Judge Hernán Vera has denied Garrett Ziegler’s motion to dismiss Hunter Biden’s lawsuit against him.

I had thought that Ziegler’s defense against the hacking claims, which argued that because Hunter Biden never owned the hard drive on which Ziegler received all Hunter’s data (including the iPhone protected by a password), might pose some interesting legal arguments.

I’m sure we’ll see the argument return, but for this stage of proceedings, Judge Vera agreed with Hunter’s argument that the relevant hacking laws focus on data, not devices.

Defendants assert that “[n]either the CFAA nor the CCDAFA authorizes a party whose data has been copied to assert a civil action over any computer, device or system not in their possession.” Motion at 5. But Defendants fail to point to language in these statutes that require possession of the physical device. Neither the CFAA nor the CCDAFA contain any requirement that Plaintiff must “own,” “possess,” or “control” the physical device or computer that Defendants accessed. The statute concerns the ownership of the data accessed. Both statutes allow Plaintiff to assert claims based on the facts asserted. See 18 U.S.C. § 1030(g) (extending civil remedy to “any person” who suffers damage or loss); Cal. Pen. Code § 502(e)(1) (extending civil remedy to owners of “data” who suffer damage or loss). In fact, Defendants’ ownership-and-control argument has been rejected by the Ninth Circuit. See Theofel v. Farey-Jones, 359 F.3d 1066, 1078 (9th Cir. 2004) (reversing “district court [that] erred by reading ownership or control requirement into the [CFAA] . . . . Individuals other than the computer’s owner may be proximately harmed by unauthorized access, particularly if they have rights to data stored on it.”).

The next time some tabloid journalist makes big news about Hunter’s spouse calling Ziegler a Nazi, she can state with confidence that this is a lawsuit about hacking, not about merely disseminating data.

The means by which Vera dismissed Ziegler’s claim that there was no personal jurisdiction over his activities in California are a bit more fun.

Among the evidence that Ziegler’s activity included a focus on California cited by Vera was the picture Ziegler posted to Instragram showing himself posing outside the Chateau Marmont in LA, holding a copy of his report.

Vera also noted that Ziegler’s sales of the report rely on Stripe and its CA-based servers.

Defendant Ziegler notes that the report Defendants prepared using Plaintiff’s data is available at the website www.bidenreport.com. Ziegler Decl. ¶ 8 & n.1. On this website, a “Purchase” button is prominently displayed, allowing users to spend $50.00 for a hardcopy of the Biden report. Declaration of Gregory A. Ellis (“Ellis Decl.”) ¶ 6, Ex. A [Dkt. No. 30-2]. Clicking the purchase button then links to a purchase page operated by Stripe.com, a California-based entity whose purchase terms are governed by California law.7

7 See www.stripe.com/legal/consumer, Section 12.

And Vera noted that Ziegler had sent copies of the report to CA residents like Elvis Chan (the FBI Agent at the center of right wing conspiracy theories about Twitter briefings) and Hunter’s criminal defense attorney, Angela Machala.

For example, he sent copies to multiple California residents to verify Plaintiff’s information. Ziegler said in interviews that his team talked with each person named in the report. Ellis Decl. Exs. C at 12 (“I took the time to call each and every person that is in this report”) [Dkt. No. 30-5]; D at 8 (“we’ve sent the dossier to all 4,000 contacts on Hunter’s laptop) [Dkt. No. 30-6]. He even includes a table of alleged Plaintiff family crimes with California area codes, many listing “where (venue)” as C.D. Cal. Ellis Decl. Ex. E at 233–35, 400–01. Other California residents include an FBI agent in the San Francisco field office, Ellis Decl. Ex. E at 22. And Ziegler even sent the Report to the personal residence of one of Plaintiff’s California-based attorneys. Ellis Decl. ¶ 12.

Vera’s ruling opens the way for discovery of the specific means and personnel involved in the exploitation of the hard drive, including the chain of custody via which Ziegler obtained it. Among the issues ripe for discovery cited in Hunter’s response include how Ziegler obtained the data, who funded his efforts, and who helped Ziegler exploit the data.

Defendants will have to explain how many copies of Plaintiff’s data they received and from whom, as well as the precise data they came to possess, during discovery in this case.

[snip]

Ziegler’s assertions about Defendants’ website views and support from California also demonstrate that the Court should exercise its discretion to allow jurisdictional discovery, should it still have questions about jurisdiction even after reviewing Plaintiff’s evidence. See, e.g., Orchid Biosciences, Inc. v. St. Louis Univ., 198 F.R.D. 670, 672-73 (S.D. Cal. 2001) (noting that courts have broad discretion in allowing jurisdictional discovery, citing multiple authorities). Here, discovery would be appropriate to address the following issues, at a minimum: the total number of Defendants’ financial supporters based in California; the percentage of their total financial supporters based in California; the total amount of money donated from California; the percentage of Defendants’ monetary donations emanating from California; the total number of unique website viewers from California; the percentage of unique website viewers from California; the number and percentages of website purchases of hardcopies of the Report emanating from California locations; and the number of California residents Ziegler sent hardcopies of the Report to in his “carpet-bombing” campaign, discussed infra.

[snip]

4 It is unclear whether the “team” of individuals who assisted Defendants with their data-related activities includes any California residents. In his declaration, Ziegler attests he has “hired no employees or independent contracts [sic] to conduct business in California, nor do any of Marco Polo’s board members reside in California.” (Ziegler Decl. ¶ 13.) But this careful wording leaves open many potential California connections, including the possibility that some aspects of Defendants’ unlawful data-related activities occurred in California and/or were perpetrated by California residents who were assisting Defendants in a capacity other than as “employees or independent contractors.” The location of Defendants’ “team” members is another appropriate topic for jurisdictional discovery.

The frothy right made a big deal about the fact that Hunter and Robert Costello put the lawsuit against Costello and Rudy Giuliani on hold pending Rudy’s bankruptcy. But discovery on this lawsuit will get to some of the very same issues.

Following the news that Fox News has complied with one of Hunter Biden’s demands by taking down a six-part fictionalized series on Joe Biden’s son, Sarah Fitzpatrick, one of the journalists who first reported on Hunter Biden’s threats to sue Fox news yesterday, has a new scoop out.

A retired Secret Service agent implicated in the most clearcut laptop related fabrication, Robert Savage, is suing the NYPost, reporters who claimed that he had helped run cover-ups for Hunter Biden in LA, and the US affiliate of the Daily Mail. (NYP, Associated Newspapers)

A former Secret Service agent sued two news organizations for defamation Tuesday and accused them of publishing stories based on fabricated text messages that he says falsely linked him to Hunter Biden.

Robert Savage, a 25-year veteran of the U.S. Secret Service and the Special Agent in Charge of the agency’s Los Angeles Field Office from 2015-2017, filed the lawsuits in New York against the New York Post and two of its reporters, and the owner and publisher of the Daily Mail.

Savage alleged that the reporters and publications recklessly disregarded information that the text messages, which came from a laptop that purportedly belonged to Hunter Biden, were fabricated. Despite that, they published articles and tweets in 2021 and 2023 that suggested Savage communicated with and met and met with Biden in Los Angeles.

“Rob has not and has never met Hunter Biden, does not know Hunter Biden, has no connection with Hunter Biden, and has never corresponded with Hunter Biden,” Savage’s attorney, Mark Goidell, told NBC News.

The lawsuit itself is not the big part of the story: It’s that someone presenting as Joseph Ziegler questioned Savage about the incident.

In March 2022, Savage was visited at his home by an FBI agent and an IRS agent who said they wanted to ask him questions about his association with Hunter Biden and the laptop. Savage was also served with a grand jury subpoena from the U.S. Attorneys Office in Delaware, which later charged him with tax and gun charges.

NBC News obtained security footage of the interaction, copies of the business cards left by the agents and a copy of the subpoena.

The IRS agent identified himself as Joseph Ziegler, who testified as a whistleblower to a House committee investigating Hunter Biden in 2023. Ziegler alleged that the Department of Justice prosecutors limited his investigation of Hunter Biden, a charge that DOJ officiales denied. Ziegler’s attorney declined to comment.

Goidell said that the law enforcement agencies appear to have ended their investigations of the alleged text exchanges between Savage and Biden.

It has long been known that there was fabricated data on at least some versions of the hard drives created from the laptop. But it has been unclear whether those fabrications existed on the copy shared with the FBI.

If Joseph Ziegler really did visit Savage, it means one of two things: Either there is fabricated data on the FBI laptop and investigators have known that since 2022, or that Ziegler allowed himself to be tainted by the publicly released claims about the laptop, complete with fabricated data.

