Posts

The Seth DuCharme Confession in the Charles McGonigal Sentencing Memo

In his sentencing memo for Charles McGonigal’s DC case, former Bill Barr flunky Seth DuCharme twice misstated the nature of the false statement for which Kevin Clinesmith was sentenced.

In a passage comparing other government officials who had omitted information from government filings, as McGonigal pled he had, DuCharme asserted that Clinesmith was prosecuted for making “false statements,” plural, “in application for” FISA warrant.

United States v. Clinesmith, No. 1:20-cr-165 (D.D.C. 2020) (imposing probation against FBI attorney for false statements in application for a Foreign Intelligence Surveillance Act (“FISA”) warrant); [my emphasis]

Even before that, in arguing that Judge Colleen Kollar-Kotelly should not apply a sentencing enhancement, he turned to Clinesmith. This time, he accused Clinesmith of causing false information to be submitted to FISC.

Mr. McGonigal disagrees with the application of the cross reference in Section 2B1.1(c)(3), which would increase his base offense level to 14, as inconsistent with case precedent. In United States v. Clinesmith, No. 1:20-cr-165 (D.D.C. 2020), the government did not seek and the sentencing court did not independently apply the cross reference to the obstruction Guideline at the sentencing of an FBI attorney who caused false information to be submitted to the U.S. Foreign Intelligence Surveillance Court (“FISC”) in an application for a Foreign Intelligence Surveillance Act (“FISA”) warrant sought in connection with an active FBI investigation. The government’s position that false statements to the FISC during an active investigation does not warrant application of the cross reference while Mr. McGonigal’s conduct does is perplexing. While Mr. McGonigal concedes that this Court in United States v. Hawkins, 185 F. Supp. 3d 114 (D.D.C. 2016) held that it may consider conduct in the statement of the offense, and the court in United States v. Saffarinia, 424 F. Supp. 3d 46 (D.D.C. 2020) held that at the motion to dismiss phase Section 1519 is broad enough to cover false statements on OGE-278 forms, it is difficult to reconcile these cases with the Clinesmith court’s more recent analysis. In Clinesmith, the District Court declined to apply the obstruction cross reference in determining the applicable Guidelines range, and we respectfully request that this Court similarly decline to apply the cross reference to the facts at issue here. [my emphasis]

Kevin Clinesmith altered an email and with it, misled a colleague, thereby preventing the FBI from fully informing the FISA Court on something material to the application. In that, he “caused” information not to be shared with the FISC. He did not make false statements in the application (and in any case, the original decision not to notify the court that Page had years earlier shared information with the CIA about Russian spies, which Clinesmith had no part of, had in significant part to do the the fact that Page had not been an approved contact of the CIA for several years before 2016, when he went out of his way to contact the Russians about his role in a counterintelligence investigation). Nor did Clinesmith cause affirmative false statements to be made.

His was a crime of omission, not commission, as DuCharme claimed. I emailed DuCharme about the basis for these claims but got no response.

More importantly, whether you agree with him or not, Judge James Boasberg explained why he sentenced Clinesmith to probation: because he didn’t think Clinesmith believed he was lying and the former FBI lawyer got no benefit from his false claim.

First, he obtained no real personal benefit from his actions and he had no active intent to harm.

Although the government has contested this, my view of the evidence is that Mr. Clinesmith likely believed that what he said about Dr. Page was true, namely that he was a subsource but not a source of the Other Government Agency. By altering the e-mail, he was saving himself some work and taking an inappropriate shortcut. But I do not believe that he was attempting to achieve an end he knew was wrong.

I’m on the record saying Clinesmith should have gotten some jail time, even in spite of the wildly unsubstantiated claims Durham’s team made about politicization. I think DuCharme is totally right to compare how lenient courts have been with government officials who fail to disclose things, including by invoking the Clinesmith sentence. That’s all sound lawyering.

But his sloppy treatment of Clinesmith — the appointment of John Durham to prosecute for which DuCharme played a central role — comes off as petulant and partisan. Indeed, Barr’s office took personal interest in this prosecution all the way through the time DuCharme swapped back to EDNY, as revealed by a text exchange Barr had with his Chief of Staff, probably complaining that Boasberg remained on this case, after the plea deal.

There are few factual similarities to the two cases, and by focusing so much on him, DuCharme seems to be saying, “if Kevin Clinesmith didn’t have to go to jail based on our conspiracy theories about him, my guy shouldn’t have to either.”

All the more so given another enhancement argument DuCharme made. He argues that a 3-level enhancement should not be applied because McGonigal trumped up a FARA investigation into the rival of the Albanian paying him to travel around Europe, the thing he failed to disclose.

Mr. McGonigal further disagrees with the application of Section 2J1.2(b)(2) resulting in a three-level enhancement for “substantial interference” with the administration of justice. According to the PSR, the enhancement is applied to Mr. McGonigal because he admitted to “speaking with a foreign official about a matter in which Person A had a financial interest, and opening a criminal investigation based on information provided to him by Person A.” PSR ¶ 57. While the enhancement is appropriately applied to the “premature or improper termination of a felony investigation,” we are aware of no authority supporting its application to the opening of a felony investigation, as is the case here. 7 As Special Agent in Charge (“SAC”) of Counterintelligence for the New York Field Office, it was Mr. McGonigal’s job to pass along information he received that could be indicative of criminal activity. Had Mr. McGonigal taken the alternative route and concealed or withheld the information he received from Person A concerning potential criminal activity in the United States, that would be troubling. Instead, he passed the tip and lead to the FBI, to be appropriately vetted by the Bureau and the U.S. Attorney’s Office. Accordingly, the application of Section 2J1.2(b)(2) is unwarranted.

7 U.S.S.G. § 2J1.2 (“Substantial interference with the administration of justice” means “a premature or improper termination of a felony investigation; an indictment, verdict, or any judicial determination based upon perjury, false testimony, or other false evidence; or the unnecessary expenditure of substantial governmental or court resources.”); see e.g., United States v. Baker, 82 F.3d 273 (8th Cir 1996) (applying enhancement to police officer who improperly terminated a felony investigation). [my bold, italics original]

The technical issue — whether this enhancement can be used because someone initiated an improper investigation rather than improperly ending one — will make an interesting appeal if Kollar-Kotelly applies the enhancement and and sentences McGonigal to serve his sentence concurrent to the 50-month sentence Judge Jennifer Rearden gave McGonigal for trying to trump up sanctions against an Oleg Deripaska rival in SDNY, something DOJ is not requesting. But it’s likely that would be unsuccessful: As the government notes in its sentencing memo and even the footnote here makes clear, after the termination language DuCharme focuses on, the guideline continues, “or the unnecessary expenditure of substantial governmental or court resources.” And McGonigal’s opening an investigation against his business partner’s rival used counterintelligence resources that should have been spent on more serious threats.

FBI officials even questioned the propriety of opening up the criminal investigation at the time it was initiated, but cited the defendant’s directive. See Ex. 1 at 1.

[snip]

Here, initiating the investigation based on Person A’s information was particularly egregious given its lack of substantiation, which is why it was promptly closed following the defendant’s retirement.

DOJ provided records showing that one of McGonigal’s colleagues was genuinely troubled about the propriety of opening a FARA case against someone who had already registered under FARA regarding a country, Albania, that isn’t among the countries of priority for such things. By opening an investigation into a lobbyist for an Albanian political party (reportedly former Ted Cruz Chief of Staff Nicholas Muzin), McGonigal was drawing resources away from more pressing threats.

So my question is with all the talk of shortage of resources and most field offices having difficulty covering Band 3 and 4 threats, and FARA cases from banded threat countries rarely prosecuted by DOJ, why is NY requesting a SIM FAR investigation be opened on Albania for an improper FARA registration as a threat to national security?

I of course will fully support anything NY wants to do in their AOR, but once the paperwork to restrict the case gets reported up my chain of command, I would like to be able to explain to them why we are working an Albanian SIM/FARA case when every day I am in there fighting for resources on some national security matters pertaining to banded countries such as [redacted]. I am assuming since this directive is coming from SAC McGonigal there is more to this story?

Per those records, McGonigal appears to have caused a politically connected Republican to have nine of his bank accounts scrutinized before the investigation got closed. The Albanian section of Oversight Democrats’ report on Trump’s acceptance of emoluments provides more background on the political wranglings involved; Albanian Prime Minister Edi Rama and two aides spent almost $3,500 at Trump’s hotel on a trip when they met with McGonigal.

Notably, the investigation against this lobbyist, like Crossfire Hurricane, was opened as a Full investigation from the start.

And after the FBI discovered that McGonigal had opened up an investigation to help his business partner, the FBI has had to review all the other cases he was working on to make sure he hadn’t similarly used criminal investigations for self-interested purposes.

Moreover, given the defendant’s senior and sensitive role in the organization, the FBI has been forced to undertake substantial reviews of numerous other investigations to insure that none were compromised during the defendant’s tenure as an FBI special agent and supervisory special agent. The defendant worked on some of the most sensitive and significant matters handled by the FBI. PSR ¶¶ 98-101. His lack of credibility, as revealed by his conduct underlying his offense of conviction, could jeopardize them all. The resulting internal review has been a large undertaking, requiring an unnecessary expenditure of substantial governmental resources.

The misrepresentation of the Clinesmith plea might be reasonable coming from someone else. Like all criminal defendants, McGonigal deserves zealous advocacy.

But this argument came from Seth DuCharme.

It came from someone who opened a four year follow-on investigation in which the only crime ever identified was that Clinesmith alteration — and that crime was discovered by someone else, and could easily have been, and should have been, prosecuted by the very same prosecutors who did prosecute it, only instead reporting to the Trump appointed US Attorney in DC rather than Durham. And among the prosecutions pursued as part of that four year investigation that Seth DuCharme opened was a false statements case against Michael Sussmann based off logic directly contrary to what DuCharme argues here, that McGonigal would have failed to do his duty if he hadn’t opened the investigation into his business partner’s rival. That logic, applied to the Durham investigation, says it would have been remiss not to investigate the Alfa Bank allegations that Sussmann shared with Jim Baker — which is exactly what Sussmann said from the start.

Worse still, that argument DuCharme makes, that, “it was Mr. McGonigal’s job to pass along information he received that could be indicative of criminal activity,” is precisely the argument that Bill Barr made to explain a similar laundering of self-interested information that Seth DuCharme effected: the channeling of information from Rudy Giuliani to the Hunter Biden investigation.

The DOJ has the obligation to have an open door to anybody who wishes to provide us information that they think is relevant.

That is, the dishonest argument that Seth DuCharme is making, trying to dismiss the seriousness of Charles McGonigal’s use of FBI resources to conduct an investigation in which he had an undisclosed personal interest? It’s an argument that might also exonerate his own twin efforts to launch massive investigations into Donald Trump’s political rivals.

In fact, in McGonigal’s Deripaska-related sentencing hearing, DuCharme said something shocking. In that case, he said that McGonigal’s enthusiasm for working with someone whom the former FBI agent himself had identified as a Russian spy was only a problem because he was no longer covered by public authority defense. “[O]ne of the critical mistakes he makes in embracing this is that he no longer has the public authority that he had as an FBI agent.” That is, Seth DuCharme, who did set up a way to use dirt from a known Russian spy for a politicized investigation, argued that’s all cool if you’ve got the legal cover of official employ.

By all means, lawyers for Charles McGonigal should point out that DC judges rarely punish government officials who lie by omission that harshly. But in attempting to do that, Seth DuCharme said as much about his own ethics and actions than he did about his client’s crimes.


 

 

Unlike Michael Sussmann, Patrick Byrne Was Not Prosecuted for Providing Allegedly False Tips to the Government

Among the many records on the Durham investigation DOJ newly released to American Oversight on June 1 is an email, dated August 23, 2019, from Seth DuCharme to Durham and one of his aides revealing that “Overstock CEO gave info to DOJ for John Durham’s review of Russia investigation origins.”

We can be fairly sure what Byrne provided DOJ because he first went on Fox and CNN and laid it all out there. His excuse for getting laid by Maria Butina, he said, was that Peter Strzok told him to do it as an investigative ploy (the reasons why have never really made sense).

“I figured out the name of who sent me the orders and this has been confirmed. The name of the man who sent me was Peter Strzok,” Byrne exclaimed, naming the embattled former FBI agent at the center of the right’s Spygate conspiracies. “This is going to be quite a whirlwind.”

At times bursting into tears, Byrne alleged there was a “big coverup” of “political espionage” that was connected to President Trump, Hillary Clinton, Marco Rubio and Ted Cruz, insisting that “this is not a theory” of his because he was “in the room when it happened.”

“Both catching my friend’s murderer and taking on Wall Street were consistent with my values and it was my honor to help the Men in Black and it was the third time that they came to me,” he said at one point. “And I got some request, I did not know who the hell it came from and it was fishy and three years later on watching television and I realized who it was—it was Peter Strzok and [former Deputy FBI Director] Andy McCabe, that the orders came from.”

Byrne said he decided to come forward with his Deep State concerns because he felt guilty for recent mass shootings.

“But the issue is, I realized that these orders I got came from Peter Strzok, and as I put together things, I know much more than I should know and tried to keep silent,” he said. “Everyone in this country has gone nuts, and especially for the last year when I realized what I know, every time I see one of these things, somebody drives 600 miles to gun down 20 strangers in the mall, I feel a bit responsible.”

[snip]

“No doubt Peter Strzok would watch this and say he’s full of it, I had nothing to do with anything,” the Fox News anchor stated.

Here is my first post on the allegations, written the same day as this Seth DuCharme email.

Strzok would ultimately deny the allegations about him specifically.

In early November, he told me that he had never met Byrne, and had “no awareness” of him before reading about him in the news in August, 2019. When I asked about one of Byrne’s most incendiary claims—whether an F.B.I. agent might instruct someone to pursue a romantic relationship with a suspect in order to gather intelligence—Strzok said that the Bureau had thirteen thousand agents, and that, though he couldn’t dismiss Byrne’s story out of hand, it sounded “extraordinarily fantastical.” He went on, “This isn’t some James Bond film—we don’t tell people, ‘Go bed this vixen for your country.’ ”

And, unless I missed it in John Durham’s report, he did not even include this among the things he investigated.

It’s hard to know how seriously DOJ took it, but DuCharme’s involvement shows it had the same kind of high level interest as the Alfa Bank anomalies. One of Bill Barr’s key advisors was involved in it. And whatever heed DOJ paid to it, would be hard to take Byrne’s allegations less seriously than the Cyber agents who dismissed the Alfa Bank anomalies in barely more than a day, making substantial errors along the way.

Plus, DOJ withheld this information under a b7A exemption, reflecting that it was treated as part of an ongoing investigation, until Durham finished. Someone at DOJ treated this with enough seriousness to bury for four years. Which raises the prospect that Durham believed it was sound to criminalize Michael Sussmann, a Democratic lawyer sharing a honestly held tip, but chose to do nothing about a guy with ties to a convicted Russian agent sharing wild conspiracies.

And here we are, four years later, and Byrne continues to share wild conspiracies, most that undermine American democracy.

And now, amid reports that Jack Smith is zeroing in the December 18, 2020 meeting at which Patrick Byrne and others pitched seizing voting machines, Byrne is suggesting he has — and plans to release — kompromat on Smith (he may have deleted this but this thread repeats the theme).

I’m not saying Byrne should have been prosecuted for making unsubstantiated claims about the Russian investigation — unless the government can tie his motive to Butina’s operation.

I’m saying the contrast with what Durham did with Michael Sussmann and what he didn’t do with Byrne is a stark indicator that he would criminalize Democratic politics while ignoring crazy conspiracies from someone with direct ties to a Russian influence operation.

Update: Added a second part from the FOIA. h/t Brian Pillon.

Andrew DeFilippis Had a Role in the Prosecution of Gal Luft’s Co-Conspirator-1

James Comer plans to rely on Gal Luft’s testimony in his efforts to gin up conspiracy theories against Joe Biden, even in spite of the indictment against Luft DOJ obtained before James Comer started pursuing his conspiracy theories.

Andrew DeFilippis handled the classified evidence in the Patrick Ho case

Because of that, I want to flag a detail about the Patrick Ho case, the case out of which this one arose.

Ho is the person described as Co-Conspirator-1 in the Luft indictment.

Ho was sentenced on March 25, 2019 for bribing Chadian and Ugandan officials; the former scheme started in a suite in Trump Tower in 2014.

Through a connection, HO was introduced to Cheikh Gadio, the former Minister of Foreign Affairs of Senegal, who had a personal relationship with President Déby. HO and Gadio met at CEFC China’s suite at Trump World Tower in midtown Manhattan, where HO enlisted Gadio to assist CEFC China in obtaining access to President Déby.

Days after Ho was sentenced, the two lead prosecutors on that case, Catherine Ghosh and Daniel Richenthal, flew to Brussels to meet with Luft. As alleged in the indictment, Luft lied to those prosecutors and four FBI agents about both the arms deals and Chinese influence peddling for which he has since been charged.

64. On or about March 28, 2019, in the Southern District of New York, Belgium, and elsewhere outside of the jurisdiction of any particular State or district of the United States, GAL LUFT, the defendant, who is expected to be first brought to and arrested in the Southern District of New York, a matter within the jurisdiction of the executive branch of the Government of the United States, knowingly and willfully made a materially false, fictitious, and fraudulent statement and representation, to wit, LUFT falsely stated during an interview at the United States Embassy in Brussels, Belgium with federal law enforcement officers and prosecutors, in connection with an investigation being conducted in the Southern District of New York, that LUFT had not sought to engage in or profit from arms deals, and instead merely had been asked by an Israeli friend who dealt in arms to check arms prices so that the friend could use this information in bidding on deals, a request that LUFT said he fulfilled by having CC-1 check prices with CC-2 and then relay this information to LUFT–when in fact LUFT had actively worked to broker numerous illegal arms deals for profit involving multiple different countries, both in concert with CC-1 and directly himself, including as described in paragraphs Forty-Four through Fifty-Three above.

[snip]

84. On or about March 29, 2019, in the Southern District of New York, Belgium, and elsewhere outside of the jurisdiction of any particular State or district of the United States, GAL LUFT, defendant, who is expected to be first brought to and arrested in the Southern District of New York, in a matter within the jurisdiction of the executive branch the Government of the United States, knowingly and willfully made a materially false, fictitious, and fraudulent statement and representation, to wit, LUFT falsely stated during an interview at the United States Embassy in Brussels, Belgium with federal law enforcement officers and prosecutors, in connection with an investigation being conducted in the Southern District of New York, that LUFT had tried to prevent CEFC China from doing an oil deal with Iran, that LUFT had been excluded from CEFC China meetings with Iranians, and that LUFT did not know of any CEFC China dealings with Iran while he was affiliated with the company–when in fact, including as described above in paragraphs Sixty-Six through Eighty, LUFT personally attended at least one meeting between CEFC China and Iranians and assisted in setting up additional such meetings for the purpose of arranging deals for Iranian oil, and also worked to find a buyer of Iranian oil while concealing its origin.

Starting in early 2018, DeFilippis handled the classified evidence on the Ho case — both CIPA and a FISA order. He would have spent a great deal of time reviewing what the spooks had obtained on Ho and his associates, undoubtedly including Luft.

Andrew DeFilippis investigated John Kerry for a year

DeFilippis’ efforts on the Ho case took place in parallel with his efforts to gin up a criminal investigation against John Kerry. Here’s how Geoffrey Berman described being ordered to do that by Main Justice.

On May 9, the day after the second Trump tweet, the co-chiefs of SDNY’s national security unit, Ferrara and Graff, had a meeting at Main Justice with the head of the unit that oversees counterintelligence cases at DOJ, which is under the National Security Division.

He said that Main Justice was referring an investigation to us that concerned Kerry’s Iran-related conduct. The conduct that had annoyed the president was now a priority of the Department of Justice. The focus was to be on potential violations of the Logan Act.

