Posts

Andrew DeFilippis Had a Role in the Prosecution of Gal Luft’s Co-Conspirator-1

/20 Comments/in , , , /by

James Comer plans to rely on Gal Luft’s testimony in his efforts to gin up conspiracy theories against Joe Biden, even in spite of the indictment against Luft DOJ obtained before James Comer started pursuing his conspiracy theories.

Andrew DeFilippis handled the classified evidence in the Patrick Ho case

Because of that, I want to flag a detail about the Patrick Ho case, the case out of which this one arose.

Ho is the person described as Co-Conspirator-1 in the Luft indictment.

Ho was sentenced on March 25, 2019 for bribing Chadian and Ugandan officials; the former scheme started in a suite in Trump Tower in 2014.

Through a connection, HO was introduced to Cheikh Gadio, the former Minister of Foreign Affairs of Senegal, who had a personal relationship with President Déby. HO and Gadio met at CEFC China’s suite at Trump World Tower in midtown Manhattan, where HO enlisted Gadio to assist CEFC China in obtaining access to President Déby.

Days after Ho was sentenced, the two lead prosecutors on that case, Catherine Ghosh and Daniel Richenthal, flew to Brussels to meet with Luft. As alleged in the indictment, Luft lied to those prosecutors and four FBI agents about both the arms deals and Chinese influence peddling for which he has since been charged.

64. On or about March 28, 2019, in the Southern District of New York, Belgium, and elsewhere outside of the jurisdiction of any particular State or district of the United States, GAL LUFT, the defendant, who is expected to be first brought to and arrested in the Southern District of New York, a matter within the jurisdiction of the executive branch of the Government of the United States, knowingly and willfully made a materially false, fictitious, and fraudulent statement and representation, to wit, LUFT falsely stated during an interview at the United States Embassy in Brussels, Belgium with federal law enforcement officers and prosecutors, in connection with an investigation being conducted in the Southern District of New York, that LUFT had not sought to engage in or profit from arms deals, and instead merely had been asked by an Israeli friend who dealt in arms to check arms prices so that the friend could use this information in bidding on deals, a request that LUFT said he fulfilled by having CC-1 check prices with CC-2 and then relay this information to LUFT–when in fact LUFT had actively worked to broker numerous illegal arms deals for profit involving multiple different countries, both in concert with CC-1 and directly himself, including as described in paragraphs Forty-Four through Fifty-Three above.

[snip]

84. On or about March 29, 2019, in the Southern District of New York, Belgium, and elsewhere outside of the jurisdiction of any particular State or district of the United States, GAL LUFT, defendant, who is expected to be first brought to and arrested in the Southern District of New York, in a matter within the jurisdiction of the executive branch the Government of the United States, knowingly and willfully made a materially false, fictitious, and fraudulent statement and representation, to wit, LUFT falsely stated during an interview at the United States Embassy in Brussels, Belgium with federal law enforcement officers and prosecutors, in connection with an investigation being conducted in the Southern District of New York, that LUFT had tried to prevent CEFC China from doing an oil deal with Iran, that LUFT had been excluded from CEFC China meetings with Iranians, and that LUFT did not know of any CEFC China dealings with Iran while he was affiliated with the company–when in fact, including as described above in paragraphs Sixty-Six through Eighty, LUFT personally attended at least one meeting between CEFC China and Iranians and assisted in setting up additional such meetings for the purpose of arranging deals for Iranian oil, and also worked to find a buyer of Iranian oil while concealing its origin.

Starting in early 2018, DeFilippis handled the classified evidence on the Ho case — both CIPA and a FISA order. He would have spent a great deal of time reviewing what the spooks had obtained on Ho and his associates, undoubtedly including Luft.

Andrew DeFilippis investigated John Kerry for a year

DeFilippis’ efforts on the Ho case took place in parallel with his efforts to gin up a criminal investigation against John Kerry. Here’s how Geoffrey Berman described being ordered to do that by Main Justice.

On May 9, the day after the second Trump tweet, the co-chiefs of SDNY’s national security unit, Ferrara and Graff, had a meeting at Main Justice with the head of the unit that oversees counterintelligence cases at DOJ, which is under the National Security Division.

He said that Main Justice was referring an investigation to us that concerned Kerry’s Iran-related conduct. The conduct that had annoyed the president was now a priority of the Department of Justice. The focus was to be on potential violations of the Logan Act.

[snip]

From the outset, I was skeptical that there was a case to be made. I knew enough about the Logan Act to have strong doubts. Politicians from both sides of the aisle have talked about it from time to time, suggesting that some opponent is in violation of it. It never goes anywhere.

But I figured if they bring us a possible case, we’ll do our best. We’ll look into it. We brought a prosecutor from the national security unit, Andrew DeFilippis, into the investigation.

Trump, meanwhile, kept on tweeting. “John Kerry had illegal meetings with the very hostile Iranian Regime, which can only serve to undercut our great work to the detriment of the American people,” he wrote that September. “He told them to wait out the Trump Administration! Was he registered under the Foreign Agents Registration Act? BAD!”

DeFilippis’ efforts extended into 2019, overlapping with the trial of Ho and the interview with Luft. National Security prosecutors at Main Justice kept pressuring SDNY to advance the investigation into Kerry, but first, Berman had DeFilippis research whether the Logan Act would be chargeable even if Kerry had committed it.

The next step would have been to conduct an inquiry into Kerry’s electronic communications, what’s known as a 2703(d) order. That would have produced the header information—the to, from, date, and subject fields—but not the contents. I decided that before moving forward, it made sense to evaluate whether we would ever have a viable, appropriate charge that matched up with Kerry’s alleged conduct.

At the risk of stating the obvious, under our system of law, pissing off the president is not a chargeable offense. I asked DeFilippis to conduct additional legal research into the Logan Act and other potentially applicable theories. “Look, we’re talking about going to the next step here,” I said.

“But before we do any further investigation, I want to know what the law is on the Logan Act. Let’s say we gather additional documents—I want to know, how is that helping us?”

I wanted to answer the question, even if these things happened, was it a crime? Let’s cut to the chase and find that out, because we’ve got plenty of other work to do and I don’t want us to just be spinning our wheels on this.

For the next several months, DeFilippis conducted extensive research into the Logan Act as well as statutes relating to possible criminal ethics violations by former senior government employees.

On April 22, 2019, Trump tweeted, “Iran is being given VERY BAD advice by @JohnKerry and people who helped him lead the U.S. into the very bad Iran Nuclear Deal. Big violation of Logan Act?”

The tweet was in the morning. That afternoon, Ferrara got a call from Main Justice. He was told that David Burns, the principal deputy assistant attorney general for national security, wanted to know why we were delaying. Why had we not proceeded with a 2703(d) order—the look into Kerry’s electronic communications?

The next day, Burns spoke to Ferrara, Graff, and DeFilippis and repeatedly pressed them about why they had not submitted the 2703(d) order. The team responded that additional analysis needed to be done before pursuing the order.

SDNY decided not to pursue the case against Kerry in fall of 2019.

We spent roughly a year exploring whether there was any basis to further investigate Kerry. Memos were written, revised, and thoroughly discussed.

Our deep dive into the Logan Act confirmed why no one has ever been successfully prosecuted under it in the more than 220 years it has been on the books: the law is not useful. It definitely does not prohibit a former US secretary of state from talking to a foreign official. We did not find that Kerry violated any ethics statutes or any laws having to do with the improper handling of classified material.

In September 2019, DeFilippis advised the National Security Division at Main Justice that we would not be pursuing the case further. He had earlier attempted to tell the specific NSD attorney assigned to the case of our decision, but he couldn’t connect because that attorney was engaged in another matter: the Craig trial.

Sometime after that, DeFilippis became the lead prosecutor on the Durham team, leading the prosecution of Michael Sussmann.

Andrew DeFilippis oversaw the most abusive parts of the John Durham prosecution

Over the course of the Michael Sussmann prosecution, DeFilippis and his prosecution team:

As noted above, Geoffrey Berman boasted that the investigation into Kerry didn’t leak. Even ignoring the inexplicably perfect concert between Alfa Bank’s efforts and Durham’s, it’s not clear the same can be said about the Durham investigation.

And it’s not just that DeFilippis routinely tried to introduce evidence that served his narrative rather than matched the facts. It’s that DeFilippis repeatedly — most notably in the alleged complaint that researchers working on a DARPA project would attempt to identify which Russians were interfering in the US election — proved more sympathetic of Russian efforts to help get Trump elected than to conduct an ethical prosecution.

Last August, shortly before Durham confessed the utter humiliation of his team at the hand of Sergei Millian, DeFilippis withdrew from the Durham team with almost no notice, left DOJ, and returned — in a Special Counsel role, not as Partner — to Sullivan & Cromwell.

These are just data points. There is no reason, yet, to believe that DeFilippis continues to unethically gin up conspiracy theories against Democrats.

But they are data points I thought worth collecting in one place.

John Durham’s Blind Man’s Bluff on DNS Visibility

/17 Comments/in , , /by

On September 16, 2021, John Durham indicted Michael Sussmann on a single count of lying to the FBI, just days before the statute of limitations for that crime expired. Durham accused Sussmann of lying to hide that he had a client or clients on whose behalf he was sharing allegations about DNS anomalies involving Trump Organization and Alfa Bank.

Durham adopts the “DNC fabrication” theory from agents who badly screwed up the original investigation

As I laid out here, the indictment adopted the “DNC fabrication” theory, the “fabrication” part of which was initially espoused in a hasty review by FBI Cyber agents Nate Batty and Scott Hellman by September 21, 2016, just two days after Sussmann shared a white paper describing anomalies involving Alfa Bank.

Durham adopted that theory in spite of proof, in their own summary, that the FBI agents had not closely reviewed the DNS logs included with the allegations, if they ever reviewed them at all. Durham adopted that theory in spite of irregularities in the chain of custody surrounding the handling of a Blue Thumb Drive that reportedly included DNS logs that were never reviewed. Durham adopted that theory in spite of the fact that Batty’s own Lync messages materially conflicted with a claim he made to Durham two years earlier: Batty claimed he had been refused information about the role of Sussmann in the allegations, when in fact his Lync messages showed he had been informed about Sussmann’s role from the start. Durham adopted that theory in spite of the fact that FBI started debunking parts of the “fabrication” story within hours of Batty and Hellman proposing it. Durham adopted that theory in spite of the fact that FBI’s own overt steps (during a pre-election period) and Alfa Bank’s curious lack of DNS logs made pursuing the allegations impossible.

That indictment was an insanely reckless thing for John Durham to do, building as it did on the investigative failures of Batty and Hellman, not to mention Batty’s own materially inconsistent claim.

Several things made that indictment even more reckless.

Durham fails to take basic investigative steps before indicting

First, in spite of the fact that Durham had already been investigating for 28 months by that point — Durham had already been investigating for six months longer than the entire Mueller investigation — there were a whole bunch of obvious investigative steps he had not yet taken. Between the indictment and the May 2022 trial, Durham would do the following:

Durham also revealed two other interviews he only conducted after charging Sussmann: one with someone identified as Listrak Employee-1 and other unidentified personnel on October 27, 2021 and another with the CEO and CTO of Cendyn on November 17, 2021. As described, their interviews pertained exclusively to email, not DNS, and Durham doesn’t appear to have asked Cendyn about the contacts via its Metron messaging product done for some other client with Alfa Bank in the same time period, nor about the contact that did exist between Cendyn and the affected Spectrum IP address. It also doesn’t mention that Listrak reported no emails to Alfa Bank, one of the Bank’s evolving explanations for the anomalies, and any mail to Spectrum was sent elsewhere.

In his report, Durham makes no mention of whether he interviewed anyone at Spectrum Health or Alfa Bank, though a DC judge would observe that it was almost like the Sussmann indictment and an Alfa Bank lawsuit, “were written by the same people in some way.” There were large gaps involved with both entities in the original investigation and it’s not clear Durham made any effort to close them.

Durham accused the FBI of skipping investigative steps on Crossfire Hurricane that might have discovered exculpatory evidence, but none of that comes close to the many investigative steps he had not yet pursued in the 28 months he had already been investigating before indicting Sussmann.

Durham’s indictment of Sussmann piled his own investigative failures on top of those by Batty and Hellman.

Durham discovers his DNC fabrication theory involves real data

More problematic than Durham’s investigative incompetence, though, the Special Counsel charged Michael Sussmann on September 16, 2021, in spite of the fact that a month earlier, by mid-August, 2021, Durham’s team learned that the data Rodney Joffe and others used to conduct their research was absolutely real. The nature of how this came about remains obscure, but in addition to debunking the most simplistic “DNC fabrication” theories, the discovery made it impossible for Durham to continue to rely on the expert his team had been using. The discovery that the data that Batty and Hellman had dismissed in just one day was real should have led Durham to reconsider everything about his case.

Instead, Durham barreled forward with his indictment.

Durham invites the guy who screwed up the investigation to be his expert

Instead of reassessing his case, Durham responded to losing his expert by proposing that Hellman serve as the replacement, even though by Hellman’s own admission he only knows the basics about DNS.

DeFilippis. How familiar or unfamiliar are you with what is known as DNS or Domain Name System data?

A. I know the basics about DNS.

[snip]

Berkowitz. And then, more recently, you met with Mr. DeFilippis and I think Johnny Algor, who is also at the table there, who’s an Assistant U.S. Attorney. Correct?

A. Yes.

Q. They wanted to talk to you about whether you might be able to act as an expert in this case about DNS data?

A. Correct.

Q. You said, while you had some superficial knowledge, you didn’t necessarily feel qualified to be an expert in this case, correct, on DNS data?

A. On DNS data, that’s correct.

Hellman was one of just two people, aside from John Durham himself, who had a stake in sustaining the “DNC fabrication” theory he had floated before closely reviewing the evidence. That Durham even considered making him his expert is a testament that Durham was interested in protecting his “DNC fabrication” theory, not interested in expertise, much less what the actual evidence said.

Durham includes two expert reviews unmoored from any prosecutorial decision

And that’s why Durham’s inclusion of two expert reviews of the allegations Sussmann shared with the government is of interest:

  • 1671 FBI Cyber Technical Operations Unit, Trump/Alfa/Spectrum/Yota Observations and Assessment (undated; unpaginated).
  • 1635 FBI Cyber Division Cyber Technical Analysis Unit, Technical Analysis Report (April 20, 2022) (hereinafter “FBI Technical Analysis Report”) (SCO _ 094755)

With one exception, Durham describes those reviews in a 13-page section of his report that purports to be about the ongoing efforts by Rodney Joffe and others to chase down the Alfa Bank anomalies and some unusual traffic probably reflecting the presence of Yota Phones in the US. The section itself has no place in a prosecutorial memo, because the only interaction with the government described in that section involved a Georgia Tech researcher refusing HPSCI’s request to help chase down these allegations. The rest involves Joffe continuing to chase this issue with his own data, which insofar as it demonstrates Joffe’s sustained concern about this, independent of any election, undermines pretty much all of Durham’s conspiracy theories. The declination decision regarding fraud — which Andrew DeFilippis used to claim that Joffe was still a subject of the investigation more than five years after the events in question, thereby keeping him off the stand in Sussmann’s trial — didn’t even mention Joffe.

But the description of these reviews in this section really doesn’t have a place where Durham put it, because along with the Cendyn and Listrak interviews, one of the reviews appears to have been last minute prep for the Sussmann trial and the other played a key role in an affirmatively misleading court filing that led Trump to make death threats against Sussmann.

These reviews in Durham’s report supported his last-ditch effort to cement the belief that Hillary framed Donald Trump. They’re here to prove, once and for all, that Sussmann was wrong.

Here’s how Durham introduces his efforts to redo the work Batty and Hellman and others botched so many years ago:

This subsection first describes what our investigation found with respect to the allegation that there was a covert communications channel between the Trump Organization and Alfa Bank. It includes the information we obtained from interviews of Listrak and Cendyn employees. It then turns to the allegation that there was an unusual Russian phone operating on the Trump Organization networks and in the Executive Office of the President. We tasked subject matter experts from the FBI’s Cyber Technical Analysis and Operations Section to evaluate both of these allegations.

But as with so much else in this report, they don’t do what they claim to. Durham ensured his experts sustained the blindness that Batty and Hellman willfully adopted so many years ago to avoid concluding that the allegations might be real.

As I noted here, the two reviews purport to review the Alfa Bank allegations — shared with both the FBI and (in updated form) the CIA — and the YotaPhone allegations shared with the CIA. In one place, Durham claims “the same FBI experts” did both reviews, though he attributes them to different groups. But that’s important because if they are the same experts, then they should know of both reviews.

Durham incites death threats because Joffe investigated Barack Obama

The YotaPhone review must have been done first because, as I noted above and show below, the analysis matches claims Durham made in a filing purporting to raise conflicts but mostly airing allegations for which the statute of limitations had just expired. Here’s how Durham describes the allegations in the report:

Specifically, Sussmann provided the CIA with an updated version of the Alfa Bank allegations and a new set of allegations that supposedly demonstrated that Trump or his associates were using, in the vicinity of the White House and other locations, one or more telephones from the Russian mobile telephone provider Yotaphone. The Office’s investigation revealed that these additional allegations relied, in part, on the DNS traffic data that Joffe and others had assembled pertaining to the Trump Tower, Trump’s New York City apartment building, the EOP,1558 and Spectrum Health. Sussmann provided data to the CIA that he said reflected suspicious DNS lookups by these entities of domains affiliated with Yotaphone.1559 Sussmann further stated that these lookups demonstrated that Trump or his associates were using a Yotaphone in the vicinity of the White House and other locations.1560

Durham’s description of these allegations relies on redacted sections of two trial exhibits (but not a related one that shows Sussmann was not hiding having a client). Because the section of these trial exhibits was redacted, it’s not clear whether Durham is representing how these CIA witnesses described Sussmann’s claims fairly. That’s important because — as we’ll see — Durham misrepresents the YotaPhone white paper.

As Durham described, Sussmann provided four documents and 6 data files to the CIA.

During the meeting, Sussmann provided two thumb drives and four paper documents that, according to Sussmann, supported the allegations. 1564

1564 The titles of the four documents were: (i) “Network Analysis of Yota-Related Resolution Events”; (ii) ·’YotaPhone CSV File Collected on December 11th, 2016″; (iii) “Summary of Trump Network Communications”; and (iv) “ONINT [sic] on Trump Network Communications.” The two thumb drives contained six Comma Separated Value (“.CSV”) files containing IP addresses, domain names and date/time stamps.

Unlike the Red and Blue Thumb Drive, Durham makes clear that his experts actually examined these thumb drives.

Here are three of the documents:

I understand the csv files include:

  • yota-eop
  • yota-cpwest
  • yota-spectrum
  • yota-trumporg
  • sipper
  • 2016-05-04_2017-01-15_Trump_server.csv

I’ll say more about them below.

Durham’s description of the analysis, titled, “Trump/Alfa/Spectrum/Yota Observations and Assessment,” generally obscures whether it is rebutting a claim (redacted in the trial exhibits) made by Sussmann (“the presentation”) or included in the white paper and data (“the above-quoted white papers about the Yotaphone allegations” and “Yotaphone-related materials”) provided, and he doesn’t repeat or address the Alfa Bank side of these observations (which have no tie to the YotaPhone claims).

But the technical analysis does not, at all, debunk the YotaPhone observations.

