The Missing Detail about Encryption in the Pavel Durov Investigation

Yesterday, France charged Pavel Durov and set €5 million bail for the Telegram founder. The public release regarding the charges provides scant new detail from what prosecutors released when he was first arrested.

For example, the new release confirms that a preliminary inquiry started in February, before the formal investigation was started on July 8. That’s consistent with a Politico report that France first issued arrest warrants for Pavel and his brother, Nikolai, subsequent to an investigation into someone using Telegram to engage in child sexual abuse, including rape.

Warrants for Pavel and his brother Nikolai, the platform’s co-founder, were issued on March 25 over charges including “complicity in possessing, distributing, offering or making available pornographic images of minors, in an organized group.” French media had previously reported the probe was opened in July.

The warrants were issued after an undercover investigation into Telegram led by the cybercrime branch of the Paris prosecutor’s office, during which a suspect discussed luring underaged girls into sending “self-produced child pornography,” and then threatening to release it on social media.

The suspect also told the investigators he had raped a young child, according to the document. Telegram did not respond to the French authorities’ request to identify the suspect.

The list of charges in the release yesterday does not exactly match those released last week. The lead charge, “web-mastering an online platform in order to enable an illegal transaction in organized group,” is further described as a crime that carries a 10-year sentence and/or a €500,000 fine. Given how particular French code is about punishment, one might be able to hone in what lead crime that language is pursuing (it seems more common for five year sentences to match a €150,000 fine).

In addition to listing Telegram’s refusal to cooperate with law enforcement requests second among suspected crimes, as the original release did, yesterday’s release has that bolded below, with a description of how other authorities, including Belgium, are having the same problem. This investigation seems to primarily stem from the way Telegram has allowed crimes to flourish on the platform, and as such, most of the rest of the charges may reflect efforts to further criminalize Durov’s choice to do nothing about crimes that rely on Telegram.

There are other changes between the initial release and yesterday’s, which may be of little or no import or may reflect what prosecutors have learned since they arrested Durov. For example, possessing (as distinct from disseminating) CSAM images has been dropped; that’s the kind of change that might reflect the server configuration Telegram uses, and whether any Telegram server hosts CSAM material within France.

Criminal association has now been included in the general list, rather than as a separate bullet point. Money laundering, however, has not. One unanswered question is whether Durov was more directly involved in money laundering than the other crimes, in which case prosecutors might show that he had a personal pecuniary incentive to let all the other crime flourish on Telegram.

In that same general list, the dissemination of hacking tools was moved up to first, from fourth.

But one of three encryption-related crimes, “Importing a cryptology tool ensuring authentication or integrity monitoring without prior declaration,” was dropped. Again, that could reflect new information about server locations.

It’s the commentary regarding the (now two) encryption-related crimes that most befuddles me. The American press, at least, continues to discuss this as if this is a crime about using encryption.

Some online speech experts and privacy advocates agreed that France’s indictment of Durov raises concerns for online freedoms, pointing in particular to charges relating to Telegram’s use of cryptography, which is also employed by Apple’s iMessage, Meta’s WhatsApp and Signal.

“French law enforcement has long hated encryption,” said David Kaye, a professor at University of California, Irvine School of Law and former U.N. special rapporteur on freedom of expression. “This seems like a potential avenue for them to blame what happens on Telegram at least in part on encryption, when the truth is that the other counts suggest that Telegram’s noncooperation with judicial orders is the real problem.”

Stamos agreed the charges related to cryptography are “concerning,” because “that seems to apply even to platforms that are actively working to prevent the spread of child sexual abuse material.” He said that while Telegram has at times banned groups and taken down content in response to law enforcement, its refusal to share data with investigators sets it apart from most other major tech companies.

As far as I understand it, the law in question is one passed in 2004 that required affirmative registration of encryption. Signal, easily the most protective encrypted messaging app, did register under this law when it first applied to offer Signal in French app stores. So, no, they’re not going to be prosecuted under that law, because they’re following the law.

And therein lies the question I keep asking but people are ignoring: whether this law works like the affirmative registration requirements in the US for acting as a foreign agent. The US uses 18 USC 951, for example, to prosecute people who are secretly doing things for a foreign government — such as the targeting for which Maria Butina was prosecuted — without having to prove they were affirmatively spying. DOJ didn’t have to prove that Butina (speaking purely hypothetically here) honey trapped Patrick Byrne as part of a Russian effort to recruit nutballs with an investment in cryptocurrency; they could instead prove merely that she was taking orders from a government official (in this case, Alexandr Torshin), without alerting DOJ to that fact. The obligation to register provides a law enforcement tool that can be used when an underlying crime — like spying — is far more difficult to prove, or would harm counterintelligence if one tried.

For example, 18 USC 951 was used in the failed prosecution of Mike Flynn and his business partner, Bijan Kian. it wasn’t until the eve of the Kian’s trial that DOJ revealed the existence of, but not the details about, far more extensive communications pertaining to Flynn and the Turks (that revelation did not explain whether these were communications between Flynn and the Turks, and/or communications the Turks had about Flynn) than had previously been revealed.

I don’t know if this is how France uses this law, or if they may be doing here. What I’m saying is that the crime is failing an affirmative obligation to register, a law that has not prevented Telegram’s counterparts from operating lawfully in France.

Let me extend the analogy to a case where we know Telegram was used to facilitate crime (though not one of the crimes in which Durov has been charged with complicity).

As I laid out here, we know that after January 6, the FBI discovered that the Proud Boys were using unencrypted Telegram group chats to organize in advance of the insurrection. But once it obtained and exploited Enrique Tarrio’s phone, which took over a year to do, the FBI also discovered that Tarrio was using Telegram (in addition to Google Voice chat and iMessage) to communicate with a DC intelligence cop, Shane Lamond. Those encrypted communications will be key evidence in Lamond’s trial in October, but the use of Telegram, whether encrypted or not, was not a crime and not charged as one.

Those Telegram communications include:

  • The message where Lamond was added to an unencrypted Proud Boys chat (meaning, of course, that a cop with close ties to the FBI did know how the Proud Boys were using Telegram long before January 6, and indeed Tarrio tried to use his comms with Lamond as an affirmative defense to the sedition charges against him).
  • Private unencrypted Telegram messages that at least started as Lamond’s effort to learn what the Proud Boys were doing ahead of time, and so fell squarely within Lamond’s job as an intelligence officer, but which — after the election — started to include advice about how to avoid law enforcement scrutiny.
  • Starting after the December 12, 2020 burning of a DC Church’s BLM flag, secret, encrypted Telegram messages about Tarrio’s role in that act and the investigation into him for it; those encrypted communications would later include discussion of the planning and aftermath of January 6.
  • Telegram calls about the investigation that could not be reconstructed (though some conducted with his replacement phone may have been).
  • Starting on December 22, encrypted Telegram messages with the auto-delete set; the FBI was able to reconstruct some, but not all, of these. Among those they weren’t able to reconstruct, a January 4, 2021 encrypted text successfully destroyed must have alerted Tarrio that DC had obtained a warrant for his arrest, because Tarrio immediately told some girlfriends and Jacob Engels via unencrypted Telegram texts, as well as some Proud Boy Telegram group chats, that about the arrest warrant. The men appear not to have tried to delete Tarrio’s self-exonerating encrypted Telegram text, “I could have stopped this thing.” But they did resume destroying encrypted Telegram messages as the investigation into the Proud Boys progressed.

That use of Telegram, whether unencrypted, encrypted, and/or self-deleting, is not illegal in the US. Rather than busting Lamond for that, prosecutors charged him for lying about the earlier communications, for obstructing the investigation into burning the BLM flag. There’s no charge related to Lamond’s warnings about January 6, and indeed, the reconstruction or not of later texts between the men is not included in the trial exhibit. But more of the January 6 texts were successfully destroyed.

Now consider the significance of a case where cops knew a militia group were using Telegram’s unencrypted features, ones the FBI could have hacked, but that collusion between the militia and law enforcement was hidden via the use of Telegram’s encryption. The FBI wasn’t looking in any case, but even if they had been, it is at least conceivable where a seditionist like Tarrio used better operational security and didn’t immediately undercut the value of using encryption by blabbing to others, but that the encryption prevented the FBI from understanding the extent that the cops were helping the seditionists.

The use of Telegram is not illegal in the US. As I understand it, the use of it is not being charged in France.

But in France, the requirement to pre-register provides a tool prosecutors might choose to use if the use of encryption ends up playing a detrimental role in crimes in the country, as Telegram notoriously has.

I have no idea whether that’s how it’s being used here.

But it is at least possible that Durov is being charged under these two encryption crimes because criminal (or intelligence) investigations in France discovered, via exploiting suspects’ phones or possibly even with the help of a cooperating witness, that Telegram encrypted chats played a key role in one or another particular plot. That could have been nothing more than the child sexual abuse whence this investigation started. Or it could be something that raised the stakes for France, such as sabotage attempted by a foreign power.

Pavel Durov is being charged because communications to which Telegram had ready access were used to commit a number of crimes (but not, notably, hate crimes). Far too many outlets are describing these crimes as pertaining to encryption; it may not be. It pertains to the commission of crimes, using Telegram, including a great number that Telegram allegedly had means to learn about but, by refusing law enforcement process, sustained deniability.

It appears that he is also being charged because he made it possible to further protect communications, including from Telegram engineers, without following French registration laws before he did that. That is, France appears to be charging Durov not because he knows what the encryption is serving to hide, but by dint of his failure to adhere to French registration requirements, his plausible deniability regarding encryption doesn’t help him dodge criminal liability.

I may be misunderstand the law — I’m still looking for French sources to explain this, because American ones are not citing French lawyers — but if people are writing about the role of encryption in this case, the difference between “providing” encryption and “providing it without registration” is key.

Update: Since we’re focused on Telegram’s non-cooperation with law enforcement, this exhibit list for Lamond’s trial shows how they have to authenticate those comms instead: Through a variety of forensic reports, and then via summary chart.

Three Ways Jim Jordan and James Comer Made Trump Less Safe

With the exception of an initial question that attempted, with no success, to pin down Donald Trump’s recent communications with Bibi Netanyahu (Trump instead described the last time he had met Bibi face-to-face, before asserting he had not spoken to him), the questions at last Thursday’s press conference were truly abysmal. Half were horse race questions, many posed from a presumptively pro-Trump position. And that’s before the question about why god miraculously saved Trump’s life.

But there were a few questions yelled out after the Cheerio questions that were more interesting, such as what Trump thought about Ukraine’s incursion into Russia and what he thought about the hack of his campaign (which WaPo has confirmed targeted Susie Wiles).

While I originally thought this response from Trump was a response to the Ukraine question, I think, instead, he was responding to the hacking question.

Can you say anything about the hacking of your campaign?

I don’t like it. Really bad. I’m not happy with it. Our government shouldn’t let that happen.

Does there need to be a government response?

Yeah there should be. Our government should not let — they have no respect for our government.

Trump blamed the government after, earlier in the Potemkin Presser, he had already predicted that “we” will be friendly with Russia’s increasingly critical ally, Iran.

We will be friendly with Iran. Maybe, maybe not. But they cannot have a nuclear weapon. We were all set to make sure they did not have a nuclear weapon.

Yesterday, the FBI, CISA, and ODNI attributed the hack — and efforts to compromise people close to President Biden — to Iran.

This includes the recently reported activities to compromise former President Trump’s campaign, which the IC attributes to Iran. The IC is confident that the Iranians have through social engineering and other efforts sought access to individuals with direct access to the Presidential campaigns of both political parties. Such activity, including thefts and disclosures, are intended to influence the U.S. election process. It is important to note that this approach is not new. Iran and Russia have employed these tactics not only in the United States during this and prior federal election cycles but also in other countries around the world.

I find it remarkable that Trump is blaming the government — and not just because he himself begged Russia to hack his opponent in 2016 and the worst recent hack, Solar Winds, happened under his stewardship.

I find it remarkable because key Trump allies like Jim Jordan and James Comer have been working hard to make him less safe.

They’ve done so in several ways (and LOLGOP and I laid out in this bonus episode of Ball of Thread).

First, in their effort to spin government efforts to combat foreign malign influence and election-related dis- and misinformation as an attack on free speech, they’ve demonized the effort to combat such influence operations, particularly efforts of the Cybersecurity and Infrastructure Security Agency, which in 2020 confirmed the integrity of the election.

Jordan and Comer also championed the views of Matt Taibbi and Michael Shellenberger, the latter of whom has been obsessed about misrepresenting a report that Stanford’s Internet Observatory offered in 2020 to provide guidelines about what to do with potentially hacked information.

“Since Daniel Ellsberg’s 1971 leak of the Pentagon Papers,” wrote the authors, “journalists have generally operated under a single rule: Once information is authenticated, if it is newsworthy, publish it…. In this new era, when foreign adversaries like Russia are hacking into political campaigns and leaking material to disrupt our democracy and favor one candidate, journalists must abandon this principle.”

Stanford’s goal was explicitly to change norms so journalists would not do what they did in 1971 with the Pentagon Papers. “The more news outlets that embrace a new set of norms, the more resilient American media will be against exploitation by malicious actors,” the authors write.

