Posts

“professional embarassment” [sic]: Michael Sussmann Catches John Durham Accusing First and Investigating Later, Again

/67 Comments/in , /by

There’s one more important detail from the John Durham related filings submitted Friday that’s worth noting. Michael Sussman has caught Durham making accusations before he investigated them first.

Again.

As Sussmann shows, when Durham submitted his original (timely) 404(b) notice on March 18, he said he was going to submit proof that Sussmann had failed to preserve texts he sent on his personal phone.

IV. The Defendant’s Failure to Preserve Firm Records During the Relevant Time Period

All Perkins Coie attorneys are required to maintain and preserve all firm records and communications that might exist on the attorney’s personal devices. This past week the government learned that, in connection with his departure from Perkins Coie, the defendant was required to turn over all communications constituting firm records that were contained on his personal devices. The evidence at trial will show that the earliest text messages turned over by the defendant date from November 25, 2016. There are extensive gaps in time for which no text messages were provided. The government is in possession of relevant text messages that the defendant exchanged during these time periods, including highly probative messages between the defendant and then-FBI General Counsel Baker.

Durham repeated and expanded the allegation in what he called his “supplemental” 404(b) notice, submitted late on March 23, which was actually an attempt to expand the scope of his initial notice and add two more items to it. In the interim five days, this allegation became proof — in the Durham team’s conspiracy-addled and typo-riddled brains — that Sussmann was intentionally trying to hide the text he sent James Baker setting up his September 19, 2016 meeting that Durham hadn’t found in time to charge Sussmann for lying on September 18, not September 19.

VI. The Defendant’s Failure to Preserve Firm Records During the Relevant Time Period

The defendant’s failure to preserve relevant law firm records and/or provide them to Law Firm-1 upon his departure is similarly relevant to prove the defendant’s “motive,” “knowledge,” “intent,” and “plan.” The defendant’s failure to provide these records to his employer prevented Law Firm-1 from learning about specific, highly relevant communications – including a September 18, 2016 text message containing substantially the same false statement as the one alleged in the Indictment. The defendant’s failure to preserve and provide such records supports the inference that the defendant had “knowledge” that his electronic communiations [sic] would incriminate him and, therefore, acted intentionally to conceal them. Such evidence also tends to support the inference that the defendant harbored a specific “motive” to conceal his communications, namely, to avoid criminal liability or professional embarassment. [sic] When combined with other evidence, these failures by the defendant also support an inference that the defendant intentionally executed a “plan” over time to conceal the involvement of particular clients in his work, and to prevent the discovery of evidence reflecting his own false statements on that subject.

Durham didn’t find that September 18 text until this year, as part of a two step process to find evidence pertaining to his star witness he hadn’t even sought before indicting Sussmann. In the first step, Durham finally got around to collecting evidence from Michael Horowitz and only then learned that DOJ IG had a Baker phone that Durham had been told about years ago but forgot about.

But it gets worse! As Sussmann revealed in his original 404(b) response that only got docketed on Friday, after discovering two of Baker’s FBI phones more than three months after he charged Sussmann, Durham only then asked Baker to check the cloud for his own text messages involving Sussmann. Among the things Baker provided in response were texts that showed Sussmann indicating to Baker in the days after their meeting that he had to check with someone — Rodney Joffe — before helping Baker kill the NYT story.

Finally, the Special Counsel seeks to introduce evidence that he recently received from Mr. Baker. Specifically, on March 4, 2022, Mr. Baker apparently retrieved from his personal phone copies of text messages that he had sent and received with Mr. Sussmann between 2016 and 2020. According to the Special Counsel, the text messages had been stored on the cloud and Mr. Baker had not thought to produce them earlier. (Apparently, though Mr. Baker is a key witness in the case, the Special Counsel never saw fit to serve him with a subpoena.) Those text messages include, among other things, texts indicating that Mr. Sussmann asked to meet with Mr. Baker in September 2016 not on behalf of a client but to help the Bureau; texts indicating that Mr. Sussmann told Mr. Baker he had to check with someone (i.e., his client) before giving him the name of the newspaper that was about to publish an article regarding the links between Alfa Bank and the Trump Organization; and other texts, including a copy of a tweet that then-President Trump posted regarding Mr. Sussmann. The Special Counsel argues that Mr. Sussmann failed to preserve these text messages in violation of Perkins Coie policy and that this purported violation of the policy gives rise to an inference that Mr. Sussmann intended to obstruct justice. See Original Notice at 2-3.

In other words, almost six months after charging Sussmann, Durham got around to obtaining proof that, in fact, Sussmann was not hiding the existence of a client, not to mention that the explanation he provided HPSCI in 2018 — that he wanted to give the FBI options, one of which (killing the NYT story) they took — was absolutely true.

He also obtained proof that the guy who hired Durham has been gunning for Sussmann for years — and that his star witness knew about it.

So, in response to the “professional embarassment” [sic] of having to admit that Durham had never subpoenaed his own star witness who — years earlier — a Durham-related investigator had deemed unreliable, Durham instead accused Sussmann of obstructing justice by getting a new phone. Crazier still, he leveled that accusation without first obtaining Perkins Coie’s retention policy before accusing Sussmann.

In response to the accusation, Sussmann himself subpoenaed the policy, which showed that the policy only applied to email and specifically excluded communications about scheduling a meeting like the September 18 text in question.

Sixth and finally, the Special Counsel seeks to introduce evidence that Mr. Sussmann purportedly failed to preserve certain text messages that he exchanged with Mr. Baker using his personal device, as was purportedly required by Perkins Coie record retention policies. As the Special Counsel is aware, Mr. Sussmann had not retained the text messages in question—which contain exculpatory information—because he replaced the personal cellphone he used to send them and does not store his personal text messages on the cloud. Nevertheless, the Special Counsel argues that this was a violation of Perkins Coie policy. However, when asked to identify or produce which specific Perkins Coie policies addressed Mr. Sussmann’s retention of these text messages, the Special Counsel was unable to do so. Instead, the Special Counsel disclosed that he did not have copies of the relevant firm policies when he made the allegation.

Subsequently, the defense issued a subpoena to Perkins Coie; obtained the relevant policies; and confirmed that none of those policies addressed text messages, let alone required their preservation. Instead, those policies—which govern the “retention and destruction” of client records—make clear that only significant client communications must be retained, and that electronic communications concerning scheduling do not satisfy the relevant definition of “significant communication.”

[snip]

The policy explicitly provides that emails regarding scheduling, for example, do not rise to the level of a “significant communication” and would not, therefore, trigger the policy’s retention requirements. Id. Thus even if the policy applied to text messages—and it did not—the policy would not have required Mr. Sussmann to preserve copies of his text messages with Mr. Baker.

[snip]

[T]he Special Counsel’s willingness to level this explosive allegation without even bothering to first obtain copies of the relevant Perkins Coie policies they accuse Mr. Sussmann of violating— policies that, on their face, do not require the preservation of the texts at issue—is nothing short of shocking.

As Sussmann noted in his Friday submission, effectively Durham forced Sussmann and Judge Christopher Cooper to then conduct the investigative steps that Durham should have taken before making baseless accusations to cover up his own investigative failures.

Second, in both his Original and Supplemental Rule 404(b) notices, the Special Counsel leveled unjust and baseless allegations of obstruction of justice against Mr. Sussmann—and he did so, it seems, without doing even the bare modicum of diligence that any reasonable prosecutor would do. In particular, the Special Counsel claimed that Mr. Sussmann failed to preserve certain text messages in violation of his former law firm’s (i.e., Perkins Coie’s) internal policy, and that this purported violation gave rise to an inference that Mr. Sussmann intended to obstruct justice. However, the Special Counsel leveled those incendiary allegations without even bothering to obtain copies of the relevant Perkins Coie policies that Mr. Sussmann supposedly violated. As the Special Counsel did not have the policies in question, the defense had no choice but to request that this Court issue a time-sensitive subpoena pursuant to Rule 17 to obtain the polices directly from Perkins Coie. See Ex. C at 24. As expected, none of the policies that Perkins Coie produced required the preservation of any of the text messages in question, contrary to the Special Counsel’s baseless claims. Id. Mr. Sussmann should not have had to waste his or the Court’s time because the Special Counsel took an accuse-first, gather-evidence-later approach.

By context, it appears that Durham has dropped his plan to accuse Sussmann of obstructing an investigation because — within weeks of an election in which his client was persistently hacked by Russia — he replaced his cell phone. (Note, Roger Stone also replaced a cell phone with highly relevant evidence on it in the days after the 2016 election — such as how much of the plan to pardon Julian Assange took place in advance of Assange releasing the John Podesta emails — and as far as I know, Durham’s predecessor as Special Counsel never considered charging him for obtaining a new phone.)

What remains of this incident, then, is just the “professional embarassment” [sic] of getting caught making accusations without adequately investigating those accusations first, as well as exculpatory texts that prove Sussmann was not hiding the existence of a client from the FBI.

This is not the first time that Durham has risked “professional embarassment” [sic] by making accusations before investigating them. Including the Baker-related failures laid out here, here are some of the investigative steps Durham did not take before accusing Sussmann of lying to cover up a plot involving Hillary Clinton to manufacture dirt on Donald Trump:

  • Interviewing a full-time Clinton campaign staffer before accusing Sussmann of coordinating with the campaign
  • Looking for the records proving that Sussmann and Rodney Joffe helped the FBI kill the NYT story until after he charged Sussmann
  • Learning how closely the FBI worked with Rodney Joffe on DNS-related issues
  • Finding the January 31, 2017 CIA meeting record at which Sussmann clearly explained he was sharing an allegation at the request of a client
  • Asking DOJ IG for evidence of the investigation on related topics that found no evidence Sussmann committed a crime
  • Discovering a similar tip that Sussmann had anonymously shared with DOJ IG on behalf of Joffe
  • Obtaining two James Baker phones, one of which Durham had been informed about years earlier
  • Subpoenaing Baker for exculpatory texts involving Sussmann he stored on the cloud

I suspect there is far more, including never checking DOJ records to learn that someone totally unrelated to the Democrats was pushing the NYT story more aggressively than Sussmann in the period in question, to say nothing of all the evidence showing that April Lorenzen’s suspicions that Trump’s campaign manager was money laundering payments from oligarchs close to Putin were absolutely correct.

As of Wednesday, Durham’s investigation entered its 36th month. The “professional embarassment” [sic] has been going on so long, it’s hard to even capture it all anymore (but here’s a more accessible version). What’s clear is that every time he finds exculpatory information he should have obtained before charging Sussmann, he doubles down on his conspiracy theories — an approach that’s bound to lead to more “professional embarassment” [sic] down the line.

Update: Clarified that according to the documents filed Friday, Durham only obtained the September 18, 2016 text on March 4. Also fixed my own “embarassing” [sic] typo in the table below.

John Durham Continues to Hide How Michael Sussmann Helped Kill the NYT Story

/42 Comments/in , , /by

The two sides in the Michael Sussmann case have submitted their responses to motions in limine.  They include:

I’m not going to do a detailed analysis of the merit of these arguments here. The filings make it clear that, unless Durham accidentally turns this into a trial about Donald Trump’s numerous back channels to Russia, the trial will focus on the meanings of “benefit” and “on behalf of.” The entire record makes it clear Sussmann understood he was representing Rodney Joffe but that he was not asking for any benefit for Joffe, and as such said he was not there on behalf of a client. Because Durham doesn’t believe that Russia was a real threat even to Donald Trump, he doesn’t believe that such a tip could benefit the country, and so sees such a tip exclusively as a political mission. As I’ll show, the YotaPhone allegation–which Durham has recently turned to as his smoking gun–in fact undermines Durham’s argument on that point (which is probably why Sussmann has no complaint about it coming in as evidence).

In general, I think Sussmann’s arguments are stronger, sometimes substantially so, but could see Judge Christopher Cooper ruling for Durham on some of them.

But I want to look at some of the new facts revealed by these filings.

Non-expert expert

As noted, Durham provided the kind of information in his response to Sussmann’s challenge to his expert that one normally provides with a first notice (here’s what Durham initially provided). Durham describes he’ll provide the basis to qualify Agent David Martin in a future disclosure (a tacit admission the resumé they had originally submitted was inadequate) which will explain,

[T]he Government intends to provide defense with a supplemental disclosure regarding his training and experience with DNS and TOR, including the following:

  • As part of his cyber threat investigations, Special Agent Martin regularly analyzes network traffic, which includes DNS data;
  • in furtherance of his investigations, Special Agent Martin reviews DNS data regularly, often on a daily and/or weekly basis ; and
  • as an FBI Unit Chief, Special Agent Martin supervises analysts and other agents work product, which includes technical review of DNS data analysis

Which is to say Martin uses DNS data but is not as expert as a number of the possible witnesses at trial he would be suggesting were part of some grand conspiracy (note, this summary is silent on his Tor expertise, which is both a more minor part of the evidence but will be a far more contentious one at trial).

The more remarkable claim that Durham says Martin will make in rebuttal if Sussmann affirms the authenticity of the data is that, because the data was necessarily a subset of all global DNS data, it’s like it was cherry-picked, even if it was not deliberately so.

That while he cannot determine with certainty whether the data at issue was cherry-picked, manipulated, spoofed or authentic, the data was necessarily incomplete because it was a subset of all global DNS data;

Given what I’ve learned about the data in question, this judgment seems both to misunderstand the collection process and may badly misstate what an expert should be able to say. Significantly, this suggests Martin will testify as an expert without trying to replicate the effort of the various strands of research that identified the data in the first place, which is the process an expert would need to do to comment on the authenticity of the data. Not attempting to do so would only make sense if the FBI had less visibility into DNS data than the researchers in question (or if they knew replicating it would replicate the results and kill their case).

Killed the story

Several more details in the filings reveal just how far over his skis Durham is in claiming that the Democrats were the real impetus to the story (rather than, for example, April Lorenzen). Sussmann’s indictment, remember, starts with the two Alfa Bank articles published on October 31, 2016 even while he admits that Franklin Foer sources his story to Tea Leaves.

