Posts

On the Belated Education of John Durham

In a filing on September 2 in the Igor Danchenko case, John Durham confirmed that Danchenko had been a paid FBI source from March 2017 through October 2020.

In March 2017, the FBI signed the defendant up as a paid confidential human source of the FBI. The FBI terminated its source relationship with the defendant in October 2020.

I had heard this — though not with the sourcing such that I could publish. Apparently it was news to the frothers, who’ve been wailing about it ever since. Here’s Margot at the Federalist Faceplant, Jonathan Turley, and Chuck Ross at his new digs at the outlet that first hired Christopher Steele. Here’s the former President during an obsequious Hugh Hewitt interview.

Danchenko’s status was implicit in a lot of what is public. Even absent the frothers doing any kind of journalism, or even critical thinking, what did they think this reference in Danchenko’s motion to dismiss meant?

The government had unfettered access to Mr. Danchenko for approximately four years following his first interview in January 2017, and not once did any agent ever raise concerns about the now purportedly contradictory post-call emails.

As I hope to show in a follow-up, it actually makes a lot of sense.

Meanwhile, in Danchenko’s response to that filing, he revealed that information he provided to the FBI was used in a memorandum supporting the opening of an investigation into Charles Dolan, one of Durham’s star witnesses against Danchenko. (Note, this reference stops short of saying that the FBI did open an investigation into Dolan, just that someone proposed doing so.)

[T]he Special Counsel ignores, and conceals from this Court, that Mr. Danchenko was interviewed dozens of times and during the course of those interviews, particularly when asked specific questions about Dolan (which was not often), Mr. Danchenko (1) told the FBI about the Moscow trips with Dolan, (2) told the FBI that Steele knew of Dolan, (3) told the FBI that not only was Dolan doing work with Olga Galkina but that Mr. Danchenko himself had introduced them, and (4) told the FBI that Dolan had connections and relationships with high-level Kremlin officials, including President Putin’s personal spokesperson, Dmitry Peskov. Indeed, when agents drafted a December 2017 communication in support of opening an investigation into Dolan, they included the information Mr. Danchenko provided them as support for opening the investigation. 3 [emphasis original]

This may not be the last surprise investigation we hear about. Back in the original filing on September 2, Durham argued he should be able to talk about the 2008 allegation that led to a counterintelligence investigation into Danchenko, in part, because (Durham predicted bitterly) Danchenko will likely raise investigations into others, plural, who will “feature prominently at trial.”

[T]he Government expects the defense to introduce evidence of FBI investigations into other individuals who the Government anticipates will feature prominently at trial. Thus, the introduction of the defendant’s prior counterintelligence investigation – should the defense open the door – does not give rise to unfair prejudice that substantially outweighs its probative value.

Effectively, Durham is arguing that if Danchenko points out that Durham’s witnesses should not be considered reliable based on suspicions they were working for Russia’s interests, then he should be able to point out that Danchenko was once similarly suspected as well. Durham also wants to point out that Dolan twice asserted that Danchenko might be a Russian spook, but also allegedly always knew of his role at Orbis — assertions that, in tandem, could actually hurt Durham’s case, given the subsequent disclosure that Dolan was investigated himself. Durham may not understand that, yet.

One of these people whose investigation Danchenko will raise at trial is undoubtedly Sergei Millian, whose cultivation of George Papadopoulos in exactly the same time period Danchenko claims to have believed he spoke to Millian was one of a number of things the FBI investigated starting in 2016.

Danchenko’s response to Durham’s demand that he be allowed to raise the 11-year old counterintelligence investigation into Danchenko (besides providing a somewhat different timeline) was basically to say, “Bring it!” He intends to raise that counterintelligence investigation himself, he claims. Note: Durham doesn’t note, but it is clear from the January interviews of Danchenko, that FBI interviewers probed Danchenko about that prior investigation in their very first interviews in 2017.

As noted, I hope to return to all this dizzying spy-versus-spy shit in a follow-up. By then we’re likely to have several more disclosures, plus some details about the known investigation into Millian.

This all shows there was not a shred of prosecutorial discretion exercised before charging Danchenko. Even if Danchenko had done grievous harm to the US, no sane prosecutor would have charged this case with such easily impeached witnesses. Even Durham now seems to understand his materiality claims are flimsy. And yet, to prove a five year old false statements allegation, he has forced the government to declassify a whole range of sensitive material, including this detail about Dolan.

And that process apparently continues to be a struggle for Durham (as I predicted it would be).

Consider the timeline implied by Danchenko’s footnote about the Dolan revelation. Danchenko claims that he only just learned about the Dolan investigation opening memo.

3 The December communication is highly exculpatory with regard to the essential element of materiality and it is not clear why it was only produced 30 days from the start of trial. It was produced as Jencks material (also late by the terms of the Court’s Order requiring all Jencks to be produced by September 1) but is obviously Brady evidence. The defendant understands that the CIPA procedures may have slowed the production of certain categories of discovery but given the Indictment’s allegations about the materiality of Mr. Danchenko’s failure to attribute public information to Dolan, the production of this specific document should have been a priority for declassification.

When Danchenko says that Counterintelligence Information Procedures Act may have slowed the production of this, he’s suggesting (charitably) that someone at DOJ took a long time to release this information to Durham and that Durham had no control over that process. That’s another thing I predicted in this post about how CIPA would affect this case: “it can end up postponing the time when the defendant actually gets the evidence he will use at trial. So it generally sucks for defendants.”

The trial starts on October 11. This footnote suggests that Danchenko only received this information 30 days before trial, so around September 11, in the week before he filed this. Whenever it was disclosed, if he received it after the September 1 deadline, that would make it too late for the September 2 deadline for Danchenko’s own motion to dismiss. It would put it after Durham’s September 2 filing — the one bitching about how much of the trial Danchenko will use to focus on the investigations into witnesses, plural, against him — which means the plural reference may not have incorporated Dolan. Danchenko would have learned about this over a month after his own deadline to lay out what classified information he intended to use at trial, and at least a week after the August 30 CIPA conference, at which the two sides debated about what classified information Danchenko should be allowed to use at trial.

It also comes after a series of delays in Durham’s classified discovery. In May, I described what was publicly billed as the last one.

It’s that record that makes me so interested in Durham’s second bid to extend deadlines for classified discovery in the Igor Danchenko case.

After Danchenko argued he couldn’t be ready for an April 18 trial date, Durham proposed a March 29 deadline for prosecutors to meet classified discovery; that means Durham originally imagined he’d be done with classified discovery over six weeks ago. A week before that deadline, Durham asked for a six week delay — to what would have been Friday. Danchenko consented to the change and Judge Anthony Trenga granted it. Then on Monday, Durham asked for another extension, this time for another month.

When Durham asked for the first delay, he boasted they had provided Danchenko 60,000 unclassified documents and promised “a large volume” of classified discovery that week (that is, before the original deadline).

To date, the government has produced over 60,000 documents in unclassified discovery. A portion of these documents were originally marked “classified” and the government has worked with the appropriate declassification authorities to produce the documents in an unclassified format.

[snip]

Nevertheless, the government will produce a large volume of classified discovery this week

This more recent filing boasts of having provided just one thousand more unclassified documents and a mere 5,000 classified documents — for a case implicating two known FISA orders and several past and current counterintelligence investigations.

To date, the Government has produced to the defense over 5,000 documents in classified discovery and nearly 61,000 documents in unclassified discovery. The Government believes that the 5,000 classified documents produced to date represent the bulk of the classified discovery in this matter.

Danchenko waited six weeks and got almost nothing new.

But then on August 16, Durham filed a supplemental CIPA filing, suggesting there were more substitutions of classified information he wanted Judge Anthony Trenga to approve (a supplemental filing is not, by itself, unusual).

The point is, for months, Durham kept saying he’d have all the secrets delivered to Danchenko by his new deadline in June, promise, and then he dropped this bombshell on Danchenko just weeks before trial.

In the August 29 hearing on all this, Judge Trenga deferred most CIPA decisions until after Danchenko files a new CIPA filing on September 22 — so if any of this remains classified, Danchenko still has a chance, with just days notice, to argue he needs it at trial. They’ll fight about these issues again on September 29.

But given Durham’s performance in the Sussmann case, it’s not entirely clear these missed classified deadlines are DOJ’s fault. After all, Durham never even asked DOJ IG for relevant discovery in Sussmann’s (and therefore, we should assume, this) case until after Sussmann was charged. He didn’t investigate Rodney Joffe’s true relationship with the FBI and other agencies until Sussmann asked him to. He didn’t ask Jim Baker for his own iCloud content until early this year, after belatedly rediscovering Baker phones he had been told about years ago.

It’s not just his belated request for information from DOJ IG that we know to have affected this case too. Durham also has never interviewed George Papadopoulos — not before he went on a junket to Italy chasing Papadopoulos’ conspiracy theories, and not since. Thus, Durham never tested whether Millian’s cultivation of Papadopoulos undermines his evidence against Danchenko — and it does, obviously and materially.

Because of Durham’s obvious failures to take the most basic investigative steps before charging wild conspiracy theories, there are several possible explanations why he’s only providing Danchenko news of this Dolan memo a month before trial:

  1. Someone tried to hide this from Danchenko and ultimately was overridden. If that’s the explanation, it makes Andrew DeFilippis’ August departure from the team and, according to the NYT, DOJ, all the more interesting.
  2. DOJ delayed the time until they let Durham disclose this because of some sensitivity about the investigation. Recall that Dolan has ties to Putin spox Dmitri Peskov, who was sanctioned earlier this year, followed by his family.
  3. Durham didn’t know.

The last possibility — that Durham had no fucking clue that one of his star witnesses had been (at least considered) for investigation — is entirely plausible. It’s entirely consistent with what we saw in the Sussmann case, though worse even than that case in terms of timing.

Durham came into this investigation treating the conspiracy theories of Papadopoulos and Trump as credible. He seems to have believed, all along, that Sergei Millian was a genuinely aggrieved victim and not someone playing him, for at least a year, for a fool. He seems to have decided that he knew better than FBI’s experts about who had credibility about Russia and who didn’t. Along the way he forced the FBI to cut its ties with Joffe and — given the October 2020 cut-off of Danchenko’s ties to the FBI, probably Danchenko as well. He did all this with a lead prosecutor who believed it was problematic for DARPA to investigate the Guccifer 2.0 persona used by the GRU.

Durham walked into this investigation believing and parroting, without first testing, Trump’s claims that the Russian investigation was abusive. Based on those beliefs, he chased all manner of conspiracy theory in an attempt to allege pre-meditation and malice on the part of Hillary and everyone else involved with the dossier. His Sussmann prosecution ended in humiliating failure. This prosecution, win or lose, may do worse for Durham’s project: it may reveal unknown details about Russian efforts to tamper in 2016, efforts that harmed both Republicans and Democrats alike.

The Durham prosecutions have been shitshows and undoubtedly a disaster for those targeted. It’s not yet clear what will happen with the Danchenko trial (or even whether it will go to trial; given that CIPA issues still have to be resolved, there’s still a chance Durham will have to dismiss it rather than going to trial). Durham will still write a report that may try to resuscitate his conspiracy theories that were disproven in the Sussmann trial.

But thus far, the actual record of the Durham investigation shows that when actually bound by the rules of evidence, when actually obligated to dig through DOJ’s coffers to discover what DOJ learned as it tried to understand Russia’s intervention in 2016, reality looks nothing like the conspiracy theories Durham has chased for three years.

John Durham’s education process has been a painful process for all personally involved (except maybe Sergei Millian, gleefully dicking around from afar). But along the way he’s debunking many of the conspiracy theories he was hired to sustain.

Update: Chuck Ross is outraged that I suggested his boss had paid for Steele (and lying that I said Paul Singer paid for the dossier, which I pointedly did not say). It is true that the payment for Fusion GPS’ Trump project had shifted to Perkins Coie before Steele first sent Danchenko to Russia.

It’s also true that, based on length of project, Ross’ current boss paid for much of Nellie Ohr’s work on Trump’s ties to Russia, which includes some of Fusion’s early work on Paul Manafort and Felix Sater, and possibly early work on Millian (she continued to work on Millian until she left Fusion).

And since Chuck is so upset, I should point out that his former co-columnist, Oleg Deripaska, also reportedly paid for Steele’s work (in that case, research on Paul Manafort), though also through the cut-out of a law firm.

FBI’s Russian Hack-and-Leak Investigation as Disclosed by the Sussmann Trial

Now that he has been acquitted, it’s easy to conclude the Michael Sussmann prosecution was a pointless right wing conspiracy theory. It was!

But the exhibits that came out at trial are a worthwhile glimpse of both the FBI’s investigation into the 2016 Russian hack of Democrats and the Bureau’s shoddy investigation of the Alfa Bank anomalies.

I’ve started unpacking what a shitshow the FBI investigation into the latter was here and collecting technical exhibits pertaining the investigation here (though that post is currently out of date).

As to the Russian hack-and-leak, Sussmann’s team facilitated the process with a summary exhibit they included showing a selection of FBI communications pertaining to the investigation that either involve or mention Sussmann. Sussmann introduced these documents to show how obvious his ties to the Democrats would have been to the FBI, including to some people involved in the Alfa Bank investigation. A few of these communications refute specific claims Durham made, showing that meetings or communications Durham argued must relate to the Alfa Bank effort could be explained, in one case far more easily, as part of the hack-and-leak response. That is, some of these documents show that Durham was taking evidence of victimization by Russia and using it instead to argue that Sussmann was unfairly victimizing Trump.

 

 

Below, I’ve grouped the communications by topic (though a number of these communications span several topics). Note that Latham & Watkins’ paralegal only used the last date on these communications, which I will adopt. But a number reflect a communication chain that extends months and includes dates that are far more important to the Durham prosecution.

Some of these files include topics that have attracted a great deal of often misleading coverage, such as the efforts to get server images from the Democrats. Importantly, by the time the FBI asked for server images, according to these communications, the only place to get them was at CrowdStrike.

I don’t believe DNC/DCCC have the images that CS took. Only CS have those. It’s like paying ATM fees to your bank to get your cash. DNC/DCCC will be charged to get the images back.

After some discussion about who would pay CrowdStrike to create a second image, the firm offered to do it for free.

These communications also give a sense of the extent to which Democrats faced new and perceived threats all through the election. Given the communications below and some details I know of the Democrats’ response to the attacks, I suspect these communications do not include real attempted attacks, either because they were not reported or because the report went to FBI via another channel. While CrowdStrike attempted to ensure Sussmann was always in the loop, for example, that discipline was not maintained. And we know CrowdStrike found the compromise of the Democrats analytics hosted on AWS in September, a compromise that may only show up in these communications mentioned in passing. Some in the FBI seemed entirely unsympathetic to the paranoia that suffering a nation-state attack during an election caused, which couldn’t have helped already sour relations between the FBI and Hillary’s people.

Perhaps the most interesting communications — to me at least — pertain to efforts to authenticate the documents that got publicly posted and to identify any alterations to them. At least as laid out in these communications, the Democrats were way behind the public in identifying key alterations to documents posted by Guccifer 2.0, and it’s unclear whether the FBI was any further ahead. But these discussions show what kind of alterations the Democrats were able to identify (such as font changes) as well as which publicly posted documents the FBI was sharing internally.

FBI public statements

160614 DX102 A discussion of Jim Trainor’s preparation for a meeting with Ellen Nakashima in advance of her June 14, 2016 reporting the hack and CrowdStrike’s attribution. Among other things, they note Nakashima’s confidence that GOP PACs were also targeted.

160725 DX112 This email chain between Sussmann and Trainor captured Sussmann’s frustration that FBI made an announcement of an investigation into the DNC hack without first running the statement by Sussmann.

160729 DX117 Before FBI sent out a statement about the DCCC hack, Jim Trainor sent Sussmann their draft statement. In response, Sussmann complained that FBI said they were aware of media reports but not of the hack itself. The timing of this exchange is important because Durham’s team repeatedly described a meeting between Marc Elias and Sussmann that day pertaining to a server as relating to the Alfa Bank anomaly.

Points of contact

160616 DX105 An email thread sent within FBI OGC (including to Trisha Anderson) discussing an initial meeting between Jim Trainor, Amy Dacey, Sussmann, and Shawn Henry.

160621 DX107 Starting on June 16, Amy Dacey thanked Assistant Director Jim Trainor for meeting with the Democrats about the hack. The thread turned into a confused request from the campaign for a briefing about whether they, too, had been compromised.

160725 DX114 This chain reflects Hawkins’ confused response after Sussmann provided the contact information for a Hillary staffer with a role in technical security. Hawkins stated, “Nothing concerning HFA has come up.”

160809 DX127 After Donna Brazile replaced Debbie Wasserman Schultz, Sussmann set up a meeting between her and Jim Trainor.

160811 DX128 An email chain among cyber FBI personnel discusses three Secret threat briefings for the DNC, DCCC, and Hillary campaign. Sussmann was scheduled to attend all three briefings, and Marc Elias was scheduled to attend the DCCC and Hillary briefings (though he testified that he did not attend).

160811 DX130 Sussmann sent the FBI notice of a public report of the DNC’s establishment of a cybersecurity advisory board. The report was passed on to Jim Trainor.