The authors, Grotto and Zacharia, proceed to celebrate news media not reporting on things the national security state doesn’t want them to report.

[snip]

The authors describe how the news media will, in real life, cover the Hunter Biden laptop, in October 2020. “Focus on the why in addition to the what,” they say. Make the disinformation campaign as much a part of the story as the email or hacked information dump. Change the sense of newsworthiness to accord with the current threat.”

Quinta Jurecic cited the Stanford Report when advocating that journalists exercise more caution with the materials believed to derive from an Iranian hack.

But the shame of having been so thoroughly played by foreign intelligence was stark enough that many journalistic institutions reconsidered their approach in advance of the 2020 vote. An influential Stanford report recommended that journalists presented with potentially hacked material “[m]ake the disinformation campaign as much a part of the story as the email or hacked information dump”—focusing on “why it was leaked as opposed to simply what was leaked,” and taking care to establish that the material is authentic and not a malicious forgery.

This appears to be the approach that major news outlets contacted by the mysterious “Robert” are taking so far.

If we had listened to Jordan and Shellenberger, the media would have to publish those stolen documents.

Finally, there are Jordan’s efforts to undermine cooperation between the FBI and tech companies, and his personal targeting of Elvis Chan.

That cooperation appears to have been instrumental in halting the hacking campaign targeting both Biden and Trump’s campaigns. Microsoft and Google may have first identified the hacking attempts. Indeed, in a recent report on Iran’s hacking efforts, Google describes proactively contacting the FBI.

For many years, Google has worked to identify and disrupt malicious activity in the context of democratic elections. During the 2020 U.S. presidential election cycle, we disrupted APT42 attempts to target accounts associated with the Biden and Trump presidential campaigns.

In the current U.S. presidential election cycle, TAG detected and disrupted a small but steady cadence of APT42’s Cluster C credential phishing activity. In May and June, APT42 targets included the personal email accounts of roughly a dozen individuals affiliated with President Biden and with former President Trump, including current and former officials in the U.S. government and individuals associated with the respective campaigns. We blocked numerous APT42 attempts to log in to the personal email accounts of targeted individuals.

Recent public reporting shows that APT42 has successfully breached accounts across multiple email providers. We observed that the group successfully gained access to the personal Gmail account of a high-profile political consultant. In addition to our standard actions of quickly securing any compromised account and sending government-backed attacker warnings to the targeted accounts, we proactively referred this malicious activity to law enforcement in early July and we are continuing to cooperate with them.

In their effort to undermine initiatives to combat disinformation, Jordan and Comer spent two years demonizing this kind of cooperation. They spent a year targeting Elvis Chan, the FBI agent whose day job is precisely this kind of coordination with Silicon Valley companies to prevent hacks using their infrastructure, based on conspiracy theories Taibbi and Shellenberger spread about the tech companies decision to throttle the original Hunter Biden laptop story, going so far as suing Chan because he wanted to be represented by both FBI and his own counsel for testimony to the House (they dropped the suit Thursday, though I have yet to get an explanation of why).

Trump has spent years demonizing the Deep State. At Trump’s behest, Jordan and Comer have spent two years attacking the Bureau. But on both Iran’s assassination attempt and this hacking attempt, the Deep State saved his ass.

Josh Schulte Sentenced to 40 Years

Aldrich Ames was arrested at the age of 53 in 1994 after 9 years of spying for Russia. He remains imprisoned in Terre Haute to this day — 30 years and counting — at the age of 82. (My math here is all rough.)

Robert Hanssen was arrested in 2001 at the age of 57 after 22 years of spying for Russia. He died last year, at the age of 79, in Florence SuperMax.

After six years in jail — most under Special Administrative Measures sharply limiting his communication — Josh Schulte, aged 35, was sentenced Thursday to 40 years in prison. He will presumably go to either Florence (most likely, because Judge Jesse Furman recommended he should go to someplace close to Lubbock) or Terre Haute.

Since his guidelines sentencing range was life in prison, I’m not sure how much, if any, of his sentence could, hypothetically, be dropped for good behavior.

Furman sentenced him concurrently on his Child Sexual Abuse Material conviction and the Espionage Act charges. Barring any successful appeal, he would be in prison for at least 20 years on top of time served, if he were to get credit for good behavior. That would put him back on the street at age 55, still the prime of his life (says someone in precisely that prime of her life, someone still learning some of the forensic techniques Schulte mastered as a teenager).

But the possibility that Schulte would be released before 2058, when Schulte will be 69, is based on two very big assumptions (on top of my uncertainty about whether he could get time off). First, that Schulte could sustain “good behavior” in prison, when he has failed to do so even while being held under SAMs in New York. Most recently, the government alleges he somehow obtained more CSAM in 2022 while in prison, where he would consume it in his cell after days representing himself in his second trial, the one in which he was convicted of the Espionage Act charges.

Even while Schulte’s family was traveling to attend his trial in 2022, he chose to retreat to his cell to view the child pornography that he had secreted on his prison laptop. (See D.E. 1093-1 at 3-4 (describing examples of times when videos were played).)

And there’s good reason to believe he attempted to — may well have succeeded at — conducting further hacks from prison.

That’s some of what I’ve been pondering since the government first requested that Schulte be treated like four men, including Ames and Hanssen, who gave America’s secrets to Russia rather than giving them to WikiLeaks, as a jury convicted Schulte of doing, by sentencing him to life in prison.

It took years of tradecraft to recruit and cultivate sources like Ames and Hanssen.

Many of the details about what led up to Schulte’s leaks of the CIA’s hacking tools remain unknown — including via what server he shared the files, because WikiLeaks’ submission system could not have accepted them at the time, meaning Schulte necessarily had some kind of contact with WikiLeaks in advance.

But the current story is that Schulte reacted to being disciplined at work fairly directly by stealing and then sharing the CIA hacking tools in one fell swoop. In a matter of days in April and May 2016 (perhaps not coincidentally, the same period when Russian hackers were stealing files from Hillary Clinton’s team), Schulte took steps that burned a significant part of CIA’s capabilities to the ground.

As a result of that reactive decision, Schulte delivered a set of files that would allow their recipients to hunt down CIA’s human sources based off the digital tracks they left in highly inaccessible computers. As I’ve noted, Schulte was well aware of the damage that could do, because he wrote it up in a self-serving narrative after the fact.

I told them the confluence server was the one that seemed to be compromised, and while horrible and damaging at least it wasn’t Stash; At least not at this point–Hopefully they could stop any additional leaks from the network at this point. From the news articles I’ve read, wikileaks claims to have source code, but we don’t know what code or from where. However, at this point, I knew the SOP was a complete stand down on all [redacted] operations. We had no idea what had been leaked, when, for how long, or even who else had seen the materials leaked. Have they been steadily accessing our network every day? Have all our ops been blown since we wrote the first line of code? Perhaps only confluence had been leaked, but the individual(s) responsible are/were planning to exfil the other parts of DEVLAN too? So much still unknown, and with potential (yet unconfirmed) link between wikileaks and Russia–Did the Russians have all the tools? How long? It seems very unlikely that an intelligence service would ever leak a nation’s “cyber weapons” as the media calls them. These tools are MUCH more valuable undiscovered by the media or the nation that lost them. Now, you can secretly trace and discover every operation that nation is conducting. I told them all this was certainly very disturbing and I felt bad for my friends and colleagues at the agency who likely weren’t doing anything and most likely had to completely re-write everything. [my emphasis]

What gets virtually no coverage is that this is precisely what happened: the bulk of the most sensitive files Schulte stole, the source code, has never been publicly accounted for. That’s why I find credible the unsealed and sealed filings submitted with sentencing claiming that Schulte caused what Judge Furman claimed (as reported by Inner City Press) was $300 million in damage and a cascading series of compromises.

Because DOJ couldn’t trade a death sentence in exchange for cooperation about how Schulte did it, as they did with Ames and Hanssen, because digital encryption is much more secure than a dead drop in a Virginia park, it’s not clear whether the government even knows all of it.

I don’t even know what Schulte was trying when he attempted to social engineer me from jail in 2018 — but I have my suspicions.

Later this month, Julian Assange will get a last chance to stave off extradition. I have long suspected if the UK approves the extradition, Russia will attempt to swap Evan Gershkovich for Assange. One way or another, we may learn more about what the US government has learned about the WikiLeaks operation in the 7 years since Schulte was part of one of the most successful, sustained attacks by Russia on the US.

But until then, Schulte will be moving to new long-term accommodations in a highly secure prison.

Claiming Josh Schulte’s Leaks Cost CIA 100s of Millions, DOJ Asks for Life Sentence

In support of sentencing for Josh Schulte, DOJ submitted an unclassified letter from CIA’s Deputy Director claiming his breach cost the agency hundreds of millions of dollars, a sealed classified filing that must speak to grave harm, and a sealed letter from a CSAM victim.

The how they get to the sentencing recommendation is quite technical (though it involves a terrorism enhancement for using computers to engage in espionage).

The what — a request for a life sentence — is not surprising. The comparison of his crimes to Robert Hanssen and Aldrich Ames is similary not surprising.

Indeed, it is the proof that Schulte carried out his conduct with the specific intent that his theft would harm the United States that sets his case apart. In virtually all cases identified in the Government’s research in which violations of § 793(b) have been prosecuted, that charge has been paired with violations of 18 U.S.C. § 794, which penalizes the delivery of national defense information to a foreign government with the same intent requirement. That offense does not apply to Schulte’s conduct, because he chose to transmit the Stolen CIA Files to WikiLeaks, rather than directly to a foreign state. But Schulte’s intent to harm the United States, the scope of his theft and disclosure, and the consequences of his conduct, more closely parallels cases prosecuted under § 794 than so-called “leak” cases in which comparatively small amounts of information are shared with media organizations with a misguided sense of the public interest. In such cases, Courts have routinely, albeit gravely, concluded that terms of life imprisonment are the only appropriate sanction for such devastating crimes, notwithstanding the fact that many similarly situated individuals accepted responsibility for their crimes. See, e.g., United States v. Robert Hanssen, 01 Cr. 1088 (E.D. Va. 2002) (life imprisonment for FBI supervisor who pled guilty to selling classified information to Russia); United States v. Aldrich Ames, 94 Cr. 166 (E.D. Va. 1994) (life imprisonment for CIA officer who pled guilty to selling classified information to Russia); United States v. Arthur James Walker, 85 Cr. 92 (E.D. Va. 1985) (life imprisonment for former Navy officer convicted of selling documents for transmission to Russia); United States v. Andrew Daulton Lee, 589 F.2d 980 (9th Cir. 1979) (life imprisonment for contractor convicted of selling classified information regarding CIA project to Russia).

It is, however, fairly sobering.

Garrett Ziegler’s Landscaping Problem

According to emails posted at BidenLaptopEmails dot com made available by Garrett Ziegler, sometime around May 31, 2017, someone set a Google alert for weekly landscaping work, which usually took place in the mornings. Many weeks, Hunter Biden would receive a Google alert on Wednesday, reminding him landscapers would show up the next day. Then the next day, his iCloud email would email his RosemontSeneca email (hosted by Google) with a reminder.

In the depths of his addiction — again, per emails made available by Garrett Ziegler — the only emails that Hunter Biden “sent,” the only sign of life on his email accounts, was that email. For weeks on end, the only communication “from” Hunter is that eerie repetitive notice: “Alert – FYI landscapers at CBR (usually in AM).” It’s like that Google alert is a phantom, always there in Hunter’s email box.

I’m not sure the technical explanation for it — though I expect that experts would be able to use the nature of those weekly alerts to determine what inboxes were really used to load up the laptop that found its way to John Paul Mac Isaac and from there, on a hard drive, to Rudy Giuliani and then, another hard drive, to Garrett Ziegler. The technical explanation may also explain why the FBI relied on the laptop for Google alert information rather than the information the FBI received from Google itself, as I laid out here.

“Alert – FYI landscapers at CBR (usually in AM).” There must be over 150 versions of either the Google alert or the email from Hunter’s iCloud email to Hunter’s RosemontSeneca email in the collection made available by Garrett Ziegler.

In fact, those emails, “Alert – FYI landscapers at CBR (usually in AM),” may doom Ziegler’s effort to defeat Hunter Biden’s hacking lawsuit against him.

Ziegler filed his response, along with a sworn but not notarized declaration from Ziegler himself, yesterday.

As to the claim that he hacked Hunter Biden’s phone — which I’ve noted is a key vulnerability for Ziegler — Ziegler admits he used a password to access the backup from a phone Hunter allegedly owned in 2019.

19. Paragraph 29 falsely casts my comments to imply thta I and Defendant Marco Polo “hacked” into Plaintiff’s iPhone backup file.

20. In the case of the iPhone backup file referred to in paragraph 29, I received a copy of an iPhone backup file which existed as part of the copied files.

21. Also contained on the external hard drive given to me were files containing passcodes, which are essentially similar in function to passwords designed to allow access to password-protected files. Although it took months of examination, we were able to locate the passcode which allowed access to the iPhone backup file. Those files existed on the external hard drive when it was first given to me.

But he argues that because the disk drive he received from an associate of Rudy Giuliani had the password for the phone on it, and because Hunter never owned the hard drive on which Ziegler received both sets of data, he did not “hack” anything.