[snip]

From the outset, I was skeptical that there was a case to be made. I knew enough about the Logan Act to have strong doubts. Politicians from both sides of the aisle have talked about it from time to time, suggesting that some opponent is in violation of it. It never goes anywhere.

But I figured if they bring us a possible case, we’ll do our best. We’ll look into it. We brought a prosecutor from the national security unit, Andrew DeFilippis, into the investigation.

Trump, meanwhile, kept on tweeting. “John Kerry had illegal meetings with the very hostile Iranian Regime, which can only serve to undercut our great work to the detriment of the American people,” he wrote that September. “He told them to wait out the Trump Administration! Was he registered under the Foreign Agents Registration Act? BAD!”

DeFilippis’ efforts extended into 2019, overlapping with the trial of Ho and the interview with Luft. National Security prosecutors at Main Justice kept pressuring SDNY to advance the investigation into Kerry, but first, Berman had DeFilippis research whether the Logan Act would be chargeable even if Kerry had committed it.

The next step would have been to conduct an inquiry into Kerry’s electronic communications, what’s known as a 2703(d) order. That would have produced the header information—the to, from, date, and subject fields—but not the contents. I decided that before moving forward, it made sense to evaluate whether we would ever have a viable, appropriate charge that matched up with Kerry’s alleged conduct.

At the risk of stating the obvious, under our system of law, pissing off the president is not a chargeable offense. I asked DeFilippis to conduct additional legal research into the Logan Act and other potentially applicable theories. “Look, we’re talking about going to the next step here,” I said.

“But before we do any further investigation, I want to know what the law is on the Logan Act. Let’s say we gather additional documents—I want to know, how is that helping us?”

I wanted to answer the question, even if these things happened, was it a crime? Let’s cut to the chase and find that out, because we’ve got plenty of other work to do and I don’t want us to just be spinning our wheels on this.

For the next several months, DeFilippis conducted extensive research into the Logan Act as well as statutes relating to possible criminal ethics violations by former senior government employees.

On April 22, 2019, Trump tweeted, “Iran is being given VERY BAD advice by @JohnKerry and people who helped him lead the U.S. into the very bad Iran Nuclear Deal. Big violation of Logan Act?”

The tweet was in the morning. That afternoon, Ferrara got a call from Main Justice. He was told that David Burns, the principal deputy assistant attorney general for national security, wanted to know why we were delaying. Why had we not proceeded with a 2703(d) order—the look into Kerry’s electronic communications?

The next day, Burns spoke to Ferrara, Graff, and DeFilippis and repeatedly pressed them about why they had not submitted the 2703(d) order. The team responded that additional analysis needed to be done before pursuing the order.

SDNY decided not to pursue the case against Kerry in fall of 2019.

We spent roughly a year exploring whether there was any basis to further investigate Kerry. Memos were written, revised, and thoroughly discussed.

Our deep dive into the Logan Act confirmed why no one has ever been successfully prosecuted under it in the more than 220 years it has been on the books: the law is not useful. It definitely does not prohibit a former US secretary of state from talking to a foreign official. We did not find that Kerry violated any ethics statutes or any laws having to do with the improper handling of classified material.

In September 2019, DeFilippis advised the National Security Division at Main Justice that we would not be pursuing the case further. He had earlier attempted to tell the specific NSD attorney assigned to the case of our decision, but he couldn’t connect because that attorney was engaged in another matter: the Craig trial.

Sometime after that, DeFilippis became the lead prosecutor on the Durham team, leading the prosecution of Michael Sussmann.

Andrew DeFilippis oversaw the most abusive parts of the John Durham prosecution

Over the course of the Michael Sussmann prosecution, DeFilippis and his prosecution team:

As noted above, Geoffrey Berman boasted that the investigation into Kerry didn’t leak. Even ignoring the inexplicably perfect concert between Alfa Bank’s efforts and Durham’s, it’s not clear the same can be said about the Durham investigation.

And it’s not just that DeFilippis routinely tried to introduce evidence that served his narrative rather than matched the facts. It’s that DeFilippis repeatedly — most notably in the alleged complaint that researchers working on a DARPA project would attempt to identify which Russians were interfering in the US election — proved more sympathetic of Russian efforts to help get Trump elected than to conduct an ethical prosecution.

Last August, shortly before Durham confessed the utter humiliation of his team at the hand of Sergei Millian, DeFilippis withdrew from the Durham team with almost no notice, left DOJ, and returned — in a Special Counsel role, not as Partner — to Sullivan & Cromwell.

These are just data points. There is no reason, yet, to believe that DeFilippis continues to unethically gin up conspiracy theories against Democrats.

But they are data points I thought worth collecting in one place.

How Jonathan Swan Covered [Up] John Durham’s Corruption

Something funny happened yesterday.

Full-time Trump-whisperer Maggie Haberman, Trump-whisperer Jonathan Swan, and DOJ reporter Charlie Savage wrote a story responding to Trump’s promise to appoint prosecutors to investigate Joe Biden and his family just like Biden’s own DOJ has done (which they note). They described that if Trump won a second term, he would “appoint an ally who would bring charges against his political enemies regardless of the facts,” then described how Jeffrey Clark and Russell Vought were already working on the plan.

Mr. Trump appeared to be promising his supporters that he would appoint an ally who would bring charges against his political enemies regardless of the facts.

[snip]

Mr. Clark and Mr. Vought are promoting a legal rationale that would fundamentally change the way presidents interact with the Justice Department. They argue that U.S. presidents should not keep federal law enforcement at arm’s length but instead should treat the Justice Department no differently than any other cabinet agency. They are condemning Mr. Biden and Democrats for what they claim is the politicization of the justice system, but at the same time pushing an intellectual framework that a future Republican president might use to justify directing individual law enforcement investigations.

They make no mention of the cases on which Bill Barr attempted to do just that — bring charges against Trump’s political enemies regardless of the facts: Greg Craig, Jim Comey, Andrew McCabe, John Kerry, among others (though Savage has covered them).

The only mention of Barr’s unprecedented past success at politicizing DOJ includes an important error.

Under Mr. Barr, the Justice Department overruled career prosecutors’ recommendations on the length of a sentence for Mr. Trump’s longest-serving political adviser, Roger J. Stone Jr., and shut down a case against Mr. Trump’s first national security adviser, Michael Flynn, who had already pleaded guilty. Both cases stemmed from the Russia investigation.

Barr’s DOJ did not succeed at shutting down Mike Flynn’s prosecution, in which a sentencing memo, approved by Barr’s DOJ, had already been submitted by the time Barr commenced his efforts. Emmet Sullivan was still deciding whether to grant DOJ’s request to throw out Flynn’s guilty plea when Trump pardoned Flynn; and when Sullivan finally did dismiss the case, he reaffirmed Flynn’s guilty verdict.

NYT’s silence about how Trump really overturned Flynn’s conviction, a pardon, carries over generally. These journalists join Kaitlin Collins in warning of future Trump corruption without bothering to catalog or hold Trump accountable for his past unprecedented corruption, the pardons he used to reward those who lied about what really happened with Russia in 2016. That’s the opposite of accountability journalism, warning of future corruption while remaining silent about the similar corruption that already happened.

But the weirdest thing, coming as it does from a team including both Swan and Savage, is that NYT made no mention of the Durham investigation, in which a Special Counsel appointed under Trump literally did, “bring charges against [Trump’s] political enemies regardless of the facts.”

The silence from Savage is unfortunate given that he has done such important work laying out how that’s what Durham did.

Swan’s silence is more inexcusable.

That’s because — as I documented in real time — Swan was absolutely central in disseminating Durham’s unsubstantiated insinuation that a “Clinton/Dem operative” (Durham’s claim itself relied on exaggeration) was behind the pee tape.

Swan’s judgement, a neutral journalist not just magnifying and repeating Devlin Barrett’s shitty reporting on the Igor Danchenko indictment (Barrett said charges, plural, were tied to Charles Dolan and falsely claimed that Durham had alleged Dolan was the source for the dossier, “rather than well-connected Russians”), but adding his judgment that it “doesn’t get much worse,” went viral, accepted as fact.

I pointed that out, with a hot link to his earlier Tweet.

Swan responded. He ignored the clear factual error about Flynn and the point about pardons, but he conceded that his Tweet “is inaccurate.”

So he deleted it, with only this Tweet recording that he did so and no apology to the two innocent men, Charles Dolan and Igor Danchenko, he falsely accused and — with his viral tweet and his considerable credibility as a journalist — led others to falsely accuse, having done so because of the deliberately misleading way Durham had presented his charges against Danchenko.

Most curiously, Swan explained that he, “never covered Durham.”

It’s absolutely true that he never laid out how Durham, a Special Counsel Trump demanded and got, brought “charges against his political enemies regardless of the facts,” as Savage has. Swan never even, as Barrett did, reported on an indictment and misleadingly claimed uncharged allegations in it were charged conduct. Swan wasn’t the experienced DOJ reporter who first fell for Durham’s affirmatively misleading charging document, Barrett was.

But as a journalist, Swan disseminated Durham’s unsubstantiated, uncharged claims, exacerbated by Barrett’s shitty reporting, and people took his report as true. Swan played a key role in leading the public to believe that a prosecutor who charged Danchenko for making a literally true statement to the FBI about his contact with Dolan had instead found something so bad that, “it doesn’t get much worse.”

Perhaps his role was unwitting. But Swan played a key role in helping Durham to make and lead the public to believe in false claims, “regardless of the facts,” precisely the topic that Swan and his colleagues suggest is just a prospective threat from Trump.

And much of the public still believes Durham’s false claims, in (small) part because of Swan’s own actions.

John Durham is going to go before Congress next week and be asked to explain and repeat demonstrably false claims — outright fabrications, in some cases — that he made in his report. Durham will likely renew his claims, made in his report, that Michael Sussmann and Igor Danchenko lied, even though two juries told him that he made those accusations, “regardless of the facts.”

And Swan, who generously describes that, “the pee tape rumors didn’t bear out,” rather than that a prosecutor made the claim “regardless of the facts,” Swan, who believes the topic of prosecutors who make false claims “regardless of the facts” is a topic worth reporting, thinks that deleting evidence of his own role in disseminating such false claims is sufficient, even as Durham continues to do Trump’s bidding of making false claims in real time.

John Durham is precisely the threat that Haberman and Swan and Savage warned about prospectively, but Swan, having played a role in leading the public to believe Durham’s false claims “regardless of the facts,” thinks that merely deleting the evidence that that’s what Durham has done is sufficient.

If the threat of prosecutors charging Trump’s enemies “regardless of the facts” is worth reporting, than Durham’s ongoing corruption must be covered, not covered up.

Republicans Demanded Independence for John Durham and Got Robert Hur and Jack Smith in the Bargain

Even before Trump’s Espionage Act indictment was made public, Trump was attempting to politicize his stolen documents prosecution by demanding — via a Truth Social post— a meeting with Merrick Garland, who is not overseeing the case. Virtually every journalist fell for Trump’s bait, reporting the demand without noting that Jack Smith is the prosecutor overseeing the investigation into Trump, not Merrick Garland.

Garland rightly refused the meeting.

Since then, paid propagandists have been chanting out “Joe Biden Merrick Garland Joe Biden Merrick Garland” talking points like wind-up toys, because repetition is how you get low-information Trump supporters and members of Congress to believe false claims.

This strand of propaganda has worked. The other day, WSJ’s Sadie Gurman, after reviewing how assiduously Merrick Garland remained out of the process, stated as fact that this is a political prosecution.

When a grand jury returned the first-ever federal indictment of a former president last week, Attorney General Merrick Garland made a point of suggesting he was nowhere near the team handling the case.

He strolled into Justice Department headquarters in downtown Washington with his deputy late Thursday afternoon amid intense speculation about charges against Donald Trump and told a Wall Street Journal reporter he had been out getting a Covid vaccine.

[snip]

In keeping with that philosophy, Garland kept details of the indictment and its timing secret from Biden, who said Friday, “I have not spoken to him at all, and I am not going to speak with him.”

The attorney general also declined to meet with Trump’s lawyers, who requested a sit-down in the days leading up to the indictment, leaving the gathering instead to Smith and other Justice Department officials.

[snip]

Yet Garland now presides over what may be the highest-profile political prosecution ever, which is certain to be a prominent factor in the 2024 election. [my emphasis]

Gurman also suggested that Garland somehow engaged in politics by letting Jack Smith unseal the indictment that was sealed to protect security, not to let Trump sow violence in a vacuum.

But Garland didn’t object to prosecutors asking a court to unseal the indictment on Friday, well before Trump’s Tuesday arraignment when it would normally be made public, a person familiar with the matter said.

Finally, Gurman immediately — and, possibly, falsely — suggested that Garland “faces a call” on whether DOJ should charge Hunter Biden.

Adding to the political overtones, Garland also faces a call on whether the Justice Department should file charges against Biden’s son, Hunter, who is under investigation related to his taxes and whether he made a false statement in connection with a gun purchase. Hunter Biden has said he acted legally and appropriately.

Garland only faces a call if he has to approve an indictment. If David Weiss chooses not to prosecute, Garland is not going to override the Trump-appointed US Attorney who has been retained to make this decision himself.

Since yesterday’s arraignment, the false claim that Joe Biden and Merrick Garland have pursued the prosecution of Biden’s rival has gotten crazier still, especially on Murdoch properties other than the one where Gurman invented a political prosecution where there is none. As Trump wailed about his plight at his club yesterday, for example, Fox’s chyron accused Biden of being a “wannabe dictator” because a process entirely insulated from Biden resulted in Trump’s arrest. (Natasha Korecki posted this screen cap.)

There’s something especially noxious about the degree to which actual journalists like Gurman are parroting this line (Jamison Fraser notes a similar example in polling coverage).

Donald Trump is being treated no differently than Biden himself, to say nothing of the targets of John Durham’s abusive four year investigation.

Consider how absurd it is that Trump, lashing out, promised to appoint “a real special ‘prosecutor'” to go after Biden and “the entire Biden crime family.”

The Biden Administration already did that, Bucko!!! It currently has two Trump appointed prosecutors, David Weiss and Robert Hur, conducting investigations into Biden’s son and Biden himself. You’re so inadequate you can’t even out-prosecute Biden than Biden himself is already doing!

Yet, in response to this tweet, almost no journalists noted that Joe Biden’s Administration already did that — retain or appoint two separate Trump-appointed prosecutors to investigate Biden himself.

And that’s a hint of what is affirmatively missing from the coverage of real journalists like Gurman.

It’s that Republicans, and Trump himself, have demanded what they’ve gotten with Merrick Garland’s distance from Jack Smith’s prosecution. Republicans, and Trump himself, have repeatedly demanded that Garland stay out of Weiss’ investigation. They even wailed that Biden was being treated specially after the discovery of classified documents at the Penn Biden Center, until it became clear a preliminary Special Counsel had been appointed within days, in Biden’s case, not months.

Most importantly, none of these Republicans wailing about Garland’s distance from the Jack Smith investigations (wailing because it demonstrates their claims that this is a political prosecution to be obvious bullshit) complained at all after John Durham used the independence Garland afforded him to engage in one after another instance of shocking prosecutorial abuse.

Republicans, and Trump himself, did not complain that Durham investigated for four years even though no crime predicated his investigation (a far worse abuse than Durham’s complaint that Crossfire Hurricane was opened as a Full rather than Preliminary investigation).

Republicans, and Trump himself, did not complain that Durham threatened witnesses and lawyers (and lawyers complained to Merrick Garland in real time; they didn’t wait until a target letter went out to try to excuse their own counterproductive legal advice).

Republicans, and Trump himself, did not complain that in both trials, first his lead prosecutor and then Durham himself, were caught scripting improbable or affirmatively misleading testimony from witnesses.

Republicans, and Trump himself, did not complain that Durham charged Michael Sussmann for coordinating with Hillary’s top staffers months before interviewing any of those staffers and discovering it wasn’t true.

Republicans, and Trump himself, did not complain that Durham charged Igor Danchenko relying, in significant part, on the rants Sergei Millian made on his Twitter feed, only to discover, months later, that Millian was unwilling to repeat the same claims at trial under oath.

Republicans, and Trump himself, did not complain that Durham prosecuted a man for making a literally true statement to the FBI.

Republicans, and Trump himself, did not complain when John Durham accused Sussmann and Danchenko anew of lying to the FBI after two juries told him he couldn’t prove that claim.

Republicans, and Trump himself, did not complain that John Durham fabricated a claim that even the Russians didn’t make against Hillary and used it as his excuse to continue his investigation for three more years.

Republicans, and Trump himself, did not complain when John Durham affirmatively misrepresented the YotaPhone white paper; instead, Trump used Durham’s misrepresentation to justify making death threats against Michael Sussmann.

Republicans, and Trump himself, knew how much independence Merrick Garland was giving Jack Smith, because Durham told them that he committed all that abuse and yet Garland let him continue unimpeded.

Finally, we want to thank you and your Office for permitting our inquiry to proceed independently and without interference as you assured the members of the Senate Judiciary Committee would be the case during your confirmation hearings to become Attorney General of the United States.

And long after it was clear that Garland had given Durham precisely the independence that Republicans, and Trump himself, had demanded, Trump is the one who forced the appointment of a Special Counsel by announcing his run six months ahead of his competitors. Trump took steps that led to someone completely independent investigating his suspected crimes, not Joe Biden, not Merrick Garland. And now he’s trying to pretend that he himself didn’t ensure someone independent would investigate his suspected crimes.

Jack Smith has been living by the rules Republicans demanded, and got, for John Durham.

I don’t expect Trump to care that Jack Smith has been operating under the same rules of independence that Garland gave Durham. Trump needs to claim this is political, to provide his boosters — and probably his own fragile ego — some explanation for this indictment other than that a grand jury of South Floridians determined there was probable cause he committed an unprecedented crime that made this country less safe. I expect Mike Davis to continue reeling out his knowingly false claims, Joe Biden Merrick Garland Joe Biden Merrick Garland. It’s what he is paid to do.

But journalists like Sadie Gurman should know better. Journalists like Sadie Gurman, after presenting proof that Jack Smith is operating with the same independence that John Durham did, owe their readers a description of what it means that this investigation has operated with independence. Journalists like Sadie Gurman should not be drawn in by attempts to delegitimize a prosecution only because Trump belatedly wants to change the rules he himself demanded.

Update: I’ve updated my stolen documents investigation resource page, with key documents, a bit of a timeline, all our posts on the case, plus other useful links (including to dockets of other 18 USC 793 cases).

John Durham’s Blind Man’s Bluff on DNS Visibility

On September 16, 2021, John Durham indicted Michael Sussmann on a single count of lying to the FBI, just days before the statute of limitations for that crime expired. Durham accused Sussmann of lying to hide that he had a client or clients on whose behalf he was sharing allegations about DNS anomalies involving Trump Organization and Alfa Bank.

Durham adopts the “DNC fabrication” theory from agents who badly screwed up the original investigation

As I laid out here, the indictment adopted the “DNC fabrication” theory, the “fabrication” part of which was initially espoused in a hasty review by FBI Cyber agents Nate Batty and Scott Hellman by September 21, 2016, just two days after Sussmann shared a white paper describing anomalies involving Alfa Bank.

Durham adopted that theory in spite of proof, in their own summary, that the FBI agents had not closely reviewed the DNS logs included with the allegations, if they ever reviewed them at all. Durham adopted that theory in spite of irregularities in the chain of custody surrounding the handling of a Blue Thumb Drive that reportedly included DNS logs that were never reviewed. Durham adopted that theory in spite of the fact that Batty’s own Lync messages materially conflicted with a claim he made to Durham two years earlier: Batty claimed he had been refused information about the role of Sussmann in the allegations, when in fact his Lync messages showed he had been informed about Sussmann’s role from the start. Durham adopted that theory in spite of the fact that FBI started debunking parts of the “fabrication” story within hours of Batty and Hellman proposing it. Durham adopted that theory in spite of the fact that FBI’s own overt steps (during a pre-election period) and Alfa Bank’s curious lack of DNS logs made pursuing the allegations impossible.

