DOJ Was Still Working to Access Joshua Schulte’s Phone in September 2019

Glenn Greenwald is making factually unsupported defenses of Russia on Twitter again.

Yesterday, he made an argument about what he sees as one of the most overlooked claims in the Yahoo piece suggesting there was an assassination plot against Julian Assange and then, 100-something paragraphs into the thing, admitting that discussions of killing Assange were really regarded in the CIA as, “a crazy thing that wastes our time.”

Glenn doesn’t, apparently, think the overlooked detail is that the timeline in the story describing the changing US government understanding towards Assange, including Edward Snowden’s central role in that, shows that Assange’s defense lied shamelessly about the timeline in his extradition hearing.

Nor does Glenn seem interested that DOJ didn’t charge Assange during the summer of 2017 after Mike Pompeo started plotting against the Australian, but only did so on December 21, 2017, as the US and UK prepared for what they believed to be an imminent exfiltration attempt by Russia.

Intelligence reports warned that Russia had its own plans to sneak the WikiLeaks leader out of the embassy and fly him to Moscow, according to Evanina, the top U.S. counterintelligence official from 2014 through early 2021.

The United States “had exquisite collection of his plans and intentions,” said Evanina. “We were very confident that we were able to mitigate any of those [escape] attempts.”

[snip]

Narvaez told Yahoo News that he was directed by his superiors to try and get Assange accredited as a diplomat to the London embassy. “However, Ecuador did have a plan B,” said Narvaez, “and I understood it was to be Russia.”

Aitor Martínez, a Spanish lawyer for Assange who worked closely with Ecuador on getting Assange his diplomat status, also said the Ecuadorian foreign minister presented the Russia assignment to Assange as a fait accompli — and that Assange, when he heard about it, immediately rejected the idea.

On Dec. 21, the Justice Department secretly charged Assange, increasing the chances of legal extradition to the United States. That same day, UC Global recorded a meeting held between Assange and the head of Ecuador’s intelligence service to discuss Assange’s escape plan, according to El País. “Hours after the meeting” the U.S. ambassador relayed his knowledge of the plan to his Ecuadorian counterparts, reported El País.

What Glenn thinks is important is that, on April 13, 2017, when Mike Pompeo labeled WikiLeaks a non-state hostile intelligence service, the CIA did not yet have proof that “WikiLeaks was operating at the direct behest of the Kremlin,” though of course Glenn overstates this and claims that they had “no evidence.”

Glenn then claimed that CIA’s lack of proof on April 13, 2017 is proof that all claims about Assange’s ties with Russia made in the last five years — that is, from roughly October 7, 2016 through October 12, 2021 — lacked (any!) evidence. In other words, Glenn claims that CIA’s lack of proof, before UC Global ratcheted up surveillance against Assange in June 2017 and then ratcheted it up much more intensively in December 2017, and before US intelligence discovered the Russian exfiltration attempt, and before they had enough evidence to charge Joshua Schulte in 2018, and before they seized Assange’s computer in 2019, and before Snowden wrote a book confirming WikiLeaks’ intent in helping him flee, is proof that they never acquired such proof in the 1600 days since then.

At the time Pompeo made his comments, FBI was just five weeks into the Vault 7 investigation. They were chasing ghosts in the Shadow Brokers case, which also implicated Assange. Robert Mueller had not yet been appointed and, perhaps a month after he was, Andrew Weissmann discovered that, “the National Security Division was not examining what the Russians had done with the emails and other documents they’d stolen from those servers.” Pompeo’s comments came four months before Mueller obtained the first warrant targeting Roger Stone. They came seven months before Mueller obtained a warrant targeting Assange’s Twitter account. They came sixteen months before Mueller obtained a warrant describing a hacking and foreign agent investigation into WikiLeaks and others. They came 25 months before Mueller released his report while redacting the revelation that multiple strands of the investigation into Stone were ongoing (though also stating they did not have enough admissible evidence to prove Assange knew that Russia continued to hack the DNC). They came three years before DOJ kept the warrants reflecting the foreign agent investigation into WikiLeaks and others largely redacted, presumably because that investigation remained ongoing. They came three and a half years before the government withheld almost all of WikiLeaks lawyer Margaret Kunstler’s two interviews with Mueller’s team because of an ongoing investigation.

And all that’s separate from the long-standing WikiLeaks investigation at EDVA that led to Assange’s charges, which Rod Rosenstein has said never fully moved under Mueller.

On April 13, 2017, the investigation into Assange’s activities in 2016 had barely begun. Yet the fact that CIA couldn’t prove Assange was a Russian agent before most investigation into these things had started, Glenn claims, is proof that Assange is not a Russian agent.

It’s a logically nonsensical argument, but because certain gullible WikiLeaks boosters don’t see the flaws in the argument, I’d like to point to something fascinating disclosed just recently in the Joshua Schulte case: as late as September 2019, DOJ was still trying to get a full forensic image of the the phone Schulte was using when he was first interviewed on March 15, 2017.

That was revealed in the government’s response to a Schulte motion to suppress evidence from the Huawei he used at the time, in the early stages of the FBI’s investigation. We saw many of these warrants from Schulte’s first attempt to get these early warrants suppressed (in which his attorney noted that the government got a second device-specific warrant). But Schulte is challenging the search on a basis that even Sabrina Shroff didn’t raise two years ago.

As the government tells it, FBI agents used a subpoena to get Schulte to hand over his phone during the interview on March 15 before they all returned to his apartment where they had a warrant for all his devices, then got a separate warrant at 1:26AM that night to search the phone specifically. They were unable to do so because it was locked, so in an interview on March 21 — at which time the search warrant was still valid — they got Schulte to open his phone (something his attorney at the time boasted he did voluntarily during a 2017 bail hearing).

Someone must have lost their job at FBI, though, because after Schulte opened the phone, it rebooted, preventing them from obtaining a full forensic copy of the device.

On March 20 and 21, 2021, the defendant, accompanied by his attorneys, was interviewed by the Government and law enforcement agents at the U.S. Attorney’s Office. At the interview on March 21, 2021, the defendant, in the presence of counsel, consented to a search of the Cellphone and entered his password to unlock it. (Id. ¶ 13(b)). When the Cellphone was unlocked, however, it rebooted, and FBI was able to obtain only a logical copy of the Cellphone rather than a complete forensic image. (Id. ¶ 13(c)).

However, in its response to Schulte, the government is relying on two documents that it released for the first time. First, a location warrant/pen register targeting three different phones, which the government submitted to show that Schulte’s Google history obtained on March 14 showed that he searched for ways to delete files in the time period he is accused of stealing the CIA files and deleting evidence of doing so. The affidavit is useful for explaining how Schulte was using phones in that period of 2017. In addition to the Huawei, for example, Schulte had a phone with a Virginia number he used to call at least one of his CIA colleagues between March 7 and when he canceled the phone on March 12. Then, after he gave the FBI his Huawei phone, he bought one that night he used to call Bloomberg (his employer), and another on March 17.

More importantly, the government released the affidavit and warrant from September 9, 2019, providing more explanation why they weren’t able to fully exploit the phone in 2017.

After Schulte unlocked the phone, FBI personnel attempted to forensically image the Subject Device so that the FBI could review its contents. However, because the Subject Device rebooted during that process, the FBI was able to obtain only a logical forensic image of the Subject Device (the “Logical Forensic Image”). Although the Logical Forensic Image contains some content from the Subject Device, the Logical Forensic Image does not contain all data that may be on the Subject Device, including deleted information and data from applications. The data and information from the Subject Device that is missing from the Logical Forensic Image would likely be captured on a complete forensic image of the phone (“Complete Forensic Image”). However, in March 2017, the FBI was unable to obtain a Complete Forensic Image of the Subject Device because the Subject Device locked after it rebooted and the FBI did not know the password to unlock the phone again to attempt to obtain a Complete Forensic Image.

On or about August 12, 2019, FBI personnel involved in this investigation successfully unlocked the Subject Device using a portion of a password identified during the course of the investigation (“Password-1”). Forensic examiners with the FBI believe that they will be able to obtain a Complete Forensic Image of the Subject Device using Password-1.

After unlocking the Subject Device using Password-1, an FBI agent promptly contacted the Assistant United States Attorneys involved in this investigation to inform them of this development, and the decision was made to seek a warrant to search the Subject Device for evidence, fruits, and instrumentalities of the Subject Offense.

The affidavit explains, among other things, that Schulte first obtained the phone on September 21, 2016 and logged into Google right away (somewhere in the vast paperwork released in the case, Schulte admitted that Google was his big weakness — and how!).

In the government response, they describe that the government did search the phone. They say the phone contains images of a woman Schulte lived with that he was charged, in Virginia, with assaulting in 2015.

The FBI searched the Cellphone pursuant to that warrant. The Cellphone contains, among other things, images of an individual identified as Victim-1 in the Government’s prior filings.

It’s an interesting defense of the import of the warrant. As the government explained in 2017 when it first informed Judge Paul Crotty of the Virginia assault charge, the incriminating photos had already been found on one of Schulte’s phones (it’s unclear whether these were found on the Huawei or the phone shut down on March 12), so the State of Virginia presumably doesn’t need any images discovered after 2019 to prosecute him on the assault charge.

As relevant here, the Government discussed several photographs recovered from the defendant’s cellphone that depicted an unknown individual using his hands to sexually assault an unconscious female woman (the “Victim”). (See Exhibit A, Aug. 24, 2017 Tr. at 12-13). At the time, the Government was aware that the Victim knew the defendant and had lived in his apartment as a roommate in the past. (Id.) Magistrate Judge Henry B. Pitman, who presided over the presentment, did not consider the information proffered by the Government regarding the Victim, explaining that “facts have [not] been proffered that . . . tie Mr. Schulte to the conduct in that incident.” (Id. at 48-89). Nevertheless, Judge Pitman detained the defendant concluding that the defendant had not rebutted the presumption that he was a danger to the community. (Id. at 47-49).

[snip]

On or about November 15, 2017, the defendant was charged in Loudoun County Virginia with two crimes: (i) object sexual penetration, a felony, in violation Virginia Code Section 18.2-67.2; and (ii) the unlawful creation of an image of another, a misdemeanor, in violation of Virginia Code Section 18.2-386.1. The Government understands that these charges are premised on the photographs of the Victim. Specifically, the Loudoun County Commonwealth’s Attorneys Office has developed evidence that the defendant was the individual whose hands are visible in the photographs sexually penetrating the Victim.

But whatever they found on the phone, the government made an effort to make clear that even this 2019 search — which might have obtained deleted WhatsApp or Signal texts, both of which Schulte has used — was covered by a search warrant, something Schulte is currently trying to suppress only on a poison fruit claim.

This wasn’t the only evidence the government obtained years after Schulte became the primary suspect, though. They didn’t obtain full cooperation from Schulte’s closest buddy from when he was at the CIA, Michael, until January 2020, just before his first trial (which is one of the reasons the government provided fatally late notice to Schulte that the friend had been placed on leave at CIA). Michael helped Schulte buy the disk drives the government seems to suspect Schulte used in the theft, he also knew of Schulte’s gaming habits, and the CIA believed he might know more about Schulte’s theft from CIA.

So it’s clear that for most of the time that Glenn says the investigation as it stood in April 2017 must reflect all the evidence about Schulte, Assange, and Russia, the government continued to investigate.

None of that says DOJ obtained information from Schulte in that time implicating Assange in ties with Russia (though, as I’ve noted, someone close to WikiLeaks told me Schulte reached out to Russia well before ambiguous references to Russia showed up at Schulte’s trial). But to suggest all the evidence the government might now have was already in their possession on April 13, 2017, requires ignoring everything that has happened since that time.

Timeline

October 7, 2016: In statement attributing DNC hack to Russia, DHS and ODNI include documents released by WikiLeaks; an hour later WikiLeaks starts Podesta release

January 6, 2017: Intelligence Community Assessment assesses, with high confidence, that GRU released stolen documents via exclusives with WikiLeaks

March 7, 2017: First Vault 7 release, including unredacted names of key CIA developers

March 13, 2017: Affidavit supporting covert warrant approving search of Schulte’s apartment, including the devices found there

March 14, 2017: Affidavit supporting overt warrant approving search of Schulte’s apartment, including devices

March 14, 2017: Search warrants for Schulte’s Google account and other electronic accounts

March 15, 2017: 302 from interview with Schulte and testimonial subpoena and cell phone subpoena handed to him at interview

March 16, 2017: Affidavit supporting search warrant authorizing search of Schulte’s Huawei smart phone

March 31, 2017: Warrant and pen register for three different Schulte phones — one serviced by Sprint that he had used through all of 2016 but canceled on March 12, 2017, one he obtained after his phone was seized on March 15, 2017 serviced by Virgin, another he bought on March 17, 2017 serviced by AT&T

April 13, 2017: Mike Pompeo declares WikiLeaks a non-state hostile intelligence service

May 17, 2017: Robert Mueller appointed

August 7, 2017: Mueller obtains first warrant targeting Stone, covering hacking

August 23, 2017: Schulte charged with possession of child pornography

September 6, 2017: Schulte indicted on child pornography charges

September 26, 2017: Roger Stone testifies before HPSCI, lies about source for advance knowledge

October 19, 2017: Stone falsely claims Credico is his intermediary with WikiLeaks

November 6, 2017: Mueller obtains warrant targeting Assange’s Twitter account, citing hacking, conspiracy, and illegal foreign political contribution

November 8, 2017: Schulte claims to have been approached by foreign spies on Subway between his house and court appearance

November 9, 2017: WikiLeaks releases source code, billing it Vault 8

November 14, 2017: Assange invokes CIA’s source code (Vault 8) in suggesting Don Jr should get him named Ambassador to the US

November 16, 2017: Schulte tells FBI story about approach on Subway, accesses Tor

November 17, 2017: Schulte accesses Tor

November 26, 2017: Schulte accesses Tor

November 30, 2017: Schulte accesses Tor

December 5, 2017: Schulte accesses Tor

December 7, 2017: Schulte detained pursuant to charges of sexual assault in VA and violating release conditions

December 12, 2017: Randy Credico invokes the Fifth

December 21, 2017: Assange first charged with CFAA charge

March 6, 2018: Assange indicted on single CFAA charge

June 18, 2018: Superseding Schulte indictment adds Vault 7 leak charges

June 19, 2018: WikiLeaks links to Schulte diaries

August 20, 2018: Mueller obtains warrant describing investigation of WikiLeaks and others into conspiracy, hacking, illegal foreign contribution, and foreign agent charges

September 25, 2018: Schulte posts diaries from jail

October 31, 2018: Second Schulte superseding indictment adds charges for leaking from MCC

April 11, 2019: Assange seized from Embassy

May 23, 2019: Superseding Assange indictment adds Espionage Act charges

August 16, 2019: After FBI interview, CIA places Schulte buddy, “Michael” on leave

September 9, 2019: Affidavit in support of warrant authorizing search of Huawei phone

February 4, 2020: Schulte trial opens

February 12, 2020: Schulte attorneys reveal “Michael” was put on paid leave in August 2019

March 6, 2020: In effort to coerce Jeremy Hammond to testify, AUSA twice tells Hammond that Julian Assange is a Russian spy

March 9, 2020: Judge Paul Crotty declares mistrial on most counts in Schulte case

April 28, 2020: DOJ continues to redact Foreign Agent warrants targeting WikiLeaks and others because of ongoing investigation

June 8, 2020: Third superseding Schulte indictment adds clarification to the charges

June 24, 2020: Second superseding Assange indictment extends CFAA conspiracy through 2015, citing efforts to use Snowden to recruit more leakers

November 2, 2020: BuzzFeed FOIA reveals that Mueller referred “factual uncertainties” regarding possible Stone hacking charge to DC US Attorney for further investigation, but also finding that it did not have admissible evidence that Assange knew Russia continued to hack the DNC

September 3, 2021: Schulte submits motion to suppress cell phone content

September 31, 2021: Schulte’s motion to suppress docketed

October 1, 2021: Government response to Schulte motion to suppress

Share this entry

FBI Searches the Home of the Guy Who Said, “I want to see thousands of normies burn that city to ash” on January 6

I want to see thousands of normies burn that city to ash today — Telegram text from person described as UCC-1, January 6, 2021

According to NYT’s Alan Feuer, the person who participated in the Proud Boy leadership Telegram chat planning for January 6 who was described as “Unindicted Co-Conspirator 1” (UCC-1) in the Proud Boy Leaders indictment is Aaron Whallon-Wolkind, the Vice President of the Philadelphia Chapter of the Proud Boys.

As described in the indictment, in Telegram chats obtained from Nordean’s phone, UCC-1 made a comment on January 4 reflecting an existing plan. And he played a key role in setting up the radio communications that would be used on the day of the riot.

41. On January 4, 2021, at 8:20 p.m., an unindicted co-conspirator (“UCC-1”) posted to New MOSD channel: “We had originally planned on breaking the guys into teams. Let’s start divying them up and getting baofeng channels picked out.”1

42. On January 5, 2021, at 1:23 p.m., a new encrypted messaging channel entitled “Boots on the Ground” was created for communications by Proud Boys members in Washington, DC. In total, over sixty users participated in the Boots on the Ground channel, including D.C. NORDEAN, BIGGS, REHL, DONOHOE, and UCC-1. Shortly after the channel’s creation, BIGGS posted a message to the channel that read: “We are trying to avoid getting into any shit tonight. Tomorrow’s the day” and then “I’m here with rufio and a good group[.]”

[snip]

47. UCC-1 the At 9:09 p.m., broadcast a message to New MOSD and Boots Ground channels that read: “Stand by for the shared baofeng channel and shared zello channel, no Colors, be decentralized and use good judgement until further orders” UCC-1 also wrote, “Rufio is in charge, cops are the primary threat, don’t get caught by them or BLM, don’t get drunk until off the street.” UCC-1 then provided a specific radio frequency of 477.985.

UCC-1 also warned the others not to write their criminal plans in Telegram texts.

Specifically, the person identified in the Superseding Indictment as Unindicted Co-Conspirator (“UCC-1”) advised that participants “[s]houldn’t be typing plans to commit felonies into your phone.” UCC-1 later directed that, “if you’re talkin[g] about playing Minecraft2 you just make sure you don’t use your phone at all or even have it anywhere around you.”

2 Minecraft is a video game. Based on information provided by the FBI, the government understands that it is common for persons discussing criminal activity online to refer to such activity as occurring “in Minecraft” to conceal the true nature of the activity.

The full context of UCC-1’s comment about burning DC to ash includes a comment reflecting his belief that “the state is the enemy of the people” and a response from Person 2 describing that “normiecons” have no adrenaline control, a recognition that shows up elsewhere that the Proud Boys could and did inflame non-Proud Boy members.

DONOHOE: Are you here?

UCC-1: No I started a new job, don’t want to fuck it up yet

DONOHOE: Well fuck man

UCC-1: There will be plenty more I’m sure lol

UCC-1: I want to see thousands of normies burn that city to ash today

Person-2: Would be epic

UCC-1: The state is the enemy of the people

Person-2: We are the people

UCC-1: Fuck yea

Person-3: God let it happen . . . I will settle with seeing them smash some pigs to dust

Person-2: Fuck these commie traitors

Person-3 It’s going to happen. These normiecons have no adrenaline control . . . They are like a pack of wild dogs

DONOHOE: I’m leaving with a crew of about 15 at 0830 to hoof it to the monument no colors

Person-2 Fuck it let them loose

Person-3 I agree . . . They went too far when the [sic] arrested Henry as a scare tactic

A detention memo for Ethan Nordean revealed that UCC-1 was monitoring livestreams and using other methods to track the riot (I’ve written about how useful former Army Captain Gabriel Garcia’s live streams would have been for that purpose; given Whallon-Wolkind’s role in setting the channel for the Baofengs, it’s likely he tracked that too).

When the Defendant, his co-Defendants, and the Proud Boys under the Defendant’s command did, in fact, storm the Capitol grounds, messages on Telegram immediately reflected the event. PERSON-2 announced, “Storming the capital building right now!!” and then “Get there.” UCC-1 immediately followed by posting the message, “Storming the capital building right now!!” four consecutive times.6 These messages reflect that the men involved in the planning understood that the plan included storming the Capitol grounds. This shared understanding of the plan is further reflected in co-Defendant Biggs’ real-time descriptions that “we’ve just taken the Capitol” and “we just stormed the fucking Capitol.”

6 UCC-1 and PERSON-2 are not believed to have been present on the Capitol grounds, but rather indicated that they were monitoring events remotely using livestreams and other methods.

The centrality of UCC-1 in the indictment against the Proud Boy leaders — along with Aram Rostom’s reporting on Whallon-Wolkind’s past efforts to share information on Antifa with the FBI — fed conspiracies about the FBI seeding the entire January 6 riot.

In January 2019, a member of the Philadelphia chapter of the Proud Boys who called himself “Aaron PB” was on a Telegram chat with fellow members to gather information about Antifa, according to leaked chat screenshots whose authenticity was confirmed by a source familiar with the Proud Boys and by a lawyer for Aaron PB. Aaron PB said in a chat that he was gathering “info we want to send our FBI contact.”

A source close to the federal investigation told Reuters that “Aaron PB” is a Philadelphia Proud Boy leader named Aaron Whallon-Wolkind.

Whallon-Wolkind did not respond to phone calls or questions sent via text. Reached by a Reuters reporter, he hung up.