Plaintiff selectively cites to Defendant Ziegler’s December 2022 remarks about decrypting a specific file which stored the passcode to the iPhone backup file, both of which were on Defendants’ copy of the Laptop. (Compl. at ¶ 29). The Complaint falsely suggests Defendants “hacked” into Plaintiff’s iPhone backup. (Zeigler Decl. at ¶ 19). Defendants received a copy of Plaintiff’s iPhone backup file which existed as part of the files. (Id. at ¶ 20). When Defendants received the external hard drive, it contained passcodes, which allowed access to the iPhone backup file. (Id. at ¶ 21).

[snip]

Moreover, Plaintiff does not allege unlawful access to a computer within the meaning of the CFAA. A computer user “without authorization” is one who accesses a computer the user has no permission to access whatsoever—an “outside hacker[ ].” Van Buren v. United States, 141 S. Ct. 1648, 1658, (2021). Here, Plaintiff admitted that Defendants accessed and used a hard drive that Plaintiff never possessed. Specifically, Plaintiff alleges that Defendants accessed a hard drive provided by a third party which contains a copy (duplicates) of files. (Compl. at ¶ 18). Plaintiff does not allege that Defendants possessed or accessed Biden’s computer or original files.

Plaintiff alludes to his actual iPhone and iCloud account when he alleges that “at least some of the data that Defendants have accessed, tampered with, manipulated, damaged and copied without Plaintiff’s authorization or consent originally was stored on Plaintiff’s iPhone and backed-up to Plaintiff’s iCloud storage.” (Id. at ¶ 28). However, Plaintiff alleges no facts which demonstrate Defendants ever accessed any computer, storage, or service which Plaintiff either owns or has exclusive control over. Likewise, the Complaint also shows facts which conclusively prove that Defendants had no need to access any service or storage because the laptop copy in their possession admittedly contained all of the necessary information, including the passcode to view all of the files contained on the Biden Laptop regardless of encryption. (Id. at ¶ 18). Put simply, both the encrypted iPhone backup file and the passcode to open the iPhone backup file were on the Laptop copy.

Given that Hunter’s lawsuit also names a bunch of John Does, blaming his access to this backup on Rudy’s unnamed associate and Rudy and John Paul Mac Isaac may not help Ziegler.

In any case, Ziegler may hope he doesn’t have to rely on this argument. His response actually spends more time arguing that venue, in California, is improper than he does that using a password to access an encrypted backup is legal. The “work” Ziegler did to make ten years of Hunter Biden’s emails available took place in Illinois. He has no employees or board members in California. Fewer than 10% of Marco Polo’s supporters live in California (Ziegler doesn’t say what percentage of his donations they provide, however).

His venue argument and his hacking argument ignore a part of Hunter’s lawsuit, though, which alleges that Ziegler “directed illegal conduct to occur in California.”

Plaintiff is informed and believes that Defendant Ziegler intentionally directed illegal conduct to occur in California and has therefore subjected himself to jurisdiction in California.

Similarly, his response only mentions Hunter’s allegation that in addition to accessing that iPhone, he also accessed data in the cloud once.

Plaintiff accuses Defendants of “knowingly accessing and without permission taking and using data from” Plaintiff’s devices or “cloud” storage (Compl. at ¶¶ 40, 41), computer service (id. at ¶ 42), or protected computer (id. at ¶ 35) but fails to identify a single device Defendants accessed without authorization

That allegation is a key part of alleging that Ziegler broke the law in California.

40. Defendants have violated California Penal Code § 502(c)(1) by knowingly accessing and without permission taking and using data from Plaintiff’s devices or “cloud” storage, including but not limited to, Plaintiff’s encrypted iPhone backup to devise or execute a scheme to defraud or deceive, or to wrongfully obtain money, property, or data.

41. Defendants also have violated California Penal Code § 502(c)(2) by knowingly and without permission accessing, taking, copying, and making use of programs, data, and files from Plaintiff’s devices or “cloud” storage, including but not limited to, Plaintiff’s encrypted iPhone backup.

Ziegler denies accessing any computer in the possession of Hunter Biden. That falls short of denying that he hacked data owned by Hunter Biden.

22. Neither I nor any person associated with Marco Polo have accessed, or attempted to access, any computer, device, or system owned or controlled by Plaintiff. We are not hackers, we are simply publishers, and the Plaintiff is attempting to chill our First Amendment rights and harass us through a frivolous and vexatious lawsuit.

I think Ziegler has a problem with his description of where the iPhone backup came from in the first place: he says that the “laptop” was in Hunter Biden’s possession when the iPhone backup was saved to it on February 6, 2019.

The metadata concerning the duplicated iPhone backup file on our external hard drive indicates that the last backup made of the iPhone file to the plaintiff’s laptop, which he left at the repair show of John Paul Mac Isaac on April 12, 2019, occurred on February 6, 2019, while still in the plaintiff’s possession based upon all the facts known to me to be provably true beyond dispute.

Hunter may be able to prove that Ziegler, of all people, doesn’t believe that to be true, doesn’t believe that when that iPhone was backed up on February 6 — a day when someone presenting as Hunter was involved in a car accident in DC — Hunter was in possession of that laptop.

But the bigger problem Ziegler that has is that phantom landscaping reminder.

According to emails that Garrett Ziegler has made publicly available, an October 14, 2021 notice triggered by a Google alert was received on November 24, 2021, long past the time, per Ziegler’s declaration, he was in possession of this hard drive.

Again, I’m not sure how that happened technically. But if it involved either Apple servers or Google servers (or both, given that the notice was dated October 24, 2021), that would get you venue in California.

Hunter Biden may not have been in possession of Apple’s and Google’s servers in 2021, but accessing them using passwords stored on the hard drive — at least one password that Ziegler admits to using — would also constitute hacking.

Update, to answer a question below: The text of the email shows that the notice was October 14, but the email was received on November 24, 2021.

Hunter Biden Accused Rudy Giuliani of Hacking His Data, Not Defamation

Ruby Freeman and Shaye Moss’ civil trial against Rudy Giuliani goes to trial tomorrow.

In a number of the scene setters for the trial, people are making claims like this:

In addition to his criminal charges, disbarment proceedings and the lawsuit brought by Freeman and Moss, Giuliani has been sued by various other individuals — including President Joe Biden’s son Hunter — who claim he spread false allegations about them in 2020.

Or this:

He and one of his lawyers are being sued by Hunter Biden for allegedly mishandling the presidential son’s laptop,

Hunter Biden is not suing Robert Costello and Rudy Giuliani for defamation. He’s not suing Robert Costello and Rudy Giuliani for mishandling “his laptop,” which (even if John Paul Mac Isaac and Rudy Giuliani have told the truth about everything) would never have been in Rudy’s possession.

Hunter Biden is suing the former President’s former personal lawyer and that lawyer’s former personal lawyer for hacking his data. Hunter Biden is suing Rudy for violating the criminal Computer Fraud and Abuse Act: for accessing a computer without authorization or exceeding authorized access.

41. Defendants have violated the CFAA, specifically section 1030(a)(2)(C) of
the CFAA, by intentionally accessing a computer without authorization or exceeding
authorized access, and thereby obtaining information from any protected computer
which, pursuant to the CFAA, is a computer used in or affecting interstate commerce
or communication.

42. Defendants have violated the CFAA, specifically section 1030(a)(4) of the
CFAA, by knowingly and with intent to defraud, accessing a protected computer
without authorization or exceeding authorized access, and by means of such conduct
furthering the intended fraud and obtaining one or more things of value.

We will have to wait to see whether he can prove that claim. But particularly given that Hunter has since been charged with 12 criminal charges by a US Attorney appointed by Trump, let’s be clear what the claim is.

Hunter Biden has accused Rudy Giuliani of violating the criminal hacking statute.

One reason people make this mistake all the time — on top of the non-stop Fox News propaganda about this — is they think of the laptop like this:

The laptop, as it was brought to John Paul Mac Isaac’s shop, is better thought of like this.

There were dick pics on the laptop (I’m using artistic license in my choice of dick pics).

There were emails, including emails hosted by Google and emails tied to Hunter Biden’s iCloud account. But the laptop also included on it the means to get into Hunter’s iCloud account and at least some of his Google accounts.

There were other digital keys on the laptop and probably enough bank data to get into financial accounts.

And there was the contents of an iPhone, stored in encrypted form. As I’ve described, I first went down this rabbit hole — the entire Hunter Biden rabbit hole — when I read Gary Shapley’s description that the FBI needed a password to access some of the content, the content from the phone, on what was an actual laptop. That’s when I realized that anyone who accessed the encrypted contents of that phone without a warrant might be at risk for CFAA charges.

Several of the people who’ve been offering up Hunter Biden data confess, openly, that they broke the encryption on that phone.

In other words, no matter how all that stuff got put onto Hunter’s laptop, and no matter how it got brought to John Paul Mac Isaac’s shop, and no matter whether JPMI was perfectly in his legal rights to take possession of the laptop itself — all things that are very much contested — the laptop included the means to get into other data, data hosted in the cloud, to which neither JPMI nor anyone else had authorized access.

And then the blind computer repair man, after having chosen to copy that hard drive that, contrary to his claims was a removable hard drive, by cutting and pasting it and reading it along the way, packaged that all up on a hard drive and sent it, without Hunter’s consent, to the then-President’s lawyer.

We don’t know what kind of hard drive JPMI used — he said he constructed his own, to make it untraceable.

Instead of buying external drives from a local store, where the purchase might be traced back to me, or online, which also could be traced and moreover might lead to damage in transit, I built my own.

It took about a week to collect all the pieces and clone the drive from the store’s backup server. In essence, I created a copy that was as close to the original drive as possible.

As I have shown, at a time when Rudy says he (or Robert Costello) were in possession of that hard drive that had on it means to access several of Hunter’s cloud accounts, an email Hunter sent in 2016 was resent, showing some alterations.

Hunter Biden is not accusing Rudy Giuliani of saying things about him that aren’t true. Hunter Biden is accusing Rudy Giuliani of accessing data — whether on a hard drive copied from a laptop or in the cloud — to which he did not have legal access.

Hunter Biden Gets a Step Closer to Vindicating Twitter’s Takedown Decision

Yesterday, as things moved closer to an expulsion vote for George Santos, activist “Anarchy Princess” taunted Santos staffer, Vish Burra, about whether he hacked Hunter Biden’s phone.

AP: Like the same way that you got into Hunter Biden’s stuff?

VB: [laughter]

AP: Yeah, didn’t you hack Hunter Biden’s shit, his phone or something?

VB: [turns to camera] Yeah, and I’d do it again.

Burra, who in 2020 was the producer of Steve Bannon’s podcast, has previously described “extracting” the contents of the “laptop” and took credit for hooking Bannon up with Emma-Jo Morris, who published the initial NY Post story.

Hunter Biden described Burra’s past claims in his lawsuit against Rudy Giuliani and Robert Costello for unlawfully accessing and manipulating his data.

As further evidence of Defendants’ illegal hacking of Plaintiff’s data, it recently has come to light that Defendant Giuliani apparently worked directly with Steve Bannon and Vish Burra to access, manipulate, and copy Plaintiff’s “laptop,” which Burra has dubbed the “Manhattan Project” because he and others “were essentially creating a nuclear political weapon,” referring to Burra’s work with Defendant Giuliani and others (Steve Bannon and Bernie Kerik) to manipulate the “laptop.”

But Burra has not, as far as I know, confessed to “hack[ing] Hunter Biden’s shit.”

Yesterday — whether in jest or not — he did.

Later that same day, Matt Taibbi and Michael Shellenberger had their semi-annual appearance before Jim Jordan’s Weaponizing Government committee.

At the hearing, Dan Goldman had this exchange with Shellenberger about the “Hunter Biden” “laptop:”

DG: You’ve talked about the Hunter Biden laptop, and how the FBI knew it existed. You are aware, of course, that the laptop, so to speak, was actually — that was published in the New York Post was actually a hard drive that the NY Post admitted — here! — was not authenticated as real. It was not the laptop the FBI had. You’re aware of that, right?

MS: It was the same contents.

DG: How do you know?

MS: Because it’s the same —

DG: You would have to authenticate it to know it was the same contents. You have no idea.

MS: [inaudible] conspiracy. Are you suggesting the NY Post participated in a conspiracy to construct the contents of the Hunter Biden laptop?

DG: No, sir, the problem is that hard drives can be manipulated by Rudy Giuliani or Russia.

MS: What’s the evidence that that happened?

DG: Well, there is actual evidence of it, but the point —

MS: There’s no evidence of it. You’re engaged in a conspiracy theory.

Miranda Devine (who keeps dog-whistling about Hunter Biden’s “expensive” lawyers) and the House GOP all seem to think this was a very clever exchange, as that’s the clip they all sent out to froth up the rubes.

Goldman is right: You’d need to authenticate the contents of the “laptop.” As I have shown, even the FBI had not checked whether anything was altered on the laptop they received while in John Paul Mac Isaac’s custody, ten months after receiving it. Their computer guy was still suggesting ways to do that on October 22, 2020, over a week after the NY Post story was published. At the time, Lesley Wolf — the villain of the Republican story — was in no rush to do so.

