Posts

The Methodology of Andrew DeFilippis’ Elaborate Plot to Break Judge Cooper’s Rules

Please donate to help defray the cost of trial transcripts. As most of you know, I now live in Ireland. I had considered traveling to DC to cover the Sussmann trial but have issues I need to deal with here. So I’m hoping to cover as much of it as I can (with an obvious delay) via trial transcripts. But they are expensive! So if you appreciate this coverage, please consider a one-time  or recurring donation to defray the cost of transcripts. Thanks!

When Michael Sussmann attorney Sean Berkowitz was walking FBI Agent Scott Hellman through the six meetings he had with Durham’s team on Tuesday — meetings he first had as a witness about the investigation into the Alfa Bank allegations and later in preparation for his trial testimony — Berkowitz asked Hellman about how, sometime earlier this year, Andrew DeFilippis and Jonathan Algor asked him whether he could serve as their DNS expert for the trial.

Q And then, more recently, you met with Mr. DeFilippis and I think Johnny Algor, who is also at the table here, who’s an Assistant U.S. Attorney. Correct?

A. Yes.

Q. They wanted to talk to you about whether you might be able to act as an expert in this case about DNS data?

A. Correct.

To Hellman’s credit, he told Durham’s prosecutors — who have been investigating matters pertaining to DNS data for two years — that he only had superficial knowledge of DNS and so wasn’t qualified to be their expert.

Q. You said, while you had some superficial knowledge, you didn’t necessarily feel qualified to be an expert in this case, correct, on DNS data?

A. On DNS data, that’s correct.

It wasn’t until the third day of trial before Durham’s team presented any evidence about the alleged crime. Instead, Durham’s first two witnesses were their nominal expert, David Martin, and Hellman, who told Durham he wasn’t an expert but who offered opinions he neither had the expertise to offer nor had done the work to substantiate.

That’s important, because DeFilippis used him to provide an opinion only an expert should give. And virtually everything about his testimony — his claim to have relied on the data in the materials without looking at the thumb drives, an apparently made up claim about the timing of the analysis, and behaviors that the FBI normally finds suspicious — suggest he’s not only not a DNS expert qualified to assess this report, but his assessment of the white paper Sussmann shared also suffers from serious credibility issues.

The battle over an expert

The testimony of the nominal expert, David Martin, was remarkably nondescript, particularly given the fight that led up to his testimony. Durham’s team sprung even having an expert on Sussmann at a really late date: on March 30, after months of blowing off Sussmann’s inquiries if they would. Not only did they want Martin to explain to the jury what DNS and Tor are, Durham’s team explained, but they also wanted him to weigh in on the validity of conclusions drawn by researchers who had found the anomaly.

  • the authenticity vel non of the purported data supporting the allegations provided to the FBI and Agency-2;
  • the possibility that such purported data was fabricated, altered, manipulated, spoofed, or intentionally generated for the purpose of creating the false appearance of communications;
  • whether the DNS data that the defendant provided to the FBI and Agency-2 supports the conclusion that a secret communications channel existed between and/or among the Trump Organization, Alfa Bank, and/or Spectrum Health;

[snip]

  • the validity and plausibility of the other assertions and conclusions set forth in the various white papers that the defendant provided to the FBI and Agency-2;

As Sussmann noted in his motion to limit Martin’s testimony, he didn’t mind the testimony about DNS and Tor. He just didn’t want this trial to be about the accuracy of the data, especially without the lead time to prepare his own expert.

As the Government has already disclosed to the defense, should the defense attempt to elicit testimony surrounding the accuracy and/or reliability of the data that the defendant provided to the FBI and Agency-2, Special Agent Martin would explain the following:

  • That while he cannot determine with certainty whether the data at issue was cherry-picked, manipulated, spoofed or authentic, the data was necessarily incomplete because it was a subset of all global DNS data;
  • That the purported data provided by the defendant nevertheless did not support the conclusions set forth in the primary white paper which the defendant provided to the FBI;
  • That numerous statements in the white paper were inaccurate and/or overstated; and
  • That individuals familiar with these relevant subject areas, such as DNS data and TOR, would know that such statements lacked support and were inaccurate and/or overstated.

Based off repeated assurances from Durham that they weren’t going to make accuracy an issue in their case in chief, Judge Cooper ruled that the government could only get into accuracy questions if Sussmann tried to raise the accuracy of the data himself. But if he said he relied on the assurances of Rodney Joffe, it wouldn’t come in.

The government suggests that Special Agent Martin’s testimony may go further, depending on what theories Sussmann pursues in cross-examination or his defense case. Consistent with its findings above, the Court will allow the government’s expert to testify about the accuracy (or lack thereof) of the specific data provided to the FBI here only in certain limited circumstances. In particular, if Sussmann seeks to establish at trial that the data were accurate, and that there was in fact a communications channel between Alfa Bank and the Trump Campaign, expert testimony explaining why this could not be the case will become relevant. But, as the Court noted above, additional testimony about the accuracy of the data—expert or otherwise—will not be admissible just because Mr. Sussmann presents evidence that he “relied on Tech Executive-1’s conclusions” about the data, or “lacked a motive to conceal information about his clients.” Gov’s Expert Opp’n at 11. As the Court has already explained, complex, technical explanations about the data are only marginally probative of those defense theories. The Court will not risk confusing the jury and wasting time on a largely irrelevant or tangential issue. See United States v. Libby, 467 F. Supp. 2d 1, 15 (D.D.C. 2006) (excluding evidence under Rule 403 where “any possible minimal probative value that would be derived . . . is far outweighed by the waste of time and diversion of the jury’s attention away from the actual issues”).

Then, days before the trial, the issue came up again. Durham sent a letter on May 6 (ten days before jury selection), raising a bunch of new issues they wanted Martin to raise. Sussmann argued that Durham was trying to expand the scope of what his expert could present. Among his complaints, Sussmann argued that Durham was trying to make a materiality argument via his expert witness.

Third, the Special Counsel apparently intends to offer expert testimony about the materiality of the false statement alleged in this case. Indeed, the Special Counsel’s supplemental topic 9 regarding the importance of considering the collection source of DNS data is plainly being offered to prove materiality. But the Special Counsel did not disclose this topic in either his initial expert disclosure or Opposition, and the Court’s ruling did not permit such testimony. The Special Counsel should not now be allowed to offer an entirely new expert opinion under the guise of eliciting testimony regarding the types of conclusions that can be drawn from a review of DNS data.

Judge Cooper considered the issue Tuesday morning, before opening arguments. When asking why Martin had to present the concept of visibility, DeFilippis explained that Hellman–the Agent who’s not an expert on DNS but whom DeFilippis nevertheless had asked to serve as an expert on DNS–would talk about the import of knowing visibility to assess data.

THE COURT: Well, but isn’t the question here whether a case agent — is your case agent later going to testify that that was something that the FBI looked at or wanted to look at in this case and was unable to do so, and that that negatively affected the FBI’s investigation in some way? MR.

DeFILIPPIS: Yes, and I expect Special Agent Hellman, who will testify likely today, Your Honor, I expect that that is a concept that he will say was relevant to the determination that — determinations he was making as he drafted analysis of the data that came in. And, again, I don’t think we — for example, another way in which this comes up is that the FBI routinely receives DNS data from various private companies who collect that data, and it is always relevant sort of the breadth of visibility that those companies have. So it’s relevant generally, but also in this particular case the fact that the FBI did not have insight into the visibility or lack of visibility of that data certainly affected steps that the FBI took.

THE COURT: Okay. But Mr. Sussman has not been accused of misrepresenting who the source is. He’s simply — but rather who the client is. So how do you link that to the materiality of the alleged false statement?

MR. DeFILIPPIS: Because, Your Honor, I think we view them as intertwined. It was because — it was in part because Mr. Sussman said he didn’t have a client that made it more difficult for the FBI to get to the bottom of the source of this data or made it less likely they would, and so — and, again, I don’t think we expect to dwell for a long time on this, but I think the agents and the technical folks will say that that is part of why the origins of the data are extremely relevant when they took investigative steps here.

When Cooper noted Sussmann’s objection to Martin discussing possible spoofing of data, DeFilippis again answered not about what Martin would testify, but what Hellman would.

As DeFilippis explained, he claimed to believe that under Cooper’s ruling, the government could put in any little thing they wanted that they claimed had been part of the investigation.

And Special Agent Hellman, when he testifies today — now, Your Honor’s ruling we understand to permit us to put into evidence anything about what the FBI analyzed and concluded as its investigation unfolded because that goes to the materiality of the defendant’s statement. So Special Agent Hellman — through Agent Hellman we will offer into evidence a paper he prepared when the data first came in, and among its conclusions is that the data might — he doesn’t use the word “spoof” — but might have been intentionally generated and might have been fabricated. That was the FBI’s initial conclusion in what it wrote up.

So in order for the jury to understand the course of the FBI’s investigation and the conclusions that it drew at each stage, those concepts are at the center of it.

[snip]

MR. DeFILIPPIS: Okay. Your Honor, I’m sorry. We understood your ruling to be that the FBI’s conclusions as it went along were okay as long as we weren’t asserting the conclusion that it was, in fact, fabricated. You know, I mean, it’s difficult to chart the course of the FBI’s investigation unless we can elicit at each stage what it is that the FBI concluded.

Judge Cooper ordered that references to spoofing be removed — leading to a last minute redaction of an exhibit — but permitted a discussion of visibility to come in.

After all that fight, Martin’s testimony was not only bland, but it was recycled powerpoint. He not only admitted lifting the EFF description of Tor for his PowerPoint, but he included their logo.

Hellman delivers the non-expert expert opinion Durham was prohibited from giving

As I said, Martin was witness number one, Hellmann — the self-described non-expert in DNS — was witness number two.

Even though Hellman admitted, again, that he’s not a DNS expert, DeFilippis still had him go over what DNS is.

Q. How familiar or unfamiliar are you with what is known as DNS or Domain Name System data?

A. I know the basics about DNS.

Q. And in your understanding, on a very basic level, what is DNS?

A. DNS is basically how one computer would try and communicate with another computer.

After getting Hellman to explain how he purportedly got chain of custody signatures on September 20, 2016 for the materials Michael Sussmann dropped off with James Baker on September 19, DeFilippis walked Hellman through how, he claimed, he had concluded that the allegations Sussmann dropped off were unsupported. Hellman reviewed the data accompanying the white paper, Durham’s star cybersecurity witness claimed on the stand, and after reviewing that data, determined there was no allegation of a hack in the materials and therefore nothing for the Cyber Division to look at. And, as a report he wrote “within a day” summarized, he concluded the methodology was horrible.

As you read the following exchange, know that (as I understand it) some, if not most, of what Hellman describes the methodology to be is wrong. Obviously, if Hellman’s understanding of the methodology is wrong, then the opinion that DeFilippis elicits from a guy who admitted he was not an expert on DNS but whom DeFilippis nevertheless asked to serve as his expert witness on DNS before inviting David Martin in to present slides lifted from the Electronic Frontier Foundation instead [Takes a breath] … If Hellman’s understanding of the methodology and the data he’s looking at is wrong, then his opinion about the methodology is going to be of little merit.

With that understanding, note the objection of Sean Berkowitz, who fought DeFilippis’ late hour addition of an expert that DeFilippis wanted to use to opine on the validity of the research, bolded below.

So we looked at the top part, which set out your top-line conclusion. You then have a portion of the paper that says, “The investigators who conducted the research appear to have done the following.” Now, Special Agent Hellman, it appears to be a pretty technical discussion, but can you just tell us, in that first part of the paper, what did you set out and what did you conclude?

A. It looks to be that they were looking for domains associated with Trump, and the way that they did that was they looked at a list of sort of all domains and looked for domains that had the word “Trump” in them as a way to narrow down the number of domains they were looking at.

And then they wanted to find, well, which of that initial set of Trump domains, which of them are email servers associated with those domains. And the way they did that was to search for terms associated with email, like “mail” or other email-related terms to then narrow down their list of domains even further to be Trump-associated domains that were email servers.

Q. And did you opine on the soundness of that methodology? In other words, did you express a view as to whether this was a good way to go about this project?

A. We did not — I did not feel that that was the most expeditious way to go about identifying email servers associated with the domain.

Q. And why was that?

A. You can name an email server anything you want. It doesn’t have to have the words “mail” or “SMTP” in it. And so by — if you’re just searching for those terms, I would wager to guess you would miss an actual email server because there are other — there are other more technical ways that you can use — basically look-up tools, Internet look-up tools where you can say, for any domain, tell me the associated email server. That’s essentially like a registered email server. But the way that they were doing it was they were just looking for key terms, and I think that it just didn’t make sense to me why they would go about identifying email servers that way as opposed to just being able to look them up.

Q. Was there anything else about the methodology used here by the writer or writers of this paper that you found questionable or that you didn’t agree with?

A. I think just the overall assumptions that were being made about that the server itself was actually communicating at all. That was probably one of the biggest ones.

Q. And what, if anything, did you conclude about whether you believed the authors of the paper or author of the paper was fairly and neutrally conducting an analysis? Did you have an opinion either way?

MR. BERKOWITZ: Objection, Your Honor.

THE COURT: Basis?

MR. BERKOWITZ: Objection on foundation. He asked him his opinion. He’s not qualified as an expert for that.

THE COURT: I’ll overrule it.

A. Sorry, can you please repeat the question?

Q. Sure. Did you draw a conclusion one way or the other as to whether the authors of this paper seemed to be applying a sound methodology or whether, to the contrary, they were trying to reach a particular result? Did you —

A. Based upon the conclusions they drew and the assumptions that they made, I did not feel like they were objective in the conclusions that they came to.