The FBI DNS experts with whom we worked also identified certain data and information that cast doubt upon several assertions, inferences, and allegations contained in (i) the above-quoted white papers about the Yotaphone allegations, and (ii) the presentation and Yotaphone-related materials that Sussmann provided to the CIA in 2017. In particular:

  • Data files obtained from Tech Company-2, a cyber-security research company, as part of the Office’s investigation reflect DNS queries run by Tech Company-2 personnel in 2016, 2017, or later reflect that Yotaphone lookups were far from rare in the United States, and were not unique to, or disproportionately prevalent on, Trump-related networks. Particularly, within the data produced by Tech Company-2, queries from the United States IP addresses accounted for approximately 46% of all yota.ru queries. Queries from Russia accounted for 20%, and queries from Trump-associated IP addresses accounted for less than 0.01 %.
  • Data files obtained from Tech Company-1, Tech Company-2, and University-1 reflect that Yotaphone-related lookups involving IP addresses assigned to the EOP began long before November or December 2016 and therefore seriously undermine the inference set forth in the white paper that such lookups likely reflected the presence of a Trump transition-team member who was using a Yotaphone in the EOP. In particular, this data reflects that approximately 371 such lookups involving Yotaphone domains and EOP IP addresses occurred prior to the 2016 election and, in at least one instance, as early as October 24, 2014. [bold and italics mine]

Compare that to the supposed debunking from the gratuitous conflicts filing that led to death threats.

The Indictment further details that on February 9, 2017, the defendant provided an updated set of allegations – including the Russian Bank-1 data and additional allegations relating to Trump – to a second agency of the U.S. government (“Agency-2”). The Government’s evidence at trial will establish that these additional allegations relied, in part, on the purported DNS traffic that Tech Executive-1 and others had assembled pertaining to Trump Tower, Donald Trump’s New York City apartment building, the EOP, and the aforementioned healthcare provider. In his meeting with Agency-2, the defendant provided data which he claimed reflected purportedly suspicious DNS lookups by these entities of internet protocol (“IP”) addresses affiliated with a Russian mobile phone provider (“Russian Phone Provider-1”). The defendant further claimed that these lookups demonstrated that Trump and/or his associates were using supposedly rare, Russian-made wireless phones in the vicinity of the White House and other locations. The Special Counsel’s Office has identified no support for these allegations. Indeed, more complete DNS data that the Special Counsel’s Office obtained from a company that assisted Tech Executive-1 in assembling these allegations reflects that such DNS lookups were far from rare in the United States. For example, the more complete data that Tech Executive-1 and his associates gathered – but did not provide to Agency-2 – reflected that between approximately 2014 and 2017, there were a total of more than 3 million lookups of Russian Phone-Provider-1 IP addresses that originated with U.S.-based IP addresses. Fewer than 1,000 of these lookups originated with IP addresses affiliated with Trump Tower. In addition, the more complete data assembled by Tech Executive-1 and his associates reflected that DNS lookups involving the EOP and Russian Phone Provider-1 began at least as early 2014 (i.e., during the Obama administration and years before Trump took office) – another fact which the allegations omitted. [bold mine]

The bolded narrative shows these are the same report. If 3 million is 46% of the total of around 6.521 million lookups globally, then 1,000 Trump-related queries would be .01% of the global total.

But it is an innumerate stat. I’m not the FBI, and definitely not a top FBI cyber expert. But even my humble little blog occasionally relies on William Ockham to explain things that should be bloody obvious to the Federal government, such as that 3 million DNS requests amount to one family’s worth of use.

Contra Durham, 3 million DNS requests for a related IP addresses over a four-year period means these requests are very rare.

For comparison purposes, my best estimate is that my family (7 users, 14 devices) generated roughly 2.9 million DNS requests just from checking our email during the same time frame. That’s not even counting DNS requests for normal web browsing.

If you’re going to make a federal case out of this, at least make some attempt to understand the topic.

Durham and his hand-picked experts in the FBI suggest that because, among the very rare number of global requests, almost half appear in the US, it means they aren’t rare. From that, Durham and his experts argue that the fact that Trump’s properties (and Spectrum and the Executive Office of the President) are part of this tiny club is not cause for concern.

They’re doing so even though among the domains included in the CSV tables is wimax-client-yota-ru, which shows up in Wordfence’s IOC lists for the GRU attack on the election. Durham and his FBI experts are arguing that it is not alarming that there would be several look-ups to such a domain in October 2016 from the Executive Office of the President, periodical look-ups to that domain from Trump Organization starting in August 2016, and persistent such look-ups from the suspect Spectrum IP address starting in November 2016.

And about those EOP look-ups. Durham claims, in the italicized language above, that there is an, “inference set forth in the white paper that such lookups likely reflected the presence of a Trump transition-team member who was using a Yotaphone in the EOP.” Sussmann may have said that. But it’s not in the white paper. In fact, there’s just one reference to the EOP in the white paper at all, and it’s not included in the speculative paragraph that there may be a tie between the Spectrum traffic and the Trump traffic.

Network traffic analysis strongly suggests communications between Russian networks and Trump Tower, associated Trump properties, with artifacts also present at EOP. Spectrum Health resolver IP 167.73.110.8 in Grand Rapids MI is also observed making similar queries.

The traffic data indicates: (a) There are Russian-made cellular devices on these networks, seldom seen elsewhere in the US; and (b) these networks appear to be at- tempting SIP-connections to Russian networks which very few IPs globally are seen trying to resolve.

It is possible that one or more devices is at times travelling between locations as there are sometimes gaps possibly correlated to newsworthy events such as New York NY to Grand Rapids MI, lifting of some sanctions on Russia, and the disappearance of the queries from New York in mid December and from Grand Rapids MI in mid January 2017.

In other words, as he did when he invented an allegation against Hillary that the Russians didn’t even make, he’s inventing an inference here, the kinds of inferences he tried to criminalize when Joffe did them. Further, he suggests that Sussmann and Joffe didn’t reveal that the lookups started before the election, even though the CSV data included shows lookups starting on October 2, 2016, which last I checked was before the election.

Durham, who admits in his report that these lookups inexplicably ended before Inauguration, nevertheless falsely insinuated in a court filing that Sussmann and Joffe had based their claims on lookups that post-date Trump’s inauguration. Durham is debunking Durham now! And that false claim from Durham led Trump to suggest that because Joffe found an IOC associated with the people who hacked the election within EOP, Sussmann should be put to death.

That’s one reason that it matters that this technical review is undated. Obviously, it’s crazy enough that an undated unpaginated report would show up in a report like this (I suspect it is intended to make the document hard to find).

But because it is undated and — it appears — Sussmann never got it, Durham doesn’t have to admit that he has included it in his report even after Sussmann pointed out that Durham’s inflammatory claims relied on getting the dates wrong himself.

For example, although the Special Counsel implies that in Mr. Sussmann’s February 9, 2017 meeting, he provided Agency-2 with EOP data from after Mr. Trump took office, the Special Counsel is well aware that the data provided to Agency-2 pertained only to the period of time before Mr. Trump took office, when Barack Obama was President.

After Sussmann and Joffe proved he was wrong, Durham dropped these claims. But then he resuscitated them for his report.

Durham blinds his expert so he can’t see any visibility

The second expert review Durham relied on, “FBI Cyber Division Cyber Technical Analysis Unit, Technical Analysis Report,” does have a date — April 20, 2022 — along with a Bates stamp showing that it was shared with Sussmann. The Cyber Technical Analysis Unit that wrote it is headed by David Martin, the guy who ultimately served as Durham’s expert witness at trial. After months of stalling, Durham first informed Sussmann that he would have an expert and Martin would be that expert on March 30, 2022, just weeks before trial.

Given that the Technical Analysis is dated three weeks after that, it seems exceedingly likely the Technical Analysis was a report done in preparation for Martin’s testimony.

As I noted in this post, this Technical Analysis focuses exclusively on the white paper Sussmann shared on September 19, 2016.

The citations to the Technical Analysis document in footnotes references just 13 pages of material, two pages of which is likely front matter, and one page describing the tasking Durham gave them.

Aside from the four pages of material that Durham doesn’t mention, there are really just two topics: addressing whether or not the Spectrum Health IP address was a Tor node, and using the answers obtained from Listrak (and possibly a broader set of logs than Alison Sands had available in 2016) to make an argument about the kind of visibility one needs to learn anything from DNS records.

These topics generally track Martin’s testimony as well (though Sussmann had opposed Martin’s comments on visibility, and given that it doesn’t appear in Martin’s Powerpoint from the trial, I’m not sure he was supposed to discuss it).

Now, Durham loves this technical analysis on Tor. He cited it first when he described how April Lorenzen was trying to figure out what the Spectrum IP address was in August 2016, and then quotes it again 30 pages later in his general technical discussion. The second time, he added an apostrophe-s which might be misread by the dim-witted people who are the audience of this propaganda to suggest that disproving that the Spectrum IP was a Tor node disproves the rest of the white paper, which it does not.

The FBI experts advised that historical TOR exit node data conclusively disproves this white paper allegation in its entirety and furthermore the construction of the TOR network makes the described arrangement impossible.

[snip]

The FBI experts who examined this issue for us stated that historical TOR exit node data conclusively disproves this white paper’s allegation in its entirety.

It’s really weird that Durham loves this analysis, because it would suggest that he didn’t learn that the Spectrum Health IP was not a Tor node until just weeks before trial — though that same judgement, that it was not a Tor node, is one of the main things the FBI got right when they first investigated this in 2016. There is almost nothing cited from this report that newbie counterintelligence agent Alison Sands hadn’t already laid out by October 5, 2016.

Durham’s fondness for this Tor node analysis is all the more hilarious because Durham tasked this expert review after the review of the files Sussmann shared with the CIA in February 2017. And neither of the files about the Alfa Bank anomaly that Sussmann turned over in 2017 (one, two) mention the Tor node. Researchers actually realized this was not a Tor node around the same time Sussmann originally shared the files. It was long gone, Durham knew it, yet that’s still the primary thing he relies on to claim he has debunked the allegations.

So Durham’s primary debunking of the white paper doesn’t address, at all, what was in the later documents. In fact, that was one effect of tasking the Cyber Technical Analysis Unit with reviewing just the stuff on the Red Thumb Drive: it gave some of FBI’s top experts a really easy way to debunk (part of) the white paper, albeit the only part that was entirely debunked in 2016.

It’s like congratulating yourself because the FBI’s top cyber experts managed to play tiddlywinks as well as a newbie counterintelligence agent did six years earlier during a rush investigation.

The second area of this technical review Durham cites that is still more telling. It purports to rely on information learned in Listrak email (not DNS) records to (effectively)  accuse Joffe and the others of cherrypicking the data.

In addition to investigating the actual ownership and control of the IP address, the Office tasked FBI cyber experts with analyzing the technical claims made in the white paper. 1650 This endeavor included their examination of the list of email addresses and send times for all emails sent from the Listrak email server from May through September 2016, which is the time period the white paper purportedly examined. 1651 The FBI experts also conducted a review of the historical TOR exit node data. 1652

The technical analysis done by the FBI experts revealed that the data provided by Sussmann to the FBI and used to support Joffe and the cyber researchers’ claim that a ‘”very unusual distribution of source IP addresses” was making queries for mail l.trump-email.com was incomplete. 1653 Specifically, the FBI experts determined that there had been a substantial amount of email traffic from the IP address that resulted in a significantly larger volume of DNS queries for the mail 1.trump-email.com domain than what Joffe, University-1 Researcher-2 and the cyber researchers reported in the white paper or included on the thumb drives accompanying it. 1654 The FBI experts reviewed all of the outbound email transmissions, including address and send time for all emails sent from the Listrak server from May through September 2016, and determined that there had been a total of 134,142 email messages sent between May and August 2016, with the majority sent on May 24 and June 23. 1655 The recipients included a wide range of commercial email services, including Google and Yahoo, as well as corporate email accounts for multiple corporations. 1656

Similarly, the FBI experts told us that the collection of passive DNS data used to support the claims made in the white paper was also significantly incomplete. 1657 They explained that, given the documented email transmissions from IP address 66.216.133.29 during the covered period, the representative sampling of passive DNS would have necessarily included a much larger volume and distribution of queries from source IP addresses across the internet. In light of this fact, they stated that the passive DNS data that Joffe and his cyber researchers compiled and that Sussmann passed onto the FBI was significantly incomplete, as it included no A-record (hostname to IP address) resolutions corresponding to the outgoing messages from the IP address. 1658 Without further information from those who compiled the white paper data, 1659 the FBI experts stated that it is impossible to determine whether the absence of additional A record resolutions is due to the visibility afforded by the passive DNS operator, the result of the specific queries that the compiling analyst used to query the dataset, or intentional filtering applied by the analyst after retrieval. 1660

1653 Our experts noted that the assertion of the white paper is not only that Alfa Bank and Spectrum Health servers had resolved, or looked up, the domain [mail-1.trump-email.com] during a period from May through September of 2016, but that their resolutions accounted for the vast majority of lookups for this domain. FBI Technical Analysis Report at 6.

1654 The USB drive that Sussman [sic] provided to the FBI on September 19, 2016, which was proffered as data supporting the claims in the white paper, contained 851 records of DNS resolutions for domains ending in trump-email.com. FBI Technical Analysis Report at 7.

I’ll leave it to William Ockham — who apparently is smarter than the entire FBI — to explain that by looking for emails sent out from an IP rather than DNS for a domain, the FBI was basically searching for all packages from one post office rather than stamps from one house that uses that post office (I’m still working on this analogy, but it’s a start). Plus, at least in real time, the newbie counterintelligence agent who figured out the Tor node information Durham claims to have only learned six years later, Alison Sands, kept complaining that Listrak didn’t provide the network logs they needed.

But as I pointed out here, not only does the FBI change its mind mid-sentence whether there was one thumb drive or two — a problem that has plagued FBI’s Cyber division for six years, apparently –but FBI doesn’t even claim to be looking at all the data that was submitted at trial. FBI’s experts only reviewed the exact same file that Scott Hellman emphasized was a portion of the data submitted; they didn’t review the larger set. They complain they only have 851 lines of data because they’re not reviewing the larger file, much less any csv records turned over on the Blue Thumb Drive, not because the logs didn’t exist.

Remember: these are supposed to be the same people who already reviewed the CIA material by February. And the equivalent of the white paper in those materials has a passage that addresses precisely the visibility of which FBI claims to be ignorant. And the Trump/Alfa csvs included on one of those thumb drives — 2016-05-04_2017-01-15_Trump_server — not only includes almost 25,000 lines of data, but it also shows the collection points. The FBI had a way, in hand, to get that visibility, but Durham told them to look away.

The only thing the FBI’s top experts offer to debunk, other than the Tor node claim that the FBI knew the researchers had dropped, was a complaint about visibility. But their complaints about visibility were entirely manufactured by the scope of the review Durham requested and possibly by the curious status of the Blue Thumb Drive, as well as (if Durham is telling the truth about these being the same experts) willful forgetting of a review they had done on related issues less than a year earlier.

Durham created this blindness. By ensuring all the experts remain blind to visibility, Durham ensured the review would conclude that the researchers didn’t have the visibility that, the FBI knew well, they had.

As I have described, way back in October 2016 — just days after Batty and Hellman did — I too thought that this was a set-up.

But I said that because (as I also noted) no one had seen the evidence. The FBI had the opportunity to look, but instead has spent the last six years deliberately blinding themselves so they can continue to claim it was a set-up.

Update: From pre-trial motions, here are two of the CIA summaries in which Sussmann’s claims about the YotaPhone allegations remain unredacted (one, two). They do tie the presence of the YotaPhone in EOP to Trump. But they also make it clear that the phone couldn’t have been Trump, because it didn’t always move with him, meaning these could easily have been (and still could be) someone attempting to compromise Trump.

Alfa Bank and Yotaphone Allegations

1.Factual background

a. Introduction

b. Sussmann’s attorney-client relationship with the Clinton campaign and Joffe

c. The Alfa Bank allegations

i. Actions by Sussmann, Perkins Coie, and Joffe to promote the allegation

ii. Actions by April Lorenzen and others and additional actions by Joffe

iii. Sussmann’s meeting with the FBI

d. The FBI’s Alfa Bank investigation

i. The Cyber Division’s review of the Alfa Bank allegations

ii. The opening of the FBI’s investigation

e. Actions by Fusion GPS to promote the Alfa Bank allegations

f. Actions by the Clinton campaign to promote the Alfa Bank allegations

g. Sussmann’s meeting with the CIA

h. Sussmann’s Congressional testimony

i. Perkins Coie’s statements to the media

j. Providing the Alfa Bank and Yotaphone allegations to Congress

k. Joffe’s company’s connections to the DNC and the Clinton campaign

l. Other post-election efforts to continue researching and disseminating the Alfa Bank and Yotaphone allegations

i. Continued efforts through Joffe-affiliated companies

ii. Efforts by Dan Jones and others

iii. Meetings by DARPA and Georgia Tech

iv. The relevant Trump Organization email domains and Yotaphone data

2. Prosecution decisions

FBI Cyber Division’s Enduring Blue Pill Mystery

/23 Comments/in , , /by

I’m writing a post on the technical analysis John Durham included in his report purporting to debunk the white papers submitted via Michael Sussmann to, first, the FBI and, then, the CIA. But first I’m going to do something even more tedious: Try to track down FBI’s persistent blue pill problem — or rather, the FBI’s apparent failure to ever analyze one of two thumb drives Sussmann shared with Jim Baker in September 2016, the Blue one.

Last year, before Sussmann’s trial, Durham had FBI’s top technical people review what he claimed were the data Sussmann had shared. He cited those reports in his own report, claiming they debunk the white papers.

Here’s how they are described in footnotes.

  • 1635 FBI Cyber Division Cyber Technical Analysis Unit, Technical Analysis Report (April 20, 2022) (hereinafter “FBI Technical Analysis Report”) (SCO _ 094755)
  • 1671 FBI Cyber Technical Operations Unit, Trump/Alfa/Spectrum/Yota Observations and Assessment (undated; unpaginated).

Not only doesn’t the YotaPhone report have a date, but it doesn’t have a Bates stamp reflecting that it was shared with Sussmann. I’ll get into why that is interesting in my follow-up post.

Below is a summary of the materials Sussmann provided to both agencies. By description, the Technical Analysis Report only reviews the white paper and the smaller of two sets of text DNS logs included on the Red Thumb Drive. By description the Trump/Alfa/Spectrum/Yota Observations only review the Yota White Paper.

The data FBI’s technical people reviewed appear to be restricted to what is marked in blue.

They did review the actual thumb drives turned over to the CIA, because they found hidden data on one; there’s no indication they reviewed the thumb drives provided to the FBI.

In fact, it’s impossible that they reviewed the data included on the second thumb drive Sussmann shared, the Blue one.

That’s because the FBI analysis claims Sussmann only provided 851 resolutions, which is the 19-page collection of text files included on the Red Thumb Drive, not even the larger set.

Similarly, the FBI experts told us that the collection of passive DNS data used to support the claims made in the white paper was also significantly incomplete. 1657 They explained that, given the documented email transmissions from IP address 66.216.133.29 during the covered period, the representative sampling of passive DNS would have necessarily included a much larger volume and distribution of queries from source IP addresses across the internet. In light of this fact, they stated that the passive DNS data that Joffe and his cyber researchers compiled and that Sussmann passed onto the FBI was significantly incomplete, as it included no A-record (hostname to IP address) resolutions corresponding to the outgoing messages from the IP address. 1658 Without further information from those who compiled the white paper data, 1659 the FBI experts stated that it is impossible to determine whether the absence of additional A record resolutions is due to the visibility afforded by the passive DNS operator, the result of the specific queries that the compiling analyst used to query the dataset, or intentional filtering applied by the analyst after retrieval. 1660

1659 The data used for the white paper came from Joffe’s companies Packet Forensics and Tech Company-I. As noted above, Joffe declined to be interviewed by the Office, as did Tech Company-2 Executive-I. The 851 records of resolutions on the USB drive were an exact match for a file of resolutions sent from University-I Researcher-2 to University-I Researcher- I on July 29, 2016, which was referred to as “[first name of Tech Company-2 Executive-l]’s data.” Id. at 7.

