be a credible witness, though his wildly changing claims about the DNC are among the reasons why his testimony is not credible.

It’s also that Durham wants to point to Sussmann’s failure, a year earlier in a Congressional hearing, to offer up his ties with the Democrats as proof he was lying. But Durham is treating Baker’s failure to do so in the same situation as an innocent mistake. For his single witness to be credible, DeFilippis has to find a way to excuse Baker’s failure to offer that up in a far more direct question while pointing to Sussmann’s failure to offer it up as proof of guilt.

He has to do so to defend his prosecutorial decisions, too. Given how much stake DeFilippis has placed on Baker sharing with Priestap that he knew Sussmann represented the Democrats, it makes it far less credible that Baker didn’t knowingly lie to Jordan. Especially given the way Baker responded to a Berkowitz question, suggesting that perhaps he hadn’t been truthful with Jordan, but instead was “careful.”

Q. And when you gave voluntary information to Congress, you understood that you were under oath?

A. I don’t think I was under oath, but I understood that it’s a crime to make false statements to Congress.

Q. So you tried to be as careful as you could. Correct?

A. I tried to be as careful as I could in that environment, yes, sir.

Q. You tried to be as truthful as you could?

A. (No response)

Q. Tried to be as truthful as you could?

A. Yes, sir.

Sussmann’s team is going to argue that there are a long list of people against whom there is far better evidence for false statements or perjury charges than him, with the single difference being that the other people were willing to tell the storytale DeFilippis is using prosecutorial resources to tell. And the first person on that list — it makes me sick to my stomach to say — is Jim Baker.

Finally, it’s a matter of materiality. DeFilippis has to find a way for it to be the case that his single witness knew when he met with Sussmann that Sussmann was a DNC lawyer (because Bill Priestap’s notes reflect that), but didn’t view that to be material to everything that happened next.

And the only way to sustain that rickety narrative is to ensure that no one else — not even the people using documentary proof reflecting a belief that this was a DNC report to refresh faded memories — understood that the white paper came from the DNC.

Thus far, Sussmann’s cross-examination has elicited evidence that at least three witnesses changed their testimony after interviews with DeFilippis, adopting a “memory” that conflicts with the documentary record with regards to whether the FBI believed the white paper to be associated with the DNC.


Scene-Setter for the Sussmann Trial, Part One: The Elements of the Offense

Scene-Setter for the Sussmann Trial, Part Two: The Witnesses

The Founding Fantasy of Durham’s Prosecution of Michael Sussmann: Hillary’s Successful October Surprise

With a Much-Anticipated Fusion GPS Witness, Andrew DeFilippis Bangs the Table

John Durham’s Lies with Metadata

emptywheel’s Continuing Obsession with Sticky Notes, Michael Sussmann Trial Edition

Brittain Shaw’s Privileged Attempt to Misrepresent Eric Lichtblau’s Privilege

The Methodology of Andrew DeFilippis’ Elaborate Plot to Break Judge Cooper’s Rules

Jim Baker’s Tweet and the Recidivist Foreign Influence Cheater

That Clinton Tweet Could Lead To a Mistrial (or Reversal on Appeal)

John Durham Is Prosecuting Michael Sussmann for Sharing a Tip on Now-Sanctioned Alfa Bank

Apprehension and Dread with Bates Stamps: The Case of Jim Baker’s Missing Jencks Production

Technical Exhibits, Michael Sussmann Trial

Jim Baker’s “Doctored” Memory Forgot the Meeting He Had Immediately After His Michael Sussmann Meeting

Apprehension and Dread with Bates Stamps: The Case of Jim Baker’s Missing Jencks Production

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs of transcripts. But if you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations. This coverage reflects the culmination of eight months work. 

I’ve done a couple of posts showing how much fun one can have with Bates stamps — the serial numbers stamped onto every page of discovery that tells you a little bit about how any document was treated. In this post, for example, I showed that when John Durham accidentally-on-purpose released an exhibit with a bunch of Fusion GPS documents, he wasn’t doing so primarily to get them admitted at trial, because he had no intention of using most of them at trial. In this post, I showed that Durham hadn’t looked at key investigative documents that Michael Horowitz had relied upon in the Inspector General investigation into Crossfire Hurricane before Durham claimed he knew better than Horowitz about the predication of the Russian investigation. As of now, by the way, Horowitz is on the schedule to be a witness for Michael Sussmann. Ostensibly he’ll just talk about how valuable an anonymous tip that Sussmann once shared on behalf of Rodney Joffe proved to be, but who knows whether he’ll get a question about comments Durham has made about knowing better than Horowitz about things he hadn’t done the work to understand?

This post about Bates stamps won’t be so fun. It fills me with dread.

In this post and these two threads (Thursday nightFriday morning), I tried to summarize the Greek tragedy of Sussmann lawyer Sean Berkowitz’ cross-examination of Jim Baker. The short version of it is that these two men, men who used to be friends, are stuck in some nightmare Hunger Games created by a right wing mob led by Donald Trump. After years of being dragged through the mud because they dared to try to protect the United States from Russia in 2016, the survival of each depends on taking out the other. Jim Baker only avoids prosecution if he adheres obediently to John Durham’s internally contradictory script. Sussmann only gets his life back if he takes Baker out. While just Sussmann’s lawyer, Sean Berkowitz, and Jim Baker appear on this stage, it’s quite clear that Durham and DeFilippis set it.

Berkowitz started by quoting Baker’s explanation, from his earlier testimony, for why he had never searched his own files for texts with Sussmann.

Q. It’s your investigation, you said. I’m just here to answer the questions. Right? It’s Mr. DeFilippis’ investigation. You’re just here to answer the questions. Is what you said?

The context of that statement, from Andrew DeFilippis’ direct questioning of Baker, is crucial to understanding what follows.

The comment was Baker’s explanation to Durham’s lead prosecutor for why he only found a September 18, 2016 text from Michael Sussmann in March of 2022, almost six months after an entire indictment had been built around what Sussmann had said, instead, on September 19. As teed up by DeFilippis, Baker went looking for and found that text because Durham was just trying to comply with Jencks obligations, the requirement that prosecutors provide the prior statements of government witnesses in their possession to defendants.

Q. Are you familiar with the concept of Jencks materials or 3500 materials?

A. Yes.


A. Correct. Yes. It’s an act of Congress that requires that — the reference to 3500 is a section in the U.S. Code.

Q. So did there come a time when you were asked by the Government to give any statements you might have on the subject of your testimony today?

A. Yes.

Q. And just tell us how that happened and then what you did in response.

A. There was a phone call with the Government. I think it was in March of this year. And it was to discuss discovery-related matters in part in the conversation. And I think it was Mr. Durham who asked me, you know: You need — we have an obligation to hand over discovery to the defense in this case. And can you go look for emails and other communications that you might have had with Mr. Sussmann?

And so in response to that, I — after we got off the phone, I immediately went to my phone and started looking through emails and then I looked for texts. And I did a search for texts with Michael’s last name; and texts came up, and I scrolled through them. They took a while to down — it was clear to me at least that they were downloading from the cloud.

And as I scrolled through and got to the beginning of my set of communications with Michael, this is the first one that I had.

Q. Now, had you — have you spoken to and met with the Government in connection with this case previously?

A. Yes.

Q. And had you previously located this text message here?

A. Not to the best of my recollection. No.

Q. What, if anything, was the reason for that?

A. It’s — I was not — I mean, the way I thought about it was that frankly, like, I am not out to get Michael. And this is not my investigation; this is your investigation. And so if you ask me a question, I answer it. If you ask me to look for something, I go look for it. But to the best of my recollection, nobody had asked me to go look for this material before that. [my emphasis]

Nobody had ever asked him to go look for evidence in his own possession related to the defendant against whom he was the key witness before, Baker testified. There’s a lot that’s unsaid — and batshit crazy — about this. One is that Durham only asked for communications directly with Sussmann, at least as Baker described events that happened just a few months ago.

Anyway, that was Durham’s explanation for how this text got shared with the government in March, six months after Durham had charged Sussmann for lying to hide what Durham imagines were Sussmann’s self-interests in a meeting with Baker on September 19, 2016. And by Baker’s telling, this belated request wasn’t just an example of DeFilippis trying to cover up his past incompetence (again). Durham was personally involved in this.

The only Bates stamp on this exhibit looks like this:

As you can see from Sussmann’s challenges to Durham’s exhibits submitted earlier this month, SCO-###### is one of two standard Bates stamps that Durham uses, the other being SC-########. Note both have a dash.

I knew as soon as I read the transcript that DeFilippis’ suggestion that this was about Jencks was intentionally misleading. Almost certainly, Durham found this text because they were still trying to comply with Sussmann’s demands, first made immediately after the indictment and then over and over after that, that prosecutors find  the communications about Sussmann’s role in killing a NYT story that he knew must exist. Besides, Jencks is an obligation to turn over statements about an investigation in the government’s possession. These texts weren’t, until Durham asked for them, in the government’s possession.

I mean, I guess if they were, and Durham had been sitting on them for six months, then Durham has even bigger problems, which I don’t rule out.