Q. And any particular reasons or support for that?

A. Just the assumption you would have to make was so far reaching, it didn’t — it just didn’t make any sense.

That’s how, as his second witness, Andrew DeFilippis introduced the opinion of a guy who admitted he wasn’t an expert on DNS that DeFilippis had asked to serve as an expert even though DeFilippis should have known that he didn’t have the expertise to offer expert opinions like this.

If Sussmann is found guilty, I would bet a great deal of money this stunt will be one part of a several pronged appeal, because Judge Cooper permitted DeFilippis to do precisely what Cooper had prohibited him from doing before trial, and he let him do it with a guy who by his own admission is not a DNS expert.

Cyber Division reaches a conclusion without looking at the thumb drives

Now let’s look at what Hellman describes his own methodology to be.

First, it was quick. DeFilippis seems to think that serves his narrative, as if this stuff was so crappy that it took a mere glimpse to discredit it.

Q. Special Agent Hellman, how long would you say it took you and Special Agent Batty to write this up?

A. Inside of a day.

Q. Inside of a day, you said?

Berkowitz walked Hellman through the timeline of it, and boy was it quick. There’s some uncertainty about this timeline, because John Durham’s office doesn’t feel the need to make clear whether exhibits they’re turning over in discovery reflect UTC or ET. But I think I’ve laid it out below (Berkowitz got it wrong in cross-examination, which DeFilippis used to attack his analysis).

As you can see, not only were FBI’s crack cybersecurity agents making a final conclusion about the data within a day but — by all appearances — they did so before they had ever looked at the thumb drives included with the white papers. From the record, it’s actually not clear when — if!!! — they looked at the thumb drives. But it’s certain they had their analysis finalized no more than one working day after they admitted they hadn’t looked at the thumb drive, which was itself after they had already decided the white paper was shit.

Timeline

September 20, 10:20PM: Nate Batty tells Jordan Kelly they’ll come from Chantilly to DC get the thumb drives

September 20, 10:31PM: Jordan Kelly tells Batty the chain of custody is “Sussman to Strzock to Sporre”

September 20, 12:29PM: Hellman and Nate Batty accept custody of the thumb drives

September 20, 1:30PM: Hour drive back to Chantilly, VA

September 20, 4:44PM: Hellman appears to explain the process of picking up the thumb drives to jrsmith, claiming to have spoken to Baker on the phone. jrsmith jokes about “doctor[ing] a chain of evidence form.”

September 20, 4:58: Hellman says the more he reads the report “it feels a little 5150ish,” suggesting (as he explained to Berkowitz on cross) the authors suffered from a mental disability, and Batty responds complains that “it contains an absurd quantity of data … inserted to overwhelm and confuse the reader.”

September 21, 8:47AM: Batty tells Hellman their supervisor wants them to “write a brief summary of what we think about the DNC report.” Batty continues by suggesting that “we should at least plug the thumb drives into Frank’s computer and look at the files…”

9/22, 9:44AM: Curtis Heide, in Chicago, asks Batty to send the contents of the thumb drive so counterintelligence agents can begin to look at the evidence. The boys in Cyber struggle to do so for a bit.

9/22, 2:49PM: Batty asks Hellman what he did with the blue thumb drive.

9/22, 4:46PM: Batty sends “analysis of Trump white paper” to others.

In other words, the cyber division spent less than 24 hours doing this analysis.

Yes. The analysis was quick.

Hellman says his analysis is valid because he looked at the data

The hastiness of the analysis and the fact that Hellman didn’t look at the thumb drive before making initial conclusions about the research is fairly problematic, because when he discussed his own methodology, he described the data driving everything.

Q. Now, what principally, from the materials, did you rely on to do your analysis?

A. So it was really two things. It was looking at the data, the technical data itself. There was a summary that it came with. And then also we were comparing what we saw in the data, sort of the story that the data told us, and then looking at the narrative that it came with and comparing our assessment of the data to the narrative.

[snip]

Q. And in connection with that analysis, did you also take a look at the data itself that was underlying this paper?

A. Yes

[snip]

Q. And if we look at that first page there, Agent Hellman, what kind of data is this?

A. It appears to be — as far as I can tell, it looks to be — it’s log data. So it’s a log that shows a date and a time, a domain, and an IP address. And, I mean, that’s — just looking at this log, there’s not too much more from that.

Q. And do you understand this to be at least a part of the DNS data that was contained on the thumb drives that I think you testified about earlier?

A. Yes.

[snip]

A. It would have mattered — well, I think on one hand it would not have mattered from the technical standpoint. If I’m looking at technical data, the data’s going to tell me whatever story the data’s going to tell me independent of where it comes from. So I still would have done the same technical analysis.

But knowing where the data comes from helps to tell me — it gives me context regarding how much I believe in the data, how authentic it is, do I believe it’s real, and do I trust it. [my emphasis]

He repeated this claim on cross with Berkowitz.

I just disagreed with the conclusions they came to and the analysis that they did based upon the data that came along with the white paper.

When Berkowitz asked him why counterintelligence opened an investigation when Cyber didn’t, Hellman suggested that the people in CD wouldn’t understand how to read the technical logs.

A. Um, I think they’d probably be looking at it from the same vantage point, but if you’re not — you don’t have experience looking at technical logs, you may not have the capability of doing a review of those logs. You might rely on somebody else to do it. And perhaps counterintelligence agents are going to be thinking about other investigative questions. So I guess it would probably be a combination of both.

“If I’m looking at technical data,” DeFilippis’ star cybersecurity agent explained, “the data’s going to tell me whatever story the data’s going to tell me.”

Except he didn’t look at the technical data, at least not the data on the thumb drives, before he reached his initial conclusion.

Hellman makes a claim unsupported by the data in his own analysis

I’ll leave it to people more expert than me to rip apart Hellman’s own analysis of the white paper Sussmann shared with the FBI. In early consultations, I’ve been told he misunderstood the methodology, misunderstood how researchers used Trump’s other domains to prove that just one had this anomaly (that is, as a way to test their hypothesis), and misstated the necessity of some long-term feedback loop for this anomaly to be sustained. Again, the experts will eventually explain the problems.

One part of his report that I know damns his methodology, however, is where he says the researchers,

Searched “…global nonpublic DNS activity…” (unclear how this was done) and discovered there are (4) primary IP addresses that have resolved to the name “mail1.trump-email.com”. Two of these belong to DNS servers at Russian Alfa Bank. [my emphasis]

This is the point where every single person I know who assessed these allegations who is at least marginally expert on DNS issues stopped and said, “global nonpublic DNS activity? There are only a handful of people that could be!” Every marginally expert person I know has, upon reading something like that, tried to figure out who would have that kind of visibility on the data, because that kind of visibility, by itself, would speak to their expertise. Those marginally expert people did not have the means to identify the possible sources of the data. But a lot of them — including the NYTimes!! — were able to find people who had that kind of visibility to better understand the anomaly. When Hellman read that, he simply said, “unclear how this was done” and moved on.

Still, Hellman did not contest (or possibly even test) the analysis that said there were really just four IP addresses conducting look-ups with the Trump marketing server. Dozens of people have continued to test that result in the years since, and while there have been adjustments to the general result, no one has disproven that the anomaly was strongest between Alfa Bank and Trump’s marketing domain.

Where Hellman’s insta-analysis really goes off the rails, however, is in his assertion that, “it appears that the presumed suspicious activity began approximately three weeks prior to the stated start date of the investigation conducted by the researcher.”

I’m not a DNS expert, but I’m pretty good at timelines, and by my read here are the key dates in the white paper.

May 4, 2016: Beginning date for look-up analysis

July 28, 2016: Lookup for hostnames yielding Trump

September 4, 2016: End date for look-up analysis

September 14, 2016: Updated search for look-ups covering June 17 through September 14

The start date reflected in this white paper is July 28, 2016. Three weeks before that would be July 7, 2016, a date that doesn’t appear in the white paper. The anomaly started 85 days before the start date reflected in this white paper (and the start date for the research began months earlier, but still over three weeks after the May 4 start date).

I don’t understand where he got that claim. But DeFilippis repeated it on the stand, as if it were reflected in the data, I guess believing it makes his star cybersecurity agent look good.

DeFilippis’ star cybersecurity agent has some credibility problems

There are a few more problems with the credibility of Hellman, DeFilippis’ star cybersecurity agent who is not a DNS expert. One of those is that he compared notes with his boss before first testifying.

Q: And you also spoke with Nate Batty around that time, Right?

A: Yes.

Q: Did you talk to him before the first interview to kind of get ready for it?

A: I think so, but I don’t remember.

Q: Is that something that you encourage witnesses to do, to talk to other witnesses to see if your recollections are consistent?

A: No.

In addition, notwithstanding that Batty was told that Sussmann was in the chain of control, Batty claimed to believe the source was “anonymous” and Hellmann claimed to believe it was sensitive–a human source. Even after comparing notes their stories didn’t match.

There are other problems with Hellman’s memory of the events, notably that in his first interview — the one he did shortly after comparing notes with Batty — he claimed that Baker had told him he was unable to identify the source of the data.

Q. And when you went to Mr. Baker’s office, do you remember what, if anything, was said during that discussion or during that interaction?

A. I remember being in the office, but I don’t distinctly recall what the conversation was. I do remember after the fact, though, that I was frustrated that I was not able to identify who had provided these thumb drives, this information to Mr. Baker. He was not willing to tell me.

At the very least, this presents a conflict with Baker’s testimony, but it’s also another testament to how variable memories can be four years, much less six years, after the fact.

Hellman also claimed, when asked on cross, that the first time he had ever seen the reference to a “DNC report” in September 21 Lync notes he received was two years ago, when he was first interviewed.

A: The first time I saw this was two years ago when I was being interviewed by Mr. DeFilippis, and I don’t recall ever seeing it. I never had any recollection of this information coming from DNC. I don’t remember DNC being a part of anything we read or discussed.

Q: Okay. When you say, the first time you saw it was two years ago when you met with Mr. DeFilippis, that’s not accurate. Right? You saw it on September 21st, 2016. Correct?

A: It’s in there. I don’t have any memory of seeing it.

And when Sean Berkowitz asked about Hellman the significance of seeing the reference to a “DNC report” first thing on September 21, he described that DeFilippis suggested to him that it was likely just a typo for DNS.

Q. What’s your explanation for it?

A. I have no recollection of seeing that link message. And there is — I have absolutely no belief that either me or Agent Batty knew where that data was coming from, let alone that it was coming from DNC. The only explanation that popped or was discussed was that it could have been a typo and somebody was trying to refer to DNS 12 instead of DNC.

Q. So you think it was a typo?

A. I don’t know.

Q. When you said the only one suggesting it — isn’t it true that it was Mr. DeFilippis that suggested to you that it might have been a typo recently?

A. That’s correct.

When asked about a topic for which there was documentary evidence Hellman had seen in real time that he claimed not to remember, Andrew DeFilippis offered up an explanation that Hellman then offered on the stand.

On the stand, DeFilippis also tried to get Hellman to call a marketing server a spam server, though Hellman resisted.

Once you look closely, I don’t think Hellman’s testimony helps Durham all that much. What it proves, however, is that DeFilippis attempted to coach testimony.

One final thing. DeFilippis got his star cybersecurity agent to observe that the researchers didn’t include their name or other markers on their report, as if that’s a measure of unreliablity.

Q. Now, let me ask you, were you able to determine from any of these materials who had actually drafted the paper alleging the secret channel?

A. No.

Q. In other words, was it contained anywhere in the documents?

Here’s what Hellman’s own report looks like:

There’s a unit — ECOU1 — but the names of the individual agents appear nowhere in the report. The report is not dated. It does not specifically identify the white papers and thumb drives by control numbers, something key to evidentiary analysis.

It has none of the markers of regularity you’d expect from the FBI. Hellman’s own analysis doesn’t meet the standards that DeFilippis uses to measure reliability.

This long-time Grand Rapids resident is furious that Hellman judged there was no hack

Everything above I write as a journalist who has tried to understand this story for almost six years. Between that and 18 years of covering national security cases, I hope I now have sufficient familiarity with it to know there are real problems with Hellman’s analysis.

But let me speak as someone who lived in Grand Rapids for most of this period, and had friends who had to deal with the aftermath of Spectrum Health appearing at the center of a politically contentious story.

Hellman had, as he testified, two jobs. First, he was supposed to determine whether there were any cyber equities, then he was supposed to do some insta-analysis of the data without first looking at the thumb drives.

According to Hellman, there was no hack.

I was asked to perform two tasks in tandem with Special Agent Batty, and our tasks were, number one, to look at this data, look at the data and look at the narrative that it came with and identify were there any what’s known as cyber equities. And by that it was, was there any allegation of a hacking. That’s what cyber division does. We investigate hacking. So was there an allegation that somebody or some company or some computer had been hacked. That was first.

[snip]

As I mentioned, the first piece was we had to identify was there any real allegation of hacking; and there was not. That was our first task by our supervisor. There was not.

[snip]

The allegation was that someone purported to find a secret communication channel between the Trump organization and Russia. And so we identified first that, no, we didn’t think that there was any cyber equity, meaning that there was probably nothing more for cyber to investigate further, if there was no hacking crime.

Except here’s what the white paper says about Spectrum, that Grand Rapids business that was swept up in this story.