Understand, though: the critical question here is not whether the hard drive was authenticated. The question is whether it was hacked. Here’s how Vijaya Gadde described the decision to take down the original NY Post link in October 2020.

For example, on October 14th, 2020, the New York Post tweeted articles about Hunter Biden’s laptop with embedded images that look like they may have been obtained through hacking. In 2018, we had developed a policy intended to, to prevent Twitter from becoming a dumping ground for hacked materials. We applied this policy to the New York Post tweets and blocked links to the articles embedding those source materials. At no point did Twitter otherwise prevent tweeting, reporting, discussing or describing the contents of Mr. Biden’s laptop.

If the data in NY Post’s hands was hacked, then according to Twitter’s terms of service, links to it should have been taken down.

If the data in NY Post’s hands was hacked, then the takedown that Republicans claim was a violation of their speech was, in fact, adherence to Twitter’s terms of service as they existed at the time.

And Hunter Biden’s lawsuit alleges that Rudy Giuliani and Robert Costello unlawfully accessed — hacked — his data.

And yesterday, Burra — the guy who set up the tie between Bannon and the NY Post in the first place — laughingly agreed that he did hack Hunter Biden’s shit.

Now, Michael Shellenberger says there’s no evidence the data on the hard drive was altered by Burra and others. Miranda Devine says you have to take the word of the Bidens to believe that happened.

They said that the same day Burra laughingly said he would hack Hunter Biden again.

More importantly, you don’t have to go to the Bidens for evidence that the hard drive was altered. You can go to Garrett Ziegler, whom Hunter Biden has also accused of hacking his shit.

In the set of emails publicly released by Ziegler at BidenLaptopEmails dot com, there is an email from Hunter Biden’s Rosemont Seneca email account (hosted by Gmail), that was sent on September 1, 2020 ET (September 2 GMT).

It’s a resent version of an email sent in 2016 (DDOS says that a footer was also altered).

If everything John Paul Mac Isaac says is true, if everything Rudy Giuliani says is true, this “laptop” was in the custody of Rudy Giuliani (or Robert Costello, on Rudy’s behalf) on the date it was sent. Whoever resent this email — and it was sent over a year after Hunter left Burisma — it was added to the “laptop” while it was in Rudy’s custody.

I’ll leave it to the lawyers and the tech people to explain how an email set from an account hosted by Gmail was added to the hard drive from which Garrett Ziegler obtained his copy. I’ll leave it to the lawyers to argue about whether it would necessarily require unauthorized access to Hunter Biden’s Gmail or iCloud account for that email to be on the hard drive.

But it’s something that could not have been on the laptop when someone — allegedly Hunter Biden — dropped off a laptop at John Paul Mac Isaac’s shop on April 12, 2019. By all understandings of the dissemination of various hard drives — which Thomas Fine has illustrated this way — it would have been on what NY Post worked from on its October 14, 2020 story.

There’s no evidence, Michael Shellenberger said. You’re supposed to take the words of the Bidens, Miranda Devine said.

And on the same day they made those claims, Vish Burra said, of hacking Hunter Biden’s stuff, “Yeah, and I’d do it again.”

Hunter Biden[‘s “Laptop”] Goes to SCOTUS: How Judge Doughty Helped China and Iran Attack the US

Hunter Biden is going to SCOTUS!!!

Or rather, the “Hunter Biden” “laptop” is.

Last Friday, SCOTUS granted a stay and certiori for DOJ’s appeal of the Missouri v. Biden case, a right wing lawsuit claiming that the government has forced social media companies to “censor” right wingers (Terry Doughty opinion; 5th Circuit Opinion). While much of the lawsuit focuses on efforts, including those starting under a guy named Trump, to help social media companies limit COVID-related disinformation (Surgeon General Vivek Murthy is the lead appellant), a key part of the claim that the government has coerced social media companies pertains to the FBI.

The Fifth Circuit opinion upholding parts of Judge Doughty’s opinion admitted that, “we cannot say that the FBI’s messages were plainly threatening in tone or manner” but suggested nevertheless that they “’might be inherently coercive if sent by . . . [a] law enforcement officer’” anyway.

Because the people pushing this suit, including now-Missouri Senator Eric Schmitt and now-Louisiana Governor-elect Jeff Landry, are nuts, the “Hunter Biden” “laptop” has come to embody that coercion. The Fifth Circuit adopted that focus (and several inaccurate claims about it) as well. And, in turn, Sam Alito included that focus, citing the Fifth Circuit, in his snotty dissent.

This case began when two States, Missouri and Louisiana, and various private parties filed suit alleging that popular social media companies had either blocked their use of the companies’ platforms or had downgraded their posts on a host of controversial subjects, including “the COVID–19 lab leak theory, pandemic lockdowns, vaccine side effects, election fraud, and the Hunter Biden laptop story.” Id., at *1. According to the plaintiffs, Federal Government officials “were the ones pulling the strings,” that is, these officials “‘coerced, threatened, and pressured [the] social-media platforms to censor [them].’”

This argument, as currently framed, is about whether Judge Doughty properly enjoined the FBI from certain kinds of contacts with social media companies because of the “Hunter Biden” “laptop.”

The Injunction

The injunction on the FBI, imposed largely because of right wing beliefs about the “Hunter Biden” “laptop,” may also explain why three Republican justices granted cert. The prohibition on certain kind of FBI contacts with social media companies may be among the most urgent injury the US government faces under the injunction. That’s partly because Judge Doughty specifically enjoined Elvis Chan, the Assistant Special Agent in Charge of cybersecurity investigations out of San Francisco, and so a key person involved in preventing and responding to cyberattacks targeting or using the infrastructure of social media companies located in Silicon Valley.

Alito’s dissent claims that DOJ only cared about Joe Biden’s bully pulpit, which is not included in the injunction. But in its appeal, DOJ noted that, as written, the injunction might lead the FBI to hesitate before alerting social media companies to potentially harmful content.

And given the court’s suggestion that any request from a law-enforcement agency is inherently coercive, see id. at 232a233a, the FBI would likewise need to tread carefully in its interactions with social-media companies, potentially eschewing communications that protect national security, public safety, or the security of federal elections. For example, particularly in the early stages of an investigation, law-enforcement officials may be uncertain whether a social-media post involves unprotected criminal activity (such as a true threat). But the injunction leaves them guessing what quantum of certainty they must possess before they can inform social-media companies about the post, potentially leading to disastrous delays.

To be sure, Judge Doughty’s injunction included a bunch of carve outs that, right wingers like Alito claim, ensures their efforts to force Twitter to publish Hunter Biden’s dick pics don’t make the country less safe. The carve outs are:

(1) informing social-media companies of postings involving criminal activity or criminal conspiracies;

(2) contacting and/or notifying social-media companies of national security threats, extortion, or other threats posted on its platform;

(3) contacting and/or notifying social-media companies about criminal efforts to suppress voting, to provide illegal campaign contributions, of cyber-attacks against election infrastructure, or foreign attempts to influence elections;

(4) informing social-media companies of threats that threaten the public safety or security of the United States;

(5) exercising permissible public government speech promoting government policies or views on matters of public concern;

(6) informing social-media companies of postings intending to mislead voters about voting requirements and procedures;

(7) informing or communicating with social-media companies in an effort to detect, prevent, or mitigate malicious cyber activity;

(8) communicating with social-media companies about deleting, removing, suppressing, or reducing posts on social-media platforms that are not protected free speech by the Free Speech Clause in the First Amendment to the United States Constitution. [my emphasis]

The carve outs — to the extent that they apply to the FBI, as most by definition do — actually demonstrate the problem with this ruling (and may explain the stakes of the focus on the “Hunter Biden” “laptop”).

Five kinds of interaction with social media

To see why, it’s useful to understand what the plaintiffs actually complained about (which largely tracks Matt Taibbi’s misrepresentations in his Twitter Files propaganda), which are shown in the unshaded rows in the table below.

CISA

First, there’s the Cybersecurity & Infrastructure Security Agency. It was set up within DHS specifically to provide an alternative to the FBI, a non-law enforcement agency that could help protect critical infrastructure, including elections, from cyber as well as brick-and-mortar threats. In addition to its efforts to combat disinformation about elections, for example, CISA has also helped some states harden their election systems against hacking attempts, run active shooter drills with election officials, and helped state election officials recover after natural disasters.

As part of its election role, though, CISA aspired to provide authoritative information to election partners (including social media companies) about both intentional and unintentional incorrect information about elections. The example former CISA Director Chris Krebs provided to the January 6 Committee was an Iranian campaign, active in the days after the Hunter Biden story, to pose as members of the Proud Boys and intimidate people of color not to vote. But in the same way that CISA would help protect pipelines against international or domestic attackers, CISA would track and provide official debunking to incorrect information from both international and domestic sources. Republicans especially hate CISA because Krebs affirmed that the 2020 election had been conducted securely (after which Trump summarily fired him by Tweet). But they also object to the “switchboarding” role that CISA has served, getting reports on incorrect information (which of course could include domestic actors) from election officials, along with corrections, and sharing them with social media companies.

At first, the Fifth Circuit reversed Doughty’s injunction on CISA, but then arbitrarily added them back in, a flaky move that may have contributed to SCOTUS’ decision to review the Fifth Circuit’s actions.

Election Command Post

Then there’s the intervention that might be the most controversial, but which in this litigation got replaced by the right wing obsession with the “Hunter Biden” “laptop.” In the days immediately preceding the 2020 election, FBI agents passed on social media identifiers that misstated the time, place, or means of voting. Per the testimony of Agent Chan, these had been vetted by Public Integrity lawyers at Bill Barr’s DOJ and deemed to be “criminal in nature.” This is the primary instance where the FBI shared information about US persons that might be taken down. It’s also a use case that Matt Taibbi wildly misrepresented, both as to the genesis of the data and the potential existence of ongoing criminal investigations into the activity. And it’s one instance where, under Doughty’s carve out #6, you could see the FBI hesitating before sharing: because while the identifiers in question did mislead about “voting requirements and procedures,” the FBI would’t be able to establish intent without more work (including more intrusive legal process on the accounts). So there’d be no way for the FBI to flag these accounts until it had done more work to determine intent, after which the damage would have been done. This should be where discussions at SCOTUS focus. But they’re not. Instead, Alito is talking about the “Hunter Biden” “laptop.”

FITF: Strategic and Tactical

Finally, there is the FBI’s Foreign Influence Task Force, now led by Laura Dehmlow (the other FBI official specifically enjoined; in 2020 she was the Unit Chief of the Chinese group at FITF). FITF aims to combat malign foreign influence operations, defined as efforts by foreign actors, hiding their foreign identity, to target those inside the US. While such efforts can target elections, they can also be part of traditional espionage and hacking efforts or attempts by authoritarian governments to crack down on US-based dissidents.

FITF interacts (or did, before the injunction) with social media companies in two ways. They hold general meetings — often attended by Chan and Dehmlow — to discuss general tips and techniques about foreign actors, what they called “strategic” information sharing. And they hold one-on-one meetings with social media platforms to discuss specific activity on their platforms — what the FBI calls “tactical.” The leading source of such tactical information, per Dehmlow’s testimony to the House Judiciary Committee, is “another government agency,” often classified information downgraded to share with partners, though Chan described that FBI agents involved in specific counterintelligence or criminal investigations might also share information.

We know that the plaintiffs in this lawsuit misrepresented this sharing. In addition to general descriptions of this information sharing from depositions, we have rather specific evidence about the subject of these FITF briefings in 2020. LinkedIn emails that Doughty claims to rely on, for example, show that the August 2020 agenda for the FITF meeting covered the Internet Research Agency — the Internet trolls that Republicans like to claim were the only way Russia has interfered in elections — but also described a Russian software and influence campaign targeting Ukraine. It shows a specific briefing on APT31, which Mandiant describes as, “a China-nexus cyber espionage actor focused on obtaining information that can provide the Chinese government and state-owned enterprises with political, economic, and military advantages.” That briefing also covered Iran, Venezuela, and North Korea.

While the September 2020 briefing reviewed a fake right wing news site run by IRA (the FBI had just targeted a similar left wing fake news site as well), it discussed three things pertaining to Iran: some influence campaign (as noted, in October CISA would share details of a very sophisticated campaign in 2020 hijacking Proud Boy identities to discourage voters of color), a recent indictment of hackers with ties to IRGC who had targeted (among other things) an American satellite company, and a toolset of some Iranian hackers.

The agenda for the October meeting was not as detailed as the August and. September ones, but a follow-up shows that one item pertained to a Global (meaning something other than Chinese or Russian) campaign targeting Trump, Republicans, and Biden.

This is the kind of information sharing that Judge Doughty’s injunction threatens to end: efforts (among other things) to prevent Iranian and Chinese hacking of US technology companies.

While the subjects of FITF briefing might include Americans — such as the freelancers paid by the IRA’s fake news site or the Trump associates, like Roger Stone and Hannity, who engaged with fake IRA Twitter accounts — they are targeted at selectors that the FBI has “high confidence” are foreigners pretending to be American.