That’s the background to the way Sussmann’s lawyer began his cross-examination. After reminding Baker of this statement, Berkowitz then laid out that, while Baker had met over ten times with Durham’s team, he had declined to meet with Sussmann’s team. Berkowitz introduced a letter he had sent Baker’s lawyer on April 20, asking to meet.

That letter had no Bates stamp. Just the Exhibit number submitting it into evidence.

That suggests Durham’s team hadn’t seen this letter yet — though I’m sure nothing about the letter was a surprise to them. Baker has met with Durham’s team at least twice since Berkowitz sent this letter. Berkowitz asked if Baker knew about the letter but Baker dodged, saying only that he had delegated the decision about meeting with Sussmann’s team to his lawyer, Dan Levin.

Then Berkowitz asked whether Baker knew what it was like to be under criminal investigation.

A. Yes.

Q. That’s Mr. Durham?

A. Yes.

They talked for a while about an earlier Durham investigation, one that lasted from 2017 until 2019 (Berkowitz made Baker repeat the dates), into whether information about surveillance that Baker had shared with a journalist had, or had not, been an authorized disclosure. Berkowitz talked about what might have happened had Baker been charged.

Loss of his legal career.

Being prosecuted.

Berkowitz talked about how that investigation basically boiled down to several conflicting versions of a phone call that other witnesses had given Durham. Their word against Baker’s.

Q. So at least one of their recollections was inconsistent with yours. Right?

A. Yes. Yes.

Q. Memories are a difficult thing, aren’t they, sir?

A. That’s a difficult question to answer. That depends.

That’s how Berkowitz prefaced the first of a long list of things Baker had said in Michael Sussmann’s trial that conflicted with things he had said in the past, a list that carried into a second day (actually Baker’s third day on the stand). At this point, Berkowitz mentioned just one of them — Baker’s inconsistent testimony to the Inspector General in July 2019 — then interrupted.

He put up a text to Ben Wittes that Baker sent the day after Durham was appointed in this matter (so weeks before that particular interview with the IG). Wittes and Baker were talking about TV appearances, but Baker seemed preoccupied by the Durham appointment.

MR. BERKOWITZ: The date, Mr. Cleaves.

THE WITNESS: There we go. Okay. Sorry. May 14th, 2019. Thank you.


Q. And you write: “It went well. It was about the Love piece which was good. CNN Tonight was okay but didn’t cover that at all. And now I get to be investigated for another year or two by John Durham. Lovely.” Correct?

A. Right.

Q. So you expected to be investigated further by Mr. Durham. Correct?

A. Yes, I did.

I’ll come back to the metadata on the text in just a bit.

The text makes it clear how, after being investigated by John Durham from 2017 to 2019, upon learning that Durham had just been appointed to investigate other matters implicating Baker, FBI’s former General Counsel immediately realized the investigation would continue for another two years.

Baker was wrong about the timing. Durham’s investigation just celebrated its third birthday.

This text frames all of Baker’s subsequent cooperation in that light — in Baker’s immediate recognition that the hell he had been going through for the previous two years would continue another two. Or three. Or longer.

This is brilliant lawyering on Berkowitz’s part. But remember as you read along that this is really a Hunger Games conflict staged by Trump and Bill Barr to exploit the US Justice system to create a never-ending supply of revenge theater that will incite the base and lead the press to do shitty reporting for easy clicks. This is an act of revenge targeting anyone who has ever dared to question Trump’s corruption. Or even, question the dangers of Russian interference in American democracy.

Back to Berkowitz. After showing Baker the text reflecting his immediate dread about being investigated by Durham for two more years, Berkowitz described how, the day after Durham’s appointment (actually it was about three days after, and so two days after this text), Baker had his lawyer reach out to Durham and offer to cooperate.

The letter is actually kind of funny. It shows Levin emailing and saying, “Jim asked me to reach out and let you know that he is available if you wish to interview him (he just spoke to the IG today).” Durham seems to have forwarded that email from one of his DOJ emails to another. I sort of wonder if there was a BCC, because Durham was in really close contact with Bill Barr’s office in these weeks. Durham then attempted to write back to Levin but at least as it appears (because he forwarded the email to himself rather than simply replying with a CC to his second DOJ account), Durham simply wrote to himself, responding into a void about meeting with “tour client” soon.

The Bates stamp for this exhibit looks like this:

DX-811 is the exhibit number for this trial (DX shows that it is one of Sussmann’s exhibits, as opposed to one of the government’s).

LW-06_0001 may reflect Sussmann’s Latham & Watkins’ lawyers sharing their proposed exhibits with Durham and Judge Cooper before the trial.

SCO-012114 is the regular Bates stamp associated with Durham’s production to Sussmann. It’s part of the same series (though much earlier in) the Bates stamp of the text that Baker turned over to Durham on March 4. SCO dash ######.

And SCO-3500U-4007 seems to be a Bates stamp specifically tied to Jencks discovery, which as noted above is called Rule 3500. That’s a really handy Bates stamp because it may indicate what Durham is treating as Jencks discovery. It appears in other direct statements made by Durham’s witnesses about this investigation. The calendar entry for the September 19, 2016 meeting between Baker and Sussmann, for example, has one of those 3500 stamps.

The text that, DeFilippis suggested, Durham had only asked for out of a diligent desire to comply with Jencks obligations doesn’t have one of these 3500 Bates stamps. Here it is again, SCO dash ######.

Having shown those three documents — Berkowitz’s request for a meeting with Baker, Baker’s text to Wittes dreading two more years of investigation by Durham, and Levin’s letter to Durham immediately after his appointment offering to come in for an interview — Berkowitz then resumed talking about inconsistencies in Baker’s testimony. He alluded, briefly, to a sworn statement Baker made to the grand jury under questioning from DeFilippis about the role that the General Counsel would have in FBI investigations. Then, after going through what Baker’s current testimony is, Berkowitz asked,

Q. The fact that Mr. Sussmann stated specifically in his message that he was acting on his own and not for a client did not factor heavily into your decision to meet with him. Correct?

This statement is inconsistent with the testimony Baker gave on the stand. Baker disavowed it.

A. I disagree with that.

So Berkowitz did what’s known as “refreshing” a witness’ memory, first by reading him what the 302 memorializing an FBI interview said.

Q. All right. Do you remember speaking with these folks in March of this year — by these folks to be, correct for the record, the prosecution team, Mr. DeFilippis?

A. In March of this year, I spoke to them, yes.

Q. Okay. And in March of this year, is it not true that you told them you do not believe that the fact that Sussmann stated specifically in his texts that he was acting on his own and not for a client factored heavily into your decision to meet with Michael Sussmann the very next day. You told them that?

A. Can you repeat the first part of that again? Sorry.

Q. “Baker does not believe that the fact that Sussmann stated specifically in his text message that he was acting on his own and not for a client factored heavily into his decision to meet with Sussmann the very next day”?

Baker, perhaps realizing that this interview from a few months ago conflicts with the testimony he has just given, had forgotten the question.

A. So, I’m sorry. What’s your question?

Q. You told them that on March 4th of 2022.

Baker didn’t recall giving that conflicting testimony.

A. Sitting here today, I don’t recall telling them that.

Berkowitz offered to show him the proof: a 302 interview report that, unlike the meeting between Baker and Sussmann on September 19, 2016, actually documents what was said.

Q. Refresh your recollection to see the 302 of your meeting, sir?

A. Sure. I haven’t seen that 302 before.

This is an opportunity for Berkowitz to explain, as he did when he used one to refresh Scott Hellman’s memory earlier in the week, what a 302 is and how FBI always creates 302s for fact witnesses.

Q. All right. And to orient the jury is when an agent is present and take notes. Correct?

A. It’s a report of an interview.

Q. And when a witness is interviewed by the FBI, an agent is there to take notes, if it’s a fact witness, and put it into a report. Correct?

A. Correct.

Q. You didn’t do that with Mr. Sussmann. Right?

A. Correct.

Berkowitz asked Baker if he remembered making the statement on March 4. DeFilippis’ single witness to Sussmann’s alleged crime professed, for the second time in short order, not to remember something that happened just a few months ago.

Q. Does it refresh your recollection that, on March 4th of 2022, you told the FBI and Mr. DeFilippis that you didn’t believe the fact that Mr. Sussmann stated specifically in his text he was acting on his own and not for a client factored heavily into your decision to meet with Mr. Sussmann the next day?

A. I don’t recall making that statement sitting here today.

Q. And it’s your testimony

MR. BERKOWITZ: You can take that down.

BY MR. BERKOWITZ: Q. It’s your testimony that that’s not accurate. Correct?

A. It’s my testimony today that, as I think about it today, that that’s not accurate.

More than just forgetting what he said a few months ago, Baker is showing the jury how, if his current belief conflicts with a past one shared under threat of false statements charges, he’ll simply say his past truth is not the truth. Not accurate.

Then Baker thinks of something: the significance of the date.

A. Can I ask you a question? When was that 302? What was the date? What meeting or what interview was that pertaining to?