That’s true even though the indictment provides just three ways in which Sussmann was involved in the story. First and very significantly, in response to Eric Lichtblau asking (in a question that reflects past discussions about the very real hacking Russia was doing), “I see Russians are hacking away. any big news?,” Sussmann met with Lichtblau, brought Marc Elias into the loop, who in turn brought Jake Sullivan in. He undoubtedly seeded the initial story. And per his own testimony he may have pitched it to Foer and Ellen Nakashima, though Durham provides no evidence of that (unless it involves follow-up after the first Foer story).

Then, Durham describes that on October 10 — at a time when “Phil” was sending a series of DMs to the NYT about the Alfa Bank allegations and when several NYT reporters were in contact with a number of other experts, at least one of whom has never been mentioned in any Durham filings — Sussmann gave Lichtblau a nudge, but a nudge that (at least as described) not only didn’t mention the Alfa Bank allegation, but didn’t even mention Russia. He did so by forwarding an opinion piece talking about how NYT wasn’t reporting as aggressively on Trump as other outlets.

Then after Franklin Foer’s story (sourced to Tea Leaves and Jean Camp though possibly involving Sussmann) came out, Sussmann’s billing records show, he responded to other reporters’ inquiries about the story.

I have no doubt Sussmann would have loved this story to break, but Durham provides no evidence that Sussmann was the big push behind it (and the public evidence shows Tea Leaves was).

Indeed, new details in Sussmann’s filing make it clear that Durham has, as I suspected, replicated some of the erroneous assumptions that Alfa Bank did to sustain his conspiracy theories. Sussmann summarizes the journalist-involved communications to which Sussmann was not a party that Durham wants to introduce at trial.

This table puts names to the narrative Durham tells in his filing. Importantly, it reveals that the reporter who — in addition to making it clear he had gotten to Fusion’s “experts via different channels,” raised questions about the source of the data (the same topic Durham’s expert doesn’t seem prepared to address) — is Mark Hosenball.

That’s important because, according to Fusion’s lawyer Joshua Levy, Hosenball sent Fusion the link to Tea Leaves’ data, not vice versa. It’s not clear whether this later email reflects Hosenball sending that link (plus there’s a discrepancy between what date Durham says these emails were exchanged and what date Sussmann does, October 16 and October 18 respectively), but if so, it would mean Hosenball was shopping data that had been available via other means, means that aren’t known to involve Sussmann or Fusion.

In other words, just a single one of these later emails that Durham is pointing to to support his claim that Democrats were pushing this story involves the Democrats taking the initiative, and it only involves Peter Fritsch forwarding this story and pushing Foer to hurry up on his own story (which he sourced to Tea Leaves and Camp) on the Alfa Bank anomaly.

That’s important because Durham completely leaves out of his narrative how Sussmann helped kill the initial NYT story, and now he says that helping the FBI kill a story on his client’s opponent just before an election would not be exculpatory.

As a reminder, Sussmann testified to HPSCI that the reason he shared the information with the FBI was to provide them the maximum flexibility to decide what to do with it.

I was sharing information, and I remember telling him at the outset that I was meeting with him specifically, because any information involving a political candidate, but particularly information of this sort involving potential relationship or activity with a foreign government was highly volatile and controversial. And I thought and I remember telling him that it would be a not-so-nice thing ~ I probably used a word more stronger than “not so nice” – to dump some information like this on a case agent and create some sort of a problem. And I was coming to him mostly because I wanted him to be able to decide whether or not to act or not to act, or to share or not to share, with information I was bringing him to insulate or protect the Bureau or — I don’t know. just thought he would know best what to do or not to do, including nothing at the time.

And if I could just go on, I know for my time as a prosecutor at the Department of Justice, there are guidelines about when you act on things and when close to an election you wait sort of until after the election. And I didn’t know what the appropriate thing was, but I didn’t want to put the Bureau or him in an uncomfortable situation by, as I said, going to a case agent or sort of dumping it in the wrong place. So I met with him briefly and

Q Did you meet — was it a personal meeting or a phone call?

A Personal meeting.

Q At the FBI?

A At the FBI. And if I could just continue to answer your question, and soI told him this information, but didn’t want any follow-up, didn’t ~ in other words, I wasn’t looking for the FBI to do anything. I had no ask. I had no requests. And I remember saying, I’m not you don’t need to follow up with me. I just feel like I have left this in the right hands, and he said, yes.

He described then how Baker called him back and asked him for the name of the journalist who was about to publish the story.

Q The conversations you had with the journalists, the ~

A Oh, excuse me. I did not recall a sort of minor conversation that I had with Mr. Baker, which I don’t think it was necessarily related to the question you ‘asked me, but I just wanted to tell you about a phone call that I had with him 2 days after I met with him, just because I had forgotten it When I met with him, I shared with him this information, and I told him that there was also a news organization that has or had the information. And he called me 2 days later on my mobile phone and asked me for the name of the journalist or publication, because the Bureau was going to ask the public — was going to ask the journalist or the publication to hold their story and not publish it, and said that like it was urgent and the request came from the top of the Bureau. So anyway, it was, you know, a 5-minute, if that, phone conversation just for that purpose.

While it’s quite clear that Sussmann seeded the NYT story before his meeting and the follow-up phone call with Baker (and also spoke, at some time or another, to Foer and Ellen Nakashima), Durham provides no evidence that Sussmann — and even Fusion! — were doing anything more after FBI intervened to kill the story than responding to inquiries, inquiries that were largely based off Tea Leaves’ efforts.

They may well have been. Durham is not presenting any evidence of it.

We know from discovery records that at the time that Durham indicted Sussmann, he had not yet bothered to chase this follow-up down. Altogether, there were 37 emails on top of the records of the face-to-face meeting where the FBI asked the NYT to hold the story.

On September 27, November 22, and November 30, 2021, the defense requested, in substance, “any and all documents including the FBI’s communications with The New York Times regarding any of [the Russian Bank-1] allegations in the fall of 2016.” In a subsequent January 10, 2022 letter, the defense also asked for information relating to a meeting attended by reporters from the New York Times, the then-FBI General Counsel, the then-FBI Assistant Director for Counterintelligence, and the then-FBI Assistant Director for Public Affairs. In response to these requests, the Special Counsel’s Office, among other things, (i) applied a series of search terms to its existing holdings and (ii) gathered all of the emails of the aforementioned Assistant Director for Public Affairs for a two-month time period, yielding a total of approximately 8,900 potentially responsive documents. The Special Team then reviewed each of those emails for relevant materials and produced approximately 37 potentially relevant results to the defense.

This was a significant effort to avoid a story about an ongoing investigation, one that helped FBI protect Trump.

And Sussmann believes — correctly — that the fact he helped the FBI kill a damaging story on Hillary’s opponent is exculpatory. Here’s what Sussmann says Joffe would say if he testified:

And the defense believes that, if called to testify, Mr. Joffe would offer critical exculpatory testimony, including that: (1) Mr. Sussmann and Mr. Joffe agreed that information should be conveyed to the FBI and to Agency-2 to help the government, not to benefit Mr. Joffe; (2) the information was conveyed to the FBI to provide a heads up that a major newspaper was about to publish a story about links between Alfa Bank and the Trump Organization; (3) in response to a later request from Mr. Baker, Mr. Sussmann conferred with Mr. Joffe about sharing the name of that newspaper before Mr. Sussmann told Mr. Baker that it was The New York Times; (4) the researchers and Mr. Joffe himself held a good faith belief in the analysis that was shared with the FBI, and Mr. Sussmann accordingly and reasonably believed the data and analysis were accurate; and (5) contrary to the Special Counsel’s entire theory, Mr. Joffe was neither retained by, nor did he receive direction from, the Clinton Campaign. [my emphasis]

To sustain his claim that there would be no benefit to the FBI in getting such a heads up and the opportunity — which they availed themselves of — to kill the story, Durham restates and seriously downplays the decision that both Joffe and Sussmann made to give the FBI the opportunity to kill the story.

The defendant’s further proffer that Tech Executive-1 would testify that (i) the defendant contacted Tech Executive-1 about sharing the name of a newspaper with the FBI General Counsel, (ii) Tech Executive-1 and his associates believed in good faith the Russian Bank-1 allegations, and (iii) Tech Executive-1 was not acting at the direction of the Clinton Campaign, are far from exculpatory. Indeed, even assuming that all of those things were true, the defendant still would have materially misled the FBI in stating that he was not acting on behalf of any client when, in fact, he was acting at Tech Executive-1’s direction and billing the Clinton Campaign. [my emphasis]

He makes no mention of the fact that FBI spent considerable effort — an effort made possible by Sussmann and Joffe — to protect the investigation and Trump. He doesn’t even admit that the reason why Sussmann asked Joffe about sharing Lichtblau’s name is so that the FBI could kill the story.

The YotaPhone that was not in Trump’s hands

Michael Sussmann could be putting up a far bigger stink that Durham wants to introduce Sussmann’s meeting with the CIA in February 9, 2017, especially the way that Durham keeps revealing inaccurate details about it. This is an event that happened five months after his alleged crime, one that (as Sussmann notes) could not be part of the same effort as Durham alleges the FBI meeting was about, because there no longer was a Hillary campaign.

He’s not. In fact, he says he has no problem with Durham introducing the February 9 meeting.

In any event, Mr. Sussmann does not object to the introduction of this discrete CIA statement pursuant to Rule 404(b).9 But Mr. Sussmann disagrees with the Special Counsel’s characterization and interpretation of that statement, and he reserves his right to introduce evidence rebutting the Special Counsel’s claims, including evidence that will demonstrate that Mr. Sussmann disclosed to CIA personnel that he had a client and that he had worked with political clients. See, e.g., Mem. of Conversation at SCO-3500U-010119-120 (Jan. 31, 2017) (“Sussman[n] said that he represents a CLIENT who does not want to be known. . . Sussman[n] would not provide the client’s identity and was not sure if the client would reveal himself . .”); id.at SCO3500U-010120 (“Sussman[n] is [] openly a Democrat and openly told [CIA personnel] that he does lots of work with DNC”).

The reason why Sussmann has no objection likely has to do with that January 31 document, which Durham posted to docket along with the memorialization of the February 9 meeting. Indeed, given the Bates stamp on the document — SCO-00081634 for the January 31 document as compared to SCO-074877 — Durham may have only obtained this document in response to Sussmann’s repeated requests for the complete list of the people he spoke with at the CIA.

In any case, both documents actually help Sussmann more than Durham. They show that even in the February 9 meeting, Sussmann was upfront about his ties to the Democrats and described the data source as private — the very same things Durham claims Sussmann was deliberately hiding from the FBI in September. In the January 31 meeting, he explicitly said he had a client and even conveyed that Joffe is a Republican.

Read together, these meeting records are consistent with Sussmann’s story: that he went to the government bringing data from someone — Joffe — who wanted it shared but was not otherwise asking Sussmann to intervene as a lawyer. On behalf of someone, but not making a formal request as a lawyer.

Very importantly, both meetings make it clear that the suspicion was not that Trump was using a YotaPhone, but that someone in his vicinity was. That’s because “there was once [sic] instance when Trumbo [sic] was not in Trump p Tower at but the phone was active on Trump tower WIFI network” and “the information provided would show instances when the Yota-phone and then candidate Trump were not believed to be collocated.” This is the description of someone suspected of infiltrating Trump’s campaign, not Trump secretly siding with Russia.

There are still problems with it: The claim that the phone moved to the White House with Trump is not possible because the phone moved in December 2016, when Obama was still occupying it (and to the extent that Trumpsters had moved to DC yet, Trump was working out of Trump Hotel). Given Durham’s claim that there was YotaPhone metadata at the White House going back to 2014, it’s unclear whether the phone at the White House in December 2016 could be the earlier phone or a Trump one.

For example, the more complete data that Tech Executive-1 and his associates gathered – but did not provide to Agency-2 – reflected that between approximately 2014 and 2017, there were a total of more than 3 million lookups of Russian Phone-Provider-1 IP addresses that originated with U.S.-based IP addresses. Fewer than 1,000 of these lookups originated with IP addresses affiliated with Trump Tower. In addition, the more complete data assembled by Tech Executive-1 and his associates reflected that DNS lookups involving the EOP and Russian Phone Provider-1 began at least as early 2014 (i.e., during the Obama administration and years before Trump took office) – another fact which the allegations omitted

But even Durham agrees there were YotaPhone look-ups from Trump’s vicinity, and while he doesn’t understand it, his own filing confirms that these phones are super rare. And given the description that the YotaPhone showed up in MI when Trump was interviewing a cabinet member (and given some things I’ve heard about this allegation), it does seem to tie the YotaPhone to Betsy DeVos.

John Durham has said the only reason you could write up details about DNS anomalies implicating Trump is malicious partisanship, and yet his filing does just that.

Still, the traffic might be most consistent with a Secret Service agent on Trump’s detail using a YotaPhone, something that — given the Secret Service’s never ending scandals — wouldn’t be the kind of thing you could rule out.

The story is consistent with Joffe and the researchers identifying — via DNS look-ups, not the servers at Trump Tower or the White House — that there was metadata reflecting something that could be a significant counterintelligence concern, one that had the intent of hurting Trump, not helping him. The frothers think it was a good thing that a spy on DiFi’s staff and another volunteering for an Eric Swalwell campaign were identified; but if it’s Trump, they want counterintelligence concerns to take a back seat.

And in retrospect, the possibility there was a Russian spy in Trump’s vicinity would be no big surprise, given his track record. His campaign manager admitted he had hidden his work for Ukrainian oligarchs and was hoping to exploit his ties to Trump to get paid by them and a Russian oligarch. His National Security Advisor admitted he had secretly been working for Turkey while getting classified briefings with the candidate. The guy who got him hired, who went on to run his Inaugural Committee, is accused of working for the Emirates when he did all that.

The only way that finding potential spies infiltrating Trump’s campaign would be an attack on his campaign is if he wanted those spies there.

Then again, that seems to be what Tom Barrack is going to use as his defense, so maybe that’s what is really driving this scandal.