Patrick Trainor, a New Jersey lawyer for Whallon-Wolkind in an unrelated lawsuit, said Whallon-Wolkind and other Philadelphia Proud Boys had talked about inconsequential matters with the FBI over the years. Those contacts did not amount to anything substantive, Trainor said. Trainor represents other Proud Boys as well.

“They’ve all been approached at different times at different rallies in the city of Philadelphia,” he said. “Plainclothes FBI guys wanted to talk to them. You know: ‘We heard this happened. This happened so let’s talk about it.’”

Trainor acknowledged Whallon-Wolkind made the comments about “our FBI contact” on the Telegram chat, but believes they were not meant to be taken seriously. “I think he was just breaking balls,” Trainor said. “I think there was no contact with the FBI.”

In a May Motion for a Bill of Particulars, Ethan Nordean’s attorneys professed to need the identity of UCC-1 because key allegations in the conspiracy were attributed to him.

The government uses the statements of a person identified as “UCC-1” in the FSI to detain Nordean and to establish a conspiracy. The government has not produced evidence identifying this individual.

[snip]

The FSI cites a “UCC-1” who allegedly makes various conspiratorial remarks. FSI, ¶¶ 41, 42, 47. The government has not produced evidence identifying this individual.

But by July 15 (not long before Enrique Tarrio called Zach Rehl’s wife to sound out whether Rehl was flipping), when Judge Tim Kelly asked whether Nordean lawyer Nick Smith still wanted that identity, Smith instead emphasized a greater need for evidence linking Dominic Pezzola to his client. Smith did complain that the Proud Boys were left speculating on the identity of the person, ridiculously suggesting that his client didn’t know the identities of the around six other people with whom he was in a leadership Telegram channel. Smith then noted that there was public information (Rostom’s reporting) that UCC-1 had been a government informant. Prosecutor Luke Jones then confirmed that UCC-1 was not a CHS — that is, a paid informant of the sort that FBI might use to entrap others.

Nevertheless, in July, it appeared that prosecutors had a cooperating witness who could attest to an advance plan to storm the Capitol.

On Friday, according to a filing purporting to argue that Zach Rehl should be released on bail, FBI agents raided Whallon-Wolkind’s home.

Rehl’s attorney, Jonathon Moseley, claimed that because (he said), “Aaron Whallon-Wollkind did not join the events in the District of Columbia on January 6, 2021, whether the peaceful demonstrations or the violent attacks by a very, very few against U.S. Capitol Police … the Government has no basis for investigating or charging Whallon-Wollkind other than his connection to Zachary Rehl” [all three forms of emphasis Moseley’s], which in turn Moseley claimed was proof that the government still did not have any evidence against Rehl.

It’s a colossally stupid argument, almost as stupid as Moseley’s last two filings, in which he admitted that the Proud Boys “‘circle[d]’ (in a rectangle) the region around the Capitol to monitor the risk from counter-demonstrators,” an encirclement plan that had been publicly tied to obstructing the vote count in advance, and then argued that because Ali Alexander, a brown person who took credit for organizing the Stop the Steal rallies, had not been arrested yet, his [white] client should not have been either.

In the guise of arguing that a warrant that Judge Kelly likely knew about — if not authorized — in advance did not substantiate probable cause, Moseley laid out anything a co-conspirator might want to know about the raid of one of another co-conspirator, including the date of the search, the items listed in the warrant, the crimes under investigation, the items seized, and Whallon-Wolkind’s [wise] refusal to answer questions without an attorney present.

Before dawn on the morning of Friday, October 8, 2021, approximately 20 law enforcement agents heavily armed and wearing riot police gear, raided the home rented by Aaron Whallon-Wollkind near the Pennsylvania border. Aaron was awakened to threats, commands, and intimidation from an extremely loud loud-speaker (far more powerful than a hand-held bullhorn) ordering him to come out of his rural house with his hands up. He walked out of the door to find his girlfriend already handcuffed outdoors without any pants being guarded by the riot-gear wearing FBI agents.

On his lawn he found an armored personnel carrier which he understands to be a “Bear Cat.” The tank-like armored personnel carrier and other vehicles had torn up his lawn. There was also a roughly 15 foot long battering ram mounted on a vehicle. They were apparently all agents of the Federal Bureau of Investigation or at least led by the FBI with supporting officers.

[snip]

In the pre-dawn of Friday, October 8, 2021, Whallon-Wollkind was also handcuffed and held outside while the agents ransacked his house along with his half-naked girlfriend. After some of the roughly 20 agents had searched his house inside, some of the agents brought Whallon-Wollkind back inside where they had moved a single chair in the middle of a room like an interrogation scene from a war movie. They sat him down and began to interrogate him. He told them that he refused to say anything without the advice of an attorney.

The FBI took all of his computer and computer devices and phones, including an old broken phone.

However, Whallon-Wollkind was not arrested or charged.

[snip]

They had staked out his house and taken photographs. The only thing they did not already have is evidence of Zachary Rehl planning, organizing, or leading a poorly-defined “Stop the Steal protest” which Ari [sic] Alexander takes credit for being the National Organizer of. Counsel has reviewed the search warrant and documents given to Whallon-Wollkind yesterday morning, which was sent by text message from his girlfriend.

Counsel understands that when freely given to Wollkind and his girlfriend, the documents lost their sealed character. The paperwork was freely provided to Wollkind and his girlfriend at their house, with no instructions that any restrictions applied to them. There is nothing in the search warrant that orders anything with regard to the person whose property is being searched. We are not talking about the underlying affidavit, which was not provided and remains under seal. But the deprivation of Zachary Rehl’s liberty, being incarcerated for months of his life he will never get back, for things he did not do, outweighs any interest of the Government in continuing to perpetuate a baseless conspiracy theory against Zachary Rehl.

The search warrant is authorized to be executed by October 14, 2021, corresponding to the motions schedule for the next hearing of this Court.

The search warrant was issued on either October 1, 2021, or October 4, 2021 (the text message version is blurry).

[snip]

The SUBJECT OFFENSES are the same criminal charges for which Zachary Rehl was indicted in the First Superseding Indictment. The items to be searched and seized include:

a. Clothing items associating AARON WOLKIND with the Proud Boys organization, as described in the affidavit in support of the search warrant application.

* * *

d. Records and information relating to the identification of persons who either (i) collaborated, conspired or assisted (knowingly or unknowingly) the commission of the SUBJECT OFFENSES; or (ii) communicated about matters relating to the SUBJECT OFFENSES, including records that help reveal their whereabouts.

* * *

f. Records and information … any efforts to or questions about the legitimacy of the 2020 Presidential election, the certification process of the 2020 Presidential Election, or otherwise influence the policy or composition of the United States government by intimidation or coercion.

* * *

h. Records and information relating to the state of mind of the subjects and/or co-conspirators, e.g. intent, absence of mistake….

Moseley makes much of the fact that the FBI had correctly identified in which judicial district Whallon-Wolkind’s house is located, which he says is in a rural area close to the PA border, as well as that the FBI had a serial number and type for Whallon-Wolkind’s smart phone.

Indeed, while counsel is not revealing the judicial district where the search warrant was issued, where Wollkind resides, and where the search warrant was executed, the FBI would have to already know everything imaginable about Wollkind in order to apply to the correct judicial district, which is not what one would expect, and to include (thankfully, to avoid misunderstandings and mistakes) three photographs of Wollkind’s rented house. Thus, the FBI did not need to learn about Wollkind. They wanted to scrounge around for evidence against Rehl that they still do not have. The FBI already knew the precise type and serial number of the smart phone used by Wollkind.

It’s as if this attorney has never seen a probable cause warrant affidavit before, which describe both these things to establish probable cause for the warrant.

Moseley’s conspiracy theory is that the FBI obtained this warrant between the time Rehl first renewed his bid for pretrial release and days before the time there’ll be a status hearing exclusively to obtain evidence to use to prove what the DC Circuit Court has already said is adequate basis to detain Rehl’s co-conspirators.

Perhaps the most interesting detail in this filing, however, is a stray sentence that seems to indicate that Whallon-Wolkind may have traveled to DC in January after the riot.

Aaron Whallon-Wollkind never travelled to the District of Columbia until after the protests were over.

Whatever else Moseley argues, this filing comes after months in which his client’s alleged co-conspirators have suggested that Whallon-Wolkind either was cued by the FBI to incite the entire riot with really incriminating statements (which Jones effectively denied) or had only avoided charges for those far more damning statements because he was cooperating. That is, for months, other Proud Boys have argued that Whallon-Wolkind’s statements were badly incriminating. Now Moseley wants the judge who has been hearing that for months (Moseley repeatedly states that this investigation has been going on ten months rather than nine) to believe there’s nothing incriminating about Whallon-Wolkind’s actions leading up to and during the riot.

If Whallon-Wolkind had been cooperating before — presumably under a proffer agreement that would have prohibited the government from using his statements against him so long as they were honest — it appears that cooperation has ceased. Or perhaps the government has gotten more useful cooperators who’ve implicated Whallon-Wolkind more deeply in the planning for that day.

Whatever the reason, the FBI has recently shifted its focus to the guy who expressed his desire on the morning of the insurrection that there would be an insurrection.

Share this entry

Puzzling Developments in the January 6 Investigation

As I sometimes do, I’d like to look at some curious developments in a series of January 6 cases.

Adam Honeycutt’s trips to DC

If you read just his arrest affidavit, former bail bondsman Adam Honeycutt is a guy who made the grave mistake of posting a picture of himself holding a broken furniture leg to Facebook during the January 6 riot.

Honeycutt was arrested on misdemeanor trespass charges on February 11, but since then his DC case has been continued, with no indictment, until — with the most recent continuation at a status hearing on Tuesday — January 4, almost a year after the riot.

If you look more closely, however, things get more confusing. As several earlier requests for continuances reveal, Honeycutt made the still graver mistake of having guns and non-legal marijuana in his home when the FBI came to arrest him on his January 6 charges, and then chatting about it as he was being driven to the FBI office.

During the transport, HONEYCUTT made a number of unsolicited statements to TFO Rohermel and SA Grover related to his use of marihuana. HONEYCUTT stated that all of the drugs and guns in the house belonged to him, that he knew it looked bad ot have guns layout out in the open in his residence, that he had a large quantity of ammunition of various calibers in the residence, some of which was for firearms he did not currently possess. HONEYCUTT also stated that it was lucky that agents had executed the warrants that day, because his marihuana supply was almost gone, and if the agents had executed the warrants the following day he would have had more because Fridays are his day for resupplying marihuana. HONEYCUTT stated that there were only a few “roaches” left in the garage, referring to burned marihuana cigarette butts. HONEYCUTT stated that he had been smoking marihuana since he was twelve years old and smokes daily. HONEYCUTT expressed to the agents that he was upset he was out of marihuana and there would not be any for him when he got home.

Honeycutt was as a result also charged under a bullshit draconian war on drugs law that carries a ten year maximum sentence, meaning what otherwise might have been a simple trespassing plea turned into (thus far) 8 months of detention on the Florida Federal charge. Honeycutt pled guilty to that charge in June, but is still awaiting sentencing, which is scheduled for next week.

And there’s a curious detail in his sentencing memo on that charge. He reveals that somewhere along the line, he got transferred to DC, even though by March he was formally released from custody on the DC charge.

Mr. Honeycutt has been in custody continuously since February 24, 2021 and has had the additional hardship of prolonged transports from McClenny to Washington, DC in during the pandemic. While in transit, Mr. Honeycutt was assaulted by another inmate while using the phone at the Grady County Jail in Oklahoma. The inmate struck him on the back of the head causing Mr. Honeycutt to hit his head on the ground and suffer dizziness and a black eye. While he suspected he may have had a concussion, this has never been confirmed medically. Also, while detained at the Baker County Jail, Mr. Honeycutt tested positive for Covid-19 and was placed on restrictive quarantine for 14 days while he recovered.

None of that shows up in his docket, though it may simply reflect a remarkably quick transfer after his initial arrest (and Honeycutt would not be the only January 6 defendant who got in a beat up at the Oklahoma transfer jail).

I don’t condone any of this, least of all the war on drugs treatment of marijuana possession. But it’s the kind of stuff that prosecutors use to coerce cooperation elsewhere. And while it’s not at all clear what went on with Honeycutt, his case will still be pending next year on the anniversary of the riot.

Lonnie Coffman’s Alabama Molotovs

Something similar may be going on with Lonnie Coffman’s Molotov cocktails.

Coffman, you’ll recall, is the guy who was dropped off blocks away from the Capitol on January 6, trying to pick up his GMC pick-up full of Molotov cocktails.

After addressing the explosive devices found in the vicinity of the National Republican Club and the Democratic National Committee Headquarters, the Bomb Squad responded to the location of the Red GMC Sierra Pickup truck. One black handgun was recovered from the right front passenger seat of the vehicle. After locating the black handgun, officers proceeded to search the rest of the pickup truck, including the bed of the truck, which was secured under a fabric top. During the search of the cab of the truck, officers recovered, among other things, one M4 Carbine assault rifle along with rifle magazines loaded with ammunition.

In addition, officers recovered the following items in the bed of the pickup truck in close proximity to one another: (i) eleven mason jars containing an unknown liquid with a golf tee in the top of each jar, (ii) cloth rags, and (iii) lighters. Upon finding these materials, bomb technicians observed that the items appeared to be consistent with components for an explosive or incendiary device known as a “Molotov Cocktail.” Based on this discovery, additional personnel were called to the scene, including the United States Capitol Police Hazardous Materials Team. A preliminary test by the United States Capitol Police Hazardous Material Team determined that the liquid in the mason jars was an igniting substance and that it had a spectrograph profile consistent with gasoline.

[snip]

At approximately 6:30 p.m., a blue sedan with a female driver and a male front passenger, approached law enforcement officers in the 400 block of First Street, Southeast. Officers made contact with the vehicle, and the male passenger stated that he was trying to get to his vehicle that was parked in the 300 block of First Street, Southeast, which is the location that the Red GMC Sierra 1500 pickup truck had been located and searched. When the officers asked the man to provide a description of the vehicle, the male passenger stated that it was a red pickup truck. The officers then asked what the male passenger’s name was, and he stated that his name was “Lonnie.”

Coffman also has been detained (more justifiably than Honeycutt) since he was arrested. For much of that time, he has been working on a plea agreement, and on September 1, his lawyer reported they were close to one. On September 8, AUSA Michael Friedman said they would be ready for a plea by September 29.

But one day before that happened, the plea hearing was inexplicably vacated until October 26.

Unnoticed until yesterday, it turns out that on September 27 (that is, the day before his plea hearing was vacated), Coffman was charged in Alabama for possessing those Molotov cocktails the week before he drove them to DC. With Coffman’s consent, that case got transferred to DC in an entirely different docket than his January 6 one.

As with Honeycutt, it’s entirely unclear how his Alabama Federal charges are intersecting with his DC ones. Perhaps Coffman got cold feet on his plea last month, so DOJ added the Alabama charges to convince him to plead. But its another reminder that not every part of the January 6 investigation will be visible in the DC docket.

Brandon Straka gets to walk away

Meanwhile, a case that never left the DC docket, that of Brandon Straka, is just as curious.

Straka was first arrested on January 25 on civil disorder, as well as trespass, charges. Since that time, AUSA April Russo has gotten a series of continuances (February, May, August), each one citing efforts to resolve the matter, which is usually code for a plea agreement. A week after the last continuance, DOJ made a plea offer that had to be accepted by September 14. The day after the plea agreement would have expired, Straka was ultimately charged with the less serious of the two trespass charges, and after a tweak, that’s what he pled guilty to on Wednesday.

Straka’s Statement of Offense includes (and Russo made a point of entering it into the record) the incitement of attacks on cops that originally got him charged for civil disorder.

While in the restricted area, knowing he was not authorized to be there, Straka observed the crowd yelling and U.S. Capitol Police trying to prevent people from going into the U.S. Capitol and to manage the unruly crowd. Amongst other things, he engaged in disruptive conduct by participating, along with others, in yelling “go, go, go” to encourage others to enter the U.S. Capitol while the U.S. Capitol Police were making their best efforts to prevent people from doing so. Straka also observed others yelling to take a U.S. Capitol Police Officer’s shield. He recorded a video of what was happening, and in the video, he chimed in with the crowd, saying “take it, take it.” He did this between 2:30 and 2:45 p.m. on January 6 while outside the entrance to the U.S. Capitol in the restricted area on the Capitol Grounds. Straka left the U.S. Capitol Grounds at approximately 3:00 p.m.

But the Statement of Offense doesn’t include any description of his speech from January 5, where he spoke about “revolution.”

My review of STRAKA’s Twitter account on January 11, also found a video he had posted of himself speaking at a “Stop the Steal” rally held at Freedom Plaza in Washington, D.C. on January 5, 2021. As of January 13, STRAKA had removed this video from his Twitter account, but a video of the entire event had been posted to YouTube. The video showed that STRAKA was introduced by name and brought onto stage. STRAKA spoke for about five minutes during which time he repeatedly referred to the attendees as “Patriots” and referenced the “revolution” multiple times. STRAKA told the attendees to “fight back” and ended by saying, “We are sending a message to the Democrats, we are not going away, you’ve got a problem!”

Nor does his Statement of Offense include this language from Straka’s arrest affidavit describing a video in which he admitted that, “The plan was always to go to the Capitol.”

About one minute into the video, STRAKA stated, “I literally just got home…minutes ago from Washington, D.C.” Later in the video, STRAKA stated, “Yesterday, a lot of us got up very, very early. We went to this event in which Donald Trump spoke. The plan was always to go to the Capitol. We were going to march from that event…to the Capitol, and there was going to be another rally. I was one of the speakers slated to speak at the Capitol.” STRAKA later stated that, while riding the metro to the Capitol, he received alerts on his phone stating that Vice President Pence was “not going to object to certifying Joe Biden.” STRAKA stated that he learned on his walk from the metro to the Capitol that people had “breached” the Capitol and that “patriots had entered the Capitol.” STRAKA said that he thought to himself, “Wow, so they’re going to basically storm and try to get into the chamber so that they can demand that we get the investigation that we want.”

Not only was Straka permitted to a plea that may help him avoid all jail time, but DOJ assented to letting him rush the sentencing so he could be done by Christmas, coincidentally on the same day all the status reports for Oath Keeper cooperators are next due.

Baked Alaska — someone as wired into the organizers of this riot as Straka — claimed early on that prosecutors were threatening to charge him with obstruction if he didn’t cooperate.

This plea looks like it could be the flip (heh) side of such an offer, someone who worked his way out of an existing felony charge and any further exposure on obstruction. That said, his plea includes the standard boilerplate language about minimal cooperation (basically, requiring the defendant share the contents of his phone).

If this does reflect cooperation, then it suggests a number of other people exposed to felony prosecution may similarly be cooperating under the guise of misdemeanor plea agreements.

Ryan Samsel’s aborted cooperation

For about the first four months after Ryan Samsel kicked off the entire riot on January 6 by allegedly knocking over a cop, it looked like he might be considering a cooperation agreement. The same prosecutor who filed continuances in Straka’s case, April Russo, was filing continuances in his case (March, May), also citing efforts to resolve the case.

But on March 21, Samsel was brutally assaulted in jail; his attorney claimed at the time that a guard did it, though that has never been officially confirmed. Samsel’s assault set off a feeding frenzy as one after another attorney — first Martin Tankleff, then John Pierce (whose clients include a significant bunch who could incriminate Joe Biggs), and now Stanley Woodward and former Trump vote fraudster Juli Haller — tried to capitalize off a client who might have basis for a big lawsuit against DOJ (Elisabeth Pasqualini did very competent work as Samsel’s first attorney before all this started). The events that transpired after that assault seems to have ended up changing prosecutors’ approach with his case, and in June, DOJ added another prosecutor, Danielle Rosborough, and in August, DOJ finally indicted Samsel on two counts of civil disorder, two counts of assault, obstruction, and trespassing. (Russo remains the sole prosecutor on the case against the woman who was (and may still be) Samsel’s girlfriend on the day of the riot, Raechel Genco.)

All that’s important background to a big scoop from NYT’s Alan Feuer, describing that, when Samsel was originally arrested, he told the FBI that he kicked off that assault after a threat from Joe Biggs.

For months, however, according to three people familiar with the matter, the government has known Mr. Samsel’s account of the exchange: He has told investigators that Mr. Biggs encouraged him to push at the barricades and that when he hesitated, the Proud Boys leader flashed a gun, questioned his manhood and repeated his demand to move upfront and challenge the police.

Mr. Samsel’s version of events was provided to the government in late January, when he was interviewed by the F.B.I., without a lawyer present, shortly after his arrest in Pennsylvania, according to the people familiar with the matter. He has since been charged with several crimes, including assaulting an officer and obstructing Congress’s efforts to certify the election results.

[snip]

[I]f Mr. Samsel’s account is true, it could serve to bolster arguments that some Proud Boys leaders intentionally incited ordinary people in the crowd — or what they refer to as “normies” — to commit violence during the attack. The government has offered other evidence, drawn from the group’s internal messaging chats, that two Proud Boys leaders from Philadelphia were excited by the prospect of “riling up the normies” on Jan. 6.

As Feuer notes, Biggs’ lawyer Daniel Hull categorically denies this claim. As he also notes, there has been no hint of a weapons charge against Biggs. So it’s quite possible that this allegation was entirely made up out of thin air–or exaggerated in a bid for lenient treatment for Samsel’s own central role in the riot.

But there’s also no sign that DOJ is charging Samsel with lying about these claims.