1660 Id. [bold]

There’s no way they would have come to this conclusion if they had seen the Blue Thumb Drive, which had millions of logs on it.

In fact, it appears that the FBI never did review that Blue Thumb Drive when they were investigating the Alfa Bank anomaly.

They didn’t do so, it appears, because the Cyber Division Agents who first reviewed the allegations, Nate Batty and Scott Hellman, misplaced the Blue Thumb Drive for weeks.

That may not have been an accident.

Batty and Hellman’s initial review, which they completed in just over a day, was riddled with errors (as I laid out during the trial). Importantly, they could not have reviewed most of the DNS logs before writing their report, because they claimed, “the presumed suspicious activity began approximately three weeks prior to the stated start [July 28] of the investigation conducted by the researcher.”

Even the smaller set of log files included on the Red Thumb Drive showed the anomaly went back to May. A histograph included in the white paper shows the anomaly accelerating in June.

Had anyone ever reviewed the full dataset, the shoddiness of their initial analysis would have been even more clear.

Here’s how the FBI managed to conduct an investigation on two thumb drives without, it appears, ever looking at the second one.

As the chain of custody submitted at trial shows, Jim Baker accepted the thumb drives, then handed them off to Peter Strzok, who then handed them off to Acting Assistant Director of Cyber Eric Sporre, who at first put the thumb drives in his safe, then handed them over to Nate Batty.

Within hours (these logs are UTC), Batty and Hellman started mocking the white paper but also complaining about the “absurd quantity of data.”

Hellman, at least, admitted at trial that he only knows the basics about DNS.

The next day, Batty told Hellman that their supervisor wanted them to write a “brief summary” of what he calls “the DNC report.” Batty appears to have known of Sussmann from other cases and he was informed that Sussmann was in the chain of custody.

In spite of the clear record showing Batty was informed who provided the thumb drives, in 2019, he told Durham that he and Hellman — whose analysis was so shitty — had considered filing a whistleblower complaint because they weren’t told what the documentary record shows he was clearly informed. And Durham thought that was sufficiently credible to stick in his report.

Before writing an analysis of this report, Batty admitted, they should first “plug the thumb drives” in and look at the files before they wrote a summary.

The documentary evidence shows that these guys formed their initial conclusion about the white paper without ever reviewing the data first.

A day later, Curtis Heide texted from Chicago and asked them to upload the thumb drives, plural, so they could start looking at them.

They only uploaded one, the Red Thumb Drive.

That’s clear because when Kyle Steere documented what they had received on October 4, he described that his report is, “a brief summary of the contents of the USB drive,” singular. The contents match what were on the Red Thumb Drive.

Two hours and 16 minutes later, after uploading the Red Drive, Batty asked if he should send the actual thumb drives to Chicago.

48 minutes later, Batty asked Hellman if he had the Blue Thumb Drive.

The chain of custody shows that Batty didn’t send anything on September 22, when he and Hellman were panicking about the missing Blue Thumb Drive. Instead, he put something in storage on October 6, two weeks later. That he put them in storage makes no sense, because when he wrote an Electronic Communication explaining why he was sending the thumb drives to Chicago on October 11 (by that point, 19 days after saying they would send the thumb drives to Chicago that day), he claimed,

Due to case operational tempo, and the need to assess the data at ECOU-1 prior to referring the matter to the [Chicago] division the evidence was not charged into evidence (at the NVRA) until October 6, 2016.

Not a shred of evidence in the available record supports that claim and a great deal shows it to be false.

But he didn’t send the physical thumb drives until October 12, FedEx instead of internal BuMail.

By October 12, the FBI had decided there was nothing to these allegations.

Somewhere along the way, there was some confusion as to whether there was one or two thumb drives. At the time the case ID was added — the case was opened on September 23 — it seems to have been understood there was just one thumb drive.

Batty does seem to have sent two thumb drives, one Red and one Blue, to Chicago after that 20-day delay, though.

At trial on May 23, Alison Sands dramatically pulled two thumb drives — a Red Thumb Drive and a Blue Thumb Drive — out of the evidence envelope where she put them years earlier.

Q. Ms. Sands, I’m showing you what’s been marked for identification as Government’s Exhibit 1. Do you recognize that?

A. Yes.

Q. What is that?

A. This is the la envelope.

Q. Do you know what this envelope contains?

A. Yes, it contains the thumb drives. So I basically took them out of evidence and put it into this envelope.

[snip]

Q. Now, Ms. Sands, do you recall how many thumb drives there were?

A. Yes, there’s two.

Q. Do you recall if they had any particular colors?

A. One is blue and one is red.

On the stand, Sands also introduced Steere’s memo, the one that documented the contents of the Red Thumb Drive. In doing so, though, she falsely claimed (at least per the transcript) that the memo described both thumb drives.

Q. Do you recognize what Government’s 206 is?

A. Yes.

Q. What is that?

A. It is the EC documenting what information was on the thumb drives that were provided.

She also introduced the items included on the Red Thumb Drive, one after another, into evidence.

Except for the 19-page set of text files used for technical analysis.

When prosecutor Brittain Shaw got to that file in Steere’s memo, she tried to move it into evidence, but both Judge Cooper and Sussmann attorney Michael Bosworth noted it was already in evidence.

MS. SHAW: Could we go back to Government’s Exhibit 206, please? Moving down the list —

BY MS. SHAW:

Q. The second item, what is that?

A. It is data that was provided as alleged evidence of these DNS lookup tables.

Q. After number 2, is that the title that was given to the file or is that something you assigned?

A. I believe that’s something we assigned.

Q. Okay.

MS. SHAW: And if I could have Government’s Exhibit 208, please. If you’d just blow that up a little bit. Thank you.

BY MS. SHAW:

Q. And, Ms. Sands, do you recognize what that is?

A. Yes, these are the DNS lookups that I just described.

MS. SHAW: All right. I would move Government’s Exhibit 208 into evidence.

MR. BOSWORTH: It may be —-

THE COURT: I think it’s probably in.

MS. SHAW: All right.

It was already in.

Almost a week earlier, Scott Hellman introduced what he called “a portion” of the data included with the exhibit. It was the 19-page text file of DNS logs that reviewed in the Technical Analysis included on the Red Thumb Drive. He didn’t describe it as one stand-alone document included on the thumb drive. He seemed to imply this was a selection the FBI had made.

Q. And if I could show just to you on your screen what’s been marked Government Exhibit 208. And Agent Hellman, this is about an 18- or 19-page document. But you just see the first page here. Do you recognize this?

A. It appears to be a portion of the technical data that came along with the narrative.

MR. DeFILIPPIS: All right. Your Honor, the government offers Government Exhibit 208.

MR. BERKOWITZ: No objection.

THE COURT: So moved.

Q. And if we look at that first page there, Agent Hellman, what kind of data is this?

A. It appears to be — as far as I can tell, it looks to be — it’s log data. So it’s a log that shows a date and a time, a domain, and an IP address. And, I mean, that’s — just looking at this log, there’s not too much more from that.

Q. And do you understand this to be at least a part of the DNS data that was contained on the thumb drives that I think you testified about earlier?

All the while, he and DeFilippis referred to this as “a part” of the DNS data and referred to the thumb drives, plural.

And that, it appears, may be all the data anyone at the FBI ever analyzed.

Update: I erroneously said there were texts between Batty and Hellman that may have gotten deleted. I’ve corrected that error.

Update: I added details from the Lync files showing Batty provided a claim that conflicts with all public evidence about why he didn’t check the thumb drives into evidence until after the investigation was substantively done.

Update: I’ve updated the table to show what Sussmann shared. Particularly given FBI’s shoddy record-keeping and Durham’s obfuscation, it’s not clear on which drive GX209 was, nor is it clear whether there was a separate set of CSV DNS logs on the Blue Drive and if so how many logs they included.

Doo-Doo Process: John Durham Claims to Know Better than Anthony Trenga and Two Juries

/40 Comments/in , , /by

There’s something grotesque and unethical about John Durham’s conduct that has gotten little attention.

After getting his ass handed to him by two juries and one judge, in his report, Durham nevertheless repeated the allegations against Michael Sussmann and Igor Danchenko on which they have been acquitted. While in one discussion of his prosecutorial decisions, Durham described these as “allegations,” in his executive summary and elsewhere, he stated, as fact, that both men had made false or fabricated statements. Worse still, in his efforts to sustain his false statements allegations, Durham himself makes claims that were rebutted or undermined by the trial records.

John Durham lies about press contacts to cover up his failure to investigate exculpatory information

As a reminder, the researchers who found the Alfa Bank anomaly found it organically, and out of a suspicion — later validated by at least three Mueller prosecutions (Paul Manafort, Michael Cohen, and Alex Van der Zwaan) — that Trump and his associates were lying about their ties to Russia, Rodney Joffe shared the Alfa Bank anomaly with Michael Sussmann.

Sussmann definitely packaged up the allegations and asked Fusion GPS what they knew about Alfa Bank. He definitely billed that packaging-up process to Hillary. The campaign definitely approved sharing that information with the NYT.

But then, without the consent of the campaign, Sussmann blew their big story, by sharing the allegations with the FBI.

Sussmann claimed that he did so because, as a former cybersecurity prosecutor, he knew that if DOJ were going to have a chance to investigate these allegations, they would need to do so, covertly, before the allegations went public. He claimed to have done so because he had been in the position where a big allegation broke before law enforcement had an opportunity to investigate. As proof to support this claim, Sussmann noted — and over the course of months, forced Durham to collect the heretofore ignored evidence proving — that he helped the FBI kill the NYT story the campaign had approved, in the process making it clear that he had to ask someone (Joffe’s) consent to do so.

Because the FBI used overt means to investigate these allegations — a violation of DOJ pre-election guidelines that Durham doesn’t mention in his screed about the FBI — a seeming response to NYT’s efforts which was actually a response to the FBI bigfooting helped to fuel the story. The record shows, and Durham’s most aggressive prosecutor conceded at closing arguments, that the FBI fucked up this investigation in other ways, yet more FBI shortcomings that Durham doesn’t mention in his screed.

After the election, at a time when Sussmann no longer worked for Hillary, Joffe asked him to try to get the CIA to look at these anomalies. Before that meeting, Sussmann told one of his CIA interlocutors that he did have a client (something Sussmann also told to Congress), but described that his client wanted anonymity because of concerns about Russian retaliation. In the meeting where he passed off his thumb drives, he said he was not representing a client.

Those are the competing signals on which Durham obtained a criminal indictment and did so before having consulted significant swaths of directly relevant evidence: a question about how Sussmann intended those words, “represent” and “on behalf of,” a problem with the indictment that Sussmann identified immediately.

Here’s how Durham presented the Sussmann charges in the Executive Summary (all bold in this post my own).

The Office also investigated the actions of Perkins Coie attorney Michael Sussmann and others in connection with Sussmann’s provision of data and “white papers” to FBI General Counsel James Baker purporting to show that there existed a covert communications channel between the Trump Organization and a Russia-based bank called Alfa Bank. As set forth in Section IV.E.1.c.iii, in doing so he represented to Baker by text message and in person that he was acting on his own and was not representing any client or company in providing the information to the FBI. Our investigation showed that, in point of fact, these representations to Baker were false in that Sussmann was representing the Clinton campaign (as evidenced by, among other things, his law firm’s billing records and internal communications). 42 In addition, Sussmann was representing a second client, a technology executive named Rodney Joffe (as evidenced by various written communications, Sussmann’s subsequent congressional testimony, and other records).

Cyber experts from the FBI examined the materials given to Baker and concluded that they did not establish what Sussmann claimed they showed. At a later time, Sussmann made a separate presentation regarding the Alfa Bank allegations to another U.S. government agency and it too concluded that the materials did not show what Sussmann claimed. In connection with that second presentation, Sussmann made a similar false statement to that agency, claiming that he was not providing the information on behalf of any client.

[snip]

As explained in Section IV.E. l .c.i, the evidence collected by the Office also demonstrated that, prior to providing the unfounded Alfa bank claims to the FBI, Sussmann and Fusion GPS (the Clinton campaign’s opposition research firm) had provided the same information to various news organizations and were pressing reporters to write articles about the alleged secret communications channel. Moreover, during his September 2016 meeting at the FBI, Sussmann told Baker that an unnamed news outlet was in possession of the information and would soon publish a story about it. The disclosure of the media’s involvement caused the FBI to contact the news outlet whose name was eventually provided by Sussmann in the hope of delaying any public reporting on the subject. In doing so it confirmed for the New York Times that the FBI was looking into the matter. On October 31, 2016, less than two weeks before the election, the New York Times and others published articles on the Alfa Bank matter and the Clinton campaign issued tweets and public statements on the allegations of a secret channel of communications being used by the Trump Organization and a Russian bank – allegations that had been provided to the media and the FBI by Fusion GPS and Sussmann, both of whom were working for the Clinton campaign. [my emphasis; link]

And here’s how Durham presented his prosecutorial decision.

Accordingly, Sussmann’s conduct supports the inference that his representations to both the FBI and the CIA that he was not there on behalf of a client reflect attempts to conceal the role of certain clients, namely the Clinton campaign and Joffe, in Sussmann’s work. Such evidence also further supports the inference that Sussmann’s false statements to two different agencies were not a mistake or misunderstanding but, rather, a deliberate effort to conceal the involvement of specific clients in his delivery of data and documents to the FBI and CIA. [link]

[snip]

First, and as noted above, we identified certain statements that Sussmann made to the FBI and the CIA that the investigation revealed were false. Given the seriousness of the false statement and its effect on the FBI’s investigation, a federal Grand Jury found probable cause to believe that Sussmann had lied to the FBI and charged him with making a false statement to the Bureau, in violation of 18 U.S.C. § 1001. 1675 Ultimately, after a two-week trial, a jury acquitted Sussmann of the false statement charge.

We also considered whether any criminal actions were taken by other persons or entities in furtherance of Sussmann’s false statement to the FBI. The evidence gathered in the investigation did not establish that any such actions were taken. [link]

As noted above, just in these two passages Durham repeats, five times, that Sussmann made false statements, even though he never charged Sussmann with making false statements to the CIA and even though a jury found Sussmann not guilty of making false statements to the FBI (Durham also misrepresents that the billing evidence presented at trial, which didn’t show Sussmann billing Hillary for the meeting with Baker). This is a gross assault on due process, to accuse a man anew of the charges for which he has already been acquitted.

Durham claims, in explaining why he charged this flimsy case, that the [alleged] “false statement” was serious and had what he insinuates was a major effect on the FBI investigation. Remember: When Durham made this prosecutorial decision, he still had never bothered to check two Jim Baker phones in DOJ IG possession (one of which he had learned about years earlier), texts in Baker’s iCloud account that complicated his case, and documents in DOJ IG’s possession showing that the FBI understood — whether true or not — that the Alfa Bank allegation came from the DNC. Indeed, Durham obscures that while those Baker texts did show that Sussmann had conveyed such a claim by text, those belatedly discovered texts undermined Durham’s case at trial that Sussmann had repeated the claim in person (without providing any clarity about how Sussmann meant “on behalf of”). And one possible explanation for the acquittal is that the jury found that Sussmann didn’t repeat his claim that he was representing no client at the face-to-face meeting with Baker. Certainly, the record showed that whatever memory Baker had of that meeting had been selectively reconstructed with Durham’s help to match the story he needed to sustain a certain narrative, one that didn’t line up with the documentary evidence.

And evidence presented at trial completely undermined the claim that this was a material false claim, the reason Durham made the claim about seriousness in the first place. Sussmann’s attorneys showed that only the threat of prosecution altered FBI Agent Ryan Gaynor’s memory — backed by his contemporaneous notes — that, in fact, he always understood that the allegation came from a DNC attorney. Durham’s star FBI witness admitted on cross-examination that he developed his belief that a reference to the DNC in his colleague’s Lync texts was just a typo after prosecutor Andrew DeFilippis coached him on that point. There were other Lync texts recording a belief that the tip had come from the DNC. Several people at the FBI conducted this investigation as if they understood it to be an investigation of a DNC tip, which likely contributed to the errors the FBI made in their investigation. Durham claims the opposite.

Durham seems to hang his claim about seriousness on his own two inferences — one on top of another — that Sussmann had to have been deliberately hiding something, even though evidence presented at trial, most notably that Sussmann offered up information about having a client with both the FBI and CIA, undermined those inferences. As noted, Durham found April Lorenzen’s inferences as a private citizen to be potentially criminal, but he puts the weight of DOJ behind inferences that proved less robust than Lorenzen’s own.

Particularly given the fact that Durham only belatedly, months after indicting Sussmann, discovered evidence corroborating Sussmann’s explanation for reaching out to Baker — that he helped the FBI kill the NYT story the campaign very much wanted published — the Special Counsel’s misrepresentation of the timeline of press contacts is particularly dishonest. In response to an Eric Lichtblau email asking for more details about Russian hacking, Sussmann provided the tip. Durham’s claim that Sussmann “eventually provided” Lichtblau’s name falsely suggests it took more than a few days to make this happen. After that, Sussmann didn’t push the Alfa Bank story until it got published via other channels. For its part, Fusion was pushing this story weeks later, after April Lorenzen’s separately posted data had renewed questions about it. This muddled timeline repeats the outlandish claim Durham prosecutor Brittain Shaw made in opening arguments that an article most Democrats view as profoundly damaging was precisely the October Surprise Hillary wanted. But in this final report, it’s wildly dishonest spin to cover up the fact that Durham didn’t learn a key detail — that Sussmann helped kill the NYT story — until after charging him.

All the more so because telling the truth about Sussmann’s willingness to help the FBI kill the story suggests Sussmann’s version of the story is far more credible than Durham’s.

How Durham avoids admitting he charged a “literally true” statement as false

If you read nothing more than John Durham’s Executive Summary, you would never learn that John Durham falsely led the press to believe that Danchenko attributed the pee tape allegation to someone with distant ties to Hillary rather than the two Russians who admitted they went out drinking with Danchenko during the period in question. More importantly, you would never learn that Durham created that false pee tape panic out of what Judge Anthony Trenga ruled was a literally true statement.

This section of the Executive Summary, which doesn’t mention any prosecutorial decision regarding Dolan, is completely divorced from the prosecutorial decision it pertains to.

During the relevant time period, Danchenko maintained a relationship with Charles Dolan, a Virginia-based public relations professional who had previously held multiple positions and roles in the Democratic National Committee (“DNC”) and the Democratic Party. In his role as a public relations professional, Dolan focused much of his career interacting with Eurasian clients, with a particular focus on Russia. As described in Section IV.D. l.d.ii, Dolan previously conducted business with the Russian Federation and maintained relationships with several key Russian government officials, including Dimitry Peskov, the powerful Press Secretary of the Russian Presidential Administration. A number of these Russian government officials with whom Dolan maintained a relationship – and was in contact with at the time Danchenko was collecting information for Steele – would later appear in the Dossier.