Remember, in August last year, when David Weiss’ purportedly sheep-dipped prosecutors told Abbe Lowell they were going to pursue felony charges against Hunter Biden, they confidently bragged that they had backstop for all the data on the laptop. They said that four months before they first obtained a warrant to access the laptop for evidence relating to gun crimes.

Their confidence turned out to be misplaced; in filings before Judge Noreika that persuaded her they had plenty of evidence against Hunter Biden, they relied on evidence that appears only to be available from the laptop.

And Savage’s lawsuit strongly suggests that prosecutors are sitting on evidence that they know the laptop is unreliable.

Update: This post has been updated, among other things, with links to the lawsuits.

From the time Gary Shapley provided Congress obviously flawed summaries of WhatsApp texts, stripped of their identifiers, from an iCloud backup of Hunter Biden’s, I’ve argued their treatment reflects badly on the IRS agents involved.

When Abbe Lowell claimed, before Hunter was charged, that the IRS agents had gotten the identify of Hunter’s interlocutor wrong, I noted that the summaries, lacking identifiers, prevented what should be easy adjudication of this dispute.

The summary matters, a lot. That’s because Lowell claims that Shapley — or whoever did these summaries — misidentified the Hunter Biden interlocutor whose last name begins with Z.

In one excerpt that has now gotten a great deal of media attention, Mr. Biden is alleged to have been sitting next to his father on July 30, 2017, when he allegedly sent a WhatsApp message, urging the completion of some business transaction. See Shapley Tr. at 14. The inference is that the referenced message was being sent to an official of CEFC (China Energy) to forward a false narrative about the Bidens’ involvement in that company. The facts, which some media has now reported, are that President Biden and our client were not together that day, the company being referenced was not CEFC but Harvest Financial Group (with a person who also had the initial “Z”), and that no transaction actually occurred. More important, your own actions call into question the authenticity of that communication and your subsequent use of it. In short, the images you circulated online are complete fakes. Many media articles confirm that data purported to have come from Mr. Biden’s devices has been altered or manipulated. You, or someone else, did that again. All of the misstatements about this communication and your use of a false text are good examples of how providing one-sided, untested, and slanted information leads to improper conclusions. [my emphasis]

This is a remarkable claim, because — if true — it suggests the IRS was investigating Hunter Biden based on wildly incorrect assumptions about the identity of his interlocutors.

Abbe Lowell claims that the IRS agents who investigated his client for five years — the son of the President!!! — didn’t know to whom he was talking! I’ve heard a lot of outlandish claims from defense attorneys (though Lowell is far more credible than the grifters who defend a lot of January 6 defendants), But this is an utterly inflammatory claim.

Had Shapley used responsible summaries, rather than the unprofessional script he did use, it might be possible to figure out who is right, here, because then we could compare the actual number or email account used.

When Luke Broadwater tried to manufacture a partisan both-sides dispute out of this discrepancy, I noted the real conflict came between Republicans, some of whom said the Zhao in question was Henry, others who said it was Raymond.

The summary and the fabrications of the text and Smith’s use of the initials “HZ” matter because there’s a dispute between Republicans and their IRS source about the identity of the person involved.

Shapley said the texts involved Henry Zhao, consistent with Smith’s fabrication.

But in a later release, James Comer described the interlocutor as Raymond Zhao — which is consistent with the interjection in the summary (and other communications regarding this business deal).

On July 30, 2017, Hunter Biden sent a WhatsApp message to Raymond Zhao—a CEFC associate—regarding the $10 million capital payment:

As we’ll see, Broadwater predictably “fact checks” this as a dispute between Democrats and Republicans. It’s not. Before you get there, you first have to adjudicate a conflict between the guy who led the IRS investigation for more than two years, Gary Shapley, and James Comer. It’s a conflict sustained by the shoddiness of the underlying IRS work.

This is a story showing not only that James Comer and Jason Smith don’t know what they’re talking about, but are willing to lie and fabricate nevertheless, but even the IRS agents may not know what they’re talking about, and if they don’t, it’s because the standard of diligence on the investigation of Joe Biden’s son was such that they didn’t even include the identifier of the person to whom Hunter was talking, which would make it easy or at least possible to adjudicate this dispute.

In Wednesday’s hearing, after such time as they had received discovery on this material, Hunter Biden and Abbe Lowell provided a new explanation for the discrepancy: That the first text (but only the first text) was accidentally sent to Henry Zhao, and the follow-up texts — which were therefore necessarily unrelated — came from Raymond Zhao.

Q This is a giant text pack prepared by the IRS investigators, summarizing, and in many cases, quoting WhatsApp message.

Mr. Lowell. Do you have the underlying message?

[Redacted] We have this document. This is what we have.

Mr. Lowell. I want to point out on the record that is all known to you that we have great reservations about the accuracy and completeness of what two IRS agents who have decided to go on television and try to promote what they believe should happen to Mr. Biden as having made a complete record.

And when there have been records, they have not been complete?

And when they make summaries, they are often quoting from texts or communications, which appear to have been altered by those other than themselves.

So with all that, you can certainly ask your questions. But I do not accept the premise that what you’re about to ask him is either an authentic or authenticated or a complete document.

[Redacted]: Okay.

Mr. Lowell. With that in mind, let’s go.

[Redacted] Okay.

BY [Redacted]:

Q Just to set expectations here, I’m going to refer to three. Okay? Then we’ll be done with this document for now.

A Page 3?

Q I’m going to refer to three sort of topics —

A Okay.

Q — within this giant document, not 148. We’re not going to go through every page. I’m sort of managing your expectations here.

A Thank you.

Q I’d like you to turn to page 4, and it’s a message dated July 30th, 2017. It’s about halfway down the page and it begins, “WA message with SM.” And that’s the — that stands for Sportsman, and that’s what they called you, and Zhao. Have you identified the one that I’m referring to?

Mr. Lowell. It’s down the page. It’s the only one for the 30th?

[Redacted]. Correct.

Mr. Lowell. Okay. Yes.

BY [Redacted]:

Q And so the text, according to the IRS, the Federal investigators, say, “Z, please have the director call me, moment James or Tony or Jim. Have him call me tonight. I’m sitting here with my father, and we would like to understand why the commitment made has not been fulfilled.

“I’m very concerned that the chairman has either changed his mind or broken our deal without telling me or that he’s unaware of the promises and assurances that have been made have not been kept.

“Tell the director I would like to resolve this now before it gets out of hand, and now means tonight. And, Z, if I get a call or text from anyone involved in this other than you, Zhang or the chairman, I will make certain that between the man sitting next to me and every person he knows and my ability to forever hold a grudge that you will regret  not following my direction.

All too often people make mistakes — sorry.

“All too often people mistake kindness for weakness, and all too often I’m standing over the top of them, saying, I warned you.

“From this moment until whenever he reaches me. It’s 9:45 a.m. here and I assume 9:45 p.m. there. So his night is running out.”

Zhao responds, “Copy. I will call you on WhatsApp.”

You respond, “Okay, my friend. I’m sitting here, waiting for the call, with my father. I sure hope whatever it is are you doing is very, very, very important.”

Then Zhao says, “Hi, Hunter. Is it a good time to call now? Hi, Hunter, Director did not answer my call, but he got the message you just mentioned.”

A Yeah.

Q Do you have any recollection of sending these?

A No, but I’ve seen this and —

Mr. Lowell. Is there a question?

[Redacted]. Yes. Does he have a recollection of sending the message?

The Witness. And I do not, but I do know this. I have now seen it, which it’s been presented. I would say two things about this message.

Mr. Nadler. Can you speak up?

The Witness. I would say two things about this message. The first thing is this.

Is that the Zhao that this is sent to is not the Zhao that was connected to CEFC.

BY [Redacted]:

Q Okay.

A Which I think is the best indication of how out of my mind I was at this moment in time.

Again, I don’t — my addiction is not an excuse, but I can tell you this: I am more embarrassed of this text message, if it actually did come from me, than any text message I’ve ever sent.

The fact of the matter is, is that there’s no other text message that you have in which I say anything remotely to this. And I was out of my mind. I can also tell you this: My father was not sitting next to me. My father had no awareness. My father had no awareness of the business that I was doing. My father never benefited from any of the business that I was doing.

And so, I take full responsibility for being an absolute ass and idiot when I sent this message, if I did send this message.

Q Okay.

[Redacted]. When you say it wasn’t Zhao from CEFC, who —

Mr. Nadler. Would you speak up, please?

[Redacted]. Which Zhao are you referring to if it wasn’t from CEFC?