That is, from the public filings, we can’t discern whether Samsel’s allegation is true or not.

That said, if it’s true, it might explain both the apparent attempt to woo Samsel’s cooperation, but also the urgency surrounding efforts to make sure he doesn’t do so.

The government has flamboyantly obtained cooperation from five different Oath Keepers. But precisely what the government is doing in a slew of other cases remains obscure.

Update: There were three people involved in the assault on the first barricade: Samsel, Paul Johnson, and Stephen Chase Randolph. The latter two are charged together, though Johnson is moving to sever his case from Randolph’s. Here’s the government opposition. Never addressed in it are why Samsel is not only not charged with them, but is before an entirely different judge, who just happens to be the Proud Boy judge.

Share this entry

Michael Sussmann Attempts to Bill [of Particulars] Durham for His Sloppy Indictment Language

“Without prejudice to any other pretrial motions”

Michael Sussmann’s lawyers reserve their right to challenge the Durham indictment of Sussmann via other pretrial motions in their motion for a Bill of Particulars six different times. The motion does so three different times when noting that Durham used squishy language to paraphrase Sussmann’s alleged lie and couldn’t seem to decide whether he affirmatively lied or lied by omission.

Mr. Sussmann is entitled to understand which particular crime he must defend himself against. Without prejudice to any other pretrial motions Mr. Sussmann may bring on the matter, Mr. Sussmann is also entitled to additional particulars regarding the alleged omissions in the Indictment, including regarding the legal duty, if any, that required him to disclose the allegedly omitted information the Indictment suggests he should have disclosed.

[snip]

The Special Counsel should be required to clarify which crime he believes Mr. Sussmann committed and, to the extent the Special Counsel is proceeding on an omissions theory, he should be required to provide additional particulars (without prejudice to any motions Mr. Sussmann may make later).

[snip]

To the extent that the Special Counsel believes the Indictment is alleging a material omission under Section 1001(a)(1), and without prejudicing any other motions Mr. Sussmann may make on this issue, the Special Counsel should be required to clarify: (1) what specific information Mr. Sussmann failed to disclose; (2) to whom he failed to disclose it; (3) what legal duty required Mr. Sussmann to make the required disclosure; and (4) why the omission was material. See United States v. Safavian, 528 F.3d 957, 964 (D.C. Cir. 2008). [my emphasis]

It does so twice when asking that Durham address problems with his claims that Sussmann’s alleged lie was material.

The Indictment does make several allegations regarding materiality, and yet these allegations are vague, imprecise, and inconsistent. Suggesting the FBI might have asked more questions, taken other steps, or allocated resources differently, without specifying how or why it would have done so, leaves Mr. Sussmann having to guess about the meaning of the allegations that the Special Counsel has leveled against him. Accordingly, without prejudice to any pretrial motions Mr. Sussmann may make regarding materiality, Mr. Sussmann requests that the Court order the Special Counsel to provide more detail about why the purported false statement was material.

[snip]

Accordingly, without prejudice to any pretrial motions Mr. Sussmann may make regarding materiality, Mr. Sussmann requests that the Special Counsel be ordered to provide more detail about why the purported false statement was material. See Fed. R. Crim. P. 7(c)(1). [my emphasis]

And the motion does so again when pointing out that Durham hasn’t included specifics about another alleged lie, to just two of an unidentified number of people who attended a meeting at CIA, which Sussmann elsewhere describes as improper inclusion of 404(b) material in an indictment.

Without prejudicing any other motions Mr. Sussmann may make on this issue, the Special Counsel should first be required to clarify the false statement alleged to have been made to the two anonymous Agency-2 employees, and any other individuals present at the meeting, in February 2017. [my emphasis]

A list of things John Durham didn’t provide in his Michael Sussmann indictment

It’s only after making it clear that this is just his opening move before filing a motion to dismiss and other legal challenges to the indictment…

The Indictment is seriously vulnerable to challenge as a matter of law, and Mr. Sussmann will make relevant pretrial motions at the appropriate time. For now, Mr. Sussmann moves for a bill of particulars.

…that Sussmann lays out a list of things he claims he can’t figure out from Durham’s sloppy indictment:

For the foregoing reasons, this Motion for a Bill of Particulars should be granted, and the Court should order the Special Counsel to promptly:

A. Provide particulars regarding the specific false statement the Special Counsel alleges Mr. Sussmann made to Mr. Baker, namely:

1. The exact words of Mr. Sussmann’s alleged false statement;

2. The specific context in which the statement was made so that the meaning of the words is clear;

3. What part of the statement is allegedly false, i.e., whether the statement was false because Mr. Sussmann allegedly stated he was not “acting on behalf of any client in conveying particular allegations concerning a Presidential Candidate” as alleged in Paragraph 46, or if he falsely stated that he was not doing any “work” on behalf of a client more generally, as alleged in Paragraphs 4, 27(a), 28;

4. What is meant by “his work,” as referenced in Paragraph 4;

5. What is meant by “acting [or acted] on behalf of any client” as alleged in Paragraphs 27(a) and 30; and

6. What “this” refers to in the Assistant Director’s notes referenced in Paragraph 28.

B. Provide particulars regarding the statutory violation charged and, if applicable any alleged omissions, namely:

1. Which crime the Special Counsel believes Mr. Sussmann has committed; and

2. To the extent the Special Counsel alleges that Mr. Sussmann made a material omission in violation of 18 U.S.C. § 1001(a)(1), as suggested by Paragraph 30 of the Indictment –

a. the specific information Mr. Sussmann allegedly failed to disclose;

b. to whom he allegedly failed to make that disclosure;

c. what legal duty required Mr. Sussmann to disclose such information; and

d. why the allegedly omitted information was material.

C. Provide particulars regarding how the alleged false statement to Mr. Baker was material, specifically:

1. The “other reasons” Mr. Sussmann’s false statement was material, as alleged in Paragraphs 5 and 32;

2. What “his work” refers to as referenced in Paragraph 5, what about such work was unknown to the FBI, and how the “political nature of his work” was material to the FBI’s investigation;

3. How Mr. Sussmann’s alleged false statement was material to the FBI’s ability to “assess and uncover the origins of the relevant data and technical analysis,” as alleged in Paragraph 5, when Mr. Sussmann disclosed the origins of the data and technical analysis;

4. How Mr. Sussmann’s role as a paid advocate was materially “relevant” to the FBI’s investigation, as alleged in Paragraph 32, given that the information itself raised serious national security concerns and the FBI otherwise enables civilians to provide anonymous tips; and

5. What potential questions, additional steps, resource allocations, or more complete information the FBI would have gathered absent Mr. Sussmann’s false statement, as alleged in Paragraph 32.

D. Provide particulars regarding the alleged false statement Mr. Sussmann made to all Agency-2 employees and representatives, as alleged in Paragraphs 39 and 42, namely:

1. The exact words of Mr. Sussmann’s alleged false statement;

2. The specific context in which the statement was made so that the meaning of the words is clear;

3. What portion of the statement is allegedly false;

4. The identities of all individuals to whom the statement was made, including:

a. both Employee-1 and Employee-2 as referenced in Paragraph 42; and

b. anyone else present who also heard the false statement.

E. Provide particulars regarding the identities of the “representatives and agents of the Clinton Campaign” referenced in Paragraph 6.

Motions for a Bill of Particular rarely work

Make no mistake, most demands for a Bill of Particulars like this fail. The prosecution will argue that everything Sussmann needs is in the indictment and, if Judge Christopher Cooper agrees, Sussmann will just submit his motion to dismiss and other challenges like he’s clearly planning to do anyway.

That’s almost certainly what will happen for several of these requests, such as the names of Clinton Campaign personnel Durham accuses Sussmann of coordinating with on the Alfa Bank materials. But Sussmann likely doesn’t really need these names because he likely knows that Durham has nothing to substantiate this claim. If he did, Durham would have described such evidence in his speaking indictment. Sussmann may well know there are no names — of campaign personnel with whom he personally coordinated in advance of the James Baker meeting, at least — to give, because he didn’t coordinate with anyone from the campaign (Durham probably wants to substantiate this claim by charging Marc Elias in a conspiracy with Sussmann, but that all depends on being able to prove that anyone was lying about all this).

Similarly, Sussmann seems to know — and Durham may not — that there were more than just two people at a February 9, 2017 meeting at which Sussmann tried to bring new concerns to the attention of the government. This request seems to suggest there was at least one and possibly other witnesses who were at this meeting that Durham should know of who didn’t corroborate a claim that Sussmann lied, witnesses Durham didn’t mention in his indictment.

Likewise, Sussmann is unlikely to get very far asking for more details about Durham’s materiality claim, in particular, Durham’s repeated allegation that what he presented were just some, “among other reasons,” why Sussmann’s alleged lie was material. Prosecutors will argue that materiality is a matter for the jury to decide. But if Sussmann can force Durham to admit he has a theory of prosecution he hasn’t included in his indictment — that Durham believes that, rather than raising a real anomaly to the FBI’s attention because it was a real anomaly, lawyers who were paid by Hillary were trying to start a witch hunt against Donald Trump (never mind that the actual investigation that would prove at least three Trump officials, and probably Trump himself, got advance warning of a Russian attack on Hillary started three weeks before the meeting at which Sussmann is alleged to have lied) — then it will make it far easier for Sussmann to attack the indictment down the road.

What a false statement charge is supposed to look like

But Sussmann may succeed on his key complaint, that Durham has built a 27-page indictment around a false claim allegation without any means to clearly lay out what was the specific lie Sussmann told.

To understand what Sussmann means when he says,

It is simply not enough for the Indictment to make allegations generally about the substance of the purported false statement. Rather, the law requires that the Special Counsel identify the specific false statement made, i.e., the precise words that were allegedly used.

We can look at the false statements that Trump’s associates made to cover up the Trump campaign’s ties to Russia. For example, for each of six charged lies in the Roger Stone indictment, Mueller’s prosecutors quoted the precise questions he was asked as well as his response, then laid out specific evidence that each lie was a lie.

22. During his HPSCI testimony, STONE was asked, “So you have no emails to anyone concerning the allegations of hacked documents . . . or any discussions you have had with third parties about [the head of Organization 1]? You have no emails, no texts, no documents whatsoever, any kind of that nature?” STONE falsely and misleadingly answered, “That is correct. Not to my knowledge.”

23. In truth and in fact, STONE had sent and received numerous emails and text messages during the 2016 campaign in which he discussed Organization 1, its head, and its possession of hacked emails. At the time of his false testimony, STONE was still in possession of many of these emails and text messages, including:

a. The email from STONE to Person 1 on or about July 25, 2016 that read in part, “Get to [the head of Organization 1] [a]t Ecuadorian Embassy in London and get the pending [Organization 1] emails . . . they deal with Foundation, allegedly.”;

b. The email from STONE to Person 1 on or about July 31, 2016 that said an associate of Person 1 “should see [the head of Organization 1].”;

c. The email from Person 1 to STONE on or about August 2, 2016 that stated in part, “Word is friend in embassy plans 2 more dumps. One shortly after I’m back. 2nd in Oct. Impact planned to be very damaging.”;

d. Dozens of text messages and emails, beginning on or about August 19, 2016 and continuing through the election, between STONE and Person 2 in which they discussed Organization 1 and the head of Organization 1;

e. The email from STONE on or about October 3, 2016 to the supporter involved with the Trump Campaign, which read in part, “Spoke to my friend in London last night. The payload is still coming.”; and

f. The emails on or about October 4, 2016 between STONE and the high-ranking member of the Trump Campaign, including STONE’s statement that Organization 1 would release “a load every week going forward.”

For some of Stone’s charged lies, prosecutors even had communications with Jerome Corsi or Randy Credico or one of his lawyers showing Stone planned in advance to lie.

In George Papadopoulos’ statement of offense, for each of several lies outlined, prosecutors laid out specifically what he told the FBI and then laid out how Papadopoulos’ own communications records and his later testimony proved those statements to be false.

c. Defendant PAPADOPOULOS claimed he met a certain female Russian national before he joined the Campaign and that their communications consisted of emails such as, ‘”Hi , how are you?”‘ In truth and in fact, however, defendant PAPADOPOULOS met the female Russian national on or about March 24, 2016, after he had become an adviser to the Campaign; he believed that she had connections to Russian government officials; and he sought to use her Russian connections over a period of months in an effort to arrange a meeting between the Campaign and Russian government officials.

The most recent Mueller backup liberated by Jason Leopold reveals that, in addition to Papaodpoulos’ communications and later testimony that prove this particular claim to be an intentional lie, Papadopoulos also emailed the FBI on January 27 after consulting his records, laying out his claim that he met Olga before he joined the Trump campaign and never met her after that.

As promised, wanted to send you the name of the individual that Joseph Mifsud introduced me to over lunch in February or early March (while I was working with the London Center of International Law Practice and did not even know at that time whether or not I would even have moved back to the U.S. or especially worked on another presidential campaign).

He introduced her as his student, but was looking to impress her by meeting with me fresh off my Ben Carson gig. That is all I know. Never met her again.

I could go on for each of the false statements charged against Trump’s flunkies (and also show how, when Andrew Weissmann fell short of this kind of evidence, Amy Berman Jackson ruled against prosecutors on two of five claimed lies alleged in Paul Manafort’s plea breach determination).

Even Mike Flynn’s statement of offense, substantiating a charge that Trump loyalists have spent years wailing about, laid out clearly the two charged lies.

During the interview, FLYNN falsely stated that he did not ask Russia’s Ambassador to the United States (“Russian Ambassador”) to refrain from escalating the situation in response to sanctions that the United States had imposed against Russia. FLYNN also falsely stated that he did not remember a follow-up conversation in which the Russian Ambassador stated that Russia had chosen to moderate its response to those sanctions as a result of FL YNN’s request.

[snip]

During the January 24 voluntary interview, FLYNN made additional false statements about calls he made to Russia and several other countries regarding a resolution submitted by Egypt to the United Nations Security Council on December 21, 2016. Specifically FLYNN falsely stated that he only asked the countries’ positions on the vote, and that he did not request that any of the countries take any particular action on the resolution. FLYNN also falsely stated that the Russian Ambassador never described to him Russia’s response to FL YNN’s request regarding the resolution.

Not only did prosecutors describe what a transcript of these calls said, but they also had testimony from both Flynn himself and KT McFarland substantiating that these were lies. They even had a text that Flynn sent McFarland, before any of these intercepts had leaked, that Flynn later admitted he had deliberately written to cover up the content of his calls with Sergey Kislyak.

Then, after Sidney Powell spent six months trying to claim that one of Flynn’s lies wasn’t clearly laid out in his original 302, Judge Emmet Sullivan meticulously pointed out that the notes of both FBI interviewers matched every iteration of Flynn’s 302.

Having carefully reviewed the interviewing FBI agents’ notes, the draft interview reports, the final version of the FD302, and the statements contained therein, the Court agrees with the government that those documents are “consistent and clear that [Mr. Flynn] made multiple false statements to the [FBI] agents about his communications with the Russian Ambassador on January 24, 2017.” Gov’t’s Surreply, ECF No. 132 at 4-5. The Court rejects Mr. Flynn’s request for additional information regarding the drafting process for the FD-302s and a search for the “original 302,” see Def.’s Sur-Surreply, ECF No. 135 at 8- 10, because the interviewing FBI agents’ notes, the draft interview reports, the final version of the FD-302, and Mr. Flynn’s own admissions of his false statements make clear that Mr. Flynn made those false statements.

These are what false statements charges are supposed to look like. They’re backed by contemporaneous admissible evidence and laid out in specific detail in charging documents.

Trump and his supporters have wailed for years about these charges. Except prosecutors had evidence to substantiate them, the kind of evidence Durham makes no claim to have.

What few witnesses Durham has may not all agree on Sussmann’s alleged lies

Sussmann is more likely to succeed with his request to have his alleged false statement laid out in quote form and in context — and even if he doesn’t, he may back Durham into a corner he doesn’t want to be in — because Sussmann has presented several central questions about what the allegation really is. Is it that Sussmann didn’t offer up that he was working with (Sussmann claims) Rodney Joffe or  (Durham also alleges) Hillary on the Alfa Bank issues? Is it that Sussmann falsely claimed not to be billing the meeting with James Baker (evidence of which Durham has not presented)? Or does Durham have any shred of evidence that Baker affirmatively asked Sussmann, “are you sharing this on behalf of a client,” or even less supported in the indictment, “are you sharing this on behalf of Trump’s opponent, Hillary Clinton”? Similarly, Durham doesn’t explain whether when he claims that Sussmann lied about “this,” or “his work,” he means about the meetings that were actually billed to Hillary’s campaign internally at Perkins Coie (even if Hillary paid no money specifically tied to those meetings), or that the meeting with Baker was billed to one or another client (no evidence of which Durham presents). Those details will all be necessary for Durham to prove his case and for Sussmann to rebut it. And Sussmann needs to know whether he should focus his time on the absence of billing records substantiating that he met with Baker and then billed it to Hillary (something implicated by the meaning of “this” and “his work”), or whether he needs to focus on showing whether Priestap distinguished these allegations from the other claims about a Russian information operation undeniably targeting Hillary (something implicating whether this is supposed to be a crime of commission or omission).

It’s quite possible that Durham has presented these allegations using such squishy language because what little evidence he has doesn’t actually agree on the claimed lies. That is, it may be that Baker believes Sussmann simply didn’t bother explaining which client he was working for, but Bill Priestap, the next in line in a game of telephone, differently understood from Baker’s report that Sussmann affirmatively failed to provide Baker information that (Priestap’s own notes prove) the FBI already had anyway, that he was working with Hillary Clinton.

If, having had these weaknesses laid out by Sussmann’s attorneys, Durham can show that all his evidence actually substantiates the same false claim, he could get a superseding indictment making that clear. But once he does that, it may tie his hands at trial.

But it’s distinctly possible that Durham can’t prove that what little evidence he has backs the same interpretation of Sussmann’s alleged lie. That is, there may be a reason — on top of the fact that he has no contemporaneous transcript from a witness — that he avoided being more specific in his indictment, and that’s because it was the only way he could cobble together enough evidence to get a grand jury to indict.

So while much of the rest of this motion of a Bill of Particulars may serve only to call attention to gaping holes in the rest of the indictment, the request for specifics about what, specifically, Sussmann is alleged to have said when he lied may succeed. And even if it doesn’t, it may force Durham to commit to an interpretation that not all of his thin evidence would ultimately support.

Share this entry

The Two New Material Errors Are the News from the IG Report on Woods File Errors

Footnote 14 in a DOJ Inspector General Report summarizing the problems with the FBI’s compliance with the Woods requirement released last week claims to lay out why reviewing Woods file compliance is a good measure of FISA.

14 The OIG’s December 2019 FISA Report demonstrates the significant problems that can result from a lack of compliance with the Woods Procedures. For example, one of the Woods Procedures-based failures detailed in our December 2019 report concerned the failure to seek and document the handling agent’s approval of the source characterization statement for Christopher Steele in the FISA applications, which we found overstated Steele’s bona fides and gave the misimpression that Steele’s past reporting to the FBI had been deemed sufficiently reliable by prosecutors to use in court and that more of his information had been corroborated than was actually the case. As detailed in our December 2019 report, the handling agent told us that had he been shown the source characterization statement, as required by the Woods Procedures, he would not have approved it. Given the importance of a source characterization statement to the FISC’s determination of a source’s reliability, the failure to comply with the Woods Procedures was a significant error on the part of the FBI case agents involved and their supervisors. Moreover, this issue compounded other serious problems with the subsequent FISA renewal applications, such as the FBI’s continued reliance on Steele’s information despite the fact that the Primary Sub-source, during his FBI interviews, had contradicted Steele’s reporting on several critical issues.

The footnote badly overstates its claim.

In a post laying out how the Woods file errors in Carter Page’s applications weren’t the real indicators of a problem, I noted that Steele’s FBI handler, Mike Gaeta, had explained why he treated Steele’s reporting as reliable, even though Steele had never testified in any trials, the measure FBI normally uses to measure the reliability of a source.

[DOJ IG identified two claims unsupported by the Woods file stating] that Christopher Steele’s reporting had been corroborated, something the DOJ IG Report lays out at length was not true in the terms FBI normally measured. Except, even there, Steele handler Mike Gaeta’s sworn testimony actually said it had been. He described jumping when Steele told him he had information because he was a professional,

And at that time there were a number of instances when his information had borne out, had been corroborated by other sources.

He also provided a perfectly reasonable explanation for why Steele’s reporting was not corroborated in the way DOJ IG measured it in the report: because you could never put Steele on a stand, so his testimony would never be used to prosecute people.

From a criminal perspective and a criminal investigative kind of framework, you know, Christopher Steele and [redacted] were never individuals who were going to be on a witness stand.

In other words, while it appears that DOJ cleaned up many of the errors identified by DOJ IG by finding the documentation to back it over the course of months, the public record makes it clear that Crossfire Hurricane would have been able to clear up even more of the Page Woods file.

Per the IG Report, Gaeta would not have approved the source statement in the Carter Page application as written. But Gaeta is on the record explaining what measure he used to assess a source who would never be asked to testify but whose reporting had nevertheless “borne out.” And Gaeta, per his Congressional testimony, believed Steele’s reporting was worth immediate attention.

There was just one other Woods file error identified in the Carter Page IG Report that wasn’t proven elsewhere that can be publicly tested — a James Clapper claim that Russia had provided money (unproven) and disinformation (proven) to particular candidates. The majority of the problems in the Page report, however, weren’t related to a Woods violation, in large part because they were about critical information omitted from the applications, not included.