John Durham Unveils His Post-Putin Puppet Strategy

/33 Comments/in , , /by

I first complained publicly about the Alfa Bank allegations on November 1, 2016. I raised questions about the provenance of the Steele dossier the day after it was released, on January 11, 2017. I started raising concerns that Russia had succeeded in injecting the dossier with disinformation just a year later — literally years before the Republicans investigating it full-time did. When Democrats revealed that they had paid for the dossier in October 2017, I wrote a very long post labeling the entire project “fucking stupid.” Part of that was about the Democrats’ delayed admission they were behind the dossier. But part of that was because of the way the dossier distracted from Trump’s very real very concerning ties to Russia.

It has been clear for some time that Steele’s reports had some kind of feedback loop, responding to information the Democrats got. That was most obvious with respect to the September 14 Alfa Bank report, which was obviously written after first news of the Alfa Bank/Trump Tower story, which was pushed by Democratic partisans. Particularly given that we know the released report is a selective release of just some reports from the dossier, the inclusion of Alfa Bank in that release makes no sense. Even if reports about old corrupt ties between Alfa and Putin are true (as if Democratic politicians and corrupt American banks never have old ties), the inclusion of the Alfa report in the dossier on Trump made zero sense.

Which is why Alfa Bank decided — after consulting with big Republican lawyers like Viet Dinh and soon-to-be DOJ Criminal Division Chief Brian Benczkowski — to sue for defamation. Now I understand why (particularly given that Republicans seem to have known who paid for the dossier for some time). I’m not sure Alfa Bank executives pass the bar for defamation here (though the publication of a report that misspelled Alfa’s name is pretty damning), but the fact that Elias paid for this dossier on behalf of the Democrats is going to make that defamation case far more explosive (and I’ll be surprised if Elias doesn’t get added into the mix).

As I said when I began this: I have no doubt Russia tampered with the election, and if the full truth comes out I think it will be more damning than people now imagine.

But the Democrats have really really really fucked things up with their failures to maintain better ethical distance between the candidate and the dossier, and between the party and the FBI sharing. They’ve made things worse by waiting so long to reveal this, rather that pitching it as normal sleazy political oppo research a year ago.

The case of Russian preference for Trump is solid. The evidence his top aides were happy to serve as Russian agents is strong.

But rather than let FBI make the case for that, Democrats instead tried to make their own case, and they did in such a way as to make the very solid case against Trump dependent on their defense of the dosser, rather than on better backed claims released since then.

Boy it seems sadly familiar, Democrats committing own goals like this. And all that’s before where the lawfare on this dossier is going to go.

I may be the earliest and most prescient critic of all this, in either party. Sit down, Kash Patel! Sit down, Chuck Ross!

Sit down, John Durham!

And boy was I right, way back in October 2017, about where this was going to go.

But I have also shown that people close to Oleg Deripaska succeeded in exploiting this project as part of a vicious double game, victimizing both Hillary Clinton and Paul Manafort, making it more likely Manafort would cooperate in the Russian operation against Hillary, which he did. I have shown that the most obvious disinformation in the dossier, probably sourced to Dmitri Peskov — claiming that Michael Cohen had secret communications with the Kremlin on election interference — served to hide Michael Cohen’s very real secret communications with Peskov on a Trump Tower deal involving sanctioned banks and a former GRU official. I have more recently confirmed that someone who claimed to work for an FSB front was pushing the Alfa Bank allegations more aggressively than Michael Sussmann in October 2016; that same person was using Internet routing records to support a false story in May 2016, the same month the DNS anomalies started. I showed that large numbers of Republicans rationalize their attack on democracy on January 6 based on the dossier, even while they accept the dossier was Russian disinformation, thereby literally claiming that Russian disinformation convinced them to attack American democracy.

And Russia’s wild success at using this to sow division continues, even as Russia massacres children in an assault on Ukrainian democracy. Just Monday, after all, John Durham suggested that because private citizen April Lorenzen investigated the actions of the people married to Alfa Bank Oligarch children, she was part of a criminal conspiracy, even though it is a provable fact that the man married to the daughter of an Alfa Bank founder, Alex Van der Zwaan, was — in those very same weeks!!! — acting on orders from Russian spy Konstantin Kilimnik to cover up Manafort’s ties to the Oligarchs behind the 2016 election interference. Durham is so far down his conspiratorial rabbit hole, he doesn’t even realize he’s trying to criminalize being right about a real threat to democracy.

Which brings us to Durham’s motion to compel submitted last night, predictably asking Judge Christopher Cooper to review the privilege claims behind the Democrats and Fusion GPS’ privilege claims. I’m pretty sympathetic that some of the privilege claims the parties involved have made are bullshit, just as the claims Trump’s supporters have made to hide the events that led up to January 6 or any number of other things that go well beyond election-year rat-fucking are obviously bullshit. But it now seems clear that Durham is making the same error Alfa Bank did, not only assuming that everyone pushing the Alfa Bank allegations was being directed by the Democrats (when Lorenzen played a more important role), but also assuming people working for Hillary were behind all new push on the story; I’ve proven that was false.

Worse still, the specific form of Durham’s demand and its timing not only prove Durham’s bad faith, but strongly suggest that Durham viewed his own investigation to form part of a symbiotic whole with the Alfa Bank lawfare (the lawfare I rightly identified in 2017) still exploiting the dissension sowed by Russia in 2016. In the month of March, Durham did three things that were, as Sussmann’s lawyers described, “wildly untimely” for a trial scheduled to start in May. After getting an approved extension to their CIPA deadline, Durham filed a 404(b) notice on March 23; those notices were due on March 18. Durham told Sussmann of a new expert witness in the last days in March; that notice was also due by March 18. And then, on March 30, Durham told Sussmann he was going to attempt to pierce privilege claims that had been under discussion for a year.

All these belated steps look like a desperate, last minute attempt to change strategy. And it seems likely that the strategy change was necessitated, at least in part, by the stay and then dismissal of Alfa Bank’s lawfare, necessitated by the sanctions imposed by Putin’s aggression in Ukraine.

Consider the following timeline:

  • February 9: DC Superior Judge Shana Frost Matini observes that Durham case and Alfa Bank lawsuit appear reading from the same script and stays Alfa’s motions until after the Sussmann trial
  • February 11: In the wake of the expiration of the statute of limitation on a February 9, 2017 Sussmann meeting at the CIA, Durham files an inflammatory and belated conflict filing, raising new allegations and setting off death threats
  • Mid-February 2022: Alfa Bank continues its efforts to breach the privilege and Fifth Amendment claims of John Durham’s subjects
  • February 22: Russia invades Ukraine in an attempt to rid it of its democracy and sovereignty
  • February 24: A first set of sanctions on Alfa Bank
  • March 3: Durham asks for an extension on filing his CIPA filing from March 18 to March 25
  • March 4: Alfa dismisses John Doe lawsuits
  • March 18: Alfa dismisses Fusion GPS lawsuit
  • March 23: Durham files a Supplement to his 404(b) notice making wild new claims about the scope of the material pertinent to Sussmann’s alleged lie
  • March 25: Durham submits his CIPA notice, probably asking to use an intelligence product viewed as possible Russian disinformation in real time (and, given what we’ve learned about Roger Stone’s activities before that, likely designed as cover for him)
  • March 30: Durham informs Sussmann they want to call an FBI expert, in part to explain DNS data, but in part to attack the credibility of the data and also want to use a motion in limine to breach privilege claims made by the Democrats
  • March 31: Andrew DeFilippis tells attorney for Rodney Joffe that Joffe remains under investigation
  • April 4: Competing motions in limine present two different versions of the conspiracy that happened in 2016
  • April 6: Second set of sanctions on Alfa Bank; Durham moves to compel privilege review

Since Alfa’s lawsuit was stayed, Durham has taken at least four untimely steps, apparently in an effort to turn a single sketchy false statement charge into the conspiracy Durham has not yet been able to substantiate, the conspiracy without which his single false statement claim is far weaker.

With all that in mind, consider the basis on which Durham argues he should be able to breach privilege claims, no matter how flimsy.

Durham admits that he only asked for redacted copies of those documents Fusion and the Democrats have claimed privilege over on September 16, the day Durham indicted Sussmann.

On September 16, 2021, the Government issued grand jury subpoenas to Law Firm1 and the U.S. Investigative Firm, requiring them to produce – in redacted form – the documents previously listed on privilege logs prepared by counsel for those entities so that such documents would be available for admission into evidence at any trial in this matter. Those entities subsequently produced the requested documents with redactions.

In other words, Durham didn’t even begin the process of trying to pierce this privilege claim until over 850 days into his investigation, and days before the statutes of limitation started to expire. And in the ensuing six months, Durham has done nothing. So he’s making this request less than six weeks before the start of the trial (as I noted, litigating the much more specious John Eastman privilege claims has been pending since January 20), claiming the information is necessary for his case.

But some of the arguments Durham makes rely on the belated filings he has submitted in the last month. For example, he invokes Christopher Steele, whose first appearance in this case was in that untimely 404(b) notice.

Perhaps most notably, the U.S. Investigative Firm retained a United Kingdom-based investigator (“U.K. Person-1”) who compiled information and reports that became a widely-known “dossier” containing allegations of purported coordination between Trump and the Russian government.

Durham intertwines discussion of the Alfa Bank allegations with those of the dossier, even though — as Sussmann noted,

the Special Counsel has not identified, nor could he, any evidence showing that Mr. Sussmann … had any awareness Mr. Steele was separately providing information to the FBI.

That is, Steele’s activities might matter to the Sussmann case if this were a charged conspiracy, but not only didn’t Durham charge it, he only asserted the theory of conspiratorial relationship that involves Steele by relying on his delayed 404(b) notice.

Durham’s bid to pierce privilege claims with Rodney Joffe and Marc Elias similarly tie to events in which Sussmann was not involved. False statements cases are, as Sussmann noted the other day, about the state of mind of the defendant, not about events that took place weeks after his alleged lie.

But even if this were a conspiracy, Durham reserves for himself the right to determine what is necessary for a law firm to determine how to respond when a campaign opponent invites crimes from a hostile nation-state while making false claims about his ties to that state, and what is, instead, just political dirt.

To the extent these entities continue to assert privilege over the cited documents, they cannot plausibly rely on the “intermediary” exception. To be sure, the record available to the Government does not reflect that employees of the U.S. Investigative Firm were necessary in any way to facilitate Law Firm-1’s provision of legal advice to HFA and DNC, much less to Tech Executive-1. As noted above, many of the actions taken by the U.S. Investigative Firm pursuant to its retention agreement fell outside the purpose outlined in Law Firm-1’s engagement letter – that is, to provide expertise related to Law Firm-1’s legal advice to the DNC and Clinton Campaign regarding defamation and libel. When U.S. Investigative Firm employees communicated with Tech Executive-1, they were doing so in furtherance of collaborating and promoting the Russian Bank1 allegations, not facilitating legal advice from [Law Firm-1] to Tech Executive-1. Simply put, these were communications related to political opposition research and were not made “in confidence for the purpose of obtaining legal advice from the lawyer.” In re Lindsey, 158 F.3d at 1280. Any confidentiality that Tech Executive-1 might have otherwise maintained over these communications was waived when he and the defendant chose to disclose such information to a third party that did not have any formal or informal contract or retention agreement with Tech Executive-1 (i.e., the U.S. Investigative Firm).

These claims, absent evidence of the sort Robert Mueller showed Beryl Howell to breach Paul Manafort’s privilege claims, would be controversial even if they were timely (and if they were timely, they should have been presented to Howell before charging Sussmann instead of presenting them to Cooper six weeks before the trial date).

But they’re not timely, and they rely on other claims that are not timely. And all those untimely claims came in the wake of altered circumstances created by Putin’s invasion of Ukraine.

This series of late game curveballs would be abusive in any case, even if they were caused by long-planned deliberate malice or even incompetence. But the way they coincide with the collapse of the symbiotic lawfare project probably ordered — as was Petr Aven’s post-election outreach to Trump — by Putin really makes this look like a mere continuation of a six year plan to use Russia’s assault on democracy in 2016 to continue to sow discord in the US.

Claims made in untimely March 23 404(b) notice:

In a supplement to his Federal Rule of Evidence 404(b) notice provided to the defense on March 23 (the “Supplemental Notice”), the Special Counsel argues that such data gathering “constitute[s] direct evidence of the charged offense” as “factual context for the defendant’s conduct” and “to prove the existence of the defendant’s attorney-client relationships with [Mr. Joffe] and the Clinton Campaign.” Suppl. Notice at 2.

[snip

In his Supplemental Notice, the Special Counsel suggests that data was gathered “in a manner that may be considered objectionable—whether through invasions of privacy, breaches of contract, or other [unspecified] unlawful or unethical means.” Suppl. Notice at 2. But the Supplemental Notice does not identify—nor could it—any evidence that Mr. Sussmann had any awareness of or involvement in the alleged “objectionable” conduct of others related to gathering data, to the extent there even was any such “objectionable” conduct.

[snip]

The Special Counsel has also provided notice of his intention to adduce evidence regarding the accuracy of both “the purported data and [the] allegations” that Mr. Sussmann provided to the FBI and Agency 2. See Suppl. Notice at 2 (emphasis added).

[snip]

Elsewhere, the Special Counsel has suggested that data provided to Agency-2 was “misstated, overstated, and/or cherry-picked facts,” Suppl. Notice at 2,

[snip]

The Special Counsel has asserted he will offer evidence regarding the “origin” of the technical data gathered by Mr. Joffe and Others as “direct evidence” of “factual context for the defendant’s conduct” and “the existence of the defendant’s attorney-client relationships with [Mr. Joffe] and the Clinton Campaign” as to both the data provided to the FBI in September 2016 and the data provided to Agency-2 in 2017.1 Suppl. Notice at 2.

[snip]

The Special Counsel has also indicated an intention to offer evidence that (1) the data Mr. Sussmann provided was inaccurate; and (2) the analysis and conclusions drawn from that data were inaccurate. Suppl. Notice at 2 (seeking to introduce evidence regarding the “strength and reliability” of the data and allegations provided to the FBI and Agency-2, including that the white papers “may have misstated, overstated, and/or cherry-picked facts” or that certain FBI or Agency2 personnel determined that “data was potentially incomplete, fabricated, and/or exaggerated”).