The Spectrum Health IP address is a TOR exit node used exclusively by Alfa Bank. ie.,  Alfa Bank communications enter a Tor node somewhere in the world and those communications exit, presumably untraceable, at Spectrum Health There is absolutely no reason why Spectrum would want a Tor exit node on its system. (Indeed, Spectrum Health would not want a TOR node on its system because, by its nature, you never know what will come out of a TOR node, including child pornography and other legal content.)

We discovered that Spectrum Health is the victim of a network intrusion. Therefore, Spectrum Health may not know it has a TOR exit node on its network. Alternatively, the DeVos family may have people at Spectrum who know there is a TOR node. i.e.,  could have been placed there with inside help.

When faced with some anomalous activity that seemed to tie into the weird DNS traffic, the experts suggested that maybe the Spectrum hack related to the DNS anomaly.

To be clear, this Tor allegation is the the weakest part of this white paper. You will hear about this to no end over the next week. It was technically wrong.

But the allegation in the white paper is that maybe a recent hack of Spectrum Health is why it had this anomalous traffic with Trump’s marketing server. There’s your hack!!

Had the people at FBI’s cybersecurity side actually treated this as a possible compromise, it might have addressed the part of this story that never made any sense. And we might not, now, six years later, be arguing about what might explain it.

Let me be clear: I do think the white paper overstated its conclusions. I don’t think secret communication is the most obvious explanation here.

But there are hacks and then there are hacks in the testimony of DeFilippis’ star cybersecurity agent.

Update: Corrected an attribution to Batty instead of Hellman.

John Durham’s Lies with Metadata

Please donate to help defray the cost of trial transcripts. As most of you know, I now live in Ireland. I had considered traveling to DC to cover the Sussmann trial but have issues I need to deal with here. So I’m hoping to cover as much of it as I can (with an obvious delay) via trial transcripts. But they are expensive! So if you appreciate this coverage, please consider a one-time  or recurring donation to defray the cost of transcripts. Thanks!

I’d like to thank John Durham for showing us back in April how he was going to mislead the jury with metadata.

He appears to have done just that, yesterday, with several exhibits entered into evidence. And I fear that unless Durham’s lie is corrected, he will gravely mislead the jury.

As I pointed out in April, because of the email system at Fusion GPS, the first email in any thread they produced to Durham renders as UTC; the rest render as ET. So, for the emails on which one could check, the first email in every thread they released in April was four hours later than the time the email was actually sent.

Durham has revealed that his exhibit has irregularities in the emails pertaining to a key issue: whether Fusion sent out a link to April Lorenzen’s i2p site before Mark Hosenball sent it to them.

This shows up in the timestamps. In the exhibit, the lead email for each appearance appears to be set to UTC, whereas the sent emails included in any thread appear to be set to ET.

For example, in this screencap, the time shown for Mark Hosenball’s response to Peter Fritsch (the pink rectangle) is 1:35 PM, which is presumably Eastern Time.

In this screencap, the very same response appears to be sent at 5:36PM, which is presumably UTC.

Both instances of Peter Fritsch’s email (the green rectangle), “that memo is OTR–tho all open source,” show at 1:33PM, again, Eastern Time.

To be clear: this irregularity likely stems from Fusion’s email system, not DOJ’s. It appears that the email being provided itself is rendered in UTC, while all the underlying emails are rendered in the actual received time.

That means if you show someone only the first email in a thread, you will be misrepresenting what time that email was sent.

That’s what Durham did yesterday with a bunch of Fusion-produced emails he submitted during Laura Seago’s testimony, including (but not limited to):

Over and over, Andrew DeFilippis showed these to Laura Seago and asked her to state what date and time the emails were.

MR. DeFILIPPIS: Okay. And, Your Honor, if there’s no objection from the defense, we’ll offer Government’s Exhibit 612.

MR. BERKOWITZ: No objection.

THE COURT: So moved.

Q. Okay. So what is the date and time of this email?

A. October 5, 2016, at 5:23 p.m.

Q. And the “Subject” line?

A. “Re: so is this safe to look at” — excuse me — “so this is safe to look at.”

While these emails appear to have been produced to Durham at a later time (their Bates numbers from Fusion are about 3000 pages off some of the earlier ones), they’re from the same series and produced by the same custodian, so we should assume that the same anomaly that existed on the earlier ones exists here.

Seago hasn’t seen these emails for years and — because they were treated as privileged — she can only see the first email in a thread, even if there are replies in that thread (and there clearly are, in some of them). She had no way of knowing if she was looking at UTC time!

But Andrew DeFilippis surely does. Indeed, he’s prepping an attack on Sussmann for not understanding that Durham turned over Lync files from the FBI without making clear they, also, get produced in UTC. So he’s aware of which exhibits he has sent to Sussmann without clarifying the correct time. Yet over and over again, DeFilippis asked Seago what time these emails were sent, even though he likely knows (especially since these are files that are no longer privileged, so he has seen those that are threads) that he was deceiving her.

And the timing of these Fusion emails — and possibly some earlier ones exchanged with Rodney Joffe — almost certainly matter.

As I showed in my earlier post, because Durham didn’t fix the anomaly in these emails, they have created the false impression that an October 5 email from Mark Hosenball that shared public links to Tea Leaves’ files came in after Fusion sent it out to Eric Lichtblau. They appear to be prepping another deceit, this one conflating a link that Hosenball sent with one Seago found on Reddit.

Assuming the emails released yesterday share this same anomaly, here’s how the timeline would work out. I’ve bolded the ones that would be grossly misleading taken out of order.

5:23PM (could be 1:23?): Seago to Fritsch, Is this safe?

1:31PM: [not included] Fritsch to Hosenball email with Alfa Group overview

1:32PM: Fritsch sends Isikoff the September 1, 2016 Alfa Group overview (full report included in unsealed exhibit)

1:33PM [not included] Fritsch to Hosenball, “that memo is OTR — tho all open source”

1:35/1:36PM: Hosenball replies, “yep got it, but is that from you all or from the outside computer experts?”

1:37PM: Fritsch responds,

the DNS stuff? not us at all

outside computer experts

we did put up an alfa memo unrelated to all this

1:38PM: [not included] Hosenball to Fritsch:

is the alfa attachment you just sent me experts or yours ? also is there additional data posted by the experts ? all I have found is the summary I sent you and a chart… [my emphasis]

1:41PM: [not included] Fritsch to Hosenball:

alfa was something we did unrelated to this. i sent you what we have BUT it gives you a tutanota address to leave questions.  1. Leave questions at: [email protected]

1:41PM: [not included] Hosenball to Fritsch:

yes I have emailed tuta and they have responded but haven’t sent me any new links yet. but I am pressing. but have you downloaded more data from them ?

1:43PM: [not included] Fritsch to Hosenball, “no”

1:44PM: Fritsch to Lichtblau:

fyi found this published on web … and downloaded it. super interesting in context of our discussions

[mediafire link] [my emphasis]

2:23PM: [not included] Lichtblau to Fritsch, “thanks. where did this come from?”

2:27PM: [not included] Hosenball to Fritsch:

tuta sent me this guidance

[snip]

Since I am technically hopeless I have asked our techie person to try to get into this. But here is the raw info in case you get there first. Chrs mh

2:32PM: Fritsch to Lichtblau:

no idea. our tech maven says it was first posted via reddit. i see it has a tutanota contact — so someone anonymous and encrypted. so it’s either someone real who has real info or one of donald’s 400 pounders. the de vos stuff looks rank to me … weird

6:33PM (likely 2:33PM): Fwd Alfa Fritsch to Seago

6:57PM (like 2:57PM): Re alfa Seago to Fritsch

7:02PM (likely 3:02): Re alfa Seago to Fritsch

3:27PM: [not included] Fritsch to Hosenball cc Simpson: “All same stuff”

3:58PM: [not included] Hosenball to Fritsch, asking, “so the trumpies just sent me the explanation below; how do I get behind it?”

4:28PM: [not included] Fritsch to Hosenball, “not easily, alas”

4:32PM: Fritsch to Hosenball, cc Simpson:

Though first step is to send that explanation to the source who posted this stuff. I understand the trump explanations can be refuted.

 

 

What Durham will completely and utterly misrepresent if it doesn’t clarify this anomaly (and this is the second time they have declined to) is that Seago and Mark Hosenball both accessed different packages of the Tea Leaves materials, one of which then got sent out to Lichtblau. Between 2:33 and 2:57, Seago appears to have compared the files and told Fritsch, who then told Hosenball, that the packages were “all the same stuff.”

With a Much-Anticipated Fusion GPS Witness, Andrew DeFilippis Bangs the Table

Please donate to help defray the cost of trial transcripts. As most of you know, I now live in Ireland. I had considered traveling to DC to cover the Sussmann trial but have issues I need to deal with here. So I’m hoping to cover as much of it as I can (with an obvious delay) via trial transcripts. But they are expensive! So if you appreciate this coverage, please consider a one-time  or recurring donation to defray the cost of transcripts. Thanks!

Andrew DeFilippis has done several arguably unethical things in an attempt to win the Michael Sussmann trial.

He repeatedly attempted to get Marc Elias to repeat something Elias shouldn’t have said in the first place: that the only way to understand whether Sussmann had gone to the FBI to benefit the Hillary campaign would be to ask him (in response to which stunt Sussmann is asking for a mistrial).

DeFilippis also set up a ploy to get a non-expert to offer opinions that only an expert should offer (more on that later).

At times (such as during Neustar employee Steve DeJong’s testimony), DeFilippis seemed more focused on eliciting testimony that might help him make a case against Rodney Joffe than obtain a guilty verdict against Sussmann.

And in direct examination yesterday of Fusion’s Laura Seago (my reading of the transcript is here), he did both, violating Judge Cooper’s orders in an attempt to set up his ongoing investigation in a way that did nothing to help him win the trial against Sussmann.

For all the anticipation for it, Seago’s testimony was not all that helpful to Durham’s team. She described having about as much awareness of which Democratic entity Fusion’s ultimately client was as the FBI did on Carter Page’s FISA applications. She indicated that the Alfa Bank allegations were just one of a whole bunch of possible ties to Russia that Trump had. She described how, to the extent Fusion could assess the Alfa Bank allegations, they found them credible. In discussing Fusion’s pitch to Franklin Foer on the Alfa Bank story, she described the other major data scientists who had backed the Alfa Bank allegations, identities that Durham has always suppressed because they kill his conspiracy theory.

Q. And what was discussed? What did you say, and what did they say?

A. I really don’t remember the specifics six years on. We talked about the allegations between the Trump organization and Alfa-Bank. We talked about highly credible computer scientists who seemed to think that these allegations were credible.

Q. And by that, are you referring to Mr. Joffe or somebody else?

A. There were others that ended up being cited in Mr. Foer’s article. He cited L. Jean Camp and Paul Vixie, who invented the DNS system.

During cross-examination by Sussmann lawyer Sean Berkowitz, Seago made it clear she didn’t tell Foer about the FBI investigation into these matters.

Q. And with respect to your meeting with Mr. Foer, did you tell Mr. Foer that the FBI was investigating these allegations?

A. No. I had no knowledge of that investigation.

Q. So before your meeting with Franklin Foer, did you have any information that the FBI was involved in any way?

A. No.

Q. All right. Did Mr. Fritsch or anyone else at the meeting say, “The FBI is looking into this”?

A. Not that I can remember.

Also on cross, Seago described that her impression from having dealt with Joffe is that he really did believe the allegations too.

Q. And your impression of Mr. Joffe that was made at that meeting was that he was — he seemed reliable?

A. Yes.

Q. And he seemed well-placed to have knowledge and information about the server issues?

A. Yes, he did.

Q. And you understood that Mr. Joffe supported the suggestion that there was at least potential contact between Trump servers and Alfa-Bank servers?

A. Yes, I did.

MR. DeFILIPPIS: Objection, Your Honor.

THE COURT: Overruled.

Q. You answered the question?

A. Yes, I did understand that.

But it was in DeFilippis’ treatment of emails that Judge Cooper granted Durham’s team access to, but did not permit them to use at trial, where he got particularly obnoxious. Remember: while Durham’s team maintained from the start that the privilege claims behind these emails were not proper (because they were largely about communicating with the press, not about providing research assistance to the Democrats), the reason they didn’t get access to them was their own incompetence. They didn’t ask for a privilege review until right before trial.

DeFilippis has no one to blame but himself, but in true right wing fashion, he’s lashing out.

Perhaps in an attempt to make some drama out of documents that Cooper described “not very revelatory,” DeFilippis walked Seago through all the ones she was privy to, including those with Joffe that Cooper ruled were privileged.

Generally, such exchanges went something like this:

Q. Ms. Seago, does this appear to be part of the same chain as the prior email exchanges?

A. It has the same “Subject” line and says “Re,” so that is what it appears to be. I have no independent recollection of this email.

Q. And what, if any, connection in your mind did the Alfa Bank issue have to New York? I ask because “New York” is in the “Subject” line. Any sense?

A. I don’t know.

Q. And the attachment on this email, any sense of what that was?

A. I don’t know.

Note: there’s no reason to believe Seago has reviewed these emails recently.

That was all setup for DeFilippis’ last set of questions:

Q. Did you ever receive instructions that you couldn’t disclose your affiliation with Fusion GPS to the media?

A. No. I don’t remember hiding that affiliation from the media ever.

Q. Do you ever remember hiding or considering hiding that affiliation from anyone?

A. No.

Q. How certain are you of that?

A. I’m quite certain. You know, we don’t go around advertising who we are and where we work, but I certainly don’t lie to people, and I don’t lie to the press about where I work.