That is, the Woods file was pretty much useless for identifying the real errors in the Carter Page applications. That’s why I’m sympathetic with a comment that DOJ IG cited critically — DOJ IG judged that the comment “dismiss[ed …] the weaknesses we identified related to compliance with the Woods Procedures” — that the IG emphasis on Woods file compliance may distract from getting material facts correct.

While we all understand the extreme importance of presenting accurate facts to any court on material issues, there is a concern that we are allowing our efforts to be diverted from that very important goal and instead diverted to the creation of picture perfect Woods binders that literally support every granular fact in the application regardless of whether it is material to probable cause.

That’s why — as my previous post laid out at length — the DOJ IG audit is most useful for identifying problems in the claims FBI and DOJ made about the FISA process, as well as larger systematic problems identified. For example, DOJ IG scolded DOJ for releasing a statement boasting, in summer of 2020, of its accuracy, while downplaying the seriousness of the errors DOJ IG identified (something I noted in my earlier post).

On July 30, 2020, following the Department’s review of the remaining applications, the FBI issued a press statement that again referenced the FBI’s “dedicat[ion] to the continued, ongoing improvement of the FISA process to ensure all factual assertions contained in FISA applications are accurate and complete,” while highlighting that “DOJ and FBI discovered only two material errors [in the 29 FISA applications] but—most importantly—neither of these errors is assessed to have undermined or otherwise impacted the FISC’s probable cause determinations” (emphasis in original). The statement went on to state that “Within these thousands of facts, there were approximately 201 non-material errors found, across the 29 applications. These include minor typographical errors, such as misspelled words, and slight date inaccuracies.”28 However, the statement did not mention that the majority of the FISA application errors—124 of these 201—involved errors beyond minor typographical mistakes and date errors, including deviations from source documentation, misidentified sources of information, and unsupported facts.

The report provided examples of the kinds of errors that DOJ deemed fairly insignificant. My favorite — which DOJ considered non-material — is that a counterintelligence suspect had visited an entirely different continent than the country they were suspected of being an agent of, but FBI misreported that destination.

Example: The FISA application stated the target returned from a trip overseas from the specific country of counterintelligence threat concern, but the support in the Woods File stated that the target was returning from a country on a different continent.

In perhaps the most telling example, though, DOJ IG described how FBI blew off as “subjective” a FISA application assertion that DOJ IG identified as a “potential inaccuracy,” only to have NSD determine the inaccuracy was not only an error, but a material one requiring a report to FISC.

[T]here were 30 instances where FBI field personnel initially determined that the potential inaccuracy we identified was not an error, yet NSD OI ultimately determined it was an error, which was thereafter reported to the FISC. In one instance that was ultimately determined to be a material omission of fact by NSD OI, the FBI field office’s initial response dismissed our note and stated that the issue was “subjective” and “not material to probable cause.”

The IG Report identifies that, in addition to two publicly released letters to FISC (one, two) describing the errors DOJ identified based off DOJ IG’s preliminary review of 29 cases, there was a third, dated October 28, 2020, which DOJ NSD has not made public, revealing two additional material errors.

In three separate filings with the FISC on June 15, July 29, and October 28, 2020, the Department and FBI provided the results after their assessment of the CDC accuracy reviews of the 29 FISA applications that the OIG had reviewed and in which we had identified numerous potential errors. 12 In total, the Department notified the FISC about 209 instances of unsupported or inaccurate statements, as well as omissions of fact, that it had identified in 27 of the 29 FISA applications. The Department and FBI further informed the FISC that 2 of the 29 FISA applications reviewed did not contain any inaccurate statements.13 Of the total 209 errors reported to the FISC, 162 related to initial concerns identified in the OIG’s review. The additional errors reported were identified by the FBI in its subsequent CDC accuracy reviews in response to the FISC’s order.

[snip]

The Department and FBI determined that 4 of the 209 identified errors were material errors. FBI policy and the 2009 Accuracy Memorandum define material facts as “those facts that are relevant to the outcome of the probable cause determination” and states that NSD OI determines whether a misstatement or omission is capable of influencing the FISC’s probable cause determination. The Department further assessed that none of these 209 errors undermined or otherwise impacted the FISC’s probable cause determinations. The four reported material errors or omissions occurred in three different applications related to different targets. The material errors were:

  • Failing to include context to inform the reader of the application that certain remarks the target made about a particular organization were made, according to evidentiary support, to provoke a response from law enforcement personnel. Instead, the application simply stated that the target expressed support of the referenced organization.
  • Describing the target’s support for a specific group, where the evidence in the Woods File instead indicated the target supported a specific cause.
  • Describing that the target used a financial account as of a certain date. NSD OI stated that it was not evident from the supporting documentation how recently the government had confirmed the target’s use of the financial account, and certain evidence on the target’s use of the financial account was several years prior to the date included in the application.
  • Failing to include the required reliability statement for one of two CHSs referenced in the application.

It’s not just that FBI treated a comment made by someone trying to “provoke a response from law enforcement personnel” as sincere. It’s that having already reviewed all these errors and publicly boasted about how minimal they were (even while ignoring that none of the worst problems in the Carter Page applications were found using this methodology), DOJ somehow went back and discovered there were additional problems, one of which they had dismissed as “subjective.”

Don’t get me wrong. The headline findings — that FBI simply didn’t have Woods files for a number of applications — are concerning.

Out of the FBI’s stated universe of over 7,000 FISA applications for which Woods Files appeared to be required, we identified at least 179 instances (in addition to the 4 that the OIG previously identified) across 21 field offices where the respective field office reported the Woods File as missing or incomplete and requiring whole or partial reassembly.17

But they’re frankly not the real concern. The real concern is that the Woods file is not designed to fix the problems identified in the Carter Page applications (and this report doesn’t describe whether an effort to elicit information that might otherwise be omitted is working). And somewhere along the way, Billy Barr’s DOJ admitted to the FISC that their self-congratulatory press boasts turned out to be inaccurate without revealing that publicly.

Update, 11/14/21: I just realized that the Woods File violation pertaining to Clapper involved the FBI paraphrasing a Clapper interview otherwise quoted before and after the violative language.

CLAPPER: In the U.S., the United States. And of course there is a history there of — there is a tradition in Russia of interfering with the elections, their own and others’. So it shouldn’t come as a big shock to people. I think it’s more dramatic maybe because now they have the cyber tools that they can bring to bear in the same effort. This is still going on, but I will say that it’s probably not real, real clear whether there is influence in terms of outcome. What I worry about more, frankly, is just sowing seeds of doubt, where doubt is cast on the whole process. So what are we doing about it? Well, apart from what you talked about, certainly DHS, Secretary Jeh Johnson has been very active with state election officials, offering, you know, our services and best practices and that sort of thing to secure, where appropriate, particularly if there is any dependence on the Internet in the course of the conduct of an election in voter registration, databases or the actual conduct of the election. We have a strength here in that we don’t have a centralized electoral system. It’s very decentralized among the states and local officials, and that actually works our advantage to be really a real monumental undertaking to try to affect the election nationally. But again, I think probably the more likely — and I am just surmising here — the more likely objective to would be to try to just sow seeds of doubt about the efficacy and viability and the sanctity — if I could use that word — of the whole system. _________IGNATIUS: You mentioned that there had been past instances where Russia — in this case I assume the Soviet Union — had tried to interfere in our election process. I probably should know what those are but I don’t. What comes to mind in terms of the past history of this? _________CLAPPER: Well, where they have fed money to opposition candidates, or tried to feed disinformation. Again, the way it was done during the Cold War, which of course preceded what we now know as the cyber era. And of course the record is replete with cases of influencing elections in East Europe and that sort of thing by, by today’s standards, more primitive methods. They have a history of that

Share this entry

In Indictment Accusing Michael Sussmann of Hiding Details about Researchers, John Durham Hid Details about Researchers

In my initial John Durham Is the Jim Jordan of Ken Starrs post pointing to all the problems with John Durham’s attempt to criminalize victims reporting on information operations, I described Durham’s description of why Michael Sussmann’s alleged lie was material.

SUSSMANN’s lie was material because, among other reasons, SUSSMANN’s false statement misled the FBI General Counsel and other FBI personnel concerning the political nature of his work and deprived the FBI of information that might have permitted it more fully to assess and uncover the origins of the relevant data and technical analysis, including the identities and motivations of SUSSMANN’s clients.

Had the FBI uncovered the origins of the relevant data and analysis and as alleged below, it might have learned, among other things that (i) in compiling and analyzing the Russian Bank-1 allegations, Tech Executive-1 had exploited his access to non-public data at multiple Internet companies to conduct opposition research concerning Trump; (ii) in furtherance of these efforts, Tech Executive-1 had enlisted, and was continuing to enlist, the assistance of researchers at a U.S.-based university who were receiving and analyzing Internet data in connection with a pending federal government cybersecurity research contract; and (iii) SUSSMAN, Tech Executive-1, and Law Firm-1 had coordinated, and were continuing to coordinate, with representatives and agents of the Clinton Campaign with regard to the data and written materials that Sussmann gave to the FBI and the media. [my emphasis]

John Durham says it is a crime to hide details about the researchers who first identified the Alfa Bank anomaly.

Yet, even based on the indictment, I identified a number of holes in Durham’s description of what the researchers had done. Yesterday, NYT and CNN both published stories identifying the four researchers — Rodney Joffe (Tech Executive-1), April Lorenzen (Tea Leaves, whom Durham needlessly renamed Originator-1), Manos Antonakakis (Researcher-1), and David Dagon (Researcher-2) — showing that the holes I identified in the indictment indeed left out information that totally undermined Durham’s insinuations.

For example, I noted that the date when what NYT identifies as DARPA shared information with the researchers is important to identify whether they obtained the data in order to research Trump.

At some point [Durham doesn’t provide even a month, but by context it was at least as early as July 2016 and could have been far, far earlier], TE-1’s company provided a university with data for a government contract ultimately not contracted until November 2016, including the DNS data from an Executive Branch office of the US government that Tech Exec-1’s company had gotten as a sub-contractor to the US government. [This date of this is critical because it would be the trigger for a Conspiracy to Defraud charge, if Durham goes there.]

NYT describes that DARPA first approached potential partners in the spring, long before Sussman or Joffe got involved.

The involvement of the researchers traces back to the spring of 2016. DARPA, the Pentagon’s research funding agency, wanted to commission data scientists to develop the use of so-called DNS logs, records of when servers have prepared to communicate with other servers over the internet, as a tool for hacking investigations.

DARPA identified Georgia Tech as a potential recipient of funding and encouraged researchers there to develop examples. Mr. Antonakakis and Mr. Dagon reached out to Mr. Joffe to gain access to Neustar’s repository of DNS logs, people familiar with the matter said, and began sifting them.

I noted that Durham didn’t give the date when Lorenzen first started looking at the the DNS data. That date is another read of whether she had done so out of malice targeting Trump.

By some time in late July 2016 [the exact date Durham doesn’t provide], a guy who always operated under the pseudonym Tea Leaves but whom Durham heavy-handedly calls “Originator-1” instead had assembled “purported DNS data” reflecting apparent DNS lookups between Alfa Bank and “mail1.trump-email.com” that spanned from May 4 through July 29.

NYT reveals that Lorenzen and Dagon first started talking about using the DNS data to check other election-related hacking at a conference that went from June 13 to June 16 (meaning, the DNC hack would have been revealed during the conference).

Separately, when the news broke in June 2016 that Russia had hacked the Democratic National Committee’s servers, Mr. Dagon and Ms. Lorenzen began talking at a conference about whether such data might uncover other election-related hacking.

Ms. Lorenzen eventually noticed an odd pattern: a server called mail1.trump-email.com appeared to be communicating almost exclusively with servers at Alfa Bank and Spectrum Health. She shared her findings with Mr. Dagon, the people said, and they both discussed it with Mr. Joffe.

I noted that Durham had left out all mention of the WikiLeaks release and Trump’s invitation to Russia to keep hacking his opponent.

It appears (though Durham obscures this point) that all the actions laid out in this indictment post-date the press conference. Virtually everyone in the US committed to ensuring America’s national security was alarmed by Trump’s comments in this press conference. Yet Durham doesn’t acknowledge that all these actions took place in the wake of public comments that made it reasonable for those committed to cybersecurity to treat Donald Trump as a national security threat, irrespective of partisan affiliation.

Durham will work hard to exclude detail of Trump’s press conference from trial. But I assume that if any of the named subjects of this investigation were to take the stand at trial, they would point out that it was objectively reasonable after July 27 to have national security concerns based on Trump’s encouragement of Russia’s attack on Hillary Clinton and his defensive denials of any business ties. Any of the named subjects of the indictment would be able to make a strong case that there was reason to want to, as a matter of national security, test Trump’s claim to have no financial ties to Russia. Indeed, the bipartisan SSCI Report concluded that Trump posed multiple counterintelligence concerns, and therefore has concluded that Durham’s portrayal of politics as the only potential motive here to be false.

Central to Durham’s theory of prosecution is that there was no sound national security basis to respond to anomalous forensic data suggesting a possible financial tie between Trump and Russia. Except that, after that July 27 speech — and all of these events appear to post-date it — that theory is unsustainable.

NYT reveals that when Dagon shared the data with Joffe on July 29, he did so in the context of those two events.

“Half the time I stop myself and wonder: am I really seeing evidence of espionage on behalf of a presidential candidate?” Mr. Dagon wrote in an email to Mr. Joffe on July 29, after WikiLeaks made public stolen Democratic emails timed to disrupt the party’s convention and Mr. Trump urged Russia to hack Mrs. Clinton.

I noted that Durham was probably wrong to believe that an August discussion about whether the data could have been spoofed was inculpatory.

Still others (such as the recognition that this could be spoofed data) will almost certainly end up being presented as exculpatory if this ever goes to trial, but Durham seems to think is inculpatory.

NYT describes that a later discussion doubted that the data could have been spoofed.

The indictment quotes August emails from Ms. Lorenzen and Mr. Antonakakis worrying that they might not know if someone had faked the DNS data. But people familiar with the matter said the indictment omitted later discussion of reasons to doubt any attempt to spoof the overall pattern could go undetected.

I noted that Durham attributed the view that the DNS traffic was a “red herring” to everyone involved, including Sussmann, even though Sussmann appears not to have been on the email.

In one place, Durham describes “aforementioned views,” plural, that the Alfa Bank data was a “red herring,” something only attributed to TE-1 in the indictment, seemingly presenting TE-1’s stated view on August 21 to everyone involved, including Sussmann, who does not appear to have been on that email chain.

NYT describes that after that, Joffe came to discount the marketing server explanation.

Mr. Tyrrell, his lawyer, said that research in the weeks that followed, omitted by the indictment, had yielded evidence that the specific subsidiary server in apparent contact with Alfa Bank had not been used to send bulk marketing emails. That further discussion, he said, changed his client’s mind about whether it was a red herring.

“The quotation of the ‘red herring’ email is deeply misleading,” he said, adding: “The research process is iterative and this is exactly how it should work. Their efforts culminated in the well-supported conclusions that were ultimately delivered to the F.B.I.”

It also explains that in context, Joffe referenced a June article describing Trump’s interest in a Trump Tower Moscow.

The indictment says Mr. Joffe sent an email on Aug. 21 urging more research about Mr. Trump, which he stated could “give the base of a very useful narrative,” while also expressing a belief that the Trump server at issue was “a red herring” and they should ignore it because it had been used by the mass-marketing company.

The full email provides context: Mr. Trump had claimed he had no dealings in Russia and yet many links appeared to exist, Mr. Joffe noted, citing an article that discussed aspirations to build a Trump Tower in Moscow. Despite the “red herring” line, the same email also showed that Mr. Joffe nevertheless remained suspicious about Alfa Bank, proposing a deeper hunt in the data “for the anomalies that we believe exist.”

He wrote: “If we can show possible email communication between” any Trump server and an Alfa Bank server “that has occurred in the last few weeks, we have the beginning of a narrative,” adding that such communications with any “Russian or Ukrainian financial institutions would give the base of a very useful narrative.”

In my post, I noted that Durham neglected to describe that the researchers turned out to correctly suspect Trump was hiding efforts to broker a Trump Tower deal.

According to Michael Cohen, when Trump walked off the stage from that July 27 press conference, Cohen asked Trump why he had claimed that he had zero business ties with Russia when he had in fact been pursuing an impossibly lucrative deal to brand a Trump Tower in Moscow. And we now know that within hours of Trump’s request, GRU hackers made a renewed assault on Hillary’s own servers. By the time security researchers pursued anomalous data suggesting covert communications with a Russian bank, Cohen had already participated in discussions about working with two sanctioned Russian banks to fund the Trump Tower deal, had agreed to work with a former GRU officer to broker it, had spoken to an aide of Dmitry Peskov, and had been told that Putin was personally involved in making the deal happen. Just on the Trump Tower basis alone, Trump had publicly lied in such a way that posed a counterintelligence risk to America.

In my post, I noted that Durham downplayed that, when Joffe asked the researchers if the paper Sussmann wrote was plausible, they said it was.

On September 14, TE-1 [not Sussmann] sent the white paper he had drafted to Researcher 1, Researcher 2, and Tea Leaves to ask them if a review of less than an hour would show this to be plausible. Though some of them noted how limited the standard of “plausibility” was, they agreed it was plausible, and Researcher 2 said [Durham does not quote the specific language here] “the paper should be shared with government officials.”

NYT describes that Durham misrepresented the enthusiasm with which Lorenzen “wholeheartedly” expressed her belief the explanation was plausible.

The indictment also quoted from emails in mid-September, when the researchers were discussing a paper on their suspicions that Mr. Sussmann would soon take to the F.B.I. It says Mr. Joffe asked if the paper’s hypothesis would strike security experts as a “plausible explanation.”

The paper’s conclusion was somewhat qualified, an email shows, saying “there were other possible explanations,” but the only “plausible” one was that Alfa Bank and the Trump Organization had taken steps “to obfuscate their communications.”

The indictment suggested Ms. Lorenzen’s reaction to the paper was guarded, describing an email from her as “stating, in part, that it was ‘plausible’ in the ‘narrow scope’ defined by” Mr. Joffe. But the text of her email displays enthusiasm.

“In the narrow scope of what you have defined above, I agree wholeheartedly that it is plausible,” she wrote, adding: “If the white paper intends to say that there are communications between at least Alfa and Trump, which are being intentionally hidden by Alfa and Trump I absolutely believe that is the case,” her email said.

NYT shows several more ways that Durham utterly misrepresented how seriously the researchers took this thesis.

The indictment cited emails by Mr. Antonakakis in August in which he flagged holes and noted they disliked Mr. Trump, and in September in which he approvingly noted that the paper did not get into a technical issue that specialists would raise.

Mr. Antonakakis’ lawyer, Mark E. Schamel, said his client had provided “feedback on an early draft of data that was cause for additional investigation.” And, he said, their hypothesis “to this day, remains a plausible working theory.”

The indictment also suggests Mr. Dagon’s support for the paper’s hypothesis was qualified, describing his email response as “acknowledging that questions remained, but stating, in substance and in part, that the paper should be shared with government officials.”

The text of that email shows Mr. Dagon was forcefully supportive. He proposed editing the paper to declare as “fact” that it was clear “that there are hidden communications between Trump and Alfa Bank,” and said he believed the findings met the probable cause standard to open a criminal investigation.

“Hopefully the intended audience are officials with subpoena powers, who can investigate the purpose” of the apparent Alfa Bank connection, Mr. Dagon wrote.

One of the first things Michael Sussmann is going to do after this story is request information on what the grand jury was told, including whether any of this was affirmatively misrepresented to the grand jury.

The sheer amount of communications that, in days, these researchers have been able to prove were misrepresented, too, suggests DOJ has cause to review whether Durham misrepresented the substance of this indictment to those who approved it, up to and including Merrick Garland.

John Durham says it is a crime to lie about these researchers in an effort to launch an investigation. And yet, the available evidence suggests he did just that.

Update: To be clear, he can’t be prosecuted for any of this. Prosecutors have expansive immunity for such things.

Share this entry

Zach Rehl’s Subpoena for Port-a-John Details from the Non-Existent One Nation Under God

The fourth defendant in the Proud Boy Leader indictment, Zach Rehl, has finally made an aggressive appearance in the docket.

How he got here is a matter of significant interest — and some dispute. On September 9, Aram Rostom (who keeps getting these great scoops), reported that Enrique Tarrio released a recording in July reassuring everyone that Rehl would not flip. “If there’s anyone that will hold fast, it’s fucking Zach.”

In the July audio, a copy of which was reviewed by Reuters, Tarrio said that “we are trying to f—ing avoid” a situation in which the senior members facing charges would cooperate with prosecutors. The four, who are jailed without bond, have pleaded not guilty.

Raising the possibility that one of the four leaders may have been cooperating with authorities, Tarrio told fellow Proud Boy leadership he didn’t believe that the man was doing so – and said he had spoken about the matter directly with that leader’s wife.

“The bigger problem with that is the guys that are in prison right now are holding on to hope that everybody is f—ing staying put because they didn’t do anything wrong,” Tarrio said. “The moment that they think one of the guys flipped, it throws everything off and it makes everybody turn on each other, and that’s what we are trying to f—ing avoid.”

When the message leaked, Tarrio released another recording saying that it’s hard enough to fight the government without having to fight, “not just a regular felony, like a serious felony.”