DHS outreach

160802 DX106 A Lync chain starting in the initial aftermath of the Nakashima story, referencing an Intelligence Committee briefing, and discussing how to facilitate DHS assistance to the Democrats through Sussmann.

160802 DX120 With the goal of reaching out to the Democratic victims to offer assistance, DHS asked who the point of contact for both would be.

160816 DX125 This email chain documents DHS’ “SitRep” of their understanding of the DNC/DCCC hacks and their efforts to reach out to help. This includes sharing of DNC/DCCC “artifacts” with NCCIC.

Authentication and venue

160708 DX109 An email chain seeking DNC help authenticating a document released by Guccifer 2.0.

160723 DX110 A discussion starting on July 21 about authenticating and extending after the initial WikiLeaks dump. Hawkins observed, “Looks like there will be multiple releases on that [the WikiLeaks] front.”

160802 DX118 After Adrian Hawkins asked CrowdStrike’s Christopher Scott a question about a public report that the Democrats’ analytics had been hacked, Scott explained that Sussmann had to be involved in any discussions between the FBI and their cybersecurity contractor. Hawkins also asked for specifics about the compromised servers that the FBI could use to establish venue.

160816 DX134 An email chain mentioning but not including Sussmann describes the efforts to establish venue (especially for Field staff who rely on laptops and travel a lot) as well as the efforts to authenticate documents.

160822 DX136 Two Lync messages describing a script that can be used to match WordPress documents with files stolen from the DNC.

160922 DX145 NSD’s Deputy Chief of  Cyber, Sean Newell, asks Sussmann to meet to discuss some information requests from NDCA. They set up a meeting for September 26.

160930 DX147 Hawkins follows up on Newell’s request for information with a much more detailed request from the San Francisco Division. This request includes details of the forensics NDCA was asking for, generally to include the CrowdStrike reports, network diagrams, logs, and images for the compromised hosts.

161004 DX148 In response to WikiLeaks promises about an upcoming file release, Newell follows up on a September 27 request he made of Sussmann for any files that were altered as well as a list of files that had been released but not circulated outside of the victim organizations first, including some indication whether those had been altered. Sussmann says they would have information available later that week.

161012 DX150 In another chain of responses to Newell’s information request, someone at Perkins Coie passes on a description from the DCCC about how an image posted by Guccifer 2.0 differed from the file structure as it appeared on their server, including as it pertained to a file named, “Pelosi Vote Email.”

161026 DX154 This chain is a follow-up to the Newell request, though it actually includes Guccifer 2.0 documents about Trump’s taxes discussed. It includes description of an altered document published by Guccifer 2.0, in which the font was changed. It also includes a DOJ NSD person asking FBI to print out the document because they don’t have any unattributable computers.

161024 DX165 This is yet another continuation of the Newell request, this one included the Trump Report altered by Guccifer 2.0. It includes some discussion of alterations to that document (as compared to unaltered ones released by WikiLeaks). It also describes documents that a DNC research staffer believes were taken from his local desktop.

CrowdStrike Reports

160815 DX132 Burnham to Farrar explaining there are two CloudStrike reports, one for the DNC and the other for the DCCC. The former is done, while the latter will be done soon.

160825 DX137 Hawkins asks Sussmann about the DNC CrowdStrike report, Sussmann explains it’s still a few days away, but then the next day says he’s reading “it” (which may be the DCCC report). Sussmann’s response gets forwarded to a few more people.

160830 DX 138 A Lync chain conveying that Sussmann had alerted the FBI that the CrowdStrike report was done and asking if WFO should pick it up.

Server images

161013 DX151 In another chain of responses to Sean Newell’s information request, the discussion turns from Sussmann’s effort to make sure the Democrats respond to all the FBI’s data request to how to obtain images (whether to have CrowdStrike spend 10 hours to do it or let FBI onsite to do it themselves). As part of this chain, Sussmann says that “in theory” the Democrats would be amenable to letting the FBI onsite to image the serves themselves, but then checks to see whether the data is at CrowdStrike or the DNC.

161013 DX152 This chain is follow-up to the request for server images. Sussmann connects the FBI and CrowdStrike, CS offers to image the servers for free, and the FBI provides the address where to send them.

161028 DX153 A Lync that starts with Newell requesting someone attend the October 11 meeting with Sussmann, continues through a discussion about how to get images of the compromised servers (including whether Sussmann may have misinterpreted the ask), and includes a discussion about a re-compromise.

Lizard Squad ransomware threat

160803 DX121 Late night on August 2, Sussmann reported a ransomware threat from the Lizard Squad. This email discusses the various equities behind such a threat and involves a guy named Rodney Hays, whom the Durham team would at one point insist must be Rodney Joffe.

160806 DX124 This chain reflects more of the response to Sussmann reporting a ransomware threat from Lizard Squad. As noted, it involves a guy named Rodney Hays that Durham’s team insisted must be Joffe.

160922 DX144 Over a month after the Democrats reported the Lizard Squad threat, Eric Lu wrote up the intake report, including the bitcoin address involved and Sussmann’s email to Rodney on August 9 thanking him for his assistance.

Other threats

160726 DX115 Sussmann set up a meeting with Hawkins and others so someone could report “some offline activity related to the intrusion.” This was around the time when Ali Chalupa believed she was being followed, though nothing in this chain describes the threat.

160908 DX140 On August 26, EA Hawkins wrote Sussmann directly alerting him to a new phishing campaign targeting Democrats. On September 7, he wrote back with three accounts that may have been targeted.

160916 DX141 Moore emailing Josh Hubiak — a cyber agent in Pittsburgh — asking for contact information for Michael Sussmann so she can obtain the contact information for a DNC bigwig whose Microsoft Outlook account was compromised, apparently by APT 28. Hubiak is one of the agents also involved in the Alfa Bank investigation.

160917 DX142 The day after the request for contact information for the DNC bigwig, there’s further discussion about how to contact him. The FBI also shares new files reflecting the network share for a different DNC person, a former IT staffer, that was uploaded to Virus Total.

160927 DX146 In response to public reports that some Democratic phones may have been targeted and a potential compromise of Powell’s phone (probably Colin, whose communications were posted to dcleaks), there’s some chatter about what information is available from Apple and Google. One of the key agents involved complains that, “it would be awesome if Google helped out, as I know they are at least 2 steps ahead of me and I’m in a sad, losing game of catchup.”

161011 DX149 This seems to be a collection of Lync notes from October 11, showing three different issues pertaining to Sussmann happening at once: the transfer of custody of the thumb drives to the Chicago office, a reference to a meeting with Sussmann, and a report of a new Democratic concern about exposed Social Security numbers.

161230 DX155 A Lync chain that goes from October 28 through December 30 covering the concern about a bug at DNC HQ, the response to the NYT article naming Hawkins, and another compromise alert.

161017 DX164 This may be a summary prepared for Mother Jones. Whatever the purpose (there is no date), it describes the timeline of FBI’s response to a request for a sweep of DNC headquarters in response to some anomaly. Sussmann permitted the sweep but asked that it be done covertly, so as not to alert DNC staffers.

Crossfire Hurricane

160804 DX123 On August 4, Joe Pientka forwarded the original June 14 Nakashima story to the agents who had just been assigned to the Crossfire Hurricane team with the explanation, “Just going through old — possibly pertinent emails.”

“The Bell Can Never Be Unrung” … The Many Times Durham’s Prosecutors Flouted Judge Cooper’s Orders

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs. If you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations for this coverage — which reflects the culmination of eight months work. 

The jury in the Michael Sussmann case will return to work this morning. They deliberated for some period on Friday (I’m not sure whether how long they deliberated has been reported). But the jury was unable to get questions answered or a verdict accepted after Judge Christopher Cooper left for the long holiday at 2:30PM. Even if the jury ends up finding Jim Baker’s testimony unreliable — which would likely be the quickest way to come to a verdict one way or another — I would expect it to take the jury a bit of time to sort through the centrality of his testimony to the charges.

So while we wait, I want to catalog how Durham’s team blew off just about every adverse decision Cooper made against them.

1. Delayed Request for Privileged Material

As I laid out in this post, Cooper ruled that a bunch of the emails over which the Democrats had originally claimed privilege were not. But because Durham waited so long to request a review of the privileged documents, Cooper ruled Durham could not use the emails at trial.

In cross-examination of Fusion’s tech person, Laura Seago, DeFilippis used the content of one of those emails that apparently discussed hiding her Fusion affiliation from Tea Leaves. (I laid out this exchange in this post.)

MR. DeFILIPPIS: So we have an issue with regard to Ms. Seago’s testimony. The government followed carefully Your Honor’s order with regard to the Fusion emails that were determined not to be privileged but that the government had moved on.

As Your Honor may recall, there was an email in there in which Ms. Seago talks very explicitly about seeking to approach someone associated with the Alfa-Bank matter and concealing her affiliation with Fusion in the email. When we asked her broadly whether she ever did that, she definitively said no when I, you know, revisited it with her. So it raises the prospect that she may be giving false testimony.

And so we were — you know, I considered trying to refresh her with that, but I didn’t understand that to be in line with Your Honor’s ruling. So the government is — we’d like to consider whether we should be — we’d like Your Honor to consider whether we should be able to at least recall her and refresh her with that document?

THE COURT: I don’t remember that question, but the subject matter was concealing Fusion or her identities in conversations with the press. If I recall correctly, that email related to “tea leaves,” correct?

After repeatedly asking Seago whether she had hidden her affiliation from the media, he asked about this email, catching Seago in a gotcha (though both Judge Cooper and Sussmann lawyer Sean Berkowitz took the question, as Seago seemed to, to relate to outreach to the press).

After setting his perjury trap, DeFilippis immediately tried to recall Seago onto the stand to delve into the content of this email. In this case, Judge Cooper ruled that DeFilippis had waived his opportunity to do so.

THE COURT: Well, I think the time to have asked the Court whether using the document to refresh was consistent with the order was before she was tendered and dismissed. So I think you waived your opportunity. All right? So we’re going to move on.

2. Non-Expert Expert Testimony

One of the most contentious arguments leading up to trial was Durham’s belated attempt to use an expert witness, ostensibly to discuss the technical complexities of DNS and Tor at the heart of the case (topics which prosecutors had witnesses explain over and over in as much detail as their nominal expert witness David Martin did), to address the accuracy of the research on the DNS anomaly.

This was an attempt to lead the jury to believe the anomaly was fabricated by Rodney Joffe and the researchers, in spite of the fact that Durham obtained plenty of evidence it was not.

On April 25, Judge Cooper ruled that Durham could have an expert discuss the technicalities of the data, but could only raise the accuracy if Sussmann did so himself.

Then on May 6, Durham attempted to expand that ruling by asking the expert to address materiality. In discussions the morning of opening arguments that focused entirely on the testimony of non-DNS expert Scott Hellman, not the nominal expert on DNS David Martin, Cooper prohibited Martin’s discussion of spoofing. (I describe these discussions here.)

Ironically, this was all supposed to be about visibility, the import of understanding how much DNS traffic a researcher could access to the quality of that researcher’s work. In Hellman’s own analysis — for which he fairly demonstrably did not review the data that Sussmann shared with the FBI very closely —  he showed no curiosity about the issue.

Searched “…global nonpublic DNS activity…” (unclear how this was done) and discovered there are (4) primary IP addresses that have resolved to the name “mail1.trump-email.com”. Two of these belong to DNS servers at Russian Alfa Bank. [my emphasis]

Nevertheless, DeFilippis used this nested set of witnesses as an opportunity to get Hellman — who admitted he had only a basic understanding of DNS, who didn’t review the data very closely, and who formed his initial conclusion in about a day — to comment on the methodology of the researchers.

Q. And what, if anything, did you conclude about whether you believed the authors of the paper or author of the paper was fairly and neutrally conducting an analysis? Did you have an opinion either way?

MR. BERKOWITZ: Objection, Your Honor.

THE COURT: Basis?

MR. BERKOWITZ: Objection on foundation. He asked him his opinion. He’s not qualified as an expert for that.

THE COURT: I’ll overrule it.

A. Sorry, can you please repeat the question?

Q. Sure. Did you draw a conclusion one way or the other as to whether the authors of this paper seemed to be applying a sound methodology or whether, to the contrary, they were trying to reach a particular result? Did you —

A. Based upon the conclusions they drew and the assumptions that they made, I did not feel like they were objective in the conclusions that they came to.

Q. And any particular reasons or support for that?

A. Just the assumption you would have to make was so far reaching, it didn’t — it just didn’t make any sense.

This is precisely the kind of opinion that Cooper had prohibited from an actual expert, admitted from someone whose own shoddy analysis became a recurrent theme for the defense.

3. Hearsay Clinton Tweet

DeFilippis’ efforts to get excluded information introduced was still more brazen with hearsay materials.

On May 7, Judge Cooper issued his initial ruling on which parts of Durham’s conspiracy theory could be admitted at trial. In general, Cooper permitted the introduction of Fusion GPS emails with the press about the Alfa Bank allegations, all of which post-date Sussmann’s alleged lie. He excluded all but one of the emails between Rodney Joffe and the researchers (more on the exception below).

Cooper equivocated wildly about a tweet sent out under Hillary Clinton’s name in response to the Franklin Foer story on the anomaly. In a hearing on April 27, he excluded it as hearsay.

THE COURT: All right. The Clinton Campaign Tweet, the Court will exclude that as hearsay. To the extent that the government believes that it offers some connection to the campaign and an attorney-client relationship, it’s likely duplicative of other evidence, so the Tweet will not come in.

In a pre-trial hearing on May 9 (after he had issued his order on motions in limine), Cooper explained he was revisiting the decision.

But I guess my question, as I have thought more about this, given the sort of two competing theories of the case and two narratives laid out in the Court’s ruling on the motion in limine, is whether it is relevant not for the truth, but to show the campaign’s connection to the alleged public relations effort to play stories regarding the Alfa-Bank data with the press and that therefore it is sort of context for the Government’s motive theory, that Mr. Sussmann sought to conceal that effort, as well as the campaign’s general connection to that effort.

After Sussmann lawyer Sean Berkowitz explained that the defense would not contest that the campaign wanted a story out there, Cooper opined that would make the tweet cumulative.

Well, if that’s going to be the case, and he’s not contesting that he was representing the campaign in connection with that effort, isn’t the tweet cumulative? It’s icing on the cake. Right?

DeFilippis claimed that without the tweet they would have no evidence about how the campaign worked the press on this issue (even though both Marc Elias, called as a government witness, and Robby Mook, who was originally listed as a government witness, eventually testified to the issue on the stand). After Judge Cooper said he would reserve his decision, Berkowitz noted that in fact, DeFilippis planned to use the tweet to claim the campaign wanted to go to the FBI when the testimony at trial (from both Elias and Mook) would establish that going to the FBI conflicted with the campaign’s goals.

[T]hey are offering the tweet for the truth of the matter, that that’s what the campaign desired and wanted and that it was a accumulation of the efforts.

Number one, it’s not the truth; and in fact, it’s the opposite of the truth. We expect there to be testimony from the campaign that, while they were interested in an article on this coming out, going to the FBI is something that was inconsistent with what they would have wanted before there was any press. And in fact, going to the FBI killed the press story, which was inconsistent with what the campaign would have wanted.

And so we think that a tweet in October after there’s an article about it is being offered to prove something inconsistent with what actually happened.

Then, after both Elias and Mook had testified that they had not sanctioned Sussmann going to the FBI, DeFilippis renewed his assault on Cooper’s initial exclusion, asking to introduce it through Mook’s knowledge that the campaign had tried to capitalize on the Foer story.

Having ruled in the past that the tweet was cumulative and highly prejudicial, Cooper nevertheless permitted DeFilippis to introduce the tweet if he could establish that Mook knew that the campaign tried to capitalize on the Foer story.

But Cooper set two rules: The government could not read from the tweet and could not introduce the part of the tweet that referenced the FBI investigation. (I explained what DeFilippis did at more length in this post.)

THE COURT: All right. Mr. DeFilippis, if you can lay a foundation that he had knowledge that a story had come out and that the campaign decided to issue the release in response to the story, I’ll let you admit the Tweet. However, the last paragraph, I agree with the defense, is substantially more prejudicial than it is probative because he has testified that had neither — he nor anyone at the campaign knew that Mr. Sussmann went to the FBI, no one authorized him to go to the FBI, and there’s been no other evidence admitted in the case that would suggest that that took place. And so this last paragraph, I think, would unfairly suggest to the jury, without any evidentiary foundation, that that was the case. All right?

MR. DeFILIPPIS: Your Honor, just two brief questions on that.

THE COURT: Okay.

MR. DeFILIPPIS: Can we — so can we use — depending on what he says about whether he was aware of the Tweet or the public statement, may we use it to refresh him?

THE COURT: Sure. Sure.

MR. DeFILIPPIS: Okay. And then, as to the last paragraph, could it be used for impeachment or refreshing purposes as well in terms of any dealings with the FBI?

THE COURT: You can use anything to refresh.

MR. DeFILIPPIS: Okay.

THE COURT: But we’re not going to publish it to the jury. We’re not going to read from it. And let’s see what he says. [my emphasis]

Having just been told not to read the tweet, especially not the part about the FBI investigation, DeFilippis proceeded to have Mook do just that.

The exhibit of the tweet that got sent to the jury had that paragraph redacted and that part of the transcript was also redacted. But, predictably, the press focused on little but the tweet, including the part that Cooper had explicitly forbidden from coming into evidence.