That indictment was an insanely reckless thing for John Durham to do, building as it did on the investigative failures of Batty and Hellman, not to mention Batty’s own materially inconsistent claim.

Several things made that indictment even more reckless.

Durham fails to take basic investigative steps before indicting

First, in spite of the fact that Durham had already been investigating for 28 months by that point — Durham had already been investigating for six months longer than the entire Mueller investigation — there were a whole bunch of obvious investigative steps he had not yet taken. Between the indictment and the May 2022 trial, Durham would do the following:

Durham also revealed two other interviews he only conducted after charging Sussmann: one with someone identified as Listrak Employee-1 and other unidentified personnel on October 27, 2021 and another with the CEO and CTO of Cendyn on November 17, 2021. As described, their interviews pertained exclusively to email, not DNS, and Durham doesn’t appear to have asked Cendyn about the contacts via its Metron messaging product done for some other client with Alfa Bank in the same time period, nor about the contact that did exist between Cendyn and the affected Spectrum IP address. It also doesn’t mention that Listrak reported no emails to Alfa Bank, one of the Bank’s evolving explanations for the anomalies, and any mail to Spectrum was sent elsewhere.

In his report, Durham makes no mention of whether he interviewed anyone at Spectrum Health or Alfa Bank, though a DC judge would observe that it was almost like the Sussmann indictment and an Alfa Bank lawsuit, “were written by the same people in some way.” There were large gaps involved with both entities in the original investigation and it’s not clear Durham made any effort to close them.

Durham accused the FBI of skipping investigative steps on Crossfire Hurricane that might have discovered exculpatory evidence, but none of that comes close to the many investigative steps he had not yet pursued in the 28 months he had already been investigating before indicting Sussmann.

Durham’s indictment of Sussmann piled his own investigative failures on top of those by Batty and Hellman.

Durham discovers his DNC fabrication theory involves real data

More problematic than Durham’s investigative incompetence, though, the Special Counsel charged Michael Sussmann on September 16, 2021, in spite of the fact that a month earlier, by mid-August, 2021, Durham’s team learned that the data Rodney Joffe and others used to conduct their research was absolutely real. The nature of how this came about remains obscure, but in addition to debunking the most simplistic “DNC fabrication” theories, the discovery made it impossible for Durham to continue to rely on the expert his team had been using. The discovery that the data that Batty and Hellman had dismissed in just one day was real should have led Durham to reconsider everything about his case.

Instead, Durham barreled forward with his indictment.

Durham invites the guy who screwed up the investigation to be his expert

Instead of reassessing his case, Durham responded to losing his expert by proposing that Hellman serve as the replacement, even though by Hellman’s own admission he only knows the basics about DNS.

DeFilippis. How familiar or unfamiliar are you with what is known as DNS or Domain Name System data?

A. I know the basics about DNS.

[snip]

Berkowitz. And then, more recently, you met with Mr. DeFilippis and I think Johnny Algor, who is also at the table there, who’s an Assistant U.S. Attorney. Correct?

A. Yes.

Q. They wanted to talk to you about whether you might be able to act as an expert in this case about DNS data?

A. Correct.

Q. You said, while you had some superficial knowledge, you didn’t necessarily feel qualified to be an expert in this case, correct, on DNS data?

A. On DNS data, that’s correct.

Hellman was one of just two people, aside from John Durham himself, who had a stake in sustaining the “DNC fabrication” theory he had floated before closely reviewing the evidence. That Durham even considered making him his expert is a testament that Durham was interested in protecting his “DNC fabrication” theory, not interested in expertise, much less what the actual evidence said.

Durham includes two expert reviews unmoored from any prosecutorial decision

And that’s why Durham’s inclusion of two expert reviews of the allegations Sussmann shared with the government is of interest:

  • 1671 FBI Cyber Technical Operations Unit, Trump/Alfa/Spectrum/Yota Observations and Assessment (undated; unpaginated).
  • 1635 FBI Cyber Division Cyber Technical Analysis Unit, Technical Analysis Report (April 20, 2022) (hereinafter “FBI Technical Analysis Report”) (SCO _ 094755)

With one exception, Durham describes those reviews in a 13-page section of his report that purports to be about the ongoing efforts by Rodney Joffe and others to chase down the Alfa Bank anomalies and some unusual traffic probably reflecting the presence of Yota Phones in the US. The section itself has no place in a prosecutorial memo, because the only interaction with the government described in that section involved a Georgia Tech researcher refusing HPSCI’s request to help chase down these allegations. The rest involves Joffe continuing to chase this issue with his own data, which insofar as it demonstrates Joffe’s sustained concern about this, independent of any election, undermines pretty much all of Durham’s conspiracy theories. The declination decision regarding fraud — which Andrew DeFilippis used to claim that Joffe was still a subject of the investigation more than five years after the events in question, thereby keeping him off the stand in Sussmann’s trial — didn’t even mention Joffe.

But the description of these reviews in this section really doesn’t have a place where Durham put it, because along with the Cendyn and Listrak interviews, one of the reviews appears to have been last minute prep for the Sussmann trial and the other played a key role in an affirmatively misleading court filing that led Trump to make death threats against Sussmann.

These reviews in Durham’s report supported his last-ditch effort to cement the belief that Hillary framed Donald Trump. They’re here to prove, once and for all, that Sussmann was wrong.

Here’s how Durham introduces his efforts to redo the work Batty and Hellman and others botched so many years ago:

This subsection first describes what our investigation found with respect to the allegation that there was a covert communications channel between the Trump Organization and Alfa Bank. It includes the information we obtained from interviews of Listrak and Cendyn employees. It then turns to the allegation that there was an unusual Russian phone operating on the Trump Organization networks and in the Executive Office of the President. We tasked subject matter experts from the FBI’s Cyber Technical Analysis and Operations Section to evaluate both of these allegations.

But as with so much else in this report, they don’t do what they claim to. Durham ensured his experts sustained the blindness that Batty and Hellman willfully adopted so many years ago to avoid concluding that the allegations might be real.

As I noted here, the two reviews purport to review the Alfa Bank allegations — shared with both the FBI and (in updated form) the CIA — and the YotaPhone allegations shared with the CIA. In one place, Durham claims “the same FBI experts” did both reviews, though he attributes them to different groups. But that’s important because if they are the same experts, then they should know of both reviews.

Durham incites death threats because Joffe investigated Barack Obama

The YotaPhone review must have been done first because, as I noted above and show below, the analysis matches claims Durham made in a filing purporting to raise conflicts but mostly airing allegations for which the statute of limitations had just expired. Here’s how Durham describes the allegations in the report:

Specifically, Sussmann provided the CIA with an updated version of the Alfa Bank allegations and a new set of allegations that supposedly demonstrated that Trump or his associates were using, in the vicinity of the White House and other locations, one or more telephones from the Russian mobile telephone provider Yotaphone. The Office’s investigation revealed that these additional allegations relied, in part, on the DNS traffic data that Joffe and others had assembled pertaining to the Trump Tower, Trump’s New York City apartment building, the EOP,1558 and Spectrum Health. Sussmann provided data to the CIA that he said reflected suspicious DNS lookups by these entities of domains affiliated with Yotaphone.1559 Sussmann further stated that these lookups demonstrated that Trump or his associates were using a Yotaphone in the vicinity of the White House and other locations.1560

Durham’s description of these allegations relies on redacted sections of two trial exhibits (but not a related one that shows Sussmann was not hiding having a client). Because the section of these trial exhibits was redacted, it’s not clear whether Durham is representing how these CIA witnesses described Sussmann’s claims fairly. That’s important because — as we’ll see — Durham misrepresents the YotaPhone white paper.

As Durham described, Sussmann provided four documents and 6 data files to the CIA.

During the meeting, Sussmann provided two thumb drives and four paper documents that, according to Sussmann, supported the allegations. 1564

1564 The titles of the four documents were: (i) “Network Analysis of Yota-Related Resolution Events”; (ii) ·’YotaPhone CSV File Collected on December 11th, 2016″; (iii) “Summary of Trump Network Communications”; and (iv) “ONINT [sic] on Trump Network Communications.” The two thumb drives contained six Comma Separated Value (“.CSV”) files containing IP addresses, domain names and date/time stamps.

Unlike the Red and Blue Thumb Drive, Durham makes clear that his experts actually examined these thumb drives.

Here are three of the documents:

I understand the csv files include:

  • yota-eop
  • yota-cpwest
  • yota-spectrum
  • yota-trumporg
  • sipper
  • 2016-05-04_2017-01-15_Trump_server.csv

I’ll say more about them below.

Durham’s description of the analysis, titled, “Trump/Alfa/Spectrum/Yota Observations and Assessment,” generally obscures whether it is rebutting a claim (redacted in the trial exhibits) made by Sussmann (“the presentation”) or included in the white paper and data (“the above-quoted white papers about the Yotaphone allegations” and “Yotaphone-related materials”) provided, and he doesn’t repeat or address the Alfa Bank side of these observations (which have no tie to the YotaPhone claims).

But the technical analysis does not, at all, debunk the YotaPhone observations.

The FBI DNS experts with whom we worked also identified certain data and information that cast doubt upon several assertions, inferences, and allegations contained in (i) the above-quoted white papers about the Yotaphone allegations, and (ii) the presentation and Yotaphone-related materials that Sussmann provided to the CIA in 2017. In particular:

  • Data files obtained from Tech Company-2, a cyber-security research company, as part of the Office’s investigation reflect DNS queries run by Tech Company-2 personnel in 2016, 2017, or later reflect that Yotaphone lookups were far from rare in the United States, and were not unique to, or disproportionately prevalent on, Trump-related networks. Particularly, within the data produced by Tech Company-2, queries from the United States IP addresses accounted for approximately 46% of all yota.ru queries. Queries from Russia accounted for 20%, and queries from Trump-associated IP addresses accounted for less than 0.01 %.
  • Data files obtained from Tech Company-1, Tech Company-2, and University-1 reflect that Yotaphone-related lookups involving IP addresses assigned to the EOP began long before November or December 2016 and therefore seriously undermine the inference set forth in the white paper that such lookups likely reflected the presence of a Trump transition-team member who was using a Yotaphone in the EOP. In particular, this data reflects that approximately 371 such lookups involving Yotaphone domains and EOP IP addresses occurred prior to the 2016 election and, in at least one instance, as early as October 24, 2014. [bold and italics mine]

Compare that to the supposed debunking from the gratuitous conflicts filing that led to death threats.

The Indictment further details that on February 9, 2017, the defendant provided an updated set of allegations – including the Russian Bank-1 data and additional allegations relating to Trump – to a second agency of the U.S. government (“Agency-2”). The Government’s evidence at trial will establish that these additional allegations relied, in part, on the purported DNS traffic that Tech Executive-1 and others had assembled pertaining to Trump Tower, Donald Trump’s New York City apartment building, the EOP, and the aforementioned healthcare provider. In his meeting with Agency-2, the defendant provided data which he claimed reflected purportedly suspicious DNS lookups by these entities of internet protocol (“IP”) addresses affiliated with a Russian mobile phone provider (“Russian Phone Provider-1”). The defendant further claimed that these lookups demonstrated that Trump and/or his associates were using supposedly rare, Russian-made wireless phones in the vicinity of the White House and other locations. The Special Counsel’s Office has identified no support for these allegations. Indeed, more complete DNS data that the Special Counsel’s Office obtained from a company that assisted Tech Executive-1 in assembling these allegations reflects that such DNS lookups were far from rare in the United States. For example, the more complete data that Tech Executive-1 and his associates gathered – but did not provide to Agency-2 – reflected that between approximately 2014 and 2017, there were a total of more than 3 million lookups of Russian Phone-Provider-1 IP addresses that originated with U.S.-based IP addresses. Fewer than 1,000 of these lookups originated with IP addresses affiliated with Trump Tower. In addition, the more complete data assembled by Tech Executive-1 and his associates reflected that DNS lookups involving the EOP and Russian Phone Provider-1 began at least as early 2014 (i.e., during the Obama administration and years before Trump took office) – another fact which the allegations omitted. [bold mine]

The bolded narrative shows these are the same report. If 3 million is 46% of the total of around 6.521 million lookups globally, then 1,000 Trump-related queries would be .01% of the global total.

But it is an innumerate stat. I’m not the FBI, and definitely not a top FBI cyber expert. But even my humble little blog occasionally relies on William Ockham to explain things that should be bloody obvious to the Federal government, such as that 3 million DNS requests amount to one family’s worth of use.

Contra Durham, 3 million DNS requests for a related IP addresses over a four-year period means these requests are very rare.

For comparison purposes, my best estimate is that my family (7 users, 14 devices) generated roughly 2.9 million DNS requests just from checking our email during the same time frame. That’s not even counting DNS requests for normal web browsing.

If you’re going to make a federal case out of this, at least make some attempt to understand the topic.

Durham and his hand-picked experts in the FBI suggest that because, among the very rare number of global requests, almost half appear in the US, it means they aren’t rare. From that, Durham and his experts argue that the fact that Trump’s properties (and Spectrum and the Executive Office of the President) are part of this tiny club is not cause for concern.

They’re doing so even though among the domains included in the CSV tables is wimax-client-yota-ru, which shows up in Wordfence’s IOC lists for the GRU attack on the election. Durham and his FBI experts are arguing that it is not alarming that there would be several look-ups to such a domain in October 2016 from the Executive Office of the President, periodical look-ups to that domain from Trump Organization starting in August 2016, and persistent such look-ups from the suspect Spectrum IP address starting in November 2016.

And about those EOP look-ups. Durham claims, in the italicized language above, that there is an, “inference set forth in the white paper that such lookups likely reflected the presence of a Trump transition-team member who was using a Yotaphone in the EOP.” Sussmann may have said that. But it’s not in the white paper. In fact, there’s just one reference to the EOP in the white paper at all, and it’s not included in the speculative paragraph that there may be a tie between the Spectrum traffic and the Trump traffic.

Network traffic analysis strongly suggests communications between Russian networks and Trump Tower, associated Trump properties, with artifacts also present at EOP. Spectrum Health resolver IP 167.73.110.8 in Grand Rapids MI is also observed making similar queries.

The traffic data indicates: (a) There are Russian-made cellular devices on these networks, seldom seen elsewhere in the US; and (b) these networks appear to be at- tempting SIP-connections to Russian networks which very few IPs globally are seen trying to resolve.

It is possible that one or more devices is at times travelling between locations as there are sometimes gaps possibly correlated to newsworthy events such as New York NY to Grand Rapids MI, lifting of some sanctions on Russia, and the disappearance of the queries from New York in mid December and from Grand Rapids MI in mid January 2017.

In other words, as he did when he invented an allegation against Hillary that the Russians didn’t even make, he’s inventing an inference here, the kinds of inferences he tried to criminalize when Joffe did them. Further, he suggests that Sussmann and Joffe didn’t reveal that the lookups started before the election, even though the CSV data included shows lookups starting on October 2, 2016, which last I checked was before the election.

Durham, who admits in his report that these lookups inexplicably ended before Inauguration, nevertheless falsely insinuated in a court filing that Sussmann and Joffe had based their claims on lookups that post-date Trump’s inauguration. Durham is debunking Durham now! And that false claim from Durham led Trump to suggest that because Joffe found an IOC associated with the people who hacked the election within EOP, Sussmann should be put to death.

That’s one reason that it matters that this technical review is undated. Obviously, it’s crazy enough that an undated unpaginated report would show up in a report like this (I suspect it is intended to make the document hard to find).

But because it is undated and — it appears — Sussmann never got it, Durham doesn’t have to admit that he has included it in his report even after Sussmann pointed out that Durham’s inflammatory claims relied on getting the dates wrong himself.

For example, although the Special Counsel implies that in Mr. Sussmann’s February 9, 2017 meeting, he provided Agency-2 with EOP data from after Mr. Trump took office, the Special Counsel is well aware that the data provided to Agency-2 pertained only to the period of time before Mr. Trump took office, when Barack Obama was President.

After Sussmann and Joffe proved he was wrong, Durham dropped these claims. But then he resuscitated them for his report.

Durham blinds his expert so he can’t see any visibility

The second expert review Durham relied on, “FBI Cyber Division Cyber Technical Analysis Unit, Technical Analysis Report,” does have a date — April 20, 2022 — along with a Bates stamp showing that it was shared with Sussmann. The Cyber Technical Analysis Unit that wrote it is headed by David Martin, the guy who ultimately served as Durham’s expert witness at trial. After months of stalling, Durham first informed Sussmann that he would have an expert and Martin would be that expert on March 30, 2022, just weeks before trial.

Given that the Technical Analysis is dated three weeks after that, it seems exceedingly likely the Technical Analysis was a report done in preparation for Martin’s testimony.

As I noted in this post, this Technical Analysis focuses exclusively on the white paper Sussmann shared on September 19, 2016.

The citations to the Technical Analysis document in footnotes references just 13 pages of material, two pages of which is likely front matter, and one page describing the tasking Durham gave them.

Aside from the four pages of material that Durham doesn’t mention, there are really just two topics: addressing whether or not the Spectrum Health IP address was a Tor node, and using the answers obtained from Listrak (and possibly a broader set of logs than Alison Sands had available in 2016) to make an argument about the kind of visibility one needs to learn anything from DNS records.

These topics generally track Martin’s testimony as well (though Sussmann had opposed Martin’s comments on visibility, and given that it doesn’t appear in Martin’s Powerpoint from the trial, I’m not sure he was supposed to discuss it).

Now, Durham loves this technical analysis on Tor. He cited it first when he described how April Lorenzen was trying to figure out what the Spectrum IP address was in August 2016, and then quotes it again 30 pages later in his general technical discussion. The second time, he added an apostrophe-s which might be misread by the dim-witted people who are the audience of this propaganda to suggest that disproving that the Spectrum IP was a Tor node disproves the rest of the white paper, which it does not.

The FBI experts advised that historical TOR exit node data conclusively disproves this white paper allegation in its entirety and furthermore the construction of the TOR network makes the described arrangement impossible.

[snip]

The FBI experts who examined this issue for us stated that historical TOR exit node data conclusively disproves this white paper’s allegation in its entirety.

It’s really weird that Durham loves this analysis, because it would suggest that he didn’t learn that the Spectrum Health IP was not a Tor node until just weeks before trial — though that same judgement, that it was not a Tor node, is one of the main things the FBI got right when they first investigated this in 2016. There is almost nothing cited from this report that newbie counterintelligence agent Alison Sands hadn’t already laid out by October 5, 2016.

Durham’s fondness for this Tor node analysis is all the more hilarious because Durham tasked this expert review after the review of the files Sussmann shared with the CIA in February 2017. And neither of the files about the Alfa Bank anomaly that Sussmann turned over in 2017 (one, two) mention the Tor node. Researchers actually realized this was not a Tor node around the same time Sussmann originally shared the files. It was long gone, Durham knew it, yet that’s still the primary thing he relies on to claim he has debunked the allegations.

So Durham’s primary debunking of the white paper doesn’t address, at all, what was in the later documents. In fact, that was one effect of tasking the Cyber Technical Analysis Unit with reviewing just the stuff on the Red Thumb Drive: it gave some of FBI’s top experts a really easy way to debunk (part of) the white paper, albeit the only part that was entirely debunked in 2016.

It’s like congratulating yourself because the FBI’s top cyber experts managed to play tiddlywinks as well as a newbie counterintelligence agent did six years earlier during a rush investigation.

The second area of this technical review Durham cites that is still more telling. It purports to rely on information learned in Listrak email (not DNS) records to (effectively)  accuse Joffe and the others of cherrypicking the data.