The Witness. The number that I believe it went to was to Henry Zhao. Zhao is a very common — it’s not a surname — surname in China. I mean, obviously, very common surname. And I, like an idiot, directed it towards Henry Zhao who had no involvement, who had no understanding or even remotely knew what the hell I was even Goddamn talking about. Excuse my language

BY [Redacted]:

Q And he seems to —

A No, no, no, no, no, the Zhao — it’s a different — you’re conflating now.

Q Okay.

A And this why this report from the IRS is absolutely wrong. They’re two different messages.

The Zhao that calls me is not related to the message that was sent. I speak to him the next day. They’re two completely different sets of messages. One goes a number because, I made the Goddamn — excuse my language again — because I made like an idiot, and I was drunk and probably high, sent a — this ridiculous message to a Zhao, to a Henry Zhao.

But then the next day, I speak to a Raymond Zhao, who has never received the message that Henry Zhao got. And so that’s why this report is very misleading in many ways.

Mr. Lowell. That’s exactly why I raised the point before you decided to ask questions. The IRS agents —

The Witness. I gave —

Mr. Lowell. — took two different times and two different messages and conflated them. That’s what he’s explaining.

The Witness. And I can — and we can show you that.

And I also could show you that on that message, there was never a Chinese flag and a picture of it, as I think was shown in the Oversight Committee before. [my emphasis]

If I understand it correct, Henry Zhao was involved in an earlier business deal, Raymond Zhao is the one with ties to CEFC.

Here’s how Shapley presented the text in his first deposition.

And here’s the exhibit on which House Republicans are likely relying.

There are still a number of inconsistencies with this story, but it really doesn’t make sense to address them without full context (which Hunter presumably has).

In any case, the text string is still somewhat damning to Hunter; his conversations with CEFC continued the same thread, cutting Tony Bobulinski and the others out of the deal.

But I will say this: I already have questions about where WhatsApp texts got saved, not least because at the time, having access to one WhatsApp instance would give you access to the rest of it.

All the more so given that, if we can trust the warrant and Joseph Ziegler’s description of the source of these texts (Apple Backup 3, which the warrant describes as an Apple 6S backup), the timing is curious. Hunter used an iPhone 6S much earlier than 2017, and he initiated a new one on February 9, 2019, just as his devices were packed up for delivery to John Paul Mac Isaac.

Whatever the explanation, it seems that rather than work through a discrepancy, or just leaving out texts that couldn’t be explained, the IRS just blew through inconsistencies.

For years, there have been questions about whether, and if so how, Hunter Biden could ever be prosecuted using evidence from the laptop. As I noted here, David Weiss and Derek Hines revealed how they intend to do that yesterday. The answer is, by engaging in unbelievably dickish sandbagging of the President’s son.

The ploy involved two steps. First, prosecutors provided Hunter digital evidence in October, with warrants only for tax crimes. At that point, there was no reason to assess those warrants for suppression, because they did not permit searches for gun crimes.

Then, exactly seven days before the motions deadline in the case, they provided a new warrant, for the first time presenting a warrant covering gun crimes. They now claim that because Abbe Lowell did not move to suppress the laptop by that motions deadline seven days later, he has waived his opportunity.

I’m not saying that this kind of ethically problematic gimmick won’t work, nor am I saying it only happens to privileged white men like Hunter. But it is shocking that that is how they plan to bury legal and forensic problems with evidence from the laptop.

I think it likely Lowell may respond by saying there are a whole bunch of things — such as evidence the FBI conducted analysis long before they obtained the laptop and determined John Paul Mac Isaac had unlawfully accessed it and known forensic reports describing problems with the data — that he should have been provided. I expect Lowell will point to this gimmick and describe that it is proof these men are no longer entitled to the presumption of regularity, and therefore the gun charges should be reviewed for vindictive prosecution.

Lowell may also point out that evidence Joseph Ziegler made public shows that a key premise behind this gimmick is false.

Part of Hines’ gimmick is a claim that investigators could, and — the response suggests — did, find evidence pertaining to gun crimes while seeking evidence of Hunter’s state of mind pertaining to the tax crimes.

The warrant authorized investigators to search for the same violations referenced in the previous paragraph, that is, violations of 26 U.S.C. § 7201, Tax Evasion, 26 U.S.C. § 7203, Willful Failure to File Tax Returns or Pay Taxes, and 26 U.S.C. § 7206(1), False Tax Returns. Relevant to this case, this warrant also authorized investigators to seize “evidence indicating the state of mind of the owner and user of the TARGET MACBOOK PRO and TARGET EXTERNAL HARD DRIVE as it relates to the crimes under investigation.” Again, evidence that showed the defendant’s addiction to controlled substances indicates “the state of mind of the owner and user of the TARGET MACBOOK PRO and TARGET EXTERNAL HARD DRIVE as it relates” to the to the tax crimes enumerated in the warrant.

Except Joseph Ziegler helpfully told us what he looked for with that very same warrant when he provided the filter term document to Congress. While he included “halliebiden” (meaning a few of these texts might come in), porn, and girl, he did not include drugs, cocaine, crack, or any other drug-related term.

Cathay

Cathay Bank

CEFC

Cooper

debit

deduction

Dennis Louis

Devon

Dhabi

Dodge

draw

That is investigators wouldn’t find most of these communications as part of the tax investigation.

In fact, Garrett Ziegler has identified several that involve Hunter’s then still licensed psychiatrist, Keith Ablow, which would have been filtered, and aren’t drugs at all.

Again, to be clear, Hines intends to bypass all scrutiny of the laptop with his unethical sandbagging, and he might get away with it.

But in the process, he’s making claims refuted by public evidence.

Joseph Ziegler, the disgruntled IRS agent who built a tax case on the digital payments Hunter Biden made during the depth of his addiction, is quite proud that he found one of the sex workers who slept with Joe Biden’s son. He brought it up twice in his testimony.

First, he boasted that he sought out women he called prostitutes and impressed the prosecutors.

Yeah. So standard practice is — for any transaction, you want to go out — and a lot of our job is hitting the pavement, going out and talking to people. There was a lot of different investigative steps that we took, that even going and talking to the prostitutes, we found multiple people that he called his employees that were also prostitutes, and that he would have them clean his hotel room or — there were a lot of these interviews that we ended up going and doing and talking to people that were so worth it, even though someone might — we were always being told by the prosecutors, you guys are wasting your time going and doing that. It’s not worth it. And literally, I would surprise them every time and find everyone.

Though maybe Ziegler was speaking loosely when he called these women prostitutes. Later in his testimony, he admitted that he had been calling Lunden Roberts, a former stripper and the mother of Hunter’s fourth child, a prostitute.

Then, he complained that prosecutors had withheld the sex videos involving a “potential prostitute” they had interviewed — effectively confessing that he had looked online for things that would have tainted his testimony.

But there was other things — we went out and talked to one of the potential prostitutes. And there were videos that I’ve seen out there on Twitter, on the internet, and information related to that person that I had never seen before.

He — or rather, Homeland Security Investigations — did find at least one sex worker, though.

In the documents Ziegler released last September, he included two interview excerpts, one with Hunter’s accountant, Jeffrey Gelfound, and another with a sex worker whom he calls “Gulnora.” Ziegler explained the two show that Hunter wrote off a payment to Gulnora, who admitted she met with Hunter as an escort.

EXHIBIT 1F & 1G: This was a memorandum of interview of Jeffrey Gelfound, Edward White & Company tax accountant who assisted with the preparation of RHB’s delinquent tax returns, to include the RHB’s personal and corporate tax returns for 2017 and 2018. When discussing deductions on RHB’s tax returns, Gelfound was asked about whole dollar transfers to Gulnora. Gelfound was asked if RHB verified this as a business expense in which Gelfound stated “Yes, we put it on the returns so …”. EXHIBIT 1G was an interview report turned over to the investigative team as a part of the RHB investigation. I have included a redacted excerpt of that interview of an escort by the name of Gulnora that was conducted on or about April of 2021 in which she admits to meeting RHB relating to escort work.

Note the interview with Gelfound, not the one with “Gulnora,” appears to have been in April 2021; the “Gulnora” one appears to have taken place in June 2021. Close enough for IRS-CI work, I guess.

In the Gelfound interview, DOJ Tax Prosecutor Mark Daly actually asks the accountant about two Venmo payments, one for $1,500 and another for $2,700.

DOJ-Tax Daly: [redacted] there is a series of large whole dollar transfers to something called Gulnora?

Jeffrey Gelfound: OK.

DOJ-Tax Daly: Do you know what that is?

Jeffrey Gelfound: I-I don’t.