4. Hearsay about Joffe’s Request for Feedback

As noted above, Judge Cooper permitted just one email between Joffe and the researchers to come into evidence: a request for feedback Rodney Joffe made of the researches. But he did so based on Durham’s representation that either David Dagon or Manos Antonakakis — both of whom received the email — would testify.

Neither did.

During Sean Berkowitz’ cross-examination of Curtis Heide, one of the agents assigned to investigate the anomaly, Sussmann’s attorney had Heide explain how they knew David Dagon had a role in the research, but nevertheless never bothered to speak to him directly.

AUSA Jonathan Algor used that as an opportunity to ask to introduce not just the email that had been permitted, but also the response, claiming that by highlighting how shoddy the FBI investigation was, Berkowitz was opening the door to accuracy questions.

MR. ALGOR: So, Your Honor, there was a good amount of cross-examination regarding David Dagon.

THE COURT: Yes.

MR. ALGOR: And specifically asking about reaching out to him and also going into that he was the source of the white paper and what types of questions you would ask him and all. I think that this goes right to the red herring email.

THE COURT: I’m sorry, the what email?

MR. ALGOR: The red herring email, which you’ve previously excluded. It was Government Exhibit 124, when you would go through what type of questions. Now that Mr. Berkowitz has asked these, I would ask: What would you have asked having to provide data related to it? You know, Were there drafts of the white paper? Would Agent Heide ask who else he communicated with and what he believed regarding all of that data? And so I think he’s opened the door regarding that email.

Berkowitz noted that neither Sussmann nor Heide knew of the email.

MR. BERKOWITZ: Judge, this is not an email that was authored by Mr. Dagon. My cross-examination went directly to their investigation, who they spoke to, who they didn’t speak to. I asked him, he doesn’t know what Mr. Dagon said to Mr. Sussmann, if anything, and he said he didn’t. And I don’t think that opening the door to these communications where there’s no indication that it went to Mr. Sussmann is appropriate.

Cooper ruled that Algor could not introduce the email response.

That did not open the door to the excluded email about which — about what his and the other researchers’ views on the data or motivations may have been. In any case, the emails reflect — or the email reflects the views of Mr. Joffe, not Mr. Dagon, and those views came a full month and a half before the FBI was in a position to interview Mr. Dagon. They are, therefore, not relevant to Mr. Dagon’s views or motivations in any event.

So you can — you can certainly ask him, as you have in direct, what he would have done differently, what he would have questioned Mr. Dagon about, you know, to establish a materiality argument, but we’re not going to get into what the researchers’ motivations were. Okay?

Minutes later, Algor walked how Heide didn’t know any of the people on the email, and elicited from Heide the opinion that even asking the opinion might suggest people were trying to fabricate the data.

Q. Okay. And it — the “from” is Rodney Joffe. Do you see that?

A. Yes.

Q. And then the “to” is to Manos Antonakakis. Do you see that?

A. Yes.

Q. Do you know who that is?

A. I do not.

Q. And David Dagon, do you see that second name?

A. Yes.

Q. Do you know who David Dagon is?

A. No.

Q. You testified —

A. I’m sorry.

Q. — earlier —

A. I never met David Dagon, but I do know that he was the information that the source came forward and said he was potentially the author of the white paper.

Q. Okay. And that’s from a CHS that your team was contacted by?

A. Yes. Yes.

Q. And then, finally, April Lorenzen. Do you know who April Lorenzen is?

A. I do not.

[snip]

Q. Would you also want to know whether the authors of the white paper were trying to make it out so that it wasn’t — so that it couldn’t be understood if you weren’t a DNS expert?

A. That would be important.

Q. And if you could read that last line, please.

A. It says, “Do NOT spend more than a short while on this (if you spend more than an hour you have failed the assignment). Hopefully less.”

Q. And just going back to the line above, it says, without — it says, “NOT to be able to say this is, with out doubt, fact, but to merely be plausible,” would you want to understand that coming from the source of the white paper?

A. Yes.

The discussion of the bench conference immediately after Heide left the stand (Berkowitz generally refrained from objecting to these shenanigans in front of the jury) is entirely redacted. But as noted below, Judge Cooper ultimately excluded the entire email as hearsay introduced without proper foundation.

6. Hearsay Commentary on an Attorney

In the very same sidebar where Judge Cooper excluded the Heide testimony, he also explicitly prohibited prosecutors from tying a research request that Rodney Joffe had given a colleague, Jared Novick, to an attorney. The research request pertained to Richard Burt and Carter Page (among others) at a time both had established ties to Russia. Novick testified to Joffe’s displeasure with his work abilities and it’s quite clear the two don’t like each other.

MR. BERKOWITZ: So with respect, Judge, to that, it sounds as if outside the norm of what he normally does, that he thought it was likely for a political campaign. I’m not sure that his determination that he thought it was for an attorney is relevant. If they want to put in an attorney-client-privileged document that he saw, I think he can do that. But if he says I understood this was going to an attorney connected to the campaign, that’s hearsay. And it really doesn’t have anything to do with Mr. Sussmann, unless they can tie it up in any way.

THE COURT: Is there — is there any link to the defendant?

MR. ALGOR: Your Honor, just that he understood the tasking was related to opposition research regarding Trump; that he was told by Mr. Joffe — and his understanding was — that it was — it was someone tied to the Clinton campaign. But his understanding overall, full context and understanding, regardless of what Mr. Joffe said, was that this was going to someone tied to the campaign; and that also in receiving the document that had attorney-client privilege, that he understood it to be for an attorney.

THE COURT: How is that not hearsay if Mr. Joffe offered for the purpose of showing that, in fact, it was from —

MR. ALGOR: Because it’s a full understanding. It’s not getting into the actual specific statements that Mr. Joffe told him, but just the full context of what he was tasked to do and who the ultimate receiver was.

THE COURT: Okay.

MR. KEILTY: One second, Your Honor.

THE COURT: You can elicit his understanding that it was for a campaign, that it was unusual, that it may have had some political purpose. But I want you to stay away from any suggestion, which I don’t think has been established, that it was from Mr. Sussmann, including by suggesting it was from an attorney. Okay? [my enphasis]

Once again, minutes after Judge Cooper issued an order — this one ruling that Durham’s team could not elicit any reference to an attorney — Algor nevertheless got a former Joffe associate to do so.

Q. And, again, you — during cross-examination, Mr. Berkowitz asked you a series of questions regarding — regarding your work for Mr. Joffe on this project?

A. Uh-huh.

Q. And without getting into any specific conversations, based on the totality of your work, who was the intended audience for the project?

A. It was to go to an attorney with ties.

MR. BERKOWITZ: Objection, Your Honor.

THE COURT: Sustained.

That was the first time Berkowitz started getting really insistent about the pattern of Durham’s prosecutors completely ignoring explicit prohibitions from Cooper.

MR. BERKOWITZ: And — and just briefly, Your Honor, I don’t know when is an appropriate time to — to raise this. I want to express what — and I am not a — a hotheaded person —

THE COURT: You’re not a what?

MR. BERKOWITZ: I’m not a hotheaded person, but I have deep concern over the last line of questioning with the witness eliciting something that I think was clearly prohibited. And it’s consistent, in our view, with the line of questioning relative to Mr. Elias, [sic] relative to them reading the tweet that had been excluded. And, again, I know you don’t apportion bad faith, and I’m not asking you to do that at this point, but I just — I’m — I’m really concerned about the number of those issues that have come in and the prejudice to Mr. Sussmann. And I don’t know how best to deal with it, but I want to raise that to your attention.

Judge Cooper finally warns Durham to follow his orders

The Novick questioning finally stirred Cooper to try to do something about prosecutors flouting his orders. The first thing the next morning, he issued a both-sides warning about adhering to his rulings.

THE COURT: Okay. Good morning, everybody. All right. I just want to return briefly to the discussion we had at the end of the day yesterday.

You know, we’ve been here for two weeks. I have tried my best to let you folks try your cases as you see fit without undue intervention from the Court, as is my usual practice. But I obviously have set some evidentiary guardrails in the case that I expect both sides to follow, and I think you’ve done that for the most part.

Yesterday, however, I thought it was pretty clear — that I was pretty clear that in Mr. Novick’s testimony the government was not to suggest a link between the defendant and — on the one hand, and Mr. Joffe and the researchers’ data collection efforts on the other hand, or their views about the data. I didn’t think there was an evidentiary foundation for that.

I thought that the jury would only be able to speculate about any such connection, and I thought that any knowledge Mr. Novick had about that was necessarily hearsay from Mr. Joffe, who obviously is not here to testify. And I thought, at least, the final question in the redirect that was asked yesterday, nevertheless, attempted to establish such a link.

You know, I know that questions get asked rhetorically or argumentatively that are likely to draw an objection, and I will give lawyers some slack on that, but I expect both sides to comply with my evidentiary rulings.

There’s a lot of evidence in this case. There’s a lot for the jury to digest. They will have plenty of validly admitted evidence to pore over, and from here on out, including in arguments, I expect both sides to comply with both the letter and the spirit of the Court’s evidentiary rulings. So let’s keep it clean from here, okay?

MR. KEILTY: Yes, Your Honor.

Berkowitz used that exchange to request that Cooper exclude the entirety of the email that Algor used to invite Heide to suggest the data had been fabricated as the only way to limit the damage from prosecutors breaking Cooper’s rules.

MR. BERKOWITZ: Thank you very much for that, Your Honor. I have one other request related to it. And I don’t mean to go to the well, but there was an additional line of questioning yesterday related to Government Exhibit 132 with Agent Heide. I’m happy to provide a copy of it, if you would like.

THE COURT: Just remind me what it is.

MR. BERKOWITZ: It’s the document they sought to admit between Rodney Joffe, David Dagon, and Manos Antonakakis, “Is this a plausible explanation?”

THE COURT: Yes, I know that one. Actually, pass it up.

MR. BERKOWITZ: Your Honor, I went back and read the basis for your admitting the document, which was that it was not hearsay because there was a statement, “can you review,” and a question, “is this a plausible explanation?” I think we all contemplated at the time that both Mr. Dagon and Mr. Antonakakis were on the witness list and might testify.

You did allow it in. We didn’t object on the basis that you had previously ruled on it.

The manner in which it was used with the witness, I think, didn’t comply with the spirit of the Court’s ruling. There were questions asked related to “if you had spoken with Mr. Dagon, and you were aware of this communication” words to the effect of “would that have been concerning?”

And the witness — and I’m not suggesting that it was elicited intentionally, but the witness said “it would concern me because it appears as if it’s fabricated.”

Berkowitz noted that (like the Clinton tweet before it, though Berkowitz didn’t make the connection) that exchange got reported in the press.

That’s been reported in the press, even though you struck it from the record at our request.

Our remedy request, Your Honor, in light of that, and in light of the lack of probative value of that document with no connection to Mr. Sussmann, would be to strike the question and answering related to that document, to strike that document from the record, and not allow the prosecution team to use it with any defense witnesses, as well as not to use it in argument because it would have been stricken from the record.

We think the probative value of that document at this stage is minimal, and I expect that if it is published to the jury and used in any way, the jurors will associate it with the fabrication comment. And you worked real hard — and we have all worked really hard — to keep out the accuracy of the data. And the prejudicial nature of the document and the testimony associated with it is something that we think, while it can’t be remedied, and the bell can never be unrung, they should not be reminded and put before them. [my emphasis]

After having just been scolded, DeFilippis nevertheless made a bid to keep the document that might trigger the improperly elicited comment in as evidence.

Michael Keilty — the closest thing to a grown-up on this team — then tried to explain away Algor’s flouting of the rules with Novick.

MR. KEILTY: One last thing, Your Honor, just with respect to the final question to Mr. Novick yesterday. I think Your Honor’s aware that the government obviously did not intend for that — to elicit that answer. Instead, it intended to elicit an answer regarding Mr. Novick’s thoughts about whether this was involved with a political entity or political campaign. We didn’t have the opportunity or the benefit of conferring with Mr. Novick prior to Your Honor’s ruling. So we apologize for that, but we just wanted to put on the record some of the reasons why.

THE COURT: Well, you could have asked, “Without telling me who it came from, what was your understanding of the general nature of the source?” Right?

7. Hearsay on Top of Hearsay about Joffe’s Joke about a Job

But the Durham team’s defiance of Cooper didn’t stop there. While Cooper had permitted (with the proper foundation) a Joffe email that elicited feedback, Cooper had excluded an email — sent to someone never identified as a witness in this case — in which Joffe had joked about working in cybersecurity under a Clinton Administration. Nevertheless, as part of a long exchange with retired FBI Agent Tom Grasso in which DeFilippis asked Grasso materiality questions about stuff he heard about but had no firsthand knowledge of — each time presented as fact rather than as a conspiracy that Durham had explicitly been prohibited from presenting because they hadn’t charged it — Durham’s lead prosecutor raised the allegation he had been prohibited from raising.

Q. So when he came to you or at any time after that, did Mr. Joffe disclose to you whether he was working on this with representatives of the — of a political campaign?

A. He did not, no.

Q. And do you think you’d remember if he had told you at the time, you know, “I’m doing this, working with some folks who are working with the political campaign”?

A. I would think I would remember that, yes.

Q. So Mr. Joffe didn’t tell you — have you heard of a firm called Fusion GPS?

A. I have heard of Fusion GPS, yes, sir.

Q. Okay. And are you generally aware that they had — without getting into any specific work you did, are you generally aware that they had done some work for the Clinton Campaign at the time?

A. Yes, I —

Q. Okay.

A. Yes, I am aware of that, yes.

Q. So Mr. Joffe didn’t say he was working with Fusion GPS on this project?

A. Not that I recall, no.

Q. And Mr. Joffe never told you that, you know, this project had arisen in the context of opposition research that the Clinton Campaign was working on?

A. I do not recall that coming up, no.

Q. If Mr. Joffe had come to you and said, “I’m working with some investigators and some lawyers who are working for the Clinton Campaign, and, you know, that’s part of what I’m doing here with this information, can you please keep my name out of this,” would you have viewed that differently than you viewed the information as you got it?

[snip]

Q. Okay. And in the 2016 election period, you and Mr. Joffe, I imagine, never discussed politics or anything like that?

A. I don’t recall political discussions with him, no.

Q. Okay. And did you — so you certainly didn’t know that he was working with folks affiliated with a particular political party or campaign on what he brought to you, right?

A. I have no recollection of that.

Q. And any recollection of hearing or learning that he was expecting any kind of position in a future political administration?

A. I do not have a recollection of that other than — let me rephrase that. I have a recollection of that being reported in the media, but I don’t have a —

MR. BERKOWITZ: Objection, Your Honor.

THE COURT: Sustained. [my emphasis]

When Berkowitz raised this exchange at the end of the day, Judge Cooper noted that the several meetings they had with Grasso were ample basis for DeFilippis to understand that Grasso had no knowledge of those matters (or, for that matter, the topics covered by that entire line of questioning).

MR. BERKOWITZ: Judge, I regret that I’m going back to this same issue that we started the day with where  you admonished counsel to be careful of the guardrails related to evidentiary rulings. We had another situation n today that I think ran afoul of your comments. There was an email that was the subject of a motion related to Mr. Joffe communicating about a potential job. And in the cross-examination of Agent Grasso there was a question about, “He certainly didn’t know he was working with folks affiliated with a particular political party or campaign when he brought that to you. Right?”

Answer: “I have no recollection of that.” I didn’t object.

And then he followed up with: “And any recollection of hearing or learning that he was expecting any kind of position in a future political administration, knowing that there was nothing in the 3500 materials related to that and knowing an objection that was sustained could elicit a belief that he would do that?”

The witness answered, “I do not have a recollection of that other than — let me rephrase that. I have a recollection of that being reported in the media.”

I objected. Your Honor, they had met with this witness four times. They had pretried him twice. There was nothing in the 3500 material to suggest that he had any belief of that or any recollection or any connection.

And it’s another instance in a litany of instances that’s suggesting to the jury topics and issues that were the subject of your ruling. And I, you know, particularly  with the potential testimony of Mr. Sussmann coming up, I don’t know what else to say or to do, and we’ll consider filing a motion. But I wanted to raise the issue, and I take no joy in continuing to do this. But I cannot stand by while it continues to go on.

DeFilippis at first tried to excuse blowing off Cooper’s ruling by saying that the rules for cross-examination are different. But not if the witness was originally a witness for the prosecution.

THE COURT: Counsel?

MR. DeFILIPPIS: Yes, Your Honor. I guess we’re glad that Mr. Berkowitz raised it in the sense that, you know, typically the rules for cross-examination are different from evidence presented in a case in chief. And if there is a good-faith basis to ask — inquire as to knowledge of a matter, Your Honor, the government didn’t phrase the question tethered to any email or refer to any hearsay.

It was just inquiring as to knowledge and then inquiring as to whether that fact would be relevant to what  it is that Mr. Grasso’s interactions with Mr. Joffe were.

So if, again if the Court wants —-

THE COURT: Counsel, I don’t disagree with that, but you got to have a good faith basis for asking the question. Right? And if you prepped this guy and he’s never said anything about it, then there’s no good-faith basis. Okay? Him reading it in The New York Times or whatever is not a good-faith basis.