In addition to investigating the actual ownership and control of the IP address, the Office tasked FBI cyber experts with analyzing the technical claims made in the white paper. 1650 This endeavor included their examination of the list of email addresses and send times for all emails sent from the Listrak email server from May through September 2016, which is the time period the white paper purportedly examined. 1651 The FBI experts also conducted a review of the historical TOR exit node data. 1652

The technical analysis done by the FBI experts revealed that the data provided by Sussmann to the FBI and used to support Joffe and the cyber researchers’ claim that a ‘”very unusual distribution of source IP addresses” was making queries for mail l.trump-email.com was incomplete. 1653 Specifically, the FBI experts determined that there had been a substantial amount of email traffic from the IP address that resulted in a significantly larger volume of DNS queries for the mail 1.trump-email.com domain than what Joffe, University-1 Researcher-2 and the cyber researchers reported in the white paper or included on the thumb drives accompanying it. 1654 The FBI experts reviewed all of the outbound email transmissions, including address and send time for all emails sent from the Listrak server from May through September 2016, and determined that there had been a total of 134,142 email messages sent between May and August 2016, with the majority sent on May 24 and June 23. 1655 The recipients included a wide range of commercial email services, including Google and Yahoo, as well as corporate email accounts for multiple corporations. 1656

Similarly, the FBI experts told us that the collection of passive DNS data used to support the claims made in the white paper was also significantly incomplete. 1657 They explained that, given the documented email transmissions from IP address 66.216.133.29 during the covered period, the representative sampling of passive DNS would have necessarily included a much larger volume and distribution of queries from source IP addresses across the internet. In light of this fact, they stated that the passive DNS data that Joffe and his cyber researchers compiled and that Sussmann passed onto the FBI was significantly incomplete, as it included no A-record (hostname to IP address) resolutions corresponding to the outgoing messages from the IP address. 1658 Without further information from those who compiled the white paper data, 1659 the FBI experts stated that it is impossible to determine whether the absence of additional A record resolutions is due to the visibility afforded by the passive DNS operator, the result of the specific queries that the compiling analyst used to query the dataset, or intentional filtering applied by the analyst after retrieval. 1660

1653 Our experts noted that the assertion of the white paper is not only that Alfa Bank and Spectrum Health servers had resolved, or looked up, the domain [mail-1.trump-email.com] during a period from May through September of 2016, but that their resolutions accounted for the vast majority of lookups for this domain. FBI Technical Analysis Report at 6.

1654 The USB drive that Sussman [sic] provided to the FBI on September 19, 2016, which was proffered as data supporting the claims in the white paper, contained 851 records of DNS resolutions for domains ending in trump-email.com. FBI Technical Analysis Report at 7.

I’ll leave it to William Ockham — who apparently is smarter than the entire FBI — to explain that by looking for emails sent out from an IP rather than DNS for a domain, the FBI was basically searching for all packages from one post office rather than stamps from one house that uses that post office (I’m still working on this analogy, but it’s a start). Plus, at least in real time, the newbie counterintelligence agent who figured out the Tor node information Durham claims to have only learned six years later, Alison Sands, kept complaining that Listrak didn’t provide the network logs they needed.

But as I pointed out here, not only does the FBI change its mind mid-sentence whether there was one thumb drive or two — a problem that has plagued FBI’s Cyber division for six years, apparently –but FBI doesn’t even claim to be looking at all the data that was submitted at trial. FBI’s experts only reviewed the exact same file that Scott Hellman emphasized was a portion of the data submitted; they didn’t review the larger set. They complain they only have 851 lines of data because they’re not reviewing the larger file, much less any csv records turned over on the Blue Thumb Drive, not because the logs didn’t exist.

Remember: these are supposed to be the same people who already reviewed the CIA material by February. And the equivalent of the white paper in those materials has a passage that addresses precisely the visibility of which FBI claims to be ignorant. And the Trump/Alfa csvs included on one of those thumb drives — 2016-05-04_2017-01-15_Trump_server — not only includes almost 25,000 lines of data, but it also shows the collection points. The FBI had a way, in hand, to get that visibility, but Durham told them to look away.

The only thing the FBI’s top experts offer to debunk, other than the Tor node claim that the FBI knew the researchers had dropped, was a complaint about visibility. But their complaints about visibility were entirely manufactured by the scope of the review Durham requested and possibly by the curious status of the Blue Thumb Drive, as well as (if Durham is telling the truth about these being the same experts) willful forgetting of a review they had done on related issues less than a year earlier.

Durham created this blindness. By ensuring all the experts remain blind to visibility, Durham ensured the review would conclude that the researchers didn’t have the visibility that, the FBI knew well, they had.

As I have described, way back in October 2016 — just days after Batty and Hellman did — I too thought that this was a set-up.

But I said that because (as I also noted) no one had seen the evidence. The FBI had the opportunity to look, but instead has spent the last six years deliberately blinding themselves so they can continue to claim it was a set-up.

Update: From pre-trial motions, here are two of the CIA summaries in which Sussmann’s claims about the YotaPhone allegations remain unredacted (one, two). They do tie the presence of the YotaPhone in EOP to Trump. But they also make it clear that the phone couldn’t have been Trump, because it didn’t always move with him, meaning these could easily have been (and still could be) someone attempting to compromise Trump.


Alfa Bank and Yotaphone Allegations

1.Factual background

a. Introduction

b. Sussmann’s attorney-client relationship with the Clinton campaign and Joffe

c. The Alfa Bank allegations

i. Actions by Sussmann, Perkins Coie, and Joffe to promote the allegation

ii. Actions by April Lorenzen and others and additional actions by Joffe

iii. Sussmann’s meeting with the FBI

d. The FBI’s Alfa Bank investigation

i. The Cyber Division’s review of the Alfa Bank allegations

ii. The opening of the FBI’s investigation

e. Actions by Fusion GPS to promote the Alfa Bank allegations

f. Actions by the Clinton campaign to promote the Alfa Bank allegations

g. Sussmann’s meeting with the CIA

h. Sussmann’s Congressional testimony

i. Perkins Coie’s statements to the media

j. Providing the Alfa Bank and Yotaphone allegations to Congress

k. Joffe’s company’s connections to the DNC and the Clinton campaign

l. Other post-election efforts to continue researching and disseminating the Alfa Bank and Yotaphone allegations

i. Continued efforts through Joffe-affiliated companies

ii. Efforts by Dan Jones and others

iii. Meetings by DARPA and Georgia Tech

iv. The relevant Trump Organization email domains and Yotaphone data

2. Prosecution decisions

The Dishonest and Incompetent FBI Work John Durham Learned to Love

In the Durham Report’s telling of the FBI investigation into the Alfa Bank anomalies, it describes that the two cyber agents who conducted the first technical review of the allegations, Scott Hellman (Cyber Agent-1) and Nate Batty (Cyber Agent-2, the guy who appears to have misplaced the Blue Thumb Drive with all the data), congratulated themselves on the fact that they had both come to the same conclusion in spite of “their own very different political views.”

Cyber Agent-1 testified that both he and Cyber Agent-2 did not agree with the conclusion in the white paper and assessed that (i) the authors of the white paper ‘jumped to some conclusions that were not supported by the technical data,” (ii) the methodology was questionable, and (iii) the conclusions drawn did not “ring true at all.” 1479 In interviews with the Office, both Cyber Agent-1 and Cyber Agent-2 said that they were proud of their work because they had both come to the same conclusion despite their own very different political views. [my emphasis]

The interviews at which these men told this story are not cited (elsewhere in this passage, Durham relies on Hellman’s trial testimony rather than any of his interviews for the report, though according to trial testimony, he interviewed with Durham six times).

It’s an odd measure of investigative rigor, particularly in a report complaining that other FBI agents let bias infect their work.

It’s also a good place to start to describe the multiple layers of deceit in which Durham engages to avoid admitting that Batty and Hellman steered him wrong.

  • Durham adopted his “fabrication” theory from Hellman and Batty
  • The “fabrication” theory came with an understanding the DNC was involved
  • Hellman and Batty made materially contradictory comments about politics
  • Durham covered up Cyber’s clear errors
  • Durham’s made post-indictment efforts to sustain his false claims (this will be a follow-up because this got too long)

Durham adopted his “fabrication” theory from Hellman and Batty

As noted, Durham cites Hellman’s trial testimony, rather than those interviews he doesn’t cite, for his description of what Hellman and Batty concluded. At trial, immediately after the exchange cited, Durham lead prosecutor Andrew DeFilippis had Hellman walk through the written summary the two cyber guys wrote.

DeFilippis used that document to improperly cue Hellman, who was not qualified as an expert — someone who had, minutes earlier, admitted he knew only the basics of DNS — to express his opinion about the white paper, which I laid out here. Coming as it did after weeks of wrangling over Durham’s belated attempt to spring a different expert on Sussmann, the stunt unsurprisingly drew an objection.

But DeFilippis wasn’t working with the full summary. A redaction in the Hellman-Batty summary DeFilippis introduced as part of this exchange hid part of Hellman and Batty’s immediate response to the white paper. But a different version of the same document (introduced by the defense), reveals more about their initial conclusion to the anomalies: The otherwise redacted information reveals that Hellman and Batty floated the possibility that the researchers had fabricated the data by spoofing it themselves.

In conclusion, ECOU 1 suggests there is currently no cyber intrusion component in this case and that the report provided contains questionable methods and intentions. Based on the information provided, it also remains a possibility that the report was fabricated. If the domain maill.trump-email.com were discovered by researchers, a computer at Alfa Bank could be configured to conduct multiple DNS inquiries to create the appearance that a Russian bank is communicating exclusively with the domain maill.trump-email.com. Furthermore, it appears suspicious that the presumed suspicious activity began approximately three weeks prior to the stated start of the investigation conducted by the researcher. [emphasis, which marks otherwise redacted language, my own]

Hellman didn’t just share this opinion in the summary, which was sent out to others no later than September 21 at 4;46PMET (some of these time zones are in CDT, so an hour behind). It was the primary conclusion they shared with the Chicago-based agents conducting the actual investigation. As Curtis Heide’s Lync notes show (these are probably UTC, so morning ET), 8 minutes after Heide made a second request for the thumb drives, Batty and Hellman asked Heide to get on the phone. They spoke for five minutes, after which Heide texted Pientka to tell him that “we’re leaning towards this being a fake server not attributed to the trump organization.”

While Hellman was on the phone with Heide, Batty was texting Heide’s boss, Dan Wierzbicki, that, “we think it’s a setup. it smells like a setup.” Minutes after these two exchanges another Cyber guy shared with Joe Pientka Phil Todd’s opinion, described below, that this was a DNC set-up timed for the debate.

In other words, the premature Hellman and Batty opinion that this was a set-up tainted everything that followed in the investigation. And they shared it before anyone else looked at the evidence.

Notably, this opinion led the FBI to take overt acts during a pre-election period that prevented the FBI from conducting a robust investigation afterwards. At 4:22PM ET that same day, Alison Sands wrote from Chicago to New York explaining that this probably wasn’t actually a Trump domain. At 4:53PM ET, Sands wrote back to correct that: Miami FBI agents had taken overt investigative steps during an election season (though they used a ruse as to why they were asking), and learned that it was a legitimate email server. At 1:53PM the next day, Sands wrote back to note that Cendyn had responded to FBI’s overt investigative steps by updating their DNS tables, tainting the investigation and public reporting on it irreparably.

More importantly, the opinion Hellman and Batty formed — that this was a setup — influenced more than the initial investigation. It’s the entire organizing logic of the September 16, 2021 indictment against Michael Sussmann. Durham accused Sussmann of packaging all this up in a “narrative” fed by “purported” data provided by April Lorenzen, whom he called “Originator-1,” and then sharing it with the FBI. That’s why Durham needed it to be the case that Sussmann intentionally hid a tie to the DNC.

And because Durham adopted that hasty Hellman and Batty theory as his own, to the extent that Hellman and Batty made grave errors, Durham had to (and has to) cover those errors up.

The “fabrication” theory came with an understanding the DNC was involved

And that means covering up how politics — or at least a suspicion about politics — played a part.

Durham treated Batty and Hellman’s initial conclusions as reliable, he said, because, “they had both come to the same conclusion despite their own very different political views.”

That’s remarkable because Durham includes something in his report that he chose not to introduce at trial under oath: that Nate Batty told him in 2019 that he and Hellman had considered filing a whistleblower complaint against Jim Baker because FBI’s General Counsel refused to tell them where the tip came from.

Cyber Agent-2 told the Office that he and Cyber Agent-1 considered filing a whistleblower claim about Baker’s failure to provide the information but ultimately decided that they would not because the data provided was not formal evidence in a criminal proceeding. 1492

1492 OSC Report of Interview of Cyber Agent-2 on Sept. 16, 2019 at 2.

This is likely where the whole idea of charging someone for lying to the FBI about this evidence came from.

What Durham didn’t say in his report — but what the public record strongly suggests — is that one or both of these guys were affirmatively dishonest with him about how significantly politics played into this investigation. Three pieces of evidence submitted at trial show that Batty understood this tip to have come from the DNC and one of his colleagues treated it as a set-up by the DNC.

First, there’s the Lync text showing Batty was informed that Sussmann was in the evidentiary chain even before he picked up the thumb drives on September 20 (remember, these are probably UTC).

As this post makes clear, Batty learned that Sussmann was in the chain of custody before he picked up the thumb drives from Baker. He didn’t need Baker to tell him where they came from. He already knew.

Less than a day after being told Sussmann was in the evidentiary chain, Batty wrote Hellman, saying they had been asked to write “a brief summary of what we think about the DNC report,” and then conceded maybe they should look at the actual DNS logs before writing such a summary.

Then, the next morning at 8:09AM, one of the Cyber supervisors, Phil Todd, wrote an email claiming that “the DNC person” who dropped the thumb drives off planned to release the Trump – Alfa Bank tie prior to the Presidential debate that would be on October 4.

The DNC person that provided these thumb drives stated to Baker that he/she was going to release the information concerning the Trump server, and direct contact with the Russians through Alpha Bank in Moscow, to the press on Friday, 9/23/16, prior to the upcoming Trump / Clinton debate this weekend.

Sussmann obviously didn’t tell Baker his outreach to the press was timed for the debate. It’s something the Cyber guys made up and put into writing. But it shows that people in the Cyber division didn’t just make conclusions before investigating, but did so through that political lens, precisely the political lens Durham claimed that Sussmann thwarted by allegedly lying to Jim Baker.

And while there’s no evidence Batty shared the assumed tie between the tip and the DNC with the agents in Chicago, it’s important background to the way Hellman and Batty reached out to Heide and his boss to explain, in a way that would leave no written record, why they believed this was not a real server, an opinion that Heide would cite as one of four reasons he dismissed the allegations. Batty shared that opinion before sharing the substantive materials in the white paper with the Chicago agents.

These records should have led any sane prosecutor to conclude he had no case against Sussmann. These, along with at least two more exhibits (Bill Priestap’s notes and Ryan Gaynor’s briefing notes), show that numerous people in the FBI, including one of the guys who conducted the initial technical review of the anomalies, believed the white paper had a DNC tie. And at least some people at the FBI had concluded, absent evidence, that it was a political hit job.

How could Sussmann’s alleged lie be material if the initial conclusions about the anomaly presumed Sussmann was bringing the white paper for the DNC?

Hellman and Batty made materially contradictory comments about politics

As noted, Batty’s claim, made in a 2019 interview with Durham, seems to conflict with the record showing that he was informed of Sussmann’s involvement before he first obtained the thumb drives.

All the evidence that people in Cyber knew of and considered the role of the DNC in this tip — plus the way Durham measured Batty and Hellman’s reliability based on their partisanship — makes Hellman’s testimony at trial suspect, too. Hellman claimed, under oath, that he and Batty didn’t talk about whether these allegations had political origins in advance.

Q. And you and Special Agent Batty at least talked about whether this had political origins, didn’t you?

A. At that point I think the only thing that came up was just questioning the motive of somebody providing — like, who provided this report? I don’t recall any discussion about political motivations.

Q. Who would it have helped if the allegations were true?

A. It would have helped the opposing — it would have helped the democratic party.

Q. And that didn’t occur to you at all that that motivation might have been involved?

A. No.

This is one of several reasons I find it so curious that Durham didn’t cite the actual interviews in which Hellman and Batty talked about how they responded to the white paper by invoking politics: If Sussmann’s attorneys had received 302s reflecting they had, as Brady or even Jencks in Hellman’s case, you’d think they would have followed up on Hellman’s claim that politics didn’t come up by noting that he and Batty had both told Durham differently.

Hellman also claimed, under oath, that he never saw that text mentioning the DNC screencapped above, to which he responded by writing up a report, until 2020.

Q. All right. And then, with respect to Stranahan, he asks you and Nate to write a report about the — write a summary of the DNC report. Correct? That’s what it says?

A. That’s what it says in this chat, yes.

Q. And did you understand, sir, that the information had come from a DNC, meaning Democratic National Committee, source?

A. I did not understand that, no.

Q. Did you know what Nate Batty knew about it?

A. I don’t think he knew anything about it.

Q. Did you call up Tim and say, what a second. This is a DNC report? That’s political motivation.

A. No.

Q. Didn’t do anything or it didn’t occur to you?

A. The first time I saw this was two years ago when I was being interviewed by Mr. DeFilippis, and I don’t recall ever seeing it. I never had any recollection of this information coming from the DNC. I don’t remember DNC being a part of anything that we read or discussed.

Q. Okay. When you say, the first time you saw it was two years ago when you met with Mr. DeFilippis, that’s not accurate. Right? You saw it on September 21st, 2016. Correct?

A. It’s in there. I don’t have any memory of seeing it.

Later Berkowitz returned to the text. He asked Hellman how it could be that Batty could refer to the white paper from a lawyer who represented the DNC, in a text to Hellman, as the DNC report, without Hellman becoming aware that someone — his superior — was calling it a DNC report.

Q. And although you were surprised to see it today, it appears that at least somebody, such as Mr. Batty was aware and you were aware that somebody was calling this white paper a DNC report. Correct?

A. I was not aware that anybody was calling it a DNC report, and I don’t believe Mr. Batty knew that either.

Q. But you saw the link message. Right?

A. I did see the link message, yes.

Then Berkowitz asked Hellman how it could be that he would see a reference to a DNC report and not take from that it was a DNC report. Hellman responded by describing “the only explanation that … was discussed” — was that it was a typo.

Q. What’s your explanation for it?

A. I have no recollection of seeing that link message. And there is — have absolutely no belief that either me or Agent Batty knew where that data was coming from, let alone that it was coming from DNC. The only explanation that popped or was discussed was that it could have been a typo and somebody was trying to refer to DNS instead of DNC.

Q. So you think it was a typo?

A. I don’t know.

Q. When you said the only one suggesting it — isn’t it true that it was Mr. DeFilippis that suggested to you that it might have been a typo recently?

A. That’s correct.

Q. Okay. You didn’t think that at the time. Right?

A. I did not. I had never seen it or had any memory of seeing it ever before it was put in front of me.

That is, Hellman responded by explaining that Durham’s lead prosecutor Andrew DeFilippis, rather than asking whether the Lync text refreshed Hellman’s memory that he had been already been told this was a DNC report when he conducted the analysis, rather than recognizing that the evidence actually undermined his entire case, instead scripted an alternate explanation.

Just a typo.

And then Hellman repeated that script on the stand.

Under oath.

There are no declination decisions in Durham’s Report assessing how Hellman and Batty’s statements — in the 2019 interview and under oath on the stand — can be squared with the public record. Of course there aren’t declinations! When faced with documentary evidence that his disclaimer about awareness of a DNC role was suspect, Hellman simply parroted Durham’s own team.

But the fact that Durham didn’t even consider whether there was more evidence that Batty and Hellman lied to him than that Sussmann did is a testament to the fact that any misstatements they made would upend his entire project.

