RIP Riverboat Queen

/52 Comments/in /by

As you may have heard, Tina Turner has passed at the age of 83. It is pretty hard to describe how incredible, and important, she was over so many decades. When I was a kid, I knew of the Ike and Tina Turner Revue. Later just Tina.

One thing was consistent: Tina Turner blew the lid off of any joint she played. I saw her twice and that is exactly what she did. Won’t say that about too many acts, but it is easy as to Tina.

Wiki indicates:

“In the 1980s, Turner launched “one of the greatest comebacks in music history”. Her 1984 multi-platinum album Private Dancer contained the hit song “What’s Love Got to Do with It”, which won the Grammy Award for Record of the Year and became her first and only number one song on the Billboard Hot 100. Aged 44, she was the oldest female solo artist to top the Hot 100. Her chart success continued with “Better Be Good to Me”, “Private Dancer”, “We Don’t Need Another Hero (Thunderdome)”, “Typical Male”, “The Best”, “I Don’t Wanna Fight” and “GoldenEye”. During her Break Every Rule World Tour in 1988, she set a then-Guinness World Record for the largest paying audience (180,000) for a solo performer.”

Eh, not sure that was so much a “comeback” as proof she was fine without the abusive Ike. She was the first black artist and first woman to be on the cover of Rolling Stone. That says something important.

And she almost never stopped from there. Until now, and that sucks.

Tina Turner was a force to be reckoned with. She demanded that attention, and rightfully got it.

There are two videos attached, one early Tina, and one much later. The force that she was is truly visible in both.

Marcy asked our intrepid Roving Reporter Rosalind to write something, and I very much hope she does. I will incorporate into this post the second it appears.

Share this entry

The Potential International Grift Hiding behind the Stolen Documents Investigation

/90 Comments/in , , /by

Back in November, Devlin Barrett (along with WaPo’s Trump-whisperer, Josh Dawsey) published a column claiming investigators had found nothing to suggest that Trump was trying to monetize the documents he stole.

That review has not found any apparent business advantage to the types of classified information in Trump’s possession, these people said. FBI interviews with witnesses so far, they said, also do not point to any nefarious effort by Trump to leverage, sell or use the government secrets. Instead, the former president seemed motivated by a more basic desire not to give up what he believed was his property, these people said.

I mocked Devlin’s credulity at the time. His story was utterly inconsistent with — and made no mention of — several details we (or I) already knew about the documents. It also showed no consideration of the value that the already-described documents would have for Trump’s business partners, the Saudis.

As Devlin Barrett’s sources would have it, a man whose business ties to the Saudis include a $2 billion investment in his son-in-lawa golf partnership of undisclosed value, and a new hotel development in Oman would have no business interest in stealing highly sensitive documents describing Iran’s missile systems.

The story was transparently an attempt by someone to prematurely cement an investigative conclusion, almost a month before the stay on DOJ’s access to the unclassified documents seized last August was lifted. Just two days later, Trump announced his bid for another Presidential term, and two days after that, Merrick Garland appointed Jack Smith, someone who had no partisan stake in issuing premature exoneration for Trump.

Yesterday, as the NYT published a second substantive story about Jack Smith’s subpoena for information about Trump’s business deals, Devlin published a perfunctory one. Even before he describes the subpoena, Devlin reports a single source concluding, as his sources concluded last November, “nothing to see here.”

But the inquiry produced little that wasn’t already publicly known, this person said, speaking on the condition of anonymity to discuss an ongoing criminal investigation.

Prosecutors sought information on any real estate and development deals reached in China, France, Turkey, Saudi Arabia, Kuwait, the United Arab Emirates and Oman, the person said.

The Trump Organization’s public website lists only one deal in that time frame in one of those countries, Oman, and that deal was done after Trump left the White House.

Devlin’s story notes his earlier report, but not how wildly it conflicted with even the events known at the time, emphasizing China not Iran.

The Washington Post reported last year that while the classified documents included sensitive information about U.S. intelligence-gathering aimed at China, among other subjects, investigators did not see an obvious financial motive in the type of documents recovered from Mar-a-Lago.

NYT’s more substantive story on this inquiry expresses far less certainty than Devlin’s single attributed source about what the subpoena obtained, much less what Smith already had to support this line of inquiry.

The Trump Organization swore off any foreign deals while he was in the White House, and the only such deal Mr. Trump is known to have made since then was with a Saudi-based real estate company to license its name to a housing, hotel and golf complex that will be built in Oman. He struck that deal last fall just before announcing his third presidential campaign.