“You know it’s hard enough to fight a f—ing entire government…,” Tarrio said in the Aug. 27 message, “to have to worry about dudes in here f—ing putting you in felony territory. Not just regular felony, like a serious felony.”

On September 19, Ethan Nordean included the following allegations in a filing, noting that in August (so after Tarrio called Rehl’s wife), Rehl had asked Judge Amit Mehta for help firing his attorney, citing what sound like real complaints with his representation. Nordean went on, describing an incident in which prosecutor Seth Jones met with Rehl outside the presence of his counsel and threatened Rehl with transfer to DC if he didn’t flip.

In the bail hearing on September 13, counsel to Defendant Biggs alerted the Court to information concerning the government’s attempts to transfer Defendant Rehl to the D.C. jail. Specifically, Biggs’ counsel advised that the government’s attorneys may have threatened to transfer Rehl to D.C. from a Philadelphia jail if he did not agree to cooperate with the government against the other Defendants. Counsel have subsequently gathered additional information about this episode. It significantly bears on Nordean’s and Biggs’ pending bail motions in several respects. These matters should be investigated by the Court, as it appears that the government’s constitutional violations here are not limited to the improper withholding of exculpatory material beyond the point at which Defendants may make timely use of it. Counsel are working on obtaining sworn declarations for the Court but advise it here about what they have learned in the meantime.

On August 13, Defendant Rehl mailed a letter to the Court. Exh. 1. He was writing from his cell in FDC Philadelphia. Rehl formally requested that he be allowed to terminate his thencounsel, “effective immediately, due to ineffective counsel.” Among other reasons given, Rehl noted that his counsel was taking actions on his behalf without his knowledge and ignoring virtually all requests to discuss the case. “In five months, I have met with [counsel] once in the middle of May for approximately 30 minutes,” Rehl wrote. Exh. 1. As this letter was never filed on the docket, it is not clear when the government became aware of it. However, as inmate nonlegal mail is reviewed, particularly in a case such as this, there is a presumption that the government gained knowledge of the letter at some point.

Sometime after he mailed that message to the Court, Rehl was removed from his cell by federal agents, likely U.S. Marshals. Rehl did not know where he was being taken. The agents told him he was headed to a court appearance. That was not true. Rehl was then moved through an underground tunnel to what appeared to be the Philadelphia federal courthouse. He was then steered not to a courtroom but to an office. There he was greeted by assistant U.S. Attorney Luke Jones. Rehl apparently waited with the government’s prosecutor, without counsel present, for approximately an hour and a half. At that point, an individual who works in the office of Rehl’s former counsel appeared. Rehl had never retained this person to be his counsel and knew her only as an assistant to his former lawyer.3 At that point, AUSA Jones began to converse with Rehl about this case. It is our understanding that Rehl’s retained counsel was not then present. Neither was an FBI agent, according to those in the room.

Among other matters, AUSA Jones apparently told Rehl that if he did not cooperate with the government, he would likely be transferred from FDC Philadelphia to the D.C. jail, where he would not be able to see his wife and child, at least until after his “conviction.”4 It is our understanding that when Rehl said there was nothing to cooperate about, AUSA Jones responded that, in that case, Rehl could “wear a wire” when talking to others. Rehl’s then-counsel arrived much later—approximately three hours behind schedule. At that point the lawyers agreed to continue the meeting to the following day.

So unusual were these proceedings that the Marshals who transported Rehl back to the jail expressed their concern to him about his apparent total lack of legal representation. “Did you know that interview was going to happen? Did your lawyer set that up for you?” When jail staff returned to Rehl’s cell the next day, he refused to meet with AUSA Jones again. [link added]

Nordean made all this public based on a claim that this meant the government was holding them — last I checked, in Florida and Washington — because they wanted Rehl to wear a wire on them.

In response, Jones said the claims were bullshit and inappropriate for Biggs and Nordean to raise in any case.

The allegations of government misconduct are false. It would be improper for the government to address these allegations with counsel for defendants Nordean or Biggs, neither of whom represent defendant Rehl, or to address them further in a public filing. Defendant Rehl is represented by counsel, with whom the government has conferred regarding these allegations.

Contrary to defendant Nordean’s suggestion (ECF No. 174 at 4-7), the allegations have no bearing on his or defendant Biggs’ pending motions to reopen bail hearings. Moreover, the allegations are spurious and should not be countenenced by the Court.

At the most recent hearing, prosecutors attributed the earlier delay on moving Rehl to detention motions and said the Marshals were responsible for the decision to move him. Who knows who is telling the truth, but Judge Tim Kelly agreed that it really is irrelevant to Biggs and Nordean’s bids to get out of jail. He also had a separate hearing where Rehl informed him that Jonathon Moseley is now representing him and he’s quite happy with the relationship thus far.

That’s how we got here, to Rehl’s second substantive motion, in which Moseley moved to request for a subpoena for information on the permits authorizing the Wild Protest rally at the location advertised on the East side of the Capitol. Or, if he can’t get that, he wants policies on port-a-johns because (the motion shows) there were port-a-johns where the rally advertisement said a rally would be held.

ZACHARY REHL, by counsel, requests the issuance of a subpoena to the U.S. Capitol Police, c/o Thomas Manger, [new] Chief of Police and/or Custodian of Records, for

(1) Any and all documents relating in any way to any application for —

(2) Any and all documents relating in any way to —

(3) Any and all documents relating in any way to the denial of —

(4) Any and all documents relating in any way to any revocation of — any permit to demonstrate or assemble on the grounds of the U.S. Capitol, especially in the Northeast corner of the grounds across 2nd Street, NE from the U.S. Supreme Court, on January 6, 2021, or for any time period including January 6, 2021. Or:

(5) Any and all documents relating in any way to the placement of temporary toilets (commonly described as porta-potties) on the grounds of the U.S. Capitol, in the Northeast corner of the grounds across 2nd Street, NE from the U.S. Supreme Court, on January 6, 2021, or for any time period including January 6, 2021. (Please do not confuse the facilities set up on the other side of the Capitol very far away for assembly of stands for the inauguration on January 20, 2021, which could not explain the porta-potties across Second Street from the U.S. Supreme Court.)

(6) Any and all documents relating in any way to general policies and procedures at any time concerning restrictions on the placement of equipment such as porta-potties on the grass of the U.S. Capitol grounds (i) without a permit or (ii) without the employment of contractors approved by the U.S. Capitol Police to do the work.

There’s a lot of word games about how what the indictment really alleges (the object of the conspiracy notwithstanding) is that Rehl conspired to argue in favor of the Electoral College.

15. Indeed, the First Superseding Indictment alleges that:

36. On December 23, 2020, REHL posted on social media describing January 6, 2021, Congress gets to argue the legitimacy of the [E]lectoral [C]ollege votes, and as “the day where yes, there will be a big rally on that day.”

16. Thus, the grand jury by indictment and the prosecution assisting in the drafting of the indictment admits and confesses that REHL’s goal was to get Congress “to argue the legitimacy of the [E]lectoral [C]ollege votes, and – for THAT purpose ” yes, there will be a big rally on that day.”

17. The government admits and confesses within the four corners of the indictment that the goal of the alleged “conspiracy” (which would require a criminal goal) was to get Congress “to argue the legitimacy of the [E]lectoral [C]ollege votes,” and not to stop, obstruct, delay or hinder the Electoral College certification.

18. The government admits and confesses within the four corners of the indictment that the goal of the alleged “conspiracy” was to demand that Congress do not just half of its job but all of its job in certifying the Electoral College vote.

19. Congress plainly could not “argue” the “legitimacy” of the Electoral College votes IF CONGRESS WERE NOT IN SESSION.

But the request itself, for proof that the underlying protest was permitted, is a reasonable basis to try to argue he didn’t plan to prevent the peaceful transfer of power that day.

The problem for Rehl — and the reason this move may backfire — is that the permits are already public and they likely say far more than Rehl wants them to say; BuzzFeed liberated them (in a fairly historic bit of Jason Leopold and Jeffrey Light FOIA magic).

The documents show that when Capitol Police received the permit application for the specific port-a-john location that Rehl wants to subpoena, an officer responding to the permits judged that the application was an attempt to hide the role of Stop the Steal in the rally.

On Dec. 21, 2020, a group called One Nation Under God filed an application with the Capitol Police’s special events section to stage a protest over “election fraud in swing states” at the Senate East Front grassy area on Jan. 6 between 9 a.m. and 6 p.m.

The officer who reviewed the application noticed some irregularities. For one thing, the officer wrote in an intelligence assessment, “One Nation Under God is not an organization and does not maintain social media accounts or webpages.” For another, one of the people listed as a confirmed speaker was Alexander, a leader of Stop the Steal, which was planning a major rally at Freedom Plaza that same day.

A screenshot of the text from the documents

Obtained via Capitol Police

“I explained,” the officer wrote, “that it appears that the Stop the Steal and the One Nation Under God is one in the same due to the similarities and the affiliation with Ali Alexander.” In an email on Dec. 31, 2020, another officer mentioned concerns about the approval of “certain permits,” specifically that “the permit requests … are being used as proxies for Stop the Steal” and “may also be involved with organizations that may be planning trouble.”

The officer did some follow up only to find that the guy who applied for the permit couldn’t answer basic questions about the event.

The permit application listed Nathan Martin of Shelby, Ohio, as a representative of One Nation Under God. According to the documents, a Capitol Police officer spoke with him on Dec. 28, 2020. The officer’s notes suggest that Martin was not forthcoming about the group’s plans.

A screenshot of the application from One Nation Under God

Obtained via Capitol Police

A permit application listing Nathan Martin as the contact for One Nation Under God

“I inquired if he has any additional information he could give me for the event. Mr. Martin said there are a few events that they have going on and he does not know which one I was referring,” the officer wrote. “When I asked about the ‘few events’, he stated that the events were in the hotels.”

And when BuzzFeed called Martin, he admitted the tie between the group on the permit and Stop the Steal — effectively confirming that One Nation was a front for Stop the Steal.

Brown, who did not respond to emails and phone calls requesting comment, told the officer Martin “is associated with Stop the Steal and travels with Ali Alexander.” Martin “does not seem to have an official title but he deals with the daily operations to include hotel books and car rentals.”

[snip]

In an interview with BuzzFeed News, Martin acknowledged his affiliation with the two groups but said he could not explain what One Nation Under God’s mission was, how it was formed, and for what purpose. He said he had not seen the permit, could not explain why his name was on it, and was unaware that the demonstration had been capped at 50 people.

The permit also says the purpose of the demonstration is “demonstration for election fraud in swing states,” which doesn’t sound particularly legal. And BuzzFeed learned that the sound equipment (which Alex Jones may have used to lure bodies to the East side of the Capitol) was never used.

Now maybe Rehl knows all this. Maybe this is what he thinks he’ll get. He first started pursuing this subpoena on September 11, two days after BuzzFeed released these records. So maybe the proof that the Capitol Police approved this permit even after recognizing it was all just a front is what he’s after.

But effectively what he’s doing is soliciting records that show Stop the Steal, with which the Proud Boys seem to have coordinated, engaged in a kind of fraud on the Capitol Police to obtain more permits and spread out their obviously false claim that each protest would only have 50 participants.

Effectively, he risks opening up a whole big can of fraud exposure for any co-conspirators, and any reliance the Proud Boys made on having this permit (and the port-a-johns) to legitimize their mob rests on the shell games that Ali Alexander’s people were playing.

Update: Rehl didn’t know about the BuzzFeed liberation, but neither did he credit me for informing him when he learned of it (the third time the Proud Boy leaders have not credited my reporting in their filings).

4. However, in response to the filing of counsel’s Motion, a news blog noticed the Motion and commented on it, and the blog entry was forwarded to me as counsel.

5. It seems that BUZZFEED filed suit for this information and the permits were released to the public on September 9, 2021. The documents produced are attached hereto.

The admission that he didn’t know that the permits had been liberated (and therefore didn’t know that they show Ali Alexander playing a shell game to obtain permits) may be why his attorney wants to get a good look at these permits for “demonstration for election fraud in swing states” before he relies on them for a new bid to be released.

THEREFORE, the Motion may be moot and counsel asks the Court to delay any consideration of the Motion until counsel can decipher these documents and determine if anything further is still needed.

Share this entry

The Yahoo Story about All the Things CIA Wasn’t Allowed to Do Against WikiLeaks

When last we saw Zach Dorfman get a big scoop, he managed to present claims about Eric Swalwell appropriately cooperating with the FBI in a counterintelligence investigation so wildly out of context that the story fed false claims about Swalwell for most of a year.

His big story about Mike Pompeo’s vendetta against WikiLeaks — with Sean Naylor and Michael Isikoff — is bound to be a similar example.

Wherein paragraph 100-something debunks paragraphs 1 and 2

The first two paragraphs claim that there were discussions about assassinating Julian Assange.

In 2017, as Julian Assange began his fifth year holed up in Ecuador’s embassy in London, the CIA plotted to kidnap the WikiLeaks founder, spurring heated debate among Trump administration officials over the legality and practicality of such an operation.

Some senior officials inside the CIA and the Trump administration even discussed killing Assange, going so far as to request “sketches” or “options” for how to assassinate him. Discussions over kidnapping or killing Assange occurred “at the highest levels” of the Trump administration, said a former senior counterintelligence official. “There seemed to be no boundaries.”

Paragraph 12 says that lots of those things described in paragraphs one and two weren’t approved.

There is no indication that the most extreme measures targeting Assange were ever approved, in part because of objections from White House lawyers, but the agency’s WikiLeaks proposals so worried some administration officials that they quietly reached out to staffers and members of Congress on the House and Senate intelligence committees to alert them to what Pompeo was suggesting. “There were serious intel oversight concerns that were being raised through this escapade,” said a Trump national security official.

Around about paragraph 67 the piece describes Mike Pompeo asking for “the art of the possible,” something CIA Directors have a history of doing as a way to think outside the box.

Soon after the speech, Pompeo asked a small group of senior CIA officers to figure out “the art of the possible” when it came to WikiLeaks, said another former senior CIA official. “He said, ‘Nothing’s off limits, don’t self-censor yourself. I need operational ideas from you. I’ll worry about the lawyers in Washington.’” CIA headquarters in Langley, Va., sent messages directing CIA stations and bases worldwide to prioritize collection on WikiLeaks, according to the former senior agency official.

Around the 90s, Yahoo claims someone learned second-hand that Trump asked about killing Assange, but then suggests that wasn’t real, then describes top CIA officials talking about killing Assange, then admits such plans may have never gotten to the White House.

Some discussions even went beyond kidnapping. U.S. officials had also considered killing Assange, according to three former officials. One of those officials said he was briefed on a spring 2017 meeting in which the president asked whether the CIA could assassinate Assange and provide him “options” for how to do so.

“It was viewed as unhinged and ridiculous,” recalled this former senior CIA official of the suggestion.

It’s unclear how serious the proposals to kill Assange really were. “I was told they were just spitballing,” said a former senior counterintelligence official briefed on the discussions about “kinetic options” regarding the WikiLeaks founder. “It was just Trump being Trump.”

Nonetheless, at roughly the same time, agency executives requested and received “sketches” of plans for killing Assange and other Europe-based WikiLeaks members who had access to Vault 7 materials, said a former intelligence official. There were discussions “on whether killing Assange was possible and whether it was legal,” the former official said.

Yahoo News could not confirm if these proposals made it to the White House. Some officials with knowledge of the rendition proposals said they had heard no discussions about assassinating Assange.

And then well past paragraph 100, Yahoo admits the plans to assassinate Assange went nowhere, in significant part because doing so would be illegal.

A primary question for U.S. officials was whether any CIA plan to kidnap or potentially kill Assange was legal. The discussions occurred under the aegis of the agency’s new “offensive counterintelligence” authorities, according to former officials. Some officials thought this was a highly aggressive, and likely legally transgressive, interpretation of these powers.

Without a presidential finding — the directive used to justify covert operations — assassinating Assange or other WikiLeaks members would be illegal, according to several former intelligence officials. In some situations, even a finding is not sufficient to make an action legal, said a former national security official. The CIA’s newfound offensive counterintelligence powers regarding WikiLeaks would not have stretched to assassination. “That kind of lethal action would be way outside of a legitimate intelligence or counterintelligence activity,” a former senior intelligence community lawyer said.

In the end, the assassination discussions went nowhere, said former officials.

The idea of killing Assange “didn’t get serious traction,” said a former senior CIA official. “It was, this is a crazy thing that wastes our time.”

As to the discussions of kidnapping Assange, both the UK and NSC nixed those ideas, though White House Counsel lawyer John Eisenberg (who is presented as the hero of the Yahoo story, and who was a national security lawyer at DOJ during the Bush Administration when such things did get approved) worried that CIA would do it without alerting him and others, and so pressed DOJ to indict Assange if they were going to.

“There was a discussion with the Brits about turning the other cheek or looking the other way when a team of guys went inside and did a rendition,” said a former senior counterintelligence official. “But the British said, ‘No way, you’re not doing that on our territory, that ain’t happening.’” The British Embassy in Washington did not return a request for comment.

In addition to diplomatic concerns about rendition, some NSC officials believed that abducting Assange would be clearly illegal. “You can’t throw people in a car and kidnap them,” said a former national security official.

In fact, said this former official, for some NSC personnel, “This was the key question: Was it possible to render Assange under [the CIA’s] offensive counterintelligence” authorities? In this former official’s thinking, those powers were meant to enable traditional spy-versus-spy activities, “not the same kind of crap we pulled in the war on terror.”

In short, this is a very long story that spends thousands of words admitting that its lead overstates how seriously this line of thought, particularly assassination, was pursued.

I will have lots more to say about several things that discredit this story. But for now that’s the important thing: The story admits that the story oversells its lead.

Yahoo describes the changing view regarding WikiLeaks

The story is useful because it lays out a chronology that few people understand, how over years the US view on Assange gradually changed (the view is entirely based on “former” officials and likely doesn’t reflect even what happened with Assange in the last years of the Trump Administration). The events it describes that led to a gradual change in the way the US treated Assange as depicted in this story are:

  • In response to the 2010 releases, the Obama Administration, “restricted investigations into Assange and WikiLeaks”
  • “In the wake of the Snowden revelations, the Obama administration allowed the intelligence community to prioritize collection on WikiLeaks,” no longer requiring a warrant for intel; but when “top intelligence officials” tried to get the White House to deem people like Laura Poitras and Glenn Greenwald “information brokers,” Obama refused
  • In spite of the changes described as occurring in 2013, in 2015 DOJ remained, “very protective,” of its authorities over whether to charge Assange and whether to treat WikiLeaks “like a media outlet”
  • “The events of 2016 ‘really crystallized’ U.S. intelligence officials’ belief that the WikiLeaks founder ‘was acting in collusion with people who were using him to hurt the interests of the United States,’ … But there was still ‘sensitivity on how we would collect on them.'” [Yahoo says NSA “surveilled” Guccifer 2.0’s Twitter accounts but we know that DOJ obtained warrants to read them, as well, which it doesn’t mention]
  • Yahoo presents a series of seemingly conflicting claims about how things changed in 2016, but does say that shortly before Trump took over Obama’s view on WikiLeaks underwent a “sea change”
  • On April 13, 2017, over a month after the first Vault 7 releases, Pompeo declared WikiLeaks a non-state hostile intelligence agency, thereby accessing “offensive counterintelligence” activities to use against WikiLeaks, including disruption efforts (though the article suggests none were ever used); this label did result in far more collection on WikiLeaks associates traveling around the world
  • In summer 2017, Pompeo embraced proposals to kidnap Assange, which was ultimately pitched to the British, but they refused and NSC officials argued it would be illegal
  • In December 2017, the Five Eyes worked together to thwart a believed Russian exfiltration attempt, and on the same day, DOJ charged Assange by complaint
  • In April 2019, Assange was booted from the Embassy and arrested under a single CFAA count, which DOJ has twice superseded (Yahoo makes no mention of the second superseding indictment and the story seems to drop well before the end of the Trump Administration; it makes no mention of whether Gina Haspel continued the policies pursued by Pompeo after he moved to State in 2018)

The timeline laid out here conflicts with virtually everything Assange claimed about the genesis of his charges during his extradition hearing: showing that Assange’s help getting Snowden out of Hong Kong is what started the process of revising views of WikiLeaks, showing that the US changed their understanding of Assange in 2016, not in 2017, as Assange repeatedly claimed in his extradition hearing, and showing that things really started ratcheting up after the Vault 7 release, at a time when Assange was also under investigation for several things unrelated to journalism (though Yahoo doesn’t mention those investigations, even though they are public), and was therefore separate from Trump’s election or Jeff Sessions’ later leak-driven commitment to crack down on journalists.

In short, amidst a jillion words making claims that the article itself discredits, the article proves that Assange lied, repeatedly, in his extradition hearing, and that the precipitating event in originally charging him was credible information about a Russian exfiltration plot.

Roger Stone reporter Michael Isikoff appears to be unfamiliar with the entire Roger Stone case

One thing that this story never explains is why, if the entire Trump Administration were so opposed to Assange as they claim, Pompeo would have to declare WikiLeaks a non-state hostile intelligence service rather than relying on a Presidential finding to spy on WikiLeaks’ associates.