At trial, when Durham was desperate to claim that the five different exhibits that showed the FBI knew this report came from a DNC lawyer didn’t mean that the FBI had treated this as a DNC report, his star witness Scott Hellman said there was no discussion of politics when he and his boss assessed this report.

But in his report itself, Durham’s proof that their analysis was sound was that both FBI agents had told him (in interviews that he doesn’t cite) that they approached the report through a lens of politics.

Durham covered up Cyber’s clear errors

The fact that a supervisor in the Cyber Division concluded that this was a Democratic hit job timed to the debate makes Durham’s silence about Batty and Hellman’s clear errors all the more problematic.

I wrote them up in this post describing Hellman’s advice to newbie agent Alison Sands that, “any chance you get to work something like this that truly has 0 repercussions if you mess it up ….take those opportunities.”

The two most problematic clear errors bookend the otherwise redacted claim that they suspected this was a set up.

As that Lync text itself above makes clear: Hellman and Batty had already made conclusions about the white paper before he opened the thumb drive with the data that — Hellman later testified — is what made the two of them more qualified to assess this report than the counterintelligence agents who would later conduct the investigation. After having made a conclusion prior to reviewing the logs, Hellman and Batty claimed that the anomaly had only been going on for three weeks before the researchers started looking at it. That was probably a misreading of one of two histographs in the white paper. But it would have easily been debunked had they reviewed just the DNS logs provided, much less the data provided on the misplaced Blue Thumb Drive itself. There’s no way you make that error after having reviewed the DNS logs. Yet they did make that error, an error Durham never mentions in his report.

And Durham knows this claim is wrong, because the expert report he cites in his own report — which examined the smaller set of two logs included on the Red Thumb Drive — notes that the researchers included logs dating from May to September.

Durham repeats in his report, without correction, an even more serious error. Durham states, truthfully, that Batty and Hellman — two of the only FBI agents who investigated anything having to do with Russia in 2016 who haven’t subsequently been disciplined for their fuck-ups — claimed that there was no allegation of hacking in the white paper.

The report’s summary stated that they had “assess[ed] there is no CyD [Cyber Division] equity in this report and that the research conducted in the report reveals some questionable investigative steps taken and conclusions drawn.” 1477 The report acknowledged that there was no allegation of hacking and so there was no reason for the Cyber Division to investigate further.

But Durham doesn’t reveal that this claim — there was no allegation of hacking in the report — was false. Rather, he adopts it as his own.

As a footnote in the white paper Sussmann shared described, one reason the researchers offered that Spectrum might not have known it had this weird occurrence on its network (which the researchers incorrectly concluded was a Tor node) was because they had been hacked.

We discovered that Spectrum Health victim of a network intrusion. Therefore, Spectrum Health may not know what has a TOR exit node on is network. Alternatively. the De Vos family may have people at Spectrum who know here is a TOR node, i.e., TOR node could have been placed there with inside help.

“Network intrusion.” That’s a hack.

Outside researchers informed the FBI of an anomaly involving an IP address known to have been hacked. And yet the cyber guys concluded not just that this white paper was shit, but also that there was no Cyber Division equity — a hack — in it, and did so in just over a day.

The researchers were wrong about Tor, but they were right about the hack. When the FBI checked the Spectrum IP in question, they found that it had been compromised.

One reason this error is so problematic — aside from it discredits everything else Hellman and Batty did — is because it came as supervisors in the Cyber Division were trying to spin off this investigation because they had concluded, with no evidence, that it was a pre-debate set-up. Hellman and Batty concluded there was no hack not because of the evidence, but because they didn’t want to do this case.

John Durham congratulates these men because a Democrat and a Republican agreed about this white paper. But he doesn’t reveal that, in addition to getting several other key technical details wrong, they failed at their one job, to determine whether there was a hack involved. So instead of revealing that they failed in their one job in his report, Durham instead repeats their false claim, “The report acknowledged that there was no allegation of hacking,” and boasts because a Democrat and Republican ended up being badly, embarrassingly wrong together.

Now, as I noted, Durham covers up some of the other problems with this investigation.

The two most important are that the FBI violated the rule prohibiting overt investigative steps during the pre-election period, and perhaps partly because of that (as well as FBI’s failure to act immediately after Sussmann provided Eric Lichtblau’s name on September 22), by the time the FBI spoke to Alfa Bank, the potential suspect in this crime drama — the potential suspect which reached out to FBI rather than vice versa — Alfa had no log files left to review.

That’s the other big error the investigative team made, which Durham also covers up. The FBI didn’t understand that Mandiant’s judgement was useless until a March 2017 interview with Mandiant. Curtis Heide described at trial that he never — never!! — actually learned that the reassurances Alfa Bank had offered were based on a claim that a bank had no log files to review.

Q. And were you aware, while you were doing the investigation, that Mandiant, when it went to talk to AlfaBank to look into these allegations, did not have any historical data, that Alfa-Bank did not provide any historical data to Mandiant? Did you know that?

A. No

Here’s how Durham covered up that embarrassing failure in his report:

Mandiant provided the FBI with its findings, which too concluded that there was no evidence to support the allegations of a secret communications channel nor any evidence of direct communications between the Alfa Bank servers and Trump Organization servers.

In his report, Durham cites only an October 2016 302, not the March 2017 one where the FBI first learned how useless the Mandiant review would have been. Again, he makes absolutely no mention that a potential suspect in this story reached out to the FBI told the FBI that a potential crime scene had been wiped of digital fingerprints and did nothing.

Durham complains about other problems with the part of the investigation conducted by the counterintelligence agents — they made an error in their opening memo, for example.

But rather than bitching and moaning about the outright errors the FBI cyber agents committed during the investigation, like he did for every other FBI agent in his report (including the counterintelligence agents on the Alfa Bank investigation), Durham simply … covered those errors up. Repeated their false claims. Perpetuated the foundational error in the Alfa Bank anomaly investigation.

Durham couldn’t treat Hellman and Batty with the same ruthless contempt as he did all the other FBI agents he interviewed. That’s because the materially inconsistent claims and outright errors they made were all foundational to Durham’s project. Durham can’t admit that Hellman and Batty were among the most suspect and incompetent of every FBI agent involved. That’s because Durham built his entire case on the conclusion they drew before they even opened the thumb drives.

And that’s important for another reason: because of the investigative steps Durham took on DNS-related issues after he indicted Sussmann on September 16, 2021, and what they say about Durham’s efforts to manufacture claims to discredit the anomalies.

FBI Cyber Division’s Enduring Blue Pill Mystery

I’m writing a post on the technical analysis John Durham included in his report purporting to debunk the white papers submitted via Michael Sussmann to, first, the FBI and, then, the CIA. But first I’m going to do something even more tedious: Try to track down FBI’s persistent blue pill problem — or rather, the FBI’s apparent failure to ever analyze one of two thumb drives Sussmann shared with Jim Baker in September 2016, the Blue one.

Last year, before Sussmann’s trial, Durham had FBI’s top technical people review what he claimed were the data Sussmann had shared. He cited those reports in his own report, claiming they debunk the white papers.

Here’s how they are described in footnotes.

  • 1635 FBI Cyber Division Cyber Technical Analysis Unit, Technical Analysis Report (April 20, 2022) (hereinafter “FBI Technical Analysis Report”) (SCO _ 094755)
  • 1671 FBI Cyber Technical Operations Unit, Trump/Alfa/Spectrum/Yota Observations and Assessment (undated; unpaginated).

Not only doesn’t the YotaPhone report have a date, but it doesn’t have a Bates stamp reflecting that it was shared with Sussmann. I’ll get into why that is interesting in my follow-up post.

Below is a summary of the materials Sussmann provided to both agencies. By description, the Technical Analysis Report only reviews the white paper and the smaller of two sets of text DNS logs included on the Red Thumb Drive. By description the Trump/Alfa/Spectrum/Yota Observations only review the Yota White Paper.

The data FBI’s technical people reviewed appear to be restricted to what is marked in blue.

They did review the actual thumb drives turned over to the CIA, because they found hidden data on one; there’s no indication they reviewed the thumb drives provided to the FBI.

In fact, it’s impossible that they reviewed the data included on the second thumb drive Sussmann shared, the Blue one.

That’s because the FBI analysis claims Sussmann only provided 851 resolutions, which is the 19-page collection of text files included on the Red Thumb Drive, not even the larger set.

Similarly, the FBI experts told us that the collection of passive DNS data used to support the claims made in the white paper was also significantly incomplete. 1657 They explained that, given the documented email transmissions from IP address 66.216.133.29 during the covered period, the representative sampling of passive DNS would have necessarily included a much larger volume and distribution of queries from source IP addresses across the internet. In light of this fact, they stated that the passive DNS data that Joffe and his cyber researchers compiled and that Sussmann passed onto the FBI was significantly incomplete, as it included no A-record (hostname to IP address) resolutions corresponding to the outgoing messages from the IP address. 1658 Without further information from those who compiled the white paper data, 1659 the FBI experts stated that it is impossible to determine whether the absence of additional A record resolutions is due to the visibility afforded by the passive DNS operator, the result of the specific queries that the compiling analyst used to query the dataset, or intentional filtering applied by the analyst after retrieval. 1660

1659 The data used for the white paper came from Joffe’s companies Packet Forensics and Tech Company-I. As noted above, Joffe declined to be interviewed by the Office, as did Tech Company-2 Executive-I. The 851 records of resolutions on the USB drive were an exact match for a file of resolutions sent from University-I Researcher-2 to University-I Researcher- I on July 29, 2016, which was referred to as “[first name of Tech Company-2 Executive-l]’s data.” Id. at 7.

1660 Id. [bold]

There’s no way they would have come to this conclusion if they had seen the Blue Thumb Drive, which had millions of logs on it.

In fact, it appears that the FBI never did review that Blue Thumb Drive when they were investigating the Alfa Bank anomaly.

They didn’t do so, it appears, because the Cyber Division Agents who first reviewed the allegations, Nate Batty and Scott Hellman, misplaced the Blue Thumb Drive for weeks.

That may not have been an accident.

Batty and Hellman’s initial review, which they completed in just over a day, was riddled with errors (as I laid out during the trial). Importantly, they could not have reviewed most of the DNS logs before writing their report, because they claimed, “the presumed suspicious activity began approximately three weeks prior to the stated start [July 28] of the investigation conducted by the researcher.”

Even the smaller set of log files included on the Red Thumb Drive showed the anomaly went back to May. A histograph included in the white paper shows the anomaly accelerating in June.

Had anyone ever reviewed the full dataset, the shoddiness of their initial analysis would have been even more clear.

Here’s how the FBI managed to conduct an investigation on two thumb drives without, it appears, ever looking at the second one.

As the chain of custody submitted at trial shows, Jim Baker accepted the thumb drives, then handed them off to Peter Strzok, who then handed them off to Acting Assistant Director of Cyber Eric Sporre, who at first put the thumb drives in his safe, then handed them over to Nate Batty.

Within hours (these logs are UTC), Batty and Hellman started mocking the white paper but also complaining about the “absurd quantity of data.”

Hellman, at least, admitted at trial that he only knows the basics about DNS.

The next day, Batty told Hellman that their supervisor wanted them to write a “brief summary” of what he calls “the DNC report.” Batty appears to have known of Sussmann from other cases and he was informed that Sussmann was in the chain of custody.

In spite of the clear record showing Batty was informed who provided the thumb drives, in 2019, he told Durham that he and Hellman — whose analysis was so shitty — had considered filing a whistleblower complaint because they weren’t told what the documentary record shows he was clearly informed. And Durham thought that was sufficiently credible to stick in his report.

Before writing an analysis of this report, Batty admitted, they should first “plug the thumb drives” in and look at the files before they wrote a summary.

The documentary evidence shows that these guys formed their initial conclusion about the white paper without ever reviewing the data first.

A day later, Curtis Heide texted from Chicago and asked them to upload the thumb drives, plural, so they could start looking at them.

They only uploaded one, the Red Thumb Drive.

That’s clear because when Kyle Steere documented what they had received on October 4, he described that his report is, “a brief summary of the contents of the USB drive,” singular. The contents match what were on the Red Thumb Drive.

Two hours and 16 minutes later, after uploading the Red Drive, Batty asked if he should send the actual thumb drives to Chicago.

48 minutes later, Batty asked Hellman if he had the Blue Thumb Drive.

The chain of custody shows that Batty didn’t send anything on September 22, when he and Hellman were panicking about the missing Blue Thumb Drive. Instead, he put something in storage on October 6, two weeks later. That he put them in storage makes no sense, because when he wrote an Electronic Communication explaining why he was sending the thumb drives to Chicago on October 11 (by that point, 19 days after saying they would send the thumb drives to Chicago that day), he claimed,

Due to case operational tempo, and the need to assess the data at ECOU-1 prior to referring the matter to the [Chicago] division the evidence was not charged into evidence (at the NVRA) until October 6, 2016.

Not a shred of evidence in the available record supports that claim and a great deal shows it to be false.

But he didn’t send the physical thumb drives until October 12, FedEx instead of internal BuMail.

By October 12, the FBI had decided there was nothing to these allegations.

Somewhere along the way, there was some confusion as to whether there was one or two thumb drives. At the time the case ID was added — the case was opened on September 23 — it seems to have been understood there was just one thumb drive.

Batty does seem to have sent two thumb drives, one Red and one Blue, to Chicago after that 20-day delay, though.

At trial on May 23, Alison Sands dramatically pulled two thumb drives — a Red Thumb Drive and a Blue Thumb Drive — out of the evidence envelope where she put them years earlier.

Q. Ms. Sands, I’m showing you what’s been marked for identification as Government’s Exhibit 1. Do you recognize that?

A. Yes.

Q. What is that?

A. This is the la envelope.

Q. Do you know what this envelope contains?

A. Yes, it contains the thumb drives. So I basically took them out of evidence and put it into this envelope.

[snip]

Q. Now, Ms. Sands, do you recall how many thumb drives there were?

A. Yes, there’s two.

Q. Do you recall if they had any particular colors?

A. One is blue and one is red.

On the stand, Sands also introduced Steere’s memo, the one that documented the contents of the Red Thumb Drive. In doing so, though, she falsely claimed (at least per the transcript) that the memo described both thumb drives.

Q. Do you recognize what Government’s 206 is?

A. Yes.

Q. What is that?

A. It is the EC documenting what information was on the thumb drives that were provided.

She also introduced the items included on the Red Thumb Drive, one after another, into evidence.

Except for the 19-page set of text files used for technical analysis.

When prosecutor Brittain Shaw got to that file in Steere’s memo, she tried to move it into evidence, but both Judge Cooper and Sussmann attorney Michael Bosworth noted it was already in evidence.

MS. SHAW: Could we go back to Government’s Exhibit 206, please? Moving down the list —

BY MS. SHAW:

Q. The second item, what is that?

A. It is data that was provided as alleged evidence of these DNS lookup tables.

Q. After number 2, is that the title that was given to the file or is that something you assigned?

A. I believe that’s something we assigned.

Q. Okay.

MS. SHAW: And if I could have Government’s Exhibit 208, please. If you’d just blow that up a little bit. Thank you.

BY MS. SHAW:

Q. And, Ms. Sands, do you recognize what that is?

A. Yes, these are the DNS lookups that I just described.

MS. SHAW: All right. I would move Government’s Exhibit 208 into evidence.

MR. BOSWORTH: It may be —-

THE COURT: I think it’s probably in.

MS. SHAW: All right.

It was already in.

Almost a week earlier, Scott Hellman introduced what he called “a portion” of the data included with the exhibit. It was the 19-page text file of DNS logs that reviewed in the Technical Analysis included on the Red Thumb Drive. He didn’t describe it as one stand-alone document included on the thumb drive. He seemed to imply this was a selection the FBI had made.

Q. And if I could show just to you on your screen what’s been marked Government Exhibit 208. And Agent Hellman, this is about an 18- or 19-page document. But you just see the first page here. Do you recognize this?

A. It appears to be a portion of the technical data that came along with the narrative.

MR. DeFILIPPIS: All right. Your Honor, the government offers Government Exhibit 208.

MR. BERKOWITZ: No objection.

THE COURT: So moved.

Q. And if we look at that first page there, Agent Hellman, what kind of data is this?

A. It appears to be — as far as I can tell, it looks to be — it’s log data. So it’s a log that shows a date and a time, a domain, and an IP address. And, I mean, that’s — just looking at this log, there’s not too much more from that.

Q. And do you understand this to be at least a part of the DNS data that was contained on the thumb drives that I think you testified about earlier?

All the while, he and DeFilippis referred to this as “a part” of the DNS data and referred to the thumb drives, plural.

And that, it appears, may be all the data anyone at the FBI ever analyzed.

Update: I erroneously said there were texts between Batty and Hellman that may have gotten deleted. I’ve corrected that error.

Update: I added details from the Lync files showing Batty provided a claim that conflicts with all public evidence about why he didn’t check the thumb drives into evidence until after the investigation was substantively done.

Update: I’ve updated the table to show what Sussmann shared. Particularly given FBI’s shoddy record-keeping and Durham’s obfuscation, it’s not clear on which drive GX209 was, nor is it clear whether there was a separate set of CSV DNS logs on the Blue Drive and if so how many logs they included.

John Durham Fabricated His Basis to Criminalize Oppo Research

I’d like to talk about Durham’s treatment of what he calls the “Clinton Plan” in his report, an attempt to criminalize Hillary’s effort to hold Trump politically accountable for his coziness with Russia.

This part of the investigation was the core of Durham’s work. Charlie Savage noted that, after Durham found no evidence US intelligence targeted Trump by early 2020, he and Barr then turned to trying to blame Hillary for the FBI’s suspicions about Trump.

But by the spring of 2020, according to officials familiar with the inquiry, Mr. Durham’s effort to find intelligence abuses in the origins of the Russia investigation had come up empty.

Instead of wrapping up, Mr. Barr and Mr. Durham shifted to a different rationale, hunting for a basis to blame the Clinton campaign for suspicions surrounding myriad links Trump campaign associates had to Russia.

I’m going to variably refer to this as “Durham’s Clinton conspiracy theory,” because it’s what he imagines this might be: a criminal conspiracy to lie to the FBI, or “Russian intelligence,” which is what it is based on. Durham, however, names it the “Clinton Plan,” accepting as given that the Russian intelligence product he bases it on is truthful, even while admitting that the intelligence community believes it may not be. And as we’ll see, he omits part of the intelligence report to make it all about Hillary.

Durham’s Clinton conspiracy theory is the first mention of a potential crime in his description of the scope of his investigation (the first two bullets had significantly been covered by DOJ IG by the time Durham started his investigation and weren’t criminal at all).

Similarly, did the FBI properly consider other highly significant intelligence it received at virtually the same time as that used to predicate Crossfire Hurricane, but which related not to the Trump campaign, but rather to a purported Clinton campaign plan “to vilify Donald Trump by stirring up a scandal claiming interference by Russian security services,” which might have shed light on some of the Russia information the FBI was receiving from third parties, including the Steele Dossier, the Alfa Bank allegations and confidential human source (“CHS”) reporting? If not, were any provable federal crimes committed in failing to do so?

Only after that bullet does Durham list, in describing the scope of his criminal investigation, the possibility that people lied to the FBI, the only imagined crimes he discovered, and for which he got only acquittals.

The order of these bullets tracks the known timeline of the investigation, which I laid out here: Durham didn’t fully develop his now-debunked theory that Michael Sussmann and Igor Danchenko lied to the FBI and then — building off that theory — come to believe Clinton had conspired to lie to the FBI. Rather, he worked in the opposite direction, pursuing the Clinton conspiracy theory first, and only after Nora Dannehy thwarted Durham’s attempts to release an interim report focused on that conspiracy theory just before the 2020 election, did he do key interviews collecting much of his evidence in the Alfa Bank and Danchenko investigations. Worse still, in both investigations, he never took obvious steps (like checking Jim Baker’s iCloud, or interviewing the Clinton staffers Sussmann allegedly coordinated with, or interviewing Sergei Millian, to say nothing of interviewing George Papadopoulos, which he never did) until months after indicting the two men. Everything happened in reverse order than it should have if he were following the evidence.