[snip]

Second, the Special Counsel has utterly failed to provide an explanation for how such evidence is admissible against Mr. Sussmann. Instead, the Special Counsel simply asserts that evidence regarding the strength and reliability of the information provided to the FBI and Agency 2 is “direct evidence” of the false statements charge against Mr. Sussmann. Suppl. Notice at 2.

 

Tunnel Vision: Durham Treats Citizens’ Research into Real Paul Manafort Crimes Like a Criminal Conspiracy

/40 Comments/in , , /by

On Monday, both John Durham and Michael Sussmann submitted their motions in limine, which are filings to argue about what can be admitted at trial. They address a range of issues that I’ll cover in several posts:

Sussmann:

Durham wants to:

  • Admit witnesses’ contemporaneous notes of conversations with the FBI General Counsel
  • Admit emails referenced in the Indictment and other, similar emails (see this post)
  • Admit certain acts and statements (including the defendant’s February 2017 meeting with a government agency, his December 2017 Congressional testimony, and his former employer’s October 2018 statements to the media) as direct evidence or, alternatively, pursuant to Federal Rule of Evidence 404(b)
  • Exclude evidence and preclude argument concerning allegations of political bias on the part of the Special Counsel (addressed in this post)
  • Admit an October 31, 2016 tweet by the Clinton Campaign

I will link my discussions in serial fashion.

It’s a testament to how deep John Durham is in his conspiracy-driven rabbit hole that he assumes a 24-minute meeting between Marc Elias and Michael Sussmann on July 31, 2016 to discuss the “server issue” pertained to the Alfa Bank allegations. Just days earlier, after all, Donald Trump had asked Russia to hack Hillary Clinton, and within hours, Russian hackers obliged by targeting, for the first time, Hillary’s home office. Someone who worked in security for Hillary’s campaign told me that from his perspective, the Russian attacks on Hillary seemed like a series of increasing waves of attacks, and the response to Trump’s comments was one of those waves (this former staffer documented such waves of attack in real time). The Hillary campaign didn’t need Robert Mueller to tell them that Russia seemed to respond to Trump’s request by ratcheting up their attacks, and Russia’s response to Trump would have been an urgent issue for the lawyer in charge of their cybersecurity response.

It’s certainly possible this reference to the “server” issue pertained to the Alfa Bank allegations. But Durham probably doesn’t know; nor do I. None of the other billing references Durham suggests pertain to the Alfa Bank issue reference a server.

The possibility that Durham is seeing a conspiracy to attack Donald Trump in evidence that could, instead, be evidence of Hillary’s campaign response to an unprecedented nation-state attack, is a worthwhile demonstration of the way the two sides in this case have two entirely different theories of the conspiracy that occurred during that election. That’s particularly apparent given the competing motions in limine seeking both to prohibit and to include a bunch of communications from that period. These motions are not symmetrical. Sussmann moved to,

preclude three categories of evidence and/or arguments that the Special Counsel has suggested it might offer, namely, evidence and arguments concerning: (1) the gathering of DNS data by Mr. Sussmann’s former client Rodney Joffe, and/or other data scientists, and fellow business personnel of Mr. Joffe (collectively “Mr. Joffe and Others”); (2) the accuracy of this data and the accuracy of the conclusions and analysis based on this data; and (3) Christopher Steele and information he separately provided to the Federal Bureau of Investigation (“FBI”) (including the so-called “Steele Dossier”) (all three, collectively, the “Joffe and Steele Conduct”).

Sussmann is not moving to exclude mention his contact with Fusion GPS or reporters (though he is fighting to keep Christopher Steele out of his trial).

Whereas Durham is seeking to,

(ii) admit emails referenced in the Indictment and other, similar emails, (iii) admit certain acts and statements (including the defendant’s February 2017 meeting with a government agency, his December 2017 Congressional testimony, and his former employer’s October 2018 statements to the media) as direct evidence or, alternatively, pursuant to Federal Rule of Evidence 404(b),

[snip]

(v) admit an October 31, 2016 tweet by the Clinton Campaign.

Ultimately this is a fight about whether Sussmann’s alleged lie amounted to reporting a tip about a real cybersecurity anomaly, as Sussmann maintains, or, as Durham argues, seeding dirt as part of a dirty tricks campaign against Trump.

Predictably, in addition to emails involving Fusion GPS, Durham wants to introduce the emails between Rodney Joffe and researchers — emails to which Sussmann was not privy — as statements of co-conspirators.

In addition, Rule 801(d)(2)(E) authorizes the admission of an out-ofcourt statement “by a co-conspirator of a party during the course and in furtherance of the conspiracy.” Where a defendant objects to such an admission, however, the district court must find by a preponderance of the evidence that a conspiracy existed and that the defendant and declarant were members of that conspiracy. Bourjaily v. United States, 483 U.S. 171, 175-76 (1987). A court can preliminarily admit hearsay statements of co-conspirators, subject to connection through proof of conspiracy. See United States v. Jackson, 627 F. 2d 1198, 1218 (D.C. Cir. 1980) (approving procedure). To admit a statement under Rule 801(d)(2)(E), the court must find (i) that there was a conspiracy; (ii) that its members included the declarant and the party against whom the statement is offered; and (iii) that the statement was made during the course of and in furtherance of the conspiracy. Bourjaily 483 U.S. at 175.

Importantly, although Rule 801(d)(2)(E) refers to “conspiracy” and “co-conspirators,” the D.C. Circuit has expressly held that “the doctrine is not limited to unlawful combinations.” United States v. Weisz, 718 F. 2d 413, 433 (D.C. Cir. 1983). “Rather, the rule, based on concepts of agency and partnership law and applicable in both civil and criminal trials, ‘embodies the long-standing doctrine that when two or more individuals are acting in concert toward a common goal, the outof-court statements of one are . . . admissible against the others, if made in furtherance of the common goal.’” United States v. Gewin, 471 F. 3d 197, 201–02 (D.C. Cir. 2006) (citing Weisz, 718 F. 2d at 433)). In quoting and citing the 1974 Senate Advisory Committee note to Rule 801(d)(2)(E), the D.C. Circuit has also explained that “[Rule 801(d)(2)(E)] was meant to carry forward the universally accepted doctrine that a joint venturer is considered as a coconspirator for the purpose of this [R]ule even though no conspiracy has been charged.” Weisz, 718 F. 2d at 433 (citations and quotation marks omitted); United States v. Owens, 484 U.S. 554, 562 (1988) (invoking Advisory Committee note in interpreting Federal Rules of Evidence).

Durham describes that the object of that conspiracy was to deal dirt on Donald Trump to the US government and the media.

As an initial matter, the Government expects that the evidence at trial will show that beginning in late July/early August 2016, the defendant, Tech Executive-1, and agents of the Clinton Campaign were “acting in concert toward a common goal,” Gewin, 471 F. 3d at 201–02, namely, the goal of assembling and disseminating the Russian Bank-1 allegations and other derogatory information about Trump and his associates to the media and the U.S. government.

[snip]

More specifically, these emails show that the researchers and Tech Executive-1 were acting in concert with the defendant and others to gather and spread damaging information about a Presidential candidate shortly before the scheduled election.

And that, Durham claims, makes an attempt to understand a cybersecurity anomaly a political act.

In addition, the aforementioned communications demonstrate the materiality of the defendant’s lie insofar as they reveal the political origins and purposes for this work. And those political origins are especially probative here because they provided a motive for the defendant to conceal his clients’ involvement in these matters.

There is a great deal that is alarming and problematic with this schema. For starters, it suggests Sussmann’s response to Eric Lichtblau’s question asking, “I see Russians are hacking away. any big news?” (in what is clearly a follow-up of earlier conversations about the very real attack on Hillary by Russia) was part of a conspiracy and not a legitimate response to an obvious good faith and important question from a journalist.

Emails, billing records, and testimonial evidence to be offered at trial reflect that during approximately the same time period – and before approaching the FBI about these matters – the defendant provided the Russian Bank-1 allegations to a reporter from a major U.S. newspaper.

Many of the problems in Durham’s argument pertain to April Lorenzen, who started looking into this anomaly in June. But Durham — who also wants to make the source of these anomalies an issue at trial — seems to suggest this conspiracy started on some calls and one meeting between Marc Elias, Joffe, and Sussmann that started on August 12.

Testimony at trial will establish that among the individuals whom Tech Executive1 and Originator-1 enlisted in this project were researchers at University-1 who were assigned to a then-pending federal cybersecurity contract with a U.S. government agency (“Agency-1”). At the time, Tech Executive-1 was negotiating an agreement between his then-employer (“Internet Company-1”) and University-1 to sell large amounts of internet data to the university for use under the Agency-1 contract. The intended purpose of this agreement and University-1’s sensitive work with Agency-1 was to gather and analyze internet metadata in order to detect malicious cyberattacks. As set forth in the Indictment, however, Tech Executive-1 and Originator-1 worked with two of these University-1 researchers (“Researcher-1” and “Researcher-2”) to mine internet data for the purpose of assisting the aforementioned opposition research.

That is, Durham both includes Lorenzen’s earlier actions in his scope, but imagines that the conspiracy in question didn’t form until long after she identified the anomaly.

Similarly, Durham holds Sussmann accountable for the eventual articles written by Lichtblau and Franklin Foer, even though Lorenzen was far more involved in that process (and random people like “Phil” who were signing comments Guccifer 2.0 were also pushing the NYT to write a story). After the FBI killed the initial story, Durham has not shown any evidence that Sussmann was pushing the actual Alfa Bank story until after the Lichtblau and Foer stories were published.

Meanwhile, Durham’s interpretation of this Lorenzen email — written in the wake of Paul Manafort’s firing because his secret influence-peddling for Russian backed Ukrainian Oligarchs had become a campaign liability — is fairly shocking.

NOTE: The Russian money launderers, sometimes assisted by Americans like those you see listed in the PDF [Tech Executive-1] just shared [the Trump Associates List], and others you’ll see in [name redacted]’s next document …. Cyprus is one of the places they like. That’s where [Russian Bank-1]-Forex is organized. Choose .com or .ru when studying their domains … and remember we don’t need a russian IP, domain or company for money to flow from Russians to Trump.

[Russian Bank-1]-* has massive tentacles in so many countries including the USA. Regarding this whole project, my opinion is that from DNS all we could gain even in the best case is an *inference*.

I have not the slightest doubt that illegal money and relationships exist between pro-Russian and pro-Trump, meaning actual people very close to Trump if not himself. And by Putin’s traditional style, people Putin controls, but not himself. He controls the oligarchs and they control massive fortunes and cross nearly all major industries in a vast number of countries.

But even if we found what [Tech Executive-1] asks us to find in DNS we don’t see the money flow, and we don’t see the content of some message saying “send me the money here” etc.

I could fill out a sales form on two websites, faking the other company’s email address in each form, and cause them to appear to communicate with each other in DNS. (And other ways I can think of and I feel sure [Researcher-2] can think of.)

IF [Tech Executive-1] can take the *inference* we gain through this team exercise … and cause someone to apply more useful tools of more useful observation or study or questioning … then work to develop even an inference may be worthwhile.

That is how I understood the task. Because [Tech Executive-1] didn’t tell me more context or specific things. What [name redacted] has been digging up is going to wind up being significant. It’s just not the case that you can rest assured that Hil[l]ary’s opposition research and whatever professional govts and investigative journalists are also digging … they just don’t all come up with the same things or interpret them the same way. But if you find any benefit in what she has done or is doing, you need to say so, to encourage her. Because we are both killing ourselves here, every day for weeks.

I’m on the verge of something interesting with hosts that talk to the list of Trump dirty advisor domain resources, and hosts that talk to [Russian Bank1]-* domains. Take even my start on this and you have Tehran and a set of Russian banks they talk to. I absolutely do not assume that money is passing thru Tehran to Trump. It’s just one of many *inferences* I’m looking at.

SAME IRANIAN IP THAT TALKS TO SOME TRUMP ADVISORS, also talks to:

[list of domains redacted]

(Capitals don’t mean SUPER SIGNIFICANT it was just a heading.)

Many of the IPs we have to work with are quite MIXED in purpose, meaning that a lot of work is needed to WINNOW down and then you will still only be left in most cases with an *inference* not a certainty. Trump/ advisor domains I’ve been using. These include ALL from [Tech Executive-1’s] PDF [the Trump Associate’s List] plus more from [name redacted]’s work:

[list of domains redacted]

[RUSSIAN BANK-1] DOMAINS

[list of domains redacted]

More needs to be added to both lists. [Durham’s bold, my italics]

That’s true in part, because Durham suggests the entirety of this email is part of the conspiracy, but it’s clear that Lorenzen was working with another person, whose name Durham redacts, who seems arbitrarily excluded from it.

But it’s also true because Lorenzen sent it in the wake of Trump’s false claim — made in the same appearance where he asked Russia to hack Hillary some more — that he had no business ties to Russia, when in fact he continued to pursue a Trump Tower deal that would have relied on funding from one of two sanctioned banks. She sent it in the wake of Manafort’s false claims (and Rick Gates’ lies to the press) that served to hide his real ties to Russian-backed oligarchs, including one centrally involved in the Russian effort to tamper in the election, Oleg Deripaska, and his money laundering through Cyprus of payments from those Oligarchs. Manafort was helped in those lies — in the same weeks as Sussmann met with James Baker!!!! — by the son-in-law of Alfa Bank’s co-founder German Khan, Alex Van der Zwaan, who went on to lie about his actions to Mueller. In the same month Sussmann met with Baker, Mueller found probable cause to investigate, Trump got a $10 million infusion from an Egyptian state-owned bank. Lorenzen’s suspicions were not only realistic, but some turned out to be absolutely true.

Similarly, Durham makes much of this email from Lorenzen:

[Tech Executive-1’s] carefully designed actions provide the possibility of: 1. causing the adversaries to react. Stop using? Explain? 2. Getting more people with more resources to find out the things that are unknown, whether those be NON-internet channels of connection between Trump, [Healthcare Company1][owners of Healthcare Company-1], [Russian Bank-1] … money flows, deals, God knows it could be [owners of Healthcare Company-1’s] children married to Russians who run [Russian Bank1]. Or like Researcher-2 shared, someone’s wife vacationing with someone else’s wife.