The push by Mr. Smith’s prosecutors to gain insight into the former president’s foreign business was part of a subpoena — previously reported by The New York Times — that was sent to the Trump Organization and sought records related to Mr. Trump’s dealings with a Saudi-backed golf venture known as LIV Golf, which is holding tournaments at some of his golf clubs. (Mr. Trump’s arrangement with LIV Golf was reached well after he removed documents from the White House.)

Collectively, the subpoena’s demand for records related to the golf venture and other foreign ventures since 2017 suggests that Mr. Smith is exploring whether there is any connection between Mr. Trump’s deal-making abroad and the classified documents he took with him when he left office.

It is unclear what material the Trump Organization has turned over in response to the subpoena or whether Mr. Smith has obtained any separate evidence supporting that theory.

Neither story describes whether the subpoena listed which crimes are under investigation. On that topic, the NYT, as part of boilerplate, repeats the same thing I do when I make boilerplate recitations of the crimes under investigation: 18 USC 793(e), refusing to return classified documents, and 18 USC 1519, obstruction of the efforts to get those classified documents back.

While establishing a motive for why Mr. Trump kept hold of certain documents could be helpful to Mr. Smith, it would not necessarily be required in proving that Mr. Trump willfully maintained possession of national defense secrets or that he obstructed the government’s repeated efforts to get the materials back. Those two potential crimes have long been at the heart of the government’s documents investigation.

Devlin uses similar boilerplate.

The Mar-a-Lago investigation has centered on two potential crimes — possible obstruction for not complying with the subpoena, and possible mishandling of national security secrets for keeping classified documents in an unauthorized location

We are — all of us, myself included — forgetting the third statute included on the search warrant that once seemed a mere backstop to the others, 18 USC 2071, intentionally removing government documents. That statute, which once upon a time might have been used as the crime to which Trump could plead down in a plea agreement, carries only a three year max sentence. But along with that sentence, it disqualifies someone convicted of it from holding public office, something that would be challenged constitutionally following any jury verdict but which would be waived under any plea deal.

Whoever, having the custody of any such record, proceeding, map, book, document, paper, or other thing, willfully and unlawfully conceals, removes, mutilates, obliterates, falsifies, or destroys the same, shall be fined under this title or imprisoned not more than three years, or both; and shall forfeit his office and be disqualified from holding any office under the United States.

I’ve always believed (as have experts I trust) that this would be a particularly hard crime with which to charge a former President, largely because a President has legal access to these documents until noon on January 20. But asking about business deals Trump might have been pursuing while in the presidency, all the way back to 2017, might provide evidence of intent that predates the actual removal of the documents.

And learning about Trump’s business deals with, especially, the Saudis, might develop evidence for 18 USC 794, the far more serious crime of providing intelligence to help a foreign government.

Let me caution, I still think it exceedingly unlikely that Smith is pursuing 794 charges against Trump for stealing documents and then selling them to the Saudis, to be paid in the form of golf tournaments and branding deals in Oman. Please don’t take from my mention of this that I’m predicting Smith is going to Go There. Rather, I suspect Smith is thinking of a package of potential charges that would give Trump an option to plead down quietly, one sufficiently ugly to make Republican politicians not want to join him in his fight. I’m merely stating that taking documents and refusing to give them back — which is the currently known lead charge in this investigation– is a dramatically different fact set than taking them and sharing them with a foreign government that pays you a lot of money, especially one that subsequently engaged in multiple actions — keeping gas prices high during the election and chumming up to China — that seem to have surprised the US intelligence community, as if some intelligence visibility had gone dark before those happened.

But let me go back to Devlin’s source’s certainty that there’s nothing to see there. It’s an odd claim to make given the number of other gaps in understanding that seem to exist in the understanding of those not directly participating in the investigation.

The story where NYT first broke the Trump business deal subpoena described at least five different subpoenas to Trump Org (though way down at the bottom of the story, it describes “numerous” subpoenas):

  1. The subpoena including the golf deal and — we now learn — all business deals Trump has chased since 2017
  2. A subpoena to Trump Organization seeking additional surveillance footage
  3. A subpoena to “the software company that handles all of the surveillance footage for the Trump Organization, including at Mar-a-Lago”
  4. First, a subpoena to Matthew Calamari, Jr.
  5. Then, a subpoena to Matthew Calamari, Sr.

Matthew Sr., at least, would have visibility on business deals with the Saudis and others. But all the reports on the two interviews with the Calamaris suggest they were focused, instead, on why Walt Nauta contacted them after DOJ first subpoenaed surveillance footage.