The immediate question facing Pompeo and the CIA was how to hit back against WikiLeaks and Assange. Agency officials found the answer in a legal sleight of hand. Usually, for U.S. intelligence to secretly interfere with the activities of any foreign actor, the president must sign a document called a “finding” that authorizes such covert action, which must also be briefed to the House and Senate intelligence committees. In very sensitive cases, notification is limited to Congress’s so-called Gang of Eight — the four leaders of the House and Senate, plus the chairperson and ranking member of the two committees.

But there is an important carveout. Many of the same actions, if taken against another spy service, are considered “offensive counterintelligence” activities, which the CIA is allowed to conduct without getting a presidential finding or having to brief Congress, according to several former intelligence officials.

Often, the CIA makes these decisions internally, based on interpretations of so-called “common law” passed down in secret within the agency’s legal corps. “I don’t think people realize how much [the] CIA can do under offensive [counterintelligence] and how there is minimal oversight of it,” said a former official.

That’s what gave Pompeo broader authorities to operate on his own (and thereby creating the risk he might try to assassinate Assange without White House knowledge). But it’s also what limited his options legally. Had Pompeo gotten a finding, kidnapping and assassination would be less obviously prohibited, and just the Gang of Eight would have been briefed. But by making this announcement publicly, everyone learned about it. Ron Wyden predictably raised concerns (and there was a perennial battle over whether Congress would agree with Pompeo’s label as a sense of Congress).

Effectively, Pompeo got fewer authorities and more political pushback, literally the opposite of why Yahoo claims why he went this route.

I don’t know the answer. But I do know that this story’s treatment of Trump is bizarre and ignores a lot of known facts, so it’s possible the answer is the most obvious one: Pompeo couldn’t get a Presidential finding because the President wouldn’t sign off.

As noted above, the article does describe that a source heard second-hand that Trump asked for options to kill Assange, though it doesn’t date it more specifically than spring 2017 and dismisses the statement as one of Trump’s routine attacks.

The story describes that Mike Pompeo was terrified of briefing Trump on the Vault 7 breach, the first releases of which were published on March 7, 2017.

Pompeo, apparently fearful of the president’s wrath, was initially reluctant to even brief the president on Vault 7, according to a former senior Trump administration official. “Don’t tell him, he doesn’t need to know,” Pompeo told one briefer, before being advised that the information was too critical and the president had to be informed, said the former official.

It doesn’t explain, then, whether Pompeo, or Jim Comey, was the source of the briefing that Trump promptly shared with Tucker Carlson literally the day when the FBI would first interview suspected Vault 7 source Joshua Schulte in an urgent attempt to prevent him from fleeing the country with his diplomatic passport. It sure as hell doesn’t explain how the President, in his first known big leak of classified information, almost blew the entire Vault 7 investigation, and how that’s consistent with a plan to assassinate Assange.

Even crazier, especially given Michael Isikoff’s participation in the story, is that there’s no mention of the disclosures that came out as part of the Roger Stone investigation and the Mueller investigation more generally.

No later than November 15 (and possibly even before the election), Trump’s rat-fucker was working with Assange’s lawyer brokering a pardon deal.

In April, Stone called on Pompeo to resign for his comments in the wake of Vault 7.

Stone took to InfoWars on April 18, calling on Pompeo to either provide proof of those Russian ties or resign, defending the release of the Vault 7 tools along the way.

The Intelligence agencies continue to insist that Julian Assange is an active Russian Agent and that Wikileaks is a Russian controlled asset. The agencies have no hard proof of this claim whatsoever. Assange has said repeatedly that he is affiliated with no nation state but the Intelligence Agencies continue to insist that he is under Russian control because it fits the narrative in which they must produce some evidence of Russian interference in our election because they used this charge to legally justify and rationalize the surveillance of Trump aides, myself included.

[snip]

President Donald Trump said on Oct, 10, 2016 “I love Wikileaks” and Pompeo who previously had praised the whistleblowing operation now called Wikileaks “a non-state hostile Intelligence service often abetted by state actors like Russia”. Mr. Pompeo must be pressed to immediately release any evidence he has that proves these statements. If he cannot do so ,the President should discharge him.

[snip]

Julian Assange does not work for the Russians. Given the import of the information that he ultimately disclosed about the Clinton campaign, the Obama administration and the deep secrets in the CIA’s Vault 7, he has educated the American people about the tactics and technology the CIA has used to spy on ordinary Americans.

Assange personally DMed Stone to thank him for the article, while claiming that Pompeo had stopped short of claiming that WikiLeaks had gotten the stolen DNC emails directly, thereby making WikiLeaks like any other media outlet.

On or about April 19, 2017, Assange, using Target Account 2, wrote to Stone, “Ace article in infowars. Appreciated. But note that U.S. intel is engages in slight of hand maoevers [sic]. Listen closely and you see they only claim that we received U.S. election leaks \”not directly\” or via a \”third party\” and do not know \”when\” etc. This line is Pompeo appears to be getting at with his \”abbeted\”. This correspnds to the same as all media and they do not make any allegation that WL or I am a Russia asset.”

The Mueller investigation even showed that in the very same time period where Pompeo was considering assassination attempts on Assange, Trump’s rat-fucker was leveraging the “highest level of Government” to address Assange’s issues.

On June 10, 2017, according to affidavits submitted as part of the Mueller investigation, Roger Stone DMed Julian Assange and told him he was doing everything he could to “address the issues at the highest level of Government.”

57. On or about June 10, 2017, Roger Stone wrote to Target Account 2, “I am doing everything possible to address the issues at the highest level of Government. Fed treatment of you and Wikileaks is an outrage. Must be circumspect in this forum as experience demonstrates it is monitored. Best regards R.” Target Account 2 wrote back, “Appreciated. Of course it is!”

Nine days after the rat-fucker who had a notebook that recorded all the communications he had with Trump during the election described working at the highest level of government to help Assange, Trump attempted to shut down the entirety of the hack-and-leak investigation.

On June 19, 2017, according to the Mueller Report, the President dictated a message for Corey Lewandowski to take to Jeff Sessions, telling the (recused) Attorney General to meet with Robert Mueller and order him to limit his investigation only to future election meddling, not the election meddling that had gotten Trump elected.

During the June 19 meeting, Lewandowski recalled that, after some small talk, the President brought up Sessions and criticized his recusal from the Russia investigation.605 The President told Lewandowski that Sessions was weak and that if the President had known about the likelihood of recusal in advance, he would not have appointed Sessions.606 The President then asked Lewandowski to deliver a message to Sessions and said “write this down.” 607 This was the first time the President had asked Lewandowski to take dictation, and Lewandowski wrote as fast as possible to make sure he captured the content correctly.608 The President directed that Sessions should give a speech publicly announcing:

I know that I recused myself from certain things having to do with specific areas. But our POTUS . .. is being treated very unfairly. He shouldn’t have a Special Prosecutor/Counsel b/c he hasn’t done anything wrong. I was on the campaign w/ him for nine months, there were no Russians involved with him. I know it for a fact b/c I was there. He didn’t do anything wrong except he ran the greatest campaign in American history.609

The dictated message went on to state that Sessions would meet with the Special Counsel to limit his jurisdiction to future election interference:

Now a group of people want to subvert the Constitution of the United States. T am going to meet with the Special Prosecutor to explain this is very unfair and let the Special Prosecutor move forward with investigating election meddling for future elections so that nothing can happen in future elections.610

Days after Roger Stone told Julian Assange that he was trying to resolve matters at the highest level of government, the President of the United States tried to issue a back channel order that would shut down the investigation into Assange — and by association, Stone.

And it went on like that for some time, possibly up to the time when Mueller asked Trump about any pardon discussions for Assange. Only after that did Don Jr’s buddy tell former Sputnik employee Cassandra Fairbanks that the pardon discussion was off, whereupon she flew to London to tell Assange herself.

Particularly pertinent to the question of why CIA was working via offensive counterintelligence authorities rather than a Presidential finding, in October, after weeks of prodding from Trump, Pompeo took a meeting with Bill Binney to hear a theory that would have undermined the entire Intelligence Community’s attribution of the DNC hack via which emails shared with WikiLeaks were stolen. According to The Intercept’s report of the meeting, it led others in the Intelligence Community to worry that Pompeo had stopped heeding intelligence, particularly regarding Russia, that Trump didn’t like.

Some senior CIA officials have grown upset that Pompeo, a former Republican representative from Kansas, has become so close to Trump that the CIA director regularly expresses skepticism about intelligence that doesn’t line up with the president’s views. Pompeo has also alienated some CIA managers by growing belligerent toward them in meetings, according to an intelligence official familiar with the matter.

[snip]

[I]ndications of Pompeo’s willingness to support Trump at the risk of tainting the intelligence process have occasionally broken into the open in recent months. In August, the Washington Post reported that Pompeo had taken the unusual step of having the CIA’s Counterintelligence Mission Center, which would likely play a role in any inquiries by the agency into Russian election meddling, report directly to him. That move has raised concerns within the agency that Pompeo is seeking to personally control the CIA’s efforts to investigate accusations of collusion between the Trump campaign and Russia.

At the very least, by fall this put Pompeo in a more precarious position regarding his vendetta against Assange.

The thing is, the hero of this Yahoo story, John Eisenberg, must know parts of this story, because he was a key part of efforts to protect Trump. He played a role in protecting Mike Flynn after he lied to the FBI and an even bigger role in protecting Trump after he tried to coerce election help from Ukraine, so who knows what his motives really are here. But he certainly must know these details … but they don’t show up in the story.

Crazier still, Isikoff must know parts of these stories, because he reported on the Stone case.

Yet not only don’t those details appear in this story, but the depiction of an entire Administration, save for heroes like John Eisenberg, intent on assassinating Julian Assange is inconsistent with those public facts about Trump’s repeated efforts to undermine any attribution implicating Assange to say nothing of discussions of pardons for Assange.

The truth may be somewhere in the middle, with Trump vacillating between wanting to kill Assange and wanting to liberate him (in this story, however, he’s quoted complaining that Assange was treated badly). But what the President did to undermine the investigation targeting Assange seems to be as important a part of this story as the claim that he mouthed off once about the possibility of assassinating Assange, something he has done with a slew of other journalists and perceived enemies.

The UC Global timeline

Among all the 30 sources cited in the story and the reports that CIA ratcheted up spying on WikiLeaks associates under Pompeo, Yahoo didn’t succeed in getting more clarity on the — by the end of 2017 — very intrusive surveillance of Assange inside the Ecuadorian Embassy by a contractor called UC Global, citing just one source confirming the US did have access to video surveillance without even naming UC Global or revealing which agency UC Global was working with.

A former U.S. national security official confirmed that U.S. intelligence had access to video and audio feeds of Assange within the embassy but declined to specify how it acquired them.

So instead of new information from those 30 sources, Yahoo instead relies on the prior reports from some UC Global whistleblowers. As I noted here, based on their Assange extradition hearing testimony, one of them is quite credible while the other is far less so.

It’s important that Yahoo relies on the whistleblowers, because it provides another way, along with the public details they inexplicably leave out, to test their narrative. Yahoo describes, accurately, that UC Global was sharing information with the US by mid-2017 (the credible witness described key developments in June and July).

By late 2015, Ecuador had hired a Spanish security company called UC Global to protect the country’s London embassy, where Assange had already spent several years running WikiLeaks from his living quarters. Unbeknownst to Ecuador, however, by mid-2017 UC Global was also working for U.S. intelligence, according to two former employees who testified in a Spanish criminal investigation first reported by the newspaper El País.

Yahoo doesn’t note, however, that data collection first started to expand in 2016, and formal vetting for what was presumably this relationship started by January 24, 2017, just one day after Pompeo was confirmed.

I also recall that once Donald Trump won the elections, at the end of 2016, the collection of information intensified as Morales became more obsessed with obtaining as much information as possible.

[snip]

On 24 January 2017, once Donald Trump had acceded to the presidency of the United States, David Morales sent a message over Telegram in which he wrote, “Well, I want you to be alert because I am informed that we are being vetted, so everything that is confidential should be encrypted […] That’s what I’m being told. Everything relates to the UK issue. I am not worried about it, just be alert […] The people vetting are our friends in the USA”.

That is, this process started after WikiLeaks’ cooperation with Russia in 2016 caused a “sea change” in US treatment of Assange, but before Pompeo’s vendetta in response to Vault 7.

And while the surveillance absolutely ratcheted up during that summer (so potentially consistent with Pompeo’s vendetta, but also at a time when WikiLeaks was also under several different criminal investigations), Yahoo neglects to mention that the really intrusive surveillance came in December, at the same time (it reports) that the IC had credible reports of an exfiltration attempt.

In early December 2017, I was instructed by David Morales to travel with a colleague to install the new security cameras. I carried out the new installation over the course of several days. I was instructed by Morales not to share information about the specifications of the recording system, and if asked to deny that the cameras were recording audio. I was told that it was imperative that these instructions be carried out as they came, supposedly, from the highest spheres. In fact, I was asked on several occasions by Mr. Assange and the Political Counsellor Maria Eugenia whether the new cameras recorded sound, to which I replied that they did not, as my boss had instructed me to do. Thus, from that moment on the cameras began to record sound regularly, so every meeting that the asylee held was captured. At our offices in UC Global it was mentioned that the cameras had been paid for twice, by Ecuador and the United States, although I have no documentary evidence to corroborate this assertion.

The story Yahoo tells significantly amounts to Mike Pompeo proposing some illegal options to take out Assange, only to be thwarted by (at a minimum) the lawyers in place to prevent such things — though there’s good reason to believe DOJ played a big role in it too. And then, at a time when Pompeo had lost or was losing his bid to pursue illegal activities, the Five Eyes (presumably including Australia) identified and countered a Russian exfiltration attempt.

That presumably changed a lot of things about how the IC dealt with Assange. But those details don’t appear in this story. Aside from the mentions of DOJ successfully retaining the gatekeeper role on these questions in 2015 and 2017 (something I have some, albeit limited, reason to believe continued through 2019), the story doesn’t consider — at all! — the various criminal investigations at the time, not even the one that Isikoff has covered in the past.

Crazier still, it presents this as a story about the Trump Administration, while ignoring public details about a key player in that Administration — some guy named Trump — was doing that at the least conflicted with Pompeo’s actions.

Pompeo is and was batshit crazy and I’m glad, for once, the lawyers managed to rein in the CIA Director. But this seems to be, largely, a story about crazy Mike Pompeo being reined in by lawyers.

Share this entry

The FBI’s Proud Boy Informant Showed Up Late

The Proud Boys charged with the most serious assaults on January 6 — including (at a minimum) Dan “Milkshake” Scott and Christopher Worrell — are not charged with conspiracy, though both could easily have been included as co-conspirators. Nor is Ryan Samsel, who is not known to be a Proud Boy but spoke to Joe Biggs just before he kicked off the entire riot by allegedly knocking over a cop and giving her a concussion (this may change, especially since, after a long delay, DOJ charged Samsel individually in an indictment that, either via the assignment wheel or because it was identified as a case related to the Proud Boys leadership indictment, got assigned to Judge Tim Kelly). While Dominic Pezzola is charged with assault for stealing the riot shield he used to break into the Capitol and Billy Chrestman is charged with threatening to assault a cop, their co-defendants are not implicated in those assaults, except insofar as they are overt acts in a conspiracy.

That’s why I find this detail from NYT’s blockbuster report on what a Proud Boy informant who showed up late to the January 6 riot and then entered the Capitol has told the FBI about the investigation rather interesting.

At the same time, the new information is likely to complicate the government’s efforts to prove the high-profile conspiracy charges it has brought against several members of the Proud Boys.

On Jan. 6, and for months after, the records show, the informant, who was affiliated with a Midwest chapter of the Proud Boys, denied that the group intended to use violence that day.

[snip]

On the eve of the attack, the records show, the informant said that the group had no plans to engage in violence the next day except to defend itself from potential assaults from leftist activists — a narrative the Proud Boys have often used to excuse their own violent behavior.

The government has never accused the Proud Boy conspirators of planning to use violence themselves, though there is evidence they knew their incitement could spark violence among “normies.” There’s even evidence that Ethan Nordean tried to rein in one attack (though only after he had presumably witnessed other assaults on cops).

That is, that claim is utterly irrelevant to the government’s conspiracy cases against the Proud Boys.

And yet the NYT offered it as one reason this informant’s report might, “complicate the government’s efforts to prove the high-profile conspiracy charges it has brought against several members of the Proud Boys.”

To be sure, there is one way this informant might undermine the existing conspiracy charges.

The informant’s interview reports affirmatively claim that he knew of no plans to storm the Capitol, nor did he hear any talk of the electoral college certification in his travels that day.

In lengthy interviews, the records say, he also denied that the extremist organization planned in advance to storm the Capitol.

[snip]

But statements from the informant appear to counter the government’s assertion that the Proud Boys organized for an offensive assault on the Capitol intended to stop the peaceful transition from Mr. Trump to Mr. Biden.

On the eve of the attack, the records show, the informant said that the group had no plans to engage in violence the next day except to defend itself from potential assaults from leftist activists — a narrative the Proud Boys have often used to excuse their own violent behavior.

Then, during an interview in April, the informant again told his handlers that Proud Boys leaders gave explicit orders to maintain a defensive posture on Jan. 6. At another point in the interview, he said that he never heard any discussion that day about stopping the Electoral College process.

The records show that, after driving to Washington and checking into an Airbnb in Virginia on Jan. 5, the informant spent most of Jan. 6 with other Proud Boys, including some who have been charged in the attack. While the informant mentioned seeing Proud Boys leaders that day, like Ethan Nordean, who has also been charged, there is no indication that he was directly involved with any Proud Boys in leadership positions.

In a detailed account of his activities contained in the records, the informant, who was part of a group chat of other Proud Boys, described meeting up with scores of men from chapters around the country at 10 a.m. on Jan. 6 at the Washington Monument and eventually marching to the Capitol. He said that when he arrived, throngs of people were already streaming past the first barrier outside the building, which, he later learned, was taken down by one of his Proud Boy acquaintances and a young woman with him. [my emphasis]

This guy’s testimony absolutely poses a challenge to prosecutors prosecuting the Proud Boys this guy was actually interacting with.

That said, the NYT does not say whether he was interacting with those charged with conspiracy or even obstruction (still-active Proud Boys, like Jeremy Grace, have been charged only with trespassing). Even if he was interacting with people charged with conspiracy, the fact that he showed up late and (claimed that he) did not know that some of his own acquaintances were going to breach the barriers until after the fact would, at most, show that he wasn’t privy to the plans of lower level cells.

But the way in which DOJ has charged the Proud Boy side of the conspiracies is with one leadership conspiracy, and four subconspiracies that are effectively cells that allegedly worked together to achieve smaller objectives: to breach the West door, to breach the North door, and to keep the Visitor Center gates open (the NYT misses one of the charged Proud Boy conspiracies, against the Klein brothers, for opening a North door to the building, which has acquired more tactical import with the charging of Ben Martin).

Two main things matter to the viability of the larger Proud Boys conspiracy: First, whether the four charged in the leadership conspiracy did have an advance plan. And second, whether their conspiracy interlocks with the Dominic Pezzola conspiracy that ended up breaching the front door of the Capitol and with it exposed Pezzola, his co-conspirators, and by association, the Proud Boy leaders to terrorism enhancements.

The second point is one that the Proud Boy leaders are contesting aggressively. We have yet to see evidence proving a tie between those two conspiracies. But we also have yet to see any evidence from the December rally at which the ties to Pezzola appear to have been forged. Meanwhile, William Pepe is disclaiming knowing the others, suggesting a possible weakness in that conspiracy charge.

As to the first, what we’ve seen in public evidence is that, in the wake of the Enrique Tarrio arrest on January 4, the four leaders attempted to regroup, and then, on the night before the riot, Joe Biggs and Ethan Nordean met with unnamed people and finalized a plan in seeming coordination with Tarrio, and avoided speaking of it even on their limited leadership Telegram chat.

On January 4, when Tarrio arrived in DC for the riot, he was arrested for his attack on the Black Church in December, whereupon he was found with weapons that are unlawful in DC. In the wake of Tarrio’s arrest, Ethan Nordean was supposed to be in charge of the operation. But around 9:08PM the day before the riot (these texts reflect Nordean’s Washington state time zone, so add three hours), someone said he had not heard from Nordean in hours.

Minutes later, Biggs explained that “we just had a meeting w[i]th a lot of guys” and “info should be coming out.” While redacted in these texts, the superseding indictment describes that he also notes he had just spoken with Tarrio.

He further explained that he was with Nordean and “we have a plan.”

Biggs then says he gave Tarrio a plan.

Ethan Nordean may have been in charge on January 6. But Biggs seems to have been the one working most closely with Tarrio, through whom at least some of the inter-militia coordination worked.

There’s little question they had a plan to do something (and that that plan did not include attending the Trump rally which was the primary innocent reason for Trump supporters to show up to DC that day). The question is what kind of evidence DOJ has substantiating that plan, especially after claimed efforts to flip Zach Rehl collapsed. (Nordean has also said he’ll move to suppress these texts because his spouse consented to the breach of his phone, which led FBI to obtain them, but it’s likely the FBI has a second set of the texts in any case.)

But it also is likely the case that the place to look for that evidence is not with a low-level Proud Boy who showed up late to insurrection, but with the others with whom Nordean and Biggs were meeting the night before the riot. And there’s no indication that these people were all Proud Boys, and in fact good reason to suspect they weren’t.

In the weeks before the riot, Kelly Meggs repeatedly talked about a Florida-based intra-militia alliance.