I have no clue. These are things other people may look into, if they know a direction of interest to look. 3. Legal action to protect our country from people who act against our national interests. I don’t care in the least whether I’m right or wrong about VPN from [Russian Bank-1], [TOR] from Russian Bank-1, or just SMTP artifact pointing to a 3-way connection. [Tech Executive1] has carefully crafted a message that could work to accomplish the goals. Weakening that message in any way would in my opinion be a mistake. [Durham’s bold, my italics]

Here, again, Lorenzen wonders about suspect ties of those married to the children of Alfa Bank’s founders within days of Van der Zwaan taking actions to hide Manafort’s ties to Russian-backed oligarchs.

In other words, Durham treats Lorenzen’s inferences, some of which turned out not just to be right, but to be centrally important to the ongoing Russian attack on the US, as improper dirt on a presidential candidate and not stuff that every citizen of the United States would want to know. Durham is criminalizing a private citizen’s effort (one for which he shows no direct tie to the Clinton campaign) to understand real corruption of Trump and his campaign manager. Durham literally calls this effort to research a political candidate — a core responsibility in a democracy — a “venture to gather and disseminate purportedly derogatory internet data regarding a Presidential candidate.”

This is not the only email that pointed to real criminal evidence pertaining to Russia’s attack in 2016. He cites David Dagon justifying using this data by pointing to the FBI’s investigation into Fancy Bear — the hackers who were in that same month still hacking Hillary and trying to hack election infrastructure.

I believe this is at a threshold of probable cause for violation of Commerce Dept sanctions, FEC elections rules, and has releva[n]cy for the Bureau’s Fancy Bear inquiry, etc._ I also have some graphs/animations of the Trump [] router, which I can clean up and contribute. (They merely give a glimpse of aggregate volume, since we lack actual flows.) I’d need until the weekend.”

Again, Paul Manafort did turn out to have real ties to the APT 28 operation, Roger Stone appears to have been in direct contact with the GRU-backed persona since before it went public, and Mueller did charge an Oligarch with close ties to Putin, Yevgeniy Prigozhin, with violating FEC election rules. To suggest that it was improper to try to investigate these ongoing crimes in real time — to suggest the investigation is itself a conspiracy — undermines any possibility for a vibrant democracy.

And Durham decided belatedly (Sussmann’s filing makes it clear Durham laid all this out in a March 23 404(b) notice, 5 days past his due date) to argue that all these emails are admissible so he can argue that Joffe asked Sussmann to hide his role in all this so he could hide the emails that show real investigation into real, ongoing crimes.

Indeed, many of the emails’ contents are relevant and not hearsay for the additional reason that they shed important light on the defendant’s and Tech Executive-1’s “intent, motive, or state of mind,” and “help to explain their future conduct.” Safavian, 435 F. Supp. at 45–46. In particular, the mere fact that these emails (i) existed in written form prior to the defendant’s September 19, 2016 meeting with the FBI and (ii) reflected instances of serious doubts about whether the Russian Bank-1 data might have been “spoofed,” a “red herring,” “wrong,” or a product of “tunnel vision” or bias against Trump, provided Tech Executive-1 and the defendant with motive to conceal the origins and provenance of the Russian Bank-1 allegations from the FBI. In particular, a reasonable jury could infer from these and other facts that Tech Executive-1 made the defendant aware of these prior doubts and therefore supplied the defendant – as Tech Executive-1’s representative – with a motive to conceal their client relationship from the FBI General Counsel. A jury could similarly infer that even if Tech Executive-1 did not make the defendant aware of these communications, he nevertheless instructed the defendant to deny the existence of such a client relationship for the same reason (i.e., to avoid the FBI’s potential discovery of the doubts reflected in these prior discussions).

Durham’s conspiracy theorizing is not just a dangerous attack on citizenship. It is also cherry picking. He has left out a number of the people who were pursuing the DNS question, including those — Matt Blaze and others — whom Sussmann said he had consulted with in his meeting with Baker, but put in people that Sussmann did not even know.

Sussmann notes he wasn’t involved in any of this data-gathering, nor was the Clinton campaign.

There cannot be any credible argument that the data-gathering sheds light on Mr. Sussmann’s representation of Mr. Joffe, because there is no evidence that Mr. Sussmann was involved in the data-gathering or that it was being done to give to Mr. Sussmann, as Mr. Joffe’s counsel. It is just as specious to suggest that the data-gathering bears on Mr. Sussmann’s attorney-client relationship with the Clinton Campaign. There is no evidence that the Clinton Campaign directed or was involved in the gathering of data, via Mr. Sussmann or otherwise. Nor is there any evidence of communications on issues pertinent to the Indictment between Mr. Joffe and the Clinton Campaign. As such, the manner in which data was gathered has no bearing on Mr. Sussmann’s attorney-client relationship with the Clinton Campaign.

In what is likely to be a persuasive argument to Judge Cooper, Sussmann argued that the only thing that can be relevant to the charge against him — a false statements charge, not conspiracy to defraud the US — is his state of mind.

Evidence that lacks a connection to the charge or the defendant’s scope of knowledge, including as to the defendant’s state of mind, is decidedly not relevant. See, e.g., United States v. Wade, 512 F. App’x 11, 14 (2d Cir. 2013) (excluding testimony about another act because it “was not temporally or physically linked” to the crime at issue and the “testimony presented a risk of juror confusion and extended litigation of a collateral matter”); United States v. Libby, 467 F. Supp. 2d 1, 15-16 (D.D.C. 2006) (rejecting attempts to “elicit . . . what others were told” as “simply irrelevant to the defendant’s state of mind” in a false statements and perjury case); United States v. George, 786 F. Supp. 56, 64 (D.D.C. 1992) (without the “crucial link” that “defendant knew what information others had,” that information is not material to the defendant’s state of mind in an obstruction and false statements case); United States v. Secord, 726 F. Supp. 845, 848-49 (D.D.C. 1989) (information of which the defendant had no knowledge is necessarily immaterial to the defendant’s state of mind, intent, or motive in a false statements case).

[snip]

First, evidence regarding the accuracy of the data or the conclusions drawn from that data is simply irrelevant to the false statement charge against Mr. Sussmann. Mr. Sussmann is not charged with defrauding the government or with a conspiracy to do that or anything else. There is no allegation or evidence that Mr. Sussmann was privy to any of the communications between Mr. Joffe and Others about the data or its analyses that the Special Counsel misleadingly cites in the Indictment.

I think Durham’s bid to include communications with those (Lorenzen and Manos Antonakakis) Sussmann did not have direct contact with is likely to fail. So most of Durham’s conspiracy theorizing will likely remain on the pages of these filings.

But along the way, Durham’s tunnel vision about 2016 led him to forget to exclude the things that do go to Sussmann’s state of mind, such as the very real Russian attack on Hillary Clinton and Donald Trump’s public call for more such attacks.

So while Durham may be excluded from claiming that a private citizen’s attempt to learn about real crimes by a Presidential candidate before he is elected amounts to a criminal conspiracy, it is too late for Durham now to try to exclude evidence about Sussmann’s understanding of Donald Trump’s very real role in a hack of his client.

John Durham Is Likely to Supersede the Michael Sussmann Indictment

/67 Comments/in , /by

On Monday, both John Durham and Michael Sussmann submitted their motions in limine, which are filings to argue about what can be admitted at trial. They address a range of issues that I’ll cover in several posts:

Sussmann:

Durham wants to:

  • Admit witnesses’ contemporaneous notes of conversations with the FBI General Counsel
  • Admit emails referenced in the Indictment and other, similar emails (see this post)
  • Admit certain acts and statements (including the defendant’s February 2017 meeting with a government agency, his December 2017 Congressional testimony, and his former employer’s October 2018 statements to the media) as direct evidence or, alternatively, pursuant to Federal Rule of Evidence 404(b)
  • Exclude evidence and preclude argument concerning allegations of political bias on the part of the Special Counsel (addressed in this post)
  • Admit an October 31, 2016 tweet by the Clinton Campaign

I will link my discussions in serial fashion.

In his motions in limine submitted Monday, John Durham included a text Michael Sussmann sent to James Baker that he belatedly discovered on the Baker phone he never bothered to look for.

Jim – it’s Michael Sussmann. I have something time-sensitive (and sensitive) I need to discuss. Do you have availibilty for a short meeting tomorrow? I’m coming on my own – not on behalf of a client or company – want to help the Bureau. Thanks. (emphasis added).

The text seems really damning — and both Charlie Savage and the frothers have treated it as such.

But it creates one real problem and may not help as much as they assume.

That’s true, first of all, because Durham accused Michael Sussmann of lying to James Baker on September 19. He did not accuse him of lying on September 18. Every single witness Durham is relying on to prove this lie either doesn’t remember Baker relaying that Sussmann had claimed at the meeting not to be representing a client (as is the case for Bill Priestap and Trisha Anderson), or has given wildly conflicting testimony about it (as is the case for Baker). Durham can’t rule out that Sussmann did not repeat that claim at the meeting on September 19. And, indeed, that might explain why Baker’s testimony conflicted so wildly and also might explain why Priestap’s notes recording “said not doing this for any client” (note the apparent strike-out; h/t ML) appears to have been written after the fact.

Indeed the Priestap and Anderson notes Durham is fighting to rely on support an inference that the meeting emphasized the motive Sussmann said he had — to help the FBI. Both prominently focus on the upcoming NYT story, which is what Sussmann explained, in sworn testimony to HPSCI, he went to warn Baker about: that there would be an upcoming story that might be awkward for the FBI.

Q And when did that conversation occur on or about?

A Middle of September 2016.

Q And what did Mr. Baker advise you to do?

A Advise me to do?

Q Yeah. Or what was what did he – how did he respond to the information that you conveyed to him?

A He said thank you.

Q Did he offer any follow-on

A No.

Q engagements, or did he promise that he would pass it on?

A But to be clear, I told him I didn’t want any. I mean, I was sharing information, and I remember telling him at the outset that I was meeting with him specifically, because any information involving a political candidate, but particularly information of this sort involving potential relationship or activity with a foreign government was highly volatile and controversial. And I thought and I remember telling him that it would be a not-so-nice thing ~ I probably used a word more stronger than “not so nice” – to dump some information like this on a case agent and create some sort of a problem. And I was coming to him mostly because I wanted him to be able to decide whether or not to act or not to act, or to share or not to share, with information I was bringing him to insulate or protect the Bureau or — I don’t know. just thought he would know best what to do or not to do, including nothing at the time.

And if I could just go on, I know for my time as a prosecutor at the Department of Justice, there are guidelines about when you act on things and when close to an election you wait sort of until after the election. And I didn’t know what the appropriate thing was, but I didn’t want to put the Bureau or him in an uncomfortable situation by, as I said, going to a case agent or sort of dumping it in the wrong place. So I met with him briefly and

Q Did you meet — was it a personal meeting or a phone call?

A Personal meeting.

Q At the FBI?

A At the FBI. And if I could just continue to answer your question, and soI told him this information, but didn’t want any follow-up, didn’t ~ in other words, I wasn’t looking for the FBI to do anything. I had no ask. I had no requests. And I remember saying, I’m not you don’t need to follow up with me. I just feel like I have left this in the right hands, and he said, yes.

And FBI availed themselves of the help Sussmann offered, asking and getting him to share Eric Lichtblau’s name, thereby giving the FBI an opportunity to kill the story that Sussmann had directly seeded.

Q The conversations you had with the journalists, the ~

A Oh, excuse me. I did not recall a sort of minor conversation that I had with Mr. Baker, which I don’t think it was necessarily related to the question you ‘asked me, but I just wanted to tell you about a phone call that I had with him 2 days after I met with him, just because I had forgotten it When I met with him, I shared with him this information, and I told him that there was also a news organization that has or had the information. And he called me 2 days later on my mobile phone and asked me for the name of the journalist or publication, because the Bureau was going to ask the public — was going to ask the journalist or the publication to hold their story and not publish it, and said that like it was urgent and the request came from the top of the Bureau. So anyway, it was, you know, a 5-minute, if that, phone conversation just for that purpose.

Q Thats good to know. Was that information the same information that you talked to Mr. Baker about?

A Yes

Q Okay. So the FBI then — so, at some point, the FBI was very concerned about that actually appearing in the New York Times. Is that correct?

A Yes, yes. My understanding is they —

Q Did he explain why they were so concerned?

A No. He just didn’t want — just didn’t want it to be revealed publicly.

All the discussions about materiality should include the decision that FBI made: not just to open an investigation or not, but also to intervene and kill a damaging story about Trump.

This is one reason that April Lorenzen’s largely independent efforts to push this story (which Durham treats as part of the same conspiracy) are important. Because Sussmann’s efforts actually had the opposite effect of what Durham claims he wanted, a big story to sway the election.

Durham has an easy fix to his first problem though: He can simply supersede the indictment.

If I were him, especially if I were as much of a douchebag as he has been, I’d wait until after Christopher Cooper rules on the motions in limine to supersede, tailoring the charges that Durham will have to prove to those decisions.

Indeed, that may be one reason Sussmann cheekily submitted a redlined indictment as it would appear without all Durham’s conspiracy theorizing: to get Cooper to rule in on what a reasonable indictment would look like.

In any case, because that text creates temporal problems with the most compelling evidence that Durham has, I expect he’ll supersede the indictment before trial.

Update: Charlie Savage noted to me, persuasively, that the statute of limitation has expired on charging Sussmann with lying on September 18. I still would not be surprised if Durham attempted to fix this error by superseding, perhaps by adopting “on or about” language. But if Durham can’t include September 18 in his indictment, he may have a real problem.

Update: A reader notes that Durham’s filing claims that U.K. Person-1 — Christopher Steele — is referred to in the indictment.

For example, in the summer of 2016, the defendant met in Law Firm-1’s offices with the author of a now well-known dossier regarding Trump (referred to in the Indictment as “U.K. Person-1”) and personnel from the U.S. Investigative Firm.