Then DeFilippis claimed that the question — which came after two earlier ones in which he asked Grasso questions about things he had “heard of” — was not deliberately intended to elicit such a response.

MR. DeFILIPPIS: Yeah, and to be clear, Your Honor, the portion where he said he read in the — we didn’t know that, and we wouldn’t have intentionally elicited something from a press account. So we will certainly be careful.

THE COURT: He was the defense’s witness here, but he was on your witness list. You should have known. If there was a basis to ask that question, you should have known what it was.

MR. DeFILIPPIS: Yeah. Understood, Your Honor.

Only after this exchange on prosecutors using someone who had originally been a government witness to invite speculation did Cooper exclude the entire email discussion involving Heide.

THE COURT: In that vein, let’s go back to GX-132 the admission of the email did not sit well with me yesterday, and it still does not sit well with me.

The Court ruled that the document was [sic] hearsay originally because it contained a question and a request, as opposed to an assertion. But the Court made clear in its order that, in order to be admitted, it would still need a proper foundation. The witness through which the document ultimately was admitted, albeit not without an objection from the defense, was Mr. Heide, who, as far as I could tell, had no personal knowledge whatsoever of the email. He didn’t know Mr. Joffe. He didn’t know the researchers who received it. He obviously was not a party to the email. So frankly, I don’t see how he could testify to that email in his personal knowledge as required by Rule 602.

So for that reason, I don’t think it was properly admitted through that witness. As I said yesterday, we had expected at least two of the researchers to testify based on who was on the government’s list. And I think it would have been properly admissible through those people to explain how the data came into being  as the Court ruled prior to trial. So I am going to exclude that email as well as any testimony by Mr. Heide describing his interpretation or views or thoughts on the email. Okay?

Conspiracy theory

This repeated defiance of Judge Cooper was treated as one after another evidentiary issue, usually prosecutors sneaking in hearsay with no basis. Ultimately, however, it was about a more basic ruling Judge Cooper had made, that this trial would not be about a conspiracy theory that Durham wanted to criminalize without charging.

As Berkowitz observed in his close,

This case is not about a giant political conspiracy theory. It’s about a short meeting.

[snip]

So the people who were part of this large political conspiracy theory are the people at HFA, Rodney Joffe, and Fusion GPS. They’re the people that are supposedly involved in this conspiracy.

There will be a lot said about this trial, no matter the verdict. But the serial defiance of the Durham prosecutors was a successful attempt to do something else that Judge Cooper had prohibited: to criminalize, under a conspiracy theory, perfectly legal behavior.

OTHER SUSSMANN TRIAL COVERAGE

Scene-Setter for the Sussmann Trial, Part One: The Elements of the Offense

Scene-Setter for the Sussmann Trial, Part Two: The Witnesses

The Founding Fantasy of Durham’s Prosecution of Michael Sussmann: Hillary’s Successful October Surprise

With a Much-Anticipated Fusion GPS Witness, Andrew DeFilippis Bangs the Table

John Durham’s Lies with Metadata

emptywheel’s Continuing Obsession with Sticky Notes, Michael Sussmann Trial Edition

Brittain Shaw’s Privileged Attempt to Misrepresent Eric Lichtblau’s Privilege

The Methodology of Andrew DeFilippis’ Elaborate Plot to Break Judge Cooper’s Rules

Jim Baker’s Tweet and the Recidivist Foreign Influence Cheater

That Clinton Tweet Could Lead To a Mistrial (or Reversal on Appeal)

John Durham Is Prosecuting Michael Sussmann for Sharing a Tip on Now-Sanctioned Alfa Bank

Apprehension and Dread with Bates Stamps: The Case of Jim Baker’s Missing Jencks Production

Technical Exhibits, Michael Sussmann Trial

Jim Baker’s “Doctored” Memory Forgot the Meeting He Had Immediately After His Michael Sussmann Meeting

The FBI Believed Michael Sussmann Was Working for the DNC … Until Andrew DeFilippis Coached Them to Believe Otherwise

The Visibility of FBI’s Close Hold: John Durham Will Blame Michael Sussmann that FBI Told Alfa Bank They Were Investigating

The Staples Receipt and FBI’s Description of Michael Sussmann Sharing a Tip from Hillary

“and” / “or” : How Judge Cooper Rewrote the Michael Sussmann Indictment

 

“and” / “or” : How Judge Cooper Rewrote the Michael Sussmann Indictment

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs. If you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations for this coverage — which reflects the culmination of eight months work. 

I’ve been tracking a dispute about the jury instructions in the Michael Sussmann trial, but only got time to check the outcome last night. At issue was whether some of the extraneous language from the indictment would be included in the description of the charge.

Here’s the language the grand jury approved in the indictment.

O]n or about September 19, 2016, the defendant stated to the General Counsel of the FBI that he was not acting on behalf of any client in conveying particular allegations concerning a Presidential candidate, when in truth, and in fact, and as the defendant knew well, he was acting on behalf of specific clients, namely, Tech Executive-1 and the Clinton Campaign. [my emphasis]

Sussmann had wanted the instructions to include that language claiming Sussmann was lying to hide two clients.

Mr. Sussmann proposes modifying the last sentence as follows, as indicated by underlining: Specifically, the Indictment alleges that, on or about September 19, 2016, Mr. Sussmann, did willfully and knowingly make a materially false, fictitious, and fraudulent statement or representation in a matter before the FBI, in violation of 18 U.S.C. § 1001(a)(2), namely, that Mr. Sussmann stated to the General Counsel of the FBI that he was not acting on behalf of any client in conveying particular allegations concerning Donald Trump, when, in fact, he was acting on behalf of specific clients, namely, Rodney Joffe and the Clinton Campaign.5 The government objects to the defense’s proposed modification since it will lead to confusion regarding charging in the conjunctive but only needing to prove in the disjunctive.

When Judge Cooper instructed the jury, however, he rewrote the indictment approved by the grand jury to reflect that maybe Sussmann was just hiding one client.

Specifically, the Indictment alleges that in a meeting on September 19, 2016, Mr. Sussmann did willfully and knowingly make a materially false, fictitious, and fraudulent statement or representation in a matter before the FBI in violation of 18 USC 1001(a)(2); namely, that Mr. Sussmann stated to the General Counsel of the FBI that he was not acting on behalf of any client in conveying particular allegations concerning Alfa-Bank and Donald Trump, when, in fact, he was acting on behalf of specific clients, namely Rodney Joffe or the Clinton Campaign. [my emphasis]

Now, perhaps there was some discussion I missed finding that the government only had to prove Sussmann was hiding one client — the disjunctive proof business, above. And perhaps it will not matter — I think Sussmann’s team raised plenty of issues with Jim Baker’s credibility such that the jury will find the whole prosecution preposterous, but I also think Durham’s team may have thrown enough cow manure at the jury to stifle rational thought.

But this slight change — unilaterally replacing “and” with “or” — seems to intervene to help Durham recover from one of the most abusive aspects of the prosecution, his failure to take basic investigative steps before charging Sussmann.

As I’ve repeatedly shown, Durham did nothing to test Michael Sussmann’s sworn explanation for his meeting with Jim Baker — that he wanted to give the FBI an opportunity to intervene before a shitshow story happened during election season — before charging. He spent months and months after the indictment scrambling to find the documentation for the efforts the FBI made to kill the NYT story (and ultimately only found part of that documentation), evidence he should have consulted in advance.

Durham also never subpoenaed Jim Baker for related materials before charging this.

Those two facts are how it was possible that Baker only discovered the September 18, 2016 text in which Sussmann explained he was trying to help the FBI on March 4, 2022, almost six months after the indictment (though Andrew DeFilippis misrepresented this at trial).

We also know from Sussmann’s discovery requests that Durham did little to explore Rodney Joffe’s relationship with the FBI before charging. While Durham knew that Joffe had been an informant — and had forced FBI to remove him as such, allegedly as retaliation because Joffe wouldn’t cooperate with Durham’s investigation — it’s not clear whether Durham had found two instances where Joffe had offered up more information about the Alfa Bank allegations to an FBI agent (not his handler) who knew his identity and could easily have shared it with investigators.

In other words, even if you think Sussmann was attempting to hide the Hillary campaign’s role in the underlying allegations (which is different from hiding the campaign’s role in the meeting with the FBI, though Durham’s team surely hopes the jury misses the distinction), the trial actually presented a fair amount of evidence that Sussmann wasn’t hiding Joffe’s role. The FBI knew of Joffe’s role within days of Sussmann’s meeting.

For months, Durham has been spinning a wild conspiracy theory claiming Joffe had direct ties to the Hillary campaign that he simply didn’t have. That is the conspiracy theory he laid out in the indictment. That is the conspiracy theory he should be held to.

But Cooper rewrote that part of the indictment such that Durham is not being held to his own conspiracy theories when it matters.

OTHER SUSSMANN TRIAL COVERAGE

Scene-Setter for the Sussmann Trial, Part One: The Elements of the Offense

Scene-Setter for the Sussmann Trial, Part Two: The Witnesses

The Founding Fantasy of Durham’s Prosecution of Michael Sussmann: Hillary’s Successful October Surprise

With a Much-Anticipated Fusion GPS Witness, Andrew DeFilippis Bangs the Table

John Durham’s Lies with Metadata

emptywheel’s Continuing Obsession with Sticky Notes, Michael Sussmann Trial Edition

Brittain Shaw’s Privileged Attempt to Misrepresent Eric Lichtblau’s Privilege

The Methodology of Andrew DeFilippis’ Elaborate Plot to Break Judge Cooper’s Rules

Jim Baker’s Tweet and the Recidivist Foreign Influence Cheater

That Clinton Tweet Could Lead To a Mistrial (or Reversal on Appeal)

John Durham Is Prosecuting Michael Sussmann for Sharing a Tip on Now-Sanctioned Alfa Bank

Apprehension and Dread with Bates Stamps: The Case of Jim Baker’s Missing Jencks Production

Technical Exhibits, Michael Sussmann Trial

Jim Baker’s “Doctored” Memory Forgot the Meeting He Had Immediately After His Michael Sussmann Meeting

The FBI Believed Michael Sussmann Was Working for the DNC … Until Andrew DeFilippis Coached Them to Believe Otherwise

The Visibility of FBI’s Close Hold: John Durham Will Blame Michael Sussmann that FBI Told Alfa Bank They Were Investigating

The Staples Receipt and FBI’s Description of Michael Sussmann Sharing a Tip from Hillary

 

The Staples Receipt and FBI’s Description of Michael Sussmann Sharing a Tip from Hillary

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs. If you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations for this coverage — which reflects the culmination of eight months work. 

Both sides in the Michael Sussmann case will give their closing arguments today. I’ll try to watch the live tweets, but will be driving around Achill Island so likely will have little Internet access.

I have yet to see the jury instructions, which will dictate a few details of the closing arguments. Most important — as I have noted before — is whether Durham will have to prove the actual allegations in his indictment.

Mr. Sussmann proposes modifying the last sentence as follows, as indicated by underlining: Specifically, the Indictment alleges that, on or about September 19, 2016, Mr. Sussmann, did willfully and knowingly make a materially false, fictitious, and fraudulent statement or representation in a matter before the FBI, in violation of 18 U.S.C. § 1001(a)(2), namely, that Mr. Sussmann stated to the General Counsel of the FBI that he was not acting on behalf of any client in conveying particular allegations concerning Donald Trump, when, in fact, he was acting on behalf of specific clients, namely, Rodney Joffe and the Clinton Campaign.5 The government objects to the defense’s proposed modification since it will lead to confusion regarding charging in the conjunctive but only needing to prove in the disjunctive.

4 Authority: Indictment.

5 Authority: Indictment.

Durham’s single witness is the only one who claims to have remembered this meeting, but he has had about six different memories of the meeting, and Sussmann made a really good case that Baker’s evolving testimony (as well as that of several other witnesses) is an attempt to avoid legal jeopardy himself. Sussmann has shown a receipt that did not bill his $28.00  taxi to Hillary, and I believe he affirmatively took the meeting time off his bill to Hillary before the election (though I need to check the records).

That leaves Durham with a September 13, 2016 $12.99 receipt for two thumb drives and a Google map from his office to Staples to buy it.

BY MR. KEILTY: Q. Ms. Arsenault, what, generally, is this document?

A. This is an expense report we received from Perkins Coie.

Q. And can you walk the jury through the information in this document.

A. Sure. In the top left corner, the report name is “Purchase of flash drives” on September 13, 2016. The expense owner is Michael Sussmann. The submission date is September 22nd in 2016. If you go all the way down to the allocation summary, the allocations charged is 116514.0001, confidential, for $58.56.

Q. Ms. Arsenault, in your review of records, have you seen that number under the allocations charged, the 116514.0001 number before?

A. I have. Q. Is that related to a certain client?

A. Yes.

Q. What client is that?

A. It’s Hillary For America.

MR. KEILTY: Okay. Mr. Algor, can we next look at Government Exhibit 553.19 — I’m sorry, can you leave it there. (Pause) Can you go down to the next document in 380.

(Pause) Okay. And could you go down to the next document, please, in the same exhibit. Could you blow this up, please.

Q. Ms. Arsenault, what is this particular document?

A. This is the receipt for the expenses reflected in the previous two pages of the expense report.

Q. And was this receipt contained in the records the government obtained from Perkins Coie?

A. It was.

MR. KEILTY: And if you go about halfway down the document, Mr. — sorry, the receipt. Could you blow up the section where it says “PNY 2 Pack,” Mr. Algor. Thank you.

Q. Ms. Arsenault, I think you might have said this, but where is this receipt from? A. Staples.

Q. And what does the blown-out part say?

A. “PNY 2 pack 16GB,” as in gigabyte. And then there’s a UPC code. And the cost was $12.99.

MR. KEILTY: Okay. And moving out of that, can you just blow up the address of the Staples.

Q. Okay. And what’s the address?

A. 1250 H Street N.W., Suite 100, Washington, D.C., 20005.

MR. KEILTY: Okay. And can we please pull up Government Exhibit 553.19 in evidence.

Q. Ms. Arsenault, what are we looking at in Government Exhibit 553.19?

A. This is a disbursement report from the billing records from Perkins Coie.

Q. Okay. And can you walk the jury through this — the blown-out part of this report.

A. The client assigned for this disbursement is Hillary For America. The matter is General Political Advice under 116514.0001. And the description is “Sussmann, Michael A. – M. Sussmann, purchase of new, single use flash drives for secure sharing of files, 9/13/2016.”

Q. Okay. And finally, Ms. Arsenault, I’m going to show you what’s been marked for identification as Government Exhibit 63, which will show up on your screen. Ms. Arsenault, what is Government’s Exhibit 63?

A. It’s a Google map displaying the directions between the office for Perkins Coie to the address listed on the Staples receipt.

Q. And did you create Government Exhibit 63?

A. I did.

Q. And how did you create Government Exhibit 63?

A. I went on Google and I typed in both addresses, and I printed the result.

MR. KEILTY: Your Honor, the government would move Exhibit 63 into evidence.

MR. BOSWORTH: No objection.

THE COURT: So moved.

MR. KEILTY: Mr. Algor, can you blow that up.

Q. Okay. And, Ms. Arsenault, on this map Perkins Coie is listed, is that correct, with the red dot?

A. Yes.

Q. And then there’s a series of blue dots, which apparently lead to a blue bubble; is that correct?

A. Yes.

Q. And what is that blue bubble? What address is that?

A. The blue bubble represents the address listed on the Staples receipt, which is 1250 H Street N.W., Washington, D.C., 20005. [my emphasis]

I expect Durham introduced the map to show that Sussmann went to buy these thumb drives immediately after some phone call or meeting.

As described, there are so many ways to explain these thumb drives. Remember: Sussmann admits he shared the story with the press and wanted it to come out. What he denies is that his intent in going to the FBI was in getting them to investigate to serve the story.

Durham will also claim, probably falsely, that Fusion or Sussmann had to have told Mark Hosenball about the investigation; I know of no evidence that’s the case, Durham’s repeated efforts to misrepresent the timeline on Fusion emails suggests he doesn’t have that evidence, and plenty of reason to believe there are other ways he could have learned about this.

Perhaps Durham has more somewhere.

But, particularly depending on the outcome of that jury instruction, even that receipt may not be enough. That’s because Sussmann has presented this piece of proof about how the FBI understood his tip.

One of the first people to respond to this tip (this text is likely in UTC, not ET, so this is likely at 4:31 on September 19, four hours after the meeting) understood it to be:

  • A tip about a Trump company, not Trump himself
  • From the DNC and Clinton
  • Bringing information a private cyber group had identified

That is, whatever Sussmann said in the meeting with Jim Baker, the best representation of what the FBI understood showed him identifying both his possible clients. And identifying a tip not about Trump himself, but his corporate person and a Russian bank that the FBI understood to have ties to Russian intelligence.

It’s hard to claim this alleged lie was material if the FBI responded to it as if he had fully disclosed both Hillary and private researchers like Rodney Joffe’s role in it.

Update: Corrected two errors (the UTC conversation and a spelling error). To make up for not covering the trial live, here’s my excuse

Update: Here’s Sussmann’s Rule 29 motion for a judgment of acquittal. This is a routine motion defendants always file. Because of the political nature of the case, Judge Cooper would never grant it. And there’s nothing terribly exciting in it.