In the summer and fall of 2016, at the time Danchenko was collecting information for Steele, Dolan traveled to Moscow, as did Danchenko, in connection with a business conference. As discussed in Section IV.D. l .d.iii, the business conference was held at the Ritz Carlton Moscow, which, according to the Steele Reports, was allegedly the site of salacious sexual conduct on the part of Trump. Danchenko would later inform the FBI that he learned of these allegations through Ritz Carlton staff members. Our investigation, however, revealed that it was Dolan, not Danchenko, who actually interacted with the hotel staff identified in the Steele Reports, so between the two, Dolan appears the more likely source of the allegations.

As discussed in Section IV.D. l .d.vi, our investigation also uncovered that Dolan was the definitive source for at least one allegation in the Steele Reports. This allegation, contained in Steele Report 2016/105, concerned the circumstances surrounding the resignation of Paul Manafort from the Trump campaign. When interviewed by the Office, Dolan admitted that he fabricated the allegation about Manafort that appeared in the Steele Report. Our investigation also revealed that, in some instances, Dolan independently received other information strikingly similar to allegations that would later appear in the Steele Reports. Nevertheless, when interviewed by the FBI, Danchenko denied that Dolan was a source for any information in the Steele Reports. [link]

When Durham gets around to describing his decision to charge Igor Danchenko in the Executive Summary, he makes no mention that one of those charges pertained to Dolan. Likewise, he makes no mention that Trenga threw out that charge before sending it to a jury.

Perhaps the most damning allegation in the Steele Dossier reports was Company Report 2016/95, which Steele attributed to “Source E,” one of Danchenko’s supposed sub-sources. This report, portions of which were included in each of the four Page FISA applications, contributed to the public narrative of Trump’s conspiring and colluding with Russian officials. As discussed in Section IV.D. l.f, Danchenko’s alleged source for the information (Source E) was an individual by the name of Sergei Millian who was the president of the Russian-American Chamber of Commerce in New York City and a public Trump supporter. The evidence uncovered by the Office showed that Danchenko never spoke with Sergei Millian and simply fabricated the allegations that he attributed to Millian.

When interviewed by Crossfire Hurricane investigators in late January 2017, Danchenko said that Source E in Report 2016/95 sounded as though it was Sergei Millian. As discussed in Section IV.D.1.f.i, Danchenko stated that he never actually met Millian. Instead, he said that in late-July 2016 he received an anonymous call from a person who did not identify himself, but who spoke with a Russian accent. Danchenko further explained that he thought it might have been Millian – someone Danchenko previously had emailed twice and received no response – after watching a YouTube video of Millian speaking. Thus, as detailed in Section IV.D. l .f.i, the total support for the Source E information contained in Steele Report 2016/95 is a purported anonymous call from someone Danchenko had never met or spoken to but who he believed might be Sergei Millian – a Trump supporter – based on his listening to a YouTube video of Millian. Unfortunately, the investigation revealed that, instead of taking even basic steps, such as securing telephone call records for either Danchenko or Millian to investigate Danchenko’ s hard-to-believe story about Millian, the Crossfire Hurricane investigators appear to have chosen to ignore this and other red flags concerning Danchenko’s credibility, as well as Steele’s.41

41 As noted in Section IV.D.2.f, a federal grand jury in the Eastern District of Virginia returned a five-count indictment against Danchenko charging him with making false statements. A trial jury, however, found that the evidence was not sufficient to prove his guilt beyond a reasonable doubt. See United States v. Igor Danchenko, 21-CR-245 (E.D. Va.). [link]

That’s what you’d learn from the Executive Summary.

It’s only in the body of his report where Durham reveals the Dolan-related charge and Judge Trenga’s finding that the statement he charged as a false statement was literally true. I’d like to congratulate Durham for here describing the false statements claims as “allegations” made by a grand jury, as distinct from the re-accusation of false statements made against Sussmann or his claim that Danchenko “fabricated the allegations” attributed to Millian. But even there he misrepresents the charges.

In November 2021, a grand jury sitting in the Eastern District of Virginia returned an indictment (“Indictment”) charging Igor Danchenko with five counts of making false statements to the FBI. The false statements, which were made during Danchenko’s time as an FBI CHS, related to his role as Steele’s primary sub-source for the Reports.

First, the Indictment alleged that Danchenko stated falsely that he had never communicated with Charles Dolan about any allegations contained in the Steele Reports. As discussed above, the documentary evidence clearly showed that Dolan was the source for at least one allegation in the Steele Reports. Specifically, that information concerned Manafort’s resignation as Trump’s campaign manager, an allegation Dolan told Danchenko that he sourced from a “GOP friend” but that he told our investigators was something he made up. 1384 The allegations regarding Dolan formed the basis of Count One of the Indictment.

Second, the Indictment alleged that Danchenko falsely stated that, in or about late July 2016, he received an anonymous phone call from an individual whom Danchenko believed to be Sergei Millian. Danchenko also falsely stated that, during this phone call, (i) the person he believed to be Millian informed him, in part, about information that the Steele Reports later described as demonstrating a well-developed “conspiracy of cooperation” between the Trump campaign and Russian officials, and (ii) Danchenko and Millian agreed to meet in New York. The available evidence was sufficient to prove beyond a reasonable doubt that Danchenko fabricated these facts regarding Millian. The allegations regarding Millian formed the bases for Counts Two through Five of the Indictment.

Following a one-week trial, and before the case went to the jury, the Court dismissed Count One of the Indictment pursuant to Federal Rule of Criminal Procedure 29. The Court held that Danchenko’s statement to the FBI regarding Dolan, i.e., that he [Danchenko] never “talked to [Dolan] about anything that showed up in the dossier” was “literally true” because, in fact, the information about Manafort was exchanged over email rather than in an actual verbal conversation. The Court denied Danchenko’s Rule 29 motion to dismiss related to the remaining counts of the Indictment. Following two days of deliberations, the jury concluded that the case had not been proven beyond a reasonable doubt.

In determining whether to bring criminal charges against Danchenko, the Office expected to be able to introduce additional evidence against Danchenko that supported the charged crimes. Thus, prior to trial, the Office moved in limine to introduce certain evidence as direct evidence of the charged crimes. Alternatively, the Office moved to admit the evidence as “other act” evidence pursuant to Federal Rule of Evidence 404(b) to prove Danchenko’ s motive, intent, plan and absence of mistake or accident. In particular, the Office sought permission to introduce evidence of:

(1) Danchenko’ s uncharged false statements to the FBI regarding his purported receipt of information reflecting Trump’s alleged salacious sexual activity at the Ritz Carlton Hotel in Moscow. In particular, the Office planned to call as a witness the German-national general manager of the Ritz Carlton, identified in the Steele Report 2016/080 as “Source E.” The Office expected the general manager would testify that he (i) had no recollection of speaking with Danchenko in June 2016 or at any time, (ii) had no knowledge of the allegations set forth in the Steele Report before their appearance in the media, and (iii) never discussed such allegations with Danchenko or any staff member at the hotel;

(2) Danchenko’s uncharged false statements to the FBI reflecting the fact that he never informed friends, associates, and/or sources that he worked for Orbis or Steele and that “you [the FBI] are the first people he’s told.” In fact, the evidence revealed that Danchenko on multiple occasions communicated and emailed with, among others, Dolan regarding his work for Steele and Orbis, thus potentially opening the door to the receipt and dissemination of Russian disinformation; and

(3) Danchenko’s email to a former employer in which Danchenko advised the employer, when necessary, to fabricate sources of information. Specifically, on February 24, 2016, just months before Danchenko began collecting information for the Steele Reports, the employer asked Danchenko to review a report that the employer’s company had prepared. Danchenko emailed the employer with certain recommendations to improve the report. One of those recommendations was the following:

Emphasize sources. Make them bold of CAPITALISED [sic]. The more sources the better. If you lack them, use oneself as a source ([Location redacted]-Washington-based businessman” or whatever) to save the situation and make it look a bit better. 1385

Danchenko’s advice that he attach multiple sources to information and obscure one’s own role as a source for information was consistent with Danchenko’s alleged false statements in which he denied or fabricated the roles of sources in the Steele Reports.

The Court ruled, however, that the evidence described above was inadmissible at trial. The prosecution was forced to then proceed without the benefit of what it believed in good faith was powerful, admissible evidence under Rule 404(6) of the Federal Rules of Evidence.

In reality, the question Danchenko answered about Dolan was an attempt to learn whether Dolan could have been a direct source to Steele, not to Danchenko. And Danchenko didn’t entirely deny talking to Dolan about such issues. He said they talked about “related issues perhaps but no, no, no, nothing specific.” One of the FBI Agents who tried to open an investigation into Dolan relied on the statements Danchenko did make, so it’s not like anything Danchenko said impeded that investigation.

Meanwhile, Durham’s description of the acquitted false statements against Millian conflates, as he repeatedly did during the prosecution, what Danchenko told the FBI he told Christopher Steele, and what showed up in the dossier, which Danchenko had no hand in writing. Danchenko said that some of the allegations in the dossier didn’t come from him — including the claim of conspiracy (and lots of FBI Agents have been disciplined because they didn’t pass on this detail to the FISA Court). What Danchenko told the FBI was that the caller had said there was an exchange of information with the Kremlin (which, in fact, Mueller’s investigation proved, there already had been!), but that there was, “nothing bad about it,” all of which (as Danchenko’s team made clear at trial) is utterly consistent with other things Millian was saying at the time. The alleged lie Danchenko told is that he believed at the time (in July 2016) that the caller was Millian. Also, Durham claims that Danchenko said he made plans to meet in New York; he doesn’t note that Danchenko said those were tentative plans. In other words, Durham here misrepresents what Danchenko actually said! Durham is the fabricator here, not Danchenko.

Having grossly overstated what the charge against Danchenko was, Durham claims that, “The available evidence was sufficient to prove beyond a reasonable doubt that Danchenko fabricated these facts regarding Millian.”

That’s why we have juries, buddy! No, there was not. Nuh uh.

For some reason, Durham feels the need to explain why he got his ass handed to him even though, he’s sure, he had enough evidence in hand to charge Danchenko.  He blames Judge Trenga’s exclusion of three pieces of evidence about uncharged conduct (here’s my post on that ruling and here’s Trenga’s order). Among the three pieces of evidence he claims he relied on when making a prosecutorial decision in November 2021 is an interview with the former General Manager of the Ritz that only happened in August 2022 (the indictment relies on Dolan and one of Dolan’s colleagues for that claim, not the Manager himself). At least as described, Durham would have needed a time machine for the GM’s testimony to have factored in his prosecutorial decision.

Plus, the claim that those three pieces of evidence — none of which directly pertain to Millian! — were what Durham relied on to make a prosecutorial decision in November 2021 conflicts with what his team said in a filing last September. Back then, they said certain emails from Millian were the most probative proof against Danchenko.

The July 2020 emails between Millian and Zlodorev also bear circumstantial guarantees of trustworthiness. Again, in July 2020, Millian had no motive to lie to Zlodorev.

Third, whether the statements relate to a material fact. The Government submits that this factor is not in dispute.

Fourth, whether the statements are the most probative evidence on the point. Millian’s emails written contemporaneous to the events at issue are undoubtedly the most probative evidence to support the fact that Millian had never met or spoken with the defendant.

Trenga decided those emails were inadmissible hearsay.

Durham probably points to three other pieces of evidence — one obtained nine months after the indictment and all unrelated to Millian — because to admit that his case relied on inadmissible hearsay would require Durham to admit something still more embarrassing. Those hearsay emails from Millian were only the most probative evidence because Durham insanely charged Danchenko relying on what Millian had said on his Twitter account.

Only three months after indicting Danchenko on November 3, 2021 did Durham get around to interviewing Millian.

1085 OSC Report of Interview of Sergei Millian on Feb. 5, 2022 at 1.

His team did that interview remotely; Durham didn’t even have direct proof that Millian was in Dubai when he did that interview.

The Government has conducted a virtual interview of Millian. Based on representations from counsel, the Government believes that Millian was located in Dubai at the time of the interview.

[snip]

The Government has also been in contact with Millian’s counsel about the possibility of his testimony at trial. Nonetheless, despite its best efforts, the Government’s attempts to secure Millian’s voluntary testimony have been unsuccessful. Moreover, counsel for Millian would not accept service of a trial subpoena and advised that he does not know Millian’s address in order to effect service abroad.

[snip]

In the case of a U.S. national residing in a foreign country, 28 U.S.C. § 1783 allows for the service of a subpoena on a U.S. national residing abroad. Here, the Government has made substantial and repeated efforts to secure Millian’s voluntary testimony. When those efforts failed, the Government attempted to serve a subpoena on Millian’s counsel who advised that he was not authorized to accept service on behalf of Mr. Millian. The Government, not being aware of Millian’s exact location or address, asked counsel to provide Millian’s address so that service of a subpoena could be effectuated pursuant to 28 U.S.C. § 1783. Counsel stated that he does not know Millian’s address. In any event, even if the Government had been able to locate Millian, it appears unlikely that Millian would comply with the subpoena and travel to the United States to testify.

And a week after that interview, Durham accused Millian (though he didn’t name him) of “misrepresent[ing] facts” when he claimed “they” were spying on the White House on the very same Twitter account on which Durham relied to obtain the indictment.

One day later, Millian’s Twitter account revealed that Millian told the Trump White House who was “working against them” long before it was publicly known (Durham made no mention of these Tweets when he tried to claim that emails Millian sent in 2020 could be considered reliable).

In other words, abundant evidence suggests that Durham indicted Danchenko without doing the most basic step first, testing Millian’s reliability. By the time he got to trial, Millian — who like Danchenko, had been the subject of a counterintelligence investigation, and who unlike Danchenko had been frolicking in St. Petersburg during 2016 with Oleg Deripaska, someone who had a key role in Russia’s interference in 2016 — proved more than unreliable.

Durham makes no mention of that truly humiliating prosecutorial misstep, an embarrassment set in motion when he decided to indict a man based on claims made on Twitter, in his entire Report.

And yet not only does Durham refuse to state clearly, in his description of the prosecutorial decision, that Danchenko was acquitted of the charges against him, in his Executive Summary he falsely claims that he has proven Danchenko fabricated the claim. Worse still, Durham complains about investigative steps the Crossfire Hurricane investigators appear to have taken (which are different from the Mueller ones, who obtained abundant records about Millian’s communications), but he himself focused exclusively on disproving a telephony call between the two men, in spite of evidence (including of the contacts setting up a meeting between Millian and George Papadopoulos in precisely the same period) that any such call would have happened over the Internet.

Durham does this while making it clear that one reason he charged the Millian counts is because the allegation attributed to Millian, “contributed to the public narrative of Trump’s conspiring and colluding with Russian officials.” That’s only a crime if someone lied to the FBI about it, and Durham didn’t prove his case that Danchenko did.

It should not be left to me, almost a week after this report got released, to point out something grotesque. Durham is still claiming that these men lied, even though two juries told him he didn’t have the evidence to prove that case. That’s not just a grave abuse of Michael Sussmann and Igor Dancheko’s due process, but it exhibits profound disrespect to the service of the jurors.

After both his acquittals, Durham issued a statement claiming, “we respect the jury’s decision and thank them for their service.” And then he wrote a 300-page report telling them he knew better.

John Durham Committed the “Crime” of “Inferring” of Which He Accused Rodney Joffe

/17 Comments/in , /by

I’d like to look at 13 instances in which the word, “inference” appears in the Durham Report.

Almost half come in Durham’s discussion of Rodney Joffe’s work on the Alfa Bank anomalies. Durham states as fact that Joffe “tasked” a number of people to “mine … data to establish ‘an inference’ … tying then-candidate Trump to Russia.”

With respect to the Alfa Bank materials, our investigation established that Joffe had tasked a number of computer technology researchers who worked for companies he was affiliated with, and who had access to certain internet records, to mine the internet data to establish “an inference” and “narrative” tying then-candidate Trump to Russia.

[snip]

In particular, in late July and early August, Joffe commenced a project in coordination with Sussmann and Perkins Coie to support an “inference” and “narrative” tying Trump to Russia. For example, records show that on three days in August 2016, Joffe had meetings or conference calls with Sussmann and Elias. 1401 At about the same time, Joffe began tasking his own employees and associates to mine and assemble internet data that would support such an inference or narrative. 1402

[snip]

Regarding this whole project, my opinion is that from DNS all we could gain even in the best case is an *inference*. I have not the slightest doubt that illegal money and relationships exist between pro-Russian and pro-Trump, meaning actual people very close to Trump if not himself, [meaning actual people very close to Trump if not himself. And by Putin’s traditional style, people Putin controls, but not himself. He controls the oligarchs and they control massive fortunes and cross nearly all major industries in a vast number of countries.]

But even if we found what Rodney asks us to find in DNS we don’t see the money flow, and we don’t see the content of some message saying “send me the money here” etc.

I could fill out a sales form on two websites, faking the other company’s email address in each form, and cause them to appear to communicate with each other in DNS (And other ways I can think of and I feel sure [University-1 Researcher-2] can think of[.])

IF Rodney can take the *inference* we gain through this team exercise … and cause someone to apply more use.fit! tools of more useful observation or study or questioning … then work to develop even an inference may be worthwhile.

That is how I understood the task. Because Rodney didn’t tell me more context or specific things. What [Cyber Researcher- 1] has been digging up is going to wind up being significant. It’s just not the case that you can rest assured that Hil[l]ary’s opposition research and whatever professional govts and investigative journalists are also digging … they just don’t all come up with the same things or interpret them the same way. But if you find any benefit in what [he] has done or is doing, you need to say so, to encourage [him]. Because we are both killing ourselves here, every day for weeks.

[I’m on the verge of something interesting with hosts that talk to the list of Trump dirty advisor domain resources, and hosts that talk to [Russian Bank1]-* domains. Take even my start on this and you have Tehran and a set of Russian banks they talk to. I absolutely do not assume that money is passing thru Tehran to Trump. It’s just one of many *inferences* I’m looking at.

SAME IRANIAN IP THAT TALKS TO SOME TRUMP ADVISORS, also talks to:

[list of domains redacted]

(Capitals don’t mean SUPER SIGNIFICANT it was just a heading.)

Many of the IPs we have to work with are quite MIXED in purpose, meaning that a lot of work is needed to WINNOW down and then you will still only be left in most cases with an *inference* not a certainty.]

Trump/ advisor domains I’ve been using. These include ALL from Rodney’s PDF [the Trump Associates List] plus more from [Cyber Researcher-1]‘s work[:

Trump/ advisor domains I’ve been using. These include ALL from [Tech Executive-1’s] PDF [the Trump Associate’s List] plus more from [name redacted, probably also Cyber Researcher-1]’s work: [list of domains redacted] [RUSSIAN BANK-1] DOMAINS [list of domains redacted] More needs to be added to both lists.]1438 

The word “inference” here comes not from Joffe, but from April Lorenzen, who wrote the large block quote here, to which I’ve added — in the italicized brackets — language from the Durham motion to get it admitted at trial. Even without the Lorenzen language Durham excludes, his deceit is clear, because someone that Durham has never included in his feverish conspiracy theories — Cyber Researcher-1 — is described as doing his or her own work. With Lorenzen’s language included, Durham’s deceit is still more obvious, given how Lorenzen talks about forming her own inference. Not to mention the fact that (as I noted here), many of Lorenzen’s inferences — starting with the fact that Trump’s campaign manager was laundering money from Russia through Cyprus and that he had a tie with Alfa Bank founder’s son-in-law or that Trump was hiding business ties with Russia — turned out to be 100% correct.