DOJ-Tax Daly: OK – But Hunter verified to you that that was a business expense?

Jeffrey Gelfound: Yes, we put it on the returns so …

DOJ-Tax Daly: OK, um, there’s a series of Venmo transfers, large dollar ones, for example, [redacted]

Jeffrey Gelfound: OK.

DOJ-Tax Daly: On August 14th there’s a $1500 expense and on September 4th there’s a $2700 expense.

The $1,500 expense appears to be the one mentioned in the tax indictment, which I wrote about here. That payment was the first obvious charge on Hunter’s Venmo account after two new devices were added to Hunter’s Venmo account in two different cities. It appears to have happened a day earlier than described in the indictment (and than described in this interview, which will be admissible for impeachment at trial). To prove that Hunter intentionally wrote this off improperly, prosecutors will need to prove not just that Hunter — as opposed to the people who accessed his Venmo account days before this — made the payment, that Hunter, rather than the dancer, listed the payment as Art, and that he remembered all that in 2020.

And while the $2,700 payment doesn’t obviously appear in the indictment, it’s yet more proof of how problematic relying on payments Hunter made to sex workers will be for prosecutors (there are plenty of other payments they would have an easier time proving were improper write-offs, though).

The Venmo described as a September 4 payment appears to have been made on August 30, 2018. If that’s correct, then it was paid to a woman who was paid at least three times in two days, probably four. In addition to the $2,700 Venmo payment (shown in pink in the timeline below), she was paid a total of $1,800, via two payments, on Zelle. Then she was entered as a wire transfer recipient in Hunter’s Wells Fargo account, immediately after which someone was transferred $4,000. Those payments are shown in red on the timeline.

The three different methods of payment (from at least two bank accounts and a Visa debit card) are suspect enough.

They happened in a period when Hunter’s life was in remarkable turmoil, even by his standards. On Sunday, August 26, he left his bank card in an ATM machine. The next day, Monday, he either lost his phone or someone used the Lost Phone function to track Hunter as he moved across Venice, CA and ultimately to the AirBNB in the Hollywood Hills where he was staying for two nights. The next day, Tuesday, after he left the AirBNB, he discovered he had left a bag there. Ultimately the owner gave the bag to an Uber driver (but there’s no obvious Uber payment showing that Hunter got the bag back). The next day, Wednesday, Hunter either spent two hours trying to get onto Venmo; or someone spent hours trying to break into his account. Also that day, Hunter’s contact information for Wells Fargo was changed; it looks like Wells Fargo had two separate numbers ending in 9396 for him. That night appears to be when he first interacted with the sex worker the IRS calls Gulnora, because he paid her at close to 4AM. Consistent with what she told HSI 34 months later, they met again the next night, Thursday. He paid her via Zelle at 9:50PM, via Venmo at 11:04PM, and then probably via wire transfer at 6:41AM. Later that day, just after 7PM on August 31, Hunter would buy a new MacBook Pro using two credit cards; this is believed to be the laptop that would eventually end up in Fox News pundit Keith Ablow’s possession. Two and a half hours later, Hunter made an Account Recovery request to Apple (using a different phone number than the one(s) recently added to his Wells Fargo account), and the next day, Saturday, September 1, he started accessing his accounts from the new device. This was one of only two Apple Account Recovery attempts recorded in the publicly available emails, and unless he lost a laptop at the AirBNB, it’s not clear what device had been compromised (though he had lost an iPad earlier in August).

But that’s not all. The $4,000 wire transfer made in the same minute the sex worker was made a wire transfer recipient occurred immediately after something that also frequently occurred on Hunter’s Wells Fargo account: a reset of access after a suspected compromise.

On at least 36 occasions in 2017 and 2018 — and three times (marked in blue in the timeline) in the period in which this payment was made to a woman the IRS is calling Gulnora — Wells Fargo suspended his access because it suspected someone else was trying to access his account, which required him to change his password before he could access it. Most often, the password got changed and Face ID, allowing anyone with access to Hunter’s face or perhaps his fingerprint, would be turned back on. Probably, many if not most of those were not someone else trying to access the account; they were probably just Hunter trying to access the account, in ways that looked suspect. But the result is that he almost certainly repeatedly accessed his bank account while in the presence of a dealer or a sex worker awaiting payment, watching that he reset his password and then turned on Face ID. This would alert them that they could access Hunter’s account by using his face (or fingerprint), either of which would be accessible to them when he was wasted. As a result, like that Venmo payment made earlier in August, law enforcement wanting to prove that Hunter made a particular payment would need a whole lot of evidence about the circumstances of payment, to rule out someone else paying him or herself.

And unless someone interviewed the woman they call Gulnora (who was paid under a Russian last name) a second time, they didn’t get that evidence from her.

As it was, just two pages of nine in the interview pertained to Hunter Biden. The interview appears to have focused on how she became involved in an escort network run on Telegram. She claimed she only took two jobs with the madam who arranged the meeting with Joe Biden’s son — the two dates with Hunter, and one more, with a guy she called “John.” Though later in the interview she described interacting with the madam face to face once and with people she worked with on multiple “occasions,” which sounds like more than two clients (especially since, by description, Hunter called her directly to arrange the second date).  The woman wasn’t sure what website he would have used to contact the madam. She was not asked the dates of the trysts.

What she did describe is that she had some uncertainty about the ID Hunter used to verify his identity, because it was not a California Driver’s License. That’s what led Hunter to explain who his father was, after which the woman the IRS calls Gulnora “became afraid.” But then, when she returned to her apartment, a friend provided her more information.

After [Gulnora] left the location, she arrived back at her apartment and told her friend who she was just with. [Gulnora] stated that her friend told her “you have no idea who you’re dealing with.” [Gulnora] stated that she deleted [redacted] number.

So by the time she went back that second day — to be paid $1,200 via Zelle at 9:50 and then $2,700 at 11:04 in the first Venmo payment after whatever had happened with Hunter’s Venmo account days earlier, probably followed by $4,000 the next morning — she did know who she was dealing with.

One more thing about the payments to this woman. Someone attempted to wire her $100 from Hunter’s account on February 27, 2019, in between the time when Hunter’s digital identity was packed up on a laptop and the day when that laptop would walk into a computer repair shop in Wilmington. That payment failed.

I don’t doubt that the sex worker did meet Joe Biden’s son. But there are no less than six possible identity compromises in the days leading up to their meetings. The very same day she was probably paid a fourth time in two days, Hunter Biden attempted to reclaim his digital identity.

It’s not just that prosecutors would have a difficult time proving that Hunter made these payments. It’s that they decided that turning them into a tax felony was the appropriate response to six possible identity compromises of the former Vice President’s son in one week.

Timeline

August 26 at 12:16PM: DroidHunter added to Apple account.

August 26 at 4:16PM: Hunter reserves AirBNB.

August 26 at 4:34PM: Hunter withdrew $800 from an ATM but left the card.

August 26 at 7:24PM: Hunter arrives AirBNB.

August 27 at 1:40AM: Hunter added a new Zelle recipient and then, a minute later, sent him $750. Two hours later, at 3:40 AM Hunter sent another $750.

August 27 at 4:13AM: Wells Fargo suspended his online access. Eight minutes later, Hunter’s password was reset, Face ID was turned back on, a new recipient was added, and $2,000 was transferred to that new recipient.

August 27 at 11:15PM: A sound was played on iPhone.

August 27 at 11:18PM: Hunter’s phone put into Lost Mode.

August 27 at 11:18PM: Apple Pay was suspended on his phone.

August 27 at 11:18PM: iPhone found in Venice, CA.

August 28 at 1:41AM: Wells Fargo suspended his online access. Seven minutes later, Hunter’s password was set, Face ID was turned back on.

August 28 at 9:25AM: iPhone found 11 minute walk away in Venice.

August 28 at 9:30AM: iPhone found 20 minute walk away in Venice.

August 28 at 10:42AM: iPhone found 9 minute walk away in Venice.

August 28 at 11:17AM: iPhone found 26 minute walk away in Venice.

August 28 at 11:35AM: iPhone found 13 minute drive away in LA.

August 28 at 11:53AM: iPhone found 11 minute drive away in LA.

August 28 at 12:11PM: iPhone found 4 minute drive away at AirBNB where Hunter was staying.

August 28 at 5:04PM: Apple Pay was reactivated to a device called “ChatMa.”

August 28 at 5:04PM: A sound was played on iPhone.

August 28 at 10:08PM: Hunter informs AirBNB owner he left a bag there.

August 28 at 11:54PM: AirBNB owner arranges to drop bag off with Uber driver.