In the days after both the DC even[t] and an event involving Stone in Florida, Oath Keeper Kelly Meggs claimed he organized a Florida-based “alliance” between the Oath Keepers, Proud Boys, and 3%ers.

On Christmas Eve, Meggs specifically tied protection at the January rally, probably of Stone, and coordination with a Proud Boy, almost certainly Tarrio, in the same text.

And in the days after, the Southern California 3%ers laid out a Stop the Steal affiliated plan to surround the Capitol.

Spread the word to other CALIFORNIA Patriots to join us as we March into the Capitol Jan 6. The Plan right now is to meet up at two occasions and locations: 1. Jan 5th 2pm at the Supreme Court steps for a rally. (Myself, Alan, [and others] will be speaking) 2. Jan 6th early 7am meet in front of the Kimpton George Hotel…we will leave at 7:30am sharp and March (15 mins) to the Capital [sic] to meet up with the stop the steal organization and surround the capital. [sic] There will be speakers there and we will be part of the large effort for the “Wild Rally” that Trump has asked us all to be part of. [my emphasis]

Not only is this what happened on January 6, but Joe Biggs seemed to know that key Stop the Steal figures, including his former employer Alex Jones, would open up a second front of this attack and arrived to take part in it, entering the Capitol a second time virtually in tandem with the Meggs-led Stack.

This is one reason I keep presenting all these conspiracies together: because there’s good reason the Proud Boy conspiracies don’t just intersect with each other, but that the Proud Boy conspiracies intersect, in the person of Joe Biggs and others, with each other.

There are many reasons that the report of an FBI handler not understanding that his or her Proud Boy informant was describing the breach of the Capitol as it happened is important.

After meeting his fellow Proud Boys at the Washington Monument that morning, the informant described his path to the Capitol grounds where he saw barriers knocked down and Trump supporters streaming into the building, the records show. At one point, his handler appeared not to grasp that the building had been breached, the records show, and asked the informant to keep him in the loop — especially if there was any violence.

But, except to limited degree to which his testimony affects the case against the Proud Boys with whom he actually interacted, this report primarily provides yet more proof that the FBI, trained by Billy Barr not to investigate any subjects Trump claimed as his own tribe, had no conception of what they were looking at on January 6, not even as the Proud Boys led an attack on the Capitol.

The government has not yet publicly shown all of its evidence that the Proud Boy leaders, alone or in concert with other militias and Stop the Steal organizers, had a plan to attack the Capitol on January 6. Unless something disrupts the case, we won’t see that until next summer.

But one thing we know from the available evidence is that low-level Proud Boys who showed up late to insurrection are not the place to look for that plan.

Share this entry

John Durham Is the Jim Jordan of Ken Starrs

Last Thursday, John Durham indicted Michael Sussmann, the Perkins Coie lawyer who advised the DNC, DCCC, and Clinton Campaign about cybersecurity in 2016 as they struggled to deal with a hostile nation-state attack aiming — in part — to help elect their opponent. The indictment accuses Sussmann of lying to FBI General Counsel James Baker at a September 19, 2016 meeting at which Sussmann shared information about the curious DNS traffic between a server used by a Trump marketing contractor and Alfa Bank.

emptywheel’s long history of debunking the Alfa Bank story

Before I unpack the indictment, let me remind readers that when this story first publicly broke, I explained why the Spectrum Health (aka my boob hospital at the time) aspect of the allegations made no sense, criticized Hillary’s team (including Jake Sullivan) for jumping on the story, and echoed Rob Graham’s criticism of the researchers who accessed DNS data to conduct this research.

In addition to his technical debunking, Robert Graham made an equally important point: researchers shouldn’t be accessing this data for ad-lib investigations into presidential candidates, and it’s not even clear who would have access to it all except the NSA.

The big story isn’t the conspiracy theory about Trump, but that these malware researchers exploited their privileged access for some purpose other than malware research.

[snip]

In short, of all the sources of “DNS malware information” I’ve heard about, none of it would deliver the information these researchers claim to have (well, except the NSA with their transatlantic undersea taps, of course).

[snip]

[B]efore Tea Leaves started pushing this story to the press, the FBI had been investigating it for two months.

Which, to my mind, raises even more questions about the anonymous researchers’ identities, because (small world and all) the FBI likely knows them, in which case they may have known that the FBI wasn’t jumping on the story by the time they started pitching it.

Or the FBI doesn’t know them, which raises still more questions about the provenance of these files.

Ah well, if President Hillary starts a war with Russia based off Iraq-War style dodgy documents, at least I’ll have the satisfaction of knowing my boob clinic is right there on the front lines.

In March 2017, I observed that the weird Alfa Bank entry in the Steele dossier suggested a feedback loop between the Alfa Bank server story and the dossier project. Then days after that, I noted all the ways that the packaging of this story made it more suspect.

In 2018, I complained about the way Dexter Filkins had strained to sustain the story, while noting that people ought to look more closely at why Alfa Bank might be the focus here; the Mueller Report since confirmed that within weeks after the story broke publicly, Vladimir Putin pushed Oligarchs from Alfa Bank to fight harder against western sanctions, something that the alleged source for the Alfa Bank entry in the dossier seemed to parrot.

In short, I not only have consistently criticized this story, but done so in ways that anticipate the most justifiable parts of the indictment. It’s only the last bit — how the Alfa narrative echoes Putin’s interests — that this indictment doesn’t incorporate.

I guess with five more years Durham might get there…

So in unpacking this indictment, I’m in no way defending the Alfa Bank – Trump Tower story. It was a sketchy allegation, the packaging of it was suspect, and those who conducted the research arguably violated ethical guidelines.

I got to where Durham got in this indictment years and years ago. But that doesn’t make it a crime.

John Durham’s “narrative”

Moreover, that doesn’t mean Durham should tell as strained a “narrative” as those who packaged up this story. Central to Durham’s indictment is an assumption that if a victim of a crime who believed at the time that the crime had a — since confirmed — political goal reports suspicious, potentially related details, the victim must be motivated exclusively out of self-interest, not good citizenship or a concern about national security. That is, this entire indictment assumes that when Russia attacks a Presidential candidate, that is not itself a national security concern, but instead nothing more than a political dispute.

Effectively, John Durham has made it a crime for someone victimized by a Russian influence operation to try to chase down Russian influence operations.

Tech Executive-1 and Clinton both had retained Perkins Coie long before this, with Sussmann getting involved specifically for cybersecurity help in the wake of the Russian hack

The indictment, perhaps deliberately, obscures the timeline and facts leading up to the charged lie. But here’s the story it tells. First, all of Durham’s subjects established contracts with each other, even though all of those contracts (including Fusion GPS’) had scopes far larger than oppo research on Trump’s relationship with Russia.

  • In February 2015, Tech Executive-1 (whom I’ll call TE-1 for brevity) retained Sussmann to deal with a US government agency [Durham does not say whether this matter was resolved or continued in this period in 2016, which is central to the question of what kind of client of Sussmann’s TE-1 was].
  • In April 2015, the Clinton Campaign retained Perkins Coie and made Marc Elias the Campaign’s General Counsel.
  • In April 2016, the victim of a Russian government election-related attack, the DNC, retained Sussmann to help it deal with aftermath, which included meeting with the FBI. As the indictment describes this was not just legal support but cybersecurity.
  • [After a Republican retained them first and on a date that Durham doesn’t reveal,] Perkins Coie retained Fusion GPS to conduct oppo research on Trump pertaining to Russia [and other topics, though Durham doesn’t mention those other topics].

Durham only mentions in passing, later, that the researchers involved here similarly knew each other through relationships that focused on cybersecurity and predated these events.

Via means and on specific dates that Durham doesn’t always provide, Tea Leaves, TE-1, Sussmann, and two Researchers got the DNS data showing an anomaly

There are two sets of research here: that done in a university setting and that done at companies associated with TE-1, though TE-1 is the pivot to both. As depicted, Durham suggests the former are more legally exposed than the latter.

  • By some time in late July 2016 [the exact date Durham doesn’t provide], a guy who always operated under the pseudonym Tea Leaves but whom Durham heavy-handedly calls “Originator-1” instead had assembled “purported DNS data” reflecting apparent DNS lookups between Alfa Bank and “mail1.trump-email.com” that spanned from May 4 through July 29.
  • Tea Leaves was a business associate of TE-1 and via means Durham doesn’t describe, the data Tea Leaves gathered was shared with TE-1.
  • “In or about July 2016” [at a time that, because of the laws of physics, must post-date the late July date when Tea Leaves collected this data and the date when he shared them with TE-1], TE-1 alerted Sussmann to the data.
  • On July 31, Sussmann billed the Clinton Campaign for 24 minutes with the billing description, “communications with Marc Elias regarding server issue.”
  • At some point [Durham doesn’t provide even a month, but by context it was at least as early as July 2016 and could have been far, far earlier], TE-1’s company provided a university with data for a government contract ultimately not contracted until November 2016, including the DNS data from an Executive Branch office of the US government that Tech Exec-1’s company had gotten as a sub-contractor to the US government. [This date of this is critical because it would be the trigger for a Conspiracy to Defraud charge, if Durham goes there.]
  • In or about August 2016 [Durham doesn’t provide a date], a federal government was finalizing but had not yet signed a cybersecurity research contract with [presumably] that same university to receive and analyze large quantities of public and non-public data “to identify the perpetrators of malicious cyber-attacks and protect U.S. national security.” Tea Leaves was the founder of a company that the university was considering [Durham doesn’t provide the date of consideration, but generally these things precede finalization] for a subcontract with the government contract.

TE-1 directs employees of companies under his control to research this issue

Though Durham’s indictment is somewhat vague, at least one piece of research from companies associated with TE-1 was shared with the FBI; it appears that other threads of research were not shared.

  • In or about early August 2016 [the dates of which Durham doesn’t provide], TE-1 directed personnel at two companies in which he had an ownership interest to search for what the indictment calls, “any Internet data reflecting potential connections or communications between Trump or his associates and Russia,” which Durham describes to be “derogatory information on Trump.” In connection with this tasking, TE-1 later stated [on a date Durham doesn’t describe] he was working with someone who had close ties to the Democratic Party.
  • At some point, an individual tasked with this work described being “uncomfortable regarding this tasking,” [Durham doesn’t describe when he learned this or whether there is any contemporaneous proof].
  • At some point [Durham doesn’t describe the date], TE-1 provided one of his companies with personal (but publicly available) data from six Trump associates and one purported US-based lobbyist for Alfa Bank and directed these individuals should be the focus of that company’s data queries and analysis [Durham doesn’t say whether these six associates overlapped with the people Fusion had been tasked to research, nor does he allege they got included in the eventual reports to the FBI; both details are needed to assess his case].
  • On August 12, 2016, Sussmann, Elias, and TE-1 met in Elias’ office; Sussmann billed his time to the Clinton Campaign describing, “confidential meetings with Elias, others.”
  • On August 15, employees at one of the companies queried their holdings against a set of addresses that referred to Trump and/or Alfa Bank.
  • During the same time period [Durham doesn’t specify when], employees at Internet Company-3 drafted a written paper that included technical observations that Sussmann would later convey to the FBI.

Around the time this started, Sussmann met Fusion and a bunch of meetings happened that were billed to Hillary

  • On July 29, Sussmann and Marc Elias met with Fusion GPS [Durham doesn’t affirmatively claim this data pertained to the server issue], and Sussmann billed his time to the Hillary Campaign under “General Political Advice,” a different description than all the other Fusion meetings that Durham more credibly claims relate to the Alfa Bank allegation.
  • Around “the same [August] time period” [Durham doesn’t provide the date], Sussmann, Elias, and Fusion personnel began exchanging emails with the subject line, “Connecting you all by email;” [Durham doesn’t say who initiated the email, but it suggests that before this period, Sussmann and Fusion did not have direct contact].
  • On August 17, 2016, Sussmann, Elias, and TE-1 conducted an additional conference call, for which Sussmann billed his time to the Clinton campaign, noting “telephone conference with” TE-1 and Elias.
  • On August 19, 2016, Sussman and Elias had another in-person meeting that Sussmann described as a meeting with TE-1, which was billed as a “confidential meeting with Elias, others.”

Researchers 1 and 2 and Tea Leaves worked with TE-1 on a “storyline” and “narrative” with varying degrees of skepticism expressed

This is the stuff Durham–with some justification–will and has used to taint all this as a political project.

  • On July 29, Researcher-2 emailed Researcher-1 the data compiled by Tea Leaves [Durham provides no evidence that TE-1 was involved in this exchange].
  • On August 19, Researcher-1 queried Internet data maintained by TE-1’s company [it is not clear but this suggests it was not the data turned over to the University] for the aforementioned mail1.trump-email.com domain. Researcher-1 then emailed TE-1 with the list of domains that had communicated with it, saying the list, “does not make much sense with the storyline you have.”
  • On August 20, Tea Leaves emailed Tech Exec-1, Researcher-1, and Researcher 2, stating that, “even if we found what [TE-1] asks us to find in DNS, we don’t see the money flow, and we don’t see the content of some message saying, ‘send money here’.” Tea Leaves then explained that one could fill out sales forms and cause them, “to appear to communicate with each other in DNS.” Tea Leaves then noted that “it’s just not the case that you can rest assured that Hillary’s opposition research and whatever professional gov and investigative journalists are also digging come up with the same things.”
  • On August 20, TE-1 clarified that the task was “indeed broad,” and that,
    • Being able to provide evidence of *anything* that shows an attempt to behave badly in relation to this [Durham doesn’t describe what the antecedent of “this” is], the VIPs would be happy. They’re looking for a true story that could be used as the basis for closer examination.
  • Still on August 20, seemingly distinguishing between that task and the Alfa Bank allegations, TE-1 said, “the prior hypothesis was all that they needed: mailserver dedicated or related to trump … and with traffic almost exclusively with Alfa was sufficient to do the job. … Trump has claimed he and his company have had NO dealings with .ru other than the failed Casino, and the Miss universe pageant. He claims absolutely NO interaction with any financial institutions. So any potential like that would be jackpot.” [Ellipses original]
  • On August 21, TE-1 emailed the recipients [but not, apparently, Sussmann], urging them to do further research on Trump which would “given the base of a very useful narrative.” He added that he didn’t believe the trump-email.com domain was a secret communications channel but a “red herring,” because the host was “a legitimate valid company,” stating they could “ignore it, together with others that seem to be part of the marketing world.”
  • On August 22, Researcher-1 raised doubts about whether, using only the tools they were currently using, they could prove their hypothesis. Among the concerns raised is that they couldn’t prove that “this is not spoofed [] traffic.” [brackets original; bolded in the original]
  • Later in or about August 2016 [on dates Durham doesn’t provide], TE-1 exchanged emails with personnel from Fusion.

Sussmann drafts a white paper and (via unstated means) TE-1 gets Researchers 1 and 2 and Tea Leaves to review it

  • Between September 5 and September 14, Sussmann drafted a white paper, generally billing his time to the Clinton Campaign, but on September 14, billing time to both Clinton and TE-1.
  • On September 14, TE-1 [not Sussmann] sent the white paper he had drafted to Researcher 1, Researcher 2, and Tea Leaves to ask them if a review of less than an hour would show this to be plausible. Though some of them noted how limited the standard of “plausibility” was, they agreed it was plausible, and Researcher 2 said [Durham does not quote the specific language here] “the paper should be shared with government officials.”

Sussmann shares this and other information with James Baker and–Durham claims–affirmatively lies about whether he is representing someone

  • Both before the September 19 meeting and after it (notably in a September 12 meeting involving the NYTimes, in which Marc Elias also participated), Sussmann spoke to the press about what Durham credibly suggests was the Alfa Bank white paper. Sussmann billed this to Clinton.
  • On September 19, Sussmann met with Baker and provided him with three white papers and a thumb drive with data. Durham doesn’t actually make clear where all three of these came from.
  • On September 19, Sussmann met with James Baker. Durham claims that “he stated falsely that he was not acting on behalf of any client” [which Durham cannot quote because there’s no contemporaneous record], that he had been approached by multiple cyber experts [Durham doesn’t say whether the three he named were Researcher 1, Researcher 2, and Tea Leaves or other people, as seems to be the case], three white papers [which I may return to because this is another problematic spot in his story], and some of the data, which Durham calls “purported.”
  • Immediately after the September 19 meeting, Baker met with Bill Priestap whose notes read:
    • Michael Sussman[n] — Atty: Perkins Coie — said not doing this for any client
      • Represents DNC, Clinton Foundation, etc. []
      • Been approached by Prominent Cyber People (Academic or Corp. POCs), People like: [three names redacted]
  • Durham substantiates a claim that Sussmann billed the meeting itself to Hillary to a description, “work and communications regarding confidential project,” that does not, at least as he quotes it, mention a meeting with the FBI General Counsel at all.

Some of this — the reference to crafting a narrative and a storyline — is damning and validates my discomfort with the political nature of this project five years ago. Other parts of this emphasize the researchers’ insistence on truth from at least parts of this effort. Still others (such as the recognition that this could be spoofed data) will almost certainly end up being presented as exculpatory if this ever goes to trial, but Durham seems to think is inculpatory.

In one place, Durham describes “aforementioned views,” plural, that the Alfa Bank data was a “red herring,” something only attributed to TE-1 in the indictment, seemingly presenting TE-1’s stated view on August 21 to everyone involved, including Sussmann, who does not appear to have been on that email chain. He claims Sussmann, Researcher 1 and 2, TE-1, and Tea Leaves drafted the white paper(s) shared with the FBI, but all he substantiates is a less than one hour review by everyone but Sussmann. He leaves out a great deal of detail about what Jean Camp and someone using the moniker Tea Leaves did and said, publicly, after the FBI meeting, which may totally undercut Durham’s “narrative.”

But other parts, even of the story that Durham tells, are problematic for his narrative. First, there is not (yet) the least hint that Tea Leaves — whom he calls “The Originator” — fabricated this data (or even packaged it up misleadingly, though I think there is evidence he did). Nor is there the least hint that TE-1 asked Tea Leaves to come up with the data. That part of the story is fundamentally important and Durham simply ignores it with that legally unnecessary — particularly given that Durham clearly labels this person as Tea Leaves — moniker “Originator,” giving the anomalous forensic data a kind of virgin birth. And while two of the four tech experts described herein (there appear to be at least three others not described) expressed some doubt about the meaning of it, none of them seems to have doubted that there was an anomaly in the Trump marketing server and Alfa Bank.

Based on this story, though, Durham insinuates Sussmann fed information that he, Sussmann, knew to be bullshit to the FBI on behalf of both Hillary and TE-1, and in so doing affirmatively hid that the bullshit “storyline” was designed to help Hillary which (he claims) would have led the FBI to treat it differently.

In spite of a lot of thus far extraneous details, that’s the only crime he has alleged.

The existing case is remarkably weak

As a number of people have noted, as charged this is a remarkably weak case. Ben Wittes dedicates a section of his post on this indictment to those weaknesses. They are, succinctly:

  • The evidence regarding the core allegation in the indictment pits Sussmann’s word against James Baker’s; there are no other witnesses.
  • After the meeting with Baker, Sussmann repeatedly admitted under oath he was representing a client, a detail which could be exculpatory or inculpatory.
  • Baker testified to Congress he did believe Sussmann was representing a client (meaning Baker will be used to discredit Baker, the one witness to Sussmann’s alleged lie).
  • Even in Bill Priestap’s nearly-contemporaneous notes which are the only documentation of Sussmann’s comments, he describes Sussmann as Hillary’s lawyer (including for the Clinton Foundation, which may be incorrect), so FBI knew full well that Sussmann represented Hillary.
  • Priestap’s notes may be inadmissible hearsay at trial.

The NYT article predicting these charges also claim Durham is conflating Sussmann’s tracking of his hourly work with the actual money charged to the Hillary campaign.

Moreover, internal billing records Mr. Durham is said to have obtained from Perkins Coie are said to show that when Mr. Sussmann logged certain hours as working on the Alfa Bank matter — though not the meeting with Mr. Baker — he billed the time to Mrs. Clinton’s 2016 campaign.

[snip]

They are also said to have argued that the billing records are misleading because Mr. Sussmann was not charging his client for work on the Alfa Bank matter, but needed to show internally that he was working on something. He was discussing the matter with Mr. Elias and the campaign paid a flat monthly retainer to the firm, so Mr. Sussmann’s hours did not result in any additional charges, they said.

There are a number of other ways that Sussmann’s presumably well-funded defense will combat these charges. But as to the allegation buried amid all these details, Durham’s evidence is weak.

Durham’s materiality broadcasts his bid for a ConFraudUS conspiracy

But that’s not what this is about.

Durham is not just alleging that Sussmann was hiding that he was working for Hillary. He is also claiming that Sussmann was at the same time representing TE-1 at that meeting. In the indictment, I think that’s based on a single data point — that Sussmann billed TE-1’s company for “communications regarding confidential project” on September 14. I’m not sure whether that makes the false statements case still weaker or stronger.

But it’s a key part of where Durham obviously wants to go.

Not only are many of the details Durham included in the indictment irrelevant to the false statements charge, but if they were crimes by themselves, they would have been tolled under any five year statute of limitations already. There are only two conceivable purposes for including them in this indictment. First, to give the Alfa Bank Oligarchs more cause to sue more people, effectively a US prosecutor assisting Russians in cynical lawfare. Durham’s investigation incorporates stuff the Oligarchs have already liberated, so is itself derivative of Russian lawfare. Effectively, that means that a prosecutor working for Bill Barr’s DOJ pursued a prosecution that was complementary to an intelligence-related effort by foreigners who pay Kirkland & Ellis a lot of money. Sussmann will have real cause to question whether Brian Benczkowski (who recused from matters involving this aspect of Alfa Bank) or any other Kirkland & Ellis lawyer had a role in this strand of the investigation.