He’s not in the known Sussmann indictment, as Sussmann notes in his counterpart filing.

The Special Counsel also indicated during a telephone conference on March 11, 2022 that he intends to introduce evidence and argument pertaining to reports and information that Christopher Steele separately provided to the FBI—i.e., the so-called “Steele Dossier.” Not only that, but the Special Counsel also produced witness statements for Mr. Steele pursuant to 18 U.S.C. § 3500, presumably because the Special Counsel seeks to call Mr. Steele as a witness at trial. However, the Indictment contains no reference to Mr. Steele or the inflammatory Steele Dossier. The Indictment similarly contains no allegations—nor is there any evidence of—Mr. Sussmann’s knowledge, awareness, or involvement in any of Mr. Steele’s efforts to provide information to the government.

I wonder if Durham asked to file the conspiracy charges he’s been pursuing between March 18 and March 23, but was denied, after which he filed his delayed 404(b) notice pertaining to Steele and Joffe.

The Guy Investigating the Claimed Politicized Hiring of a Special Counsel Insists that the Hiring of a Special Counsel Cannot Be Political

/16 Comments/in , , /by

On Monday, both John Durham and Michael Sussmann submitted their motions in limine, which are filings to argue about what can be admitted at trial. They address a range of issues that I’ll cover in several posts:

Sussmann:

Durham wants to:

  • Admit witnesses’ contemporaneous notes of conversations with the FBI General Counsel
  • Admit emails referenced in the Indictment and other, similar emails (see this post)
  • Admit certain acts and statements (including the defendant’s February 2017 meeting with a government agency, his December 2017 Congressional testimony, and his former employer’s October 2018 statements to the media) as direct evidence or, alternatively, pursuant to Federal Rule of Evidence 404(b)
  • Exclude evidence and preclude argument concerning allegations of political bias on the part of the Special Counsel (addressed in this post)
  • Admit an October 31, 2016 tweet by the Clinton Campaign

I will link my discussions in serial fashion.

Here’s how John Durham moved to exclude any evidence that his team was ordered to produce results in time for the 2020 election, bullied witnesses, or treated Hillary Clinton as a more dangerous adversary than Russia.

The Government expects that defense counsel may seek to present evidence at trial and make arguments that depict the Special Counsel as politically motived or biased based on his appointment by the prior administration. Notwithstanding the patently untrue nature of those allegations, such matters are irrelevant to this case and would create a substantial danger of unfair prejudice, confusion, and delay. In particular, the government seeks to preclude the defendant from introducing any evidence or making any argument concerning the circumstances surrounding the appointment of the Special Counsel and alleged political bias on the part of the Special Counsel’s Office. Indeed, the defendant has foreshadowed some of these arguments in correspondence with the Special Counsel and others, and their assertions lack any valid basis.

Only relevant evidence is admissible at trial. Fed. R. Evid. 402. The definition of relevance is inclusive, see Fed. R. Evid. 401(a), but depends on the possibility of establishing a fact that “is of consequence in determining the action,” Fed. R. Evid. 401(b). Evidence is therefore relevant only if it logically relates to matters that are at issue in the case. E.g., United States v. O’Neal, 844 F. 3d 271, 278 (D.C. Cir. 2016); see Sprint/United Management Co. v. Mendelsohn, 552 U.S. 379, 387 (2008). The party seeking to introduce evidence bears the burden of establishing relevancy. Dowling v. United States, 493 U.S. 342, 351 n.3 (1990).

Here, the defendant is charged with making a false statement to the FBI General Counsel in violation of 18 U.S.C. § 1001. A jury will have to decide only whether the defendant knowingly and willfully made a materially false statement to the FBI General Counsel. Nothing more, nothing less. Baseless political allegations are irrelevant to the crime charged. See, e.g., United States v. Regan, 103 F. 3d 1072, 1082 (2d Cir. 1997) (claims of Government misconduct are “ultimately separate from the issue of [a defendant’s] factual guilt”); United States v. Washington, 705 F. 2d 489, 495 (D.C. Cir. 1983) (similar). Evidence or argument concerning these issues should therefore be excluded. See Fed. R. Evid. 402; see, e.g., O’Neal, 844 F,3d at 278; United States v. Stone, 19 CR 18 (D.D.C. Sept. 26, 2019) ECF Minute Order (granting the government’s motion in limine to exclude evidence or argument regarding alleged misconduct in the government’s investigation or prosecution of Roger Stone).

The only purpose in advancing these arguments would be to stir the pot of political polarization, garner public attention, and, most inappropriately, confuse jurors or encourage jury nullification. Put bluntly, the defense wishes to make the Special Counsel out to be a political actor when, in fact, nothing could be further from the truth.11 Injecting politics into the trial proceedings is in no way relevant and completely unjustified. See United States v. Gorham, 523 F. 2d 1088, 1097-1098 (D.C. Cir. 1975) (upholding trial court’s decision to preclude evidence relevant only to jury nullification); see also United States v. Rushin, 844 F. 3d 933, 942 (11th Cir. 2016) (same); United States v. Castro, 411 Fed. App’x 415, 420 (2d Cir. 2011) (same); United States v. Funches, 135 F.3d 1405, 1408-1409 (11th Cir. 1998) (same); United States v. Cropp, 127 F.3d 354, 358-359 (4th Cir. 1997). With respect to concerns about jury nullification, this Circuit has opined:

[Defendant’s] argument is tantamount to the assertion that traditional principles concerning the admissibility of evidence should be disregarded, and that extraneous factors should be introduced at trial to become part of the jury’s deliberations. Of course a jury can render a verdict at odds with the evidence and the law in a given case, but it undermines the very basis of our legal system when it does so. The right to equal justice under law inures to the public as well as to individual parties to specific litigation, and that right is debased when juries at their caprice ignore the dictates of established precedent and procedure.

Gorham, 523 F.2d at 1098. Even if evidence related to the defendant’s anticipated allegations had “marginal relevance” to this case (which it does not), the “likely (and presumably intended) effect” would be “to shift the focus away from the relevant evidence of [the defendant’s] wrongdoing” to matters that are, at most, “tangentially related.” United States v. Malpeso, 115 F. 3d 155, 163 (2d Cir. 1997) (upholding exclusion of evidence of alleged misconduct by FBI agent). For the foregoing reasons, the defendant should not be permitted to introduce evidence or make arguments to the jury about the circumstances surrounding the appointment of the Special Counsel and alleged political bias on the part of the Special Counsel.

11 By point of fact, the Special Counsel has been appointed by both Democratic and Republican appointed Attorneys General to conduct investigations of highly-sensitive matters, including Attorneys General Janet Reno, Michael Mukasey, Eric Holder, Jeff Sessions and William Barr. [my emphasis]

Durham stuck the section between an extended section arguing that Judge Christopher Cooper should treat the interlinked investigations — by those working for the Hillary campaign and those, working independently of the campaign, who believed Donald Trump presented a grave risk to national security — into Trump’s ties to Russia as a unified conspiracy and another section asking that Clinton Campaign tweets magnifying the Alfa Bank allegations be admitted, even though the argument to include them is closely related.

Even ignoring how Durham pitches this issue, the placement of this argument — smack dab in the middle of an effort to treat protected political speech he admits is not criminal like a criminal conspiracy — seems like a deliberate joke. All the more so coming from prosecutors who, with their conflicts motion,

stir[red] the pot of political polarization, garner[ed] public attention, and, most inappropriately, confuse[d potential] jurors

It’s pure projection, presented in the middle of just that kind of deliberately polarizing argument. From the moment the Durham team — which relied heavily on an FBI Agent who reportedly sent pro-Trump texts on his FBI phone — tried to enhance Kevin Clinesmith’s punishment for altering documents because he sent anti-Trump texts on his FBI phone, Durham has criminalized opposition to Trump.

And Durham himself made his hiring an issue by claiming that the guy who misrepresented his conflicts motion by using it to suggest that Sussmann and Rodney Joffe should be executed, Donald Trump, is a mere third party and not the guy who made him a US Attorney.

But it’s also misleading, for multiple reasons.

The initial bias in question pertains to covering up for Russia, not helping Republicans

Sussmann’s likely complaints at trial have little to do with the fact that Durham was appointed by a Republican. Rather, a key complaint will likely have to do with the fact that Durham was appointed as part of a sustained campaign to misrepresent the entire set of events leading up to the appointment of his predecessor as Special Counsel, Robert Mueller, by a guy who auditioned for the job of Attorney General based on his claims — reflecting his warped Fox News understanding of the investigation — that the confirmed outcome of that investigation was false.

You cannot separate Durham’s appointment from Billy Barr’s primary goal in returning as Attorney General to undermine the evidence of improper Trump ties to Russia. You cannot separate Durham’s appointment, in the same days as Mueller acquired key evidence in two investigations (the Egyptian bank donation and Roger Stone) that Barr subsequently shut down, from Barr’s attempt to undermine the past and ongoing investigation. You cannot separate Durham’s appointment from what several other DC District judges (Reggie Walton, Emmet Sullivan, and Amy Berman Jacksonthe latter, twice) have said was Barr’s improper tampering in the Russian investigation.

That is, Durham was appointed to cover-up Trump’s confirmed relationship with Russia, not to attack Democrats. But in order to cover up for Russia, Durham will, and has, attacked the Democrats who were first victimized by Russia for viewing Russia as a threat (though I believe that Republicans were victimized, too).

That bias has exhibited in the following ways, among others:

  • Treating concern about Trump’s solicitation of further hacks by Russia and his confirmed ties to Russian money laundering as a partisan issue, and not a national security issue (something Durham continues with this filing)
  • Treatment, in the Danchenko case, of Charles Dolan’s involvement in the most accurate report in the Steele dossier as more damning that the likely involvement of Dmitri Peskov in the most inflammatory reports that paralleled the secret communications with Dmitry Peskov that Trump and Michael Cohen lied to cover up
  • Insinuations from Andrew DeFilippis to Manos Antonakakis that it was inappropriate for DARPA to ask researchers to investigate ongoing Russian hacks during an election
  • A prosecutorial decision that risks making sensitive FISA information available to Russia that will, at the same time, signal that the FBI won’t protect informants against Russia

There are other indications that Durham has taken probable Russian disinformation that implicates Roger Stone as instead reliable evidence against Hillary.

Durham’s investigation into an investigation during an election was a key prop during an investigation

Another thing Durham may be trying to stave off is Sussmann calling Nora Dannehy as a witness to explain why she quit the investigation just before the election. Even assuming Durham could spin concerns about pressure to bring charges before an election, that pressure again goes to Billy Barr’s project.

When Durham didn’t bring charges, some of the same documents Durham was reviewing got shared with Jeffrey Jensen, whose team then altered several of them, at least one of them misleadingly, to present a false narrative about Trump’s opponent’s role in the investigation. Suspected fraudster Sidney Powell seems to have shared that false narrative with Donald Trump, who then used it in a packaged attack in the first debate.

This is one of the reasons why Durham’s submission of Bill Priestap’s notes in such a way as to obscure whether those notes have some of the same indices of unreliability as the altered filings in the Mike Flynn case matters.

In other words, Durham is claiming that scrutinizing the same kind of questions that Durham himself has been scrutinizing for years is improper.

The bullying

I find it interesting that Durham claims that, “the defendant has foreshadowed some of these arguments in correspondence with the Special Counsel and others,” without citing any. That’s because the only thing in the record is that Sussmann asked for evidence of Durham bullying witnesses to alter their testimony — in response to which Durham provided communications with April Lorenzen’s attorneys.

On December 10, 2021, the defense requested, among other things, all of the prosecution team’s communications with counsel for witnesses or subjects in this investigation, including, “any records reflecting any consideration, concern, or threats from your office relating to those individuals’ or their counsels’ conduct. . . and all formal or informal complaints received by you or others” about the conduct of the Special Counsel’s Office.” Although communications with other counsel are rarely discoverable, especially this far in advance of trial, the Government expects to produce certain materials responsive to this request later this week. The Government notes that it is doing so despite the fact that certain counsel persistently have targeted prosecutors and investigators on the Special Counsel’s team with baseless and polemical attacks that unfairly malign and mischaracterize the conduct of this investigation. For example, certain counsel have falsely accused the Special Counsel’s Office of leaking information to the media and have mischaracterized efforts to warn witnesses of the consequences of false testimony or false statements as “threats” or “intimidation.”

And this set of filings reveals that Durham is still trying to force Rodney Joffe to testify against Sussmann, even though Joffe says his testimony will actually help Sussmann.

In other words, this may be a bid by Durham to prevent evidence of prosecutorial misconduct under the guise of maintaining a monopoly on the right to politicize the case.

Normally, arguments like this have great merit and are upheld.

But by making the argument, Durham is effectively arguing that the entire premise of his own investigation — an inquiry into imagined biases behind an investigation and later appointment of a Special Counsel — is illegitimate.

As we’ll see, what Judge Christopher Cooper is left with is nothing more than competing claims of conspiracy.

Michael Sussmann’s Lawyers Complain of “Wildly Untimely” Notices from John Durham [Updated, with Confirmation]

/43 Comments/in , /by

Republished given confirmation that Durham is trying to point to privilege claims to insinuate wrong-doing. 

On March 31, there was a combined motions and status hearing in the Michael Sussmann case. The parties started by arguing Sussmann’s motion to dismiss (response; reply) based on a claim his alleged lie was not material. Here’s my live-tweet of the hearing.

Judge Christopher Cooper observed that the dispute was “Well briefed and argued on both sides” and promised to rule quickly. But the odds are still really good that he’ll rule against Sussmann because the standard for materiality is so thin. So that argument was perhaps more interesting for a few details that came out in the process, such as that the claim is that Sussmann offered up that he had no client, and that in all the discovery Sussmann has received, there’s no evidence anyone every asked the source of the DNS data he shared with the government even while they repeatedly recognized that Sussmann was a lawyer for the DNC.

We don’t think Baker or anyone else at FBI ever asked, btw, where’d this info come from. If source mattered so much, you’d think someone would have said, where’d this come from, how’d they get it.

Both details would help Sussmann defeat a materiality claim at trial, but Cooper can’t take it into account.