To resolve the issue about the gaps in the surveillance footage, the special counsel last week subpoenaed Matthew Calamari Sr, the Trump Organization’s security chief who became its chief operating officer, and his son Matthew Calamari Jr, the director of corporate security.

Both Calamaris testified to the federal grand jury in Washington on Thursday, and were questioned in part on a text message that Trump’s valet, Walt Nauta, had sent them around the time that the justice department last year asked for the surveillance footage, one of the people said.

The text message is understood to involve Nauta asking Matthew Calamari Sr to call him back about the justice department’s request, one of the people said – initially a point of confusion for the justice department, which appears to have thought the text was to Calamari Jr.

Most reporters assume the gaps DOJ is trying to close pertain to Nauta’s own actions in advance of Evan Corcoran’s search of the storage closet. I’m not sure. That’s because DOJ got sufficient visibility from what they did receive to list the storage closet, Trump’s office, and Trump’s residence in the search warrant supporting the August search of Mar-a-Lago. They got sufficient visibility to lead Nauta to revise his testimony afterwards. That’s why I emphasized in my last post on this that DOJ asked for five months of surveillance video, predating the day, by eight days, that Trump sent boxes to NARA in January 2022. The gaps in question might have shown other people, not Nauta, entering the storage closet, or have shown Nauta entering at times entirely removed from the date of the subpoena. If — strictly hypothetically — those gaps coincided with business meetings with foreigners at Mar-a-Lago, it would be a flashing siren saying, “look here for the good stuff.” It might also explain why Nauta immediately reached out to Calamari about the video, if he knew some of that video would show things that were far more damning than the mere attempt to obstruct a subpoena response.

If Nauta had involvement in earlier sketchy activities, predating the subpoena, it might explain why — as Hugo Lowell reported — Nauta fairly obviously attempted to monitor Evan Corcoran’s own search.

The notes described how Corcoran told Nauta about the subpoena before he started looking for classified documents because Corcoran needed him to unlock the storage room – which prosecutors have taken as a sign that Nauta was closely involved at essentially every step of the search.

Corcoran then described how Nauta had offered to help him go through the boxes, which he declined and told Nauta he should stay outside. But going through around 60 boxes in the storage room took longer than expected, and the search ended up lasting several days.

The notes also suggested to prosecutors that there were times when the storage room might have been left unattended while the search for classified documents was ongoing, one of the people said, such as when Corcoran needed to take a break and walked out to the pool area nearby.

One more thing that might explain prosecutors’ concerns about gaps in the surveillance footage is if they coincided with the times when Corcoran had left the room unattended.

Yet every time someone writes about Nauta, they include language that might come from the vicinity of Stanley Woodward, the lawyer that Nauta shares with Kash Patel (as well as Peter Navarro and convicted seditionist Kelly Meggs and his wife), suggesting that it was a mistake not to immunize Nauta, as DOJ did with Kash, because it has prevented them from substantiating an obstruction case. The version of this in the NYT — which reflects the kind of internal DOJ dissent that WaPo has reported regarding a push to adopt a more cooperative stance in advance of the search — is especially unpersuasive.

Last fall, prosecutors faced a critical decision after investigators felt Mr. Nauta had misled them. To gain Mr. Nauta’s cooperation, prosecutors could have used a carrot and negotiated with his lawyers, explaining that Mr. Nauta would face no legal consequences as long as he gave a thorough version of what had gone on behind closed doors at the property.

Or the prosecutors could have used a stick and wielded the specter of criminal charges to push — or even frighten — Mr. Nauta into telling them what they wanted to know.

The prosecutors went with the stick, telling Mr. Nauta’s lawyers that he was under investigation and they were considering charging him with a crime.

The move backfired, as Mr. Nauta’s lawyers more or less cut off communication with the government. The decision to take an aggressive posture toward Mr. Nauta prompted internal concerns within the Justice Department. Some investigators believed that top prosecutors, including Jay Bratt, the head of the counterespionage section of the national security division at the Justice Department, had mishandled Mr. Nauta and cut off a chance to win his voluntary cooperation.

More than six months later, prosecutors have still not charged Mr. Nauta or reached out to him to renew their conversation. Having gotten little from him as a witness, they are still seeking information from other witnesses about the movement of the boxes.

If being misled by Nauta led prosecutors to look more closely at the larger timeline of the missing surveillance video, only to find suspect ties to the Saudis, it was in no way a mistake. On the contrary, Woodward’s own decisions would have directly led to intensified scrutiny  of his client (as his decisions similarly are, in the effort to get Navarro to turn over Presidential Records Act documents).