Q. There’s a lot of different meetings and interviews here. This one was a couple of months ago on March 4th of 2022 —

A. Okay.

Q. — in connection with your trial preparation for today.

A. That was the date that I found the text, yes.

Q. Okay. Did that change your recollections at all or —

Baker explains that discovering a text in which Sussmann had stated that he wasn’t asking for the September 19, 2016 meeting “on behalf of any client,” but wanted to help the FBI had upset him, suggesting that might explain why he gave testimony a few months ago that substantially differs from the testimony he gave on the stand.

A. Well it’s just it was a very — it was a very difficult day for me and it was a bit upsetting.

As a reminder, this day was not just a stressful one for Baker. While I can’t think of an evidentiary basis by which Sussmann could share this with the jury, after Baker found a text that greatly complicated Durham’s prosecution, Durham accused Sussmann of hiding evidence, a stance he was forced to drop after Sussmann obtained a subpoena on his own to disprove that accusation.

Anyway, after noting that Baker met with Durham in spite of the stress of having found the text, Berkowitz asked Baker, for the first time in this Hunger Games conflict, whether he was aware that it was a crime to lie to the FBI.

A. I know very well it’s a crime to make a false statement to the FBI if that’s what you are getting at. Whether they say it or not, I know it.

At that point, Berkowitz pulled out a white board and starting writing down the things that Baker was committing to believing were the truth. He started with “the elephant in the room,” the memory that, if the jury finds it shaky, will sink this entire prosecution.

Q. Let’s start with the elephant in the room. Sitting here today, what is your testimony about what Mr. Sussmann told you relative to clients?

A. At the meeting in person on the 19th of September?

Q. Yes.

A. Okay. My testimony is that he said that he was not there on behalf of any particular client or words to that effect.

Q. Oh, now it’s “words to that effect.” Okay.

DeFilippis objected.

He didn’t want Berkowitz to write this down, I’m sure, because any juror taking notes is going to write down exactly what Berkowitz writes down, thereby solidifying the points in their memory. That’s how my memory works anyway: If I write it down, I’m far more likely to remember it. People think I have a really good memory, but in actuality, I just write a lot more than most people.

DiFilippis probably also didn’t want Berkowitz to write this down because it’ll isolate the key claims that Baker has made, thereby making it easier for jurors to compare his currently operative statements with what he had said in the past. DeFilippis wanted just the court reporter to write this down, in a transcript that won’t ever be shared with the jury.

MR. DeFILIPPIS: Objection, Your Honor, we do have a court reporter.

THE COURT: Overruled.

Berkowitz walked Baker through his currently operative story for the following:

  • What Sussmann said on September 19 about having a client
  • Whether Baker knew Sussmann worked for Hillary that day
  • How long the meeting was
  • What Sussmann said about a news organization ready to publish a story
  • Whether he identified any particular cyber experts
  • Whether those experts — Steve Bellovin, Matt Blaze, and Susan Landau — had vouched for the data
  • Whether Baker or Sussmann had taken notes
  • Whether he had refused to share Sussmann’s name when Scott Hellman and an FBI administrative person  named Jordan Kelly had come to obtain the materials, as Scott Hellman testified earlier in the week

That’s when they break for lunch. After lunch they go over Baker’s meeting with Bill Prietsap, his calls to get Eric Lichtblau’s name later in the week, and his foggy memory about the details from the the March 6, 2017 when the Alfa Bank allegation comes back up. I’m not sure whether this got written onto a white board or not (it sounds like Berkowitz had filled the white board before lunch).

Berkowitz then returned to the many times Baker had given conflicting testimony under oath, starting with his testimony before Congress.

Q. And when you gave voluntary information to Congress, you understood that you were under oath?

A. I don’t think I was under oath, but I understood that it’s a crime to make false statements to Congress.

Q. So you tried to be as careful as you could. Correct?

A. I tried to be as careful as I could in that environment, yes, sir.

Q. You tried to be as truthful as you could?

A. (No response)

Q. Tried to be as truthful as you could?

A. Yes, sir.

Berkowitz then went through and laid out how his prior testimony conflicts with what he’s just laid out on the whiteboard and after lunch.

Again, great lawyering, but the reason this is so dreadful is because this is precisely the kind of Hunger Games conflict that Reality TV show star Donald Trump uses to accrue power.

Berkowitz reminded Baker that his two appearances before Congress in October 2018 could be subject to false statement prosecution, his 2019 interview with the Inspector General (which Baker calls “the I.G. thing”), the two meetings with Durham at which Sussmann was raised in June 2020 (at such time as Trump and Barr were pressuring Durham for pre-election results). All potentially subject to prosecution as false statements or perjury.

Berkowitz ended the day by asking about threats, returning again to the possibility that any single one of these inconsistent statements — the most recent of which discussed thus far was on March 4, 2022, the statute of limitation for which would not expire until 2027 — could be charged as a false statement.

Q. Did they threaten you, sir, with anything — based on the fact that you had previously told folks under oath or subject to perjury — that you had said inconsistent things?

A. Mr. Durham and his team have never threatened me in any way.

Q. But you understood, sir, did you not, as a lawyer, that if you had said something that someone determined was false, under oath, or subject to perjury, you could be prosecuted. Correct?

I suspect that, by the end of the week, Berkowitz will argue that several of Durham’s witnesses have made more easily provable false statements — and more material — to the Special Counsel and others than Sussmann, but Durham is not choosing to prosecute the ones who tell the story he wants told, the story he chooses to refresh. Remember, there are at least three documents already introduced that Durham chose not to use to refresh Baker’s memory to something different than he delivered on the stand last week.

Which brings me back to DeFilippis’ excuse for finding a text that Sussmann was asking for but which Durham had never bothered to look for, and the inconsistent statement — that Sussmann’s notice that he was not there on behalf of any client had a big role in him taking the meeting — and Baker’s attribution of his now-inconsistent answer to stress.

Durham discovered on March 4 that Baker had relevant texts he never bothered to ask for in 16 months of investigation before he charged Sussmann. DeFilippis introduced that text by claiming prosecutors had discovered it by asking — John Durham asked himself, according to Baker — for Jencks material.

That text has no Bates stamp reflecting that it is Jencks material.

There’s something else about that text. It looks nothing like the text that Berkowitz entered describing Baker’s dread as he realized Durham was going to be investigating for two more years. Here’s the text Baker turned over in March, in response to Durham’s request for any communications involving Sussmann, but only communications involving Sussmann.

Here’s the text to Wittes expressing certainty that Durham would investigate him for two more years.

These are both iMessage texts! They look entirely different, though, because one is a screen cap turned over by Baker, and the other was obtained via legal process served on Apple (which is where all the extra metadata comes from).

More interesting still, however, is the Bates stamp on the set of texts involving Wittes. The Bates stamp on that text looks like this:

There’s the red stamp that, I’m guessing, is the stamp associated with a pre-trial proposed exhibit.

There’s the trial exhibit stamp, DX-810.

And then there’s a Bates stamp that does not match any Durham Bates stamp I’ve seen. SCO_######. Underscore, not dash.

Although this is a statement by a witness — the key witness!! — about this very investigation, there’s no Jencks stamp.

Mind you, the government only has to turn over statements about an investigation under Jencks if it is in their possession. So maybe this was never in their possession? If it was, it’d be a Jencks violation and Sussmann could ask to have the entirety of Baker’s testimony thrown out. All of it.

I have no idea where this text string comes from. Perhaps it came from an FBI Inspection Division investigation of all these same people; such material was among the stuff that Durham was permitted to turn over late. Perhaps, as Latham & Watkins did when Durham accused Sussmann of hiding this text, they got a subpoena and obtained it themselves. But it appears, at least, that it didn’t come from Durham.

If that’s right — if, even after discovering that Baker had texts that were absolutely critical to this investigation that he had never turned over, Durham didn’t choose to obtain these texts directly from Apple themselves, or at the very least ask Baker to turn over all texts pertinent to his investigation — there are several implications. First, it’s proof that Durham never ever subjected Baker, the guy who offered to cooperate on day three, to investigative scrutiny for his role in the events from September 19, 2016 that Durham has chosen to criminalize. Nor has Durham tested what might be behind any of Baker’s subsequent inconsistent statements. And when Durham discovered that Baker had had texts that were critical to his investigation almost three years into the investigation, his first response was to attempt to blame Sussmann. When that didn’t work, it appears, Durham didn’t put his prosecution at risk to see what other texts, texts that might be critical to Durham’s investigation but which didn’t involve communications between him and Sussmann, might be in Baker’s iCloud account.

This is brilliant lawyering. But it’s all just a part of Donald Trump’s Hunger Games, revenge theater targeting the people who questioned his complicit ties with Russia. And the wrong people are going to get hurt.