OTHER SUSSMANN TRIAL COVERAGE

Scene-Setter for the Sussmann Trial, Part One: The Elements of the Offense

Scene-Setter for the Sussmann Trial, Part Two: The Witnesses

The Founding Fantasy of Durham’s Prosecution of Michael Sussmann: Hillary’s Successful October Surprise

With a Much-Anticipated Fusion GPS Witness, Andrew DeFilippis Bangs the Table

John Durham’s Lies with Metadata

emptywheel’s Continuing Obsession with Sticky Notes, Michael Sussmann Trial Edition

Brittain Shaw’s Privileged Attempt to Misrepresent Eric Lichtblau’s Privilege

The Methodology of Andrew DeFilippis’ Elaborate Plot to Break Judge Cooper’s Rules

Jim Baker’s Tweet and the Recidivist Foreign Influence Cheater

That Clinton Tweet Could Lead To a Mistrial (or Reversal on Appeal)

John Durham Is Prosecuting Michael Sussmann for Sharing a Tip on Now-Sanctioned Alfa Bank

Apprehension and Dread with Bates Stamps: The Case of Jim Baker’s Missing Jencks Production

Technical Exhibits, Michael Sussmann Trial

Jim Baker’s “Doctored” Memory Forgot the Meeting He Had Immediately After His Michael Sussmann Meeting

The FBI Believed Michael Sussmann Was Working for the DNC … Until Andrew DeFilippis Coached Them to Believe Otherwise

The Visibility of FBI’s Close Hold: John Durham Will Blame Michael Sussmann that FBI Told Alfa Bank They Were Investigating

The Visibility of FBI’s Close Hold: John Durham Will Blame Michael Sussmann that FBI Told Alfa Bank They Were Investigating

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs of transcripts. But if you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations. This coverage reflects the culmination of eight months work. 

According to an exchange at the end of they day yesterday, John Durham’s team plans to introduce “a hundred” exhibits through their paralegal acting as a summary witness today.

My understanding is that the defense objects to the PowerPoint presentation style of the process. But, again, we think it just streamlines it in terms of — the alternative is to have to put literally a hundred exhibits in through Ms. Arsenault one at a time.

Given the exhibits from Monday, I assume Durham will throw a bunch of Fusion documents at the jury in an attempt to insinuate, once again, that Michael Sussmann shared with the press that the FBI was investigating the Alfa Bank anomaly.

The coming onslaught of Fusion documents

I say that because Mark Hosenball wrote the FBI for comment at 1:33PM on October 5, 2016, attaching the Mediafire package, asking for comment and noting that, “it has been suggested to me that this information and scenario is under careful investigation by the FBI.”

Hosenball’s email to the FBI puts it right at the beginning (in red, below) of the known universe of Fusion emails we’ve seen from that day, the timestamps of which Durham has repeatedly tried to obscure. (Maybe while paralegal Kori Arsenault is on the stand, Sussmann’s team can ask her why Durham’s exhibits misleadingly don’t correct for UTC.)

That said, there’s still a Hosenball email unaccounted for in which he shared one of the publicly available links to Tea Leaves packaged data. It’s quite possible that email precedes Seago’s question to Fritsch, which is currently the earliest email in the list, asking whether one of the i2p sites hosting the data was safe. See this post for background.

5:23PM (likely 1:23?): Seago to Fritsch, Is this safe?

1:31PM: [not included] Fritsch to Hosenball email with Alfa Group overview

1:32PM: Fritsch sends Isikoff the September 1, 2016 Alfa Group overview (full report included in unsealed exhibit)

1:33PM: Hosenball to FBI, “careful investigation by the FBI”

1:33PM [not included] Fritsch to Hosenball, “that memo is OTR — tho all open source”

1:35/1:36PM: Hosenball replies, “yep got it, but is that from you all or from the outside computer experts?”

1:37PM: Fritsch responds,

the DNS stuff? not us at all

outside computer experts

we did put up an alfa memo unrelated to all this

1:38PM: [not included] Hosenball to Fritsch:

is the alfa attachment you just sent me experts or yours ? also is there additional data posted by the experts ? all I have found is the summary I sent you and a chart… [my emphasis]

1:41PM: [not included] Fritsch to Hosenball:

alfa was something we did unrelated to this. i sent you what we have BUT it gives you a tutanota address to leave questions.  1. Leave questions at: [email protected]

1:41PM: [not included] Hosenball to Fritsch:

yes I have emailed tuta and they have responded but haven’t sent me any new links yet. but I am pressing. but have you downloaded more data from them ?

1:43PM: [not included] Fritsch to Hosenball, “no”

1:44PM: Fritsch to Lichtblau:

fyi found this published on web … and downloaded it. super interesting in context of our discussions

[mediafire link] [my emphasis]

2:23PM: [not included] Lichtblau to Fritsch, “thanks. where did this come from?”

2:27PM: [not included] Hosenball to Fritsch:

tuta sent me this guidance

[snip]

Since I am technically hopeless I have asked our techie person to try to get into this. But here is the raw info in case you get there first. Chrs mh

2:32PM: Fritsch to Lichtblau:

no idea. our tech maven says it was first posted via reddit. i see it has a tutanota contact — so someone anonymous and encrypted. so it’s either someone real who has real info or one of donald’s 400 pounders. the de vos stuff looks rank to me … weird

6:33PM (likely 2:33PM): Fwd Alfa Fritsch to Seago

6:57PM (like 2:57PM): Re alfa Seago to Fritsch

7:02PM (likely 3:02): Re alfa Seago to Fritsch

3:27PM: [not included] Fritsch to Hosenball cc Simpson: “All same stuff”

3:58PM: [not included] Hosenball to Fritsch, asking, “so the trumpies just sent me the explanation below; how do I get behind it?”

4:28PM: [not included] Fritsch to Hosenball, “not easily, alas”

4:32PM: Fritsch to Hosenball, cc Simpson:

Though first step is to send that explanation to the source who posted this stuff. I understand the trump explanations can be refuted.

So I assume that Durham will argue that Fusion must have passed on the information that the FBI was investigating — and they may have! (though none of the currently public emails reflect that — and suggest that was all part of Michael Sussmann’s devious plan on September 19.

When, under threat of prosecution, an attempt to prevent politicization turns into an attempt to hide political bias

That’s where things will get interesting. One key dispute in this case is why one keeps secrets. Durham wants to argue that keeping secrets can only serve a political purpose.

Sussmann will argue that keeping secrets facilitates national security interests.

Sussmann will show that everyone at the FBI recognized the value, to the FBI, of stalling a newspaper article about a potentially important threat so the FBI could covertly investigate it. All the more so during election season when — investigation after investigation into the Russian investigation has shown — the FBI was, if anything, being too careful in an attempt to avoid impacting Trump’s political fortunes, even while Jim Comey was tanking Hillary’s campaign. According to Sussmann’s own sworn testimony — testimony that Durham didn’t bother testing before charging Sussmann — allowing the FBI the opportunity to do that was the reason Sussmann shared the Alfa Bank anomaly with the FBI. Durham wants to imprison Sussmann for giving the FBI that heads up, arguing that because he hid his purported clients, it led the FBI to open a Full Investigation more quickly than they otherwise would have (even though, as Sussmann’s team has demonstrated, the FBI did nothing that would have required a Full Investigation in the short period during which they investigated).

A key part of that story Durham wants to tell — needs to tell, given all the evidence that the FBI perceived this to be a DNC-related tip — is that some of his key villains were attempting to hide the perceived political nature of the tip, rather than ensuring the integrity of the investigation itself (or possibly, but I’m still working on this, protecting the identity of a CHS).

Central to that narrative is the changing testimony of FBI Agent Ryan Gaynor — his stated reasons for refusing to let the case agents in Chicago interview either Sussmann or Georgia Tech professor David Dagon. In an interview on October 30, 2020 (a week after Durham had been granted Special Counsel status), Gaynor explained that he had intervened to make sure agents couldn’t conduct interviews that would have led to a more robust investigation to ensure the integrity of the investigation.

Q. Okay. So you remember telling the government that you believed that the agents in Chicago would have been biased by Mr. Sussmann’s perception of the issue — the source’s perception of the issue if they had interviewed him before they got all of the data and analyzed it?

A. Yes.

Q. Okay. And that’s because, at the time, you believed the DNC was the source of the information itself. Right?

A. That’s because, at the time, I believed that he was a DNC attorney associated with the Democratic party and it would be potentially highly-biasing information.

Q. And you told the government, if you had provided the identity of the DNC as the source of the information, they would have known there was possible political motivation. rignt?

A. I recall that exact statement.

Shortly after he gave this testimony, prosecutors took a break, and told his lawyer they were moving towards treating Gaynor as a subject of, rather than just a witness in, the investigation.

Q. Okay. Well, at or around the time you were talking about passing along the source’s name or not, you took a break in the meeting. Do you remember taking breaks during the meeting?

A. I do.

Q. And do you remember when you broke at that point that the government told your attorney that your own status in the investigation had changed. Do you remember hearing that?

A. So I didn’t hear that, but when my attorney came back in, he advised me that my status was in jeopardy.

After that, Gaynor went back, looked at two sets of scribbled notes (Gaynor, because he remains at FBI, was able to review his notes, unlike a number of other Durham witnesses), and decided that now that he thought about it, Jonathan Moffa had actually instructed him to keep a close hold on Sussmann’s identity. It wasn’t his decision anymore, it was Moffa’s, and the dastardly Peter Strzok was in on it. Once Gaynor testified that way, he became a — to Andew DeFilippis, anyway — credible witness again.

Q. Okay. And when you told the government there was a close hold, were you told that your status changed back to being a witness?

A. At the conclusion of the interview, once I had gone over all of the material that I brought and walked through what I had reconstructed and what I could recollect after doing so, I was informed that my status had changed, yes.

Q. Changed back to being a witness?

A. To a witness, yes.

Q. So you go into meeting one being told you are a witness, telling them you decided not to share the agents’ names among other things. Then you are told you are a subject facing criminal charges, potentially. You come back. You tell them about a close hold, and you go back to being a witness; is that right?

Politico may have been the only outlet that described this fairly shocking testimony.

These conflicting claims about the purported reasons to keep Sussmann’s identity (as opposed to the investigation itself) a secret are important background to that Hosenball email on October 5, which I suspect Durham will use to claim that the Democrats were leaking about the investigation.

Starting almost immediately after getting the investigation, Chicago case agents started asking to interview the source, variously defined to be either Sussmann or the person who wrote the white paper. Gaynor kept pushing the agents to go review the logs again — though the file memorializing the contents of what it describes as a single thumb drive (Sussmann shared two) was not written up until October 4. But then, by October 5 (the same day that Hosenball asked the FBI for comment, albeit this report comes in four hours later), FBI had learned from one of their confidential human sources that David Dagon had a role in the white paper and he — and the FBI’s own source! — would be going public pushing the credibility of the allegations.

In that email, newbie agent Allison Sands explained that they were going to contact Dagon.

So, among other things, on the same day Hosenball writes in reflecting an awareness that there was an ongoing investigation, the FBI hears from a CHS who says he or she has already been talking with David Dagon and was going public backing the claims (though this source was speaking to the WaPo, not Reuters).

Note that, as of that date, the FBI still hadn’t received logs from Listrak.

By the time Allison Sands wrote that email, it appears from Lync messages that like others probably haven’t been noticed to reflect UTC time zone, had already contacted Rodney Joffe’s handler to contact Dagon.

Fun with missing Bates stamps

Side note. There are actually two versions of the notes that purportedly caused Gaynor to change his mind about there being a close hold and on what source that close hold was on. There’s Defense Exhibit 524, which has a slew of Bates stamps, and 7 redactions.

And then there’s a page from Government Exhibit 279, which appears between a page with Bates stamp SC-6454 and one with Bates stamp SC-6456, which has no Bates stamp at all (and lacks the protective order stamp that appears on the other pages of the exhibit).

That version of the exhibit has just four redactions, one of which is smaller. The unredacted bits on the exhibit reveal discussions of the informant and recognition that the statements of the informant “likely triggered” the press attention.

Incidentally, Durham’s team took an entire day to upload this set of exhibits. I’m wondering if the exhibit that was viewed by Gaynor and entered into evidence actually looked like this one does.

Calling the agent of a foreign agent to ask for comment

There’s one other thing going on. On the stand, Gaynor spent a great deal of time explaining about how important it was to hide an investigation — particularly from anyone who might have a partisan interest — during an election.

Except for all the talk of a close hold, the FBI wasn’t holding this very close. They were stomping around to a bunch of sources asking for data logs, even before they had checked what was on (one of) the thumb drives that Sussmann had dropped off. They fairly demonstrably were stomping around before they understood what they should be looking for.

They also were calling Mandiant, which was working for Alfa Bank, which by October 19 when they were formally interviewed discovered Alfa Bank had no logs, but which knew of the investigation by October 5.

Q. Uh-huh. You testified about the reasons why you’d want to keep it covert, you wouldn’t want to do anything that could affect the election so close to the election. Right?

A. Yes.

Q. The FBI, as part of the Alfa-Bank investigation, talked to a number of different individuals outside of the FBI to acquire information, to get you information so that you could investigate the allegations. Right?

A. Yes.

Q. Okay. You spoke to people at Central Dynamics?

A. Yes, and I believe the investigative team documented in the email that I saw that they had done it in a manner to attempt to avoid it outing the allegation.

[snip]

A. I’m sorry?

Q. And how is that that they could conduct an interview with a third party in a way that the third party wouldn’t tell other people about it?

A. They described it in a manner that they had obfuscated what their direct interest was.

Q. So from the Central Dynamics’ perspective, they didn’t know what you were looking at?

A. That is what I had in the email chain, yes. n

Q. But you testified that the FBI interviewed Mandiant as part of the investigation. Correct?

A. Yes. My understanding there is that was a private liaison relationship that occurred.

Q. Mandiant — just to be clear — Alfa-Bank itself hired Mandiant to analyze whether there was a secret communications channel. Correct?

A. Yes.

Q. So Alfa-Bank paid Mandiant to look into whether there was a secret communications channel. Right?

A. Yes.

Q. And Alfa-Bank obviously had a relationship with Mandiant that was put at issue by hiring Mandiant. Right?

A. Yes.

Q. Okay. So the FBI went to Alfa-Bank’s paid consultant and asked them for their view on the allegation. Correct?

A. I believe the FBI had a prior relationship with one of the employees, and they utilized that in the field. Plus, I don’t think the Bureau would violate policy on a sensitive investigative matter when the Chief Division Counsel of the office is involved. So I would assume that they did that in a manner that they did not feel would be alerting or go to the media.

Q. Mr. Gaynor, the FBI in this investigation went to Alfa-Bank’s paid consultant and asked them for their views of the allegations. correct?

A. Yes.

Q. And Alfa-Bank’s paid consultant could have told Alfa-Bank. Correct?

A. Yes.

Q. And could have told the press for all you know. Correct?

A. Yes. And I don’t know how Chicago mitigated that.

Q. And is it your testimony that going to Alfa-Bank, the Russian bank that is the focus of this investigation, and asking their paid consultant for their views on the matter wasn’t going to overt?

A. Again, I don’t know how Chicago mitigated that issue.

[snip]

Q. Did you ever have a conversation with anybody at headquarters about whether to provide the names of the source to the Chicago agents?

A. Yes. There was a conversation about the close hold, as I mentioned, although it wasn’t correctly, I guess, documented between Pete Strzok, myself and Mr. Moffa at some point during that time period.

[snip]

Q. And the reason that you say no one talked to him is because, as of that point, October 6th, you had already concluded that there was nothing to these allegations. Right?

A. As of October 5th, evening of October 5th, we had come to a pretty solid conclusion that these allegations did not have merit and there wasn’t a national security threat.

Q. Are you aware that the agents first interviewed Alfa-Bank’s paid consultant, Mandiant, merely two weeks later on October 19th?

A. So I’m aware that we had information from Mandiant as of October 5th that they had looked at this allegation and found that it didn’t have merit. And then I’m also aware that there was an interview that was conducted later, October 19th or so, when I was made aware of it, yes.

A text between Allison Sands and Scott Hellman reflects the FBI had contact with Alfa Bank by October 4.

It appears that contact occurred in London — a place where Mark Hosenball has strong source ties since the time in 1976 when he got expelled for reporting on Northern Ireland.

In other words, Gaynor’s currently operative stance is that case agents couldn’t contact David Dagon — much less Rodney Joffe, who had business ties with the FBI — to find out what was going on, because that would present a conflict.

But it was okay for the FBI to contact the agent of the subject of the investigation overtly.

Agent Gaynor belatedly rediscovers the Mediafire package

Incidentally, when that original request for comment from Hosenball came in, it got transferred to people in the cyber division, then shared with the investigative team. In response, the senior-most person on that team sent it to Peter Strzok. Strzok forwarded it, at 3:02 on October 5, to Ryan Gaynor.

On October 13, just over a week after he had originally received it, Gaynor sent the Mediafire package to the case team, noting that the observations in it reflected actions taken in response to their investigation, but asking for their technical opinion.

He included Moffa and Joe Pientka on that email.

But not Strzok, who knew he had received it 8 days earlier.