Q. Okay. So you’re fairly certain you never sought to conceal that?

A. Not that I can recall.

Immediately after Seago left the stand, DeFilippis asked for a bench conference (the DC Court adopted phones for the purpose during COVID and all the judges love them, so they’re keeping them). Seago’s answer to the question, DeFilippis noted, was inconsistent with the content of the email, which referenced Tea Leaves.

MR. DeFILIPPIS: Your Honor, could we speak to you on the phone?

THE COURT: Excuse me?

MR. DeFILIPPIS: Could we speak to you on the phone?

THE COURT: Yes. (The following is a bench conference outside the hearing of the jury)

MR. DeFILIPPIS: Your Honor, can you hear me now?

THE COURT: Yes.

MR. DeFILIPPIS: So we have an issue with regard to Ms. Seago’s testimony. The government followed carefully Your Honor’s order with regard to the Fusion emails that were determined not to be privileged but that the government had moved on.

As Your Honor may recall, there was an email in there in which Ms. Seago talks very explicitly about seeking to approach someone associated with the Alfa-Bank matter and concealing her affiliation with Fusion in the email. When we asked her broadly whether she ever did that, she definitively said no when I, you know, revisited it with her. So it raises the prospect that she may be giving false testimony.

And so we were — you know, I considered trying to refresh her with that, but I didn’t understand that to be in line with Your Honor’s ruling. So the government is — we’d like to consider whether we should be — we’d like Your Honor to consider whether we should be able to at least recall her and refresh her with that document?

THE COURT: I don’t remember that question, but the subject matter was concealing Fusion or her identities in conversations with the press. If I recall correctly, that email related to “tea leaves,” correct?

MR. DeFILIPPIS: Your Honor, I thought I had phrased it more broadly. We can go to the transcript.

THE COURT: Mr. Berkowitz?

MR. BERKOWITZ: Judge, I’m not familiar with the specifics. I’m happy to take a look at the transcript. I certainly got the impression he was asking if she had ever concealed Fusion as an entity from the press. That was what was asked in her deposition, and she answered the same way in her deposition. One thing, just to note, some of our paralegals can hear Mr. DeFilippis talking, so I suggest, just as a reminder, to keep your voices down.

MR. DeFILIPPIS: Sure, sure.

THE COURT: All right. Let me look at the transcript.

(Pause)

THE COURT: Can you hear me?

MR. DeFILIPPIS: Yes, Your Honor.

THE COURT: All right. Looking at the transcript, I think you did ask a more open-ended question. She said, “I don’t remember hiding that affiliation from the media ever.” And then you followed up, “Do you ever remember hiding or considering hiding that affiliation from anyone?” And she answered, “No.” I would — so I think that she — I think the email is inconsistent with her answer, Mr. Berkowitz. But the question now is whether they can refresh her with that email notwithstanding the Court’s order. And now she’s gone.

How are we going to do that even if we were to allow it? Is it worth the candle of calling her back?

MR. DeFILIPPIS: Your Honor, I understand she’s still in the building.

MR. BERKOWITZ: Your Honor, is this email privileged?

MR. DeFILIPPIS: This was one of the emails that was determined not to be privileged by Your Honor.

MR. BERKOWITZ: So why didn’t they impeach her with it when they had the chance?

MR. DeFILIPPIS: Your Honor, the reason is because I didn’t want to violate Your Honor’s order that we couldn’t use those affirmatively.

THE COURT: Well, I think the time to have asked the Court whether using the document to refresh was consistent with the order was before she was tendered and dismissed. So I think you waived your opportunity. All right? So we’re going to move on.

Frankly, I think using the formerly privileged emails to impeach was beyond the scope of Cooper’s order, too. This was an affirmative use of the email!

But this was nothing more than a perjury trap, and with it an attempt to get the content of the email DeFilippis had been prohibited from using before the jury. Cooper didn’t allow it in, though he shouldn’t have allowed that line of questions in either (had such questions been permitted, then Seago should have been permitted to refresh her own memory of them).

Probably, DeFilippis will consider charging her with perjury over this. I think the fact that both Judge Cooper and Berkowitz had the impression that the question pertained solely to outreach to the press, Seago’s reiteration that, “I don’t lie to the press about where I work,” reinforcing that understanding, plus her last minute caveat, “Not that I can recall,” would make such a case as flimsy as this one. Probably, DeFilippis will use this exchange as part of his bid to get access to some subset of the 1,500 other not very revelatory emails that Democrats have claimed privilege over.

But this was a stunt. It wasn’t about getting, or sharing, the truth with the jury (and any scenario in which I can imagine Seago trying to hide her identity with Tea Leaves would suggest a more distant relationship than even I imagined Fusion had, though I would love to know what it was).

When a prosecutor engages in as many stunts as DeFilippis has, it’s a confession he knows the facts are not on his side.

To Celebrate Its Third Birthday, the Durham Investigation Will Attempt to Breach Eric Lichtblau’s Reporter’s Privilege

Happy Birthday to Johnny D and his merry band of prosecutors! Today marks your third birthday! Quite a milestone for an investigation that has just one conviction — a gift wrapped up with a bow from Michael Horowitz — to show for those three years.

John Durham, however, had something much more ambitious planned to mark the milestone, it appears.

As Sean Berkowitz noted earlier this week, Sussmann’s team wants to call Eric Lichtblau as a witness in next week’s trial. They were able to get Lichtblau to agree to testify based on the understanding he would only testify about conversations with Michael Sussmann and Rodney Joffe. But Durham’s team — I guess to assert the newfound brattiness of a three-year-old — refused to limit their cross-examination to those who had waived confidentiality.

There is an issue here that I want to alert you to. We reached out to Mr. Lichtblau’s counsel, actually counsel for The New York Times, to explore their willingness in light of the First Amendment issues to testify at the trial. And we told him that both Mr. Sussmann and Mr. Joffe would waive any privilege associated with the press privilege; and that gave The New York Times comfort that, notwithstanding their normal policy of objecting, they would allow him to testify about his interactions with

Mr. Sussmann and Mr. Joffe, communications between the two as well as communications with the FBI that wouldn’t be protected by privilege because the FBI reached out to them to ask them to hold the story.

They did tell us that they would object to questioning Mr. Lichtblau about independent research he did in support of the story, you know, people he spoke with to verify sources and other types of things that were not communicated to Mr. Sussmann.

We told him from our perspective that seemed like a fair line to draw, and we would not get into that.

He’s reached out to the Government on that issue, and it appears there may be — again, I don’t want to speak for the Government — but it appears that they may not be in a position today to give The New York Times that assurance. And so we expect The New York Times sometime this week will be filing a motion on that issue to tee it up for your Honor.

I know you’re welcoming all this additional paper.

THE COURT: One more intervenor in the mix.

MR. BERKOWITZ: “All the news that’s fit to print.”

As a motion submitted by Lichtblau yesterday and a declaration from his lawyer Chad Bowman lays out, after Sussmann and Rodney Joffe waived their confidentiality with Lichtblau by April 21, Durham then took eleven days to consider whether they were willing to limit Lichtblau’s testimony to his conversations with the two of them. Predictably, Andrew DeFilippis was not.

On April 21, 2022, I spoke by telephone with Andrew DeFilippis in the Special Counsel’s Office, as well as several of his colleagues. I asked whether the prosecution similarly would be willing to limit examination to direct communications between Mr. Sussmann and Mr. Lichtblau, a journalist, particularly given the Department of Justice’s new policy restricting the use of compulsory process to obtain information from reporters, as memorialized in the Office of the Attorney General’s July 21, 2021 Memorandum, a true and correct copy of which is attached as Exhibit B and which is also available online at at https://www.justice.gov/ag/page/file/1413001/download. Mr. DeFilippis stated that the prosecution needed time to consider the request.

On May 2, 2022, during a follow-up telephone call, Mr. DeFilippis stated that the prosecution was unable to give “any assurance” that their cross-examination questioning of Mr. Lichtblau would be confined to his discussions with Mr. Sussmann. In particular, Mr. DeFilippis stated that certain of Mr. Lichtblau’s email communications with third parties were within the prosecutions possession, and that the prosecution might want to examine Mr. Lichtblau about other, unknown aspects of his reporting. He also indicated a view that any reporter’s privilege would be pierced by a trial subpoena.

This is, by all appearances, a naked attempt to keep a very devastating witness off the stand. There’s no way, even under prior guidelines, Durham would have been able to get Lichtblau’s testimony; particularly given that they’ve got the communications in question, they couldn’t show a need to get his testimony.

That’s all the more true given Merrick Garland’s prohibition on requiring testimony from reporters.

But Lichtblau’s testimony is pretty critical for Sussmann, not least because he’ll make it clear he reached out to Sussmann and that the interest in reporting on Russian hacking was in no way tied to animus towards Trump. Plus, he would explain what an impact that acceding to the request from FBI to hold the story was for his career.

Durham has long tried to hide that after the FBI requested, Sussmann and Joffe acceded to help kill the story. It kills his conspiracy theory. It corroborates Sussmann’s stated motivation for sharing the DNS anomaly, that he was trying to help the FBI. Particularly given that both Sussmann and Joffe have Fifth Amendment reasons not to want to testify, Lichtblau would provide a way to get the full extent of that process into the trial.

But Durham wants to prevent it from coming into evidence unless Lichtblau is willing to pay a needless price for doing so.

Thirty Months after Disputing Michael Horowitz, Durham’s Team Suggests They’ve Never Looked at the Evidence

In Michael Sussmann’s filing explaining that he couldn’t include highly exculpatory notes — written by Tashina GausharMary McCord, and Scott Schools — from a March 6, 2017 meeting in his motion in limine because John Durham had provided them to him too late to include, Sussmann claimed that the files were not among those for which Durham had gotten permission to provide late.

The Special Counsel neglects to mention that these handwritten notes were buried in nearly 22,000 pages of discovery that the Special Counsel produced approximately two weeks before motions in limine were due. Specifically, the Special Counsel produced the March 2017 Notes as part of a March 18, 2022 production. The Special Counsel included the March 2017 Notes in a sub-folder generically labeled “FBI declassified” and similarly labeled them only as “FBI/DOJ Declassified Documents” in his cover letter. See Letter from J. Durham to M. Bosworth and S. Berkowitz (Mar. 18, 2022). And although the Special Counsel indicated on a phone call of March 18, 2022 that some of the 22,000 pages were documents that made references to “client,” he did not specifically identify the March 2017 Notes or otherwise call to attention to this powerful exculpatory material in the way that Brady and its progeny requires.

[snip]

[T]he Special Counsel has also failed to explain why this powerful Brady material was produced years into their investigation, six months after Mr. Sussmann was indicted, and only weeks before trial.3

Sussmann was wrong.

When Durham got an extension to his discovery deadlines, he got special permission to turn over (among other things) materials from DOJ IG at a later date.

DOJ Office of Inspector General Materials. On October 7, 2021, at the initiative of the Special Counsel’s Office, the prosecution team met with the DOJ Inspector General and other OIG personnel to discuss discoverable materials that may be in the OIG’s possession. The Special Counsel’s office subsequently submitted a formal written discovery request to the OIG on October 13, 2021, which requested, among other things, all documents, records, and information in the OIG’s possession regarding the defendant and/or the Russian Bank-1 allegations.

[I]n January 2022, the OIG informed the Special Counsel’s Office for the first time that it would be extremely burdensome, if not impossible, for the OIG to apply the search terms contained in the prosecution team’s October 13, 2021 discovery request to certain of the OIG’s holdings – namely, emails and other documents collected as part of the OIG’s investigation. The OIG therefore requested that the Special Counsel’s Office assist in searching these materials. The Government is attempting to resolve this technical issue as quickly as possible and will keep the defense (and the Court as appropriate) updated regarding its status.

In the pre-trial hearing on Monday, Andrew DeFilippis explained that the files came from DOJ IG (and therefore were subject to that later discovery deadline).

We located those statements in the notes in February or early March, when we received a huge production from the DOJ Inspector General’s office. As soon as we noticed that in the notes, we put them on very rapid declassification at the FBI and turned them over to the defense about a week later.

DeFilippis offered an unconvincing excuse for burying belatedly provided Brady material two layers deep in file folders without specific notice. He described the decision to flag the materials as an internal Government decision, which is an odd description unless Michael Horowitz’s office — or those involved in declassifying the records — forced the decision:

We then, speaking internally as the Government, decided it would be important to flag those notes for the defense. And so the day that we produced them, we got on a call. We wanted to be in a position to flag it in a way that we didn’t just put it in the end of a paragraph of a discovery letter. We flagged for the defense that we were going to be producing notes and that that included notes in which the word “client” appeared. And we told them that we thought that would be relevant to them.

[snip]

Let me just say that there was absolutely no effort by the Government to delay here or to hide these in a large production. That is precisely why we got on a phone call and flagged it for the defense.

It’s almost like DeFilippis was hoping this would get no notice.

I can understand why. I’ve described how astounding it was that Durham did not go looking for evidence from DOJ IG until — by Durham’s own telling — October 7, more than two weeks after indicting Sussmann (and likely not long enough before indicting Igor Danchenko to learn key details that undermine at least one charge against him).

But this late provision of exculpatory evidence means one of two things:

  • Durham has always had the files, but did such a poor job of looking for it in discovery he didn’t find it in his own files even as he started hunting Michael Sussmann
  • Durham never had these files

The latter is the more likely possibility, which, as a threshold matter, would mean Durham never reviewed key files that DOJ IG had used in high level witness interviews before disputing Michael Horowitz’ conclusion that the investigation was predicated appropriately. Durham is, literally, only reviewing key files three years into his investigation.