The section describing his Clinton conspiracy theory makes up almost 18 pages of the report, about 5% of the total. Here’s a summary of that section:

While I won’t focus on it, note that about a third of this section consists of complaints about the Steele dossier and Fusion, some of which conflicts with his complaints about the Steele dossier elsewhere, some of which ignores evidence submitted at the Sussmann trial.

Even on its face, there are real problems with Durham’s Clinton conspiracy theory. As Phil Bump (one, two) and Dan Friedman already showed, Hillary’s concerns about Trump couldn’t have been the cause of the investigation into Trump. By the time (a Russian intelligence product claimed) that Hillary approved a plan to tie Trump to Russia on July 26, 2016, the events that would lead FBI to open an investigation were already in place. Here’s Friedman:

This isn’t just false. It would require time travel. Durham himself confirms that the FBI launched its investigation into Trump and Russia based on events that occurred months prior to Clinton’s alleged July 26 approval of the plan. In April 2016, George Papadopoulos, a foreign policy adviser to the Trump campaign, met with a professor with Kremlin ties, who informed him that Russia “had obtained ‘dirt’ on…Clinton in the form of thousands of emails,” as Robert Mueller’s final report noted.  A week later, according to Mueller, Papadopoulos “suggested to a representative of a foreign government that the Trump Campaign had received indications from the Russian government that it could assist the Campaign through the anonymous release” of damaging material. When hacked Democratic emails were indeed published—by WikiLeaks on July 22—this foreign diplomat alerted US officials about what Papadopoulos had said. The FBI quickly launched an official investigation into the Trump campaign’s Russia ties in response to that tip, Durham notes, while arguing they should have begun only a “preliminary investigation.”

It was the same Russian hack, not Hillary Clinton, that drove media attention, even before the documents were leaked to the public.

Ultimately, Durham hangs potential criminality (at least with respect to the FBI) on the Carter Page FISA applications, a suggestion that by not alerting the FISA Court that (Russia claimed) Hillary had this plan, the FBI was withholding what he calls “exculpatory” information. But in doing that, Durham conflates a Russian intelligence report making claims about Hillary with Hillary herself, something else Friedman rightly mocks.

To figure out how an American presidential campaign supposedly went about attacking a rival campaign, Durham relied on information US intelligence gathered on claims made by Russian intelligence agents about what they supposedly found by spying on Americans. That’s a pretty roundabout way to learn the kind of information you’d expect to see in “Playbook.” And this game of spy telephone was actually even longer than Durham details. According to the New York Times, US spies obtained their “insight” into Russian intelligence thinking from Dutch intelligence, which was spying on the Russians as the Russians spied on Americans. Durham seems to have found no other confirmation for his “Clinton Plan intelligence.” That’s reason enough for skepticism.

But there is a bigger problem. Russian security services did hack Clinton’s campaign to help Trump, according to the entire US intelligence community and the Senate Intelligence Committee. Yet Durham relies on those Russian spies for insight into how Clinton reacted to the hack. That is like the cops citing a bank robber who says the bank framed him.

Given how selective Durham is about how he treats Russian disinformation, this is a grave problem for his project, which I’ll return to.

But there are far more problems with Durham’s conspiracy theory.

Durham invents out of thin air that Hillary’s plan included false information

First, it’s not just that Durham focused his entire investigation on potential Russian disinformation with little worry about doing so.

At least per what is in the unclassified report, Durham added something to the Russian intelligence product: That Hillary had a plan to spread “false” information. Durham’s first paragraph explaining why the Russian intelligence claim about a Hillary plan is important claims:

First, the Clinton Plan intelligence itself and on its face arguably suggested that private actors affiliated with the Clinton campaign were seeking in 2016 to promote a false or exaggerated narrative to the public and to U.S. government agencies about Trump’s possible ties to Russia. [my emphasis]

Durham bases his entire pursuit of this piece of Russian intelligence on his judgment that the Russian intelligence “arguably suggested” Hillary’s people were going to pursue a “false or exaggerated” narrative to tie Trump to Russia. But the notion that this narrative would be — would have to be! — false is nowhere in any of the three formulations of the intelligence Durham describes in his unclassified report.

U.S Presidential candidate Hillary Clinton had approved a campaign plan to stir up a scandal against U.S. Presidential candidate Donald Trump by tying him to Putin and the Russians’ hacking of the Democratic National Committee.

[snip]

CIA Director Brennan subsequently briefed President Obama and other senior national security officials on the intelligence, including the “alleged approval by Hillary Clinton on July 26, 2016 of a proposal from one of her foreign policy advisors to vilify Donald Trump by stirring up a scandal claiming interference by Russian security services.”

[snip]

U.S. Presidential candidate Hillary Clinton’s approval of a plan concerning U.S. Presidential candidate Donald Trump and Russian hackers hampering U.S. elections as a means of distracting the public from her use of a private mail server.

Even the Russians were only claiming that Hillary would tie Trump to the hacking targeting her. The Russians didn’t claim Hillary would lie to do so. Yet Durham justifies this prong of investigation by adding something to the Russian intelligence that wasn’t in it: that tying Trump to Russia would “arguably” require false information.

That’s an utterly critical addition to what was actually contained in the Russian intelligence, because — as Durham noted in a footnote to this paragraph — oppo research is not itself illegal. It only becomes illegal if you intentionally lie to the government about it.

393 To be clear, the Office did not and does not view the potential existence of a political plan by one campaign to spread negative claims about its opponent as illegal or criminal in any respect. As prosecutors and the Court reminded the jury in the Sussmann trial, opposition research is commonplace in Washington, D.C. and elsewhere, is conducted by actors of all political parties, and is not a basis in and of itself for criminal liability. Rather, only if the evidence supported the latter of the two conditions described above-i.e., if there was an intent by the Clinton campaign or its personnel to knowingly provide false information to the government-would such conduct potentially support criminal charges.

Never mind that Durham never developed evidence that the Hillary campaign wanted or intended to privately share either the Steele dossier or the Alfa Bank allegations with the FBI. In fact, his report provides affirmative evidence that the Hillary campaign wanted nothing to do with the FBI, because it had already so damaged her campaign.

Without Durham’s invention — something that he made up out of thin air! — that Hillary planned to spread false information, Durham had no business spending three years investigating this. And remember, much of his investigation on Danchenko and the Alfa Bank allegations happened a year after he started pursuing his Clinton conspiracy theory, and two juries ultimately rejected his accusations that even the people who did share information with the FBI intentionally shared false information.

That’s one of many reasons why it matters that Durham so assiduously ignores all the evidence that Trump really was tied to Russia — that Mueller really did find hundreds of such ties, including a slew that Trump and his closest associates lied to the FBI to hide.

By the time Hillary allegedly approved this plan, on July 26, Trump had publicly hired a campaign manager with close ties to Russia, his foreign policy advisor had publicly made pro-Russian comments while speaking in Moscow, and he himself had publicly attacked NATO. The next day (and the day before the CIA discovered this), Trump publicly called for Russia to help him and publicly floated recognizing Russia’s annexation of Crimea. Even just on what was public, Hillary wouldn’t have had to invent anything.

But Russia knew about far more that wasn’t public. In January, Michael Cohen contacted the Kremlin to pursue a real estate deal in Moscow, involving both GRU and a sanctioned bank, something Trump would lie publicly about on July 27. In April, George Papadopoulos got an early warning of this operation. In May, Paul Manafort started sending polling data via Konstantin Kilimnik to Oleg Deripaska. In June, Trump’s failson accepted a meeting from the son of a Russian Oligarch promising dirt on Hillary. If you believe Rick Gates, Roger Stone claimed he was in contact with Guccifer 2.0 before the persona went public in June, and on July 25 (the day before the Russians claimed Hillary approved this purported plan), Manafort asked Stone to reach out to WikiLeaks and find out what else they had. The only one of these details that Russia didn’t definitely know was that Stone was pursuing WikiLeaks. By the time it wrote up that intelligence report, Russia was involved in all the rest of it.

And as I noted, Durham hid most of these non-public details. He hid the abundant evidence that Hillary wouldn’t have needed to make false claims, because the public and private reality all confirmed what Russia claimed Hillary was going to claim: that Trump had ties to Russia, ties he was hiding from voters.

Durham invents something that wasn’t in the Russian intelligence report he relies on, even while hiding abundant evidence that Hillary would have no reason to make stuff up, because there was so much public that was already damning.

Durham uses Hillary’s focus on true events as proof of his false claims

After inventing the claim that Russia said Hillary would rely on false information to tie Trump to the Russian operation, Durham points to Clinton’s focus on true things as evidence that Clinton really did have such a plan. In section vi, which Durham describes as, “Other evidence obtained by the office that appears to be relevant to an analysis of the Clinton Plan intelligence,” Durham uses several entirely true things that Hillary’s foreign policy advisors did, two of which precede the date when (the Russian intelligence report claims) Hillary approved a plan to focus on Trump, to try to prove that such a plan existed.

The section is punctuated with one after another Hillary staffer, and Hillary herself, saying that no such plan existed, but in spite of that, Durham spins three pieces of documentary evidence to claim it supports his conspiracy theory. The documentary evidence cited starts with a July 27 letter-writing effort to condemn Trump’s attacks on NATO.

We are writing to enlist your support for the attached public statement. Both of us are Hillary Clinton supporters and advisors but hope that this statement could be signed by a bipartisan group[.] Donald Trump’s repeated denigration of the NATO Alliance, his refusal to support our Article 5 obligations to our European allies and his kid glove treatment of Russia and Vladimir Putin are among the most reckless statements made by a Presidential candidate in memory.

This letter wasn’t even oppo research: It was mainstream opinion about a true fact about Trump.

Durham’s focus on this is exactly analogous to GOP efforts to attack a completely true letter former spooks wrote expressing their opinion that the Hunter Biden laptop looked like a Russian information operation, which Republican Congressmen have falsely depicted as a claim about disinformation. It’s even worse though, because Durham points to the mere expression of an opinion as evidence of criminal intent. True (and solidly within mainstream) opinion equals false and criminal in Durham’s book.

Then Durham turns to a Hillary staffer’s early July effort to follow-up on Franklin Foer’s July 4, 2016 review of Trump’s very real Russian ties. The article itself is really inconvenient for Durham’s narrative, because it summarizes all the absolutely true reasons (in addition to the ones I listed above) why Trump’s Russian ties were suspect, including an accurate description of why Carter Page’s fawning praise for Russia was so alarming. The article effectively proves this was a press concern before Hillary allegedly approved a plan to make it one. Given Foer’s later ties to Fusion, this entirely accurate article likely also relies on Fusion research, but Durham puts it in this section rather than the 5-page Fusion subsection, perhaps to hide that Fusion’s open source research largely held up. Perhaps because this Foer article itself undermines Durham’s narrative in various ways, Durham claimed this follow-up pertained to this June 2020 Foer article rather than the one written in July 2016, which would require an even more time travel than what Friedman described. Did Durham read the real article here and realize how badly it undermined all his claims about Fusion and Hillary and so cite one written four years later?

Insanely, however, Durham claims that this July 5 attempted follow-up, “provide[s] some support for the notion that the Clinton campaign was engaged in an effort or plan in late July 2016 to encourage scrutiny of Trump’s potential ties to Russia.” Durham cites a Clinton staffer’s focus on Trump’s true ties to Russia as proof Hillary approved — three weeks later — a plan to invent such ties. Again, true equals false.

Perhaps the craziest of all, buried deep in his report, Durham claims that Hillary’s staffers’ interest in finding out whether the FBI was actually investigating the crime committed against her — without any tie to Trump — is proof that Hillary had a plan targeting Trump.

In addition, on July 25, 2016, Foreign Policy Advisor-1 had the following text message exchange with Foreign Policy Advisor-2:

[Foreign Policy Advisor-2]: Can you see if [Special Assistant to the President and National Security Council member] will tell you if there is a formal fbi or other investigation into the hack?

[Foreign Policy Advisor-1]: [She] won’t say anything more to me. Sorry. Told me [she] went as far as [she] could.

[Foreign Policy Advisor-2]: Ok. Do you have others who might?

[Foreign Policy Advisor-1]: Has [Individual-2] tried [her]? Curious if [she] would react differently to [Individual-2]? can also try OVP [Office of the Vice President]. They might say more.

[Foreign Policy Advisor-2]: I don’t know if he has but can ask. Would also be good to try ovp, and anyone in IC [intelligence community]

[Foreign Policy Advisor-1]: Left messages for OVP but politico just sent me a push notification stating that they are indeed investigating.

[Foreign Policy Advisor-2]: Fbi just put our [sic] statement. Thx454

Remember: Durham accuses the FBI of confirmation bias, but here he uses a victim’s attempt to find out whether the crime committed against her was being investigated as evidence that, instead, she was victimizing Trump.

More problematic for Durham’s conspiracy theory, emails the Special Counsel only sought out in response to Sussmann’s discovery requests show that Sussmann knew of the investigation (because he was helping the FBI conduct it), proving that he had no ties with the people Durham imagined were behind this conspiracy theory.

In fact, FBI’s Assistant Director would concede to Sussmann that he should have consulted with the campaign before making such a public statement.

First let me apologize for any perceived or actual disconnect on this matter. I agree fully that when making statements to the media and others, we need to be in lock step with victims and partners. In this case, it appears we were not.

The FBI admitted it fucked up by not being more forthcoming about the status of the investigation. But Durham takes an effort to learn about whether there even was an investigation and claims it is evidence that victim may have committed a crime. This is the digital equivalent of slut-shaming, criminally investigating Hillary because she was hacked.

Durham’s report takes true stuff, some of it unrelated to Trump and other parts of it before the purported plan, as evidence that Hillary wanted to make false claims. And remember, these true details that Durham adopts to support his invented claim that Hillary was pursuing a false narrative are things Durham relies on to justify adopting a Russian intelligence product as the backbone of his investigation.

Given how shoddy this stuff is, I can only imagine what additional stuff he pointed to in his classified summary.

What Durham calls “Clinton Plan” is actually the Hillary-and-Guccifer intelligence

Time for a detour about Guccifer 2.0.

Remember how Durham omitted, without an ellipsis, damning information about Sam Clovis?

He similarly omitted two redacted lines in his presentation of the CIA referral of the Russian intelligence about Hillary and Guccifer 2.0. Here’s what it looks like in his report, with Durham’s omission marked:

Here’s what the original looks like, with the redaction Durham omitted marked.

I don’t know what is behind the redaction. Given what Durham did with the Clovis information, it probably doesn’t help his narrative. And given that Durham barely mentions Roger Stone and definitely doesn’t mention the rat-fucker’s suspected advance discussions with Guccifer 2.0, and given that his lead prosecutor criticized DARPA investigators for trying to identify Guccifer 2.0, the redaction is suspect. At the very least though, he should be referring to this not as “Clinton Plan intelligence,” but as “Hillary-and-Guccifer intelligence,” because that’s how it got packaged up for the FBI.

And if he treated this as Hillary-and-Guccifer intelligence, Durham might consider why the FBI didn’t begin to look at Roger Stone’s ties to Guccifer until almost a year after opening Crossfire Hurricane — but that would provide proof that the FBI wasn’t aggressive enough in their investigation of Trump, not that they were too aggressive.

Durham conflates reporting on Russia’s attack on the US with intelligence about Hillary

Durham’s failure to note the two-line redaction about Guccifer 2.0 matters because of something else he does.

First, note that this intelligence, if true, seems to reflect the collection by Russian spy agencies of recent communications between Hillary’s close associates (which would be explained in the second redaction). So if the intelligence were true, it would reflect a Presidential candidate’s associates being wiretapped by foreign spies. But Durham isn’t interested in that part of it. He’s interested in the content that Russia allegedly intercepted, not the the claimed intercept itself.

Key to Durham’s claim that the content of what Russia claimed to have intercepted from Hillary associates, rather than the claimed interception itself, is important is that John Brennan briefed it, the content, “expeditiously” to President Obama. But throughout this section, Durham plays word games to suggest a larger collection of intelligence is the same thing as the intelligence pertaining to Hillary(-and-Guccifer). As you read this section, imagine how it would read if instead of “Clinton Plan,” it read, “the intercept of Hillary’s associates.”

The Intelligence Community received the Clinton Plan intelligence in late July 2016. 397 The official who initially received the information immediately recognized its importance including its relevance to the U.S. presidential election- and acted quickly to make CIA leadership aware of it. 398

[snip]

Immediately after communicating with the President, Comey, and DNI Clapper to discuss relevant intelligence, Director Brennan and other agency officials took steps to ensure that dissemination of intelligence related to Russia’s election interference efforts, including the Clinton Plan intelligence, would be limited to protect sensitive information and prevent leaks.404

[snip]

On August 3, 2016, within days of receiving the Clinton Plan intelligence, Director Brennan met with the President, Vice President and other senior Administration officials, including but not limited to the Attorney General (who participated remotely) and the FBI Director, in the White House Situation Room to discuss Russian election interference efforts. 406 According to Brennan’s handwritten notes and his recollections from the meeting, he briefed on relevant intelligence known to date on Russian election interference, including the Clinton Plan intelligence. 407 Specifically, Director Brennan’s declassified handwritten notes reflect that he briefed the meeting’s participants regarding the “alleged approval by Hillary Clinton on 26 July of a proposal from one of her [campaign] advisors to vilify Donald Trump by stirring up a scandal claiming interference by the Russian security services.”408

[snip]

In late September 2016, high-ranking U.S. national security officials, including Comey and Clapper, received an intelligence product on Russian interference in the 2016 presidential election that included the Clinton Plan intelligence. 421

[snip]

CIA Director Brennan and other intelligence officials recognized the significance of the intelligence by expeditiously briefing it to the President, Vice President, the Director of National Intelligence, the Attorney General, the Director of the FBI, and other senior administration officials. 491 [my emphasis]

Virtually all these references are to the wider body of intelligence the CIA was collecting on Russia’s targeting of Hillary, and the one that’s not — the reference to the discovery of the intelligence — almost certainly refers to the intelligence shared by the Dutch. Nevertheless, Durham uses the urgency of the intelligence about an ongoing attack to claim the importance of the Hillary-and-Guccifer intelligence.

The Hillary stuff — and whatever reference to Guccifer it included — was just one piece of intelligence among a bunch of intelligence. It probably wasn’t considered all that important a part of that intelligence, because it only appears on pages 5 and 6 of the notes taken from Brennan’s briefing of the intelligence.

In fact, Durham’s description of Brennan’s interview suggests that Brennan didn’t even consider this to be a piece of intelligence about Hillary. Indeed, he thought the intelligence was about Russia hacking Hillary, not Hillary making a plan to talk about being hacked by Russia.

When interviewed, Brennan generally recalled reviewing the materials but stated he did not recall focusing specifically on its assertions regarding the Clinton campaign’s purported plan. 400 Brennan recalled instead focusing on Russia’s role in hacking the DNC. 401

On July 28, 2016, Director Brennan met with President Obama and other White House personnel, during which Brennan and the President discussed intelligence relevant to the 2016 presidential election as well as the potential creation of an inter-agency Fusion Cell to synthesize and analyze intelligence about Russian malign influence on the 2016 presidential election. 402

Brennan’s impression that this intelligence was about Russia’s hack of the DNC would make sense if it were treated as a piece of intelligence about Russia intercepting communications of Hillary’s associates.

Durham’s conflation of the Hillary-and-Guccifer-specific intelligence with the wider body of intelligence continues as he describes how it got shared with the FBI. Again, imagine how this passage would read if you replaced “Clinton Plan” with “intercept of Hillary’s associates.”