OTHER SUSSMANN TRIAL COVERAGE

Scene-Setter for the Sussmann Trial, Part One: The Elements of the Offense

Scene-Setter for the Sussmann Trial, Part Two: The Witnesses

The Founding Fantasy of Durham’s Prosecution of Michael Sussmann: Hillary’s Successful October Surprise

With a Much-Anticipated Fusion GPS Witness, Andrew DeFilippis Bangs the Table

John Durham’s Lies with Metadata

emptywheel’s Continuing Obsession with Sticky Notes, Michael Sussmann Trial Edition

Brittain Shaw’s Privileged Attempt to Misrepresent Eric Lichtblau’s Privilege

The Methodology of Andrew DeFilippis’ Elaborate Plot to Break Judge Cooper’s Rules

Jim Baker’s Tweet and the Recidivist Foreign Influence Cheater

That Clinton Tweet Could Lead To a Mistrial (or Reversal on Appeal)

John Durham Is Prosecuting Michael Sussmann for Sharing a Tip on Now-Sanctioned Alfa Bank

Apprehension and Dread with Bates Stamps: The Case of Jim Baker’s Missing Jencks Production

Technical Exhibits, Michael Sussmann Trial

Jim Baker’s “Doctored” Memory Forgot the Meeting He Had Immediately After His Michael Sussmann Meeting

The FBI Believed Michael Sussmann Was Working for the DNC … Until Andrew DeFilippis Coached Them to Believe Otherwise

Technical Exhibits, Michael Sussmann Trial

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs of transcripts. But if you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations. This coverage reflects the culmination of eight months work. 

Most of my coverage during the Michael Sussmann trial will be trial related, describing what witnesses and exhibits say about the case.

But there are good reasons to question the conduct of the investigation — and that’s a topic a lot of people have independent interest in. So I wanted to start a running post on technical issues.

If there’s a link that doesn’t work, it probably means I’ve forgot to set permissions to public (some of this needs redaction before posting). Leave a comment or tweet me at @emptywheel.

FBI investigation

160921 Allison Sands’ Lync Notes (thru 161012)

160922: Scott Hellman/Nate Batty assessment

160923: Electronic Communication opening investigation

160923: EC plus all three shared documents

160926: Curtis Heide Lyncs

160926: Heide to Hellman, Hope our assessment is good

160926: Ryan Gaynor notes (includes details on election protection efforts)

161004: Kyle Steere document contents thumb drives

161005: Investigative update from Allison Sands

Includes:

  • FBI conclusion on changing DNS records
  • FBI’s response to David Dagon’s defense
  • Logs from Cendyn, with Listrak still to come
  • Barracuda reference
  • Discussion of Tor node

161007: Sands Draft FD-1023 CHS Report

170118: Sands Closing Memo

170327: 302 interview Alfa Bank

Materials shared with FBI

White paper

DNS logs

62 pages of DNS logs

Trump Who Is

9 IP Addresses

15 Trump mail domains

160919 Expert White Paper

Joffe data requests (postdates original data in white paper)

160820: Antonokakis to DeJong requesting data (including dcleaks)

List of IP addresses

Alfa Bank script

160915: DeJong shares results with Joffe

170718: DeJong to Joffe: I have four jobs that look for Trump

Posts related to technical issues

The Methodology of Andrew DeFilippis’ Elaborate Plot to Break Judge Cooper’s Rules

The Methodology of Andrew DeFilippis’ Elaborate Plot to Break Judge Cooper’s Rules

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs. If you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations for this coverage — which reflects the culmination of eight months work. 

When Michael Sussmann attorney Sean Berkowitz was walking FBI Agent Scott Hellman through the six meetings he had with Durham’s team on Tuesday — meetings he first had as a witness about the investigation into the Alfa Bank allegations and later in preparation for his trial testimony — Berkowitz asked Hellman about how, sometime earlier this year, Andrew DeFilippis and Jonathan Algor asked him whether he could serve as their DNS expert for the trial.

Q And then, more recently, you met with Mr. DeFilippis and I think Johnny Algor, who is also at the table here, who’s an Assistant U.S. Attorney. Correct?

A. Yes.

Q. They wanted to talk to you about whether you might be able to act as an expert in this case about DNS data?

A. Correct.

To Hellman’s credit, he told Durham’s prosecutors — who have been investigating matters pertaining to DNS data for two years — that he only had superficial knowledge of DNS and so wasn’t qualified to be their expert.

Q. You said, while you had some superficial knowledge, you didn’t necessarily feel qualified to be an expert in this case, correct, on DNS data?

A. On DNS data, that’s correct.

It wasn’t until the third day of trial before Durham’s team presented any evidence about the alleged crime. Instead, Durham’s first two witnesses were their nominal expert, David Martin, and Hellman, who told Durham he wasn’t an expert but who offered opinions he neither had the expertise to offer nor had done the work to substantiate.

That’s important, because DeFilippis used him to provide an opinion only an expert should give. And virtually everything about his testimony — his claim to have relied on the data in the materials without looking at the thumb drives, an apparently made up claim about the timing of the analysis, and behaviors that the FBI normally finds suspicious — suggest he’s not only not a DNS expert qualified to assess this report, but his assessment of the white paper Sussmann shared also suffers from serious credibility issues.

The battle over an expert

The testimony of the nominal expert, David Martin, was remarkably nondescript, particularly given the fight that led up to his testimony. Durham’s team sprung even having an expert on Sussmann at a really late date: on March 30, after months of blowing off Sussmann’s inquiries if they would. Not only did they want Martin to explain to the jury what DNS and Tor are, Durham’s team explained, but they also wanted him to weigh in on the validity of conclusions drawn by researchers who had found the anomaly.

  • the authenticity vel non of the purported data supporting the allegations provided to the FBI and Agency-2;
  • the possibility that such purported data was fabricated, altered, manipulated, spoofed, or intentionally generated for the purpose of creating the false appearance of communications;
  • whether the DNS data that the defendant provided to the FBI and Agency-2 supports the conclusion that a secret communications channel existed between and/or among the Trump Organization, Alfa Bank, and/or Spectrum Health;

[snip]

  • the validity and plausibility of the other assertions and conclusions set forth in the various white papers that the defendant provided to the FBI and Agency-2;

As Sussmann noted in his motion to limit Martin’s testimony, he didn’t mind the testimony about DNS and Tor. He just didn’t want this trial to be about the accuracy of the data, especially without the lead time to prepare his own expert.

As the Government has already disclosed to the defense, should the defense attempt to elicit testimony surrounding the accuracy and/or reliability of the data that the defendant provided to the FBI and Agency-2, Special Agent Martin would explain the following:

  • That while he cannot determine with certainty whether the data at issue was cherry-picked, manipulated, spoofed or authentic, the data was necessarily incomplete because it was a subset of all global DNS data;
  • That the purported data provided by the defendant nevertheless did not support the conclusions set forth in the primary white paper which the defendant provided to the FBI;
  • That numerous statements in the white paper were inaccurate and/or overstated; and
  • That individuals familiar with these relevant subject areas, such as DNS data and TOR, would know that such statements lacked support and were inaccurate and/or overstated.

Based off repeated assurances from Durham that they weren’t going to make accuracy an issue in their case in chief, Judge Cooper ruled that the government could only get into accuracy questions if Sussmann tried to raise the accuracy of the data himself. But if he said he relied on the assurances of Rodney Joffe, it wouldn’t come in.

The government suggests that Special Agent Martin’s testimony may go further, depending on what theories Sussmann pursues in cross-examination or his defense case. Consistent with its findings above, the Court will allow the government’s expert to testify about the accuracy (or lack thereof) of the specific data provided to the FBI here only in certain limited circumstances. In particular, if Sussmann seeks to establish at trial that the data were accurate, and that there was in fact a communications channel between Alfa Bank and the Trump Campaign, expert testimony explaining why this could not be the case will become relevant. But, as the Court noted above, additional testimony about the accuracy of the data—expert or otherwise—will not be admissible just because Mr. Sussmann presents evidence that he “relied on Tech Executive-1’s conclusions” about the data, or “lacked a motive to conceal information about his clients.” Gov’s Expert Opp’n at 11. As the Court has already explained, complex, technical explanations about the data are only marginally probative of those defense theories. The Court will not risk confusing the jury and wasting time on a largely irrelevant or tangential issue. See United States v. Libby, 467 F. Supp. 2d 1, 15 (D.D.C. 2006) (excluding evidence under Rule 403 where “any possible minimal probative value that would be derived . . . is far outweighed by the waste of time and diversion of the jury’s attention away from the actual issues”).

Then, days before the trial, the issue came up again. Durham sent a letter on May 6 (ten days before jury selection), raising a bunch of new issues they wanted Martin to raise. Sussmann argued that Durham was trying to expand the scope of what his expert could present. Among his complaints, Sussmann argued that Durham was trying to make a materiality argument via his expert witness.

Third, the Special Counsel apparently intends to offer expert testimony about the materiality of the false statement alleged in this case. Indeed, the Special Counsel’s supplemental topic 9 regarding the importance of considering the collection source of DNS data is plainly being offered to prove materiality. But the Special Counsel did not disclose this topic in either his initial expert disclosure or Opposition, and the Court’s ruling did not permit such testimony. The Special Counsel should not now be allowed to offer an entirely new expert opinion under the guise of eliciting testimony regarding the types of conclusions that can be drawn from a review of DNS data.

Judge Cooper considered the issue Tuesday morning, before opening arguments. When asking why Martin had to present the concept of visibility, DeFilippis explained that Hellman–the Agent who’s not an expert on DNS but whom DeFilippis nevertheless had asked to serve as an expert on DNS–would talk about the import of knowing visibility to assess data.

THE COURT: Well, but isn’t the question here whether a case agent — is your case agent later going to testify that that was something that the FBI looked at or wanted to look at in this case and was unable to do so, and that that negatively affected the FBI’s investigation in some way? MR.

DeFILIPPIS: Yes, and I expect Special Agent Hellman, who will testify likely today, Your Honor, I expect that that is a concept that he will say was relevant to the determination that — determinations he was making as he drafted analysis of the data that came in. And, again, I don’t think we — for example, another way in which this comes up is that the FBI routinely receives DNS data from various private companies who collect that data, and it is always relevant sort of the breadth of visibility that those companies have. So it’s relevant generally, but also in this particular case the fact that the FBI did not have insight into the visibility or lack of visibility of that data certainly affected steps that the FBI took.

THE COURT: Okay. But Mr. Sussman has not been accused of misrepresenting who the source is. He’s simply — but rather who the client is. So how do you link that to the materiality of the alleged false statement?

MR. DeFILIPPIS: Because, Your Honor, I think we view them as intertwined. It was because — it was in part because Mr. Sussman said he didn’t have a client that made it more difficult for the FBI to get to the bottom of the source of this data or made it less likely they would, and so — and, again, I don’t think we expect to dwell for a long time on this, but I think the agents and the technical folks will say that that is part of why the origins of the data are extremely relevant when they took investigative steps here.

When Cooper noted Sussmann’s objection to Martin discussing possible spoofing of data, DeFilippis again answered not about what Martin would testify, but what Hellman would.

As DeFilippis explained, he claimed to believe that under Cooper’s ruling, the government could put in any little thing they wanted that they claimed had been part of the investigation.

And Special Agent Hellman, when he testifies today — now, Your Honor’s ruling we understand to permit us to put into evidence anything about what the FBI analyzed and concluded as its investigation unfolded because that goes to the materiality of the defendant’s statement. So Special Agent Hellman — through Agent Hellman we will offer into evidence a paper he prepared when the data first came in, and among its conclusions is that the data might — he doesn’t use the word “spoof” — but might have been intentionally generated and might have been fabricated. That was the FBI’s initial conclusion in what it wrote up.

So in order for the jury to understand the course of the FBI’s investigation and the conclusions that it drew at each stage, those concepts are at the center of it.

[snip]

MR. DeFILIPPIS: Okay. Your Honor, I’m sorry. We understood your ruling to be that the FBI’s conclusions as it went along were okay as long as we weren’t asserting the conclusion that it was, in fact, fabricated. You know, I mean, it’s difficult to chart the course of the FBI’s investigation unless we can elicit at each stage what it is that the FBI concluded.

Judge Cooper ordered that references to spoofing be removed — leading to a last minute redaction of an exhibit — but permitted a discussion of visibility to come in.

After all that fight, Martin’s testimony was not only bland, but it was recycled powerpoint. He not only admitted lifting the EFF description of Tor for his PowerPoint, but he included their logo.

Hellman delivers the non-expert expert opinion Durham was prohibited from giving

As I said, Martin was witness number one, Hellmann — the self-described non-expert in DNS — was witness number two.

Even though Hellman admitted, again, that he’s not a DNS expert, DeFilippis still had him go over what DNS is.

Q. How familiar or unfamiliar are you with what is known as DNS or Domain Name System data?

A. I know the basics about DNS.

Q. And in your understanding, on a very basic level, what is DNS?

A. DNS is basically how one computer would try and communicate with another computer.

After getting Hellman to explain how he purportedly got chain of custody signatures on September 20, 2016 for the materials Michael Sussmann dropped off with James Baker on September 19, DeFilippis walked Hellman through how, he claimed, he had concluded that the allegations Sussmann dropped off were unsupported. Hellman reviewed the data accompanying the white paper, Durham’s star cybersecurity witness claimed on the stand, and after reviewing that data, determined there was no allegation of a hack in the materials and therefore nothing for the Cyber Division to look at. And, as a report he wrote “within a day” summarized, he concluded the methodology was horrible.

As you read the following exchange, know that (as I understand it) some, if not most, of what Hellman describes as the methodology is wrong. Obviously, if Hellman’s understanding of the methodology is wrong, then the opinion that DeFilippis elicits from a guy who admitted he was not an expert on DNS but whom DeFilippis nevertheless asked to serve as his expert witness on DNS before inviting David Martin in to present slides lifted from the Electronic Frontier Foundation instead [Takes a breath] … If Hellman’s understanding of the methodology and the data he’s looking at is wrong, then his opinion about the methodology is going to be of little merit.

With that understanding, note the objection of Sean Berkowitz, who fought DeFilippis’ late hour addition of an expert that DeFilippis wanted to use to opine on the validity of the research, bolded below.

So we looked at the top part, which set out your top-line conclusion. You then have a portion of the paper that says, “The investigators who conducted the research appear to have done the following.” Now, Special Agent Hellman, it appears to be a pretty technical discussion, but can you just tell us, in that first part of the paper, what did you set out and what did you conclude?

A. It looks to be that they were looking for domains associated with Trump, and the way that they did that was they looked at a list of sort of all domains and looked for domains that had the word “Trump” in them as a way to narrow down the number of domains they were looking at.

And then they wanted to find, well, which of that initial set of Trump domains, which of them are email servers associated with those domains. And the way they did that was to search for terms associated with email, like “mail” or other email-related terms to then narrow down their list of domains even further to be Trump-associated domains that were email servers.

Q. And did you opine on the soundness of that methodology? In other words, did you express a view as to whether this was a good way to go about this project?

A. We did not — I did not feel that that was the most expeditious way to go about identifying email servers associated with the domain.

Q. And why was that?

A. You can name an email server anything you want. It doesn’t have to have the words “mail” or “SMTP” in it. And so by — if you’re just searching for those terms, I would wager to guess you would miss an actual email server because there are other — there are other more technical ways that you can use — basically look-up tools, Internet look-up tools where you can say, for any domain, tell me the associated email server. That’s essentially like a registered email server. But the way that they were doing it was they were just looking for key terms, and I think that it just didn’t make sense to me why they would go about identifying email servers that way as opposed to just being able to look them up.

Q. Was there anything else about the methodology used here by the writer or writers of this paper that you found questionable or that you didn’t agree with?

A. I think just the overall assumptions that were being made about that the server itself was actually communicating at all. That was probably one of the biggest ones.

Q. And what, if anything, did you conclude about whether you believed the authors of the paper or author of the paper was fairly and neutrally conducting an analysis? Did you have an opinion either way?

MR. BERKOWITZ: Objection, Your Honor.

THE COURT: Basis?

MR. BERKOWITZ: Objection on foundation. He asked him his opinion. He’s not qualified as an expert for that.

THE COURT: I’ll overrule it.

A. Sorry, can you please repeat the question?

Q. Sure. Did you draw a conclusion one way or the other as to whether the authors of this paper seemed to be applying a sound methodology or whether, to the contrary, they were trying to reach a particular result? Did you —

A. Based upon the conclusions they drew and the assumptions that they made, I did not feel like they were objective in the conclusions that they came to.

Q. And any particular reasons or support for that?

A. Just the assumption you would have to make was so far reaching, it didn’t — it just didn’t make any sense.

That’s how, as his second witness, Andrew DeFilippis introduced the opinion of a guy who admitted he wasn’t an expert on DNS that DeFilippis had asked to serve as an expert even though DeFilippis should have known that he didn’t have the expertise to offer expert opinions like this.

If Sussmann is found guilty, I would bet a great deal of money this stunt will be one part of a several pronged appeal, because Judge Cooper permitted DeFilippis to do precisely what Cooper had prohibited him from doing before trial, and he let him do it with a guy who by his own admission is not a DNS expert.

Cyber Division reaches a conclusion without looking at the thumb drives

Now let’s look at what Hellman describes his own methodology to be.

First, it was quick. DeFilippis seems to think that serves his narrative, as if this stuff was so crappy that it took a mere glimpse to discredit it.