Along the way, he’s learning that conspiracy theories he has been chasing for months and years are false.

The revelation that Durham is discovering exculpatory information in DOJ IG’s files is as important to the efforts to blow up the Mike Flynn prosecution two years ago as it is to the Sussmann prosecution. That’s because the Jeffrey Jensen review of the Flynn prosecution and the Durham investigation were believed to be closely aligned. Indeed, I have shown that the handwritten notes from the FBI that Durham will rely on at trial show the same markers of unreliability that documents that were altered in the Flynn case had.

As I explained in this post, Jensen’s documents started with the Bates stamp used throughout the Flynn prosecution.

But after a period of time, they used a Bates stamp with a different typeface, albeit continuing the same series, suggesting someone else was doing the document sharing.

But if they’re drawing on the same source documents, Durham should at least know notes of that meeting exists. Jeffrey Jensen received and relied on at least one set of notes — Jim Crowell’s notes — from the March 6, 2017 meeting. Those notes, along with Tashina Gauhar’s notes of an earlier briefing and all those that got altered, also have the fat typeface.

The Tashina Gauhar notes turned over to Sussmann (and the others turned over) not only are based off a scan of her original notes and have no post-it notes on them, but they bear both Durham’s Bates stamp (SCO-074095), but also one that likely comes from DOJ IG (SCO-FBIPROD_021529).

All of which seems to suggest there was the same cherry-picking that went into the Durham investigation and the Jensen “review.” Neither reviewed — neither could have!! — what really happened. They reviewed selected records and then (in the Jensen review) altered those records to make false claims that the former President used in a debate attack.

I’ll come back to the issue of what appears in the notes Sussmann released that conflicts with the Flynn releases.

But I’m also interested that Durham is stalling on providing other notes from the meeting.

2 The defense has requested that the Special Counsel search for any additional records that may shed further light on the meeting and certain of those requests remain outstanding. To date, the Special Counsel has represented that the only additional notes from attendees at the meeting that he has identified do not reference whether or not Mr. Sussmann was acting on behalf of a client. The absence in those notes of any reference to whether Mr. Sussmann was acting on behalf of a client also raises questions regarding materiality of the charged conduct: if the on behalf of information were truly material to the FBI’s investigation, presumably all note takers would have written it down. [my emphasis]

Durham can’t be withholding notes because they don’t mention Sussmann having a client. That’s because Scott Schools’ notes mention that the Alfa Bank tip came from an attorney, but don’t mention that he was there on behalf of a client (Schools’ notes may have been included because they are the only ones of the three provided that attributed this discussion to Andy McCabe).

There are at least two other sets of notes from this meeting that are known or presumed to exist:

And there were at least three other people present at the meeting known to take notes:

  • Bill Priestap
  • Andy McCabe
  • Dana Boente

Importantly, in Durham’s objection to admitting these notes as evidence, he makes it clear that James Baker (inexcusably as a lawyer) did not take notes of this or any other meeting, but he does not say whether Priestap (or Trisha Anderson) took notes.

Moreover, the DOJ personnel who took the notes that the defendant may seek to offer were not present for the defendant’s 2016 meeting with the FBI General Counsel. And while the FBI General Counsel was present for the March 6, 2017 meeting, the Government has not located any notes that he took there.

If Priestap took notes, one copy should be in Durham’s possession, in the notebook of Priestap’s notes already on Durham’s exhibit list.

DOJ has been trying to prevent anyone from looking at Andy McCabe’s notes for some time.

But one thing that turning over the DOJ IG retained notes for the others will show is whether alterations in the Strzok, Priestap, and McCabe notes were made.

It’ll also make it easy to test why Jensen’s review redacted a date and added one — albeit the correct one — in the Jim Crowell notes.

 

That is, I wonder if Durhams’ reluctance to turn over those materials stems not from any facts about his own investigation, but from an awareness of the cherry-picking — and possibly worse — that having turned over the past one reveals.

Three posts on the altered documents from the Mike Flynn case

The Jeffrey Jensen “Investigation:” Post-It Notes and Other Irregularities (September 26, 2020)

Shorter DOJ: We Made Shit Up … Please Free Mike Flynn (October 27, 2020)

John Durham Has Unaltered Copies of the Documents that Got Altered in the Flynn Docket (December 3, 2020)

Three Years into the Durham Investigation, a Jury Will Get to Hear about Trump’s Request that Russia Hack Hillary

There was a funny exchange in yesterday’s pre-trial hearing in the Michael Sussmann case. In the part of the hearing focused on objections to exhibits, Andrew DeFilippis raised the newspaper articles that — I noted — were necessary background to understand the mindset that led Sussmann and Rodney Joffe to believe that the Alfa Bank DNS anomaly raised national security concerns.

These articles explain why it was reasonable, not just for the Democrats’ cybersecurity lawyer who was spending most of his days trying to fight back against a persistent Russian hack, but also for the researchers and Rodney Joffe to try to first look for more Russian hacking (including that victimizing Republicans), and when they found an anomaly, to try to chase it down and even to bring it to the FBI for further investigation. Several threads of these articles — pertaining to Trump’s request that Russia hack Hillary and to Manafort’s corruption — were explicitly invoked in discussions that Durham wants to claim must arise from political malice.

In the hearing, DeFilippis predictably complained that prosecutors didn’t want this to become a trial on Donald Trump’s ties to Russia.

MR. DeFILIPPIS: The last category we had identified were a number of news articles about — again, on the face of — the headlines of the articles about — “Donald Trump’s ties to Russia,” I think, was the primary theme of the news articles.

We just — number one, they’re news articles, which we don’t think have, you know, probative weight here. Number two, we do not want to make this a trial on Donald Trump’s ties to Russia.

And again, we don’t have a lot of context for which it would be — why the defense would want to offer all of those. But I think our initial reaction is they would be a distraction.

Sussmann’s attorney Sean Berkowitz noted that prosecutors — who have made several newspaper articles the central point of their case — aren’t so much opposed to newspaper articles as evidence as they’re opposed to articles about Trump and Russia.

MR. BERKOWITZ: So as we understand the objection, your Honor, it’s not to articles generally. They have articles on their exhibit list. It’s to articles that talk about the issues with Trump and Russia in the summer of 2016.

Judge Christopher Cooper correctly noted that it would be unfair to send a bunch of articles back with the jury to read.

THE COURT: I think it’s broader than that. It’s sending back multiple newspaper articles to the jury with all sorts of stuff in them, and the jury is spending its time reading newspaper articles.

Berkowitz noted that they’re really trying to get to the mindset of Sussmann and Joffe, particularly their response to Trump’s request that Russia hack Hillary some more.

MR. BERKOWITZ:  The articles that we think are relevant, your Honor, relate to what’s going on in the world in July and August of 2016, which provide context and animate what’s going on for Mr. Sussmann and Mr. Joffe and why there are potential national security issues associated with this.

As you’ll remember, you know, on July 27th, at a press conference — again, this is shortly before the researchers start looking into issues, according to the Government — Trump has a press conference that says: Russia, if you’re listening, I hope that you’re able to find the 30,000 emails that are missing. I think you’ll probably be rewarded mightily by our press.

That fact being out there and well known provides context for the work that’s done and the motivation potentially to go to the FBI as to why it would be relevant that there were connections between — potential connections between Trump and Russia.

[snip]

But the fact that this was what was going on in the world at this time we think is very relevant to the state of mind and the rationale behind this as well as the opposition research that was going on.

Cooper cut off Berkowitz before he could explain how this related to the DNC hack. But he suggested that such information could instead come in via questioning of Robby Mook, Marc Elias, and James Baker.

THE COURT: — Mr. Elias, Mr. Mook, Mr. Baker perhaps can all certainly testify to that. Right?

MR. BERKOWITZ: I think that they certainly could, your Honor.

As I’ve noted, that the main redacted part of Elias’ declaration explaining why they hired Fusion for Russian-related research was introduced via a reference to Trump asking Russia to hack Hillary.

Because both sides have separate scope of testimony they’d like to elicit from Elias, he’ll be asked both sets when prosecutors call him.

I’m sure Elias has quite a lot he’d like to say about serving as General Counsel for a candidate whose opponent was soliciting help — and appears to have gotten it — from a hostile foreign country.

Friday is the three year anniversary of the Durham investigation. Tuesday, the likely day both sides will make opening arguments, marks the five year anniversary of the Mueller investigation.

And on that day, a jury will finally hear an argument about how reasonable it was to believe Donald Trump posed a threat to the United States after he asked Russia to help hack his opponent.

Old Friends: Scooter Libby and CIPA

Judge Christopher Cooper will not have a media call-in line for this afternoon’s hearing in the Michael Sussmann case, so I’ll have to rely on the reporting of others and a delayed review of a transcript of the case.

But before then, I’d like to make two points about developments to supplement this post on the fight over what evidence will be presented at trial.

Judge Cooper rules that Durham must share two classified items with Sussmann

First, behind closed doors, the parties have begun the Classified Information Procedures Act, the process by which the government limits what classified information gets shared with the defendant and what information gets introduced at trial. I provided some background on how that might work in the (far more CIPA-dependent) Igor Danchenko trial, but for our purposes, there are three steps:

  • Section 4, which allows the government to withhold evidence from Sussmann or substitute classified information to protect classified information.
  • Section 5, which requires the defendant to list in advance what classified information he wants to use at trial.
  • Section 6, which requires the judge to make admissibility decisions on classified information before trial.

There are several things that might be included in the universe of classified evidence in Sussmann’s case. Durham has always explained there was highly classified information in the investigative case file itself.

The entirety of the FBI’s electronic case file for the investigation of the Russian Bank1 allegations – in both classified and unclassified form – with only minor redactions to protect especially sensitive and/or highly classified information;

This could pertain to Alfa Bank itself; many other public filings (such as FOIAed Mueller records or the SSCI Report) redact information pertaining to Alfa. And that would explain why Durham had to delay his CIPA filing because the people who needed to sign off were busy keeping the country safe from Russia, not safe for Russia.

Sussmann also asked for details of Rodney Joffe’s cooperation with the FBI and another agency that might be the NSA, much of which would also pertain to highly sensitive investigations. And Durham seems likely to attempt to use this CIA intelligence report to make claims that were questioned in real time about why Hillary’s campaign might respond to Trump asking for her to be hacked by trying to discover the multiple back channels with Russia that existed. (Yesterday, Peter Strzok, who is named in the document, raised questions about whether Durham even has the correct document.) That’s the kind of classified information these fights are likely about.

Yesterday, the government filed a sealed motion asking for a 6a hearing — basically an opportunity to challenge the information that Sussmann wants to use to defend himself. They also appear to be challenging the specificity with which he described the information he needs. None of that is surprising, but given how scrappy things have gotten (to say nothing of the vastly different understanding each side has of this case), this fight could get interesting.

Potentially more consequential, Judge Cooper issued a ruling finding that, of a body of classified evidence prosecutors had identified that might be relevant to Sussmann’s case in discovery, he agrees with prosecutors that the information is classified and not helpful to the defense, and so can be withheld in its entirety under CIPA. However, with respect to two items, Cooper found that the information might be helpful and so Durham has to provide it or a classified summary to Sussmann’s cleared defense counsel.

WHEREAS the Court finds that two of the Government’s proposed substitutions of certain Classified Information do not adequately inform the defense of information that arguably may be helpful or material to the defense, in satisfaction of the Government’s discovery obligations; it is hereby

[snip]

IT IS FURTHER ORDERED that the Government is directed, as explained at the ex parte hearing, to disclose to cleared defense counsel either the underlying classified material or a classified summary of the material from which the two proposed summaries were derived.

Several things could happen here. Sussmann could look at it and decide he doesn’t want to use it at trial, mooting the issue. Prosecutors could go back to the national security officials who are busy punishing Russia for its attack on democracy and try to get them to agree to a more fulsome substitution or declassification.

But one of the possibilities is that Durham can appeal Cooper’s decision, which likely would delay the trial.

Judge Cooper adopts Libby as the standard for evidentiary disputes

The other recent development was Judge Cooper’s decision to admit Durham’s FBI Agent witness, but to limit what he can testify to unless Sussmann attempts to argue there really was a back channel communication between Alfa Bank and Trump. Contrary to what dishonest frothy lawyers say on Twitter, this was a reasonable and expected decision basically laying initial guidelines as to the evidence admissible at trial.

This decision will not end things. Cooper’s decision left a lot of room for dispute. For example:

  • Cooper permitted the government to argue the Alfa Bank allegations were “unsubstantiated,” but Andrew DeFilippis in the hearing wanted to argue they were untrue (this ironically flips the frother stance about the Mueller investigation, which did not substantiate conspiracy charges against Trump, but nevertheless found plenty of evidence of one)
  • Cooper did not distinguish between the accuracy of the DNS data (which Sussmann would happily prove at trial) and the reasonableness of the inferences researchers drew from it (about which there is great dispute)

So expect this to come back up at trial.

The most important part of the opinion, in my opinion, however, came in how Cooper closed it, generally excluding lots of the data collection evidence Durham wanted to introduce by citing Reggie Walton’s CIPA decision on Scooter Libby.

[A]dditional testimony about the accuracy of the data—expert or otherwise—will not be admissible just because Mr. Sussmann presents evidence that he “relied on Tech Executive-1’s conclusions” about the data, or “lacked a motive to conceal information about his clients.” Gov’s Expert Opp’n at 11. As the Court has already explained, complex, technical explanations about the data are only marginally probative of those defense theories. The Court will not risk confusing the jury and wasting time on a largely irrelevant or tangential issue. See United States v. Libby, 467 F. Supp. 2d 1, 15 (D.D.C. 2006) (excluding evidence under Rule 403 where “any possible minimal probative value that would be derived . . . is far outweighed by the waste of time and diversion of the jury’s attention away from the actual issues”).