It appears, however, that this occurred no later than August 22, 2016. On that date, an FBI cyber analyst (“Headquarters Analyst-2”) emailed a number of FBI employees, including Supervisory Intelligence Analyst Brian Auten and Section Chief Moffa, the most senior intelligence analysts on the Crossfire Hurricane team, to provide an update on Russian intelligence materials. 409 The email included a summary of the contents of the Clinton Plan intelligence. 410 The Office did not identify any replies or follow-up actions taken by FBI personnel as a result of this email.

When interviewed by the Office, Auten recalled that on September 2, 2016 – approximately ten days after Headquarters Analyst-2’s email – the official responsible for overseeing the Fusion Cell briefed Auten, Moffa, and other FBI personnel at FBI Headquarters regarding the Clinton Plan intelligence. 411

[snip]

FBI records reflect that by no later than that same date (September 2, 2016), then-FBI Assistant Director for Counterintelligence Bill Priestap was also aware of the specifics of the Clinton Plan intelligence as evidenced by his hand-written notes from an early morning meeting with Moffa, DAD Dina Corsi and Acting AD for Cyber Eric Sporre. 415

He falsely suggests that the entirety of an investigative referral memo regarded,

“U.S. Presidential candidate Hillary Clinton’s approval of a plan concerning U.S. Presidential candidate Donald Trump and Russian hackers hampering U.S. elections as a means of distracting the public from her use of a private mail server.”

In fact, the memo in which this intelligence got formally packaged up for the FBI included three things, paragraph a, paragraph b, and paragraph c (though the Hillary-and-Guccifer intelligence was first), with the introduction that these were simply “examples of information the CROSSFIRE HURRICANE fusion cell has gleaned to date,” not that they were particularly important examples. Nevertheless, Durham pretends the Hillary-and-Guccifer intelligence was the entirety of the memo.

There’s no reason to believe any of these briefings were about the Hillary-and-Guccifer intelligence specifically. Durham pretends there was a buzz among the intelligence agencies about Hillary, when in reality there was a buzz about Russia hacking Hillary that he presents as if it were primarily about Hillary.

Durham failed to coach witnesses into claiming they had received the FBI memo

In the section where Durham considers whether to charge some FBI agents for not doing more with the the Russian Hillary-and-Guccifer intelligence, he repeats his ploy of conflating the Hillary-and-Guccifer intelligence with the wider body of evidence to even deign to make a prosecutorial decision, though in this instance, he provides no reminder that the Hillary-and-Guccifer intelligence was just one of the things Brennan briefed to Obama, after five pages of other items.

The FBI thus failed to act on what should have been – when combined with other, incontrovertible facts – a clear warning sign that the FBI might then be the target of an effort to manipulate or influence the law enforcement process for political purposes during the 2016 presidential election. Indeed, CIA Director Brennan and other intelligence officials recognized the significance of the intelligence by expeditiously briefing it to the President, Vice President, the Director of National Intelligence, the Attorney General, the Director of the FBI, and other senior administration officials. 491

He lets the urgent import of an ongoing Russian hack to stand in for the import of this Hillary-and-Guccifer intelligence.

And that’s important, because Durham makes a prosecutorial decision about whether to charge FBI agents for how they responded to the intelligence that Russia claimed to have intercepted communications of Hillary personnel without proof that most of them ever read it.

As he describes, the top analytical people on the campaign learned of the claimed intercept of Hillary associates almost a month after CIA first obtained it.

On that date, an FBI cyber analyst (“Headquarters Analyst-2”) emailed a number of FBI employees, including Supervisory Intelligence Analyst Brian Auten and Section Chief Moffa, the most senior intelligence analysts on the Crossfire Hurricane team, to provide an update on Russian intelligence materials. 409 The email included a summary of the contents of the Clinton Plan intelligence. 410

There were in-person briefings for the top analytical people and the cyber people ten days later.

When interviewed by the Office, Auten recalled that on September 2, 2016 – approximately ten days after Headquarters Analyst-2’s email – the official responsible for overseeing the Fusion Cell briefed Auten, Moffa, and other FBI personnel at FBI Headquarters regarding the Clinton Plan intelligence. 411 Auten did not recall any FBI “operational” personnel (i.e., Crossfire Hurricane Agents) being present at the meeting. 412 The official verbally briefed the individuals regarding information that the CIA planned to send to the FBI in a written investigative referral, including the Clinton Plan intelligence information. 413

[snip]

Separate and apart from this meeting, FBI records reflect that by no later than that same date (September 2, 2016), then-FBI Assistant Director for Counterintelligence Bill Priestap was also aware of the specifics of the Clinton Plan intelligence as evidenced by his hand-written notes from an early morning meeting with Moffa, DAD Dina Corsi and Acting AD for Cyber Eric Sporre. 415

Durham describes the CIA writing a memo about what the fusion intelligence team had found — but he curiously never describes how or when it was sent.

Five days later, on September 7, 2016, the CIA completed its Referral Memo in response to an FBI request for relevant information reviewed by the Fusion Cell. 417

That’s important because Durham describes witness after witness describing that they had never seen it.

None of the FBI personnel who agreed to be interviewed could specifically recall receiving this Referral Memo.

[snip]

The Office showed portions of the Clinton Plan intelligence to a number of individuals who were actively involved in the Crossfire Hurricane investigation. Most advised they had never seen the intelligence before. For example, the original Supervisory Special Agent on the Crossfire Hurricane investigation, Supervisory Special Agent-1, reviewed the intelligence during one of his interviews with the Office. 428 After reading it, Supervisory Special Agent-I became visibly upset and emotional, left the interview room with his counsel, and subsequently returned to state emphatically that he had never been apprised of the Clinton Plan intelligence and had never seen the aforementioned Referral Memo. 42

[snip]

Former FBI General Counsel Baker also reviewed the Clinton Plan intelligence during one of his interviews with the Office. 431 Baker stated that he had neither seen nor heard of the Clinton Plan intelligence or the resulting Referral Memo prior to his interview with the Office.

In lieu of proof that it ever got sent, Durham reveals that Brian Auten might have hand-carried the memo to the team, but had no memory of doing so.

Auten stated that it was possible he hand-delivered this Referral Memo to the FBI, as he had done with numerous other referral memos,419 and noted that he typically shared referral memos with the rest of the Crossfire Hurricane investigative team, although he did not recall if he did so in this instance. 420

Note that two of the interviews on which this passage relies — a June 18, 2020 interview of Jim Baker and a July 26, 2021 interview of Auten — were shown to be highly problematic at trial.

In the former case, Durham called Baker back a week after an earlier interview; it’s the interview where Baker’s memory started changing fairly dramatically, under coaching from Durham, to coincide with the story Durham needed to have told to support his conspiracy theory.

Q. Did Mr. DeFilippis or Mr. Durham ask you to go back and think harder about certain things?

A. I don’t remember that.

Q. Well, do you remember when you met with them on June 18th of 2020? Do you remember generally that date?

A. I’ll take your word for it. I don’t remember that date specifically.

[snip]

Q. And at that meeting for the first time, you told them, After thinking about it further, you recalled being briefed at some point on an unrecalled date about the investigation involving the intrusion of the DNC computers and possibly learning at that briefing that Sussmann, who you knew from previous contacts, was representing the DNC on that matter.

Do you remember that that was the meeting where you said, “After further thought, Mr. Sussmann was representing the DNC at least on the hack?”

A. Again, I don’t remember that it was at that particular meeting, but I remember at some point acknowledging that.

Sussmann attorney Sean Berkowitz got Baker to admit that at the meeting, Durham only showed Baker the notes that matched the story the Special Counsel needed to be told, not those that utterly contradicted the story (and were consistent with a bunch of other evidence that at least four people at the FBI believed that Sussmann was there on behalf of the Democrats).

Q. Now, the government did not show you other people’s notes in that June of 2021 time period, correct?

A. At that point in time I don’t think they showed me anybody else’s notes.

[snip]

MR. BERKOWITZ: And if you could blow up, “The attorney brought to” — Page 2, I believe. Page 6.

A. I’m sorry, these are the notes we looked at yesterday.

Q. Right. These are the notes — just to be clear for everybody — March 6th of 2017. Did the FBI or anybody from Special Counsel Durham’s team show you these notes in an attempt to refresh your recollection of what happened in your interactions with Mr. Sussmann in 2016?

A. No.

The interview with Auten is similar.

As Danchenko attorney Danny Onorato laid out at trial, before Auten’s July 26, 2021 interview, Durham told Auten he was being criminally investigated.

Q Does July 26 of 2021 sound fair?

A Yes, it does.

Q Okay. And when you met with them for the first time after you were meeting with people for 25 or 30 hours, did your status change from a witness to a subject of an investigation?

A Yes, it did.

Q Okay. And in your work for the FBI, has anyone ever told you that you are a subject of a criminal inquiry?

A No.

Q Was that scary?

A Yes.

In addition to showing that at trial, Durham coached Auten into making an inaccurate statement about how Danchenko claimed Millian had called him, Onorato also showed — as Berkowitz had months earlier — that Durham had withheld documents that undermined Durham’s story and corroborated Danchenko’s during these earlier witness interviews.

In other words, both these interviews were shown at trial to have reflected coaching of witnesses to tell the story Durham wanted told, not the story reflected by the evidence. (Unsurprisingly, Durham never cites the trial testimony that disproves his claims in his report, yet another thing he accused the FBI of doing that he himself did.)

And even in spite of proof that Durham was coaching witnesses in these interviews, he still presented no affirmative evidence that the FBI investigators ever received the Fusion Cell memo. In the same way that all of Hillary’s people disclaimed any plan, the FBI investigators disclaimed having seen this memo.

Yet in spite of having no evidence that these people ever saw this memo, Durham compares how they responded to the Steele dossier with how they didn’t respond to this memo, and then generously decides not to charge anyone for doing nothing in response to a memo he has no proof they ever saw.

That’s how his conspiracy theory ended, after four years of trying to create evidence to support it, with him making an extended declination decision about a document he has no proof the FBI ever saw. His prosecutorial decision weighs whether the FBI “intentionally furthered” a Clinton plan to “frame” Trump with improper ties to Russia, as if he had presented proof there was such a plan.

The aforementioned facts reflect a rather startling and inexplicable failure to adequately consider and incorporate the Clinton Plan intelligence into the FBI’ s investigative decision-making in the Crossfire Hurricane investigation. Indeed, had the FBI opened the Crossfire Hurricane investigation as an assessment and, in turn, gathered and analyzed data in concert with the information from the Clinton Plan intelligence, it is likely that the information received would have been examined, at a minimum, with a more critical eye. A more deliberative examination would have increased the likelihood of alternative analytical hypotheses and reduced the risk of reputational damage both to the targets of the investigation as well as, ultimately, to the FBI.

The FBI thus failed to act on what should have been -when combined with other, incontrovertible facts – a clear warning sign that the FBI might then be the target of an effort to manipulate or influence the law enforcement process for political purposes during the 2016 presidential election. Indeed, CIA Director Brennan and other intelligence officials recognized the significance of the intelligence by expeditiously briefing it to the President, Vice President, the Director ofNational Intelligence, the Attorney General, the Director of the FBI, and other senior administration officials. 491 Whether or not the Clinton Plan intelligence was based on reliable or unreliable information, or was ultimately true or false, it should have prompted FBI personnel to immediately undertake an analysis of the information and to act with far greater care and caution when receiving, analyzing, and relying upon materials of partisan origins, such as the Steele Reports and the Alfa Bank allegations. The FBI also should have disseminated the Clinton Plan intelligence more widely among those responsible for the Crossfire Hurricane investigation so that they could effectively incorporate it into their analysis and decision-making, and their representations to the OI attorneys and, ultimately, the FISC. 492

[snip]

Although the evidence we collected revealed a troubling disregard for the Clinton Plan intelligence and potential confirmation bias in favor of continued investigative scrutiny of Trump and his associates, it did not yield evidence sufficient to prove beyond a reasonable doubt that any FBI or CIA officials494 intentionally furthered a Clinton campaign plan to frame or falsely accuse Trump of improper ties to Russia.

Again, to get to the point where Durham is making a prosecutorial decision about whether the FBI helped Hillary frame Trump, Durham has,

  • Relied on proof that Hillary pointed to the true things that were damning enough
  • Presented affirmative evidence that Hillary wouldn’t have approved of sharing the Alfa Bank anomaly with the FBI
  • Been told, by two juries, that he couldn’t prove that anyone actually lied to the FBI
  • Presented no evidence that the FBI investigators saw this memo

And yet virtually every Republican claims that this is what the Durham Report did conclude, that Hillary did have such a plan.

He made it up.

For the more than three years, John Durham criminally investigated whether Hillary framed Donald Trump. And that entire investigation is based on a premise that even he describes was only “arguably suggested” by the evidence on which he builds it.

In fact, Durham fabricated that entire part of it. He made up, out of thin air, his claim that a Russian intelligence report “suggested” Hillary was going to make false claims about Donald Trump rather than simply repeating all the true things that were damning enough.

The entire Durham Report was built on this fabrication, a fabrication he used to claim that Hillary was framing someone, instead of doing so himself.

Update: Durham himself submitted this email thread between Fusion and Foer showing that Fusion was heavily involved in Foer’s article and that their focus on Carter Page significantly preceded Page’s July speech in Russia.

Doo-Doo Process: John Durham Claims to Know Better than Anthony Trenga and Two Juries

There’s something grotesque and unethical about John Durham’s conduct that has gotten little attention.

After getting his ass handed to him by two juries and one judge, in his report, Durham nevertheless repeated the allegations against Michael Sussmann and Igor Danchenko on which they have been acquitted. While in one discussion of his prosecutorial decisions, Durham described these as “allegations,” in his executive summary and elsewhere, he stated, as fact, that both men had made false or fabricated statements. Worse still, in his efforts to sustain his false statements allegations, Durham himself makes claims that were rebutted or undermined by the trial records.

John Durham lies about press contacts to cover up his failure to investigate exculpatory information

As a reminder, the researchers who found the Alfa Bank anomaly found it organically, and out of a suspicion — later validated by at least three Mueller prosecutions (Paul Manafort, Michael Cohen, and Alex Van der Zwaan) — that Trump and his associates were lying about their ties to Russia, Rodney Joffe shared the Alfa Bank anomaly with Michael Sussmann.

Sussmann definitely packaged up the allegations and asked Fusion GPS what they knew about Alfa Bank. He definitely billed that packaging-up process to Hillary. The campaign definitely approved sharing that information with the NYT.

But then, without the consent of the campaign, Sussmann blew their big story, by sharing the allegations with the FBI.

Sussmann claimed that he did so because, as a former cybersecurity prosecutor, he knew that if DOJ were going to have a chance to investigate these allegations, they would need to do so, covertly, before the allegations went public. He claimed to have done so because he had been in the position where a big allegation broke before law enforcement had an opportunity to investigate. As proof to support this claim, Sussmann noted — and over the course of months, forced Durham to collect the heretofore ignored evidence proving — that he helped the FBI kill the NYT story the campaign had approved, in the process making it clear that he had to ask someone (Joffe’s) consent to do so.

Because the FBI used overt means to investigate these allegations — a violation of DOJ pre-election guidelines that Durham doesn’t mention in his screed about the FBI — a seeming response to NYT’s efforts which was actually a response to the FBI bigfooting helped to fuel the story. The record shows, and Durham’s most aggressive prosecutor conceded at closing arguments, that the FBI fucked up this investigation in other ways, yet more FBI shortcomings that Durham doesn’t mention in his screed.

After the election, at a time when Sussmann no longer worked for Hillary, Joffe asked him to try to get the CIA to look at these anomalies. Before that meeting, Sussmann told one of his CIA interlocutors that he did have a client (something Sussmann also told to Congress), but described that his client wanted anonymity because of concerns about Russian retaliation. In the meeting where he passed off his thumb drives, he said he was not representing a client.

Those are the competing signals on which Durham obtained a criminal indictment and did so before having consulted significant swaths of directly relevant evidence: a question about how Sussmann intended those words, “represent” and “on behalf of,” a problem with the indictment that Sussmann identified immediately.

Here’s how Durham presented the Sussmann charges in the Executive Summary (all bold in this post my own).

The Office also investigated the actions of Perkins Coie attorney Michael Sussmann and others in connection with Sussmann’s provision of data and “white papers” to FBI General Counsel James Baker purporting to show that there existed a covert communications channel between the Trump Organization and a Russia-based bank called Alfa Bank. As set forth in Section IV.E.1.c.iii, in doing so he represented to Baker by text message and in person that he was acting on his own and was not representing any client or company in providing the information to the FBI. Our investigation showed that, in point of fact, these representations to Baker were false in that Sussmann was representing the Clinton campaign (as evidenced by, among other things, his law firm’s billing records and internal communications). 42 In addition, Sussmann was representing a second client, a technology executive named Rodney Joffe (as evidenced by various written communications, Sussmann’s subsequent congressional testimony, and other records).

Cyber experts from the FBI examined the materials given to Baker and concluded that they did not establish what Sussmann claimed they showed. At a later time, Sussmann made a separate presentation regarding the Alfa Bank allegations to another U.S. government agency and it too concluded that the materials did not show what Sussmann claimed. In connection with that second presentation, Sussmann made a similar false statement to that agency, claiming that he was not providing the information on behalf of any client.

[snip]

As explained in Section IV.E. l .c.i, the evidence collected by the Office also demonstrated that, prior to providing the unfounded Alfa bank claims to the FBI, Sussmann and Fusion GPS (the Clinton campaign’s opposition research firm) had provided the same information to various news organizations and were pressing reporters to write articles about the alleged secret communications channel. Moreover, during his September 2016 meeting at the FBI, Sussmann told Baker that an unnamed news outlet was in possession of the information and would soon publish a story about it. The disclosure of the media’s involvement caused the FBI to contact the news outlet whose name was eventually provided by Sussmann in the hope of delaying any public reporting on the subject. In doing so it confirmed for the New York Times that the FBI was looking into the matter. On October 31, 2016, less than two weeks before the election, the New York Times and others published articles on the Alfa Bank matter and the Clinton campaign issued tweets and public statements on the allegations of a secret channel of communications being used by the Trump Organization and a Russian bank – allegations that had been provided to the media and the FBI by Fusion GPS and Sussmann, both of whom were working for the Clinton campaign. [my emphasis; link]

And here’s how Durham presented his prosecutorial decision.

Accordingly, Sussmann’s conduct supports the inference that his representations to both the FBI and the CIA that he was not there on behalf of a client reflect attempts to conceal the role of certain clients, namely the Clinton campaign and Joffe, in Sussmann’s work. Such evidence also further supports the inference that Sussmann’s false statements to two different agencies were not a mistake or misunderstanding but, rather, a deliberate effort to conceal the involvement of specific clients in his delivery of data and documents to the FBI and CIA. [link]

[snip]

First, and as noted above, we identified certain statements that Sussmann made to the FBI and the CIA that the investigation revealed were false. Given the seriousness of the false statement and its effect on the FBI’s investigation, a federal Grand Jury found probable cause to believe that Sussmann had lied to the FBI and charged him with making a false statement to the Bureau, in violation of 18 U.S.C. § 1001. 1675 Ultimately, after a two-week trial, a jury acquitted Sussmann of the false statement charge.

We also considered whether any criminal actions were taken by other persons or entities in furtherance of Sussmann’s false statement to the FBI. The evidence gathered in the investigation did not establish that any such actions were taken. [link]

As noted above, just in these two passages Durham repeats, five times, that Sussmann made false statements, even though he never charged Sussmann with making false statements to the CIA and even though a jury found Sussmann not guilty of making false statements to the FBI (Durham also misrepresents that the billing evidence presented at trial, which didn’t show Sussmann billing Hillary for the meeting with Baker). This is a gross assault on due process, to accuse a man anew of the charges for which he has already been acquitted.