Criminal Process

Thanks to Matt Taibbi’s propaganda, right wingers have completely ignored the role of criminal process in all this, even though Agent Chan repeatedly described in his deposition that, “The majority of my role is dealing with cyber investigations.” There is clear overlap between the things right wingers complain about and known criminal investigations. As I have noted, for example, right in the middle of the 2020 pre-election period, DOJ rolled out a GRU indictment which included the 2017 hack-and-leak operation targeting Emmanuel Macron, in which key members of the far right, including Jack Posobiec, were involved.

Chan described several times that his team not only investigated part of the 2016 hack, but still had an active investigation into those actors. That’s important not only because he would have firsthand knowledge of the kinds of attribution social media companies (and Google and Microsoft) had in 2016, but for another reason: On October 19, 2020, DOJ indicted a bunch of GRU hackers, including one charged in the 2016 hack-and-leak campaign, for a variety of additional hacks, including the hack-and-leak targeting Emmanuel Macron. The Macron campaign, specifically, included both Google and Twitter components. So in the very same weeks when — right wingers complain — Elvis Chan was in close contact with Twitter about the ongoing election, he or his subordinates were likely working with prosecutors in Pittsburgh on an indictment implicating both Google and Twitter.

Emmanuel Macron is not mentioned in the Chan deposition.

The investigation into Douglass Mackey, for intentional disinformation targeting Blacks and Latinos regarding the means of voting, would have been active in this period as well. Those disinformation efforts were substantially orchestrated in Twitter DM threads.

While Agent Chan likely had no involvement in the Mackey case, he has investigated GRU for years, so likely would have been aware of the investigative steps leading up to the 2020 indictment. The press release for that indictment specifically commended the cooperation of Google, Facebook, and Twitter in the investigation.

In other words, not only did FBI provide notice of disinformation from US persons pertaining to content vetted by DOJ attorneys as potential crimes, but some of the contacts FBI had with Twitter in the period would involve far right wing involvement with actual crimes.

Rudy Giuliani and Steve Bannon and FITF

The right wing has focused on FITF rather than other aspects of their complaint because, at an FITF briefing with Twitter shortly after the NYPost story on the “Hunter Biden” “laptop,” someone at Twitter asked about it and an FBI person present said, “the laptop is real,” and then, in a briefing with Facebook, someone asked about it and Dehmlow responded “no comment.” Based on that exchange (and three erroneous details), Judge Doughty finds great fault with the FBI.

The FBI’s failure to alert social-media companies that the Hunter Biden laptop story was real, and not mere Russian disinformation, is particularly troubling. The FBI had the laptop in their possession since December 2019 and had warned social-media companies to look out for a “hack and dump” operation by the Russians prior to the 2020 election. Even after Facebook specifically asked whether the Hunter Biden laptop story was Russian disinformation, Dehmlow of the FBI refused to comment, resulting in the social-media companies’suppression of the story. As a result, millions of U.S. citizens did not hear the story prior to the November 3, 2020 election. Additionally, the FBI was included in Industry meetings and bilateral meetings, received and forwarded alleged misinformation to social-media companies, and actually mislead [sic] social-media companies in regard to the Hunter Biden laptop story. The Court finds this evidence demonstrative of significant encouragement by the FBI Defendants.

On top of the three errors Doughty makes (which I’ll get to), there are several problems here. First, confirming that the FBI knew the laptop was real, as the FBI did, was a privacy violation! Hunter Biden is the one who has complaint for the disclosure of an ongoing criminal investigation (which is, according to Agent Chan, why Dehmlow responded no comment to the Facebook question), not the right wing.

More importantly, based on what is publicly known, Hunter Biden would normally not be included FITF briefing. He’s a US citizen. While several of his international relationships (with Burisma, with Romania, and with CEFC) were being investigated as potential FARA violations in 2020 and after, with the important exception of a slight delay in Burisma’s announcement of his appointment in 2014, Hunter’s ties to such entities were not covert. Nor is there any allegation he disseminated false information about those entities online, especially on Facebook and Twitter. CEFC might have been the subject of FITF focus, but more for its covert role in recruiting James Woolsey.

One person who might be included in FITF briefings in summer 2020, though, is Guo Wengui. Unlike Hunter Biden, he’s not a US citizen; he is (or was, before his indictment in March) present in the US as an asylum seeker. And as public reports from July 2020 described, the source of funding for his propaganda efforts was under FBI investigation, precisely the kind of covert relationship of interest to FITF. That reporting suggested that Guo might secretly be funded by the Chinese state to track Chinese dissidents, something Dehmlow has explicitly included within FITF’s mandate. In a filing in the current investigation against Guo, SDNY has pointed to evidence obtained in a more recent search of Guo’s property pertaining to a 2018 meeting between the UAE and China. In other words, in 2020, the FBI was actively investigating whether China and/or the Emirates funded propaganda put out by Guo, with Steve Bannon’s involvement, precisely the kind of secret foreign backing of influence campaigns that FITF focuses on. So while Hunter Biden shouldn’t have come up as a subject of FITF briefing, Bannon’s partnership with Guo might have.

We don’t know whether that happened. But one person whose propaganda campaign definitely was a subject of FITF briefing is Andrii Derkach. Between the August and September face-to-face meetings, on September 10, 2020, a Unit Chief (presumably the Russian Unit Chief) at FITF  sent a link to LinkedIn noting Treasury’s sanctioning of Derkach, explaining, “just want to let you know about someone we have discussed in previous briefings.” Obviously, the link was public, as was a WaPo story that same day tying Derkach to Rudy’s efforts to push criminal investigations related to Joe Biden. But the FBI sent the link, referencing back to prior discussions, to flag it for LinkedIn.

In other words, the far right is complaining that the FBI didn’t offer up details about an ongoing criminal investigation into Hunter Biden, but they’ve never complained that the FBI didn’t offer up details about a national security investigation into Steve Bannon’s propaganda partner (one who, subsequent reporting has confirmed, played a key role in altering and disseminating Hunter Biden dick pics). Nor have they complained that FBI didn’t offer up details about the counterintelligence investigation into the alleged Russian agent conducting an influence operation targeting Rudy at this meeting. Rudy and Bannon were named in the NYPost story in question, yet the right wing isn’t wailing that the FBI didn’t describe ongoing FBI investigations, investigations directly relevant to the mission of FITF, in the briefing after its release.

Doughty’s Three Errors

Which brings us, finally, to three errors that Doughty makes — at least one of which is already before SCOTUS — in sustaining his complaint that the FBI must be enjoined because they didn’t offer up more information about a criminal investigation into Hunter Biden.

First, in his opinion written in July, Doughty points to Yoel Roth’s 2020 FEC testimony, which is where Roth first explained that Twitter took down the initial NYPost link under its hack-and-leak policy.

(10) Yoel Roth (“Roth”), the then-Head of Site Integrity at Twitter, provided a formal declaration on December 17, 2020, to the Federal Election Commission containing a contemporaneous account of the “hack-leak-operations” at the meetings between the FBI, other natural-security agencies, and social-media platforms.405 Roth’s declaration stated:

Since 2018, I have had regular meetings with the Office of the Director of National Intelligence, the Department of Homeland Security, the FBI, and industry peers regarding election security. During these weekly meetings, the federal law enforcement agencies communicated that they expected “hack-and-leak” operations by state actors might occur during the period shortly before the 2020 presidential election, likely in October. I was told in these meetings that the intelligence community expected that individuals associated with political campaigns would be subject to hacking attacks and that material obtained through those hacking attacks would likely be disseminated over social-media platforms, including Twitter. These expectations of hack-and-leak operations were discussed through 2020. I also learned in these meetings that there were rumors that a hack-and-leak operation would involve Hunter Biden. 406 [emphasis original]

In his testimony, Agent Chan disputed the notion that that the FBI suggested a hack-and-leak would involve Hunter Biden, because Joe Biden’s son had not come up in meetings before the NYPost story he attended.

[I]n my estimation, we never discussed Hunter Biden specifically with Twitter. And so the way I read that is that there are hack-and-leak operations, and then at the time — at the time I believe he flagged one of the potential current events that were happening ahead of the elections.

That’s consistent with what Roth has said since, in House Oversight Testimony, clarifying that he heard the rumors about a hack-and-leak involving Hunter Biden from other social media companies, not the FBI.

I think it actually should have been two separate sentences. It is true that in meetings between industry and law enforcement, law enforcement discussed the possibility of a hack and leak campaign in the lead up to the election. And in one of those meetings, it was discussed, I believe, by another company that there was a possibility that that hack and leak could relate to Hunter Biden and Burisma. I don’t believe that perspective was shared by law enforcement. They didn’t endorse it. They didn’t provide that information in that.

But Doughty nevertheless relies on the outdated misinterpretation to blame the FBI for Twitter’s conclusions.

As noted, there’s no mention of one reason why this conclusion would be sound — the public reporting on Andrii Derkach, which was part of FITF briefing. Nor is there mention of the GRU hack of Burisma reported by a Silicon Valley InfoSec company earlier that year.

This lawsuit has thrived even after Agent Chan debunked one conspiracy theory about the social media’s throttling of the NYPost story, the false assumption that the FBI affirmatively told Twitter and Facebook that a hack-and-leak would involve Hunter Biden.

It has done so, in part, because of a truly bizarre — and erroneous — complaint from Doughty: That Chan and others at the FBI and CISA warned social media companies of hack-and-leak campaigns, like the GRU one of Macron indicted just days after the NYPost Hunter Biden story October 2020. Social media companies took the “Hunter Biden” “laptop” story down, the logic goes, because the FBI coerced them to change their moderation policies to prohibit publication of hacked materials.

In Doughty’s version, the social media companies responded to this pressure in 2020, just in time to use it to justify taking down the NYPost story.

Social-media platforms updated their policies in 2020 to provide that posting “hacked materials” would violate their policies. According to Chan, the impetus for these changes was the repeated concern about a 2016-style “hack-and-leak” operation.402 Although Chan denies that the FBI urged the social-media platforms to change their policies on hacked material, Chan did admit that the FBI repeatedly asked the social-media companies whether they had changed their policies with regard to hacked materials403 because the FBI wanted to know what the companies would do if they received such materials.404 [my emphasis]

In the Fifth Circuit’s telling, that change seems to date to 2022, two years after the “Hunter Biden” “laptop” story.

For example, right before the 2022 congressional election, the FBI tipped the platforms off to “hack and dump” operations from “statesponsored actors” that would spread misinformation through their sites. In another instance, they alerted the platforms to the activities and locations of “Russian troll farms.” The FBI apparently acquired this information from ongoing investigations.

Per their operations, the FBI monitored the platforms’ moderation policies, and asked for detailed assessments during their regular meetings. The platforms apparently changed their moderation policies in response to the FBI’s debriefs. For example, some platforms changed their “terms of service” to be able to tackle content that was tied to hacking operations. [my emphasis]

In fact, the Fifth Circuit builds most of its claim of FBI coercion on this change in terms of service (again, seemingly in 2022), which it ties to content take downs, the sole potential hack-and-leak example of which is that first article on the “Hunter Biden” “laptop.”

Fourth, the platforms clearly perceived the FBI’s messages as threats. For example, right before the 2022 congressional election, the FBI warned the platforms of “hack and dump” operations from “state-sponsored actors” that would spread misinformation through their sites. In doing so, the FBI officials leaned into their inherent authority. So, the platforms reacted as expected—by taking down content, including posts and accounts that originated from the United States, in direct compliance with the request. Considering the above, we conclude that the FBI coerced the platforms into moderating content. But, the FBI’s endeavors did not stop there.

We also find that the FBI likely significantly encouraged the platforms to moderate content by entangling itself in the platforms’ decision-making processes. Blum, 457 U.S. at 1008. For example, several platforms “adjusted” their moderation policies to capture “hack-and-leak” content after the FBI asked them to do so (and followed up on that request). Consequently, when the platforms subsequently moderated content that violated their newly modified terms of service (e.g., the results of hack-and-leaks), they did not do so via independent standards.

It’s a crazy enough argument on its face (especially the Fifth Circuit’s suggestion that a change in 2022 led to the throttling of a 2020 story). But it also gets the timing — and therefore the cause-and-effect — wrong. The actual change to Twitter’s policy, for example, was in March 2019, based off discussions before that. Either FBI planned their malicious coercion long before they got the laptop from JPMI, or the claim is utterly nonsensical.

DOJ called out this error in its SCOTUS response.

Similarly, respondents’ claim that the platforms “updated their policies in 2020” with respect to “‘hacked materials,’” such as “‘the laptop story,’” “after the FBI’s ‘impetus,’” Opp. 17, 19 (brackets and citations omitted), cannot be squared with the platforms’ own testimony that their actions with respect to the “laptop story” were based on policies adopted in 2018, C.A. ROA 18,498-18,499, 18,505.

In other words, the main claim that the Fifth Circuit made about coercion — which, again, was ultimately a claim about coercing social media companies to do something that prevented one story from going viral — got the timing and therefore any possible causality wrong.

Finally, there’s the source of Doughty’s claim of animus on the part of the FBI, his claim that they deliberately withheld information that (he imagines) would have led Facebook and Twitter to act differently.