Then there’s the most obvious way to extend the statute of limitations on the events that happened in July and August 2016: to include them in a conspiracy that continued after those dates (and indeed, Durham refers to Elias, Researcher 1 and 2, and Tea Leaves in the way DOJ often uses to refer to charged or uncharged co-conspirators).

Given the extended statement Durham includes to explain why Sussmann’s alleged lie is material under the charged statute, that’s undoubtedly where Durham wants to head with his investigation.

SUSSMANN’s lie was material because, among other reasons, SUSSMANN’s false statement misled the FBI General Counsel and other FBI personnel concerning the political nature of his work and deprived the FBI of information that might have permitted it more fully to assess and uncover the origins of the relevant data and technical analysis, including the identities and motivations of SUSSMANN’s clients.

Had the FBI uncovered the origins of the relevant data and analysis and as alleged below, it might have learned, among other things that (i) in compiling and analyzing the Russian Bank-1 allegations, Tech Executive-1 had exploited his access to non-public data at multiple Internet companies to conduct opposition research concerning Trump; (ii) in furtherance of these efforts, Tech Executive-1 had enlisted, and was continuing to enlist, the assistance of researchers at a U.S.-based university who were receiving and analyzing Internet data in connection with a pending federal government cybersecurity research contract; and (iii) SUSSMAN, Tech Executive-1, and Law Firm-1 had coordinated, and were continuing to coordinate, with representatives and agents of the Clinton Campaign with regard to the data and written materials that Sussmann gave to the FBI and the media.

Don’t get me wrong. This will clearly pass the incredibly low standard for materiality under existing precedent. Though Sussmann will surely make much of citing the invented standard Billy Barr used to try to dismiss the Mike Flynn prosecution, which first requires the investigation in question to be legitimate.

The Government is not persuaded that the January 24, 2017 interview was conducted with a legitimate investigative basis and therefore does not believe Mr. Flynn’s statements were material even if untrue. Moreover, we not believe that the Government can prove either the relevant false statements or their materiality beyond a reasonable doubt.

[snip]

In any event, there was no question at the FBI as to the content of the calls; the FBI had in its possession word-for-word transcripts of the actual communications between Mr. Flynn and Mr. Kislyak. See Ex. 5 at 3; Ex. 13. at 3. With no dispute as to what was in fact said, there was no factual basis for the predication of a new counterintelligence investigation. Nor was there a justification or need to interview Mr. Flynn as to his own personal recollections of what had been said. Whatever gaps in his memory Mr. Flynn might or might not reveal upon an interview regurgitating the content of those calls would not have implicated legitimate counterintelligence interests or somehow exposed Mr. Flynn as beholden to Russia.

If DOJ had no interest in figuring out whether Trump was undermining sanctions to pay off a quid pro quo, they sure as hell have no interest in launching a 3-year investigation to figure out the tie between these allegations and Hillary that was obvious to Priestap in real time, particularly given how quickly the FBI dismissed the allegations in 2017 and given that the allegations are not publicly known to have had a tie to their larger Russian investigation.

Still, while Durham will have no trouble proving Sussmann’s claimed lie meets the standards of materiality, Durham’s claims for it are ridiculous.

It’s a load of horseshit that FBI would have treated this tip any differently — which amounted to investigating it, alerting the press there was nothing to it, then dismissing it pretty quickly, as far as is public — if they knew that Sussmann was formally being paid at that meeting by Hillary, if he in fact was. Priestap knew Sussmann was representing Hillary and said as much in the best evidence Durham has! In fact, FBI’s warning to the NYT about this story in October could be presented as evidence that FBI already incorporated an assumption this came from Hillary.

Likewise, it’s a load of horseshit that FBI couldn’t know that the Bureau needed to ID the researchers behind the project. If I was able to figure that was important out before the 2016 election, and I did, then the experts at the FBI surely figured that out.

But what Durham’s materiality statement emphasizes — what Durham claims Sussmann intended to hide with his claimed lie — is that, “researchers at a U.S.-based university … were receiving and analyzing Internet data in connection with a pending federal government cybersecurity research contract.” That’s the significance of ¶¶23a through e of the indictment, which describe how TE-1 provided data that included some from an Executive Branch office of the U.S. government, which his company had obtained “as a sub-contractor in a sensitive relationship between the U.S. government and another company,” to the university at which Researcher 1 and 2 were working, and both with his university researcher allies and employees of his own company, he tasked people to research Donald Trump. Durham is suggesting that subset of data taints the whole pool that TE-1 shared, making it a Federal interest.

It’s not just that Durham is working on a theory that Sussmann deliberately dealt garbage to the FBI (which GOP sources also did on the Clinton Foundation) while trying to hide that fact. It’s that data originally sourced from the government was used in doing that research.

It’s actually the kind of argument that DOJ prosecutors typically succeed with. Except it’s all premised on proving that Sussman was trying to hide all this in his meeting with Baker. Even if the evidence surrounding the meeting weren’t so flimsy, this is another degree of motive that Durham is straining mightily to make.

Durham needs Sussmann to have lied, because a deliberate attempt to obscure the rest is necessary for his “storyline.” His evidence that Sussmann lied — much less, deliberately — is shoddy. But if he can’t get that, then his hopes for a larger “narrative” collapse.

The parts of the story Durham doesn’t tell

That becomes more clear when you consider some details that Durham doesn’t include in his indictment.

Two details that were public to everyone involved make it clear why Durham’s silence about the exact dates in July when this operation started is so corrupt.

On July 22, WikiLeaks published emails that were at the time believed and since have been confirmed by the FBI to have been hacked by Russia. Durham hides the dates in July when many of these events transpired, but everything he includes suggests this activity post-dated the time when WikiLeaks published stolen emails and the entire security community in the US, surely including every researcher mentioned in this story, coalesced on the belief that Russia was the culprit. Durham refers to Russia’s attack on Hillary (and therefore on the US) inaccurately as, “the hacking of its email servers by the Russian government” and “a hack” (the hack went well beyond just email and continued through the period of Sussmann’s meeting with Baker). But, amazingly, Durham’s “narrative” doesn’t account for the fact that Hillary was targeted not just with an attack but with an information operation. And the timeline he presents here affirmatively hides that these events took place after the entire security community understood that there was an information operation aspect to the attack.

Then, on July 27, Trump gave a press conference in Florida where he said numerous things that make all the actions of Sussmann and others justifiable on national security grounds. First, Trump raised doubts about the Russian attribution of the DNC hack that, by that point in July, was the consensus among national security experts, undoubtedly including every tech expert mentioned in this indictment.

I watched this guy Mook and he talked about we think it was Russia that hacked. Now, first of all was what was said on those that’s so bad but he said I watched it. I think he was live. But he said we think it was Russia that hacked.

And then he said — and this is in person sitting and watching television as I’ve been doing — and then he said could be Trump, yeah, yeah. Trump, Trump, oh yeah, Trump. He reminded me of John Lovitz for “Saturday Night Live” in the liar (ph) where he’d go yes, yes, I went to Harvard, Harvard, yes, yes. This is the guy, you have to see it. Yes, it could be Trump, yes, yes. So it is so farfetched. It’s so ridiculous. Honestly I wish I had that power. I’d love to have that power but Russia has no respect for our country.

And that’s why — if it is Russia, nobody even knows this, it’s probably China, or it could be somebody sitting in his bed. But it shows how weak we are, it shows how disrespected we are. Total — assuming it’s Russia or China or one of the major countries and competitors, it’s a total sign of disrespect for our country. Putin and the leaders throughout the world have no respect for our country anymore and they certainly have no respect for our leader. So I know nothing about it.

Trump then offered his bullshit explanation for why he wouldn’t release his tax returns, framing it in terms of whether he had business ties to Russia.

TRUMP: Because it’s under order. And I’ll release them when the audits completed. Nobody would release when it’s under — I’ve had audits for 15 or 16 years. Every year I have a routine audit. I’m under audit, when the audits complete I’ll release them. But zero, I mean I will tell you right now, zero, I have nothing to do with Russia, yes?

Trump then said the nation-state hack of his opponent wasn’t the important thing, the content of the emails that were released was, thereby encouraging the press to participate in the information operation aspect of this attack.

He already did something today where he said don’t blame them, essentially, for your incompetence. Let me tell you, it’s not even about Russia or China or whoever it is that’s doing the hacking. It was about the things that were said in those e-mails. They were terrible things, talking about Jewish, talking about race, talking about atheist, trying to pin labels on people — what was said was a disgrace, and it was Debbie Wasserman Schultz, and believe me, as sure as you’re sitting there, Hillary Clinton knew about it. She knew everything.

Trump then asked Russia to further hack his opponent.

Russia, if you’re listening, I hope you’re able to find the 30,000 e-mails that are missing.

Trump then doubled down on the comment he made about his taxes, assuring the press that he had “zero” business ties with Russia.

TRUMP: No, I have nothing to do with Russia, John (ph). How many times do I have say that? Are you a smart man? I have nothing to with Russia, I have nothing to do with Russia.

And even — for anything. What do I have to do with Russia? You know the closest I came to Russia, I bought a house a number of years ago in Palm Beach, Florida.

Palm Beach is a very expensive place. There was a man who went bankrupt and I bought the house for $40 million and I sold it to a Russian for $100 million including brokerage commissions. So I sold it. So I bought it for 40, I told it for 100 to a Russian. That was a number of years ago. I guess probably I sell condos to Russians, OK?

QUESTION: (OFF-MIKE)

TRUMP: Of course I can. I told you, other than normal stuff — I buy a house if I sold it to a Russian. I have nothing to do with Russia. I said that Putin has much better leadership qualities than Obama, but who doesn’t know that?

QUESTION: (OFF-MIKE)

TRUMP: Of course not. I own the Trump organization. Zero, zero. Go ahead.

Trump then reiterated his claim that no one could attribute the DNC hack to Russia.

TRUMP: No, but they seem to be, if it’s Russians. I have no idea. It’s probably not Russia. Nobody knows if it’s Russia. You know the sad thing is? That with the technology and the genius we have in this country, not in government unfortunately, but with the genius we have in government, we don’t even know who took the Democratic National Committee e-mails. We don’t even know who it is.

I heard this morning, one report said they don’t think it’s Russia, they think it might be China. Another report said it might be just a hacker, some guy with a 200 I.Q. that can’t get up in the morning, OK? Nobody knows. Honestly they have no idea if it’s Russia. Might be Russia. But if it’s any foreign country, it shows how little respect they have for the United States. Yes, ma’am.

Finally, Trump also stated that he would consider lifting sanctions on Russia.

QUESTION: I would like to know if you became president, would you recognize (inaudible) Crimea as Russian territory? And also if the U.S. would lift sanctions that are (inaudible)?

TRUMP: We’ll be looking at that. Yeah, we’ll be looking.

Each of these comments, individually, would have raised eyebrows. The same comments, made by an American citizen, would equally have raised alarms among those committed to cybersecurity.

But for a presidential candidate to encourage the hostile nation-state information operation targeting his opponent, then ask the hostile nation-state to further target her, in conjunction with the repeated denials of any business ties to Russia raised real, legitimate questions about whether Trump was putting his own interests above the national security of the country.

You might excuse Durham for excluding this from his indictment because after all he was busy indicting a ham sandwich based on hearsay evidence he might be able to exclude these facts at trial. Except that an August 20 comment from TE-1 that Durham quotes in his indictment may be a direct reference to (and at the least incorporates knowledge of) this press conference.

Trump has claimed he and his company have had NO dealings with .ru other than the failed Casino, and the Miss universe pageant. He claims absolutely NO interaction with any financial institutions. So any potential like that would be jackpot.

That is, Durham included what appears to be a reference to the July 27 press conference. It appears (though Durham obscures this point) that all the actions laid out in this indictment post-date the press conference. Virtually everyone in the US committed to ensuring America’s national security was alarmed by Trump’s comments in this press conference. Yet Durham doesn’t acknowledge that all these actions took place in the wake of public comments that made it reasonable for those committed to cybersecurity to treat Donald Trump as a national security threat, irrespective of partisan affiliation.

Durham will work hard to exclude detail of Trump’s press conference from trial. But I assume that if any of the named subjects of this investigation were to take the stand at trial, they would point out that it was objectively reasonable after July 27 to have national security concerns based on Trump’s encouragement of Russia’s attack on Hillary Clinton and his defensive denials of any business ties. Any of the named subjects of the indictment would be able to make a strong case that there was reason to want to, as a matter of national security, test Trump’s claim to have no financial ties to Russia. Indeed, the bipartisan SSCI Report concluded that Trump posed multiple counterintelligence concerns, and therefore has concluded that Durham’s portrayal of politics as the only potential motive here to be false.

Central to Durham’s theory of prosecution is that there was no sound national security basis to respond to anomalous forensic data suggesting a possible financial tie between Trump and Russia. Except that, after that July 27 speech — and all of these events appear to post-date it — that theory is unsustainable.

The parts of the story Durham doesn’t tell

And not only was it objectively reasonable to test whether Trump’s claims to have “zero” business ties to Russia were false, but those suspecting that Trump was hiding such ties were, in fact, correct.

According to Michael Cohen, when Trump walked off the stage from that July 27 press conference, Cohen asked Trump why he had claimed that he had zero business ties with Russia when he had in fact been pursuing an impossibly lucrative deal to brand a Trump Tower in Moscow. And we now know that within hours of Trump’s request, GRU hackers made a renewed assault on Hillary’s own servers. By the time security researchers pursued anomalous data suggesting covert communications with a Russian bank, Cohen had already participated in discussions about working with two sanctioned Russian banks to fund the Trump Tower deal, had agreed to work with a former GRU officer to broker it, had spoken to an aide of Dmitry Peskov, and had been told that Putin was personally involved in making the deal happen. Just on the Trump Tower basis alone, Trump had publicly lied in such a way that posed a counterintelligence risk to America.

But that was not the only thing that Trump had done by the date when a bunch of security researchers responded to anomalous forensic data to test whether Trump was hiding further ties to Russia’s attack on Hillary Clinton.

In March, Trump hired Paul Manafort, a financially desperate political operative with close ties to a Russian intelligence officer, Konstantin Kilimnik, who (SSCI provided three redacted examples of) may have been involved in the hack-and-leak operation. In April, Manafort started leveraging his relationship with Trump to try to make money. In May, Manafort started regularly sending Kilimnik the campaign’s internal polling data. All that happened before researchers started testing Trump’s claims to have had no tie to Russia. On July 28, Kilimnik emailed Manafort to set up a meeting to talk about the future of Ukraine. Just days after the researchers started the inquiry, on August 2, Manafort met with Kilimnik to discuss carving up Ukraine in the same meeting where he described his strategy to win the election.

In April, an academic with close ties to Russia, Joseph Mifsud, told an unqualified braggart whom Trump had added to his team to pretend he had a foreign policy plan, George Papadopoulos, that Russia had thousands of Hillary’s emails that they intended to release to help Trump.

In May, according to Rick Gates’ testimony, Roger Stone started claiming he had advance knowledge of what would become the WikiLeaks releases. On or about June 15, per Gates, Stone told him that “he had contact with Guccifer 2.” According to a warrant affidavit targeting Stone, he searched Google on “Guccifer” before the Guccifer website went up that day. On June 23, Manafort called Stone and then the two old friends met for 30 minutes in the Trump cafeteria. On June 30, Stone spoke to Trump. According to multiple sources (including Michael Cohen), Stone knew of the DNC drop before it happened.

In June, Don Jr accepted a meeting with Natalia Veselnitskaya at which he believed he would get dirt on Hillary Clinton. At the meeting, Veselnitskaya asked Don Jr to end sanctions on Russia, and the candidate’s son said his dad would reconsider it if he won.

In short, the researchers who, in the wake of Trump’s damning comments, were testing whether Trump had lied about having ties to Russia, not only had objectively reasonable reasons to do that research. But their suspicions were proven correct, over and over again.

Durham describes the outcome of the FBI investigation into the allegations this way:

The FBI’s investigation of these allegations nevertheless concluded that there was insufficient evidence to support the allegations of a secret communications channel with Russian Bank-1. In particular, and among other things, the FBI’s investigation revealed that the email server at issue was not owned or operated by the Trump Organization but, rather, had been administered by a mass marketing email company that sent advertisements for Trump hotels and hundreds of other clients.

Nothing here suggests the FBI disproved that this was an anomaly.

And there’s one more detail that Durham didn’t include in the Sussmann indictment: on July 26, Australia first shared their report about what George Papadopoulos told Alexander Downer in May. The next day, July 27, the FBI Legat in the UK got the tip. On July 31 — before the substantive research into the Alfa Bank allegation began — the FBI opened an UNSUB investigation into who got advance warning about the Russian operation and shared it with George Papadopoulos. In other words, by hiding the dates when Tea Leaves first discovered the anomalous data, Durham is hiding not just the damning things that publicly happened before the Alfa Bank operation got started, but probably details about the tip that turned into the Crossfire Hurricane investigation.

In the wake of the Sussmann indictment, the usual Russian denialists have claimed that this proves that what they call “Russiagate” was all a fraud.

Such claims defy the rules of physics, suggesting that events that happened after the FBI opened an investigation to learn how and why the Trump campaign (via three channels, as it turns out) learned of the Russian attack in advance were in fact the cause of it.

It is likely that Durham will be able to exclude all these details from a Michael Sussmann trial, at least if it remains just a false statements case. He will be able to convince Judge Christopher Cooper, who is presiding over the case, that this information — that the researchers not only had reason to believe Trump presented a cybersecurity risk to the country, but that the researchers turned out to be right, and that FBI had itself determined there was reason to carry out the same kinds of investigations that the researchers did, possibly before any one of them took a single step — is irrelevant to the case against Sussmann. But if Durham charges ConFraudUS based on a claim that it was illegitimate to look into why Donald Trump was inviting Russia to hack his opponent, it will become centrally important that, before these researchers started conducting their investigation, the FBI had likewise decided such an investigation had merit.

The Alfa Bank story was sleazy and unethical. But it was still, nevertheless, an instance where someone representing the victim of a nation-state attack attempted to chase down information that may have pertained to that nation-state attack.

John Durham will go down in history as the guy who decided that torturing detainees, even in excess of legal guidance, was not a crime, but a victim sharing concerns about nation-state hacking is.

Update: It’s likely that Richard Burt was one of the people investigated as part of this effort. Per the Mueller Report, he was the person Petr Aven asked to establish a tie with Trump’s transition in 2016.

After the December 2016 all-hands meeting, A ven tried to establish a connection to the Trump team. A ven instructed Richard Burt to make contact with the incoming Trump Administration. Burt was on the board of directors for LetterOne (L 1 ), another company headed by Aven, and had done work for Alfa-Bank. 1169 Burt had previously served as U.S. ambassador to Germany and Assistant Secretary of State for European and Canadian Affairs, and one of his primary roles with Alfa-Bank and Ll was to facilitate introductions to business contacts in the United States and other Western countries. 1170

While at a L1 board meeting held in Luxembourg in late December 2016, Aven pulled Burt aside and told him that he had spoken to someone high in the Russian government who expressed interest in establishing a communications channel between the Kremlin and the Trump Transition Team. 1171 Aven asked for Burt’s help in contacting members of the Transition Team. 1172 Although Burt had been responsible for helping Aven build connections in the past, Burt viewed Aven’s request as unusual and outside the normal realm of his dealings with Aven. 1173

Burt, who is a member of the board of CNI (discussed at Volume I, Section IV.A.4, supra), 1174 decided to approach CNI president Dimitri Simes for help facilitating A ven’ s request, recalling that Simes had some relationship with Kushner. 1175 At the time, Simes was lobbying the Trump Transition Team, on Burt’s behalf, to appoint Burt U.S. ambassador to Russia.1176

Burt contacted Simes by telephone and asked if he could arrange a meeting with Kushner to discuss setting up a high-level communications channel between Putin and the incoming Administration. 1177 Simes told the Office that he declined and stated to Burt that setting up such a channel was not a good idea in light of the media attention surrounding Russian influence in the U.S. presidential election. 1178 According to Simes, he understood that Burt was seeking a secret channel, and Simes did not want CNI to be seen as an intermediary between the Russian government and the incoming Administration. 1179 Based on what Simes had read in the media, he stated that he already had concerns that Trump’s business connections could be exploited by Russia, and Simes said that he did not want CNI to have any involvement or apparent involvement in facilitating any connection. 118

Update: Corrected scope of Benczkowski’s recusal. His should cover the server issue (and Alfa Bank issues for the first two years he was CRM).

Update: Brian Krebs wrote a post laying out all the people who still believe there’s something going on technically. I don’t think that’s inconsistent, at all, with this one. As noted, everyone who looked at this believes it’s an anomaly. What I keep pointing to is the aftermath of that anomaly got Alfa Bank to act in a certain way that is consistent with Putin’s interests. Krebs notes that it has also led to a lot of scrutiny of security researchers in the US, not unlike the way the aftermath of the Steele dossier discredited most top Russian experts in the US government.

Update: This transcript of Preet Bharara and Joyce Vance discussing the many weaknesses of the Durham indictment largely replicates what I’ve laid out here but is worth a review.

Share this entry