Back in the day, this Libby opinion was actually a ruling against Libby. As some of you old-timers may recall, Dick Cheney’s former Chief of Staff was attempting a graymail defense, basically arguing that he needed stacks and stacks of classified information to explain to the jury that he didn’t mean to lie about discussing Valerie Plame’s identity and other classified information during the week the Bush Administration launched an attack on Plame and Joe Wilson. Rather, his brain was so filled with scary information — with an emphasis on Terror! Terror! Terror! — presented in the Presidential Daily Briefs, that he did not retain a memory of burning the Wilsons when asked by investigators.

And Libby was a CIPA opinion, not a 404(b) opinion, the matter ostensibly before Cooper. But it’s important because Libby’s case, like Sussmann’s, is about his state of mind when he allegedly lied, in Libby’s case, to both the FBI and a grand jury. Ultimately, the cited passage of the decision was about ways to apply Rule 403, which limits confusing information, to CIPA. To get there, however, Judge Walton focused on the PDBs and other classified documents pertinent to the days when Libby was speaking to journalists about the Wilsons and the days when he was lying to investigators, thereby excluding years of PDBs from periods before or after his lies that didn’t need to be declassified for trial.

In fact, there is a “danger of unfair prejudice, confusion of the issues, or misleading the jury,” in providing the jury details of the defendant’s activities falling outside the critical time periods. Specifically, permitting the defendant to testify as to the details of what consumed his time outside the critical time periods discussed above would likely confuse the jury concerning what events actually allegedly consumed the defendant’s attention at the times that he had the conversations that form the basis for this prosecution. Accordingly, while the defendant will be permitted to testify generally about the matters that consumed his time and attention during those periods outside of the dates identified in the indictment, permitting detailed descriptions of events occurring during such periods will be excluded pursuant to Federal Rule of Evidence 403.

Walton also ruled that testimony is more probative than submitting the PDBs or Libby’s own notes.

As indicated during the Section 6(a) proceedings, many, if not most, of the documents themselves are unlikely to be admitted as evidence during the trial for several reasons. First, the documents would be cumulative of the testimony provided by the defendant. And second, it would appear at this time that the information contained in many of the documents will pose substantial hearsay problems.

You can already see how this citation may be indicative of how Judge Cooper imagines he’ll get through the evidentiary swamp ahead of him. The government is asking to introduce a bunch of highly technical concepts, inflammatory names, and emails to which Sussmann was not a party, and asking to do so for a period that is totally attenuated from the day Sussmann went in to meet with James Baker.

But it’s relevant for another reason.

Sussmann has cited it over and over and over. In his April 4 filing moving to exclude information on data collection and Christopher Steele, Sussmann cited the opinion six times, including for:

  • Walton’s exclusion of what President Bush said in front of Libby
  • Walton’s exclusion of the scary terrorists Libby fought
  • The import of the defendant’s state of mind when he allegedly lied
  • Details of what others were told

Sussmann cited Libby again in his April 8 motion to exclude Durham’s expert, citing Walton’s exclusion of “the foreign affairs of the country, which is totally irrelevant to this case.” Sussmann cited it again in his April 15 omnibus response to Durham’s motions in limine, in a section aiming to exclude a bunch of Fusion GPS emails, for the argument that what others were told is simply irrelevant to the defendant’s state of mind in a false statements case. And he cited it again in his April 18 opposition to Durham’s motion to compel production of a bunch of privileged communications to which he was not party.

Unless I missed it, during that entire period in which Sussmann was citing Libby Libby Libby Libby Libby Libby Libby Libby Libby, Durham didn’t address the precedent at all.

As I noted, the Walton’s Libby decision worked against Libby; it prevented him from turning his trial into a debate over the War on Terror.

In this case, however, Durham is the one attempting to turn a single count false statement trial into a conspiracy trial implicating Hillary Clinton, Christopher Steele, and Donald Trump. Which suggests the Libby decision may not help him.

Confirmed: John Durham Has Withheld Discovery That DOJ Already Disproved His Claims of Political Malice

In his reply filing in the fight over what evidence will be submitted at his trial, Michael Sussmann confirmed something I’ve long suspected: John Durham has not provided Sussmann with the discovery Durham would need to have provided to present his own conspiracy theories at trial without risking a major discovery violation.

Were the Special Counsel to try to suggest that Mr. Sussmann and Mr. Steele engaged in a common course of conduct, that would open the door to an irrelevant mini-trial about the accuracy of Mr. Steele’s allegations about Mr. Trump’s ties to Russia—something that, like the Alfa Bank allegations, many experts continue to believe in, and about which the Special Counsel has tellingly failed to produce any significant discovery.

Sussmann dropped this in the filing without fanfare. But it is clear notice that if Durham continues down the path he is headed, he may face discovery sanctions down the road.

I explained why that’s true in these two posts. A core tenet of Durham’s conspiracy theories is that the only reason one would use proven cybersecurity methods to test certain hypotheses about Donald Trump would be for malicious political reasons. Here’s how Durham argued that in his own reply.

As the Government will demonstrate at trial, it was also the politically-laden and ethically-fraught nature of this project that gave Tech Executive-1 and the defendant a strong motive to conceal the origins of the Russian Bank-1 allegations and falsely portray them as the organic discoveries of concerned computer scientists.

There’s no external measure for what makes one thing political and makes another thing national security. But if this issue were contested, I assume that Sussmann would point, first, to truth as a standard. And as he could point out, many of the hypotheses April Lorenzen tested, which Durham points to as proof the project was malicious and political, turned out to be true. They were proven to be true by DOJ. Some of those true allegations involved guilty pleas to crimes, including FARA, explicitly designed to protect national security; another involved Roger Stone’s guilty verdict on charges related to his cover-up of his potential involvement in a CFAA hacking case.

DOJ (under the direction of Trump appointee Rod Rosenstein, who in those very same years was Durham’s direct supervisor) has already decided that John Durham is wrong about these allegations being political. Sussmann has both truth and DOJ’s backing on his side that these suspicions, if proven true (as they were), would be a threat to national security. Yet Durham persists in claiming to the contrary.

Here’s the evidence proving these hypotheses true that Durham has withheld in discovery:

The researchers were testing whether Richard Burt was a back channel to the Trump campaign. And while Burt’s more substantive role as such a (Putin-ordered) attempt to establish a back channel came during the transition, it is a fact that Burt was involved in several events earlier in the campaign at which pro-Russian entities tried to cultivate the campaign, including Trump’s first foreign policy speech. Neither Burt nor anyone else was charged with any crime, but Mueller’s 302s involving the Center for National Interest — most notably two very long interviews with Dmitri Simes (one, updated, two, updated), which were still under investigation in March 2020 — reflect a great deal of counterintelligence interest in the organization.

The researchers were also testing whether people close to Trump were laundering money from Putin-linked Oligarchs through Cyprus. That guy’s name is Paul Manafort, with the assistance of Rick Gates. Indeed, Manafort was ousted from the campaign during the period researchers were working on the data in part to distance the campaign from that stench (though it didn’t stop Trump from pardoning Manafort).

A more conspiratorial Lorenzen hypothesis (at least on its face) was that one of the family members of an Alfa Bank oligarch might be involved — maybe a son- or daughter-in-law. And in fact, German Khan’s son-in-law Alex van der Zwaan was working with Gates and Konstantin Kilimnik in precisely that time period to cover up Manafort’s ties to those Russian-backed oligarchs.

Then there was the suspicion — no doubt driven, on the Democrats’ part, by the correlation between Trump’s request to Russia for more hacking and the renewed wave of attacks that started hours later — that Trump had some back channel to Russia.

It turns out there were several. There was the aforementioned Manafort, who in the precise period when Rodney Joffe started more formally looking to see if there was a back channel, was secretly meeting at a cigar bar with alleged Russian spy Konstantin Kilimnik discussing millions of dollars in payments involving Russian-backed oligarchs, Manafort’s plan to win the swing states, and an effort to carve up Ukraine that leads directly to Russia’s current invasion.

That’s the kind of back channel researchers were using proven cybersecurity techniques to look for. They didn’t confirm that one — but their suspicion that such a back channel existed proved absolutely correct.

Then there’s the Roger Stone back channel with Guccifer 2.0. Again, in this precise period, Stone was DMing with the persona. But the FBI obtained at least probable cause that Stone’s knowledge of the persona went back much further, back to even before the persona went public in June 2016. That’s a back channel that remained under investigation, predicated off of national security crimes CFAA, FARA, and 18 USC 951, at least until April 2020 and one that, because of the way Stone was scripting pro-Russian statements for Trump, might explain Trump’s “Russia are you listening” comment. DOJ was still investigating Stone’s possible back channel as a national security concern well after Durham was appointed to undermine that national security investigation by deeming it political.

Finally, perhaps the most important back channel — for Durham’s purposes — was Michael Cohen. That’s true, in part, because the comms that Cohen kept lying to hide were directly with the Kremlin, with Dmitri Peskov. That’s also true because on his call to a Peskov assistant, Cohen laid out his — and candidate Donald Trump’s — interest in a Trump Tower Moscow deal that was impossibly lucrative, but which also assumed the involvement of one or another sanctioned bank as well as a former GRU officer. That is, not only did Cohen have a back channel directly with the Kremlin he was trying to hide,  but it involved Russian banks that were far more controversial than the Alfa Bank ties that the researchers were pursuing, because the banks had been deemed to have taken actions that threatened America’s security.

This back channel is particularly important, though, because in the same presser where Trump invited Russia to hack his opponent more, he falsely claimed he had decided against pursuing any Trump Organization developments in Russia.

Russia that wanted to put a lot of money into developments in Russia. And they wanted us to do it. But it never worked out.

Frankly I didn’t want to do it for a couple of different reasons. But we had a major developer, particular, but numerous developers that wanted to develop property in Moscow and other places. But we decided not to do it.

The researchers were explicitly trying to disprove Trump’s false claim that there were no ongoing business interests he was still pursuing with Russia. And this is a claim that Michael Cohen not only admitted was false and described recognizing was false when Trump made this public claim, but described persistent efforts on Trump’s part to cover up his lie, continuing well into his presidency.

For almost two years of Trump’s Administration, Trump was lying to cover up his efforts to pursue an impossibly lucrative real estate deal that would have required violating or eliminating US sanctions on Russia. That entire time, Russia knew Trump was lying to cover up those back channel communications with the Kremlin. That’s the kind of leverage over a President that all Americans should hope to avoid, if they care about national security. That’s precisely the kind of leverage that Sally Yates raised when she raised concerns about Mike Flynn’s public lies about his own back channel with Russia. Russia had that leverage over Trump long past the time Trump limped out of a meeting with Vladimir Putin in Helsinki, to which Trump had brought none of the aides who would normally sit in on a presidential meeting, looking like a beaten puppy.

Durham’s failures to provide discovery on this issue are all the more inexcusable given the fights over privilege that will be litigated this week.

As part of the Democrats’ nesting privilege claims objecting to Durham’s motion to compel privileged documents, Marc Elias submitted a declaration describing how, given his past knowledge and involvement defending against conspiracy theory attacks on past Democratic presidential candidates launched by Jerome Corsi and Donald Trump, and given Trump’s famously litigious nature, he believed he needed expertise on Trump’s international business ties to be able to advise Democrats on how to avoid eliciting such a lawsuit from Trump. (Note, tellingly, Durham’s motion to compel doesn’t mention a great deal of accurate Russian-language research by Fusion — to which Nellie Ohr was just one of a number of contributors — that was never publicly shared nor debunked as to quality.)

There are four redacted passages that describe the advice he provided; he is providing these descriptions ex parte for Judge Cooper to use to assess the Democrats’ privilege claims. Two short ones probably pertain to the scope of Perkins Coie’s relationship with the Democratic committees. Another short one likely describes Elias’ relationship, and through him, Fusion’s, with the oppo research staff on the campaign. But the longest redaction describing Elias’ legal advice, one that extends more than five paragraphs and over a page and a half, starts this way:

That is, the introduction to Elias’ description of the privilege claims tied to the Sussmann trial starts from Trump’s request of Russia to hack Hillary. Part of that sentence and the balance of the paragraph is redacted — it might describe that immediately after Trump made that request, the Russians fulfilled his request — but the redacted paragraph and the balance of the declaration presumably describes what legal advice he gave Hillary as she faced a new onslaught of Russian hacking attempts that seemingly responded to her opponent’s request for such hacking.

Given what Elias described about his decision to hire Fusion, part of that discussion surely explains his effort to assess an anomaly identified independently by researchers that reflected unexplained traffic between a Trump marketing server and a Russian bank. Elias probably described why it was important for the Hillary campaign to assess whether this forensic data explained why Russian hackers immediately responded to Trump’s request to hack her.

As I have noted, in past filings Durham didn’t even consider the possibility that Elias might discuss the renewed wave of hacking that Hillary’s security personnel IDed in real time with Sussmann, Perkins Coie’s cybersecurity expert.