The mention of “hack-and-leak” operations involving Hunter Biden is significant because the FBI previously received Hunter Biden’s laptop on December 9, 2019, and knew that the later-released story about Hunter Biden’s laptop was not Russian disinformation. 408

Doughty bases this claim on a November 2, 2022 Miranda Devine (!!!) column. The column is, predictably, riddled with debunked propaganda, including the shoddy Intercept piece that kicked off this campaign, the lawsuit itself (making it a self-licking ice cream cone), and a preview of John Paul Mac Isaac’s then unpublished book (though not the line where an FBI agent told JPMI’s father, “You may be in possession of something you don’t own”).

The paragraph from which Doughty bases his claim that FBI “knew that the later-released story about Hunter Biden’s laptop was not Russian disinformation” appears to be this one:

We know the FBI at the time was spying on Rudy Giuliani’s online cloud with a covert surveillance warrant. Therefore, it had access to his emails in August 2020 from computer store whistleblower John Paul Mac Isaac and to my text messages discussing when The Post would publish the story. It sure looks as if the FBI deliberately pre-censored a legitimate story for a political aim.

Of course, the paragraph doesn’t mention Russian disinformation, nor does JPMI’s role in the process rule out Russian disinformation (a point I laid out here).

Plus, the paragraph is factually wrong. Per failed redactions in a Lev Parnas filing and other filings in that Special Master docket, FBI obtained a warrant Rudy’s iCloud account and emails on November 4, 2019, before John Paul Mac Isaac was subpoenaed by the FBI, and nine months before JPMI reached out to Rudy. Rudy’s phones were seized with an April 21, 2021 warrant, long after the controversy in question (though at least several of those phones were corrupted). While it’s certainly likely that DOJ obtained a second warrant for Rudy’s emails after that, it would not have happened in 2020. In other words, there is no known legal process that obtained Rudy’s emails that would have included JPMI’s emails to him before the NYPost story came out.

Plus, JPMI’s emails to Rudy would only be in the scope of the known warrant against Rudy … if the laptop were part of a Ukranian effort to deal dirt to cause legal problems for Joe Biden and his family.

Devine may base her claim, at least in part, elsewhere. Her column also alludes to the disgruntled FBI agents who attacked Tim Thibault.

This year, whistleblowers have come forward to finger various FBI employees engaged in the cover-up. Timothy Thibault, the recently retired assistant special agent in charge of the FBI’s Washington, DC, field office, was the agency point man to manage Tony Bobulinski, Hunter’s business partner who went to the FBI with evidence of the Biden influence-peddling operation. Thibault allegedly ordered the investigation closed and has refused to cooperate with GOP members of the House Judiciary Committee.

This, too, is false. Thibault’s House Judiciary Committee interview reveals that his only involvement with the Tony Bobulinski interview was to address Bobulinski’s request to turn over just some of the material on some of his devices.

But Devine’s reliance on such disgruntled agents is interesting for another reason: because they are likely disgruntled at least partly because of warnings against the involvement of Steve Bannon associate Peter Schweizer in the Hunter Biden investigation. The disgruntled agents falsely claimed, elsewhere, that Thibault, on his own, shut down Schweizer as a source. Yet according to Thibault’s testimony, he did so only after two warnings. First, the lead FBI agent on the Hunter investigative team told Thibault that getting contents of the laptop from Schweizer, which they had already gotten, “could cause problems when you get to prosecution … and [] open doors for defense attorneys.” And shortly thereafter — so temporally in the same time period as the first NYPost story — FITF raised concerns about the Bannon associate. A week after the NYPost story, around October 21, FITF provided Thibault a classified briefing (from which they excluded the line FBI agents, in part because the daughter of one was posting related content on Daily Caller). That briefing described more context about FITF’s concerns.

In spite of all the obvious problems with Devine’s propaganda, it formed a key part of Doughty’s claim that FBI coercion, rather than an independent series of decisions about hosting potentially stolen content, resulted in the throttling of the first NYPost story.

And based on that shoddy case — based on the feverish conspiracy theories about the “Hunter Biden” “laptop” sustained by Eric Schmitt and Jeff Landry and Miranda Devine — Judge Doughty made it significantly riskier for Agent Chan and others to work with social media companies to do things like prevent Iranian hacks of US satellite companies.

Bret Baier’s False Claim, the Escort Service, and Former Fox News Pundit Keith Ablow

Deep into one version of what is referred to as the “Hunter Biden” “laptop,” (according to reports done for Washington Examiner by Gus Dimitrelos*) there’s a picture of a check, dated November 14, 2018, for $3,400, paid to a woman with a Slavic name. The check bears a signature that matches others, attributed to Hunter Biden, from the “laptop” also attributed to him. Along with a line crossing out Hunter’s ex-spouse’s name on the check, the check was marked on the memo line: “Blue Water Wellness” along with a word that is illegible–possibly “Rehab.”

The check appears in a chat thread, dated November 26, 2018, apparently initiated to set up tryst with an escort in New York  City. Just over 12 hours after setting up that tryst, the Russian or Ukrainian woman who manages the escort service, Eva, wrote back, asking Hunter if he was in New York, because she had a problem with his check, that $3,400 check dated twelve days earlier. Hunter was effusively apologetic, and offered to pay the presumed sex worker via wire, because it’s the only way he could be 100% certain it would get to her. Shortly thereafter, he sent two transfers from his Wells Fargo account, $3,200 plus $30 fees, directly to the woman’s bank account, and $800 via Zelle drawn on Wells Fargo.

Those transfers from Hunter Biden’s Wells Fargo account to a presumed sex worker with a Slavic name took place between the day, October 31, 2018, when IRS Agent Joseph Ziegler, newly arrived on IRS’ international tax squad, launched an investigation into an international online sex business and the day, December 10, 2018, when Ziegler would piggyback off that sex business investigation to launch an investigation into Hunter Biden. The Hunter Biden investigation was initially based off a Suspicious Activity Report from Wells Fargo sent on September 21, 2018 and from there, quickly focused on Hunter’s ties to Burisma, precisely the investigation the then President was demanding.

Understand: The entire five year long investigation of Hunter Biden was based off payments involving Wells Fargo quite similar to this one, the check for $3,400 to a sex worker associated (in this case, at least) with what Dimitrelos describes as an escort service.

Research on the company yielded bank reports indicating that [Hunter Biden] made payments to a U.S. contractor, who also had received payments from that U.K. company.

Only, this particular payment — the need to wire the presumed sex worker money to cover the check — ties the escort service to one of the businesses of former Fox News pundit Keith Ablow: Blue Water Wellness, a float spa just a few blocks down the road from where Ablow’s psychiatric practice was before it got shut down amid allegations of sex abuse of patients and a DEA investigation. Emails obtained from a different version of the “laptop” show that on November 13, Blue Water Wellness sent Hunter an appointment reminder, albeit for an appointment on November 17, not November 14. That appointment reminder is the first of around nine appointment reminders at the spa during the period.

The tryst with the presumed sex worker with the Slavic name does appear to have happened overnight between November 13 and 14.  Between 1:58 and 6:33AM, there were two attempts to sign into Hunter’s Venmo account from a new device, five verification codes sent to his email, and two password resets, along with the addition of the presumed sex worker to his Zelle account at Wells Fargo, which he would use to send her money over a week later. All that makes it appear like they were together, but Hunter didn’t have his phone, the phone he could use to pay her and so tried to do so from a different device. Maybe, he gave up, and simply wrote her a check, from the same account on which that Zelle account drew.

None of which explains why he appears to have written “Blue Water Wellness” on a check to pay a presumed sex worker. Maybe he was trying to cover up what he was paying for. Maybe he understood there to be a tie. Or maybe it was the advertising Blue Water did at the time.

Deep in a different part of the laptop analyzed by Dimitrelos, though, a deleted invoice shows that Hunter met with former Fox News pundit Keith Ablow on the same day as Hunter apparently wrote that check to the presumed sex worker. The deleted invoice reflects two 60-minute sessions billed by Baystate Psychiatry, the office just blocks away from the float spa.

Emails obtained from a different version of the “Hunter Biden” “laptop” show that at some point on November 26, 2018, as Hunter first arranged a tryst in New York City and then, no longer in New York, sent a wire directly from Wells Fargo to the presumed sex worker, someone accessed Hunter’s Venmo account from a new device — successfully this time — one located in Newburyport, MA, where former Fox News pundit Keith Ablow’s businesses were.

There are a number of things you’d need to do to rule out the possibility of Russian involvement in the process by which a laptop purportedly belonging to Hunter Biden showed up at the Wilmington repair shop of John Paul Mac Isaac, from there to be shared with Rudy Giuliani, who then shared it with three different Murdoch outlets and a ton of other right wing propagandists, many of them members of Congress.

One of those would be to rule out that any of the sex workers tied to this escort service had a role in compromising Hunter Biden’s digital identity, thereby obtaining credential information that would make it easy to package up a laptop that would be especially useful to those trying to destroy the life of the son of Donald Trump’s opponent. There’s no evidence that any of the sex workers were involved, but throughout 2018, there are a number of device accesses involving Hunter’s Venmo account, the iCloud account packaged up on “the laptop,” and different Google accounts — including between the day on November 13 when Hunter appears to have met the woman with the Slavic name and the date on November 26 when he wired her money — that should at least raise concerns that his digital identity had been compromised. I’ve laid out just a fraction of them in this post and this post, both of which focus on the later period when Hunter was in the care of the former Fox News pundit.

If you wanted to compromise Hunter Biden, as certain Russian-backed agents in Ukraine explicitly did, doing so via the sex workers, drug dealers, and fellow junkies he consorted with in this period would be painfully easy. Indeed, in Hunter’s book, he even described other addicts walking off with his, “watch or jacket or iPad—happened all the time.” Every single one of those iPads that walked away might include the keys to Hunter’s digital life, and as such, would be worth a tremendous amount of money to those looking to score their next fix. To rule out Russian involvement, you’d have to ID every single one of them and rule out that they were used for ongoing compromise of Hunter or, barring that, you’d have to come up with explanations, such as the likelihood that Hunter was trying to pay a sex worker but didn’t have his phone with him and so used hers, for the huge number of accesses to his accounts, especially the iCloud account ultimately packaged up.

Of course, explaining how a laptop purportedly belonging to Hunter Biden showed up at Mac Isaac’s shop would also require explaining how a laptop definitely belonging to Hunter Biden came to be left in former Fox News pundit Keith Ablow’s possession during precisely the same period when (it appears) Hunter Biden’s digital life was getting packaged up, a laptop Ablow did nothing to return to its owner and so still had when the DEA seized it.

Bret Baier lied about the Hunter Biden laptop

Given the unanswered questions about the role of a former Fox News pundit in all this, you’d think that Fox personalities would scrupulously adhere to the truth about the matter, if for no other reason than to avoid being legally implicated in any conspiracies their former colleague might have been involved with, or to avoid kicking off another expensive defamation lawsuit.

Sadly, Bret Baier couldn’t manage to stick to the truth in his attempt to sandbag former CIA Director Leon Panetta on Friday. Baier debauched the gravity of an appearance purportedly focused on the Hamas attack and aftermath,  with what he must have thought was a clever gotcha question about a letter Leon Panetta signed in October 2020 stating the opinion that the emails being pitched by Murdoch outlet New York Post, “has all the classic earmarks of a Russian information operation.” The letter not only expressed an opinion, but it cited four specific data points and two observations about known Russian methods, all of which were and remain true to to this day.

And in the process, Bret Baier made a false claim.

Bret Baier made a false claim and all of Fox News’ watchers and all the other propagandists made the clip of Bret Baier making a false claim go viral, because they apparently either don’t know or don’t care that Baier couldn’t even get basic facts right. They are positively giddy that Baier used the tragedy of a terrorist attack to demonstrate his own ignorance or willful deceit about Fox’s favorite story, Hunter Biden’s dick pics.

From the get-go, Baier adopted a rhetorical move commonly used by Murdoch employees and frothy right wingers sustaining their blind faith in “the laptop:” He conflated “the laptop” with individual emails.

Baier: I’d be remiss if I didn’t ask you about that letter you signed onto from former intelligence officials saying that the laptop and the emails had all the classic earmarks of a Russian information operation. Obviously the New York Post and others saying the Hunter Biden letter was the real disinformation all along. Um, that letter was used in the debate, I haven’t asked you this. But do you have regrets about that, now looking back, knowing what you know now? [my emphasis]

The spooks’ letter Panetta signed addressed emails, not “the laptop.” The only use of the word “laptop” in the letter was in labeling this a potential “laptop op,” a way to package up emails meant to discredit Joe Biden. The letter even includes “the dumping of accurate information” among the methods used in Russian information operations.

Having conflated emails and “the laptop,” Baier then asked whether Panetta thinks “it,” now referring just to “the laptop,” not even the hard drives of copies from the laptop in question, was real.

Panetta: Well, you know, Bret, I was extremely concerned about Russian interference and misinformation. And we all know it. Intelligence agencies discovered that Russia had continued to push disinformation across the board. And my concern was to kind of alert the public to be aware that these disinformation efforts went on. And frankly, I haven’t seen any evidence from any intelligence that that was not the case.

Baier: You don’t think that it was real?

Having first conflated emails and the laptop, then substituted the laptop for the emails addressed in the letter, Baier then falsely claimed that, “Hunter Biden said it was his laptop.”

Panetta: I think that, I think that disinformation is involved here. I think Russian disinformation is part of what we’re seeing everywhere. I don’t trust the Russians. And that’s exactly why I was concerned that the public not trust the Russians either.