Durham claims, in explaining why he charged this flimsy case, that the [alleged] “false statement” was serious and had what he insinuates was a major effect on the FBI investigation. Remember: When Durham made this prosecutorial decision, he still had never bothered to check two Jim Baker phones in DOJ IG possession (one of which he had learned about years earlier), texts in Baker’s iCloud account that complicated his case, and documents in DOJ IG’s possession showing that the FBI understood — whether true or not — that the Alfa Bank allegation came from the DNC. Indeed, Durham obscures that while those Baker texts did show that Sussmann had conveyed such a claim by text, those belatedly discovered texts undermined Durham’s case at trial that Sussmann had repeated the claim in person (without providing any clarity about how Sussmann meant “on behalf of”). And one possible explanation for the acquittal is that the jury found that Sussmann didn’t repeat his claim that he was representing no client at the face-to-face meeting with Baker. Certainly, the record showed that whatever memory Baker had of that meeting had been selectively reconstructed with Durham’s help to match the story he needed to sustain a certain narrative, one that didn’t line up with the documentary evidence.

And evidence presented at trial completely undermined the claim that this was a material false claim, the reason Durham made the claim about seriousness in the first place. Sussmann’s attorneys showed that only the threat of prosecution altered FBI Agent Ryan Gaynor’s memory — backed by his contemporaneous notes — that, in fact, he always understood that the allegation came from a DNC attorney. Durham’s star FBI witness admitted on cross-examination that he developed his belief that a reference to the DNC in his colleague’s Lync texts was just a typo after prosecutor Andrew DeFilippis coached him on that point. There were other Lync texts recording a belief that the tip had come from the DNC. Several people at the FBI conducted this investigation as if they understood it to be an investigation of a DNC tip, which likely contributed to the errors the FBI made in their investigation. Durham claims the opposite.

Durham seems to hang his claim about seriousness on his own two inferences — one on top of another — that Sussmann had to have been deliberately hiding something, even though evidence presented at trial, most notably that Sussmann offered up information about having a client with both the FBI and CIA, undermined those inferences. As noted, Durham found April Lorenzen’s inferences as a private citizen to be potentially criminal, but he puts the weight of DOJ behind inferences that proved less robust than Lorenzen’s own.

Particularly given the fact that Durham only belatedly, months after indicting Sussmann, discovered evidence corroborating Sussmann’s explanation for reaching out to Baker — that he helped the FBI kill the NYT story the campaign very much wanted published — the Special Counsel’s misrepresentation of the timeline of press contacts is particularly dishonest. In response to an Eric Lichtblau email asking for more details about Russian hacking, Sussmann provided the tip. Durham’s claim that Sussmann “eventually provided” Lichtblau’s name falsely suggests it took more than a few days to make this happen. After that, Sussmann didn’t push the Alfa Bank story until it got published via other channels. For its part, Fusion was pushing this story weeks later, after April Lorenzen’s separately posted data had renewed questions about it. This muddled timeline repeats the outlandish claim Durham prosecutor Brittain Shaw made in opening arguments that an article most Democrats view as profoundly damaging was precisely the October Surprise Hillary wanted. But in this final report, it’s wildly dishonest spin to cover up the fact that Durham didn’t learn a key detail — that Sussmann helped kill the NYT story — until after charging him.

All the more so because telling the truth about Sussmann’s willingness to help the FBI kill the story suggests Sussmann’s version of the story is far more credible than Durham’s.

How Durham avoids admitting he charged a “literally true” statement as false

If you read nothing more than John Durham’s Executive Summary, you would never learn that John Durham falsely led the press to believe that Danchenko attributed the pee tape allegation to someone with distant ties to Hillary rather than the two Russians who admitted they went out drinking with Danchenko during the period in question. More importantly, you would never learn that Durham created that false pee tape panic out of what Judge Anthony Trenga ruled was a literally true statement.

This section of the Executive Summary, which doesn’t mention any prosecutorial decision regarding Dolan, is completely divorced from the prosecutorial decision it pertains to.

During the relevant time period, Danchenko maintained a relationship with Charles Dolan, a Virginia-based public relations professional who had previously held multiple positions and roles in the Democratic National Committee (“DNC”) and the Democratic Party. In his role as a public relations professional, Dolan focused much of his career interacting with Eurasian clients, with a particular focus on Russia. As described in Section IV.D. l.d.ii, Dolan previously conducted business with the Russian Federation and maintained relationships with several key Russian government officials, including Dimitry Peskov, the powerful Press Secretary of the Russian Presidential Administration. A number of these Russian government officials with whom Dolan maintained a relationship – and was in contact with at the time Danchenko was collecting information for Steele – would later appear in the Dossier.

In the summer and fall of 2016, at the time Danchenko was collecting information for Steele, Dolan traveled to Moscow, as did Danchenko, in connection with a business conference. As discussed in Section IV.D. l .d.iii, the business conference was held at the Ritz Carlton Moscow, which, according to the Steele Reports, was allegedly the site of salacious sexual conduct on the part of Trump. Danchenko would later inform the FBI that he learned of these allegations through Ritz Carlton staff members. Our investigation, however, revealed that it was Dolan, not Danchenko, who actually interacted with the hotel staff identified in the Steele Reports, so between the two, Dolan appears the more likely source of the allegations.

As discussed in Section IV.D. l .d.vi, our investigation also uncovered that Dolan was the definitive source for at least one allegation in the Steele Reports. This allegation, contained in Steele Report 2016/105, concerned the circumstances surrounding the resignation of Paul Manafort from the Trump campaign. When interviewed by the Office, Dolan admitted that he fabricated the allegation about Manafort that appeared in the Steele Report. Our investigation also revealed that, in some instances, Dolan independently received other information strikingly similar to allegations that would later appear in the Steele Reports. Nevertheless, when interviewed by the FBI, Danchenko denied that Dolan was a source for any information in the Steele Reports. [link]

When Durham gets around to describing his decision to charge Igor Danchenko in the Executive Summary, he makes no mention that one of those charges pertained to Dolan. Likewise, he makes no mention that Trenga threw out that charge before sending it to a jury.

Perhaps the most damning allegation in the Steele Dossier reports was Company Report 2016/95, which Steele attributed to “Source E,” one of Danchenko’s supposed sub-sources. This report, portions of which were included in each of the four Page FISA applications, contributed to the public narrative of Trump’s conspiring and colluding with Russian officials. As discussed in Section IV.D. l.f, Danchenko’s alleged source for the information (Source E) was an individual by the name of Sergei Millian who was the president of the Russian-American Chamber of Commerce in New York City and a public Trump supporter. The evidence uncovered by the Office showed that Danchenko never spoke with Sergei Millian and simply fabricated the allegations that he attributed to Millian.

When interviewed by Crossfire Hurricane investigators in late January 2017, Danchenko said that Source E in Report 2016/95 sounded as though it was Sergei Millian. As discussed in Section IV.D.1.f.i, Danchenko stated that he never actually met Millian. Instead, he said that in late-July 2016 he received an anonymous call from a person who did not identify himself, but who spoke with a Russian accent. Danchenko further explained that he thought it might have been Millian – someone Danchenko previously had emailed twice and received no response – after watching a YouTube video of Millian speaking. Thus, as detailed in Section IV.D. l .f.i, the total support for the Source E information contained in Steele Report 2016/95 is a purported anonymous call from someone Danchenko had never met or spoken to but who he believed might be Sergei Millian – a Trump supporter – based on his listening to a YouTube video of Millian. Unfortunately, the investigation revealed that, instead of taking even basic steps, such as securing telephone call records for either Danchenko or Millian to investigate Danchenko’ s hard-to-believe story about Millian, the Crossfire Hurricane investigators appear to have chosen to ignore this and other red flags concerning Danchenko’s credibility, as well as Steele’s.41

41 As noted in Section IV.D.2.f, a federal grand jury in the Eastern District of Virginia returned a five-count indictment against Danchenko charging him with making false statements. A trial jury, however, found that the evidence was not sufficient to prove his guilt beyond a reasonable doubt. See United States v. Igor Danchenko, 21-CR-245 (E.D. Va.). [link]

That’s what you’d learn from the Executive Summary.

It’s only in the body of his report where Durham reveals the Dolan-related charge and Judge Trenga’s finding that the statement he charged as a false statement was literally true. I’d like to congratulate Durham for here describing the false statements claims as “allegations” made by a grand jury, as distinct from the re-accusation of false statements made against Sussmann or his claim that Danchenko “fabricated the allegations” attributed to Millian. But even there he misrepresents the charges.

In November 2021, a grand jury sitting in the Eastern District of Virginia returned an indictment (“Indictment”) charging Igor Danchenko with five counts of making false statements to the FBI. The false statements, which were made during Danchenko’s time as an FBI CHS, related to his role as Steele’s primary sub-source for the Reports.

First, the Indictment alleged that Danchenko stated falsely that he had never communicated with Charles Dolan about any allegations contained in the Steele Reports. As discussed above, the documentary evidence clearly showed that Dolan was the source for at least one allegation in the Steele Reports. Specifically, that information concerned Manafort’s resignation as Trump’s campaign manager, an allegation Dolan told Danchenko that he sourced from a “GOP friend” but that he told our investigators was something he made up. 1384 The allegations regarding Dolan formed the basis of Count One of the Indictment.

Second, the Indictment alleged that Danchenko falsely stated that, in or about late July 2016, he received an anonymous phone call from an individual whom Danchenko believed to be Sergei Millian. Danchenko also falsely stated that, during this phone call, (i) the person he believed to be Millian informed him, in part, about information that the Steele Reports later described as demonstrating a well-developed “conspiracy of cooperation” between the Trump campaign and Russian officials, and (ii) Danchenko and Millian agreed to meet in New York. The available evidence was sufficient to prove beyond a reasonable doubt that Danchenko fabricated these facts regarding Millian. The allegations regarding Millian formed the bases for Counts Two through Five of the Indictment.

Following a one-week trial, and before the case went to the jury, the Court dismissed Count One of the Indictment pursuant to Federal Rule of Criminal Procedure 29. The Court held that Danchenko’s statement to the FBI regarding Dolan, i.e., that he [Danchenko] never “talked to [Dolan] about anything that showed up in the dossier” was “literally true” because, in fact, the information about Manafort was exchanged over email rather than in an actual verbal conversation. The Court denied Danchenko’s Rule 29 motion to dismiss related to the remaining counts of the Indictment. Following two days of deliberations, the jury concluded that the case had not been proven beyond a reasonable doubt.

In determining whether to bring criminal charges against Danchenko, the Office expected to be able to introduce additional evidence against Danchenko that supported the charged crimes. Thus, prior to trial, the Office moved in limine to introduce certain evidence as direct evidence of the charged crimes. Alternatively, the Office moved to admit the evidence as “other act” evidence pursuant to Federal Rule of Evidence 404(b) to prove Danchenko’ s motive, intent, plan and absence of mistake or accident. In particular, the Office sought permission to introduce evidence of:

(1) Danchenko’ s uncharged false statements to the FBI regarding his purported receipt of information reflecting Trump’s alleged salacious sexual activity at the Ritz Carlton Hotel in Moscow. In particular, the Office planned to call as a witness the German-national general manager of the Ritz Carlton, identified in the Steele Report 2016/080 as “Source E.” The Office expected the general manager would testify that he (i) had no recollection of speaking with Danchenko in June 2016 or at any time, (ii) had no knowledge of the allegations set forth in the Steele Report before their appearance in the media, and (iii) never discussed such allegations with Danchenko or any staff member at the hotel;

(2) Danchenko’s uncharged false statements to the FBI reflecting the fact that he never informed friends, associates, and/or sources that he worked for Orbis or Steele and that “you [the FBI] are the first people he’s told.” In fact, the evidence revealed that Danchenko on multiple occasions communicated and emailed with, among others, Dolan regarding his work for Steele and Orbis, thus potentially opening the door to the receipt and dissemination of Russian disinformation; and

(3) Danchenko’s email to a former employer in which Danchenko advised the employer, when necessary, to fabricate sources of information. Specifically, on February 24, 2016, just months before Danchenko began collecting information for the Steele Reports, the employer asked Danchenko to review a report that the employer’s company had prepared. Danchenko emailed the employer with certain recommendations to improve the report. One of those recommendations was the following:

Emphasize sources. Make them bold of CAPITALISED [sic]. The more sources the better. If you lack them, use oneself as a source ([Location redacted]-Washington-based businessman” or whatever) to save the situation and make it look a bit better. 1385

Danchenko’s advice that he attach multiple sources to information and obscure one’s own role as a source for information was consistent with Danchenko’s alleged false statements in which he denied or fabricated the roles of sources in the Steele Reports.

The Court ruled, however, that the evidence described above was inadmissible at trial. The prosecution was forced to then proceed without the benefit of what it believed in good faith was powerful, admissible evidence under Rule 404(6) of the Federal Rules of Evidence.

In reality, the question Danchenko answered about Dolan was an attempt to learn whether Dolan could have been a direct source to Steele, not to Danchenko. And Danchenko didn’t entirely deny talking to Dolan about such issues. He said they talked about “related issues perhaps but no, no, no, nothing specific.” One of the FBI Agents who tried to open an investigation into Dolan relied on the statements Danchenko did make, so it’s not like anything Danchenko said impeded that investigation.

Meanwhile, Durham’s description of the acquitted false statements against Millian conflates, as he repeatedly did during the prosecution, what Danchenko told the FBI he told Christopher Steele, and what showed up in the dossier, which Danchenko had no hand in writing. Danchenko said that some of the allegations in the dossier didn’t come from him — including the claim of conspiracy (and lots of FBI Agents have been disciplined because they didn’t pass on this detail to the FISA Court). What Danchenko told the FBI was that the caller had said there was an exchange of information with the Kremlin (which, in fact, Mueller’s investigation proved, there already had been!), but that there was, “nothing bad about it,” all of which (as Danchenko’s team made clear at trial) is utterly consistent with other things Millian was saying at the time. The alleged lie Danchenko told is that he believed at the time (in July 2016) that the caller was Millian. Also, Durham claims that Danchenko said he made plans to meet in New York; he doesn’t note that Danchenko said those were tentative plans. In other words, Durham here misrepresents what Danchenko actually said! Durham is the fabricator here, not Danchenko.

Having grossly overstated what the charge against Danchenko was, Durham claims that, “The available evidence was sufficient to prove beyond a reasonable doubt that Danchenko fabricated these facts regarding Millian.”

That’s why we have juries, buddy! No, there was not. Nuh uh.

For some reason, Durham feels the need to explain why he got his ass handed to him even though, he’s sure, he had enough evidence in hand to charge Danchenko.  He blames Judge Trenga’s exclusion of three pieces of evidence about uncharged conduct (here’s my post on that ruling and here’s Trenga’s order). Among the three pieces of evidence he claims he relied on when making a prosecutorial decision in November 2021 is an interview with the former General Manager of the Ritz that only happened in August 2022 (the indictment relies on Dolan and one of Dolan’s colleagues for that claim, not the Manager himself). At least as described, Durham would have needed a time machine for the GM’s testimony to have factored in his prosecutorial decision.

Plus, the claim that those three pieces of evidence — none of which directly pertain to Millian! — were what Durham relied on to make a prosecutorial decision in November 2021 conflicts with what his team said in a filing last September. Back then, they said certain emails from Millian were the most probative proof against Danchenko.

The July 2020 emails between Millian and Zlodorev also bear circumstantial guarantees of trustworthiness. Again, in July 2020, Millian had no motive to lie to Zlodorev.

Third, whether the statements relate to a material fact. The Government submits that this factor is not in dispute.

Fourth, whether the statements are the most probative evidence on the point. Millian’s emails written contemporaneous to the events at issue are undoubtedly the most probative evidence to support the fact that Millian had never met or spoken with the defendant.

Trenga decided those emails were inadmissible hearsay.

Durham probably points to three other pieces of evidence — one obtained nine months after the indictment and all unrelated to Millian — because to admit that his case relied on inadmissible hearsay would require Durham to admit something still more embarrassing. Those hearsay emails from Millian were only the most probative evidence because Durham insanely charged Danchenko relying on what Millian had said on his Twitter account.

Only three months after indicting Danchenko on November 3, 2021 did Durham get around to interviewing Millian.

1085 OSC Report of Interview of Sergei Millian on Feb. 5, 2022 at 1.

His team did that interview remotely; Durham didn’t even have direct proof that Millian was in Dubai when he did that interview.

The Government has conducted a virtual interview of Millian. Based on representations from counsel, the Government believes that Millian was located in Dubai at the time of the interview.

[snip]

The Government has also been in contact with Millian’s counsel about the possibility of his testimony at trial. Nonetheless, despite its best efforts, the Government’s attempts to secure Millian’s voluntary testimony have been unsuccessful. Moreover, counsel for Millian would not accept service of a trial subpoena and advised that he does not know Millian’s address in order to effect service abroad.

[snip]

In the case of a U.S. national residing in a foreign country, 28 U.S.C. § 1783 allows for the service of a subpoena on a U.S. national residing abroad. Here, the Government has made substantial and repeated efforts to secure Millian’s voluntary testimony. When those efforts failed, the Government attempted to serve a subpoena on Millian’s counsel who advised that he was not authorized to accept service on behalf of Mr. Millian. The Government, not being aware of Millian’s exact location or address, asked counsel to provide Millian’s address so that service of a subpoena could be effectuated pursuant to 28 U.S.C. § 1783. Counsel stated that he does not know Millian’s address. In any event, even if the Government had been able to locate Millian, it appears unlikely that Millian would comply with the subpoena and travel to the United States to testify.

And a week after that interview, Durham accused Millian (though he didn’t name him) of “misrepresent[ing] facts” when he claimed “they” were spying on the White House on the very same Twitter account on which Durham relied to obtain the indictment.

One day later, Millian’s Twitter account revealed that Millian told the Trump White House who was “working against them” long before it was publicly known (Durham made no mention of these Tweets when he tried to claim that emails Millian sent in 2020 could be considered reliable).

In other words, abundant evidence suggests that Durham indicted Danchenko without doing the most basic step first, testing Millian’s reliability. By the time he got to trial, Millian — who like Danchenko, had been the subject of a counterintelligence investigation, and who unlike Danchenko had been frolicking in St. Petersburg during 2016 with Oleg Deripaska, someone who had a key role in Russia’s interference in 2016 — proved more than unreliable.

Durham makes no mention of that truly humiliating prosecutorial misstep, an embarrassment set in motion when he decided to indict a man based on claims made on Twitter, in his entire Report.

And yet not only does Durham refuse to state clearly, in his description of the prosecutorial decision, that Danchenko was acquitted of the charges against him, in his Executive Summary he falsely claims that he has proven Danchenko fabricated the claim. Worse still, Durham complains about investigative steps the Crossfire Hurricane investigators appear to have taken (which are different from the Mueller ones, who obtained abundant records about Millian’s communications), but he himself focused exclusively on disproving a telephony call between the two men, in spite of evidence (including of the contacts setting up a meeting between Millian and George Papadopoulos in precisely the same period) that any such call would have happened over the Internet.

Durham does this while making it clear that one reason he charged the Millian counts is because the allegation attributed to Millian, “contributed to the public narrative of Trump’s conspiring and colluding with Russian officials.” That’s only a crime if someone lied to the FBI about it, and Durham didn’t prove his case that Danchenko did.

It should not be left to me, almost a week after this report got released, to point out something grotesque. Durham is still claiming that these men lied, even though two juries told him he didn’t have the evidence to prove that case. That’s not just a grave abuse of Michael Sussmann and Igor Dancheko’s due process, but it exhibits profound disrespect to the service of the jurors.

After both his acquittals, Durham issued a statement claiming, “we respect the jury’s decision and thank them for their service.” And then he wrote a 300-page report telling them he knew better.