It’s a testament to how deep John Durham is in his conspiracy-driven rabbit hole that he assumes a 24-minute meeting between Marc Elias and Michael Sussmann on July 31, 2016 to discuss the “server issue” pertained to the Alfa Bank allegations. Just days earlier, after all, Donald Trump had asked Russia to hack Hillary Clinton, and within hours, Russian hackers obliged by targeting, for the first time, Hillary’s home office. Someone who worked in security for Hillary’s campaign told me that from his perspective, the Russian attacks on Hillary seemed like a series of increasing waves of attacks, and the response to Trump’s comments was one of those waves (this former staffer documented such waves of attack in real time). The Hillary campaign didn’t need Robert Mueller to tell them that Russia seemed to respond to Trump’s request by ratcheting up their attacks, and Russia’s response to Trump would have been an urgent issue for the lawyer in charge of their cybersecurity response.

It’s certainly possible this reference to the “server” issue pertained to the Alfa Bank allegations. But Durham probably doesn’t know; nor do I. None of the other billing references Durham suggests pertain to the Alfa Bank issue reference a server.

Durham took a reference that might pertain to a discussion of a correlation between Trump’s ask and a renewed wave of Russian attacks on Hillary (or might pertain to the Alfa Bank anomaly), and assumed instead it was proof that Hillary was manufacturing unsubstantiated dirt on her opponent. He never even considered the legal challenges someone victimized by a nation-state attack, goaded by her opponent, might face.

And yet, given the structure of that redaction from Elias, that event is the cornerstone of the privilege claims surrounding the Alfa Bank allegations.

Because of all the things I laid out in this post, Judge Cooper may never have to evaluate these privilege claims at all. To introduce privileged evidence, Durham has to first withstand:

  • Denial because his 404(b) notice asking to present it was late, and therefore forfeited
  • Denial because Durham’s motion to compel violated local rules and grand jury process, in some ways egregiously
  • Rejection because most of the communications over which the Democrats have invoked privilege are inadmissible hearsay
  • The inclusion or exclusion of the testimony of Rodney Joffe, whose privilege claims are the most suspect of the lot, but whose testimony would make the communications Durham deems to be most important admissible

Cooper could defer any assessment of these privilege claims until he decides these other issues and, for one or several procedural reasons, simply punt the decision entirely based on Durham’s serial failures to follow the rules.

Only after that, then, would Cooper assess a Durham conspiracy theory for which Durham himself admits he doesn’t have proof beyond a reasonable doubt. As part of his bid to submit redacted and/or hearsay documents as exhibits under a claim that this all amounted to a conspiracy (albeit one he doesn’t claim was illegal), Durham argues that unless he can submit hearsay and privileged documents, he wouldn’t otherwise have enough evidence to prove his conspiracy theory.

Nor is evidence of this joint venture gratuitous or cumulative of other evidence. Indeed, the Government possesses only a handful of redacted emails between the defendant and Tech Executive-1 on these issues. And the defendant’s billing records pertaining to the Clinton Campaign, while incriminating, do not always specify the precise nature of the defendant’s work.

Accordingly, presenting communications between the defendant’s alleged clients and third parties regarding the aforementioned political research would hardly amount to a “mini-trial.” (Def. Mot. at 20). Rather, these communications are among the most probative and revealing evidence that the Government will present to the jury. Other than the contents of privileged communications themselves (which are of course not accessible to the Government or the jury), such communications will offer some of the most direct evidence on the ultimate question of whether the defendant lied in stating that he was not acting for any other clients.

In short, because the Government here must prove the existence of client relationships that are themselves privileged, it is the surrounding events and communications involving these clients that offer the best proof of those relationships.

Moreover, even if the Court were to find that no joint venture existed, all of the proffered communications are still admissible because, as set forth in the Government’s motions, they are not being offered to prove the truth of specific assertions. Rather, they are being offered to prove the existence of activities and relationships that led to, and culminated in, the defendant’s meeting with the FBI. Even more critically, the very existence of these written records – which laid bare the political nature of the exercise and the numerous doubts that the researchers had about the soundness of their conclusions – gave the defendant and his clients a compelling motive, separate and apart from the truth or falsity of the emails themselves, to conceal the identities of such clients and origins of the joint venture. Accordingly, they are not being offered for their truth and are not hearsay.

This passage (which leads up to a citation from one of the Georgia Tech researchers to which Sussmann was not privy that the frothers have spent the weekend drooling over) is both a confession and a cry for help.

In it, Durham admits he doesn’t actually have proof that the conspiracy he is alleging is the motive behind Michael Sussmann’s alleged lie.

He’s making this admission, of course, while hiding the abundant evidence — evidence he didn’t bother obtaining before charging Sussmann — that Sussmann and Joffe acceded to the FBI request to help kill the NYT story, which substantiates Sussmann’s stated motive.

And then, in the same passage, Durham is pointing to that absence of evidence to justify using that same claimed conspiracy for which he doesn’t have evidence to pierce privilege claims to obtain the evidence he doesn’t have. It’s a circular argument and an admission that all the claims he has been making since September are based off his beliefs about what must be there, not what he has evidence for.

Thus far the researchers’ beliefs about what kind of back channels they might find between Trump and Russia have far more proof than Durham’s absence of evidence.

Again, Durham doesn’t even claim that such a conspiracy would be illegal (much less chargeable under the statute of limitations), which is why he didn’t do what he could have had he been able to show probable cause that a crime had been committed: obtaining the communications with a warrant and using a filter team. Bill Barr’s memoir made it quite clear that he appointed Durham not because a crime had been committed, but because he wanted to know how a “bogus scandal” in which DOJ found multiple national security crimes started. ”Even after dealing with the Mueller report, I still had to launch US Attorney John Durham’s investigation into the genesis of this bogus scandal.” In his filing, Durham confesses to doing the same, three years later: using his feelings about a “bogus scandal” to claim a non-criminal conspiracy that he hopes might provide some motive other than the one — national security — that DOJ has already confirmed.

An absolutely central part of Durham’s strategy to win this trial is to present his conspiracy theories, whether by belatedly piercing privilege claims he should have addressed before charging Sussmann (even assuming he’ll find what he admits he doesn’t have proof is there), or by presenting his absence of evidence and claiming it is evidence. He will only be permitted to do if Judge Cooper ignores all his rule violations and grants him a hearsay exception.

But if he manages to present his conspiracy theories, Sussmann can immediately pivot and point out all the evidence in DOJ’s possession that proves not just that the suspicions Durham insists must be malicious and political in fact proved to be true, but also that DOJ — his former boss! — already deemed these suspicions national security concerns that in some cases amounted to crimes.

John Durham’s entire trial strategy consists of claiming that it was obviously political to investigate a real forensic anomaly to see whether it explained why Russia responded to Trump’s call for more hacks by renewing their attack on Hillary. He’s doing so while withholding abundant material evidence that DOJ already decided he’s wrong.

So even if he succeeds, even if Cooper grants him permission to float his conspiracy theories and even if they were to succeed at trial, Sussmann would have immediate recourse to ask for sanctions, pointing to all the evidence in DOJ’s possession that Durham’s claims of malice were wrong.

Update: The bad news I’m still working through my typos, with your help, including getting the name of Dmitri Simes’ organization wrong. The good news is the typos are probably due to being rushed out to cycle in the sun, so I have a good excuse.

Update: Judge Cooper has issued an initial ruling on Durham’s expert witness. It limits what Durham presents to the FBI investigation (excluding much of the CIA investigation he has recently been floating), and does not permit the expert to address whether the data actually did represent communications between Trump and Alfa Bank unless Sussmann either affirmatively claims it did or unless Durham introduced proof that Sussmann knew the data was dodgy.

Finally, the Court takes a moment to explain what could open the door to further evidence about the accuracy of the data Mr. Sussmann provided to the FBI. As the defense concedes, such evidence might be relevant if the government could separately establish “what Mr. Sussmann knew” about the data’s accuracy. Data Mot. at 3. If Sussmann knew the data was suspect, evidence about faults in the data could possibly speak to “his state of mind” at the time of his meeting with Mr. Baker, id., including his motive to conceal the origins of the data. By contrast, Sussmann would not open the door to further evidence about the accuracy of the data simply by seeking to establish that he reasonably believed the data were accurate and relied on his associates’ representations that they were. Such a defense theory could allow the government to introduce evidence tending to show that his belief was not reasonable—for instance, facially obvious shortcomings in the data, or information received by Sussmann indicating relevant deficiencies.

Ultimately, Cooper is treating this (as appropriate given the precedents in DC) as a question of Sussmann’s state of mind.

Importantly, this is what Cooper says about Durham blowing his deadline (which in this case was a deadline of comity, not trial schedule): he’s going to let it slide, in part because Sussmann does not object to the narrowed scope of what the expert will present.

Mr. Sussmann also urges the Court to exclude the expert testimony on the ground that the government’s notice was untimely and insufficiently specific. See Expert Mot. at 6–10; Fed. R. Crim. P. 16(a)(1)(G). Because the Court will limit Special Agent Martin’s testimony largely to general explanations of the type of technical data that has always been part of the core of this case—much of which Mr. Sussmann does not object to—any allegedly insufficient or belated notice did not prejudice him. See United States v. Mohammed, No. 06-cr-357, 2008 WL 5552330, at *3 (D.D.C. May 6, 2008) (finding that disclosure nine days before trial did not prejudice defendant in part because its subject was “hardly a surprise”) (citing United States v. Martinez, 476 F.3d 961, 967 (D.C. Cir. 2007)).

This suggests Cooper may be less willing to let other deadlines slide, such as the all-important 404(b) one.

Josh Marshall’s “Team on the Field:” Putting GOP on Defense Over Russia Requires Reversing Their Offense

Josh Marshall argued yesterday that the Democratic Party needs to start going on offense on the GOP’s complicity in Russia’s attack on Ukraine.

A new AP poll says that 54% of Americans think President Biden has been “not tough enough” on Russia for its invasion of Ukraine. These kinds of public perceptions can be shaped by perceptions of a leader as much as they drive them. So you think Biden is weak as your starting point and therefore you think he’s not being tough enough on Russia rather than the other way around. Also notable, Americans’ hawkishness over Ukraine has dipped a bit from a month ago. But the first, second and third most important thing about this poll is that this is what you get when you’re not reminding Americans every day — and I mean every god-damned day — that the GOP has spent the last 7 years boosting, allying with and even conspiring with Russia.

[snip]

Will pushing the GOP’s guilt and complicity on Russia make people stop caring about inflation? Of course not. But if you’re not even putting that team on the field you are simply not doing the simplest blocking and tackling of politics. It’s that bad. [my emphasis]

I don’t disagree with him. But for a guy with his own media outlet, he needs to start taking his own advice. That’s because his site has done little to undercut the flood of disinformation that the GOP has used to hide their own complicity.

Between the tag, “Durham,”

And “John Durham,” Marshall’s site shows four stories this year.

The tag, “Hunter Biden,” returns just two things this year.

While I haven’t focused on undermining the ridiculous claims the GOP are making about the “Hunter Biden” “laptop” — I have written just three stories this year (one, two, three), though that number would be far more if you count my focus on the investigation into Rudy — I’ve written 28 stories on the Durham investigation this year. Among other things, I have shown that:

One of the only other reporters covering this stuff with any attention, Charlie Savage, has to cater to a general audience. Meanwhile, an absolute torrent of propaganda from the frothy right has ignored the accumulated evidence not just of prosecutorial abuse, but shocking sloppiness. Instead, they spin Durham’s unsubstantiated conspiracy theories as fact, and from that, conclude that Trump wasn’t really badly implicated by Russia, but instead that was all made up by Hillary ahead of time.

If I weren’t alone swimming against this tide, Durham’s rank ignorance would actually be a great vehicle to correct the frothers. As I’ve noted, Durham and his rubes appear entirely unaware that the suspicions of the researchers trying to understand the Alfa Bank anomalies — that Trump had back channel communications with the Kremlin, that people close to Trump were laundering payments from oligarchs close to Trump, and that a family member of an Alfa Bank oligarch might be helping — all proved to be true.

The story of the Durham investigation is that he has criminalized people investigating reasonable inferences that turned out to be true. And yet the story that has gotten told, largely because other reporters are largely silent about it, is that he continues to chase Russian-seeded conspiracy theories in defiance of the evidence obtained as part of the Mueller investigation.

Josh Marshall has been far more successful than me in the two decades we’ve done this online journalism thing, so I’m in no place to tell him how to run his business.

But people believe that Biden is weak on Ukraine not just because Democrats aren’t screaming about how complicit Trump and his enablers are. They believe it because Trump has seeded two screaming conspiracy theories that have filled that void with false denials that all the suspicions about Trump turned out to be true.

Update: Added a third “Hunter Biden” “laptop” story.

John Durham Unveils His Post-Putin Puppet Strategy

I first complained publicly about the Alfa Bank allegations on November 1, 2016. I raised questions about the provenance of the Steele dossier the day after it was released, on January 11, 2017. I started raising concerns that Russia had succeeded in injecting the dossier with disinformation just a year later — literally years before the Republicans investigating it full-time did. When Democrats revealed that they had paid for the dossier in October 2017, I wrote a very long post labeling the entire project “fucking stupid.” Part of that was about the Democrats’ delayed admission they were behind the dossier. But part of that was because of the way the dossier distracted from Trump’s very real very concerning ties to Russia.

It has been clear for some time that Steele’s reports had some kind of feedback loop, responding to information the Democrats got. That was most obvious with respect to the September 14 Alfa Bank report, which was obviously written after first news of the Alfa Bank/Trump Tower story, which was pushed by Democratic partisans. Particularly given that we know the released report is a selective release of just some reports from the dossier, the inclusion of Alfa Bank in that release makes no sense. Even if reports about old corrupt ties between Alfa and Putin are true (as if Democratic politicians and corrupt American banks never have old ties), the inclusion of the Alfa report in the dossier on Trump made zero sense.