Other Sussmann trial coverage

Scene-Setter for the Sussmann Trial, Part One: The Elements of the Offense

Scene-Setter for the Sussmann Trial, Part Two: The Witnesses

The Founding Fantasy of Durham’s Prosecution of Michael Sussmann: Hillary’s Successful October Surprise

With a Much-Anticipated Fusion GPS Witness, Andrew DeFilippis Bangs the Table

John Durham’s Lies with Metadata

emptywheel’s Continuing Obsession with Sticky Notes, Michael Sussmann Trial Edition

Brittain Shaw’s Privileged Attempt to Misrepresent Eric Lichtblau’s Privilege

The Methodology of Andrew DeFilippis’ Elaborate Plot to Break Judge Cooper’s Rules

Jim Baker’s Tweet and the Recidivist Foreign Influence Cheater

That Clinton Tweet Could Lead To a Mistrial (or Reversal on Appeal)

John Durham Is Prosecuting Michael Sussmann for Sharing a Tip on Now-Sanctioned Alfa Bank

The Methodology of Andrew DeFilippis’ Elaborate Plot to Break Judge Cooper’s Rules

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs. If you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations for this coverage — which reflects the culmination of eight months work. 

When Michael Sussmann attorney Sean Berkowitz was walking FBI Agent Scott Hellman through the six meetings he had with Durham’s team on Tuesday — meetings he first had as a witness about the investigation into the Alfa Bank allegations and later in preparation for his trial testimony — Berkowitz asked Hellman about how, sometime earlier this year, Andrew DeFilippis and Jonathan Algor asked him whether he could serve as their DNS expert for the trial.

Q And then, more recently, you met with Mr. DeFilippis and I think Johnny Algor, who is also at the table here, who’s an Assistant U.S. Attorney. Correct?

A. Yes.

Q. They wanted to talk to you about whether you might be able to act as an expert in this case about DNS data?

A. Correct.

To Hellman’s credit, he told Durham’s prosecutors — who have been investigating matters pertaining to DNS data for two years — that he only had superficial knowledge of DNS and so wasn’t qualified to be their expert.

Q. You said, while you had some superficial knowledge, you didn’t necessarily feel qualified to be an expert in this case, correct, on DNS data?

A. On DNS data, that’s correct.

It wasn’t until the third day of trial before Durham’s team presented any evidence about the alleged crime. Instead, Durham’s first two witnesses were their nominal expert, David Martin, and Hellman, who told Durham he wasn’t an expert but who offered opinions he neither had the expertise to offer nor had done the work to substantiate.

That’s important, because DeFilippis used him to provide an opinion only an expert should give. And virtually everything about his testimony — his claim to have relied on the data in the materials without looking at the thumb drives, an apparently made up claim about the timing of the analysis, and behaviors that the FBI normally finds suspicious — suggest he’s not only not a DNS expert qualified to assess this report, but his assessment of the white paper Sussmann shared also suffers from serious credibility issues.

The battle over an expert

The testimony of the nominal expert, David Martin, was remarkably nondescript, particularly given the fight that led up to his testimony. Durham’s team sprung even having an expert on Sussmann at a really late date: on March 30, after months of blowing off Sussmann’s inquiries if they would. Not only did they want Martin to explain to the jury what DNS and Tor are, Durham’s team explained, but they also wanted him to weigh in on the validity of conclusions drawn by researchers who had found the anomaly.

  • the authenticity vel non of the purported data supporting the allegations provided to the FBI and Agency-2;
  • the possibility that such purported data was fabricated, altered, manipulated, spoofed, or intentionally generated for the purpose of creating the false appearance of communications;
  • whether the DNS data that the defendant provided to the FBI and Agency-2 supports the conclusion that a secret communications channel existed between and/or among the Trump Organization, Alfa Bank, and/or Spectrum Health;


  • the validity and plausibility of the other assertions and conclusions set forth in the various white papers that the defendant provided to the FBI and Agency-2;

As Sussmann noted in his motion to limit Martin’s testimony, he didn’t mind the testimony about DNS and Tor. He just didn’t want this trial to be about the accuracy of the data, especially without the lead time to prepare his own expert.

As the Government has already disclosed to the defense, should the defense attempt to elicit testimony surrounding the accuracy and/or reliability of the data that the defendant provided to the FBI and Agency-2, Special Agent Martin would explain the following:

  • That while he cannot determine with certainty whether the data at issue was cherry-picked, manipulated, spoofed or authentic, the data was necessarily incomplete because it was a subset of all global DNS data;
  • That the purported data provided by the defendant nevertheless did not support the conclusions set forth in the primary white paper which the defendant provided to the FBI;
  • That numerous statements in the white paper were inaccurate and/or overstated; and
  • That individuals familiar with these relevant subject areas, such as DNS data and TOR, would know that such statements lacked support and were inaccurate and/or overstated.

Based off repeated assurances from Durham that they weren’t going to make accuracy an issue in their case in chief, Judge Cooper ruled that the government could only get into accuracy questions if Sussmann tried to raise the accuracy of the data himself. But if he said he relied on the assurances of Rodney Joffe, it wouldn’t come in.

The government suggests that Special Agent Martin’s testimony may go further, depending on what theories Sussmann pursues in cross-examination or his defense case. Consistent with its findings above, the Court will allow the government’s expert to testify about the accuracy (or lack thereof) of the specific data provided to the FBI here only in certain limited circumstances. In particular, if Sussmann seeks to establish at trial that the data were accurate, and that there was in fact a communications channel between Alfa Bank and the Trump Campaign, expert testimony explaining why this could not be the case will become relevant. But, as the Court noted above, additional testimony about the accuracy of the data—expert or otherwise—will not be admissible just because Mr. Sussmann presents evidence that he “relied on Tech Executive-1’s conclusions” about the data, or “lacked a motive to conceal information about his clients.” Gov’s Expert Opp’n at 11. As the Court has already explained, complex, technical explanations about the data are only marginally probative of those defense theories. The Court will not risk confusing the jury and wasting time on a largely irrelevant or tangential issue. See United States v. Libby, 467 F. Supp. 2d 1, 15 (D.D.C. 2006) (excluding evidence under Rule 403 where “any possible minimal probative value that would be derived . . . is far outweighed by the waste of time and diversion of the jury’s attention away from the actual issues”).

Then, days before the trial, the issue came up again. Durham sent a letter on May 6 (ten days before jury selection), raising a bunch of new issues they wanted Martin to raise. Sussmann argued that Durham was trying to expand the scope of what his expert could present. Among his complaints, Sussmann argued that Durham was trying to make a materiality argument via his expert witness.

Third, the Special Counsel apparently intends to offer expert testimony about the materiality of the false statement alleged in this case. Indeed, the Special Counsel’s supplemental topic 9 regarding the importance of considering the collection source of DNS data is plainly being offered to prove materiality. But the Special Counsel did not disclose this topic in either his initial expert disclosure or Opposition, and the Court’s ruling did not permit such testimony. The Special Counsel should not now be allowed to offer an entirely new expert opinion under the guise of eliciting testimony regarding the types of conclusions that can be drawn from a review of DNS data.

Judge Cooper considered the issue Tuesday morning, before opening arguments. When asking why Martin had to present the concept of visibility, DeFilippis explained that Hellman–the Agent who’s not an expert on DNS but whom DeFilippis nevertheless had asked to serve as an expert on DNS–would talk about the import of knowing visibility to assess data.

THE COURT: Well, but isn’t the question here whether a case agent — is your case agent later going to testify that that was something that the FBI looked at or wanted to look at in this case and was unable to do so, and that that negatively affected the FBI’s investigation in some way? MR.

DeFILIPPIS: Yes, and I expect Special Agent Hellman, who will testify likely today, Your Honor, I expect that that is a concept that he will say was relevant to the determination that — determinations he was making as he drafted analysis of the data that came in. And, again, I don’t think we — for example, another way in which this comes up is that the FBI routinely receives DNS data from various private companies who collect that data, and it is always relevant sort of the breadth of visibility that those companies have. So it’s relevant generally, but also in this particular case the fact that the FBI did not have insight into the visibility or lack of visibility of that data certainly affected steps that the FBI took.

THE COURT: Okay. But Mr. Sussman has not been accused of misrepresenting who the source is. He’s simply — but rather who the client is. So how do you link that to the materiality of the alleged false statement?

MR. DeFILIPPIS: Because, Your Honor, I think we view them as intertwined. It was because — it was in part because Mr. Sussman said he didn’t have a client that made it more difficult for the FBI to get to the bottom of the source of this data or made it less likely they would, and so — and, again, I don’t think we expect to dwell for a long time on this, but I think the agents and the technical folks will say that that is part of why the origins of the data are extremely relevant when they took investigative steps here.

When Cooper noted Sussmann’s objection to Martin discussing possible spoofing of data, DeFilippis again answered not about what Martin would testify, but what Hellman would.

As DeFilippis explained, he claimed to believe that under Cooper’s ruling, the government could put in any little thing they wanted that they claimed had been part of the investigation.

And Special Agent Hellman, when he testifies today — now, Your Honor’s ruling we understand to permit us to put into evidence anything about what the FBI analyzed and concluded as its investigation unfolded because that goes to the materiality of the defendant’s statement. So Special Agent Hellman — through Agent Hellman we will offer into evidence a paper he prepared when the data first came in, and among its conclusions is that the data might — he doesn’t use the word “spoof” — but might have been intentionally generated and might have been fabricated. That was the FBI’s initial conclusion in what it wrote up.