August 29 at 2:00AM: Face ID turned on for Wells Fargo (possibly a different account?).

August 29 at 2:13AM: $2,000 requested on Venmo (probably associated with attempt to rent a place).

August 29 at 2:14AM: Please verify your email address on Venmo.

August 29 at 2:15AM: Please verify your email address on Venmo.

August 29 at 2:18AM: Please verify your email address on Venmo.

August 29 at 4:27AM: Please verify your email address on Venmo.

August 29 at 9:23AM: A new recipient, OA, added to Zelle.

August 29 at 9:36AM: A device is registered with Wells Fargo.

August 29 at 9:37AM: $600 sent to OA.

August 29 at 9:43AM: Updated contact info for Wells Fargo (seemingly two numbers ending in 9396); Hunter had at least one other number at the time.

August 30 at 3:57AM: EK added to Zelle.

August 30 at 3:58AM: $600 sent via Zelle to EK from 4605.

August 30 at 4;45PM: $750 sent to Naomi Biden from 5858.

August 30 at 4:46PM: $750 sent to Roberta Biden from 5142.

August 30 at 4:46PM: $1000 sent to IS from 5858.

August 30 at 9:50PM: $1,200 sent via Zelle to EK from 5858.

August 30 at 11:04PM: $2,700 sent via Venmo to EK.

August 30 at 11:33PM: Wells Fargo suspends access.

August 31 at 6:03AM: Hunter’s password was reset. 

August 31 at 6:34AM: Face ID turned on for Wells Fargo.

August 31 at 6:41AM: EK added as wire transfer recipient.

August 31 at 6:41AM: $4,000 transferred from 5858.

August 31 at 7:04PM: Ablow laptop purchased, using two credit cards, at Best Buy.

August 31 at 9:36PM: Apple account recovery request.

September 1 at 10:29AM: Password change.

September 1 at 10:34AM: Sign into MacBook Pro.

September 1 at 10:42AM: Sign into iCloud from browser.

September 1 at 4:24PM: Sign into DroidHunter.

September 1 at 4:27PM: KD added as wire transfer recipient.

September 1 at 4:28PM: $10,000 to be transferred on September 4 from 5142.

September 1 at 9:36PM: Call or text from Apple alerting him his Account Recovery was available due.

September 2 at 5:00AM: Hide2Vault downloaded to new Mac.

September 2 at 6:15AM: Sign into Rosemont Seneca.

February 27, 2019: Attempted $100 Zelle payment to EK.

According to emails posted at BidenLaptopEmails dot com made available by Garrett Ziegler, sometime around May 31, 2017, someone set a Google alert for weekly landscaping work, which usually took place in the mornings. Many weeks, Hunter Biden would receive a Google alert on Wednesday, reminding him landscapers would show up the next day. Then the next day, his iCloud email would email his RosemontSeneca email (hosted by Google) with a reminder.

In the depths of his addiction — again, per emails made available by Garrett Ziegler — the only emails that Hunter Biden “sent,” the only sign of life on his email accounts, was that email. For weeks on end, the only communication “from” Hunter is that eerie repetitive notice: “Alert – FYI landscapers at CBR (usually in AM).” It’s like that Google alert is a phantom, always there in Hunter’s email box.

I’m not sure the technical explanation for it — though I expect that experts would be able to use the nature of those weekly alerts to determine what inboxes were really used to load up the laptop that found its way to John Paul Mac Isaac and from there, on a hard drive, to Rudy Giuliani and then, another hard drive, to Garrett Ziegler. The technical explanation may also explain why the FBI relied on the laptop for Google alert information rather than the information the FBI received from Google itself, as I laid out here.

“Alert – FYI landscapers at CBR (usually in AM).” There must be over 150 versions of either the Google alert or the email from Hunter’s iCloud email to Hunter’s RosemontSeneca email in the collection made available by Garrett Ziegler.

In fact, those emails, “Alert – FYI landscapers at CBR (usually in AM),” may doom Ziegler’s effort to defeat Hunter Biden’s hacking lawsuit against him.

Ziegler filed his response, along with a sworn but not notarized declaration from Ziegler himself, yesterday.

As to the claim that he hacked Hunter Biden’s phone — which I’ve noted is a key vulnerability for Ziegler — Ziegler admits he used a password to access the backup from a phone Hunter allegedly owned in 2019.

19. Paragraph 29 falsely casts my comments to imply thta I and Defendant Marco Polo “hacked” into Plaintiff’s iPhone backup file.

20. In the case of the iPhone backup file referred to in paragraph 29, I received a copy of an iPhone backup file which existed as part of the copied files.

21. Also contained on the external hard drive given to me were files containing passcodes, which are essentially similar in function to passwords designed to allow access to password-protected files. Although it took months of examination, we were able to locate the passcode which allowed access to the iPhone backup file. Those files existed on the external hard drive when it was first given to me.

But he argues that because the disk drive he received from an associate of Rudy Giuliani had the password for the phone on it, and because Hunter never owned the hard drive on which Ziegler received both sets of data, he did not “hack” anything.

Plaintiff selectively cites to Defendant Ziegler’s December 2022 remarks about decrypting a specific file which stored the passcode to the iPhone backup file, both of which were on Defendants’ copy of the Laptop. (Compl. at ¶ 29). The Complaint falsely suggests Defendants “hacked” into Plaintiff’s iPhone backup. (Zeigler Decl. at ¶ 19). Defendants received a copy of Plaintiff’s iPhone backup file which existed as part of the files. (Id. at ¶ 20). When Defendants received the external hard drive, it contained passcodes, which allowed access to the iPhone backup file. (Id. at ¶ 21).

[snip]

Moreover, Plaintiff does not allege unlawful access to a computer within the meaning of the CFAA. A computer user “without authorization” is one who accesses a computer the user has no permission to access whatsoever—an “outside hacker[ ].” Van Buren v. United States, 141 S. Ct. 1648, 1658, (2021). Here, Plaintiff admitted that Defendants accessed and used a hard drive that Plaintiff never possessed. Specifically, Plaintiff alleges that Defendants accessed a hard drive provided by a third party which contains a copy (duplicates) of files. (Compl. at ¶ 18). Plaintiff does not allege that Defendants possessed or accessed Biden’s computer or original files.

Plaintiff alludes to his actual iPhone and iCloud account when he alleges that “at least some of the data that Defendants have accessed, tampered with, manipulated, damaged and copied without Plaintiff’s authorization or consent originally was stored on Plaintiff’s iPhone and backed-up to Plaintiff’s iCloud storage.” (Id. at ¶ 28). However, Plaintiff alleges no facts which demonstrate Defendants ever accessed any computer, storage, or service which Plaintiff either owns or has exclusive control over. Likewise, the Complaint also shows facts which conclusively prove that Defendants had no need to access any service or storage because the laptop copy in their possession admittedly contained all of the necessary information, including the passcode to view all of the files contained on the Biden Laptop regardless of encryption. (Id. at ¶ 18). Put simply, both the encrypted iPhone backup file and the passcode to open the iPhone backup file were on the Laptop copy.

Given that Hunter’s lawsuit also names a bunch of John Does, blaming his access to this backup on Rudy’s unnamed associate and Rudy and John Paul Mac Isaac may not help Ziegler.

In any case, Ziegler may hope he doesn’t have to rely on this argument. His response actually spends more time arguing that venue, in California, is improper than he does that using a password to access an encrypted backup is legal. The “work” Ziegler did to make ten years of Hunter Biden’s emails available took place in Illinois. He has no employees or board members in California. Fewer than 10% of Marco Polo’s supporters live in California (Ziegler doesn’t say what percentage of his donations they provide, however).

His venue argument and his hacking argument ignore a part of Hunter’s lawsuit, though, which alleges that Ziegler “directed illegal conduct to occur in California.”

Plaintiff is informed and believes that Defendant Ziegler intentionally directed illegal conduct to occur in California and has therefore subjected himself to jurisdiction in California.

Similarly, his response only mentions Hunter’s allegation that in addition to accessing that iPhone, he also accessed data in the cloud once.

Plaintiff accuses Defendants of “knowingly accessing and without permission taking and using data from” Plaintiff’s devices or “cloud” storage (Compl. at ¶¶ 40, 41), computer service (id. at ¶ 42), or protected computer (id. at ¶ 35) but fails to identify a single device Defendants accessed without authorization

That allegation is a key part of alleging that Ziegler broke the law in California.

40. Defendants have violated California Penal Code § 502(c)(1) by knowingly accessing and without permission taking and using data from Plaintiff’s devices or “cloud” storage, including but not limited to, Plaintiff’s encrypted iPhone backup to devise or execute a scheme to defraud or deceive, or to wrongfully obtain money, property, or data.