But Durham’s deceit goes even further, because the effort to review DNS data for signs of Russian hacking started, organically, in June, not in July in response to Joffe.

Durham’s misrepresentation of the relationship between the various researchers is particularly rich given that a technical review he had done months after indicting Sussmann revealed that the data Sussmann shared with the FBI was referred to as Lorenzen’s data, not Joffe’s.

The 851 records of resolutions on the USB drive were an exact match for a file of resolutions sent from University-1 Researcher-2 to University-I Researcher- 1 on July 29, 2016, which was referred to as “[first name of Tech Company-2 Executive-l]’s data.”

As it happens, three more of the appearances of the word “inference” in the Durham Report come from the technical review.

The FBI DNS experts with whom we worked also identified certain data and information that cast doubt upon several assertions, inferences, and allegations contained in (i) the above-quoted white papers about the Yotaphone allegations, and (ii) the presentation and Yotaphone-related materials that Sussmann provided to the CIA in 2017.

[snip]

Data files obtained from Tech Company-I, Tech Company-2, and University-I reflect that Yotaphone-related lookups involving IP addresses assigned to the EOP began long before November or December 2016 and therefore seriously undermine the inference set forth in the white paper that such lookups likely reflected the presence of a Trump transition-team member who was using a Yotaphone in the EOP.

[snip]

In sum, as a result of our investigation, the FBI experts advised us that actual data and information on YotaPhone resolution requests directly undermined or refuted several conclusions and inferences included in the Yotaphone white paper. 1674

But that technical review only treats claims made about Yotaphone, not the Alfa Bank allegations, as “inferences.”

I’ll return to the way that Durham presents this technical review at some later time. It doesn’t help Durham in the way he thinks it does.

The point being, though, is that Durham claimed that Joffe was directing people to make inferences about Alfa Bank. He investigated private citizens who made such inferences as a crime.

Which is why I find it telling that the remaining three uses of the word “inference” in the Durham report are his own.

For example, Durham infers, first, that Sussmann’s statements that he was not at the FBI or CIA on behalf of any client is proof he was hiding who his client(s) were, and from that inference, he in turn infers that Sussmann was deliberately trying to hide Clinton and Joffe.

Accordingly, Sussmann’s conduct supports the inference that his representations to both the FBI and the CIA that he was not there on behalf of a client reflect attempts to conceal the role of certain clients, namely the Clinton campaign and Joffe, in Sussmann’s work. Such evidence also further supports the inference that Sussmann’s false statements to two different agencies were not a mistake or misunderstanding but, rather, a deliberate effort to conceal the involvement of specific clients in his delivery of data and documents to the FBI and CIA.

Both these inferences are nonsense — not least because Clinton no longer was a client of Sussmann’s when he went to the CIA in 2017 and both in the process of setting up the CIA meeting and helping the FBI to kill the NYT Alfa Bank story, Sussmann revealed that he did have a client he was working with.

Durham simply refuses to consider the possibility that DNS experts can see anomalous traffic and view it with alarm. And he grossly misrepresents the evidence regarding whether Sussmann pushed the Alfa Bank story after helping the FBI to kill it, probably because that evidence strongly supports Sussmann’s claimed motive: to give the FBI a chance to investigate before the public story alerted those behind the anomaly.

The final use of the word inference in the report is even more egregious.

As discussed above, Fusion GPS approached Steele in May 2016. Prior to his retention, Glenn Simpson met with Steele at Heathrow Airport in London and pitched Steele on the opposition research project. 1100 Approximately one week later, Danchenko contacted RIA Novosti journalists seeking Millian’s contact information. 1101 The timing of Danchenko’s request to RIA Novosti on the heels of Steele’s meeting with Simpson in London strongly supports the inference that Fusion GPS directed Steele to pursue Millian. 1102 Indeed, by the time of Steele’s meeting with Simpson, Nellie Ohr had already identified Millian’s alleged connections to Trump.

As with Carter Page (and Felix Sater, the focus on whom Durham continually downplayed over the course of this investigation), it didn’t take a research firm to identify Millian’s ties to Trump. Especially not with Millian bragging of those ties. Indeed, elsewhere Durham suggests Ohr learned of Millian from the RIA Novosti interviews he did in April. RIA Novosti was just as accessible to Danchenko as it was to Ohr.

But once you’ve traced the interest in Millian back to a Nellie Ohr report completed on April 22, 2016, then you’re tracking the research started no later than November 2015 under Paul Singer. You’re blaming Hillary for a project she took over from a right wing billionaire. You’re also tracking research that turned out to be reliable and accurate.

Again, these kinds of inferences are the stuff that Durham tried to criminalize when Lorenzen, a private citizen, made them.

But he nevertheless included them in a declination report provided to the Attorney General.

Igor Danchenko Would Have Been a Crucial Witness to Understanding the Disinformation in the Dossier

/38 Comments/in , , /by

Igor Danchenko claims that a Supervisory Special Agent involved in the Russian investigation described his cooperation with the FBI as a confidential source as one of the upsides of that investigation.

As one supervisory special agent has agreed, “one of the upshots [of the Crossfire Hurricane Investigation] has been a relationship with [Mr. Danchenko] which has provided the FBI insights into individuals and to areas that it otherwise was lacking [ ] because of the difficulty with which the FBI has in recruiting people from that part of the world.” The agent further agreed that the FBI’s relationship with Mr. Danchenko was “one thing that in terms of usefulness really did result from this [investigation].”

Danchenko cited it as part of his successful effort to limit how much detail about the 2010 counterintelligence into him John Durham could present at trial, which starts today.

It’s an odd statement, insofar as he doesn’t cite the source (I was wondering if it comes from a pre-trial interview of a witness he plans to call, the precise details of which he’s withholding until the trial). Plus, there are FBI agents who seemed happy to have participated in the investigation, notwithstanding the way Trump found a way to ruin the career of virtually every FBI person involved in it (besides the two guys who botched the Alfa Bank investigation). This person, with the reference to “usefulness,” sounds like one of the skeptics.

Imagine if one of the FBI agents the frothers have been celebrating as a Mueller skeptic for years had good things to say about the (hopefully last) target in Durham’s witch hunt?

Whoever it is, the frothers’ continued obsession with Danchenko’s role as an FBI source — now joined by Chuck Grassley and Ron Johnson — and their certainty there was impropriety about it is a testament to how deep within a bubble they all are, in which Trump matters but US security does not.

Start with what we know or can infer about his vetting. First, he was brought on as a source in March 2017, before the FBI stopped including FISA material among the databases it used to vet potential informants. So they likely checked collections of communications from known Russian spies before they formalized the relationship, including those they knew he had contact with years earlier. If that’s right, they knew a lot about what ties he had with Russians.

Then, at least if we can believe Danchenko, every time there was a discrepancy between what he said and others said, they were resolved in his favor.

To the contrary, not only did investigators and government officials repeatedly represent that Mr. Danchenko had been honest and forthcoming in his interviews, but also resolved discrepancies between his recollection of events and that of others in Mr. Danchenko’s favor.

Frothers blew over the implications of this just like they blew over Danchenko’s reference, in this same filing that, “The government had unfettered access to Mr. Danchenko for approximately four years following his first interview in January 2017” (a presumed allusion to his relationship with the FBI).

This statement about “discrepancies” between Danchenko’s versions and those of others would have to include the interview with Christopher Steele that Durham attempted (unsuccessfully) to introduce as evidence.

On September 18 and 19, 2017, FBI personnel from the Robert Mueller Special Counsel team interviewed Christopher Steele. Steele informed the FBI personnel, in part, that the defendant had collected election-related material in the United States for Orbis. As part of that undertaking, the defendant informed Steele that he met in person with Sergei Millian on two or three occasions – in New York and once in Charleston, South Carolina. The defendant subsequently informed the FBI that he had not in fact met with Millian on any occasion. On November 2, 2017, the defendant further stated to the FBI that Steele incorrectly believed the defendant had met in-person with Millian, and that he (the defendant) did not correct Steele in that misimpression.

Danchenko makes this even more explicitly clear later.

[W]hile the facts alleged in the indictment may show that [Steele] provided the FBI with an inaccurate statement about a meeting between Mr. Danchenko and [Millian] in New York, the facts also clearly show that Mr. Danchenko corrected the record for the FBI by unequivocally stating, on multiple occasions, that he had never met with [Millian] in New York and did not know whether he ever spoke on the phone with [Millian].

Most Republicans claim that Steele’s dossier was garbage. Danchenko maintains he had no role in writing it and Durham doesn’t seem to have any evidence to the contrary. Everything in Danchenko’s prosecution (and the entire DOJ IG Report on Carter Page) is consistent with the FBI believing Danchenko over Steele. And yet the frothers are sure that one of the first guys to raise questions about Steele (Bruce Ohr was actually the first, though he never gets credit for that) is suspect.

If Danchenko’s claim (made after reviewing discovery) is true — something I expect we’ll learn more about during the trial — Mueller, at least, came away from a series of interviews in fall 2017 crediting Danchenko’s claims about the construction of the Steele dossier over Steele’s own. I think the record is somewhat more equivocal than that. For example, Danchenko’s claim that he, “did not view his/her contacts as a network of sources, but rather as friends with whom he/she has conversations about current events and government relations,” is not credible; he knew he was getting paid for this information. But Danchenko showed proof of some of his other claims (for example, in texts with his friend Olga Galkina), and I assume whatever vetting FBI did — including the FISA 702 collection targeting Galkina — held up as well.

If you think Steele fucked over Trump, that should matter to you.

But Danchenko (and that anonymous FBI agent) make it clear Steele was not the only person who Danchenko helped the FBI to understand. Danchenko describes that the investigation into the dossier ended in November 2017.

The investigation into the Reports was ultimately completed by Special Counsel Robert S. Mueller, III, in or about November 2017

But he remained an approved source until October 2020. A Danchenko filing describes being interviewed “dozens of times,” of which roughly eight are included in the scope of the indictment against him (three in January, and one each in March, May, June, October, and November 2017), which therefore must be the only ones that pertain to the dossier. Durham’s project, with his conspiracy theory driven prosecution, is to claim that Danchenko lied at least once in every interview about the dossier.

That Danchenko was interviewed some 16 more times is news: it would suggest Danchenko’s was asked to explain more than just Steele’s reporting methods. It’s not even clear Durham would have reviewed all that reporting before he charged Danchenko; he’s not known to have investigated past the beginnings of the Mueller investigation, and Durham only produced a December 2017 draft opening memo for an investigation into Charles Dolan in the last month.

[W]hen agents drafted a December 2017 communication in support of opening an investigation into Dolan, they included the information Mr. Danchenko provided them as support for opening the investigation. 3

3 The December communication is highly exculpatory with regard to the essential element of materiality and it is not clear why it was only produced 30 days from the start of trial. It was produced as Jencks material (also late by the terms of the Court’s Order requiring all Jencks to be produced by September 1) but is obviously Brady evidence. 

Durham certainly didn’t bother learning all of Rodney Joffe’s contributions to the FBI before he made wild insinuations about him and got him discontinued as an FBI source, so it’s possible he did not for Danchenko either.

And that’s interesting given what is in the public record about related events.

Try to look at the Russian investigation not as an attempt to sink Trump (much of what we know about matters Danchenko may have cooperated on comes from before the investigation was predicated on Trump), and not as the precursor to the prosecutions we know happened. Try to consider the Russian investigation as an investigation in the wake of a hostile attack from a foreign power. And consider what the DOJ IG Report on Carter Page — a document most frothers treat with near biblical reverence and ignorance, the declassified footnotes to the report, the Bruce Ohr 302s, and details revealed in the Danchenko filings disclose about where the investigation into the dossier and related topics developed between December 2016 and September 2000.

In the period when Danchenko was brought on as an informant (and before the time Steele was interviewed) the FBI learned that Steele had problematic ties with Oleg Deripaska and his (and Danchenko’s) source network had been compromised by Russian spooks.

  • December 2016: As much as Steele was trying to push the dossier to the FBI, he was also trying to push Oleg Deripaska’s complaints that Manafort had stolen money from him
  • January 12, 2017: Another intelligence service relayed an inaccuracy about the Michael Cohen claims in the Steele Report, claims Danchenko sourced to his friend Galkina, who had gotten close to Dmitry Peskov via Dolan
  • January 24, 2017: Danchenko didn’t know that Deripaska was the one who paid Steele to investigate Manafort in spring 2016
  • February 14, 2017: Steele was working for certain attorneys, including the attorney for Oleg Deripaska
  • February 27, 2017: An individual with ties to Trump and Russia said the pee tape was the product of Russia infiltrating a source into the Steele network
  • March 2017: The Crossfire Hurricane considers the full import of the open counterintelligence investigation on Millian
  • June 2017: Someone affiliated with Oleg Deripaska learned of Steele’s project by early July 2016 — so before all but the first report
  • Early June 2017: Russian spooks became aware of Steele’s election investigation in early 2016 [this date is probably wrong but still an indication that Russia learned about the project from the start]
  • Early June 2017: FBI targeted Olga Galkina under Section 702 (and discovered her ties to Chuck Dolan and both their ties to Dmitry Peskov)
  • December 2017: FBI at least considered opening an investigation into Dolan
  • February 2018: The reason Manafort shared campaign information in August 2016 was in an effort to get “whole” with Deripaska; Kilimnik shared a clever plot to defeat Hillary
  • April 2018: Treasury sanctions Deripaska, among others
  • May 2018: More on how Kilimnik’s August meeting pertained to a plan to beat Hillary
  • September 2000: Deripaska’s US associate, Olga Shriki, appears before grand jury

By 2019, the IG Report makes clear, there were abundant reasons to suspect that Deripaska had played a key role in injecting disinformation into the dossier. In the earlier days of the investigation, key people on the Crossfire Hurricane team didn’t know of Steele’s ties to Deripaska, something that, “could have indicated that Steele was being used in a Russian ‘controlled operation’ to influence perceptions (i.e., a disinformation campaign).” Until the way Deripaska was working both sides — increasing Manafort’s legal jeopardy while using his desperation to get his cooperation with the election operation — became clear, Deripaska’s ties to the dossier didn’t make sense, as Bill Priestap explained.

[I]f that’s the theory [that Russian Oligarch 1 ran a disinformation campaign through [Steele] to the FBI], then I’m struggling with what the goal was. So, because, obviously, what [Steele] reported was not helpful, you could argue, to then [candidate] Trump. And if you guys recall, nobody thought then candidate Trump was going to win the election. Why the Russians, and [Russian Oligarch 1] is supposed to be close, very close to the Kremlin, why the Russians would try to denigrate an opponent that the intel community later said they were in favor of who didn’t really have a chance at winning, I’m struggling, with, when you know the Russians, and this I know from my Intelligence Community work: they favored Trump, they’re trying to denigrate Clinton, and they wanted to sow chaos. I don’t know why you’d run a disinformation campaign to denigrate Trump on the side.

But as the Manafort side of the equation became clear, it all made more sense. And the implication is that by 2019, that’s what the FBI understood to have happened.

Chuck Grassley was the first person to start raising public questions about Deripaska’s role in the dossier. Similarly, he was among the first to raise concerns about disinformation and the dossier.

The more likely explanation for Danchenko’s CHS status is one he and other Republicans should welcome: that the FBI investigated how the dossier was used as disinformation. Danchenko was fed a lot of shit, from people (like Galkina) he trusted implicitly; that shit happened to be tailored to sow maximal dissension in US politics. And then Steele, unbeknownst to Danchenko, packaged it up inside exaggerations.

If it bothers you that the dossier was larded with disinformation — and it should bother people on both sides of the aisle — then you should welcome FBI’s effort to understand how that happened. And one crucial step in that process is to understand how the network behind it tied right back to the Russians who played central roles in the 2016 attack on US democracy. Danchenko would have been a key guide to that information.

On the Belated Education of John Durham

/59 Comments/in , /by

In a filing on September 2 in the Igor Danchenko case, John Durham confirmed that Danchenko had been a paid FBI source from March 2017 through October 2020.

In March 2017, the FBI signed the defendant up as a paid confidential human source of the FBI. The FBI terminated its source relationship with the defendant in October 2020.

I had heard this — though not with the sourcing such that I could publish. Apparently it was news to the frothers, who’ve been wailing about it ever since. Here’s Margot at the Federalist Faceplant, Jonathan Turley, and Chuck Ross at his new digs at the outlet that first hired Christopher Steele. Here’s the former President during an obsequious Hugh Hewitt interview.

Danchenko’s status was implicit in a lot of what is public. Even absent the frothers doing any kind of journalism, or even critical thinking, what did they think this reference in Danchenko’s motion to dismiss meant?

The government had unfettered access to Mr. Danchenko for approximately four years following his first interview in January 2017, and not once did any agent ever raise concerns about the now purportedly contradictory post-call emails.

As I hope to show in a follow-up, it actually makes a lot of sense.

Meanwhile, in Danchenko’s response to that filing, he revealed that information he provided to the FBI was used in a memorandum supporting the opening of an investigation into Charles Dolan, one of Durham’s star witnesses against Danchenko. (Note, this reference stops short of saying that the FBI did open an investigation into Dolan, just that someone proposed doing so.)

[T]he Special Counsel ignores, and conceals from this Court, that Mr. Danchenko was interviewed dozens of times and during the course of those interviews, particularly when asked specific questions about Dolan (which was not often), Mr. Danchenko (1) told the FBI about the Moscow trips with Dolan, (2) told the FBI that Steele knew of Dolan, (3) told the FBI that not only was Dolan doing work with Olga Galkina but that Mr. Danchenko himself had introduced them, and (4) told the FBI that Dolan had connections and relationships with high-level Kremlin officials, including President Putin’s personal spokesperson, Dmitry Peskov. Indeed, when agents drafted a December 2017 communication in support of opening an investigation into Dolan, they included the information Mr. Danchenko provided them as support for opening the investigation. 3 [emphasis original]

This may not be the last surprise investigation we hear about. Back in the original filing on September 2, Durham argued he should be able to talk about the 2008 allegation that led to a counterintelligence investigation into Danchenko, in part, because (Durham predicted bitterly) Danchenko will likely raise investigations into others, plural, who will “feature prominently at trial.”

[T]he Government expects the defense to introduce evidence of FBI investigations into other individuals who the Government anticipates will feature prominently at trial. Thus, the introduction of the defendant’s prior counterintelligence investigation – should the defense open the door – does not give rise to unfair prejudice that substantially outweighs its probative value.

Effectively, Durham is arguing that if Danchenko points out that Durham’s witnesses should not be considered reliable based on suspicions they were working for Russia’s interests, then he should be able to point out that Danchenko was once similarly suspected as well. Durham also wants to point out that Dolan twice asserted that Danchenko might be a Russian spook, but also allegedly always knew of his role at Orbis — assertions that, in tandem, could actually hurt Durham’s case, given the subsequent disclosure that Dolan was investigated himself. Durham may not understand that, yet.

One of these people whose investigation Danchenko will raise at trial is undoubtedly Sergei Millian, whose cultivation of George Papadopoulos in exactly the same time period Danchenko claims to have believed he spoke to Millian was one of a number of things the FBI investigated starting in 2016.

Danchenko’s response to Durham’s demand that he be allowed to raise the 11-year old counterintelligence investigation into Danchenko (besides providing a somewhat different timeline) was basically to say, “Bring it!” He intends to raise that counterintelligence investigation himself, he claims. Note: Durham doesn’t note, but it is clear from the January interviews of Danchenko, that FBI interviewers probed Danchenko about that prior investigation in their very first interviews in 2017.