So in order for the jury to understand the course of the FBI’s investigation and the conclusions that it drew at each stage, those concepts are at the center of it.


MR. DeFILIPPIS: Okay. Your Honor, I’m sorry. We understood your ruling to be that the FBI’s conclusions as it went along were okay as long as we weren’t asserting the conclusion that it was, in fact, fabricated. You know, I mean, it’s difficult to chart the course of the FBI’s investigation unless we can elicit at each stage what it is that the FBI concluded.

Judge Cooper ordered that references to spoofing be removed — leading to a last minute redaction of an exhibit — but permitted a discussion of visibility to come in.

After all that fight, Martin’s testimony was not only bland, but it was recycled powerpoint. He not only admitted lifting the EFF description of Tor for his PowerPoint, but he included their logo.

Hellman delivers the non-expert expert opinion Durham was prohibited from giving

As I said, Martin was witness number one, Hellmann — the self-described non-expert in DNS — was witness number two.

Even though Hellman admitted, again, that he’s not a DNS expert, DeFilippis still had him go over what DNS is.

Q. How familiar or unfamiliar are you with what is known as DNS or Domain Name System data?

A. I know the basics about DNS.

Q. And in your understanding, on a very basic level, what is DNS?

A. DNS is basically how one computer would try and communicate with another computer.

After getting Hellman to explain how he purportedly got chain of custody signatures on September 20, 2016 for the materials Michael Sussmann dropped off with James Baker on September 19, DeFilippis walked Hellman through how, he claimed, he had concluded that the allegations Sussmann dropped off were unsupported. Hellman reviewed the data accompanying the white paper, Durham’s star cybersecurity witness claimed on the stand, and after reviewing that data, determined there was no allegation of a hack in the materials and therefore nothing for the Cyber Division to look at. And, as a report he wrote “within a day” summarized, he concluded the methodology was horrible.

As you read the following exchange, know that (as I understand it) some, if not most, of what Hellman describes as the methodology is wrong. Obviously, if Hellman’s understanding of the methodology is wrong, then the opinion that DeFilippis elicits from a guy who admitted he was not an expert on DNS but whom DeFilippis nevertheless asked to serve as his expert witness on DNS before inviting David Martin in to present slides lifted from the Electronic Frontier Foundation instead [Takes a breath] … If Hellman’s understanding of the methodology and the data he’s looking at is wrong, then his opinion about the methodology is going to be of little merit.

With that understanding, note the objection of Sean Berkowitz, who fought DeFilippis’ late hour addition of an expert that DeFilippis wanted to use to opine on the validity of the research, bolded below.

So we looked at the top part, which set out your top-line conclusion. You then have a portion of the paper that says, “The investigators who conducted the research appear to have done the following.” Now, Special Agent Hellman, it appears to be a pretty technical discussion, but can you just tell us, in that first part of the paper, what did you set out and what did you conclude?

A. It looks to be that they were looking for domains associated with Trump, and the way that they did that was they looked at a list of sort of all domains and looked for domains that had the word “Trump” in them as a way to narrow down the number of domains they were looking at.

And then they wanted to find, well, which of that initial set of Trump domains, which of them are email servers associated with those domains. And the way they did that was to search for terms associated with email, like “mail” or other email-related terms to then narrow down their list of domains even further to be Trump-associated domains that were email servers.

Q. And did you opine on the soundness of that methodology? In other words, did you express a view as to whether this was a good way to go about this project?

A. We did not — I did not feel that that was the most expeditious way to go about identifying email servers associated with the domain.

Q. And why was that?

A. You can name an email server anything you want. It doesn’t have to have the words “mail” or “SMTP” in it. And so by — if you’re just searching for those terms, I would wager to guess you would miss an actual email server because there are other — there are other more technical ways that you can use — basically look-up tools, Internet look-up tools where you can say, for any domain, tell me the associated email server. That’s essentially like a registered email server. But the way that they were doing it was they were just looking for key terms, and I think that it just didn’t make sense to me why they would go about identifying email servers that way as opposed to just being able to look them up.

Q. Was there anything else about the methodology used here by the writer or writers of this paper that you found questionable or that you didn’t agree with?

A. I think just the overall assumptions that were being made about that the server itself was actually communicating at all. That was probably one of the biggest ones.

Q. And what, if anything, did you conclude about whether you believed the authors of the paper or author of the paper was fairly and neutrally conducting an analysis? Did you have an opinion either way?

MR. BERKOWITZ: Objection, Your Honor.


MR. BERKOWITZ: Objection on foundation. He asked him his opinion. He’s not qualified as an expert for that.

THE COURT: I’ll overrule it.

A. Sorry, can you please repeat the question?

Q. Sure. Did you draw a conclusion one way or the other as to whether the authors of this paper seemed to be applying a sound methodology or whether, to the contrary, they were trying to reach a particular result? Did you —

A. Based upon the conclusions they drew and the assumptions that they made, I did not feel like they were objective in the conclusions that they came to.

Q. And any particular reasons or support for that?

A. Just the assumption you would have to make was so far reaching, it didn’t — it just didn’t make any sense.

That’s how, as his second witness, Andrew DeFilippis introduced the opinion of a guy who admitted he wasn’t an expert on DNS that DeFilippis had asked to serve as an expert even though DeFilippis should have known that he didn’t have the expertise to offer expert opinions like this.

If Sussmann is found guilty, I would bet a great deal of money this stunt will be one part of a several pronged appeal, because Judge Cooper permitted DeFilippis to do precisely what Cooper had prohibited him from doing before trial, and he let him do it with a guy who by his own admission is not a DNS expert.

Cyber Division reaches a conclusion without looking at the thumb drives

Now let’s look at what Hellman describes his own methodology to be.

First, it was quick. DeFilippis seems to think that serves his narrative, as if this stuff was so crappy that it took a mere glimpse to discredit it.

Q. Special Agent Hellman, how long would you say it took you and Special Agent Batty to write this up?

A. Inside of a day.

Q. Inside of a day, you said?

Berkowitz walked Hellman through the timeline of it, and boy was it quick. There’s some uncertainty about this timeline, because John Durham’s office doesn’t feel the need to make clear whether exhibits they’re turning over in discovery reflect UTC or ET. But I think I’ve laid it out below (Berkowitz got it wrong in cross-examination, which DeFilippis used to attack his analysis).

As you can see, not only were FBI’s crack cybersecurity agents making a final conclusion about the data within a day but — by all appearances — they did so before they had ever looked at the thumb drives included with the white papers. From the record, it’s actually not clear when — if!!! — they looked at the thumb drives. But it’s certain they had their analysis finalized no more than one working day after they admitted they hadn’t looked at the thumb drive, which was itself after they had already decided the white paper was shit.


September 20, 10:20AM: Nate Batty tells Jordan Kelly they’ll come from Chantilly to DC get the thumb drives

September 20, 10:31AM: Jordan Kelly tells Batty the chain of custody is “Sussman to Strzock to Sporre”

September 20, 12:29PM: Hellman and Nate Batty accept custody of the thumb drives

September 20, 1:30PM: Hour drive back to Chantilly, VA

September 20, 4:44PM: Hellman appears to explain the process of picking up the thumb drives to jrsmith, claiming to have spoken to Baker on the phone. jrsmith jokes about “doctor[ing] a chain of evidence form.”

September 20, 4:58: Hellman says the more he reads the report “it feels a little 5150ish,” suggesting (as he explained to Berkowitz on cross) the authors suffered from a mental disability, and Hellman complains that “it contains an absurd quantity of data” to which Batty responded, the data seemed “inserted to overwhelm and confuse the reader.”

September 21, 8:47AM: Batty tells Hellman their supervisor wants them to “write a brief summary of what we think about the DNC report.” Batty continues by suggesting that “we should at least plug the thumb drives into Frank’s computer and look at the files…”

9/22, 9:44AM: Curtis Heide, in Chicago, asks Batty to send the contents of the thumb drive so counterintelligence agents can begin to look at the evidence. The boys in Cyber struggle to do so for a bit.

9/22, 2:49PM: Batty asks Hellman what he did with the blue thumb drive.

9/22, 4:46PM: Batty sends “analysis of Trump white paper” to others.

In other words, the cyber division spent less than 28 hours doing this analysis.

Yes. The analysis was quick.

Hellman says his analysis is valid because he looked at the data

The hastiness of the analysis and the fact that Hellman didn’t look at the thumb drive before making initial conclusions about the research is fairly problematic, because when he discussed his own methodology, he described the data driving everything.

Q. Now, what principally, from the materials, did you rely on to do your analysis?

A. So it was really two things. It was looking at the data, the technical data itself. There was a summary that it came with. And then also we were comparing what we saw in the data, sort of the story that the data told us, and then looking at the narrative that it came with and comparing our assessment of the data to the narrative.


Q. And in connection with that analysis, did you also take a look at the data itself that was underlying this paper?

A. Yes


Q. And if we look at that first page there, Agent Hellman, what kind of data is this?

A. It appears to be — as far as I can tell, it looks to be — it’s log data. So it’s a log that shows a date and a time, a domain, and an IP address. And, I mean, that’s — just looking at this log, there’s not too much more from that.