41. Defendants also have violated California Penal Code § 502(c)(2) by knowingly and without permission accessing, taking, copying, and making use of programs, data, and files from Plaintiff’s devices or “cloud” storage, including but not limited to, Plaintiff’s encrypted iPhone backup.

Ziegler denies accessing any computer in the possession of Hunter Biden. That falls short of denying that he hacked data owned by Hunter Biden.

22. Neither I nor any person associated with Marco Polo have accessed, or attempted to access, any computer, device, or system owned or controlled by Plaintiff. We are not hackers, we are simply publishers, and the Plaintiff is attempting to chill our First Amendment rights and harass us through a frivolous and vexatious lawsuit.

I think Ziegler has a problem with his description of where the iPhone backup came from in the first place: he says that the “laptop” was in Hunter Biden’s possession when the iPhone backup was saved to it on February 6, 2019.

The metadata concerning the duplicated iPhone backup file on our external hard drive indicates that the last backup made of the iPhone file to the plaintiff’s laptop, which he left at the repair show of John Paul Mac Isaac on April 12, 2019, occurred on February 6, 2019, while still in the plaintiff’s possession based upon all the facts known to me to be provably true beyond dispute.

Hunter may be able to prove that Ziegler, of all people, doesn’t believe that to be true, doesn’t believe that when that iPhone was backed up on February 6 — a day when someone presenting as Hunter was involved in a car accident in DC — Hunter was in possession of that laptop.

But the bigger problem Ziegler that has is that phantom landscaping reminder.

According to emails that Garrett Ziegler has made publicly available, an October 14, 2021 notice triggered by a Google alert was received on November 24, 2021, long past the time, per Ziegler’s declaration, he was in possession of this hard drive.

Again, I’m not sure how that happened technically. But if it involved either Apple servers or Google servers (or both, given that the notice was dated October 24, 2021), that would get you venue in California.

Hunter Biden may not have been in possession of Apple’s and Google’s servers in 2021, but accessing them using passwords stored on the hard drive — at least one password that Ziegler admits to using — would also constitute hacking.

Update, to answer a question below: The text of the email shows that the notice was October 14, but the email was received on November 24, 2021.

Back in July, as part of an effort to understand whence the IRS obtained WhatsApp texts that weren’t on the “Hunter Biden” “laptop” made available by Rudy Giuliani, I noted that those WhatsApp texts appear to have come from an iPhone backed up to a different iCloud account than the one the laptop was synched to.

On the laptop itself, the iPhone content was encrypted.

That meant anyone without a warrant accessing that content was likely violating the Computer Fraud and Abuse Act.

In part four of Dimitrelos’ report, he describes that there were, indeed, WhatsApp messages on the iPhone, registered to that entirely different iCloud account, seemingly backed up to iTunes on the [email protected] account.

I can’t be sure about this, because I’m not a forensics expert, both Shapley and Dimitrelos are deliberately unreliable narrators, and even they don’t have all the data to understand what went on here. But it appears that the reason why there were no WhatsApp texts on the laptop itself, which had all the content in the [email protected] iCloud account, is that they weren’t used by a device registered to the [email protected] iCloud account. They were used by a device registered to the [email protected] account, which was (as Shapley’s notes reflect) stored in encrypted fashion on the laptop.

There’s one more very important point about this.

The government had a warrant. If they really did find a business card (one not described anywhere I’ve seen in Dimitrelos’ report) with a password, they were able to get the encrypted content (though oftentimes prosecutors will recommend you go back and get a second warrant for that). From there, it seems, the IRS got another warrant for the other iCloud account, the [email protected] one. That’s how they got a legally sound copy of the WhatsApp texts in August 2020.

But for people like Rudy Giuliani or Garrett Ziegler or John Paul Mac Isaac, taking a laptop they purport to have been abandoned, and then using a password found on that laptop to access an encrypted container — especially one of a different iCloud account — is legally another level of conduct.

Hunter Biden’s newly aggressive legal team appears to agree. They’ve just sued Garrett Ziegler. One of the key claims is that he hacked the “laptop” to access encrypted data.

28. Plaintiff further is informed and believes and thereon alleges that at least some of the data that Defendants have accessed, tampered with, manipulated, damaged and copied without Plaintiff’s authorization or consent originally was stored on Plaintiff’s iPhone and backed-up to Plaintiff’s iCloud storage. On information and belief, Defendants gained their unlawful access to Plaintiff’s iPhone data by circumventing technical or code-based barriers that were specifically designed and intended to prevent such access.

29. In an interview that occurred in or around December 2022, Defendant Ziegler bragged that Defendants had hacked their way into data purportedly stored on or originating from Plaintiff’s iPhone: “And we actually got into [Plaintiff’s] iPhone backup, we were the first group to do it in June of 2022, we cracked the encrypted code that was stored on his laptop.” After “cracking the encrypted code that was stored on [Plaintiff’s] laptop,” Defendants illegally accessed the data from the iPhone backup, and then uploaded Plaintiff’s encrypted iPhone data to their website, where it remains accessible to this day. It appears that data that Defendants have uploaded to their website from Plaintiff’s encrypted “iPhone backup,” like data that Defendants have uploaded from their copy of the hard drive of the “Biden laptop,” has been manipulated, tampered with, altered and/or damaged by Defendants. The precise nature and extent of Defendants’ manipulation, tampering, alteration, damage and copying of Plaintiff’s data, either from their copy of the hard drive of the claimed “Biden laptop” or from Plaintiff’s encrypted “iPhone backup” (or from some other source), is unknown to Plaintiff due to Defendants’ continuing refusal to return the data to Plaintiff so that it can be analyzed or inspected.

Of course, this means that DOJ should have been investigating Ziegler for hacking the President’s son rather than spending five years pursuing misdemeanor tax charges.

Perhaps that will become more clear going forward.

Update: These kinds of videos will be of interest to Hunter’s team.

You will read a lot of insane reporting about the GOP attempt to prevent the President’s son from pleading guilty in a federal court today.

Virtually all of it will misrepresent the testimony of the so-called IRS whistleblowers who claim that Hunter Biden got a plush deal. That coverage will misrepresent where any potential misconduct may lie.

Here’s what those misrepresentations look like, in this case from NYT:

The committee has heard testimony from two Internal Revenue Service investigators who claim to be whistle-blowers and have told the panel that the younger Mr. Biden received preferential treatment from the Justice Department. Mr. Smith’s brief asked the judge to consider the testimony in deciding whether to approve the agreement.

[snip]

The judge overseeing the case, Maryellen Noreika, agreed to seal the filing, but not before The New York Times was able to obtain a copy. The brief argued that the plea deal was “tainted,” citing the testimony of the two I.R.S. officials.

“The situation here is not that the Justice Department exercised charging or plea negotiation discretion, but the presence of credible allegations that the investigation, charging decisions and plea negotiations were tainted by improper conduct at various levels of the government,” wrote Theodore A. Kittila, a lawyer who filed the brief on behalf of Mr. Smith.

[snip]

Republicans have more recently tried to make a case that Hunter Biden’s plea deal was marked by favorable treatment from the Justice Department in his father’s administration. That assertion has been rejected by Attorney General Merrick B. Garland and by the prosecutor who has overseen the case, David C. Weiss, the U.S. attorney in Delaware, a Trump appointee.

It’s true that the so-called whisleblowers complained about things they weren’t able to do — most of which occurred while Bill Barr was Attorney General.

But that’s not the only thing the so-called whistleblowers testified to.

Joseph Ziegler testified that when he asked why Hunter wasn’t being charged, he was told that prosecutors had found emails that led them to worry they couldn’t charge the case at all.

So we found out through talking with our SAC that the attorneys had found — we were always asking for updates on charging. When are we going to charge? When are we going to charge? We were told that the prosecutors had found some emails that concerned them if they could actually charge the case. That’s what they said to us.

He even explained what some of those emails might be: documentation of Sixth Amendment problems with the case and evidence of Trump’s improper influence on it.

Around the same time in 2019, I had emails being sent to me and the Hunter — and the prosecutors on the case, the Hunter Biden prosecutors, from my IRS supervisor. So this was Matt Kutz still.

From what I was told by various people in my agency, my IRS supervisor, Matt Kutz, created memos which he put in the investigative files regarding the investigation potentially violating the subject’s Sixth Amendment rights. He also referred to Donald Trump’s tweets at the time.

I recall that at one point I had to go around my supervisor and ask his boss, ASAC George Murphy, to tell him to stop sending me and the Hunter Biden prosecution team these emails and that I was searching media articles on a weekly basis and was aware of everything being written in the media regarding the case.