As noted, I hope to return to all this dizzying spy-versus-spy shit in a follow-up. By then we’re likely to have several more disclosures, plus some details about the known investigation into Millian.

This all shows there was not a shred of prosecutorial discretion exercised before charging Danchenko. Even if Danchenko had done grievous harm to the US, no sane prosecutor would have charged this case with such easily impeached witnesses. Even Durham now seems to understand his materiality claims are flimsy. And yet, to prove a five year old false statements allegation, he has forced the government to declassify a whole range of sensitive material, including this detail about Dolan.

And that process apparently continues to be a struggle for Durham (as I predicted it would be).

Consider the timeline implied by Danchenko’s footnote about the Dolan revelation. Danchenko claims that he only just learned about the Dolan investigation opening memo.

3 The December communication is highly exculpatory with regard to the essential element of materiality and it is not clear why it was only produced 30 days from the start of trial. It was produced as Jencks material (also late by the terms of the Court’s Order requiring all Jencks to be produced by September 1) but is obviously Brady evidence. The defendant understands that the CIPA procedures may have slowed the production of certain categories of discovery but given the Indictment’s allegations about the materiality of Mr. Danchenko’s failure to attribute public information to Dolan, the production of this specific document should have been a priority for declassification.

When Danchenko says that Counterintelligence Information Procedures Act may have slowed the production of this, he’s suggesting (charitably) that someone at DOJ took a long time to release this information to Durham and that Durham had no control over that process. That’s another thing I predicted in this post about how CIPA would affect this case: “it can end up postponing the time when the defendant actually gets the evidence he will use at trial. So it generally sucks for defendants.”

The trial starts on October 11. This footnote suggests that Danchenko only received this information 30 days before trial, so around September 11, in the week before he filed this. Whenever it was disclosed, if he received it after the September 1 deadline, that would make it too late for the September 2 deadline for Danchenko’s own motion to dismiss. It would put it after Durham’s September 2 filing — the one bitching about how much of the trial Danchenko will use to focus on the investigations into witnesses, plural, against him — which means the plural reference may not have incorporated Dolan. Danchenko would have learned about this over a month after his own deadline to lay out what classified information he intended to use at trial, and at least a week after the August 30 CIPA conference, at which the two sides debated about what classified information Danchenko should be allowed to use at trial.

It also comes after a series of delays in Durham’s classified discovery. In May, I described what was publicly billed as the last one.

It’s that record that makes me so interested in Durham’s second bid to extend deadlines for classified discovery in the Igor Danchenko case.

After Danchenko argued he couldn’t be ready for an April 18 trial date, Durham proposed a March 29 deadline for prosecutors to meet classified discovery; that means Durham originally imagined he’d be done with classified discovery over six weeks ago. A week before that deadline, Durham asked for a six week delay — to what would have been Friday. Danchenko consented to the change and Judge Anthony Trenga granted it. Then on Monday, Durham asked for another extension, this time for another month.

When Durham asked for the first delay, he boasted they had provided Danchenko 60,000 unclassified documents and promised “a large volume” of classified discovery that week (that is, before the original deadline).

To date, the government has produced over 60,000 documents in unclassified discovery. A portion of these documents were originally marked “classified” and the government has worked with the appropriate declassification authorities to produce the documents in an unclassified format.

[snip]

Nevertheless, the government will produce a large volume of classified discovery this week

This more recent filing boasts of having provided just one thousand more unclassified documents and a mere 5,000 classified documents — for a case implicating two known FISA orders and several past and current counterintelligence investigations.

To date, the Government has produced to the defense over 5,000 documents in classified discovery and nearly 61,000 documents in unclassified discovery. The Government believes that the 5,000 classified documents produced to date represent the bulk of the classified discovery in this matter.

Danchenko waited six weeks and got almost nothing new.

But then on August 16, Durham filed a supplemental CIPA filing, suggesting there were more substitutions of classified information he wanted Judge Anthony Trenga to approve (a supplemental filing is not, by itself, unusual).

The point is, for months, Durham kept saying he’d have all the secrets delivered to Danchenko by his new deadline in June, promise, and then he dropped this bombshell on Danchenko just weeks before trial.

In the August 29 hearing on all this, Judge Trenga deferred most CIPA decisions until after Danchenko files a new CIPA filing on September 22 — so if any of this remains classified, Danchenko still has a chance, with just days notice, to argue he needs it at trial. They’ll fight about these issues again on September 29.

But given Durham’s performance in the Sussmann case, it’s not entirely clear these missed classified deadlines are DOJ’s fault. After all, Durham never even asked DOJ IG for relevant discovery in Sussmann’s (and therefore, we should assume, this) case until after Sussmann was charged. He didn’t investigate Rodney Joffe’s true relationship with the FBI and other agencies until Sussmann asked him to. He didn’t ask Jim Baker for his own iCloud content until early this year, after belatedly rediscovering Baker phones he had been told about years ago.

It’s not just his belated request for information from DOJ IG that we know to have affected this case too. Durham also has never interviewed George Papadopoulos — not before he went on a junket to Italy chasing Papadopoulos’ conspiracy theories, and not since. Thus, Durham never tested whether Millian’s cultivation of Papadopoulos undermines his evidence against Danchenko — and it does, obviously and materially.

Because of Durham’s obvious failures to take the most basic investigative steps before charging wild conspiracy theories, there are several possible explanations why he’s only providing Danchenko news of this Dolan memo a month before trial:

  1. Someone tried to hide this from Danchenko and ultimately was overridden. If that’s the explanation, it makes Andrew DeFilippis’ August departure from the team and, according to the NYT, DOJ, all the more interesting.
  2. DOJ delayed the time until they let Durham disclose this because of some sensitivity about the investigation. Recall that Dolan has ties to Putin spox Dmitri Peskov, who was sanctioned earlier this year, followed by his family.
  3. Durham didn’t know.

The last possibility — that Durham had no fucking clue that one of his star witnesses had been (at least considered) for investigation — is entirely plausible. It’s entirely consistent with what we saw in the Sussmann case, though worse even than that case in terms of timing.

Durham came into this investigation treating the conspiracy theories of Papadopoulos and Trump as credible. He seems to have believed, all along, that Sergei Millian was a genuinely aggrieved victim and not someone playing him, for at least a year, for a fool. He seems to have decided that he knew better than FBI’s experts about who had credibility about Russia and who didn’t. Along the way he forced the FBI to cut its ties with Joffe and — given the October 2020 cut-off of Danchenko’s ties to the FBI, probably Danchenko as well. He did all this with a lead prosecutor who believed it was problematic for DARPA to investigate the Guccifer 2.0 persona used by the GRU.

Durham walked into this investigation believing and parroting, without first testing, Trump’s claims that the Russian investigation was abusive. Based on those beliefs, he chased all manner of conspiracy theory in an attempt to allege pre-meditation and malice on the part of Hillary and everyone else involved with the dossier. His Sussmann prosecution ended in humiliating failure. This prosecution, win or lose, may do worse for Durham’s project: it may reveal unknown details about Russian efforts to tamper in 2016, efforts that harmed both Republicans and Democrats alike.

The Durham prosecutions have been shitshows and undoubtedly a disaster for those targeted. It’s not yet clear what will happen with the Danchenko trial (or even whether it will go to trial; given that CIPA issues still have to be resolved, there’s still a chance Durham will have to dismiss it rather than going to trial). Durham will still write a report that may try to resuscitate his conspiracy theories that were disproven in the Sussmann trial.

But thus far, the actual record of the Durham investigation shows that when actually bound by the rules of evidence, when actually obligated to dig through DOJ’s coffers to discover what DOJ learned as it tried to understand Russia’s intervention in 2016, reality looks nothing like the conspiracy theories Durham has chased for three years.

John Durham’s education process has been a painful process for all personally involved (except maybe Sergei Millian, gleefully dicking around from afar). But along the way he’s debunking many of the conspiracy theories he was hired to sustain.

Update: Chuck Ross is outraged that I suggested his boss had paid for Steele (and lying that I said Paul Singer paid for the dossier, which I pointedly did not say). It is true that the payment for Fusion GPS’ Trump project had shifted to Perkins Coie before Steele first sent Danchenko to Russia.

It’s also true that, based on length of project, Ross’ current boss paid for much of Nellie Ohr’s work on Trump’s ties to Russia, which includes some of Fusion’s early work on Paul Manafort and Felix Sater, and possibly early work on Millian (she continued to work on Millian until she left Fusion).

And since Chuck is so upset, I should point out that his former co-columnist, Oleg Deripaska, also reportedly paid for Steele’s work (in that case, research on Paul Manafort), though also through the cut-out of a law firm.

FBI’s Russian Hack-and-Leak Investigation as Disclosed by the Sussmann Trial

/61 Comments/in , , /by

Now that he has been acquitted, it’s easy to conclude the Michael Sussmann prosecution was a pointless right wing conspiracy theory. It was!

But the exhibits that came out at trial are a worthwhile glimpse of both the FBI’s investigation into the 2016 Russian hack of Democrats and the Bureau’s shoddy investigation of the Alfa Bank anomalies.

I’ve started unpacking what a shitshow the FBI investigation into the latter was here and collecting technical exhibits pertaining the investigation here (though that post is currently out of date).

As to the Russian hack-and-leak, Sussmann’s team facilitated the process with a summary exhibit they included showing a selection of FBI communications pertaining to the investigation that either involve or mention Sussmann. Sussmann introduced these documents to show how obvious his ties to the Democrats would have been to the FBI, including to some people involved in the Alfa Bank investigation. A few of these communications refute specific claims Durham made, showing that meetings or communications Durham argued must relate to the Alfa Bank effort could be explained, in one case far more easily, as part of the hack-and-leak response. That is, some of these documents show that Durham was taking evidence of victimization by Russia and using it instead to argue that Sussmann was unfairly victimizing Trump.

 

 

Below, I’ve grouped the communications by topic (though a number of these communications span several topics). Note that Latham & Watkins’ paralegal only used the last date on these communications, which I will adopt. But a number reflect a communication chain that extends months and includes dates that are far more important to the Durham prosecution.

Some of these files include topics that have attracted a great deal of often misleading coverage, such as the efforts to get server images from the Democrats. Importantly, by the time the FBI asked for server images, according to these communications, the only place to get them was at CrowdStrike.

I don’t believe DNC/DCCC have the images that CS took. Only CS have those. It’s like paying ATM fees to your bank to get your cash. DNC/DCCC will be charged to get the images back.

After some discussion about who would pay CrowdStrike to create a second image, the firm offered to do it for free.

These communications also give a sense of the extent to which Democrats faced new and perceived threats all through the election. Given the communications below and some details I know of the Democrats’ response to the attacks, I suspect these communications do not include real attempted attacks, either because they were not reported or because the report went to FBI via another channel. While CrowdStrike attempted to ensure Sussmann was always in the loop, for example, that discipline was not maintained. And we know CrowdStrike found the compromise of the Democrats analytics hosted on AWS in September, a compromise that may only show up in these communications mentioned in passing. Some in the FBI seemed entirely unsympathetic to the paranoia that suffering a nation-state attack during an election caused, which couldn’t have helped already sour relations between the FBI and Hillary’s people.

Perhaps the most interesting communications — to me at least — pertain to efforts to authenticate the documents that got publicly posted and to identify any alterations to them. At least as laid out in these communications, the Democrats were way behind the public in identifying key alterations to documents posted by Guccifer 2.0, and it’s unclear whether the FBI was any further ahead. But these discussions show what kind of alterations the Democrats were able to identify (such as font changes) as well as which publicly posted documents the FBI was sharing internally.

FBI public statements

160614 DX102 A discussion of Jim Trainor’s preparation for a meeting with Ellen Nakashima in advance of her June 14, 2016 reporting the hack and CrowdStrike’s attribution. Among other things, they note Nakashima’s confidence that GOP PACs were also targeted.

160725 DX112 This email chain between Sussmann and Trainor captured Sussmann’s frustration that FBI made an announcement of an investigation into the DNC hack without first running the statement by Sussmann.

160729 DX117 Before FBI sent out a statement about the DCCC hack, Jim Trainor sent Sussmann their draft statement. In response, Sussmann complained that FBI said they were aware of media reports but not of the hack itself. The timing of this exchange is important because Durham’s team repeatedly described a meeting between Marc Elias and Sussmann that day pertaining to a server as relating to the Alfa Bank anomaly.

Points of contact

160616 DX105 An email thread sent within FBI OGC (including to Trisha Anderson) discussing an initial meeting between Jim Trainor, Amy Dacey, Sussmann, and Shawn Henry.

160621 DX107 Starting on June 16, Amy Dacey thanked Assistant Director Jim Trainor for meeting with the Democrats about the hack. The thread turned into a confused request from the campaign for a briefing about whether they, too, had been compromised.

160725 DX114 This chain reflects Hawkins’ confused response after Sussmann provided the contact information for a Hillary staffer with a role in technical security. Hawkins stated, “Nothing concerning HFA has come up.”

160809 DX127 After Donna Brazile replaced Debbie Wasserman Schultz, Sussmann set up a meeting between her and Jim Trainor.

160811 DX128 An email chain among cyber FBI personnel discusses three Secret threat briefings for the DNC, DCCC, and Hillary campaign. Sussmann was scheduled to attend all three briefings, and Marc Elias was scheduled to attend the DCCC and Hillary briefings (though he testified that he did not attend).

160811 DX130 Sussmann sent the FBI notice of a public report of the DNC’s establishment of a cybersecurity advisory board. The report was passed on to Jim Trainor.

DHS outreach

160802 DX106 A Lync chain starting in the initial aftermath of the Nakashima story, referencing an Intelligence Committee briefing, and discussing how to facilitate DHS assistance to the Democrats through Sussmann.

160802 DX120 With the goal of reaching out to the Democratic victims to offer assistance, DHS asked who the point of contact for both would be.

160816 DX125 This email chain documents DHS’ “SitRep” of their understanding of the DNC/DCCC hacks and their efforts to reach out to help. This includes sharing of DNC/DCCC “artifacts” with NCCIC.

Authentication and venue

160708 DX109 An email chain seeking DNC help authenticating a document released by Guccifer 2.0.

160723 DX110 A discussion starting on July 21 about authenticating and extending after the initial WikiLeaks dump. Hawkins observed, “Looks like there will be multiple releases on that [the WikiLeaks] front.”

160802 DX118 After Adrian Hawkins asked CrowdStrike’s Christopher Scott a question about a public report that the Democrats’ analytics had been hacked, Scott explained that Sussmann had to be involved in any discussions between the FBI and their cybersecurity contractor. Hawkins also asked for specifics about the compromised servers that the FBI could use to establish venue.

160816 DX134 An email chain mentioning but not including Sussmann describes the efforts to establish venue (especially for Field staff who rely on laptops and travel a lot) as well as the efforts to authenticate documents.

160822 DX136 Two Lync messages describing a script that can be used to match WordPress documents with files stolen from the DNC.

160922 DX145 NSD’s Deputy Chief of  Cyber, Sean Newell, asks Sussmann to meet to discuss some information requests from NDCA. They set up a meeting for September 26.

160930 DX147 Hawkins follows up on Newell’s request for information with a much more detailed request from the San Francisco Division. This request includes details of the forensics NDCA was asking for, generally to include the CrowdStrike reports, network diagrams, logs, and images for the compromised hosts.

161004 DX148 In response to WikiLeaks promises about an upcoming file release, Newell follows up on a September 27 request he made of Sussmann for any files that were altered as well as a list of files that had been released but not circulated outside of the victim organizations first, including some indication whether those had been altered. Sussmann says they would have information available later that week.

161012 DX150 In another chain of responses to Newell’s information request, someone at Perkins Coie passes on a description from the DCCC about how an image posted by Guccifer 2.0 differed from the file structure as it appeared on their server, including as it pertained to a file named, “Pelosi Vote Email.”

161026 DX154 This chain is a follow-up to the Newell request, though it actually includes Guccifer 2.0 documents about Trump’s taxes discussed. It includes description of an altered document published by Guccifer 2.0, in which the font was changed. It also includes a DOJ NSD person asking FBI to print out the document because they don’t have any unattributable computers.

161024 DX165 This is yet another continuation of the Newell request, this one included the Trump Report altered by Guccifer 2.0. It includes some discussion of alterations to that document (as compared to unaltered ones released by WikiLeaks). It also describes documents that a DNC research staffer believes were taken from his local desktop.

CrowdStrike Reports

160815 DX132 Burnham to Farrar explaining there are two CloudStrike reports, one for the DNC and the other for the DCCC. The former is done, while the latter will be done soon.

160825 DX137 Hawkins asks Sussmann about the DNC CrowdStrike report, Sussmann explains it’s still a few days away, but then the next day says he’s reading “it” (which may be the DCCC report). Sussmann’s response gets forwarded to a few more people.

160830 DX 138 A Lync chain conveying that Sussmann had alerted the FBI that the CrowdStrike report was done and asking if WFO should pick it up.

Server images

161013 DX151 In another chain of responses to Sean Newell’s information request, the discussion turns from Sussmann’s effort to make sure the Democrats respond to all the FBI’s data request to how to obtain images (whether to have CrowdStrike spend 10 hours to do it or let FBI onsite to do it themselves). As part of this chain, Sussmann says that “in theory” the Democrats would be amenable to letting the FBI onsite to image the serves themselves, but then checks to see whether the data is at CrowdStrike or the DNC.

161013 DX152 This chain is follow-up to the request for server images. Sussmann connects the FBI and CrowdStrike, CS offers to image the servers for free, and the FBI provides the address where to send them.

161028 DX153 A Lync that starts with Newell requesting someone attend the October 11 meeting with Sussmann, continues through a discussion about how to get images of the compromised servers (including whether Sussmann may have misinterpreted the ask), and includes a discussion about a re-compromise.

Lizard Squad ransomware threat

160803 DX121 Late night on August 2, Sussmann reported a ransomware threat from the Lizard Squad. This email discusses the various equities behind such a threat and involves a guy named Rodney Hays, whom the Durham team would at one point insist must be Rodney Joffe.

160806 DX124 This chain reflects more of the response to Sussmann reporting a ransomware threat from Lizard Squad. As noted, it involves a guy named Rodney Hays that Durham’s team insisted must be Joffe.

160922 DX144 Over a month after the Democrats reported the Lizard Squad threat, Eric Lu wrote up the intake report, including the bitcoin address involved and Sussmann’s email to Rodney on August 9 thanking him for his assistance.

Other threats

160726 DX115 Sussmann set up a meeting with Hawkins and others so someone could report “some offline activity related to the intrusion.” This was around the time when Ali Chalupa believed she was being followed, though nothing in this chain describes the threat.

160908 DX140 On August 26, EA Hawkins wrote Sussmann directly alerting him to a new phishing campaign targeting Democrats. On September 7, he wrote back with three accounts that may have been targeted.

160916 DX141 Moore emailing Josh Hubiak — a cyber agent in Pittsburgh — asking for contact information for Michael Sussmann so she can obtain the contact information for a DNC bigwig whose Microsoft Outlook account was compromised, apparently by APT 28. Hubiak is one of the agents also involved in the Alfa Bank investigation.

160917 DX142 The day after the request for contact information for the DNC bigwig, there’s further discussion about how to contact him. The FBI also shares new files reflecting the network share for a different DNC person, a former IT staffer, that was uploaded to Virus Total.