Q. And do you understand this to be at least a part of the DNS data that was contained on the thumb drives that I think you testified about earlier?

A. Yes.


A. It would have mattered — well, I think on one hand it would not have mattered from the technical standpoint. If I’m looking at technical data, the data’s going to tell me whatever story the data’s going to tell me independent of where it comes from. So I still would have done the same technical analysis.

But knowing where the data comes from helps to tell me — it gives me context regarding how much I believe in the data, how authentic it is, do I believe it’s real, and do I trust it. [my emphasis]

He repeated this claim on cross with Berkowitz.

I just disagreed with the conclusions they came to and the analysis that they did based upon the data that came along with the white paper.

When Berkowitz asked him why counterintelligence opened an investigation when Cyber didn’t, Hellman suggested that the people in CD wouldn’t understand how to read the technical logs.

A. Um, I think they’d probably be looking at it from the same vantage point, but if you’re not — you don’t have experience looking at technical logs, you may not have the capability of doing a review of those logs. You might rely on somebody else to do it. And perhaps counterintelligence agents are going to be thinking about other investigative questions. So I guess it would probably be a combination of both.

“If I’m looking at technical data,” DeFilippis’ star cybersecurity agent explained, “the data’s going to tell me whatever story the data’s going to tell me.”

Except he didn’t look at the technical data, at least not the data on the thumb drives, before he reached his initial conclusion.

Hellman makes a claim unsupported by the data in his own analysis

I’ll leave it to people more expert than me to rip apart Hellman’s own analysis of the white paper Sussmann shared with the FBI. In early consultations, I’ve been told he misunderstood the methodology, misunderstood how researchers used Trump’s other domains to prove that just one had this anomaly (that is, as a way to test their hypothesis), and misstated the necessity of some long-term feedback loop for this anomaly to be sustained. Again, the experts will eventually explain the problems.

One part of his report that I know damns his methodology, however, is where he says the researchers,

Searched “…global nonpublic DNS activity…” (unclear how this was done) and discovered there are (4) primary IP addresses that have resolved to the name “”. Two of these belong to DNS servers at Russian Alfa Bank. [my emphasis]

This is the point where every single person I know who assessed these allegations who is at least marginally expert on DNS issues stopped and said, “global nonpublic DNS activity? There are only a handful of people that could be!” See, for example, this Robert Graham post written in response to the original Slate story, perhaps the most influential critique of the allegations, probably even on Durham. Every marginally expert person I know has, upon reading something like that, tried to figure out who would have that kind of visibility on the data, because that kind of visibility, by itself, would speak to their expertise. Those marginally expert people did not have the means to identify the possible sources of the data. But a lot of them — including the NYTimes!! — were able to find people who had that kind of visibility to better understand the anomaly. When Hellman read that, he simply said, “unclear how this was done” and moved on.

Still, Hellman did not contest (or possibly even test) the analysis that said there were really just four IP addresses conducting look-ups with the Trump marketing server. Dozens of people have continued to test that result in the years since, and while there have been adjustments to the general result, no one has disproven that the anomaly was strongest between Alfa Bank and Trump’s marketing domain.

Where Hellman’s insta-analysis really goes off the rails, however, is in his assertion that, “it appears that the presumed suspicious activity began approximately three weeks prior to the stated start date of the investigation conducted by the researcher.”

I’m not a DNS expert, but I’m pretty good at timelines, and by my read here are the key dates in the white paper.

May 4, 2016: Beginning date for look-up analysis

July 28, 2016: Lookup for hostnames yielding Trump

September 4, 2016: End date for look-up analysis

September 14, 2016: Updated search for look-ups covering June 17 through September 14

The start date reflected in this white paper is July 28, 2016. Three weeks before that would be July 7, 2016, a date that doesn’t appear in the white paper. The anomaly started 85 days before the start date reflected in this white paper (and the start date for the research began months earlier, but still over three weeks after the May 4 start date).

I don’t understand where he got that claim. But DeFilippis repeated it on the stand, as if it were reflected in the data, I guess believing it makes his star cybersecurity agent look good.

DeFilippis’ star cybersecurity agent has some credibility problems

There are a few more problems with the credibility of Hellman, DeFilippis’ star cybersecurity agent who is not a DNS expert. One of those is that he compared notes with his boss before first testifying.

Q: And you also spoke with Nate Batty around that time, Right?

A: Yes.

Q: Did you talk to him before the first interview to kind of get ready for it?

A: I think so, but I don’t remember.

Q: Is that something that you encourage witnesses to do, to talk to other witnesses to see if your recollections are consistent?

A: No.

In addition, notwithstanding that Batty was told that Sussmann was in the chain of control, Batty claimed to believe the source was “anonymous” and Hellmann claimed to believe it was sensitive–a human source. Even after comparing notes their stories didn’t match.

There are other problems with Hellman’s memory of the events, notably that in his first interview — the one he did shortly after comparing notes with Batty — he claimed that Baker had told him he was unable to identify the source of the data.

Q. And when you went to Mr. Baker’s office, do you remember what, if anything, was said during that discussion or during that interaction?

A. I remember being in the office, but I don’t distinctly recall what the conversation was. I do remember after the fact, though, that I was frustrated that I was not able to identify who had provided these thumb drives, this information to Mr. Baker. He was not willing to tell me.

At the very least, this presents a conflict with Baker’s testimony, but it’s also another testament to how variable memories can be four years, much less six years, after the fact.

Hellman also claimed, when asked on cross, that the first time he had ever seen the reference to a “DNC report” in September 21 Lync notes he received was two years ago, when he was first interviewed.

A: The first time I saw this was two years ago when I was being interviewed by Mr. DeFilippis, and I don’t recall ever seeing it. I never had any recollection of this information coming from DNC. I don’t remember DNC being a part of anything we read or discussed.

Q: Okay. When you say, the first time you saw it was two years ago when you met with Mr. DeFilippis, that’s not accurate. Right? You saw it on September 21st, 2016. Correct?

A: It’s in there. I don’t have any memory of seeing it.

And when Sean Berkowitz asked about Hellman the significance of seeing the reference to a “DNC report” first thing on September 21, he described that DeFilippis suggested to him that it was likely just a typo for DNS.

Q. What’s your explanation for it?

A. I have no recollection of seeing that link message. And there is — I have absolutely no belief that either me or Agent Batty knew where that data was coming from, let alone that it was coming from DNC. The only explanation that popped or was discussed was that it could have been a typo and somebody was trying to refer to DNS instead of DNC.

Q. So you think it was a typo?

A. I don’t know.

Q. When you said the only one suggesting it — isn’t it true that it was Mr. DeFilippis that suggested to you that it might have been a typo recently?

A. That’s correct.

When asked about a topic for which there was documentary evidence Hellman had seen in real time that he claimed not to remember, Andrew DeFilippis offered up an explanation that Hellman then offered on the stand.

On the stand, DeFilippis also tried to get Hellman to call a marketing server a spam server, though Hellman resisted.

Once you look closely, I don’t think Hellman’s testimony helps Durham all that much. What it proves, however, is that DeFilippis attempted to coach testimony.

One final thing. DeFilippis got his star cybersecurity agent to observe that the researchers didn’t include their name or other markers on their report, as if that’s a measure of unreliablity.

Q. Now, let me ask you, were you able to determine from any of these materials who had actually drafted the paper alleging the secret channel?

A. No.

Q. In other words, was it contained anywhere in the documents?

Here’s what Hellman’s own report looks like:

There’s a unit — ECOU1 — but the names of the individual agents appear nowhere in the report. The report is not dated. It does not specifically identify the white papers and thumb drives by control numbers, something key to evidentiary analysis.

It has none of the markers of regularity you’d expect from the FBI. Hellman’s own analysis doesn’t meet the standards that DeFilippis uses to measure reliability.

This long-time Grand Rapids resident is furious that Hellman judged there was no hack

Everything above I write as a journalist who has tried to understand this story for almost six years. Between that and 18 years of covering national security cases, I hope I now have sufficient familiarity with it to know there are real problems with Hellman’s analysis.

But let me speak as someone who lived in Grand Rapids for most of this period, and had friends who had to deal with the aftermath of Spectrum Health appearing at the center of a politically contentious story.

Hellman had, as he testified, two jobs. First, he was supposed to determine whether there were any cyber equities, then he was supposed to do some insta-analysis of the data without first looking at the thumb drives.

According to Hellman, there was no hack.

I was asked to perform two tasks in tandem with Special Agent Batty, and our tasks were, number one, to look at this data, look at the data and look at the narrative that it came with and identify were there any what’s known as cyber equities. And by that it was, was there any allegation of a hacking. That’s what cyber division does. We investigate hacking. So was there an allegation that somebody or some company or some computer had been hacked. That was first.


As I mentioned, the first piece was we had to identify was there any real allegation of hacking; and there was not. That was our first task by our supervisor. There was not.


The allegation was that someone purported to find a secret communication channel between the Trump organization and Russia. And so we identified first that, no, we didn’t think that there was any cyber equity, meaning that there was probably nothing more for cyber to investigate further, if there was no hacking crime.