There’s documentation in the case file that some part of the investigation — potentially something Ziegler himself did! — created what are probably Confrontation Clause problems for the case generally.

But that may not be the only thing.

Gary Shapley testified that he was distanced and then removed from the case after prosecutors had to ask him to turn over his own emails for discovery review a second time, after he had blown off a request seven months earlier.

Shapley was first asked to turn over his emails about the case in March 2022. But even though he was the one who had prepped to interview Hunter Biden himself, he did not comply.

It is common practice for DOJ to ask for the case agents’ communications in discovery, as they might have to testify in court. However, it’s much more unusual to ask for management communications, because it is simply not discoverable.

In March of 2022, DOJ requested of the IRS and FBI all management-level emails and documents on this case. I didn’t produce my emails, but I provided them with my sensitive case reports and memorandums that included contemporaneous documentation of DOJ’s continued unethical conduct. [my emphasis]

Then, in October 2022, prosecutors asked again. As Shapley himself described, he was angry that he was being asked for emails that might show exculpatory or impeachment information.

They also renewed the request for all my emails on the case, saying they needed to ensure they were aware of any exculpatory or impeachment effort in the case. But their extraordinary request looked to us just like a fishing expedition to know what we’d been saying about their unethical handling of the case.

[snip]

[T]his was the culmination of an October 24th communication from Delaware U.S. Attorney’s Office and — well, it was really Lesley Wolf and Mark Daly who called the case agent, [redacted], on the telephone and said, hey, we need — we need Shapley’s emails and his — these sensitive case reports that he’s authored back to May.

And they didn’t ask for discovery for anybody else. They didn’t ask for, from the — mind you, the agents had provided discovery March-April timeframe, so there was 6 months or so of additional discovery, and they’re not asking for that, right? They’re only asking for mine.

So [redacted] sends me an email with Wolf and Daly on it that says, hey, you know, they asked for this, you got to talk to Shapley. I respond, hey, yeah, I’m available 9:15, let’s chat. And she sends that, she forwards my email to Shawn Weede, number [two] — a senior level at Delaware U.S. Attorney’s Office.

And then he contacts me about this discovery, and he’s kind of putting a lot of pressure on me. So even Weiss called up, the deputy chief, to complain about timing of the emails that got turned over from me at that request. [my emphasis]

A month or so later, Shapley made the extraordinary request for the FBI agent reviewing emails to share anything he found in advance. As I’ve noted, Shapley asked for the kind of special treatment he claims Hunter Biden got.

This is what the NYT won’t tell you: That the testimony of both Ziegler and Shapley provides an entirely different explanation for why Hunter Biden wasn’t charged with felonies. And that explanation may have to do with their own conduct, not Hunter Biden’s.

The other day, I noted that while I agree with Rayne that the January 6 Committee could use referrals to make important symbolic statements, the Committee’s referral, in practice, was weaker than it should have been to make that symbolic impact. That made bmaz’ earlier gripes about such a referral look more justified.

Similarly, the release of the first set of January 6 Committee transcripts last night show how right he has been that the Committee was remiss in not turning these over to DOJ sooner. Most of these transcripts are people who pled the Fifth and most you’re hearing about are the big name people like Mike Flynn and Roger Stone. But the first I read, from a Peter Navarro aide, Garrett Ziegler, hinted at just how valuable the J6C interviews will be, even of those who (like Ziegler) refused to cooperate.

Ziegler is most famous as the guy who let Sidney Powell, Mike Flynn, and Patrick Byrne into the White House for a famously confrontational meeting on December 18, 2020, which preceded Trump’s announcement of the January 6 riot. But Ziegler’s non-answers to J6C staffers serve as roadmap of the larger operation. He refused to answer questions about the following:

• How and why he was hired as a policy analyst in the Office of Trade and Manufacturing Policy as his first job after graduating from St. Louis University
• Whether, for the almost two years he worked for Navarro, he was also working on Trump’s reelection, and then with five others, Navarro directed him to work on overturning the election
• Whether, in November 2020, he attended meetings at the Westin in Arlington and at Trump Hotel; whether he also spent time at Lin Wood’s plantation
• Whether he interacted with analysts working for Patrick Byrne
• Whether he acted as a conduit for Patrick Byrne
• Whether he let Patrick Byrne, Sidney Powell, and Mike Flynn into the White House on December 18, 2020, so they could pitch seizing the voting machines
• Whether he played a role in devising the Green Bay Sweep with Steve Bannon and Navarro
• Whether he had a role in writing the Navarro Report documenting purported election irregularities Congress would use to question the vote
• Whether he traveled to Nevada to investigate bogus claims of bribery
• Whether he talked to Trump about an Operation Pence Card plan sent by Raiklin on December 23, 2020
• What Ivan Raiklin emailed him about a path to victory for Trump in a document sent overnight on December 27, 2020 (and earlier sent to Mark Meadows), which described several scenarios for January 6
• Whether he instructed his wife to leave town before January 6 because he anticipated violence
• Whether he was at the Capitol and the Willard on January 6
• Whether he met with Trump in mid-January 2021 to tell him his people weren’t fighting hard enough for him

Ziegler was — is — a kid, totally unqualified for the role he had at the White House, which it sounds like he didn’t do anyway, instead at least partly working for Trump’s reelection on the taxpayer dime. But he was also totally wired into most aspects of the coup attempt.

His role in all this is interesting for several more reasons. First, it appears that Ziegler did not turn over the “path to victory” email in response to his January 6 subpoena, which means for all the times he invoked the Fifth, he might still have exposure to obstruction charges.

He is represented by John Kiyonaga — a lawyer who has represented key assault defendants in January 6, including former Special Forces guy Jeffrey McKellop. In fact, prosecutors are considering charging McKellop in January for violating the protective order covering evidence on January 6 by sending evidence from jail to others.

And Ziegler published a copy of both the “Hunter Biden” “laptop” and the diary stolen from Ashley Biden.

I’m the rarity among lefties who supports the decision of Politico, WaPo, and NYT (thus far) to not publish the actual files that a persona suspected to have ties to Iranian hackers sent them. That’s true, partly because I think this hack could be even more dangerous than the one of Hillary. But it’s also true because of the opportunity cost that publishing stolen documents incurs.

I prefer Kamala Harris’ message to remain the affirmative message she’s running on, and to the extent that those outlets are doing reporting like the story further developing the suspected $10 million payment via Egypt to Trump, I’d like them to continue to pursue real reporting, as well.

One of the real impacts of the files Russia hacked in 2016 is that they distracted journalists from harder work, work about what a corrupt man Trump is. Campaign reporters are already distracted too easily by nonsense stuff; they don’t need any further distractions from their day job.

That said, reporters don’t have to publish the actual documents to address something that is clearly newsworthy about the files. As Politico explained, the main thing the persona has sent so far was a draft of the vetting document for JD Vance and Marco Rubio.

A research dossier the campaign had apparently done on Trump’s running mate, Ohio Sen. JD Vance, which was dated Feb. 23, was included in the documents. The documents are authentic, according to two people familiar with them and granted anonymity to describe internal communications. One of the people described the dossier as a preliminary version of Vance’s vetting file.

The research dossier was a 271-page document based on publicly available information about Vance’s past record and statements, with some — such as his past criticisms of Trump — identified in the document as “POTENTIAL VULNERABILITIES.” The person also sent part of a research document about Florida Sen. Marco Rubio, who was also a finalist for the vice presidential nomination.

Note, this mirrors one of the first things Guccifer 2.0 released in 2016: Hillary’s oppo dossier on Trump. So in addition to its use of an AOL account, this persona is adopting another of the Russian persona’s tactics.

Again, I’m cool with outlets sitting on the dossier itself. But the content of it is newsworthy. That’s because after JD Vance’s rocky rollout, both donors and Trump himself are asking whether vetters were surprised by Vance’s misogynist public statements.

Over the past two weeks, Mr. Trump has fielded complaints from donors about his running mate, JD Vance, as news coverage exploring Mr. Vance’s past statements unearthed — and then exhaustively critiqued — remarks including a lament that America was run by “childless cat ladies.”

Mr. Trump dismissed out of hand donors’ suggestions that he replace Mr. Vance on the ticket. But Mr. Trump privately asked his advisers whether they had known about Mr. Vance’s comments about childless women before Mr. Trump chose him.

I’d also like to know if Trump’s vetting team knew of the pictures of JD wearing drag while at Yale, which have become the subject of memes on social media.