Which is why Alfa Bank decided — after consulting with big Republican lawyers like Viet Dinh and soon-to-be DOJ Criminal Division Chief Brian Benczkowski — to sue for defamation. Now I understand why (particularly given that Republicans seem to have known who paid for the dossier for some time). I’m not sure Alfa Bank executives pass the bar for defamation here (though the publication of a report that misspelled Alfa’s name is pretty damning), but the fact that Elias paid for this dossier on behalf of the Democrats is going to make that defamation case far more explosive (and I’ll be surprised if Elias doesn’t get added into the mix).

As I said when I began this: I have no doubt Russia tampered with the election, and if the full truth comes out I think it will be more damning than people now imagine.

But the Democrats have really really really fucked things up with their failures to maintain better ethical distance between the candidate and the dossier, and between the party and the FBI sharing. They’ve made things worse by waiting so long to reveal this, rather that pitching it as normal sleazy political oppo research a year ago.

The case of Russian preference for Trump is solid. The evidence his top aides were happy to serve as Russian agents is strong.

But rather than let FBI make the case for that, Democrats instead tried to make their own case, and they did in such a way as to make the very solid case against Trump dependent on their defense of the dosser, rather than on better backed claims released since then.

Boy it seems sadly familiar, Democrats committing own goals like this. And all that’s before where the lawfare on this dossier is going to go.

I may be the earliest and most prescient critic of all this, in either party. Sit down, Kash Patel! Sit down, Chuck Ross!

Sit down, John Durham!

And boy was I right, way back in October 2017, about where this was going to go.

But I have also shown that people close to Oleg Deripaska succeeded in exploiting this project as part of a vicious double game, victimizing both Hillary Clinton and Paul Manafort, making it more likely Manafort would cooperate in the Russian operation against Hillary, which he did. I have shown that the most obvious disinformation in the dossier, probably sourced to Dmitri Peskov — claiming that Michael Cohen had secret communications with the Kremlin on election interference — served to hide Michael Cohen’s very real secret communications with Peskov on a Trump Tower deal involving sanctioned banks and a former GRU official. I have more recently confirmed that someone who claimed to work for an FSB front was pushing the Alfa Bank allegations more aggressively than Michael Sussmann in October 2016; that same person was using Internet routing records to support a false story in May 2016, the same month the DNS anomalies started. I showed that large numbers of Republicans rationalize their attack on democracy on January 6 based on the dossier, even while they accept the dossier was Russian disinformation, thereby literally claiming that Russian disinformation convinced them to attack American democracy.

And Russia’s wild success at using this to sow division continues, even as Russia massacres children in an assault on Ukrainian democracy. Just Monday, after all, John Durham suggested that because private citizen April Lorenzen investigated the actions of the people married to Alfa Bank Oligarch children, she was part of a criminal conspiracy, even though it is a provable fact that the man married to the daughter of an Alfa Bank founder, Alex Van der Zwaan, was — in those very same weeks!!! — acting on orders from Russian spy Konstantin Kilimnik to cover up Manafort’s ties to the Oligarchs behind the 2016 election interference. Durham is so far down his conspiratorial rabbit hole, he doesn’t even realize he’s trying to criminalize being right about a real threat to democracy.

Which brings us to Durham’s motion to compel submitted last night, predictably asking Judge Christopher Cooper to review the privilege claims behind the Democrats and Fusion GPS’ privilege claims. I’m pretty sympathetic that some of the privilege claims the parties involved have made are bullshit, just as the claims Trump’s supporters have made to hide the events that led up to January 6 or any number of other things that go well beyond election-year rat-fucking are obviously bullshit. But it now seems clear that Durham is making the same error Alfa Bank did, not only assuming that everyone pushing the Alfa Bank allegations was being directed by the Democrats (when Lorenzen played a more important role), but also assuming people working for Hillary were behind all new push on the story; I’ve proven that was false.

Worse still, the specific form of Durham’s demand and its timing not only prove Durham’s bad faith, but strongly suggest that Durham viewed his own investigation to form part of a symbiotic whole with the Alfa Bank lawfare (the lawfare I rightly identified in 2017) still exploiting the dissension sowed by Russia in 2016. In the month of March, Durham did three things that were, as Sussmann’s lawyers described, “wildly untimely” for a trial scheduled to start in May. After getting an approved extension to their CIPA deadline, Durham filed a 404(b) notice on March 23; those notices were due on March 18. Durham told Sussmann of a new expert witness in the last days in March; that notice was also due by March 18. And then, on March 30, Durham told Sussmann he was going to attempt to pierce privilege claims that had been under discussion for a year.

All these belated steps look like a desperate, last minute attempt to change strategy. And it seems likely that the strategy change was necessitated, at least in part, by the stay and then dismissal of Alfa Bank’s lawfare, necessitated by the sanctions imposed by Putin’s aggression in Ukraine.

Consider the following timeline:

  • February 9: DC Superior Judge Shana Frost Matini observes that Durham case and Alfa Bank lawsuit appear reading from the same script and stays Alfa’s motions until after the Sussmann trial
  • February 11: In the wake of the expiration of the statute of limitation on a February 9, 2017 Sussmann meeting at the CIA, Durham files an inflammatory and belated conflict filing, raising new allegations and setting off death threats
  • Mid-February 2022: Alfa Bank continues its efforts to breach the privilege and Fifth Amendment claims of John Durham’s subjects
  • February 22: Russia invades Ukraine in an attempt to rid it of its democracy and sovereignty
  • February 24: A first set of sanctions on Alfa Bank
  • March 3: Durham asks for an extension on filing his CIPA filing from March 18 to March 25
  • March 4: Alfa dismisses John Doe lawsuits
  • March 18: Alfa dismisses Fusion GPS lawsuit
  • March 23: Durham files a Supplement to his 404(b) notice making wild new claims about the scope of the material pertinent to Sussmann’s alleged lie
  • March 25: Durham submits his CIPA notice, probably asking to use an intelligence product viewed as possible Russian disinformation in real time (and, given what we’ve learned about Roger Stone’s activities before that, likely designed as cover for him)
  • March 30: Durham informs Sussmann they want to call an FBI expert, in part to explain DNS data, but in part to attack the credibility of the data and also want to use a motion in limine to breach privilege claims made by the Democrats
  • March 31: Andrew DeFilippis tells attorney for Rodney Joffe that Joffe remains under investigation
  • April 4: Competing motions in limine present two different versions of the conspiracy that happened in 2016
  • April 6: Second set of sanctions on Alfa Bank; Durham moves to compel privilege review

Since Alfa’s lawsuit was stayed, Durham has taken at least four untimely steps, apparently in an effort to turn a single sketchy false statement charge into the conspiracy Durham has not yet been able to substantiate, the conspiracy without which his single false statement claim is far weaker.

With all that in mind, consider the basis on which Durham argues he should be able to breach privilege claims, no matter how flimsy.

Durham admits that he only asked for redacted copies of those documents Fusion and the Democrats have claimed privilege over on September 16, the day Durham indicted Sussmann.

On September 16, 2021, the Government issued grand jury subpoenas to Law Firm1 and the U.S. Investigative Firm, requiring them to produce – in redacted form – the documents previously listed on privilege logs prepared by counsel for those entities so that such documents would be available for admission into evidence at any trial in this matter. Those entities subsequently produced the requested documents with redactions.

In other words, Durham didn’t even begin the process of trying to pierce this privilege claim until over 850 days into his investigation, and days before the statutes of limitation started to expire. And in the ensuing six months, Durham has done nothing. So he’s making this request less than six weeks before the start of the trial (as I noted, litigating the much more specious John Eastman privilege claims has been pending since January 20), claiming the information is necessary for his case.

But some of the arguments Durham makes rely on the belated filings he has submitted in the last month. For example, he invokes Christopher Steele, whose first appearance in this case was in that untimely 404(b) notice.

Perhaps most notably, the U.S. Investigative Firm retained a United Kingdom-based investigator (“U.K. Person-1”) who compiled information and reports that became a widely-known “dossier” containing allegations of purported coordination between Trump and the Russian government.

Durham intertwines discussion of the Alfa Bank allegations with those of the dossier, even though — as Sussmann noted,

the Special Counsel has not identified, nor could he, any evidence showing that Mr. Sussmann … had any awareness Mr. Steele was separately providing information to the FBI.

That is, Steele’s activities might matter to the Sussmann case if this were a charged conspiracy, but not only didn’t Durham charge it, he only asserted the theory of conspiratorial relationship that involves Steele by relying on his delayed 404(b) notice.

Durham’s bid to pierce privilege claims with Rodney Joffe and Marc Elias similarly tie to events in which Sussmann was not involved. False statements cases are, as Sussmann noted the other day, about the state of mind of the defendant, not about events that took place weeks after his alleged lie.

But even if this were a conspiracy, Durham reserves for himself the right to determine what is necessary for a law firm to determine how to respond when a campaign opponent invites crimes from a hostile nation-state while making false claims about his ties to that state, and what is, instead, just political dirt.

To the extent these entities continue to assert privilege over the cited documents, they cannot plausibly rely on the “intermediary” exception. To be sure, the record available to the Government does not reflect that employees of the U.S. Investigative Firm were necessary in any way to facilitate Law Firm-1’s provision of legal advice to HFA and DNC, much less to Tech Executive-1. As noted above, many of the actions taken by the U.S. Investigative Firm pursuant to its retention agreement fell outside the purpose outlined in Law Firm-1’s engagement letter – that is, to provide expertise related to Law Firm-1’s legal advice to the DNC and Clinton Campaign regarding defamation and libel. When U.S. Investigative Firm employees communicated with Tech Executive-1, they were doing so in furtherance of collaborating and promoting the Russian Bank1 allegations, not facilitating legal advice from [Law Firm-1] to Tech Executive-1. Simply put, these were communications related to political opposition research and were not made “in confidence for the purpose of obtaining legal advice from the lawyer.” In re Lindsey, 158 F.3d at 1280. Any confidentiality that Tech Executive-1 might have otherwise maintained over these communications was waived when he and the defendant chose to disclose such information to a third party that did not have any formal or informal contract or retention agreement with Tech Executive-1 (i.e., the U.S. Investigative Firm).

These claims, absent evidence of the sort Robert Mueller showed Beryl Howell to breach Paul Manafort’s privilege claims, would be controversial even if they were timely (and if they were timely, they should have been presented to Howell before charging Sussmann instead of presenting them to Cooper six weeks before the trial date).

But they’re not timely, and they rely on other claims that are not timely. And all those untimely claims came in the wake of altered circumstances created by Putin’s invasion of Ukraine.

This series of late game curveballs would be abusive in any case, even if they were caused by long-planned deliberate malice or even incompetence. But the way they coincide with the collapse of the symbiotic lawfare project probably ordered — as was Petr Aven’s post-election outreach to Trump — by Putin really makes this look like a mere continuation of a six year plan to use Russia’s assault on democracy in 2016 to continue to sow discord in the US.


Claims made in untimely March 23 404(b) notice:

In a supplement to his Federal Rule of Evidence 404(b) notice provided to the defense on March 23 (the “Supplemental Notice”), the Special Counsel argues that such data gathering “constitute[s] direct evidence of the charged offense” as “factual context for the defendant’s conduct” and “to prove the existence of the defendant’s attorney-client relationships with [Mr. Joffe] and the Clinton Campaign.” Suppl. Notice at 2.

[snip

In his Supplemental Notice, the Special Counsel suggests that data was gathered “in a manner that may be considered objectionable—whether through invasions of privacy, breaches of contract, or other [unspecified] unlawful or unethical means.” Suppl. Notice at 2. But the Supplemental Notice does not identify—nor could it—any evidence that Mr. Sussmann had any awareness of or involvement in the alleged “objectionable” conduct of others related to gathering data, to the extent there even was any such “objectionable” conduct.

[snip]

The Special Counsel has also provided notice of his intention to adduce evidence regarding the accuracy of both “the purported data and [the] allegations” that Mr. Sussmann provided to the FBI and Agency 2. See Suppl. Notice at 2 (emphasis added).

[snip]

Elsewhere, the Special Counsel has suggested that data provided to Agency-2 was “misstated, overstated, and/or cherry-picked facts,” Suppl. Notice at 2,

[snip]

The Special Counsel has asserted he will offer evidence regarding the “origin” of the technical data gathered by Mr. Joffe and Others as “direct evidence” of “factual context for the defendant’s conduct” and “the existence of the defendant’s attorney-client relationships with [Mr. Joffe] and the Clinton Campaign” as to both the data provided to the FBI in September 2016 and the data provided to Agency-2 in 2017.1 Suppl. Notice at 2.

[snip]

The Special Counsel has also indicated an intention to offer evidence that (1) the data Mr. Sussmann provided was inaccurate; and (2) the analysis and conclusions drawn from that data were inaccurate. Suppl. Notice at 2 (seeking to introduce evidence regarding the “strength and reliability” of the data and allegations provided to the FBI and Agency-2, including that the white papers “may have misstated, overstated, and/or cherry-picked facts” or that certain FBI or Agency2 personnel determined that “data was potentially incomplete, fabricated, and/or exaggerated”).

[snip]

Second, the Special Counsel has utterly failed to provide an explanation for how such evidence is admissible against Mr. Sussmann. Instead, the Special Counsel simply asserts that evidence regarding the strength and reliability of the information provided to the FBI and Agency 2 is “direct evidence” of the false statements charge against Mr. Sussmann. Suppl. Notice at 2.