Baier: I don’t want to dwell on this because we have bigger things to talk about. Bigger urgency. But obviously, Hunter Biden said it was his laptop, and this investigation continues. [my emphasis]

I understand how frothy right wingers misunderstand what Hunter Biden has said about the data associated with “the laptop,” but Baier presents as a journalist, and you’d think he’d take the time to read the primary documents.

Hunter Biden admits some data is his, but denies knowledge of the “laptop”

The claim that Hunter Biden has said “the laptop” was his arises from three lawsuits: first, from Hunter Biden’s response and counterclaim to John Paul Mac Isaac’s lawsuit, then of Hunter’s lawsuit against Garrett Ziegler, and finally, the lawsuit against Rudy Giuliani.

Regarding the first of those filings, Hunter Biden based his countersuit against JPMI on an admission that JPMI came into possession of electronically stored data, at least some of which belonged to him. But he specifically did not admit that JPMI “possessed any particular laptop … belonging to Mr. Biden.”

5. In or before April 2019, Counterclaim Defendant Mac Isaac, by whatever means, came into possession of certain electronically stored data, at least some of which belonged to Counterclaim Plaintiff Biden.1

1 This is not an admission by Mr. Biden that Mac Isaac (or others) in fact possessed any particular laptop containing electronically stored data belonging to Mr. Biden. Rather, Mr. Biden simply acknowledges that at some point, Mac Isaac obtained electronically stored data, some of which belonged to Mr. Biden.

Regarding JPMI’s claims that Hunter dropped off the laptop,

169. HUNTER knowingly left his laptop with Plaintiff on April 12, 2019.

170. Soon thereafter HUNTER returned to Plaintiff’s shop to leave an external hard drive to which Plaintiff could transfer the data from HUNTER’s laptop.

171. HUNTER never returned to Plaintiff’s shop pick up his laptop

Hunter denied sufficient knowledge to answer all of them.

169. Mr. Biden is without knowledge sufficient to admit or deny the allegations in paragraph 169.

170. Mr. Biden is without knowledge sufficient to admit or deny the allegations in paragraph 170.

171. Mr. Biden admits that, if he ever had visited before, he did not return to Plaintiff’s shop.

In response to JPMI’s claim that Hunter knew of the phone call his lawyer, George Mesires, made to JPMI in October 2020 and the email follow-up that in any case doesn’t substantiate what JPMI claimed about the phone call,

31. On October 13, 2020, Plaintiff received a call from Mr. George Mesires,1 identifying himself as HUNTER’s attorney, asking if Plaintiff still had possession of his client’s laptop and following up thereafter with an email to the Plaintiff. Copy of email attached as EXHIBIT C.

[snip]

174. HUNTER’s attorney, George Mesires contacted Plaintiff on October 13, 2020 about the laptop.

Hunter admitted that Mesires was his attorney but denied knowing anything more.

31. Mr. Biden admits that Mr. George Mesires was his attorney. Mr. Biden is without knowledge sufficient to admit or deny the remaining allegations in paragraph 31.

[snip]

174. Mr. Biden admits that Mr. Mesires was his attorney. Mr. Biden is without knowledge sufficient to admit or deny the remaining allegations in paragraph 174.

In response to JPMI’s claim that Hunter Biden said something about the laptop without mentioning JPMI,

172. When asked about the laptop in a television interview broadcast around the world, HUNTER stated, “There could be a laptop out there that was stolen from me. It could be that I was hacked. It could be that it was the – that it was Russian intelligence. It could be that it was stolen from me. Or that there was a laptop stolen from me.” See https://edition.cnn.com/2021/04/02/politics/hunterbiden-laptop/index.html.

173. HUNTER knew it was his laptop.

Hunter Biden admitted he made the comment that didn’t mention JPMI — a comment on which JPMI based a $1.5M defamation claim!! — but again denied knowing whether or not the laptop was his.

172. Admitted and Mr. Biden further answers that the statement makes no mention of or even a reference to Plaintiff.

173. Mr. Biden is without knowledge sufficient to admit or deny the allegations in paragraph 173.

Of some interest, in response to JPMI’s claim that the information that appeared in the NYPost came from Hunter, who voluntarily left his laptop with JPMI,

67. The information contained in the NY POST exposé came from HUNTER who voluntarily left his laptop with the Plaintiff and failed to return to retrieve it.

Hunter outright denied the claim.

67. Denied.

Hunter Biden claimed that Rudy hacked Hunter’s data

That last claim — the outright denial that the data in the NYPost story came from Hunter — is of particular interest given something Denver Riggleman recently said. He described that the Hunter Biden team now has the data that JPMI shared with others — apparently thanks to this countersuit — and they’ve used it to compare with the data distributed forward from there.

Also, we know now, since the Hunter Biden team has the John Paul Mac Isaac data that was given to Rudy Giuliani and given to CBS, we also know that that data had no forensic chain of custody and it was not a forensic copy of any type of laptop, or even multiple devices that we can see. It was just a copy-paste of files, more or less.

[snip]

We know that there’s different data sets in different portions of the Internet attributed to Hunter’s data — or, to Hunter’s laptop.

[nip]

Now that we do have forensic data — Hunter Biden team has more foensic data than anybody else out there — we can actually start to compare and contrast. And that’s why you see the aggressiveness from the Hunter Biden legal team.

The lawsuit against Rudy and Costello claims that at some point, Rudy and Costello did things that amount to accessing Hunter’s data unlawfully. Hacking.

23. Following these communications, Mac Isaac apparently sent via FedEx a copy of the data he claimed to have obtained from Plaintiff to Defendant Costello’s personal residence in New York on an “external drive.” Once the data was received by Defendants, Defendants repeatedly “booted up” the drive; they repeatedly accessed Plaintiff’s account to gain access to the drive; and they proceeded to tamper with, manipulate, alter, damage and create “bootable copies” of Plaintiff’s data over a period of many months, if not years. 2

24. Plaintiff has discovered (and is continuing to discover) facts concerning Defendants’ hacking activities and the damages being caused by those activities through Defendants’ public statements in 2022 and 2023. During one interview, which was published on or about September 12, 2022, Defendant Costello demonstrated for a reporter precisely how Defendants had gone about illegally accessing, tampering with, manipulating and altering Plaintiff’s data:

“Sitting at a desk in the living room of his home in Manhasset, [Defendant Costello], who was dressed for golf, booted up his computer. ‘How do I do this again?’ he asked himself, as a login window popped up with [Plaintiff’s] username . . .”3

By booting up and logging into an “external drive” containing Plaintiff’s data and using Plaintiff’s username to gain access Plaintiff’s data, Defendant Costello unlawfully accessed, tampered with and manipulated Plaintiff’s data in violation of federal and state law. Plaintiff is informed and believes and thereon alleges that Defendants used similar means to unlawfully access Plaintiff’s data many times over many months and that their illegal hacking activities are continuing to this day.

[snip]

26. For example, Defendant Costello has stated publicly that, after initially accessing the data, he “scrolled through the laptop’s [i.e., hard drive’s] email inbox” containing Plaintiff’s data reflecting thousands of emails, bank statements and other financial documents. Defendant Costello also has admitted publicly that he accessed and reviewed Plaintiff’s data reflecting what he claimed to be “the laptop’s photo roll,” including personal photos that, according to Defendant Costello himself, “made [him] feel like a voyeur” when he accessed and reviewed them.

27. By way of further example, Defendant Costello has stated publicly that he intentionally tampered with, manipulated, and altered Plaintiff’s data by causing the data to be “cleaned up” from its original form (whatever this means) and by creating “a number of new [digital] folders, with titles like ‘Salacious Pics’ and ‘The Big Guy.’” Neither Mac Issac nor Defendants have ever claimed to use forensically sound methods for their hacking activities. Not surprisingly, forensic experts who have examined for themselves copies of data purportedly obtained from Plaintiff’s “laptop” (which data also appears to have been obtained at some point from Mac Isaac) have found that sloppy or intentional mishandling of the data damaged digital records, altered cryptographic featuresin the data, and reduced the forensic quality of data to “garbage.”

2 Plaintiff’s investigation indicates that the data Defendant Costello initially received from Mac Isaac was incomplete, was not forensically preserved, and that it had been altered and tampered with before Mac Issac delivered it to Defendant Costello; Defendant Costello then engaged in forensically unsound hacking activities of his own that caused further alterations and additional damage to the data he had received. Discovery is needed to determine exactly what data of Plaintiff Defendants received, when they received it, and the extent to which it was altered, manipulated and damaged both before and after receipt.

3 Andrew Rice & Olivia Nuzzi, The Sordid Saga of Hunter Biden’s Laptop, N.Y. MAG. (Sept. 12, 2022), https://nymag.com/intelligencer/article/hunter-biden-laptop- investigation.html.

I don’t think Hunter’s team would have compared the data Rudy shared with the NYPost before Hunter denied, outright, that “The information contained in the NY POST exposé came from HUNTER.” But based on what Riggleman claimed, they have since, and did compare it, before accusing Rudy and a prominent NY lawyer of hacking Hunter Biden’s data.

Hunter Biden’s team admits they don’t know the precise timing of this: “the precise timing and manner by which Defendants obtained Plaintiff’s data remains unknown to Plaintiff.” DDOSecrets points to several emails that suggest Rudy and Costello did more than simply review available data, however. For example, it points to this email created on September 2, 2020, just after the former President’s lawyer got the hard drive.

September 2, 2020: A variation of a Burisma email from 2016 is created and added to the cache. The email and file metadata both indicate it was created on September 2, 2020.

But the lawsuit, if proven, suggests the possibility that between the time JPMI shared the data with Rudy and the time Rudy shared it with NYPost, Rudy may have committed federal violations of the Computer Federal Fraud and Abuse Act — that is, Hunter alleges that between the time JPMI shared the data and the time NYPost published derivative data, Rudy may have hacked Hunter Biden’s data.

If he could prove that, it means the basis Twitter gave for throttling the NYPost story in October 2020 — they suspected the story included materials that violated Twitter’s then prohibition on publishing hacked data — would be entirely vindicated.

For example, on October 14th, 2020, the New York Post tweeted articles about Hunter Biden’s laptop with embedded images that look like they may have been obtained through hacking. In 2018, we had developed a policy intended to, to prevent Twitter from becoming a dumping ground for hacked materials. We applied this policy to the New York Post tweets and blocked links to the articles embedding those source materials. At no point did Twitter otherwise prevent tweeting, reporting, discussing or describing the contents of Mr. Biden’s laptop.

[snip]

My team and I exposed hundreds of thousands of these accounts from Russia, but also from Iran, China and beyond. It’s a concern with these foreign interference campaigns that informed Twitter’s approach to the Hunter Biden laptop story. In 2020, Twitter noticed activity related to the laptop that at first glance bore a lot of similarities to the 2016 Russian hack and leak operation targeting the dnc, and we had to decide what to do, and in that moment with limited information, Twitter made a mistake under the distribution of hacked material policy.

If Hunter can prove that — no matter what happened in the process of packaging up this data before it got to JPMI, whether it involved the compromise of Hunter’s digital identity before JPMI got the data, which itself would have been a hack that would also vindicate Twitter’s throttling of the story  — it would mean all the data that has been publicly released is downstream from hacking.

For Twitter, it wouldn’t matter whether the data was hacked by Russia or by Donald Trump’s personal lawyer, it would still violate the policy as it existed at the time.

Importantly, this remains a claim about data, not about a laptop. The lawsuit against Rudy and Costello repeats the claim made in the JPMI counterclaim: while JPMI had data, some of which belongs to Hunter, Hunter is not — contrary to Bret Baier’s false claim — admitting that, “Hunter Biden said it was his laptop.”

2. Defendants themselves admit that their purported possession of a “laptop” is in fact not a “laptop” at all. It is, according to their own public statements, an “external drive” that Defendants were told contained hundreds of gigabytes of Plaintiff’s personal data. At least some of the data that Defendants obtained, copied, and proceeded to hack into and tamper with belongs to Plaintiff.1

1 This is not an admission by Plaintiff that John Paul Mac Isaac (or others) in fact possessed any particular laptop containing electronically stored data belonging to Plaintiff. Rather, Plaintiff simply acknowledges that at some point, Mac Isaac obtained electronically stored data, some of which belonged to Plaintiff.

In two lawsuits, Hunter Biden explicitly said that he was not admitting what Baier falsely claimed he had.

I know this is Fox News, but Baier just blithely interrupted a sober discussion about a terrorist attack to make a false claim about “the laptop.”

Hunter Biden claims that Garrett Ziegler hacked Hunter’s iPhone

Hunter Biden’s approach is different in the Garrett Ziegler lawsuit, in which he notes over and over that Ziegler bragged about accessing something he claimed to be Hunter Biden’s laptop, but which was really, “a hard drive that Defendants claim to be of Plaintiff’s ‘laptop’ computer.” By the time things got so far downstream to Ziegler, there was no pretense this was actually a laptop, no matter what Baier interrupted a discussion about terrorism to falsely claim.

But that paragraph explicitly denying admission about this being a laptop is not in the Ziegler suit.