It was in the status discussion where things got more interesting. Cooper asked why he hadn’t seen any 404(b) notices (which is notice that the government wants to use otherwise incriminating information to prove its case in chief, often to prove motive), and AUSA Andrew DeFilippis said they had provided it to the defense. Sussmann’s lawyer, Sean Berkowitz, described that they were going to file motions in limine about the notices, but observed that “one was untimely,” meaning Durham’s team missed the March 18 deadline.

DeFilippis then asked for extra time to deal with Sussmann’s CIPA 5 motion, which is where he asks for classified information to be declassified to use at trial. Sussmann had little problem with that.

Then Berkowitz complained about an expert the government just informed Sussmann they wanted to call — an FBI agent whose primary purpose would be to explain the DNS and Tor technologies at the core of the tip Sussmann shared with the FBI. Cooper quipped, “aren’t we going to have the jury understand the technical” aspects of the trial, and suggested he, himself, needed such a tutorial as well. Berkowitz noted that that deadline had passed weeks ago and the late notice didn’t give Sussmann enough time to qualify their own expert to respond.

The real issue, it soon became clear, was that the government wants to reserve the right to use this witness to rebut any claim Sussmann would make that the data was “real.” DeFilippis argued they need to be able to rebut Sussmann’s claim that the allegation he made was “unsupported.” “That’s different,” Judge Cooper noted, “than whether the data was accurate.”

It’s clear, based on what DeFilippis said, that he intends to conflate accurate data — a real, still unexplained anomaly — with an unpersuasive hypothesis about what that anomaly might be. DeFilippis countered that if the data were “cherry picked or fabricated” — neither of which he has charged — then it might suggest a motive for Sussmann to lie. But Berkowitz argued that the only thing that matters it that Sussmann believed the data was accurate. Importantly, Durham’s indictment falsely suggests that Sussmann was privy to some of the researchers discussion about this.

Berkowitz’s frustration with all that was nothing compared to his fury that, just the night before, prosecutors had told them that they intended to use a motion in limine (which is supposed to deal with what evidence can and cannot be introduced at trial) to try to breach privilege claims that various witnesses have made. As Cooper noted, that’s not a motion in limine, it’s a motion to compel.

Berkowitz: We learned last night that SC is challenging privilege. Only last night we learned they do intend to challenge privilege in motion in limine. Wildly untimely. Implicates underlying case.

DeFilippis: We’ve been working with asserted privilege holders. Those holders would be Tech Executive-1, Clinton campaign, another political organization. We have tried to understand theory of privilege. Unable to get comfort. We now intend to call witnesses from [Fusion] and [Perkins Coie].

Cooper: Not a motion in limine, it is a motion to compel.

Berkowitz: This issue is an issue that has been discussed for well over a year. Honestly to only now bring it up, 6 weeks before trial. Violations of due process, we’re going to get new info, it’s an ambush.

It’s really hard to view this as anything but a stunt to try to save Durham’s conspiracy theories.

In a normal situation involving a big law firm like Perkins Coie, well-lawyered people associated with the Hillary campaign (because of PC’s role as Sussmann’s former employer, Hillary and the DNC would count as separate entities), as well as Fusion GPS (which has been fighting similar issues from Russian oligarchs for years now), such privilege claims would take at least three months to work out.

For sake of comparison, John Eastman’s privilege fight, for a legal argument with none of the formal retainer agreements like those PC has, for emails inappropriately stored on Chapman University’s cloud, in which there’s substantive evidence — now affirmed by a judge — that Eastman himself has criminal exposure, has been going on since January 20, and it is nowhere near done.

As Berkowitz notes, the trial is six weeks away.

The most likely outcome of this effort would either be a delay of the trial and/or some inconclusive outcome, which Durham would undoubtedly use to sow more conspiracy theories without charging them, pointing to Democrats’ defense of privilege to insinuate the privilege claims must hide some proof of conspiracy.

But it looks all the more intentional given the now-famous delayed waiver motion Durham went through in February. The waivers covered by Durham’s filing include several of the witnesses he has belatedly said he wants to pierce privilege now:

  • Whether Perkins Coie (which Latham represented along with Sussmann in the Durham investigation) knew how Sussmann was billing his time
  • Perkins Coie’s past claims about the DNC’s activities
  • The advice Kathryn Ruemmler gave Sussmann when Kash Patel raised his meeting with the FBI in a December 2017 HPSCI appearance
  • What Latham told a PR firm regarding public statements about the meeting in 2018

That is, more than six weeks before telling Sussmann that, after not formally attempting to pierce privilege in the last year, Durham now wants to do so, Durham made Sussmann waive any conflict with all the privileged relationships that Durham wants to pierce.

As I noted at the time, Durham was asking Sussmann to waive conflicts even without having pierced privilege.

Latham also provided Perkins Coie advice regarding a PR statement that, Durham admits, he’s not been able to pierce the privilege of and he knows those who made the statement had no knowledge that could implicate the statement in a conspiracy.

He’s now trying to do that. It’s really hard to believe that’s a coinkydink.

And unlike the attorney-client waiver used in the Paul Manafort case, Durham is not citing independent proof that Sussmann lied to his lawyers. Unlike the waiver with Eastman or with Michael Cohen’s hush payments, Durham is not citing participation in a conspiracy.

This is still a false statements case that Durham is sure, absent the evidence to charge it, is a conspiracy. And now at the last minute, he’s attempting to salvage that conspiracy.

Update: A motion in limine from Sussmann confirms I was totally right about Durham’s ploy. He wants to submit privilege logs to the jury — privilege logs to which Sussmann is not the privilege holder and therefore is helpless to waive — to insinuate that he’s covering something up.

Again, there can be no mistake as to the purpose for the Special Counsel’s tactics here. The animating theory of the Special Counsel’s Indictment is that, in meeting with the FBI and Agency-2, Mr. Sussmann sought to conceal that he was secretly working on behalf of the Clinton Campaign and Mr. Joffe. Lacking actual evidence of Mr. Sussmann’s guilt, the Special Counsel seeks instead to convict Mr. Sussmann by insinuating to the jury that such evidence must exist— by inviting them to draw the inference that, because Mr. Sussmann’s alleged clients and co-conspirators have chosen to withhold information relating to the very same relationship the Special Counsel alleges they and Mr. Sussmann sought to conceal, that information must be inculpatory.

Permitting the Special Counsel to prejudice Mr. Sussmann and to shirk his burden of proof by leading the jury to an adverse inference would be impermissible under any circumstance. But it is particularly egregious here, because Mr. Sussmann is not the privilege holder. The Special Counsel’s tactics would accordingly penalize Mr. Sussmann for another party’s invocation of their own right to assert the privilege, a decision that was not his to make. Convicting him on the basis of such fundamentally unfair circumstances would amount to a miscarriage of justice.

Durham Prosecutor Andrew DeFilippis Confirmed to Rodney Joffe He May Continue Indefinitely

/20 Comments/in , /by

On Monday, both John Durham and Michael Sussmann submitted their motions in limine, which are filings to argue about what can be admitted at trial. They address a range of issues that I’ll cover in several posts:

Sussmann:

Durham wants to:

  • Admit witnesses’ contemporaneous notes of conversations with the FBI General Counsel
  • Admit emails referenced in the Indictment and other, similar emails (see this post)
  • Admit certain acts and statements (including the defendant’s February 2017 meeting with a government agency, his December 2017 Congressional testimony, and his former employer’s October 2018 statements to the media) as direct evidence or, alternatively, pursuant to Federal Rule of Evidence 404(b)
  • Exclude evidence and preclude argument concerning allegations of political bias on the part of the Special Counsel (addressed in this post)
  • Admit an October 31, 2016 tweet by the Clinton Campaign

I will link my discussions in serial fashion.

In a motion to dismiss, Michael Sussmann just requested that Judge Christopher Cooper give Special Counsel Durham a choice: either immunize Rodney Joffe, or dismiss the case.

Sussmann wants to call Joffe to provide exculpatory testimony.

Mr. Joffe would offer critical exculpatory testimony, including that: (1) Mr. Sussmann and Mr. Joffe agreed that information should be conveyed to the FBI and to Agency-2 to help the government, not to benefit Mr. Joffe; (2) the information was conveyed to the FBI to provide a heads up that a major newspaper was about to publish a story about links between Alfa Bank and the Trump Organization; (3) in response to a later request from Mr. Baker, Mr. Sussmann conferred with Mr. Joffe about sharing the name of that newspaper before Mr. Sussmann told Mr. Baker that it was The New York Times; (4) the researchers and Mr. Joffe himself held a good faith belief in the analysis that was shared with the FBI, and Mr. Sussmann accordingly and reasonably believed the data and analysis were accurate; and (5) contrary to the Special Counsel’s entire theory, Mr. Joffe was neither retained by, nor did he receive direction from, the Clinton Campaign.

But after Joffe’s lawyer Steven Tyrell received Sussmann’s trial subpoena, he asked Andrew DeFilippis if he remained a subject of the investigation — more than five years after his last action in this case — DeFilippis stated that he continued to chase vague claims about the YotaPhone allegations shared in the February 9, 2017 meeting with the CIA.

On March 31, the day after receipt of the subpoena, I spoke by telephone with representatives of the Office of Special Counsel (“OSC”) in an effort to obtain sufficient information from which I could assess and advise my client whether he has a credible fear of prosecution. I then explained that I had requested an update because my client had received your trial subpoena. Given the impending trial date, I stated that we wished to inform you as soon as possible whether Mr. Joffe intends to invoke his Fifth Amendment rights if called to testify. I indicated that Mr. Joffe has a desire to testify, but he has concerns about doing so ifhe is a subject of the OSC’s investigation. In response, Mr. Defilippis confirmed that Mr. Joffe remains a subject of the investigation (as he has been since our first contact with the OSC fifteen months ago). I then asked if Mr. DeFilippis could explain what basis remains for Mr. Joffe’s possible prosecution. Rather than provide any additional information to aid in our assessment of the risk of prosecution, Mr. Defilippis stated that in his view, Mr. Joffe’s status in the investigation was sufficient to establish a good faith basis to invoke the privilege against self-incrimination. Mr. Defilippis further stated that OSC did not want to get into any more detail, and presumed that Latham would understand if Mr. Joffe decided to invoke.

I then stated to Mr. DeFilippis that more than five years has elapsed since the events that are described in the indictment against your client and the OSC’s related public filings, including the September 19, 2016, meeting with the FBI and the February 9, 201 7, meeting with , and asked what other basis the OSC might have to charge Joffe with criminal conduct. Mr. Defilippis replied in general terms that while it was fair to say that the Alfa-related allegations tied back to Sussmann’s September 19, 2016 meeting, the Yota phone-related allegations continued to “percolate through various branches of the government and around the private sector after that date, in various forms.” Defilippis further noted that certain fraud statutes have longer than a five-year limitations period, although he did not specify what statutes might be implicated by the events in question. Beyond that, Mr. Defilippis was unwilling to comment further. In light of Mr. Defilippis’ unwillingness to provide additional information, I asked whether he ever envisioned an end to my client’ status as a subject of the OSC’s investigation, and if so, when that might be. Mr. Defilippis indicated that he was unable to put an end date on the investigation at this point, and that it would depend upon various factors, including the conduct in question and the applicability of various limitations periods. [my emphasis]

According to Sussmann attorney Sean Berkowitz, just weeks ago, Durham was pressuring Joffe to testify against Sussmann.

Third, given the Special Counsel’s repeated entreaties to Mr. Joffe to cooperate in the Special Counsel’s investigation against Mr. Sussmann, including only weeks ago, the Special Counsel’s refusal to confer immunity on Mr. Joffe, and the Special Counsel’s insistence that Mr. Joffe continues to face criminal exposure, seems to be not only retaliatory, but tantamount to a “deliberate[] deni[al] [of] ‘immunity for the purpose of withholding exculpatory evidence and gaining a tactical advantage through such manipulation.’” Ebbers, 458 F.3d at 119 (citation omitted). As in Smith, “[i]f the witness were guilty of [the threatened offenses], he should have been charged with those offenses whether he testified or not. The [Special Counsel is] obviously threatening the witness to stop him from testifying-even truthfully.” Simmons, 670 F.2d at 369 (describing Smith, 478 F.2 at 979).

The message is clear: John Durham will keep his investigation open indefinitely so he can threaten to prosecute anyone for testimony that doesn’t confirm his preconceived prior beliefs, even on things that make the strained Sussmann charge look conventional by comparison.

Durham doesn’t want truthful testimony. He wants testimony that will bolster his conspiracy theories. And he’s willing to continue indefinitely to get it.

Before John Durham’s Originator-1, There Was a Claimed BGP Hijack

/61 Comments/in , , /by

In this post, I described that “Phil,” the guy I went to the FBI about because I suspected he had a role in the Guccifer 2.0 persona, had a role in the Alfa Bank story. As noted, Phil’s provable role in pushing the Alfa Bank story in October 2016 was minor and would have no effect on the false statement charge — for an alleged lie told in September 2016 — against Michael Sussmann. But because of Durham’s sweeping materiality claims, it might have an impact on discovery.

It has to do with the theory that Alfa Bank has about the DNS anomalies, a theory that Durham seems to share: that the data was faked.

As Alfa laid out in its now abandoned John Doe lawsuits, it claims that the anomalous DNS traffic that Michael Sussmann shared with the FBI in September 2016 was faked. The bank appears to believe not just that the data was faked, but that April Lorenzen is involved in some way. For example, it describes that Tea Leaves and “two accomplices” were sources for Franklin Foer (though elsewhere, the lawsuit claims that Tea Leaves was pointed to the data by the unknown John Doe defendants).

Durham seems even more sure that Lorenzen is the culprit. For example, he always refers to the data as “purported.” He refers to Lorenzen as “Originator-1” rather than “Data Scientist-1” or “Tea Leaves,” insinuating she fabricated the data. And when Sussmann asked for all evidence indicating that Durham had bullied witnesses, Durham provided emails involving Lorenzen’s lawyers.