Except here’s what the white paper says about Spectrum, that Grand Rapids business that was swept up in this story.

The Spectrum Health IP address is a TOR exit node used exclusively by Alfa Bank. ie.,  Alfa Bank communications enter a Tor node somewhere in the world and those communications exit, presumably untraceable, at Spectrum Health There is absolutely no reason why Spectrum would want a Tor exit node on its system. (Indeed, Spectrum Health would not want a TOR node on its system because, by its nature, you never know what will come out of a TOR node, including child pornography and other legal content.)

We discovered that Spectrum Health is the victim of a network intrusion. Therefore, Spectrum Health may not know it has a TOR exit node on its network. Alternatively, the DeVos family may have people at Spectrum who know there is a TOR node. i.e.,  could have been placed there with inside help.

When faced with some anomalous activity that seemed to tie into the weird DNS traffic, the experts suggested that maybe the Spectrum hack related to the DNS anomaly.

To be clear, this Tor allegation is the the weakest part of this white paper. You will hear about this to no end over the next week. It was technically wrong.

But the allegation in the white paper is that maybe a recent hack of Spectrum Health is why it had this anomalous traffic with Trump’s marketing server. There’s your hack!!

Had the people at FBI’s cybersecurity side actually treated this as a possible compromise, it might have addressed the part of this story that never made any sense. And we might not, now, six years later, be arguing about what might explain it.

Let me be clear: I do think the white paper overstated its conclusions. I don’t think secret communication is the most obvious explanation here.

But there are hacks and then there are hacks in the testimony of DeFilippis’ star cybersecurity agent.

Update: Corrected an attribution to Batty instead of Hellman.

Update: Fixed my own timeline.

Update: Added link to Robert Graham’s analysis.

Update: This may be where Hellman gets his erroneous three week claim. There were two histograms included with the report. One, the close-up, does start around July 7.

But the broader scope shows look-ups earlier, very actively in June, but with a few stray ones in May.

The government didn’t include the pages and pages of logs that Batty complained about in this exhibit. Had they, it would be clear to jurors that this claim is false.

Update: Correction on two points. First, I think I’ve finally got the Lync exchange above correct between Batty and Hellman. As noted, Hellman complains that “it contains an absurd quantity of data” to which Batty responded, the data seemed “inserted to overwhelm and confuse the reader.”

Second, I was wading through exhibits this morning and found the exhibit of 19 pages of logs. Here’s just a subset of them, including logs that go back to May 2016. Hellman didn’t look even at the printed page of log files closely enough to realize his claim about three weeks was wrong. These data weren’t intended to overwhelm the reader. They were there to show how the anomaly accelerated during the election.

With a Much-Anticipated Fusion GPS Witness, Andrew DeFilippis Bangs the Table

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs. If you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations for this coverage — which reflects the culmination of eight months work. 

Andrew DeFilippis has done several arguably unethical things in an attempt to win the Michael Sussmann trial.

He repeatedly attempted to get Marc Elias to repeat something Elias shouldn’t have said in the first place: that the only way to understand whether Sussmann had gone to the FBI to benefit the Hillary campaign would be to ask him (in response to which stunt Sussmann is asking for a mistrial).

DeFilippis also set up a ploy to get a non-expert to offer opinions that only an expert should offer (more on that later).

At times (such as during Neustar employee Steve DeJong’s testimony), DeFilippis seemed more focused on eliciting testimony that might help him make a case against Rodney Joffe than obtain a guilty verdict against Sussmann.

And in direct examination yesterday of Fusion’s Laura Seago (my reading of the transcript is here), he did both, violating Judge Cooper’s orders in an attempt to set up his ongoing investigation in a way that did nothing to help him win the trial against Sussmann.

For all the anticipation for it, Seago’s testimony was not all that helpful to Durham’s team. She described having about as much awareness of which Democratic entity Fusion’s ultimately client was as the FBI did on Carter Page’s FISA applications. She indicated that the Alfa Bank allegations were just one of a whole bunch of possible ties to Russia that Trump had. She described how, to the extent Fusion could assess the Alfa Bank allegations, they found them credible. In discussing Fusion’s pitch to Franklin Foer on the Alfa Bank story, she described the other major data scientists who had backed the Alfa Bank allegations, identities that Durham has always suppressed because they kill his conspiracy theory.

Q. And what was discussed? What did you say, and what did they say?

A. I really don’t remember the specifics six years on. We talked about the allegations between the Trump organization and Alfa-Bank. We talked about highly credible computer scientists who seemed to think that these allegations were credible.

Q. And by that, are you referring to Mr. Joffe or somebody else?

A. There were others that ended up being cited in Mr. Foer’s article. He cited L. Jean Camp and Paul Vixie, who invented the DNS system.

During cross-examination by Sussmann lawyer Sean Berkowitz, Seago made it clear she didn’t tell Foer about the FBI investigation into these matters.

Q. And with respect to your meeting with Mr. Foer, did you tell Mr. Foer that the FBI was investigating these allegations?

A. No. I had no knowledge of that investigation.

Q. So before your meeting with Franklin Foer, did you have any information that the FBI was involved in any way?

A. No.

Q. All right. Did Mr. Fritsch or anyone else at the meeting say, “The FBI is looking into this”?

A. Not that I can remember.

Also on cross, Seago described that her impression from having dealt with Joffe is that he really did believe the allegations too.

Q. And your impression of Mr. Joffe that was made at that meeting was that he was — he seemed reliable?

A. Yes.

Q. And he seemed well-placed to have knowledge and information about the server issues?

A. Yes, he did.

Q. And you understood that Mr. Joffe supported the suggestion that there was at least potential contact between Trump servers and Alfa-Bank servers?

A. Yes, I did.

MR. DeFILIPPIS: Objection, Your Honor.

THE COURT: Overruled.

Q. You answered the question?

A. Yes, I did understand that.

But it was in DeFilippis’ treatment of emails that Judge Cooper granted Durham’s team access to, but did not permit them to use at trial, where he got particularly obnoxious. Remember: while Durham’s team maintained from the start that the privilege claims behind these emails were not proper (because they were largely about communicating with the press, not about providing research assistance to the Democrats), the reason they didn’t get access to them was their own incompetence. They didn’t ask for a privilege review until right before trial.

DeFilippis has no one to blame but himself, but in true right wing fashion, he’s lashing out.

Perhaps in an attempt to make some drama out of documents that Cooper described “not very revelatory,” DeFilippis walked Seago through all the ones she was privy to, including those with Joffe that Cooper ruled were privileged.

Generally, such exchanges went something like this:

Q. Ms. Seago, does this appear to be part of the same chain as the prior email exchanges?

A. It has the same “Subject” line and says “Re,” so that is what it appears to be. I have no independent recollection of this email.

Q. And what, if any, connection in your mind did the Alfa Bank issue have to New York? I ask because “New York” is in the “Subject” line. Any sense?

A. I don’t know.

Q. And the attachment on this email, any sense of what that was?

A. I don’t know.

Note: there’s no reason to believe Seago has reviewed these emails recently.

That was all setup for DeFilippis’ last set of questions:

Q. Did you ever receive instructions that you couldn’t disclose your affiliation with Fusion GPS to the media?

A. No. I don’t remember hiding that affiliation from the media ever.

Q. Do you ever remember hiding or considering hiding that affiliation from anyone?

A. No.

Q. How certain are you of that?

A. I’m quite certain. You know, we don’t go around advertising who we are and where we work, but I certainly don’t lie to people, and I don’t lie to the press about where I work.

Q. Okay. So you’re fairly certain you never sought to conceal that?

A. Not that I can recall.

Immediately after Seago left the stand, DeFilippis asked for a bench conference (the DC Court adopted phones for the purpose during COVID and all the judges love them, so they’re keeping them). Seago’s answer to the question, DeFilippis noted, was inconsistent with the content of the email, which referenced Tea Leaves.

MR. DeFILIPPIS: Your Honor, could we speak to you on the phone?

THE COURT: Excuse me?

MR. DeFILIPPIS: Could we speak to you on the phone?

THE COURT: Yes. (The following is a bench conference outside the hearing of the jury)

MR. DeFILIPPIS: Your Honor, can you hear me now?


MR. DeFILIPPIS: So we have an issue with regard to Ms. Seago’s testimony. The government followed carefully Your Honor’s order with regard to the Fusion emails that were determined not to be privileged but that the government had moved on.

As Your Honor may recall, there was an email in there in which Ms. Seago talks very explicitly about seeking to approach someone associated with the Alfa-Bank matter and concealing her affiliation with Fusion in the email. When we asked her broadly whether she ever did that, she definitively said no when I, you know, revisited it with her. So it raises the prospect that she may be giving false testimony.

And so we were — you know, I considered trying to refresh her with that, but I didn’t understand that to be in line with Your Honor’s ruling. So the government is — we’d like to consider whether we should be — we’d like Your Honor to consider whether we should be able to at least recall her and refresh her with that document?

THE COURT: I don’t remember that question, but the subject matter was concealing Fusion or her identities in conversations with the press. If I recall correctly, that email related to “tea leaves,” correct?