160927 DX146 In response to public reports that some Democratic phones may have been targeted and a potential compromise of Powell’s phone (probably Colin, whose communications were posted to dcleaks), there’s some chatter about what information is available from Apple and Google. One of the key agents involved complains that, “it would be awesome if Google helped out, as I know they are at least 2 steps ahead of me and I’m in a sad, losing game of catchup.”

161011 DX149 This seems to be a collection of Lync notes from October 11, showing three different issues pertaining to Sussmann happening at once: the transfer of custody of the thumb drives to the Chicago office, a reference to a meeting with Sussmann, and a report of a new Democratic concern about exposed Social Security numbers.

161230 DX155 A Lync chain that goes from October 28 through December 30 covering the concern about a bug at DNC HQ, the response to the NYT article naming Hawkins, and another compromise alert.

161017 DX164 This may be a summary prepared for Mother Jones. Whatever the purpose (there is no date), it describes the timeline of FBI’s response to a request for a sweep of DNC headquarters in response to some anomaly. Sussmann permitted the sweep but asked that it be done covertly, so as not to alert DNC staffers.

Crossfire Hurricane

160804 DX123 On August 4, Joe Pientka forwarded the original June 14 Nakashima story to the agents who had just been assigned to the Crossfire Hurricane team with the explanation, “Just going through old — possibly pertinent emails.”

“The Bell Can Never Be Unrung” … The Many Times Durham’s Prosecutors Flouted Judge Cooper’s Orders

/64 Comments/in , /by

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs. If you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations for this coverage — which reflects the culmination of eight months work. 

The jury in the Michael Sussmann case will return to work this morning. They deliberated for some period on Friday (I’m not sure whether how long they deliberated has been reported). But the jury was unable to get questions answered or a verdict accepted after Judge Christopher Cooper left for the long holiday at 2:30PM. Even if the jury ends up finding Jim Baker’s testimony unreliable — which would likely be the quickest way to come to a verdict one way or another — I would expect it to take the jury a bit of time to sort through the centrality of his testimony to the charges.

So while we wait, I want to catalog how Durham’s team blew off just about every adverse decision Cooper made against them.

1. Delayed Request for Privileged Material

As I laid out in this post, Cooper ruled that a bunch of the emails over which the Democrats had originally claimed privilege were not. But because Durham waited so long to request a review of the privileged documents, Cooper ruled Durham could not use the emails at trial.

In cross-examination of Fusion’s tech person, Laura Seago, DeFilippis used the content of one of those emails that apparently discussed hiding her Fusion affiliation from Tea Leaves. (I laid out this exchange in this post.)

MR. DeFILIPPIS: So we have an issue with regard to Ms. Seago’s testimony. The government followed carefully Your Honor’s order with regard to the Fusion emails that were determined not to be privileged but that the government had moved on.

As Your Honor may recall, there was an email in there in which Ms. Seago talks very explicitly about seeking to approach someone associated with the Alfa-Bank matter and concealing her affiliation with Fusion in the email. When we asked her broadly whether she ever did that, she definitively said no when I, you know, revisited it with her. So it raises the prospect that she may be giving false testimony.

And so we were — you know, I considered trying to refresh her with that, but I didn’t understand that to be in line with Your Honor’s ruling. So the government is — we’d like to consider whether we should be — we’d like Your Honor to consider whether we should be able to at least recall her and refresh her with that document?

THE COURT: I don’t remember that question, but the subject matter was concealing Fusion or her identities in conversations with the press. If I recall correctly, that email related to “tea leaves,” correct?

After repeatedly asking Seago whether she had hidden her affiliation from the media, he asked about this email, catching Seago in a gotcha (though both Judge Cooper and Sussmann lawyer Sean Berkowitz took the question, as Seago seemed to, to relate to outreach to the press).

After setting his perjury trap, DeFilippis immediately tried to recall Seago onto the stand to delve into the content of this email. In this case, Judge Cooper ruled that DeFilippis had waived his opportunity to do so.

THE COURT: Well, I think the time to have asked the Court whether using the document to refresh was consistent with the order was before she was tendered and dismissed. So I think you waived your opportunity. All right? So we’re going to move on.

2. Non-Expert Expert Testimony

One of the most contentious arguments leading up to trial was Durham’s belated attempt to use an expert witness, ostensibly to discuss the technical complexities of DNS and Tor at the heart of the case (topics which prosecutors had witnesses explain over and over in as much detail as their nominal expert witness David Martin did), to address the accuracy of the research on the DNS anomaly.

This was an attempt to lead the jury to believe the anomaly was fabricated by Rodney Joffe and the researchers, in spite of the fact that Durham obtained plenty of evidence it was not.

On April 25, Judge Cooper ruled that Durham could have an expert discuss the technicalities of the data, but could only raise the accuracy if Sussmann did so himself.

Then on May 6, Durham attempted to expand that ruling by asking the expert to address materiality. In discussions the morning of opening arguments that focused entirely on the testimony of non-DNS expert Scott Hellman, not the nominal expert on DNS David Martin, Cooper prohibited Martin’s discussion of spoofing. (I describe these discussions here.)

Ironically, this was all supposed to be about visibility, the import of understanding how much DNS traffic a researcher could access to the quality of that researcher’s work. In Hellman’s own analysis — for which he fairly demonstrably did not review the data that Sussmann shared with the FBI very closely —  he showed no curiosity about the issue.

Searched “…global nonpublic DNS activity…” (unclear how this was done) and discovered there are (4) primary IP addresses that have resolved to the name “mail1.trump-email.com”. Two of these belong to DNS servers at Russian Alfa Bank. [my emphasis]

Nevertheless, DeFilippis used this nested set of witnesses as an opportunity to get Hellman — who admitted he had only a basic understanding of DNS, who didn’t review the data very closely, and who formed his initial conclusion in about a day — to comment on the methodology of the researchers.

Q. And what, if anything, did you conclude about whether you believed the authors of the paper or author of the paper was fairly and neutrally conducting an analysis? Did you have an opinion either way?

MR. BERKOWITZ: Objection, Your Honor.

THE COURT: Basis?

MR. BERKOWITZ: Objection on foundation. He asked him his opinion. He’s not qualified as an expert for that.

THE COURT: I’ll overrule it.

A. Sorry, can you please repeat the question?

Q. Sure. Did you draw a conclusion one way or the other as to whether the authors of this paper seemed to be applying a sound methodology or whether, to the contrary, they were trying to reach a particular result? Did you —

A. Based upon the conclusions they drew and the assumptions that they made, I did not feel like they were objective in the conclusions that they came to.

Q. And any particular reasons or support for that?

A. Just the assumption you would have to make was so far reaching, it didn’t — it just didn’t make any sense.

This is precisely the kind of opinion that Cooper had prohibited from an actual expert, admitted from someone whose own shoddy analysis became a recurrent theme for the defense.

3. Hearsay Clinton Tweet

DeFilippis’ efforts to get excluded information introduced was still more brazen with hearsay materials.

On May 7, Judge Cooper issued his initial ruling on which parts of Durham’s conspiracy theory could be admitted at trial. In general, Cooper permitted the introduction of Fusion GPS emails with the press about the Alfa Bank allegations, all of which post-date Sussmann’s alleged lie. He excluded all but one of the emails between Rodney Joffe and the researchers (more on the exception below).

Cooper equivocated wildly about a tweet sent out under Hillary Clinton’s name in response to the Franklin Foer story on the anomaly. In a hearing on April 27, he excluded it as hearsay.

THE COURT: All right. The Clinton Campaign Tweet, the Court will exclude that as hearsay. To the extent that the government believes that it offers some connection to the campaign and an attorney-client relationship, it’s likely duplicative of other evidence, so the Tweet will not come in.

In a pre-trial hearing on May 9 (after he had issued his order on motions in limine), Cooper explained he was revisiting the decision.

But I guess my question, as I have thought more about this, given the sort of two competing theories of the case and two narratives laid out in the Court’s ruling on the motion in limine, is whether it is relevant not for the truth, but to show the campaign’s connection to the alleged public relations effort to play stories regarding the Alfa-Bank data with the press and that therefore it is sort of context for the Government’s motive theory, that Mr. Sussmann sought to conceal that effort, as well as the campaign’s general connection to that effort.

After Sussmann lawyer Sean Berkowitz explained that the defense would not contest that the campaign wanted a story out there, Cooper opined that would make the tweet cumulative.

Well, if that’s going to be the case, and he’s not contesting that he was representing the campaign in connection with that effort, isn’t the tweet cumulative? It’s icing on the cake. Right?

DeFilippis claimed that without the tweet they would have no evidence about how the campaign worked the press on this issue (even though both Marc Elias, called as a government witness, and Robby Mook, who was originally listed as a government witness, eventually testified to the issue on the stand). After Judge Cooper said he would reserve his decision, Berkowitz noted that in fact, DeFilippis planned to use the tweet to claim the campaign wanted to go to the FBI when the testimony at trial (from both Elias and Mook) would establish that going to the FBI conflicted with the campaign’s goals.

[T]hey are offering the tweet for the truth of the matter, that that’s what the campaign desired and wanted and that it was a accumulation of the efforts.

Number one, it’s not the truth; and in fact, it’s the opposite of the truth. We expect there to be testimony from the campaign that, while they were interested in an article on this coming out, going to the FBI is something that was inconsistent with what they would have wanted before there was any press. And in fact, going to the FBI killed the press story, which was inconsistent with what the campaign would have wanted.

And so we think that a tweet in October after there’s an article about it is being offered to prove something inconsistent with what actually happened.

Then, after both Elias and Mook had testified that they had not sanctioned Sussmann going to the FBI, DeFilippis renewed his assault on Cooper’s initial exclusion, asking to introduce it through Mook’s knowledge that the campaign had tried to capitalize on the Foer story.

Having ruled in the past that the tweet was cumulative and highly prejudicial, Cooper nevertheless permitted DeFilippis to introduce the tweet if he could establish that Mook knew that the campaign tried to capitalize on the Foer story.

But Cooper set two rules: The government could not read from the tweet and could not introduce the part of the tweet that referenced the FBI investigation. (I explained what DeFilippis did at more length in this post.)

THE COURT: All right. Mr. DeFilippis, if you can lay a foundation that he had knowledge that a story had come out and that the campaign decided to issue the release in response to the story, I’ll let you admit the Tweet. However, the last paragraph, I agree with the defense, is substantially more prejudicial than it is probative because he has testified that had neither — he nor anyone at the campaign knew that Mr. Sussmann went to the FBI, no one authorized him to go to the FBI, and there’s been no other evidence admitted in the case that would suggest that that took place. And so this last paragraph, I think, would unfairly suggest to the jury, without any evidentiary foundation, that that was the case. All right?

MR. DeFILIPPIS: Your Honor, just two brief questions on that.

THE COURT: Okay.

MR. DeFILIPPIS: Can we — so can we use — depending on what he says about whether he was aware of the Tweet or the public statement, may we use it to refresh him?

THE COURT: Sure. Sure.

MR. DeFILIPPIS: Okay. And then, as to the last paragraph, could it be used for impeachment or refreshing purposes as well in terms of any dealings with the FBI?

THE COURT: You can use anything to refresh.

MR. DeFILIPPIS: Okay.

THE COURT: But we’re not going to publish it to the jury. We’re not going to read from it. And let’s see what he says. [my emphasis]

Having just been told not to read the tweet, especially not the part about the FBI investigation, DeFilippis proceeded to have Mook do just that.

The exhibit of the tweet that got sent to the jury had that paragraph redacted and that part of the transcript was also redacted. But, predictably, the press focused on little but the tweet, including the part that Cooper had explicitly forbidden from coming into evidence.

4. Hearsay about Joffe’s Request for Feedback

As noted above, Judge Cooper permitted just one email between Joffe and the researchers to come into evidence: a request for feedback Rodney Joffe made of the researches. But he did so based on Durham’s representation that either David Dagon or Manos Antonakakis — both of whom received the email — would testify.

Neither did.

During Sean Berkowitz’ cross-examination of Curtis Heide, one of the agents assigned to investigate the anomaly, Sussmann’s attorney had Heide explain how they knew David Dagon had a role in the research, but nevertheless never bothered to speak to him directly.

AUSA Jonathan Algor used that as an opportunity to ask to introduce not just the email that had been permitted, but also the response, claiming that by highlighting how shoddy the FBI investigation was, Berkowitz was opening the door to accuracy questions.

MR. ALGOR: So, Your Honor, there was a good amount of cross-examination regarding David Dagon.

THE COURT: Yes.

MR. ALGOR: And specifically asking about reaching out to him and also going into that he was the source of the white paper and what types of questions you would ask him and all. I think that this goes right to the red herring email.

THE COURT: I’m sorry, the what email?

MR. ALGOR: The red herring email, which you’ve previously excluded. It was Government Exhibit 124, when you would go through what type of questions. Now that Mr. Berkowitz has asked these, I would ask: What would you have asked having to provide data related to it? You know, Were there drafts of the white paper? Would Agent Heide ask who else he communicated with and what he believed regarding all of that data? And so I think he’s opened the door regarding that email.

Berkowitz noted that neither Sussmann nor Heide knew of the email.

MR. BERKOWITZ: Judge, this is not an email that was authored by Mr. Dagon. My cross-examination went directly to their investigation, who they spoke to, who they didn’t speak to. I asked him, he doesn’t know what Mr. Dagon said to Mr. Sussmann, if anything, and he said he didn’t. And I don’t think that opening the door to these communications where there’s no indication that it went to Mr. Sussmann is appropriate.

Cooper ruled that Algor could not introduce the email response.

That did not open the door to the excluded email about which — about what his and the other researchers’ views on the data or motivations may have been. In any case, the emails reflect — or the email reflects the views of Mr. Joffe, not Mr. Dagon, and those views came a full month and a half before the FBI was in a position to interview Mr. Dagon. They are, therefore, not relevant to Mr. Dagon’s views or motivations in any event.

So you can — you can certainly ask him, as you have in direct, what he would have done differently, what he would have questioned Mr. Dagon about, you know, to establish a materiality argument, but we’re not going to get into what the researchers’ motivations were. Okay?

Minutes later, Algor walked how Heide didn’t know any of the people on the email, and elicited from Heide the opinion that even asking the opinion might suggest people were trying to fabricate the data.

Q. Okay. And it — the “from” is Rodney Joffe. Do you see that?

A. Yes.

Q. And then the “to” is to Manos Antonakakis. Do you see that?

A. Yes.

Q. Do you know who that is?

A. I do not.

Q. And David Dagon, do you see that second name?

A. Yes.

Q. Do you know who David Dagon is?

A. No.

Q. You testified —

A. I’m sorry.

Q. — earlier —

A. I never met David Dagon, but I do know that he was the information that the source came forward and said he was potentially the author of the white paper.

Q. Okay. And that’s from a CHS that your team was contacted by?

A. Yes. Yes.

Q. And then, finally, April Lorenzen. Do you know who April Lorenzen is?

A. I do not.

[snip]

Q. Would you also want to know whether the authors of the white paper were trying to make it out so that it wasn’t — so that it couldn’t be understood if you weren’t a DNS expert?

A. That would be important.

Q. And if you could read that last line, please.

A. It says, “Do NOT spend more than a short while on this (if you spend more than an hour you have failed the assignment). Hopefully less.”

Q. And just going back to the line above, it says, without — it says, “NOT to be able to say this is, with out doubt, fact, but to merely be plausible,” would you want to understand that coming from the source of the white paper?

A. Yes.

The discussion of the bench conference immediately after Heide left the stand (Berkowitz generally refrained from objecting to these shenanigans in front of the jury) is entirely redacted. But as noted below, Judge Cooper ultimately excluded the entire email as hearsay introduced without proper foundation.

6. Hearsay Commentary on an Attorney

In the very same sidebar where Judge Cooper excluded the Heide testimony, he also explicitly prohibited prosecutors from tying a research request that Rodney Joffe had given a colleague, Jared Novick, to an attorney. The research request pertained to Richard Burt and Carter Page (among others) at a time both had established ties to Russia. Novick testified to Joffe’s displeasure with his work abilities and it’s quite clear the two don’t like each other.

MR. BERKOWITZ: So with respect, Judge, to that, it sounds as if outside the norm of what he normally does, that he thought it was likely for a political campaign. I’m not sure that his determination that he thought it was for an attorney is relevant. If they want to put in an attorney-client-privileged document that he saw, I think he can do that. But if he says I understood this was going to an attorney connected to the campaign, that’s hearsay. And it really doesn’t have anything to do with Mr. Sussmann, unless they can tie it up in any way.

THE COURT: Is there — is there any link to the defendant?

MR. ALGOR: Your Honor, just that he understood the tasking was related to opposition research regarding Trump; that he was told by Mr. Joffe — and his understanding was — that it was — it was someone tied to the Clinton campaign. But his understanding overall, full context and understanding, regardless of what Mr. Joffe said, was that this was going to someone tied to the campaign; and that also in receiving the document that had attorney-client privilege, that he understood it to be for an attorney.

THE COURT: How is that not hearsay if Mr. Joffe offered for the purpose of showing that, in fact, it was from —

MR. ALGOR: Because it’s a full understanding. It’s not getting into the actual specific statements that Mr. Joffe told him, but just the full context of what he was tasked to do and who the ultimate receiver was.

THE COURT: Okay.

MR. KEILTY: One second, Your Honor.

THE COURT: You can elicit his understanding that it was for a campaign, that it was unusual, that it may have had some political purpose. But I want you to stay away from any suggestion, which I don’t think has been established, that it was from Mr. Sussmann, including by suggesting it was from an attorney. Okay? [my enphasis]

Once again, minutes after Judge Cooper issued an order — this one ruling that Durham’s team could not elicit any reference to an attorney — Algor nevertheless got a former Joffe associate to do so.

Q. And, again, you — during cross-examination, Mr. Berkowitz asked you a series of questions regarding — regarding your work for Mr. Joffe on this project?

A. Uh-huh.

Q. And without getting into any specific conversations, based on the totality of your work, who was the intended audience for the project?

A. It was to go to an attorney with ties.

MR. BERKOWITZ: Objection, Your Honor.

THE COURT: Sustained.

That was the first time Berkowitz started getting really insistent about the pattern of Durham’s prosecutors completely ignoring explicit prohibitions from Cooper.

MR. BERKOWITZ: And — and just briefly, Your Honor, I don’t know when is an appropriate time to — to raise this. I want to express what — and I am not a — a hotheaded person —

THE COURT: You’re not a what?

MR. BERKOWITZ: I’m not a hotheaded person, but I have deep concern over the last line of questioning with the witness eliciting something that I think was clearly prohibited. And it’s consistent, in our view, with the line of questioning relative to Mr. Elias, [sic] relative to them reading the tweet that had been excluded. And, again, I know you don’t apportion bad faith, and I’m not asking you to do that at this point, but I just — I’m — I’m really concerned about the number of those issues that have come in and the prejudice to Mr. Sussmann. And I don’t know how best to deal with it, but I want to raise that to your attention.

Judge Cooper finally warns Durham to follow his orders

The Novick questioning finally stirred Cooper to try to do something about prosecutors flouting his orders. The first thing the next morning, he issued a both-sides warning about adhering to his rulings.

THE COURT: Okay. Good morning, everybody. All right. I just want to return briefly to the discussion we had at the end of the day yesterday.

You know, we’ve been here for two weeks. I have tried my best to let you folks try your cases as you see fit without undue intervention from the Court, as is my usual practice. But I obviously have set some evidentiary guardrails in the case that I expect both sides to follow, and I think you’ve done that for the most part.