Alfa Bank might be excused for imagining that Lorenzen is the primary culprit to have fabricated the data. According to Krypt3ia, when Alfa asked him for his communications, he only had one email, with a different journalist, to share. They quite clearly don’t understand that someone else was involved in publicizing these claims.

Durham doesn’t have the same excuse.

That’s because DOJ – of which Durham remains a part – knows at least some of the details about “Phil” that I laid out in my last post. Because they would have checked Twitter to vet some of my most basic claims, they almost certainly obtained the Twitter DMs (or at least the metadata) showing that Phil brokered the tie between Krypt3ia and the NYT.

To be clear: I have no evidence that Phil altered the DNS records. I’m agnostic about what caused the anomaly (though am convinced that the experts involved believe the anomaly is real, even if they offer varying explanations for the cause). But Durham has made the source of the anomaly an issue to bolster his claims about materiality. And, as Sussmann noted in a recent filing, “Much as the Special Counsel may now wish to ignore the allegations in the Indictment, he is bound by them.” So, it seems, Durham’s on the hook for telling Sussmann if DOJ knows of anyone else involved in pushing the Alfa Bank story who could be a possible culprit for fabricating the data, especially if that person was known to have clandestinely signed a comment, “Guccifer 2.0.”

Phil probably faked a BGP hijack

The fact that Phil alerted the NYT to the Russian proxy of Lorenzen’s data matters not just because he had, months earlier, claimed to work for an FSB-led company and, even before that, claimed to have been coerced by Russian intelligence at an overseas meeting before the known DNC operation started.

It also matters because (I believe) Phil faked an Internet routing record in the same month the Alfa/Trump/Spectrum anomalies started.

In May 2016, Phil shared what he claimed was a traceroute of a request to my site, an Internet routing record that is different than but related to the DNS records at the heart of the Alfa Bank story. The screencap he sent me purported to show that a request to my site had been routed through (to the best of my memory) some L3 routers in Chicago, to Australia, back to those L3 switches, to my site. Phil was claiming to show me proof that someone had diverted requests to my site overseas along the way – what is known as a BGP hijack. Phil showed this to me in the wake and context of a DDOS attack that had brought my site down for days, an attack which led me to rebuild my site, change hosts, and add Cloudflare DDOS protection.

May 2016, the month Phil showed me what I believe to be a faked traceroute, is the same month the anomalous traffic involving Alfa Bank, Spectrum Health, and a Trump-related server started.

Phil used that traceroute to claim that the US intelligence community was diverting and spying on traffic to my website.

The claim made no sense. The only thing that diverting my traffic would get spies is access to my readers’ metadata, which would be readily accessible via easier means, including with a subpoena to my host provider. Aside from a bunch of drafts that I’ve decided didn’t merit publication, there’s no non-public content on my site. I was not competent (and did not ask others) to assess the validity of the screencap itself, but I considered it unreliable because it didn’t show the query or originating IP address behind the record, which would be needed to test its provenance.

I don’t have that original traceroute (I replaced my phone not long after he sent it). But in June 2016 he shared a reverse DNS look-up related to my site that wasn’t altered but in which Phil invoked the earlier one.

I corrected him in this case – this IP address was readily explainable; it was Cloudflare (which Phil surely knew). But Phil nevertheless repeated his earlier claim that “they” were hijacking my traffic.

When I said that Phil had been tracking how requests to my site worked for some time before he left a comment signed [email protected] in July 2016, this weeks-long exchange is what I was referring to. He had, effectively, been watching as I added Cloudflare protection to my site.

These screencaps show that Phil, who months later would play a role in pushing the Alfa Bank story, was using DNS records — real and possibly faked — as a prop in a false story.

Phil tracked DOD contracts closely

That’s not the only detail that DOJ may know about that Durham should consider before insinuating that Lorenzen is the most likely culprit if this data was fabricated. DOJ may know that Phil tracked DOD contracts very closely. That’s important because it explains how Phil could have learned researchers would be looking closely at DNS records.

For years, I’ve believed that the Alfa-Trump-Spectrum Health effort was disinformation, because so much of what came out that year was and because I viewed the Spectrum Health stuff to be such a reach. My belief it might be disinformation only grew stronger when I discovered the focus on Spectrum Health, with its link to Erik Prince’s sister’s spouse, came just after Prince had asked Roger Stone about his efforts to reach out to WikiLeaks.

Certainly, Putin exploited the allegations afterwards to his advantage. He used them to push Alfa Bank’s Petr Aven to take a primary role in reaching out to Trump during the transition, at least as recounted in the Mueller Report.

According to Aven, at his Q4 2016 one-on-one meeting with Putin,981 Putin raised the prospect that the United States would impose additional sanctions on Russian interests, including sanctions against Aven and/or Alfa-Bank.982 Putin suggested that Aven needed to take steps to protect himself and Alfa-Bank.983

981 At the time of his Q4 2016 meeting with Putin, Aven was generally aware of the press coverage about Russian interference in the U.S. election. According to Aven, he did not discuss that topic with Putin at any point, and Putin did not mention the rationale behind the threat of new sanctions

Aven even used Richard Burt, one of the people scrutinized by the Fusion and DNS research, to reach out to Trump, effectively pursuing precisely the back channel between Alfa and Trump that Fusion suspected months earlier.

The relevant part of Aven’s interview is redacted, so it’s not clear whether Aven mentioned that Alfa Bank had been a key focus of the interference allegations. But that’s the presumptive subtext: along with the Steele dossier, the DNS anomaly – both of which, in several lawsuits since, Aven or Alfa have claimed were “gravely damaging” – raised suspicions about Alfa Bank and made it more likely the bank would be sanctioned than had been the case previously.

And before the bank did get sanctioned last month, Alfa was using the DNS anomaly to conduct a lawfare campaign to learn how the US uses DNS tracking to thwart hacks (one wonders if Putin ordered that campaign, like he personally ordered Aven to reach out to Trump). That campaign even got a bunch of frothy right-wingers to decry efforts to prevent and detect nation-state hacks on the US. So at the very least, Russia has exploited the Alfa-Trump allegations to great benefit, one measure of whether something could be deliberate disinformation.

But as I’ve talked to people who’ve tried to figure out what the anomaly was – including experts who believed it did reflect real communication as well as some who didn’t – they always explained that seeding disinformation in such a fashion would be useless. That’s because you couldn’t ensure that any disinformation you planted would be seen. That is, unlike the Steele dossier, which was being collected by an Oleg Deripaska associate and shared with the press (and for which there’s far more evidence Russia used it to plant disinformation), you could never expect the disinformation to be noisy enough to attract the desired attention.

In the years since the original story, how researchers who found the anomalous data obtained the DNS data has driven a lot of the hostility behind it. The researchers have tried to hide where they got the data for proprietary and cybersecurity reasons. John Durham has alleged there was some legal impropriety behind using it, even when used (as the researchers understood they were doing) to research ongoing nation-state hacks. And Alfa Bank was using lawfare to try to find out as much about the means by which this DNS traffic was observed by cybersecurity experts as possible. The full story of how the researchers accessed the data has yet to be reported, but as I understand it, there’s more complexity to the question than initially made out or than has made it into Durham’s court filings. That complexity would make it even harder to anticipate where DNS researchers were looking. So, multiple experts told me, it would be crazy to imagine anyone would have thought to seed disinformation in DNS records expecting it’d get picked up via those collection points in 2016, because no one would have expected anyone was observing all those collection points.

If a Fancy Bear shits in the DNS woods but there’s no one there to see it, did it really happen?

But there was, in fact, a way to anticipate it might get seen.

As the Sussmann indictment vaguely alluded to and this NYT story laid out in detail, researchers found the DNS anomalies in the context of preparing a bid for a DARPA research contract.

The involvement of the researchers traces back to the spring of 2016. DARPA, the Pentagon’s research funding agency, wanted to commission data scientists to develop the use of so-called DNS logs, records of when servers have prepared to communicate with other servers over the internet, as a tool for hacking investigations.

DARPA identified Georgia Tech as a potential recipient of funding and encouraged researchers there to develop examples. Mr. Antonakakis and Mr. Dagon reached out to Mr. Joffe to gain access to Neustar’s repository of DNS logs, people familiar with the matter said, and began sifting them.

Separately, when the news broke in June 2016 that Russia had hacked the Democratic National Committee’s servers, Mr. Dagon and Ms. Lorenzen began talking at a conference about whether such data might uncover other election-related hacking.

The DOD bidding process provided public notice that DARPA was asking researchers to explore multiple ways, including DNS traffic, to attribute persistent hacking campaigns in real time.

The initial DARPA RFP was posted on April 22, 2016, ten days before the anomalous traffic started but well after the Russian hacking campaign had launched (documents FOIAed by the frothers reveal that the project was under discussion for months before that). This RFP provided a way for anyone who tracked DOD contracts closely to know that people would be looking and the announcement itself included DNS records and network infrastructure among its desired measurements. Depending on the means by which DARPA communicated about the contract, it might also provide a way to find out who would be looking and how and where they would be looking, though as I understand it, the team at Georgia Tech would have been an obvious choice in any case.

Phil tracked DOD contracts very closely. In September 2016, for example, he sent me a text alerting me to a new Dataminr contract just 66 minutes after I published a post about the company (I later wrote up the contract).

Phil also told me, verbally, he was checking what contracts DOD had with one of the US tech companies for which a back door was exposed in summer 2016. He claimed he was doing so to see how badly the government had fucked itself with its failure to disclose the vulnerability. By memory (though I am not certain), I believe it was Juniper Networks, in the wake of the Shadow Brokers release of an NSA exploit targeting the company.

And even on top of Phil’s efforts to convince me that the DNC hack wasn’t done by APT 28, DOJ has other evidence that Phil tracked APT attribution efforts closely, even using official government resources to do so. So it would be unsurprising if he had taken an interest in a contract on APT attribution in real time.

Durham may have access to some or all of this

Durham insinuates the DNS records are faked and he appears to want to blame Lorenzen for faking them. But he may be ignoring evidence in DOJ’s possession that someone else who, I’ve now confirmed, played at least a minor role in pushing the Alfa Bank story was using Internet routing records, possibly faked, to support a false story in May 2016.

To be sure: while I know the investigation into Phil continued at least the better part of a year after my FBI interview about him, any feedback I’ve gotten about that investigation has been deliberately vague. So aside from the obvious things – like the Twitter records that would show Phil’s DMs with Krypt3ia and Nicole Perloth – I can’t be sure what is in DOJ’s possession.

I don’t even know whether the 302 from my FBI interview would mention Phil’s pitch of the Alfa Bank story to me. It was on a list of the things I had intended to describe in that interview. But I didn’t work from the list in the interview itself and I have no affirmative memory of having mentioned it. If I did, it would have amounted to me saying little more than, “he also was pushing the Alfa Bank story.”

That said, unless the FBI agents were epically incompetent, my 302 should mention Alfa Bank, because I’m absolutely certain I raised this post and its emphasis on the inclusion of Alfa Bank in an alarming April 2017 BGP hijack.

And in fact, there’s a way Durham could have found out about Phil’s role in the Alfa Bank story independent of my FBI interview. Of just two people in the US government with whom I shared some of the Alfa Bank-related texts I exchanged with Phil (both were Republicans), one was centrally involved in the investigations that fed into the Durham investigation. If this stuff matters, Durham should ask why several of his key source investigations didn’t focus on it.

Durham should know that Phil had a role in the Alfa Bank story.

And given his insinuations in the indictment that Lorenzen fabricated DNS data in May 2016, making the insinuation part of his materiality claims, Durham may be obligated to tell Michael Sussmann that DOJ already knows of someone who was pushing the Alfa Bank story who used DNS data to tell a false story in May and June 2016.

John Durham Keeps Chasing Possible Russian Disinformation

/59 Comments/in , /by

Yesterday, the two sides in the Michael Sussmann case submitted the proposed jury questions they agree on and some they disagree on.

Durham objects to questions about security clearances and educational background (presumably Durham wants to make it harder for Sussmann to get people who understand computers and classification on the jury).

Sussmann objects to questions about April Lorenzen’s company and Georgia Tech.

He also objects to a question that assumes, as fact, that the Hillary campaign and the DNC “promoted” a “collusion narrative.”

I suspect Sussmann’s objections to these questions are about direct contact. For all of Durham’s heaving and hollering, while Sussmann definitely met with Fusion GPS, of the researchers, the indictment against Sussmann only shows direct contact with David Dagon. Everything else goes through Rodney Joffe. Plus, a document FOIAed by the frothy right shows that Manos Antonakakis believes what is portrayed in the indictment is at times misleading and other times false, which I assume he’ll have an opportunity to explain at trial.

As regards the campaign, as I already noted, when Sussmann asked Durham what proof the Special Counsel had that he was coordinating with the campaign, Durham pointed to Marc Elias’ contacts with the campaign and, for the first time (over a month after the indictment), decided to interview a Clinton staffer.

Sussmann will probably just argue that Durham’s plan to invoke these things simply reflects Durham’s obstinate and improper treatment of a single false statement charge as a conspiracy the Special Counsel didn’t have the evidence to charge.

But Durham’s inclusion of it makes me suspect that Durham wants to use an intelligence report that even at the time analysts noted, “The IC does not know the accuracy of this allegation or the extent to which the Russian intelligence analysis may reflect exaggeration or fabrication.” Nevertheless, John Ratcliffe, who has a history of exaggeration for career advancement, declassified, unmasked Hillary’s name, and then shared with Durham.

If Durham does intend to use this, though, it would likely mean Durham would have to share parts of the Roger Stone investigation file with Sussmann. That’s because the report in question ties the purported Clinton plan to Guccifer 2.0.

And as the FBI later discovered, there was significant evidence that Roger Stone had been informed of the Guccifer 2.0 persona before it went public.

That information, along with a bunch of other things revealed about Stone’s activities before this Russian report, suggest the Russian report may actually be an attempt to protect Stone, one that anticipated Stone’s claims in the days after the report that Guccifer 2.0 was not Russian.

Unless Durham finds a way to charge conspiracy in the next two months, Judge Christopher Cooper would do well to prevent Durham from continuing his wild conspiracy theorizing. Because it’s not clear Durham knows where the strings he is pulling actually lead.