Q. Special Agent Hellman, how long would you say it took you and Special Agent Batty to write this up?

A. Inside of a day.

Q. Inside of a day, you said?

Berkowitz walked Hellman through the timeline of it, and boy was it quick. There’s some uncertainty about this timeline, because John Durham’s office doesn’t feel the need to make clear whether exhibits they’re turning over in discovery reflect UTC or ET. But I think I’ve laid it out below (Berkowitz got it wrong in cross-examination, which DeFilippis used to attack his analysis).

As you can see, not only were FBI’s crack cybersecurity agents making a final conclusion about the data within a day but — by all appearances — they did so before they had ever looked at the thumb drives included with the white papers. From the record, it’s actually not clear when — if!!! — they looked at the thumb drives. But it’s certain they had their analysis finalized no more than one working day after they admitted they hadn’t looked at the thumb drive, which was itself after they had already decided the white paper was shit.

Timeline

September 20, 10:20AM: Nate Batty tells Jordan Kelly they’ll come from Chantilly to DC get the thumb drives

September 20, 10:31AM: Jordan Kelly tells Batty the chain of custody is “Sussman to Strzock to Sporre”

September 20, 12:29PM: Hellman and Nate Batty accept custody of the thumb drives

September 20, 1:30PM: Hour drive back to Chantilly, VA

September 20, 4:44PM: Hellman appears to explain the process of picking up the thumb drives to jrsmith, claiming to have spoken to Baker on the phone. jrsmith jokes about “doctor[ing] a chain of evidence form.”

September 20, 4:58: Hellman says the more he reads the report “it feels a little 5150ish,” suggesting (as he explained to Berkowitz on cross) the authors suffered from a mental disability, and Hellman complains that “it contains an absurd quantity of data” to which Batty responded, the data seemed “inserted to overwhelm and confuse the reader.”

September 21, 8:47AM: Batty tells Hellman their supervisor wants them to “write a brief summary of what we think about the DNC report.” Batty continues by suggesting that “we should at least plug the thumb drives into Frank’s computer and look at the files…”

9/22, 9:44AM: Curtis Heide, in Chicago, asks Batty to send the contents of the thumb drive so counterintelligence agents can begin to look at the evidence. The boys in Cyber struggle to do so for a bit.

9/22, 2:49PM: Batty asks Hellman what he did with the blue thumb drive.

9/22, 4:46PM: Batty sends “analysis of Trump white paper” to others.

In other words, the cyber division spent less than 28 hours doing this analysis.

Yes. The analysis was quick.

Hellman says his analysis is valid because he looked at the data

The hastiness of the analysis and the fact that Hellman didn’t look at the thumb drive before making initial conclusions about the research is fairly problematic, because when he discussed his own methodology, he described the data driving everything.

Q. Now, what principally, from the materials, did you rely on to do your analysis?

A. So it was really two things. It was looking at the data, the technical data itself. There was a summary that it came with. And then also we were comparing what we saw in the data, sort of the story that the data told us, and then looking at the narrative that it came with and comparing our assessment of the data to the narrative.

[snip]

Q. And in connection with that analysis, did you also take a look at the data itself that was underlying this paper?

A. Yes

[snip]

Q. And if we look at that first page there, Agent Hellman, what kind of data is this?

A. It appears to be — as far as I can tell, it looks to be — it’s log data. So it’s a log that shows a date and a time, a domain, and an IP address. And, I mean, that’s — just looking at this log, there’s not too much more from that.

Q. And do you understand this to be at least a part of the DNS data that was contained on the thumb drives that I think you testified about earlier?

A. Yes.

[snip]

A. It would have mattered — well, I think on one hand it would not have mattered from the technical standpoint. If I’m looking at technical data, the data’s going to tell me whatever story the data’s going to tell me independent of where it comes from. So I still would have done the same technical analysis.

But knowing where the data comes from helps to tell me — it gives me context regarding how much I believe in the data, how authentic it is, do I believe it’s real, and do I trust it. [my emphasis]

He repeated this claim on cross with Berkowitz.

I just disagreed with the conclusions they came to and the analysis that they did based upon the data that came along with the white paper.

When Berkowitz asked him why counterintelligence opened an investigation when Cyber didn’t, Hellman suggested that the people in CD wouldn’t understand how to read the technical logs.

A. Um, I think they’d probably be looking at it from the same vantage point, but if you’re not — you don’t have experience looking at technical logs, you may not have the capability of doing a review of those logs. You might rely on somebody else to do it. And perhaps counterintelligence agents are going to be thinking about other investigative questions. So I guess it would probably be a combination of both.

“If I’m looking at technical data,” DeFilippis’ star cybersecurity agent explained, “the data’s going to tell me whatever story the data’s going to tell me.”

Except he didn’t look at the technical data, at least not the data on the thumb drives, before he reached his initial conclusion.

Hellman makes a claim unsupported by the data in his own analysis

I’ll leave it to people more expert than me to rip apart Hellman’s own analysis of the white paper Sussmann shared with the FBI. In early consultations, I’ve been told he misunderstood the methodology, misunderstood how researchers used Trump’s other domains to prove that just one had this anomaly (that is, as a way to test their hypothesis), and misstated the necessity of some long-term feedback loop for this anomaly to be sustained. Again, the experts will eventually explain the problems.

One part of his report that I know damns his methodology, however, is where he says the researchers,

Searched “…global nonpublic DNS activity…” (unclear how this was done) and discovered there are (4) primary IP addresses that have resolved to the name “mail1.trump-email.com”. Two of these belong to DNS servers at Russian Alfa Bank. [my emphasis]

This is the point where every single person I know who assessed these allegations who is at least marginally expert on DNS issues stopped and said, “global nonpublic DNS activity? There are only a handful of people that could be!” See, for example, this Robert Graham post written in response to the original Slate story, perhaps the most influential critique of the allegations, probably even on Durham. Every marginally expert person I know has, upon reading something like that, tried to figure out who would have that kind of visibility on the data, because that kind of visibility, by itself, would speak to their expertise. Those marginally expert people did not have the means to identify the possible sources of the data. But a lot of them — including the NYTimes!! — were able to find people who had that kind of visibility to better understand the anomaly. When Hellman read that, he simply said, “unclear how this was done” and moved on.

Still, Hellman did not contest (or possibly even test) the analysis that said there were really just four IP addresses conducting look-ups with the Trump marketing server. Dozens of people have continued to test that result in the years since, and while there have been adjustments to the general result, no one has disproven that the anomaly was strongest between Alfa Bank and Trump’s marketing domain.

Where Hellman’s insta-analysis really goes off the rails, however, is in his assertion that, “it appears that the presumed suspicious activity began approximately three weeks prior to the stated start date of the investigation conducted by the researcher.”

I’m not a DNS expert, but I’m pretty good at timelines, and by my read here are the key dates in the white paper.

May 4, 2016: Beginning date for look-up analysis

July 28, 2016: Lookup for hostnames yielding Trump

September 4, 2016: End date for look-up analysis

September 14, 2016: Updated search for look-ups covering June 17 through September 14

The start date reflected in this white paper is July 28, 2016. Three weeks before that would be July 7, 2016, a date that doesn’t appear in the white paper. The anomaly started 85 days before the start date reflected in this white paper (and the start date for the research began months earlier, but still over three weeks after the May 4 start date).

I don’t understand where he got that claim. But DeFilippis repeated it on the stand, as if it were reflected in the data, I guess believing it makes his star cybersecurity agent look good.

DeFilippis’ star cybersecurity agent has some credibility problems

There are a few more problems with the credibility of Hellman, DeFilippis’ star cybersecurity agent who is not a DNS expert. One of those is that he compared notes with his boss before first testifying.

Q: And you also spoke with Nate Batty around that time, Right?

A: Yes.

Q: Did you talk to him before the first interview to kind of get ready for it?

A: I think so, but I don’t remember.

Q: Is that something that you encourage witnesses to do, to talk to other witnesses to see if your recollections are consistent?

A: No.

In addition, notwithstanding that Batty was told that Sussmann was in the chain of control, Batty claimed to believe the source was “anonymous” and Hellmann claimed to believe it was sensitive–a human source. Even after comparing notes their stories didn’t match.

There are other problems with Hellman’s memory of the events, notably that in his first interview — the one he did shortly after comparing notes with Batty — he claimed that Baker had told him he was unable to identify the source of the data.

Q. And when you went to Mr. Baker’s office, do you remember what, if anything, was said during that discussion or during that interaction?

A. I remember being in the office, but I don’t distinctly recall what the conversation was. I do remember after the fact, though, that I was frustrated that I was not able to identify who had provided these thumb drives, this information to Mr. Baker. He was not willing to tell me.

At the very least, this presents a conflict with Baker’s testimony, but it’s also another testament to how variable memories can be four years, much less six years, after the fact.

Hellman also claimed, when asked on cross, that the first time he had ever seen the reference to a “DNC report” in September 21 Lync notes he received was two years ago, when he was first interviewed.

A: The first time I saw this was two years ago when I was being interviewed by Mr. DeFilippis, and I don’t recall ever seeing it. I never had any recollection of this information coming from DNC. I don’t remember DNC being a part of anything we read or discussed.

Q: Okay. When you say, the first time you saw it was two years ago when you met with Mr. DeFilippis, that’s not accurate. Right? You saw it on September 21st, 2016. Correct?

A: It’s in there. I don’t have any memory of seeing it.

And when Sean Berkowitz asked about Hellman the significance of seeing the reference to a “DNC report” first thing on September 21, he described that DeFilippis suggested to him that it was likely just a typo for DNS.

Q. What’s your explanation for it?

A. I have no recollection of seeing that link message. And there is — I have absolutely no belief that either me or Agent Batty knew where that data was coming from, let alone that it was coming from DNC. The only explanation that popped or was discussed was that it could have been a typo and somebody was trying to refer to DNS instead of DNC.

Q. So you think it was a typo?

A. I don’t know.

Q. When you said the only one suggesting it — isn’t it true that it was Mr. DeFilippis that suggested to you that it might have been a typo recently?

A. That’s correct.

When asked about a topic for which there was documentary evidence Hellman had seen in real time that he claimed not to remember, Andrew DeFilippis offered up an explanation that Hellman then offered on the stand.

On the stand, DeFilippis also tried to get Hellman to call a marketing server a spam server, though Hellman resisted.

Once you look closely, I don’t think Hellman’s testimony helps Durham all that much. What it proves, however, is that DeFilippis attempted to coach testimony.

One final thing. DeFilippis got his star cybersecurity agent to observe that the researchers didn’t include their name or other markers on their report, as if that’s a measure of unreliablity.

Q. Now, let me ask you, were you able to determine from any of these materials who had actually drafted the paper alleging the secret channel?

A. No.

Q. In other words, was it contained anywhere in the documents?

Here’s what Hellman’s own report looks like:

There’s a unit — ECOU1 — but the names of the individual agents appear nowhere in the report. The report is not dated. It does not specifically identify the white papers and thumb drives by control numbers, something key to evidentiary analysis.

It has none of the markers of regularity you’d expect from the FBI. Hellman’s own analysis doesn’t meet the standards that DeFilippis uses to measure reliability.

This long-time Grand Rapids resident is furious that Hellman judged there was no hack

Everything above I write as a journalist who has tried to understand this story for almost six years. Between that and 18 years of covering national security cases, I hope I now have sufficient familiarity with it to know there are real problems with Hellman’s analysis.

But let me speak as someone who lived in Grand Rapids for most of this period, and had friends who had to deal with the aftermath of Spectrum Health appearing at the center of a politically contentious story.

Hellman had, as he testified, two jobs. First, he was supposed to determine whether there were any cyber equities, then he was supposed to do some insta-analysis of the data without first looking at the thumb drives.

According to Hellman, there was no hack.

I was asked to perform two tasks in tandem with Special Agent Batty, and our tasks were, number one, to look at this data, look at the data and look at the narrative that it came with and identify were there any what’s known as cyber equities. And by that it was, was there any allegation of a hacking. That’s what cyber division does. We investigate hacking. So was there an allegation that somebody or some company or some computer had been hacked. That was first.

[snip]

As I mentioned, the first piece was we had to identify was there any real allegation of hacking; and there was not. That was our first task by our supervisor. There was not.

[snip]

The allegation was that someone purported to find a secret communication channel between the Trump organization and Russia. And so we identified first that, no, we didn’t think that there was any cyber equity, meaning that there was probably nothing more for cyber to investigate further, if there was no hacking crime.

Except here’s what the white paper says about Spectrum, that Grand Rapids business that was swept up in this story.

The Spectrum Health IP address is a TOR exit node used exclusively by Alfa Bank. ie.,  Alfa Bank communications enter a Tor node somewhere in the world and those communications exit, presumably untraceable, at Spectrum Health There is absolutely no reason why Spectrum would want a Tor exit node on its system. (Indeed, Spectrum Health would not want a TOR node on its system because, by its nature, you never know what will come out of a TOR node, including child pornography and other legal content.)

We discovered that Spectrum Health is the victim of a network intrusion. Therefore, Spectrum Health may not know it has a TOR exit node on its network. Alternatively, the DeVos family may have people at Spectrum who know there is a TOR node. i.e.,  could have been placed there with inside help.

When faced with some anomalous activity that seemed to tie into the weird DNS traffic, the experts suggested that maybe the Spectrum hack related to the DNS anomaly.

To be clear, this Tor allegation is the the weakest part of this white paper. You will hear about this to no end over the next week. It was technically wrong.

But the allegation in the white paper is that maybe a recent hack of Spectrum Health is why it had this anomalous traffic with Trump’s marketing server. There’s your hack!!

Had the people at FBI’s cybersecurity side actually treated this as a possible compromise, it might have addressed the part of this story that never made any sense. And we might not, now, six years later, be arguing about what might explain it.

Let me be clear: I do think the white paper overstated its conclusions. I don’t think secret communication is the most obvious explanation here.

But there are hacks and then there are hacks in the testimony of DeFilippis’ star cybersecurity agent.

Update: Corrected an attribution to Batty instead of Hellman.

Update: Fixed my own timeline.

Update: Added link to Robert Graham’s analysis.

Update: This may be where Hellman gets his erroneous three week claim. There were two histograms included with the report. One, the close-up, does start around July 7.

But the broader scope shows look-ups earlier, very actively in June, but with a few stray ones in May.

The government didn’t include the pages and pages of logs that Batty complained about in this exhibit. Had they, it would be clear to jurors that this claim is false.

Update: Correction on two points. First, I think I’ve finally got the Lync exchange above correct between Batty and Hellman. As noted, Hellman complains that “it contains an absurd quantity of data” to which Batty responded, the data seemed “inserted to overwhelm and confuse the reader.”

Second, I was wading through exhibits this morning and found the exhibit of 19 pages of logs. Here’s just a subset of them, including logs that go back to May 2016. Hellman didn’t look even at the printed page of log files closely enough to realize his claim about three weeks was wrong. These data weren’t intended to overwhelm the reader. They were there to show how the anomaly accelerated during the election.

Brittain Shaw’s Privileged Attempt to Misrepresent Eric Lichtblau’s Privilege

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs. If you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations for this coverage — which reflects the culmination of eight months work. 

In the first words of her opening argument in the Michael Sussmann case, Durham prosecutor Brittain Shaw argued that this case is all about Sussmann’s privilege, his purported ability to exploit high level ties at DOJ to seed what she claims would be a smear campaign against the guy who was, in fact, hiding secret communications with the Kremlin and soliciting hacks of his opponent.

The evidence will show that this is a case about privilege: the privilege of a well-connected D.C. lawyer with access to the highest levels of the FBI; the privilege of a lawyer who thought that he could lie to the FBI without consequences; the privilege of a lawyer who thought that for the powerful the normal rules didn’t apply, that he could use the FBI as a political tool.

The really painful irony of this case, though, is that Sussmann is being significantly hamstrung because of privilege, attorney-client privilege, because it is limiting his ability to present evidence about what really happened.

When Judge Christopher Cooper ruled that a subset of emails that had been protected under privilege were not, after all, he explained that, the documents, “do not strike the Court as being particularly revelatory.” Even so, Sussmann and Fusion can’t, ethically, simply offer up emails over which the Democrats are claiming privilege. There’s good reason to believe if they could, they could show that significant parts of Durham’s conspiracy theory have been based on imagining that Democrats were hiding the worst possible plotting behind privilege claims, when in fact the reality was much more mundane.

Take two exhibits from the trial as an example. Durham is making much of a September 15, 2016 email from Marc Elias to top people on the campaign. Its subject line was “Alfa article.” But it appears to be sharing an article about “testimony of an oil trader.” If Sussmann could share it, it might simply show that Elias had seen an article about corruption and seen some tie with the Alfa Bank allegations. He can’t, because Elias is the one who made that connection.

Meanwhile, two exhibits Sussmann introduced into evidence show Robby Mook — who is not a lawyer — sharing Sidney Blumenthal “intelligence” with him that the Trump campaign was freaking out because they had gotten advance word of a NYT article about Trump’s ties with Russia.