Yesterday, however, I thought it was pretty clear — that I was pretty clear that in Mr. Novick’s testimony the government was not to suggest a link between the defendant and — on the one hand, and Mr. Joffe and the researchers’ data collection efforts on the other hand, or their views about the data. I didn’t think there was an evidentiary foundation for that.

I thought that the jury would only be able to speculate about any such connection, and I thought that any knowledge Mr. Novick had about that was necessarily hearsay from Mr. Joffe, who obviously is not here to testify. And I thought, at least, the final question in the redirect that was asked yesterday, nevertheless, attempted to establish such a link.

You know, I know that questions get asked rhetorically or argumentatively that are likely to draw an objection, and I will give lawyers some slack on that, but I expect both sides to comply with my evidentiary rulings.

There’s a lot of evidence in this case. There’s a lot for the jury to digest. They will have plenty of validly admitted evidence to pore over, and from here on out, including in arguments, I expect both sides to comply with both the letter and the spirit of the Court’s evidentiary rulings. So let’s keep it clean from here, okay?

MR. KEILTY: Yes, Your Honor.

Berkowitz used that exchange to request that Cooper exclude the entirety of the email that Algor used to invite Heide to suggest the data had been fabricated as the only way to limit the damage from prosecutors breaking Cooper’s rules.

MR. BERKOWITZ: Thank you very much for that, Your Honor. I have one other request related to it. And I don’t mean to go to the well, but there was an additional line of questioning yesterday related to Government Exhibit 132 with Agent Heide. I’m happy to provide a copy of it, if you would like.

THE COURT: Just remind me what it is.

MR. BERKOWITZ: It’s the document they sought to admit between Rodney Joffe, David Dagon, and Manos Antonakakis, “Is this a plausible explanation?”

THE COURT: Yes, I know that one. Actually, pass it up.

MR. BERKOWITZ: Your Honor, I went back and read the basis for your admitting the document, which was that it was not hearsay because there was a statement, “can you review,” and a question, “is this a plausible explanation?” I think we all contemplated at the time that both Mr. Dagon and Mr. Antonakakis were on the witness list and might testify.

You did allow it in. We didn’t object on the basis that you had previously ruled on it.

The manner in which it was used with the witness, I think, didn’t comply with the spirit of the Court’s ruling. There were questions asked related to “if you had spoken with Mr. Dagon, and you were aware of this communication” words to the effect of “would that have been concerning?”

And the witness — and I’m not suggesting that it was elicited intentionally, but the witness said “it would concern me because it appears as if it’s fabricated.”

Berkowitz noted that (like the Clinton tweet before it, though Berkowitz didn’t make the connection) that exchange got reported in the press.

That’s been reported in the press, even though you struck it from the record at our request.

Our remedy request, Your Honor, in light of that, and in light of the lack of probative value of that document with no connection to Mr. Sussmann, would be to strike the question and answering related to that document, to strike that document from the record, and not allow the prosecution team to use it with any defense witnesses, as well as not to use it in argument because it would have been stricken from the record.

We think the probative value of that document at this stage is minimal, and I expect that if it is published to the jury and used in any way, the jurors will associate it with the fabrication comment. And you worked real hard — and we have all worked really hard — to keep out the accuracy of the data. And the prejudicial nature of the document and the testimony associated with it is something that we think, while it can’t be remedied, and the bell can never be unrung, they should not be reminded and put before them. [my emphasis]

After having just been scolded, DeFilippis nevertheless made a bid to keep the document that might trigger the improperly elicited comment in as evidence.

Michael Keilty — the closest thing to a grown-up on this team — then tried to explain away Algor’s flouting of the rules with Novick.

MR. KEILTY: One last thing, Your Honor, just with respect to the final question to Mr. Novick yesterday. I think Your Honor’s aware that the government obviously did not intend for that — to elicit that answer. Instead, it intended to elicit an answer regarding Mr. Novick’s thoughts about whether this was involved with a political entity or political campaign. We didn’t have the opportunity or the benefit of conferring with Mr. Novick prior to Your Honor’s ruling. So we apologize for that, but we just wanted to put on the record some of the reasons why.

THE COURT: Well, you could have asked, “Without telling me who it came from, what was your understanding of the general nature of the source?” Right?

7. Hearsay on Top of Hearsay about Joffe’s Joke about a Job

But the Durham team’s defiance of Cooper didn’t stop there. While Cooper had permitted (with the proper foundation) a Joffe email that elicited feedback, Cooper had excluded an email — sent to someone never identified as a witness in this case — in which Joffe had joked about working in cybersecurity under a Clinton Administration. Nevertheless, as part of a long exchange with retired FBI Agent Tom Grasso in which DeFilippis asked Grasso materiality questions about stuff he heard about but had no firsthand knowledge of — each time presented as fact rather than as a conspiracy that Durham had explicitly been prohibited from presenting because they hadn’t charged it — Durham’s lead prosecutor raised the allegation he had been prohibited from raising.

Q. So when he came to you or at any time after that, did Mr. Joffe disclose to you whether he was working on this with representatives of the — of a political campaign?

A. He did not, no.

Q. And do you think you’d remember if he had told you at the time, you know, “I’m doing this, working with some folks who are working with the political campaign”?

A. I would think I would remember that, yes.

Q. So Mr. Joffe didn’t tell you — have you heard of a firm called Fusion GPS?

A. I have heard of Fusion GPS, yes, sir.

Q. Okay. And are you generally aware that they had — without getting into any specific work you did, are you generally aware that they had done some work for the Clinton Campaign at the time?

A. Yes, I —

Q. Okay.

A. Yes, I am aware of that, yes.

Q. So Mr. Joffe didn’t say he was working with Fusion GPS on this project?

A. Not that I recall, no.

Q. And Mr. Joffe never told you that, you know, this project had arisen in the context of opposition research that the Clinton Campaign was working on?

A. I do not recall that coming up, no.

Q. If Mr. Joffe had come to you and said, “I’m working with some investigators and some lawyers who are working for the Clinton Campaign, and, you know, that’s part of what I’m doing here with this information, can you please keep my name out of this,” would you have viewed that differently than you viewed the information as you got it?

[snip]

Q. Okay. And in the 2016 election period, you and Mr. Joffe, I imagine, never discussed politics or anything like that?

A. I don’t recall political discussions with him, no.

Q. Okay. And did you — so you certainly didn’t know that he was working with folks affiliated with a particular political party or campaign on what he brought to you, right?

A. I have no recollection of that.

Q. And any recollection of hearing or learning that he was expecting any kind of position in a future political administration?

A. I do not have a recollection of that other than — let me rephrase that. I have a recollection of that being reported in the media, but I don’t have a —

MR. BERKOWITZ: Objection, Your Honor.

THE COURT: Sustained. [my emphasis]

When Berkowitz raised this exchange at the end of the day, Judge Cooper noted that the several meetings they had with Grasso were ample basis for DeFilippis to understand that Grasso had no knowledge of those matters (or, for that matter, the topics covered by that entire line of questioning).

MR. BERKOWITZ: Judge, I regret that I’m going back to this same issue that we started the day with where  you admonished counsel to be careful of the guardrails related to evidentiary rulings. We had another situation n today that I think ran afoul of your comments. There was an email that was the subject of a motion related to Mr. Joffe communicating about a potential job. And in the cross-examination of Agent Grasso there was a question about, “He certainly didn’t know he was working with folks affiliated with a particular political party or campaign when he brought that to you. Right?”

Answer: “I have no recollection of that.” I didn’t object.

And then he followed up with: “And any recollection of hearing or learning that he was expecting any kind of position in a future political administration, knowing that there was nothing in the 3500 materials related to that and knowing an objection that was sustained could elicit a belief that he would do that?”

The witness answered, “I do not have a recollection of that other than — let me rephrase that. I have a recollection of that being reported in the media.”

I objected. Your Honor, they had met with this witness four times. They had pretried him twice. There was nothing in the 3500 material to suggest that he had any belief of that or any recollection or any connection.

And it’s another instance in a litany of instances that’s suggesting to the jury topics and issues that were the subject of your ruling. And I, you know, particularly  with the potential testimony of Mr. Sussmann coming up, I don’t know what else to say or to do, and we’ll consider filing a motion. But I wanted to raise the issue, and I take no joy in continuing to do this. But I cannot stand by while it continues to go on.

DeFilippis at first tried to excuse blowing off Cooper’s ruling by saying that the rules for cross-examination are different. But not if the witness was originally a witness for the prosecution.

THE COURT: Counsel?

MR. DeFILIPPIS: Yes, Your Honor. I guess we’re glad that Mr. Berkowitz raised it in the sense that, you know, typically the rules for cross-examination are different from evidence presented in a case in chief. And if there is a good-faith basis to ask — inquire as to knowledge of a matter, Your Honor, the government didn’t phrase the question tethered to any email or refer to any hearsay.

It was just inquiring as to knowledge and then inquiring as to whether that fact would be relevant to what  it is that Mr. Grasso’s interactions with Mr. Joffe were.

So if, again if the Court wants —-

THE COURT: Counsel, I don’t disagree with that, but you got to have a good faith basis for asking the question. Right? And if you prepped this guy and he’s never said anything about it, then there’s no good-faith basis. Okay? Him reading it in The New York Times or whatever is not a good-faith basis.

Then DeFilippis claimed that the question — which came after two earlier ones in which he asked Grasso questions about things he had “heard of” — was not deliberately intended to elicit such a response.

MR. DeFILIPPIS: Yeah, and to be clear, Your Honor, the portion where he said he read in the — we didn’t know that, and we wouldn’t have intentionally elicited something from a press account. So we will certainly be careful.

THE COURT: He was the defense’s witness here, but he was on your witness list. You should have known. If there was a basis to ask that question, you should have known what it was.

MR. DeFILIPPIS: Yeah. Understood, Your Honor.

Only after this exchange on prosecutors using someone who had originally been a government witness to invite speculation did Cooper exclude the entire email discussion involving Heide.

THE COURT: In that vein, let’s go back to GX-132 the admission of the email did not sit well with me yesterday, and it still does not sit well with me.

The Court ruled that the document was [sic] hearsay originally because it contained a question and a request, as opposed to an assertion. But the Court made clear in its order that, in order to be admitted, it would still need a proper foundation. The witness through which the document ultimately was admitted, albeit not without an objection from the defense, was Mr. Heide, who, as far as I could tell, had no personal knowledge whatsoever of the email. He didn’t know Mr. Joffe. He didn’t know the researchers who received it. He obviously was not a party to the email. So frankly, I don’t see how he could testify to that email in his personal knowledge as required by Rule 602.

So for that reason, I don’t think it was properly admitted through that witness. As I said yesterday, we had expected at least two of the researchers to testify based on who was on the government’s list. And I think it would have been properly admissible through those people to explain how the data came into being  as the Court ruled prior to trial. So I am going to exclude that email as well as any testimony by Mr. Heide describing his interpretation or views or thoughts on the email. Okay?

Conspiracy theory

This repeated defiance of Judge Cooper was treated as one after another evidentiary issue, usually prosecutors sneaking in hearsay with no basis. Ultimately, however, it was about a more basic ruling Judge Cooper had made, that this trial would not be about a conspiracy theory that Durham wanted to criminalize without charging.

As Berkowitz observed in his close,

This case is not about a giant political conspiracy theory. It’s about a short meeting.

[snip]

So the people who were part of this large political conspiracy theory are the people at HFA, Rodney Joffe, and Fusion GPS. They’re the people that are supposedly involved in this conspiracy.

There will be a lot said about this trial, no matter the verdict. But the serial defiance of the Durham prosecutors was a successful attempt to do something else that Judge Cooper had prohibited: to criminalize, under a conspiracy theory, perfectly legal behavior.

OTHER SUSSMANN TRIAL COVERAGE

Scene-Setter for the Sussmann Trial, Part One: The Elements of the Offense

Scene-Setter for the Sussmann Trial, Part Two: The Witnesses

The Founding Fantasy of Durham’s Prosecution of Michael Sussmann: Hillary’s Successful October Surprise

With a Much-Anticipated Fusion GPS Witness, Andrew DeFilippis Bangs the Table

John Durham’s Lies with Metadata

emptywheel’s Continuing Obsession with Sticky Notes, Michael Sussmann Trial Edition

Brittain Shaw’s Privileged Attempt to Misrepresent Eric Lichtblau’s Privilege

The Methodology of Andrew DeFilippis’ Elaborate Plot to Break Judge Cooper’s Rules

Jim Baker’s Tweet and the Recidivist Foreign Influence Cheater

That Clinton Tweet Could Lead To a Mistrial (or Reversal on Appeal)

John Durham Is Prosecuting Michael Sussmann for Sharing a Tip on Now-Sanctioned Alfa Bank

Apprehension and Dread with Bates Stamps: The Case of Jim Baker’s Missing Jencks Production

Technical Exhibits, Michael Sussmann Trial

Jim Baker’s “Doctored” Memory Forgot the Meeting He Had Immediately After His Michael Sussmann Meeting

The FBI Believed Michael Sussmann Was Working for the DNC … Until Andrew DeFilippis Coached Them to Believe Otherwise

The Visibility of FBI’s Close Hold: John Durham Will Blame Michael Sussmann that FBI Told Alfa Bank They Were Investigating

The Staples Receipt and FBI’s Description of Michael Sussmann Sharing a Tip from Hillary

“and” / “or” : How Judge Cooper Rewrote the Michael Sussmann Indictment

 

“and” / “or” : How Judge Cooper Rewrote the Michael Sussmann Indictment

/42 Comments/in , /by

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs. If you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations for this coverage — which reflects the culmination of eight months work. 

I’ve been tracking a dispute about the jury instructions in the Michael Sussmann trial, but only got time to check the outcome last night. At issue was whether some of the extraneous language from the indictment would be included in the description of the charge.

Here’s the language the grand jury approved in the indictment.

O]n or about September 19, 2016, the defendant stated to the General Counsel of the FBI that he was not acting on behalf of any client in conveying particular allegations concerning a Presidential candidate, when in truth, and in fact, and as the defendant knew well, he was acting on behalf of specific clients, namely, Tech Executive-1 and the Clinton Campaign. [my emphasis]

Sussmann had wanted the instructions to include that language claiming Sussmann was lying to hide two clients.

Mr. Sussmann proposes modifying the last sentence as follows, as indicated by underlining: Specifically, the Indictment alleges that, on or about September 19, 2016, Mr. Sussmann, did willfully and knowingly make a materially false, fictitious, and fraudulent statement or representation in a matter before the FBI, in violation of 18 U.S.C. § 1001(a)(2), namely, that Mr. Sussmann stated to the General Counsel of the FBI that he was not acting on behalf of any client in conveying particular allegations concerning Donald Trump, when, in fact, he was acting on behalf of specific clients, namely, Rodney Joffe and the Clinton Campaign.5 The government objects to the defense’s proposed modification since it will lead to confusion regarding charging in the conjunctive but only needing to prove in the disjunctive.

When Judge Cooper instructed the jury, however, he rewrote the indictment approved by the grand jury to reflect that maybe Sussmann was just hiding one client.

Specifically, the Indictment alleges that in a meeting on September 19, 2016, Mr. Sussmann did willfully and knowingly make a materially false, fictitious, and fraudulent statement or representation in a matter before the FBI in violation of 18 USC 1001(a)(2); namely, that Mr. Sussmann stated to the General Counsel of the FBI that he was not acting on behalf of any client in conveying particular allegations concerning Alfa-Bank and Donald Trump, when, in fact, he was acting on behalf of specific clients, namely Rodney Joffe or the Clinton Campaign. [my emphasis]

Now, perhaps there was some discussion I missed finding that the government only had to prove Sussmann was hiding one client — the disjunctive proof business, above. And perhaps it will not matter — I think Sussmann’s team raised plenty of issues with Jim Baker’s credibility such that the jury will find the whole prosecution preposterous, but I also think Durham’s team may have thrown enough cow manure at the jury to stifle rational thought.

But this slight change — unilaterally replacing “and” with “or” — seems to intervene to help Durham recover from one of the most abusive aspects of the prosecution, his failure to take basic investigative steps before charging Sussmann.

As I’ve repeatedly shown, Durham did nothing to test Michael Sussmann’s sworn explanation for his meeting with Jim Baker — that he wanted to give the FBI an opportunity to intervene before a shitshow story happened during election season — before charging. He spent months and months after the indictment scrambling to find the documentation for the efforts the FBI made to kill the NYT story (and ultimately only found part of that documentation), evidence he should have consulted in advance.

Durham also never subpoenaed Jim Baker for related materials before charging this.

Those two facts are how it was possible that Baker only discovered the September 18, 2016 text in which Sussmann explained he was trying to help the FBI on March 4, 2022, almost six months after the indictment (though Andrew DeFilippis misrepresented this at trial).

We also know from Sussmann’s discovery requests that Durham did little to explore Rodney Joffe’s relationship with the FBI before charging. While Durham knew that Joffe had been an informant — and had forced FBI to remove him as such, allegedly as retaliation because Joffe wouldn’t cooperate with Durham’s investigation — it’s not clear whether Durham had found two instances where Joffe had offered up more information about the Alfa Bank allegations to an FBI agent (not his handler) who knew his identity and could easily have shared it with investigators.

In other words, even if you think Sussmann was attempting to hide the Hillary campaign’s role in the underlying allegations (which is different from hiding the campaign’s role in the meeting with the FBI, though Durham’s team surely hopes the jury misses the distinction), the trial actually presented a fair amount of evidence that Sussmann wasn’t hiding Joffe’s role. The FBI knew of Joffe’s role within days of Sussmann’s meeting.

For months, Durham has been spinning a wild conspiracy theory claiming Joffe had direct ties to the Hillary campaign that he simply didn’t have. That is the conspiracy theory he laid out in the indictment. That is the conspiracy theory he should be held to.

But Cooper rewrote that part of the indictment such that Durham is not being held to his own conspiracy theories when it matters.

OTHER SUSSMANN TRIAL COVERAGE

Scene-Setter for the Sussmann Trial, Part One: The Elements of the Offense

Scene-Setter for the Sussmann Trial, Part Two: The Witnesses

The Founding Fantasy of Durham’s Prosecution of Michael Sussmann: Hillary’s Successful October Surprise

With a Much-Anticipated Fusion GPS Witness, Andrew DeFilippis Bangs the Table

John Durham’s Lies with Metadata

emptywheel’s Continuing Obsession with Sticky Notes, Michael Sussmann Trial Edition

Brittain Shaw’s Privileged Attempt to Misrepresent Eric Lichtblau’s Privilege

The Methodology of Andrew DeFilippis’ Elaborate Plot to Break Judge Cooper’s Rules

Jim Baker’s Tweet and the Recidivist Foreign Influence Cheater

That Clinton Tweet Could Lead To a Mistrial (or Reversal on Appeal)

John Durham Is Prosecuting Michael Sussmann for Sharing a Tip on Now-Sanctioned Alfa Bank

Apprehension and Dread with Bates Stamps: The Case of Jim Baker’s Missing Jencks Production

Technical Exhibits, Michael Sussmann Trial

Jim Baker’s “Doctored” Memory Forgot the Meeting He Had Immediately After His Michael Sussmann Meeting

The FBI Believed Michael Sussmann Was Working for the DNC … Until Andrew DeFilippis Coached Them to Believe Otherwise

The Visibility of FBI’s Close Hold: John Durham Will Blame Michael Sussmann that FBI Told Alfa Bank They Were Investigating

The Staples Receipt and FBI’s Description of Michael Sussmann Sharing a Tip from Hillary