MR. DeFILIPPIS: Your Honor, I thought I had phrased it more broadly. We can go to the transcript.

THE COURT: Mr. Berkowitz?

MR. BERKOWITZ: Judge, I’m not familiar with the specifics. I’m happy to take a look at the transcript. I certainly got the impression he was asking if she had ever concealed Fusion as an entity from the press. That was what was asked in her deposition, and she answered the same way in her deposition. One thing, just to note, some of our paralegals can hear Mr. DeFilippis talking, so I suggest, just as a reminder, to keep your voices down.

MR. DeFILIPPIS: Sure, sure.

THE COURT: All right. Let me look at the transcript.


THE COURT: Can you hear me?

MR. DeFILIPPIS: Yes, Your Honor.

THE COURT: All right. Looking at the transcript, I think you did ask a more open-ended question. She said, “I don’t remember hiding that affiliation from the media ever.” And then you followed up, “Do you ever remember hiding or considering hiding that affiliation from anyone?” And she answered, “No.” I would — so I think that she — I think the email is inconsistent with her answer, Mr. Berkowitz. But the question now is whether they can refresh her with that email notwithstanding the Court’s order. And now she’s gone.

How are we going to do that even if we were to allow it? Is it worth the candle of calling her back?

MR. DeFILIPPIS: Your Honor, I understand she’s still in the building.

MR. BERKOWITZ: Your Honor, is this email privileged?

MR. DeFILIPPIS: This was one of the emails that was determined not to be privileged by Your Honor.

MR. BERKOWITZ: So why didn’t they impeach her with it when they had the chance?

MR. DeFILIPPIS: Your Honor, the reason is because I didn’t want to violate Your Honor’s order that we couldn’t use those affirmatively.

THE COURT: Well, I think the time to have asked the Court whether using the document to refresh was consistent with the order was before she was tendered and dismissed. So I think you waived your opportunity. All right? So we’re going to move on.

Frankly, I think using the formerly privileged emails to impeach was beyond the scope of Cooper’s order, too. This was an affirmative use of the email!

But this was nothing more than a perjury trap, and with it an attempt to get the content of the email DeFilippis had been prohibited from using before the jury. Cooper didn’t allow it in, though he shouldn’t have allowed that line of questions in either (had such questions been permitted, then Seago should have been permitted to refresh her own memory of them).

Probably, DeFilippis will consider charging her with perjury over this. I think the fact that both Judge Cooper and Berkowitz had the impression that the question pertained solely to outreach to the press, Seago’s reiteration that, “I don’t lie to the press about where I work,” reinforcing that understanding, plus her last minute caveat, “Not that I can recall,” would make such a case as flimsy as this one. Probably, DeFilippis will use this exchange as part of his bid to get access to some subset of the 1,500 other not very revelatory emails that Democrats have claimed privilege over.

But this was a stunt. It wasn’t about getting, or sharing, the truth with the jury (and any scenario in which I can imagine Seago trying to hide her identity with Tea Leaves would suggest a more distant relationship than even I imagined Fusion had, though I would love to know what it was).

When a prosecutor engages in as many stunts as DeFilippis has, it’s a confession he knows the facts are not on his side.

Like the January 6 Investigation, the Mueller Investigation Was Boosted by Congressional Investigations

Midway through an article on which Glenn Thrush — who as far as I recall never covered the Russian investigation and has not yet covered the January 6 investigation — has the lead byline, the NYT claims that it is unusual for a congressional committee to receive testimony before a grand jury investigation does.

The Justice Department has asked the House committee investigating the Jan. 6 attack for transcripts of interviews it is conducting behind closed doors, including some with associates of former President Donald J. Trump, according to people with knowledge of the situation.

The move is further evidence of the wide-ranging nature of the department’s criminal inquiry into the events leading up to the assault on the Capitol and the role played by Mr. Trump and his allies as they sought to keep him in office after his defeat in the 2020 election.


The Justice Department’s request for transcripts underscores how much ground the House committee has covered, and the unusual nature of a situation where a well-staffed congressional investigation has obtained testimony from key witnesses before a grand jury investigation. [my emphasis]

That’s simply false. This is precisely what happened with the Mueller investigation, and there’s good reason to believe that DOJ made a decision to facilitate doing the same back in July, in part to avoid some evidentiary challenges that Mueller had difficulties with, most notably Executive Privilege challenges.

First, let’s look at how Mueller used the two Congressional investigations.

At the start, he asked witnesses to provide him the same materials they were providing to Congress. I believe that in numerous cases, the process of complying with subpoenas led witnesses to believe such subpoenas were the only way Mueller was obtaining information. Trump Organization, especially, withheld a number of documents from Mueller and Congress, including direct contacts with Russian officials and a Steve Bannon email referencing Russian involvement in the election. By obtaining a warrant for Trump Transition materials held by GSA and the Trump Organization emails of Michael Cohen hosted by Microsoft, Mueller got records the subjects of the investigation were otherwise hiding. Steve Bannon, too, falsely told Mueller he didn’t use his personal accounts for campaign business, only to discover Mueller had obtained those records by the time of his October 2018 interview. Surprising witnesses with documents they had been hiding appears to have been one of the ways Mueller slowly coaxed Bannon and Cohen closer to the truth.

We should assume for key figures in the vicinity of Ali Alexander and John Eastman, the same is happening with the January 6 investigation: the very people who’ve been squealing about complying with subpoenas or call records served on their providers are likely ones DOJ obtained covert warrants for.

Then there are the prosecutions that arose entirely out of Congressional interviews. There were three Mueller prosecutions that arose out of Committee investigations.

Perhaps the most interesting was that of Sam Patten — whose interview materials are here. He had an interview with SSCI on January 5, 2018, where he appears to have lied about using a straw donor to buy Inauguration tickets for Konstantin Kilimnik. By March 20, the FBI attempted their first interview of Patten, after which Patten deleted some emails about Cambridge Analytica. And when Mueller did interview Patten on May 22, they already had the makings of a cooperation deal. After getting Patten to admit to the straw purchase and also to violating FARA — the latter of which he would plead guilty months later, on August 31 — Patten then provided a ton of information about how Kilimnik worked and what he had shared with Patten about his role in the 2016 operation, much of which still remained sealed as part of an ongoing investigation in August 2021. Patten had two more interviews in May then appeared before the grand jury, at which he shared more information about how Kilimnik was trying to monitor the investigation. He had two more interviews before pleading guilty, then at least two more after that.

Not only did Patten share information that likely served as part of a baseline for an understanding about Russia’s use of Ukraine to interfere in US politics and provided investigators with an understanding of what the mirror image to Paul Manafort looked like, but this remained secret from much of the public for three months.

It’s less clear precisely when SSCI shared Cohen’s lies with Mueller. But in the same period, both Mueller and SDNY were developing parallel investigations of him. But by the time Cohen pled guilty in SDNY (also in August 2018), Mueller had the evidence to spend almost three months obtaining information from Cohen as well before he entered into a separate plea agreement with Mueller in which he admitted to the secret communications with the Kremlin that he and Trump lied to hide.

Meanwhile, HPSCI’s much more hapless investigation proved a way to get a limited hangout prosecution of Roger Stone. By May 2018, when Mueller developed evidence showing not just ways that Stone was obstructing his own investigation but also how Stone attempted to craft lies to tell to the Committee — coordinated with Jerome Corsi and reliant on threats to Randy Credico — it provided a way to prosecute Stone while protecting Mueller’s ongoing investigation into whether Stone conspired with Russia.

And by all public appearances at the time, it appeared that Congress was acting while Mueller was not. But that was false (and is probably false now). The entire time during which SSCI and HPSCI were taking steps with Cohen and Stone that would late become really useful to the criminal investigation, Mueller was taking active, albeit covert, steps in his own investigations of the two men (whether he was investigating Patten personally or just Kilimnik is uncertain). Mueller obtained his first warrants against Cohen and Stone in July and August, respectively. But no one knew that until the following spring. That is, Cohen and Stone and everyone else focused on Congress while Mueller got to investigate covertly for another nine months.

We should assume the same kind of thing is happening here. All the more so given the really delicate privilege issues raised by this investigation, including Executive, Attorney-Client, and Speech and Debate. When all is said and done, I believe we will learn that Merrick Garland set things up in July such that the January 6 Committee could go pursue Trump documents at the Archives as a co-equal branch of government bolstered by Biden waivers that don’t require any visibility into DOJ’s investigation. Privilege reviews covering Rudy Giuliani, Sidney Powell, and John Eastman’s communications are also being done. That is, this time around, DOJ seems to have solved a problem that Mueller struggled with. And they did so with the unsolicited help of the January 6 Committee.

Even those of us who’ve been covering DOJ’s January 6 prosecution day-to-day (unlike Thrush) have no way of saying what DOJ has been doing covertly in the last year — though it is public that they’ve been investigating Alex Jones, the purported new thrust of this investigation, since August.

What we know from recent history, however, is that DOJ’s use of Congress’ work in no way suggests DOJ hasn’t been doing its own.