The Trump campaign is having “a major league freak-out,” according to a Republican source who has been reliable in the past. What is causing the Trump “freak-out” is anticipation of an investigative story to be published by the New York Times. The subject is described as “Russia” and “a disaster.” “That is completely the story of everything going on since Thursday,” insists the source. The Times story, says the source, accounts for Tramp’s extraordinarily defensive aggressive reactions–his declaration that he will sue the New York Times, his personal tweeting attack on Maureen Dowd as “wacky” and a neuSidney rotic dope,” (though the source says “that’s just him anyway”), his call for the assassination of HRC, and the campaign’s push to the media of the flat-out lie that I was behind birtherism in 2008. On Saturday night, Trump tweeted: “My lawyers want to sue the tailing @nytimes so badly for irresponsible intent. I said no (for now), but they are watching. Really disgusting.” Trump did not specify why the Times might be guilty of”irresponsible intent,” which in any case lacks any legal weight. Earlier on Saturday, he tweeted that the Times was “a laughingstock rag.” The atmosphere inside the campaign is described as chaotic, frenetic and “spontaneous.” Bannon and Bossie are said to be grasping at anything to throw back in order to distract from and fend off the coming story. Journalistic sources have independently said that reporters at the Times are working on a Tromp-Russia story.

It wouldn’t be a high profile political trial, I guess, if Sid Blumenthal didn’t make a showing. Note that Mike Flynn’s Mueller interviews show him responding to some Sid Blumenthal stuff in precisely this period, so it’t clear Sid was talking to Republicans.

Anyway, that part — Blumenthal sharing with Mook — was not privileged. And that part makes it clear that Elias was right to be concerned about Trump suing if the Hillary campaign made factual observations about his ties with Russia. It also may (though this is uncertain) back Sussmann’s understanding that Eric Lichtblau was close to publishing the Alfa story, so close that Trump’s moles at the NYT had alerted him to it. But whatever Mook said about it to Elias, the campaign’s lawyer guarding against lawsuits, is privileged, as whatever Elias said to Sussmann and the Fusion guys when he forwarded Mook’s comment would be.

Whatever was said may have influenced Sussmann’s decision to go to the FBI, though, as this was shortly before he texted Jim Baker and asked to meet.

In his testimony, Elias stated that he had not given Sussmann permission to go to the FBI with the Alfa Bank story. He doesn’t think he knew until shortly afterwards, though could have learned before (the Blumenthal story may serve to explain a call that Sussmann knows prosecutors plan to dramatically reveal).

You testified that you became aware that Mr. Sussmann went to the FBI. Correct?

A. Yes.

Q. And your testimony was that you think that you were told right after, although there’s a possibility it was right before?

A. Yes.

Q. Your best recollection is which of those?

A. Is after.

Q. Okay. Did you tell him to go to the FBI?

A. No.

Q. Did he seek your permission to go to the FBI?

A. No.

Q. Did you authorize him to go to the FBI?

A. No.

Q. Are you aware of anyone at the Clinton Campaign that authorized Mr. Sussmann to go to the FBI to share the possibility of The New York Times story?

A. Not that I’m aware of. No.

Q. Did you consent to his going to the FBI?

A. No, not that I remember. No.

Elias even explained what a colossally bad idea it would be for a candidate whose campaign had been badly damaged by Jim Comey to go to the FBI.

A. First of all, the FBI had in my view not been particularly helpful in investigating or doing anything to prevent the leaks of the emails. The exfiltration is one thing, you know, the stealing of the emails. But the publication of the emails, it was not just this one time. I mean, we were dealing with multiple publications of emails. And it was not just this one client.

And I think my sense was that the FBI was not for a variety of reasons going to do anything that was going to be — like stop bad things from happening, which would be one reason to go for the FBI.

The second, which is more unique to the Clinton Campaign, is that I think he was then the FBI director, but James Comey had taken public stances in around that time period that were in my view unfair and putting a thumb on the scale against Secretary Clinton.

So I’m not sure that I would have thought that the FBI was going to be — give a fair shake to anything that they viewed as anti-Trump or pro-Clinton.

And then the final thing is that if The New York Times was going to run this story, like that’s the goal. Right? The New York Times runs the story. If you get the FBI involved, any number of things could prevent that from happening. Right?

In the most extreme instance, the FBI can go to the publication and say: Please don’t. But the second is, the newspaper itself might then want to do further reporting on the FBI investigation and delay its story. Right?

So, like, even in a world in which, like, the FBI is being helpful — not being helpful; even in a world in which the FBI is doing stuff, the media may not run the story because they want to get the full picture because they view the FBI piece of it as an essential piece of the story.

It’s certainly possible that, given this advance warning of a Trump shit-storm, Sussmann decided it would be best to give FBI a head’s up. Sussmann, however, can’t ethically share the communications between Elias and him, even if it would help him. That’s how privilege works.

With that in mind, consider what Shaw said in Durham’s bid to keep Eric Lichtblau off the stand (this appears to have been filed two days after Judge Cooper ordered it, but one of the Durham lawyers has had a family emergency so they may have gotten an extension).

After explaining that prosecutors need to question Lichtblau about things the scope of which have been specifically excluded in the trial, a footnote claims that they won’t violate Judge Cooper’s rules about such things (they have, serially, during the trial).

The government should be permitted to cross-examine Lichtblau about any communications he had with other individuals, including, but not limited to, Fusion GPS personnel and computer researchers, regarding the alleged connections between the Trump Organization and Alfa bank. To the extent Sussmann, Fusion GPS, or others (including computer researchers) approached or communicated with Lichtblau concerning Alfa Bank or related matters, the government should be permitted to question Lichtblau about such exchanges, as they are relevant to the defendant’s communications with Lichtblau on these same issues and are probative of the defendant’s alleged actions on behalf of clients (Rodney Joffe and the Clinton Campaign). The government also intends to cross-examine Lichtblau on issues pertaining to the credibility and reliability of his testimony. 1

[snip]

If Fusion GPS (which was hired by the defendant’s firm on behalf of the Hillary for America Campaign) and other persons known to Joffe and/or Sussmann similarly supplied opposition research-type information to Lichtblau regarding the Trump Organization as a part of a coordinated effort, this would be relevant to demonstrate that Sussmann was not acting merely as a concerned citizen trying to help the FBI when he met with FBI General Counsel and that his contrary representations were false. Indeed, the Government is aware that Sussmann and Joffe did enlist and/or task one or more other computer researchers to communicate with the media (including Lichtblau) concerning these matters

1 The government will abide by the Court’s order of May 7, 2022 and, in accordance with that order, will not “put on extensive evidence” about the accuracy of the data provided by Sussmann or his clients to the FBI, Lichtblau, or others. See Op. & Order (“In Limine Order”) at 5, ECF No. 121. [my emphasis]

Here, Shaw states as fact that the computer research was opposition research. It was not.

I am 100% certain that if Lichtblau could testify about all the people he spoke with on this story, he could explain that many if not most of the people involved — as well as a bunch of other people, including at least one whom prosecutors have affirmatively claimed did not have a role in chasing down this anomaly — believed the anomaly was real and were motivated out of a genuine alarm about the Russian attack that year. Yes, the NYT found people who pushed back (more so after the FBI killed the story). But that’s what makes Lichtblau’s work reporting, not opposition research.

If Lichtblau is able to testify, he could also provide a key piece of important context to evidence the government has already presented. Yesterday, Jim Baker described how, starting on September 21, he reached out to Sussmann for the name of the reporter working on the story.

Baker provided Lichtblau’s name to Bill Priestap before noon on September 22. But Lichtblau didn’t meet with the FBI until Monday, September 26.

We know that in between, the FBI called Cendyn, leading them to alter their DNS address, and the NYT called a representative for Alfa Bank which later — NYT believed, at least — led Alfa to alter their DNS address. The NYT believed that there was a response from Alfa that indicated they were trying to hide this activity.

A key part of Durham’s claim is that NYT wasn’t close to publishing when Sussmann went to the FBI and that Sussmann was, instead, trying to provide urgency for the story. That doesn’t accord with my understanding and it doesn’t accord with what Dexter Filkins has written. Durham can keep telling it so long as Lichtblau doesn’t testify.

One thing that happened, though — in addition to initial contacts that would have alerted Lichtblau that the FBI didn’t want him to publish — was the response to those calls after Sussmann and Joffe decided to share Lichtblau’s name. There was new news that Lichtblau had to try to understand that created a new delay.

As with Sussmann, it would be nice for Lichtblau if he could describe all the efforts he made to verify the story. If he could, it would demonstrably undercut several of the claims Durham is making. He can’t, because he has separate confidentiality agreements with those other sources.

Shaw, who accuses Sussmann of being privileged, completely flips how privilege works on its head (including by mis-citing the David Tatel concurrence in the Judy Miller subpoena, which as I understand it would support Lichtblau making the call about the scope of his testimony). She ties it to a topic rather than a privileged relationship to accuse Lichtblau of trying to selectively pick which parts of the story he can tell.

The D.C. Circuit has “declined to adopt a selective waiver doctrine” in the context of attorney-client communications that “would allow a party voluntarily to produce documents covered by the attorney-client privilege to one party and yet assert the privilege as a bar to production to a different party.” United States v. Williams Companies, Inc., 562 F.3d 387, 394 (D.C. Cir. 2009). “The client cannot be permitted to pick and choose among his opponents, waiving the privilege for some and resurrecting the claim of confidentiality to obstruct others.” Permian Corp. v. United States, 665 F.2d 1214, 1221 (D.C. Cir. 1981). Privilege holders must instead “treat the confidentiality of attorney-client communications like jewels—if not crown jewels” because courts “will not distinguish between various degrees of ‘voluntariness’ in waivers of the attorney-client privilege.” In re Sealed Case, 877 F.2d 976, 980 (D.C. Cir. 1989).

This principle—which restricts a privilege of “ancient lineage and continuing importance,” In re Sealed Case, 877 F.2d at 980—necessarily governs the novel and qualified reporter’s privilege advanced in this case. Sussmann subpoenaed Lichtblau to appear as a witness and Lichtblau has not moved to quash. Lichtblau and defendant Sussmann cannot “tactical[ly] employ[]” the asserted privilege to pick and choose the topics that may be put to Lichtblau on the witness stand. Permian Corp., 665 F.2d at 1221. Privileges are not “tool[s] for selective disclosure.” Ibid

I get why someone in the grips of a fevered conspiracy theory would make this argument. Durham believes that everyone involved with the Alfa Bank story was part of the same malicious conspiracy targeting poor Donald Trump, even though DOJ has in its possession abundant proof that’s false. Yet even in this case, Cooper has distinguished between the privileged relationships that Joffe has with what the Democrats have, and he has also pointed to affirmative evidence that this wasn’t one big conspiracy.

But Shaw would have you believe that Lichtblau’s privilege obligations are tied to a project, a story, and not a bunch of individuals, many of whom he had existing relationships with well before this story.

A lawyer not in the grip of a fevered conspiracy theory, however, would understand that that kind of privilege doesn’t make you special, it creates an obligation, even if the obligation prevents you from using your profession from helping yourself.

John Durham’s Lies with Metadata

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs. If you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations for this coverage — which reflects the culmination of eight months work. 

I’d like to thank John Durham for showing us back in April how he was going to mislead the jury with metadata.

He appears to have done just that, yesterday, with several exhibits entered into evidence. And I fear that unless Durham’s lie is corrected, he will gravely mislead the jury.

As I pointed out in April, because of the email system at Fusion GPS, the first email in any thread they produced to Durham renders as UTC; the rest render as ET. So, for the emails on which one could check, the first email in every thread they released in April was four hours later than the time the email was actually sent.

Durham has revealed that his exhibit has irregularities in the emails pertaining to a key issue: whether Fusion sent out a link to April Lorenzen’s i2p site before Mark Hosenball sent it to them.

This shows up in the timestamps. In the exhibit, the lead email for each appearance appears to be set to UTC, whereas the sent emails included in any thread appear to be set to ET.

For example, in this screencap, the time shown for Mark Hosenball’s response to Peter Fritsch (the pink rectangle) is 1:35 PM, which is presumably Eastern Time.

In this screencap, the very same response appears to be sent at 5:36PM, which is presumably UTC.

Both instances of Peter Fritsch’s email (the green rectangle), “that memo is OTR–tho all open source,” show at 1:33PM, again, Eastern Time.

To be clear: this irregularity likely stems from Fusion’s email system, not DOJ’s. It appears that the email being provided itself is rendered in UTC, while all the underlying emails are rendered in the actual received time.

That means if you show someone only the first email in a thread, you will be misrepresenting what time that email was sent.

That’s what Durham did yesterday with a bunch of Fusion-produced emails he submitted during Laura Seago’s testimony, including (but not limited to):

Over and over, Andrew DeFilippis showed these to Laura Seago and asked her to state what date and time the emails were.

MR. DeFILIPPIS: Okay. And, Your Honor, if there’s no objection from the defense, we’ll offer Government’s Exhibit 612.

MR. BERKOWITZ: No objection.

THE COURT: So moved.

Q. Okay. So what is the date and time of this email?

A. October 5, 2016, at 5:23 p.m.

Q. And the “Subject” line?

A. “Re: so is this safe to look at” — excuse me — “so this is safe to look at.”

While these emails appear to have been produced to Durham at a later time (their Bates numbers from Fusion are about 3000 pages off some of the earlier ones), they’re from the same series and produced by the same custodian, so we should assume that the same anomaly that existed on the earlier ones exists here.

Seago hasn’t seen these emails for years and — because they were treated as privileged — she can only see the first email in a thread, even if there are replies in that thread (and there clearly are, in some of them). She had no way of knowing if she was looking at UTC time!

But Andrew DeFilippis surely does. Indeed, he’s prepping an attack on Sussmann for not understanding that Durham turned over Lync files from the FBI without making clear they, also, get produced in UTC. So he’s aware of which exhibits he has sent to Sussmann without clarifying the correct time. Yet over and over again, DeFilippis asked Seago what time these emails were sent, even though he likely knows (especially since these are files that are no longer privileged, so he has seen those that are threads) that he was deceiving her.

And the timing of these Fusion emails — and possibly some earlier ones exchanged with Rodney Joffe — almost certainly matter.

As I showed in my earlier post, because Durham didn’t fix the anomaly in these emails, they have created the false impression that an October 5 email from Mark Hosenball that shared public links to Tea Leaves’ files came in after Fusion sent it out to Eric Lichtblau. They appear to be prepping another deceit, this one conflating a link that Hosenball sent with one Seago found on Reddit.

Assuming the emails released yesterday share this same anomaly, here’s how the timeline would work out. I’ve bolded the ones that would be grossly misleading taken out of order.

5:23PM (could be 1:23?): Seago to Fritsch, Is this safe?

1:31PM: [not included] Fritsch to Hosenball email with Alfa Group overview

1:32PM: Fritsch sends Isikoff the September 1, 2016 Alfa Group overview (full report included in unsealed exhibit)

1:33PM [not included] Fritsch to Hosenball, “that memo is OTR — tho all open source”

1:35/1:36PM: Hosenball replies, “yep got it, but is that from you all or from the outside computer experts?”

1:37PM: Fritsch responds,

the DNS stuff? not us at all

outside computer experts

we did put up an alfa memo unrelated to all this

1:38PM: [not included] Hosenball to Fritsch:

is the alfa attachment you just sent me experts or yours ? also is there additional data posted by the experts ? all I have found is the summary I sent you and a chart… [my emphasis]

1:41PM: [not included] Fritsch to Hosenball:

alfa was something we did unrelated to this. i sent you what we have BUT it gives you a tutanota address to leave questions.  1. Leave questions at: [email protected]

1:41PM: [not included] Hosenball to Fritsch:

yes I have emailed tuta and they have responded but haven’t sent me any new links yet. but I am pressing. but have you downloaded more data from them ?

1:43PM: [not included] Fritsch to Hosenball, “no”

1:44PM: Fritsch to Lichtblau:

fyi found this published on web … and downloaded it. super interesting in context of our discussions

[mediafire link] [my emphasis]

2:23PM: [not included] Lichtblau to Fritsch, “thanks. where did this come from?”

2:27PM: [not included] Hosenball to Fritsch:

tuta sent me this guidance

[snip]

Since I am technically hopeless I have asked our techie person to try to get into this. But here is the raw info in case you get there first. Chrs mh

2:32PM: Fritsch to Lichtblau:

no idea. our tech maven says it was first posted via reddit. i see it has a tutanota contact — so someone anonymous and encrypted. so it’s either someone real who has real info or one of donald’s 400 pounders. the de vos stuff looks rank to me … weird

6:33PM (likely 2:33PM): Fwd Alfa Fritsch to Seago

6:57PM (like 2:57PM): Re alfa Seago to Fritsch

7:02PM (likely 3:02): Re alfa Seago to Fritsch

3:27PM: [not included] Fritsch to Hosenball cc Simpson: “All same stuff”

3:58PM: [not included] Hosenball to Fritsch, asking, “so the trumpies just sent me the explanation below; how do I get behind it?”

4:28PM: [not included] Fritsch to Hosenball, “not easily, alas”

4:32PM: Fritsch to Hosenball, cc Simpson:

Though first step is to send that explanation to the source who posted this stuff. I understand the trump explanations can be refuted.

 

 

What Durham will completely and utterly misrepresent if it doesn’t clarify this anomaly (and this is the second time they have declined to) is that Seago and Mark Hosenball both accessed different packages of the Tea Leaves materials, one of which then got sent out to Lichtblau. Between 2:33 and 2:57, Seago appears to have compared the files and told Fritsch, who then told Hosenball, that the packages were “all the same stuff.”