Whether the dossier was comprehensive matters (particularly given that a law firm also involved in Trump’s criminal defense completed it). It matters, most of all, because Trump has swapped the mediocre Ivanka as his primary familial advisor for the incompetent Don Jr, and the failson had a key role in picking JD.

So it would be newsworthy to reveal the scope and the thoroughness (or not) of the vetting document.

That said, I think every outlet that is sitting on these documents, particularly if they’re withholding details about any oversights in JD’s vetting document, owes the public an explanation of why they’re adopting a double standard as compared to their poor choices from 2016.

WaPo, which is trying to hunker through controversy about Will Lewis’ possible role in covering up Murdoch’s phone hacking,  tried to do that yesterday. Matt Murray boasted that outlets were taking a breath, and then went on to claim that the vetting document isn’t newsworthy because the six-month old vetting document isn’t, “fresh or new enough.”

“This episode probably reflects that news organizations aren’t going to snap at any hack that comes in and is marked as ‘exclusive’ or ‘inside dope’ and publish it for the sake of publishing,” said Matt Murray, executive editor of The Post. Instead, “all of the news organizations in this case took a deep breath and paused, and thought about who was likely to be leaking the documents, what the motives of the hacker might have been, and whether this was truly newsworthy or not.”

[snip]

“In the end, it didn’t seem fresh or new enough,” Murray said.

WaPo even attempted to address something virtually all discussions about using rat-fucked documents in the context of the suspected Iranian hack do not: the treatment of the Hunter Biden laptop, the most innocent provenance explanation for which is that, after pursuing a laptop from foreigners with ties to Russian intelligence for a year, Rudy Giuliani received just such a laptop out of the blue from a blind computer repairman.

Here’s what WaPo claims about how reserved news organizations were with the hard drives described as the Hunter Biden laptop.

News organizations have been tested since 2016. Wary of (1) hacked materials since then, many proved reluctant to report on the contents of Hunter Biden’s laptop out of concerns that they were the result of a hack. As the conservative press latched on to (2) allegedly incriminating emails found on the computer in the final weeks of the 2020 campaign, more mainstream outlets did not join in a 2016-style frenzy over the material, and Facebook and Twitter limited distribution of a New York Post story about the laptop.

An analysis by The Post nearly two years later confirmed the authenticity of many of the emails on the laptop and found no evidence of a hack. [my annotation]

Note the two reasons alluded to in this passage, both of which show up in Murray’s claimed explanation for sitting on the JD Vance dossier. There were two concerns, according to the WaPo:

1. Was the laptop “hacked”?
2. Did the “allegedly incriminating emails” prove what the NYPost claimed they did?

Then, in the next paragraph, WaPo addresses just one of those two issues, whether the hard drive copied from a copy of a laptop, was hacked. WaPo claims, falsely, that the linked story describing the results of Jake Williams and Matt Green’s analysis “found no evidence of a hack.”

For starters, that’s a category error. This is a copy of a copy of a laptop, not the laptop itself. What their analysis attempted to assess was the authenticity of the emails on the laptop — but two different security researchers were only able to do so for a fraction of the emails. This analysis made no attempt to assess whether the stuff on the laptop was packaged up from authentic files (or from a combination of authentic and doctored files). Far more importantly, given details of Hunter’s cloud accounts, it did not assess whether people besides Hunter Biden had access his cloud data (evidence at his gun case described that not just his mistress, Zoe Kestan, accessed his cloud data, but his drug dealers accessed at least his bank account).

But it did find that the copy of a copy of a laptop lacked marks of reliability and did include files placed there by someone other than Hunter Biden.

Most of the data obtained by The Post lacks cryptographic features that would help experts make a reliable determination of authenticity, especially in a case where the original computer and its hard drive are not available for forensic examination. Other factors, such as emails that were only partially downloaded, also stymied the security experts’ efforts to verify content.

[snip]

In their examinations, Green and Williams found evidence that people other than Hunter Biden had accessed the drive and written files to it, both before and after the initial stories in the New York Post and long after the laptop itself had been turned over to the FBI.

[snip]

“From a forensics standpoint, it’s a disaster,” Williams said. (The Post is paying Williams for the professional services he provided. Green declined payment.)

[snip]

Neither expert reported finding evidence that individual emails or other files had been manipulated by hackers, but neither was able to rule out that possibility.

[snip]

Analysis was made significantly more difficult, both experts said, because the data had been handled repeatedly in a manner that deleted logs and other files that forensic experts use to establish a file’s authenticity.

“No evidence of tampering was discovered, but as noted throughout, several key pieces of evidence useful in discovering tampering were not available,” Williams’ reports concluded.

There are several details, disclosed subsequent to the story, that it lacks: It doesn’t talk about the ways the story John Paul Mac Isaac’s attorney told WaPo conflict with the story JPMI would tell in his book (one very significant conflict pertains to the date when JPMI reached out to the FBI). It doesn’t describe that JPMI himself disavowed some of the content on the Jack Maxey hard drive, the one shared with the WaPo. It doesn’t describe that Hunter has sued Garrett Ziegler and Rudy Giuliani for hacking him (the former survived Ziegler’s motion to dismiss; the latter was dismissed pending the end of Rudy’s bankruptcy; as far as I know, Hunter has not yet renewed the suit against Rudy given the imminent dismissal of Rudy’s bankruptcy). It doesn’t describe that in court filings, Abbe Lowell affirmatively claimed that the data on the laptop itself — not the copy! — had been compromised before being shared with the FBI.

Defense counsel has numerous reasons to believe the data had been altered and compromised before investigators obtained the electronic material from Apple Inc. and The Mac Shop, such that the Special Counsel’s claim that the underlying data is “authentic” (id. at 4) and accurately reflects “defendant’s Apple Macbook Pro and [] hard drive” (id. at 2) is mistaken.

Mr. Biden’s counsel told the Special Counsel on May 10, 2024 it agrees not to challenge the authenticity of the electronic data the Special Counsel intends to use with respect to it being what law enforcement received on December 9, 2019 from John Paul Mac Isaac (owner of The Mac Shop), and from Apple on August 29, 2019 and in a follow-up search on July 10, 2020. (Mot. at n.3.) However, Mr. Biden cannot agree this electronic data is “authentic” as to being his data as he used and stored it prior to Mac Issac obtaining it.

WaPo relies on a two year old story that has been significantly preempted to claim that the copy of the copy of the laptop was not hacked. The story never made such a claim, and the claims it has made have been undermined since.

But there’s an even more telling aspect of WaPo’s self-satisfied claim that reporters gave up their rabid addiction for rat-fuckery after 2016. It doesn’t address whether the laptop subsequently became newsworthy.

There’s good reason for that: Because after the election, WaPo did embrace the laptop, even the doctored one they got from Maxey, as part of a years-long campaign of dick pic sniffing. Their lead dick pic sniffers, Matt Viser and Devlin Barrett, even made shit up when disgruntled IRS agents released details that raised questions about the integrity of the original copy. Since then, prosecutors themselves have described that the extraction of the copy of the laptop they received — the one whence all the data that sloppy reporters call “the laptop” came — is 62% bigger, measured in terms of pages, than the laptop itself. There are potentially innocent explanations for why the hard drive purporting to be a copy of the laptop would not match it, but those explanations would conflict with JPMI’s explanations for how he made the copy. And, scandalously, the FBI never made an index of the laptop, and Judge Maryellen Noreika allowed it to be used in the trial against Hunter without ever even assuring that the forensic reports on the extraction of the two devices matched what got certified to her in a court filing.

And WaPo is not alone in its continuing addiction to relying on a copy of a copy of a laptop with such provenance problems. Just yesterday, NYT’s Ken Vogel did a story that relied on the laptop which basically said, Hunter Biden asked the Commerce Department for help on Burisma but it blew him off (unsurprisingly, Vogel also struggles with the court filings on which he bases his news hook). Four years after Vogel’s chum Rudy Giuliani released the laptop, three weeks after Joe Biden dropped out, NYT is still reporting the absence of news in an 8-year old email as news, precisely the kind of attention suck that rat-fuckers seek when they provide stolen documents to people like Vogel.

Again, in my opinion, WaPo is right not to publish the JD Vance dossier, though that’s different than using it to assess whether there were big gaps in the vetting of Trump’s unpopular running mate.

But WaPo is telling fairy tales about whether mainstream outlets gave up their fondness for rat-fuckery.

They did not. For four years, they have been utterly addicted to the rat-fuckery of the laptop, to the exclusion of reporting on all the details that should raise cautions disclosed since then.

And as such, the decision not to embrace this rat-fuckery, however correct it might be, is a double standard.