There’s a likely reason for that. The core part of the claim against Ziegler is that Ziegler unlawfully accessed a real back-up of Hunter Biden’s iPhone, which was stored in encrypted form in iTunes — just as I laid out had to have happened months before that lawsuit.

28. Plaintiff further is informed and believes and thereon alleges that at least some of the data that Defendants have accessed, tampered with, manipulated, damaged and copied without Plaintiff’s authorization or consent originally was stored on Plaintiff’s iPhone and backed-up to Plaintiff’s iCloud storage. On information and belief, Defendants gained their unlawful access to Plaintiff’s iPhone data by circumventing technical or code-based barriers that were specifically designed and intended to prevent such access.

29. In an interview that occurred in or around December 2022, Defendant Ziegler bragged that Defendants had hacked their way into data purportedly stored on or originating from Plaintiff’s iPhone: “And we actually got into [Plaintiff’s] iPhone backup, we were the first group to do it in June of 2022, we cracked the encrypted code that was stored on his laptop.” After “cracking the encrypted code that was stored on [Plaintiff’s] laptop,” Defendants illegally accessed the data from the iPhone backup, and then uploaded Plaintiff’s encrypted iPhone data to their website, where it remains accessible to this day. It appears that data that Defendants have uploaded to their website from Plaintiff’s encrypted “iPhone backup,” like data that Defendants have uploaded from their copy of the hard drive of the “Biden laptop,” has been manipulated, tampered with, altered and/or damaged by Defendants. The precise nature and extent of Defendants’ manipulation, tampering, alteration, damage and copying of Plaintiff’s data, either from their copy of the hard drive of the claimed “Biden laptop” or from Plaintiff’s encrypted “iPhone backup” (or from some other source), is unknown to Plaintiff due to Defendants’ continuing refusal to return the data to Plaintiff so that it can be analyzed or inspected. [my emphasis]

Hunter Biden’s team has backup for this assertion, thanks to the notes Gary Shapley took in an October 22, 2022 meeting about what was an actual laptop JPMI handed over to the FBI. On that laptop — which the FBI had confirmed was associated with Hunter Biden’s iCloud account and which it tied to data that could all be falsifiable to someone in possession of the laptop, which had means to intercept and redirect emails and calls to Hunter’s real devices, but which the FBI still had not validated 10 months after obtaining it — the iPhone content was encrypted.

Laptop — iphone messages were on the hard drive but encrypted they didn’t get those messages until they looked at laptop and found a business card with the password on it so they were able to get into the iphone messages [my emphasis]

Even the FBI needed to find a password to access the iPhone content that Ziegler has bragged about accessing. (Note: there have been four known accesses to this data, and every single one of them claims to have used a different means to break the encryption, which in my mind raises real questions about the nature of the business card). But the FBI had a warrant. Ziegler did not.

There are still a great deal of questions one would have to answer before entirely ruling out that Russians were involved in the process of packaging up Hunter Biden’s digital identity; the possible role of a Russian escort service is only one of at least three possible ways Russia might be involved. Yet Bret Baier is unwilling to pursue those questions — starting with the unanswered questions about the role that Baier’s former Fox News colleague played.

But with all those unanswered questions, Baier was nevertheless willing to interrupt a discussion about terrorism to make false claims about what is known.

Update: I’ve taken out that this was specifically a Russian escort service. Some outlets claim Eva is Ukrainian. Dimitrelos does claim that Hunter searched for “Russian escort service,” though.

Update: Added the Bluewater Wellness Intramuscular Injection ad from October 2018.

Update: Added the observation about a newly created email from DDOSecrets.

Update: I was reminded of Bret Baier’s opinion in the same days when Leon Panetta was expressing his doubts about this story.

During a panel on his Thursday evening show, Baier addressed the Post‘s story and the decision by both Twitter and Facebook to limit sharing of the story on their respective platforms because of concerns about spreading misinformation. The move elicited fierce pushback from conservatives and sparked a vote on a Congressional subpoena of Twitter CEO Jack Dorsey.

“The Biden campaign says the meeting never happened, it wasn’t on the schedules, they say,” Baier noted. “And the email itself says ‘set up’ for a meeting” instead of discussing an actual meeting.

Baier then played an audio clip from a SiriusXM radio interview of Giuliani, where he appeared to alter the original details of who dropped off the laptop from which the emails in question were purportedly obtained. The computer store owner who gave a copy of the laptop’s hard drive to Giuliani was also heard explaining how he is legally blind and couldn’t for certain identify just who delivered the computer to him.

” Let’s say, just not sugarcoat it. The whole thing is sketchy,” Baier acknowledged. “You couldn’t write this script in 19 days from an election, but we are digging into where this computer is and the emails and the authenticity of it.”

Featured image courtesy of Thomas Fine.


*As I have noted in the past, Dimitrelos prohibited me from republishing his reports unless I indemnify him for the privacy violations involved. I have chosen instead — and am still attempting — to get permission from Hunter Biden’s representatives to reproduce redacted parts of this report that strongly back Hunter’s claim of being hacked.

“They Were Trying to Boot the Machine:” John Paul Mac Isaac Claims the FBI Really WERE That Incompetent

If you can believe John Paul Mac Isaac, the FBI did some incredibly bone-headed things after they obtained Hunter Biden’s laptop in December 2019. As he describes it in his book (which I read recently while stuck in a hospital awaiting foot surgery), on the very same day the FBI collected the laptop purported to belong to Hunter Biden, on December 9, 2019, someone named “Matt” told Mac Isaac they had tried to boot it up.

“Hi, my name is Matt,” said a voice I didn’t recognize. “I work with Agent DeMeo and Agent Wilson. Do you have a second? I have some questions about accessing the laptop.”

Confused, I responded, “Sure, what’s going on?”

“Did the laptop come with any cables or a charger? How can I connect the drive to a PC? When I plug it in, it wants to format the drive,” Matt said.

“PCs can’t natively read Mac-formatted disks. You will only be able to access the drive from another Mac.”

This is fairly common knowledge among most computer users, and I was surprised that any kind of tech person wouldn’t know it.

“Sadly, Hunter never left the charger or any other cables,” I went on. “I have a charger and everything you need back at the shop. You guys are welcome to it.”

I was feeling really uncomfortable. This Matt guy definitely didn’t seem to have the training or resources to be performing a forensic evaluation of the laptop. Hadn’t the whole reason for taking the laptop been to get it to a lab for proper evaluation and dissemination?

“Tell him we’re OK and we won’t need to go back to his shop,” Agent DeMeo said in the background. “We’ll call you back if we need to,” Matt said before hanging up.

[snip]

“Hi, it’s Matt again. So, we have a power supply and a USB-C cable, but when we boot up, I can’t get the mouse or keyboard to work.”

I couldn’t believe it—they were trying to boot the machine!

“The keyboard and trackpad were disconnected due to liquid damage. If you have a USB-C–to–USB-A adaptor, you should be able to use any USB keyboard or mouse,” I said. He related this to Agent DeMeo and quickly hung up.

Matt called yet again about an hour later.

“So this thing won’t stay on when it’s unplugged. Does the battery work?”

I explained that he needed to plug in the laptop and that once it turned on, the battery would start charging. I could sense his stress and his embarrassment at having to call repeatedly for help. [my emphasis]

To be sure, you can’t believe Mac Isaac.

His own story is riddled with questionable details and important discrepancies.

The most important discrepancy is his description of the laptop he turned over to the FBI, which he describes as a 2016 Mac, not the 2018 Mac identified by serial number.

I moved on to the last Mac, a thirteen-inch 2016 MacBook Pro. The drive was soldered onto the logic board. This one powered on but then would shut down. I suspected that there was a short in the keyboard or trackpad, and if I took it apart, I could at least get it to boot and possibly recover the data.

As I understand it, Mac Isaac’s claims that the hard drive was soldered onto the logic board is also inconsistent with the known details of the laptop shared with the FBI.

But there are important other discrepancies between the story Mac Isaac tells and the one the government tells. In his timeline of his interactions with the FBI, Mac Isaac gets the date for the actual handoff, December 9, correct, but other dates he uses differ from those that show up in Gary Shapley’s timeline. For example:

  • Mac Isaac says that Agent Josh Wilson (who is mentioned in Shapley’s notes) reached out to his father on November 1; Shapley’s notes say that happened on November 3
  • Mac Isaac says that Wilson called him on November 4; Shapley’s notes say that happened on November 6
  • Mac Isaac says that Wilson came to his home on November 19; Shapley’s notes say that happened on November 7

These discrepancies aren’t all that important, legally. But Mac Isaac’s dates seem tailored to the impeachment proceedings going on in the same period, and so to laying a foundation for sharing the laptop with Rudy Giuliani.

A far more important set of discrepancies pertain to Mac Isaac’s description of what happened on December 9, 2019.

The blind computer repairman first describes that the second agent, Agent Mike DeMeo, called him to ask for the device identifiers that morning, before coming to the shop to pick up the device.

Agent DeMeo called around 9:30 a.m. It caught me a little off guard. The only other time we had communicated was shortly after our meeting almost three weeks earlier. He had asked me then to text him the timeline of my interaction with Hunter. I figured that he wanted something in writing showing the chain of custody—or it was an effort to trap me into writing something that could be twisted into a charge of lying to the FBI.

This time, he asked me to text him the model and serial number of the external drive and laptop. I explained that I hadn’t made it to the shop yet. “I need this information before we head over,” he insisted. “It’s important.”

“Give me thirty-five minutes,” I responded, then hung up. I finished getting ready and headed to the shop. After texting the numbers to Agent DeMeo, I waited in the shop with the blinds closed and the lights out, so as not to announce that the store was open. [my emphasis]

Shapley described that the FBI obtained and confirmed the device identifier before they ever met Mac Isaac, on November 6 (though perhaps Mac Isaac only referred to other identifiers needed for the subpoena).

Nevertheless, this discrepancy is important for a number of reasons, not least that if the FBI looked at all closely at the returns on a subscriber subpoena to Apple, it should have raised significant alarm that someone was trying to hack Hunter Biden. But if they didn’t obtain this information until the day they obtained the laptop, then they couldn’t have reviewed the subscriber data very closely in advance. That negligence might, in turn, amount to negligence in missing clear signs that the then former VP’s son was being hacked.

As Mac Isaac describes it, it was not until Agents arrived at his shop that they told him they were going to seize the laptop with a subpoena rather than imaging the laptop there at the shop.

Both agents arrived at my door about a half hour late. “Where’s the tech?” I asked, holding the door open.

“We have a change of plans,” Agent Wilson responded. “Can we go in the back?”

I led the agents to the back, and Agent Wilson placed his bag on the workbench. “

I have a subpoena here to collect the laptop, the drive, and all paperwork associated with the equipment,” he said, pulling out a collection of very formal and important-looking paperwork. “I’ll need you to sign it.”

When Mac Issac asked why they had changed their plan, he claims, lead Agent Josh Wilson deferred to Agent Mike DeMeo, who told him that they were taking the laptop back to a lab to image.

“You guys scared the shit out of me!” I exclaimed. “So why the change of plans? Don’t get me wrong; I’m grateful that you’re taking this stuff out of my shop.”

Agent Wilson looked over at Agent DeMeo, who was buried in his clipboard. “Ah, Mike?” he said. Agent DeMeo paused his writing and said, “We have a lab that takes these things and is better equipped than our field tech.”

Mac Isaac also claims that at that same meeting, DeMeo told him only to contact him, not Wilson.

“Tell them you keep abandoned equipment offsite, like a warehouse location,” Agent DeMeo answered, taking over. “Tell them it will take a day for you to check and they should call back the next day. Then immediately text me at my cell number. From now on, only communicate through my cell number. Not Agent Wilson, just me. We need to avoid communicating through, ah, normal channels. I’m sure you can understand. Text me and we will get the equipment back to you and deal with the situation.”

This communication works the opposite of the way you’d expect. Often, second agents are asked to take the stand, so you’d want them to have a clean digital trail. Here, the lead agent, Agent Wilson, was protecting his communications, whereas the second agent was not.

And then, as Mac Isaac tells it, that very same day, someone else, “Matt,” called using DeMeo’s phone, asking really embarrassing questions about how to access the laptop.

The claim that someone at the FBI was trying to boot up the laptop is alarming enough — though as I noted in July, there is some corroboration for the claim in Gary Shapley’s notes.

FBI determined in order to do a full forensic review a replacement laptop had to be purchased so the hard drive could be installed, booted and imaged.

[snip]

Josh Wilson stated that (while laughing) so whoever [people wanting to review the laptop] are they are going to have to buy a laptop to put the hard drive so they can read it.

Where Mac Isaac’s claims are totally inconsistent with the FBI claims, in a way that would cause grave legal problems for the FBI, is the date: Mac Isaac claims that the FBI was trying to boot up the laptop that same day, on December 9.

According to Gary Shapley’s notes, the FBI didn’t have approval to even get a warrant on December 9, much less have a signed warrant itself.

The FBI didn’t have a warrant to access the “Hunter Biden” “laptop” until December 13.

And yet, if you can believe Mac Isaac, the FBI was already trying to boot it up, perhaps irreparably altering its contents, three days before they got a warrant.

Featured image showing known dissemination of the “Hunter Biden” “laptop” by Thomas Fine.