And there’s something that is routinely missed in all of this coverage. The Guardian’s Lowell rightly suggests that because Trump didn’t directly tell Corcoran to search only the storage closet, it might present challenges to an obstruction case. But Trump’s choice to use Nauta as an obvious gatekeeper makes it far easier to charge Nauta with 18 USC 793(g), conspiring to hoard classified documents. So the observation that DOJ hasn’t chosen to charge Nauta with just false statements in the interim six months should in no way be taken as solace by Nauta, because what has happened in the interim puts him at risk of charges that carry a ten year sentence for each document in question rather than the few months he might face for lying to the FBI.

Nauta’s not the only one who might insulate Trump from obstruction charges but expose all of them to greater Espionage Act danger.

Witness the evolution of how Tim Parlatore described Boris Epshteyn’s role in the investigation. In March, Parlatore described that, until such time as Boris started being treated as a target, his access to people “inside the palace gates” was useful.

Mr. Epshteyn’s legal role with Mr. Trump, while less often focused on gritty legal details, has been to try to serve as a gatekeeper between the lawyers on the front lines and the former president, who is said to sometimes roll his eyes at the frequency of Mr. Epshteyn’s calls but picks up the phone.

“Boris has access to information and a network that is useful to us,” said one of the team’s lawyers, Timothy Parlatore, whom Mr. Epshteyn hired. “It’s good to have someone who’s a lawyer who is also inside the palace gates.”

Mr. Parlatore suggested that he was not worried that Mr. Epshteyn, like a substantial number of other Trump lawyers, had become at least tangentially embroiled in some of the same investigations on which he was helping to defend Mr. Trump.

“Absent any solid indication that Boris is a target here, I don’t think it affects us,” Mr. Parlatore said.

But in the wake of Parlatore’s departure from Trump’s legal team a week ago, he went on Paula Reid’s show (on whose show he had earlier told an utterly ridiculous story about Trump using classified folders to block a light by the side of his bed) and lambasted Boris as an impediment to communication between Trump and his lawyers.

Boris Epshteyn [] had really done everything he could to try to block us [the lawyers], to prevent us from doing what we could to defend the President, and ultimately it got to a point where — it’s difficult enough fighting against DOJ and, in this case, Special Counsel, but when you also have people within the tent that are also trying to undermine you, block you, and really make it so that I can’t do what I know that I know that I need to do as a lawyer, and when I’m getting in the fights like that, that’s detracting from what is necessary to defend the client and ultimately was not in the client’s best interest, so I made the decision to withdraw.

[snip]

He served as kind of a filter to prevent us from getting information to the client and getting information from the client. In my opinion, he was not very honest with us or with the client on certain things. There were certain things — like the searches that he had attempted to interfere with, and then more recently, as we’re coming down to the end of this investigation where Jack Smith and ultimately Merrick Garland is going to make a decision as to what to do – as we put together our defense strategy to help educate Merrick Garland as to how best to handle this matter, he was preventing us from engaging in that strategy. [my emphasis]

At one level, this publicity stunt appears to be an attempt to persuade Trump that he should fire Boris. WaPo’s coverage of this clash describes that Parlatore’s public appearance followed what seems to have been a “he goes or we go” meeting with Trump a week ago (though Jim Trusty, at least thus far, has not chosen to follow Parlatore).

Before this weekend’s public feud, members of Trump’s legal team tried to settle the conflict quietly. Parlatore and another lawyer for Trump, James Trusty, recently traveled to Florida to advise Trump that he needed to remove Epshteyn from the document case and the 2020 election case, according to a person familiar with the matter who spoke on the condition of anonymity to reveal private deliberations. Smith, the special counsel, is tasked with investigating both cases.

[snip]

Trump did not appear to take Parlatore and Trusty’s advice, as Epshteyn remained in his role as a key legal adviser and coordinator to Trump.

Parlatore has said he’d be willing to return if Boris were gone.

At another level, Parlatore seems to be getting out while the getting is good, shortly before any charges are filed, so he’s not stuck defending an uncooperative client who won’t pay his bills. (Update: WSJ reports that the investigation is all but done and some associates are prepping for Trump to be charged.) The publicity stunt gives him the first say on who is responsible for what comes next, too. If Trump gets charged, Tim Parlatore didn’t fuck up, Boris did.

The publicity stunt, with its claim that Boris lied to both him and Trump, may also be an attempt to insulate Trump. As such it may be little different than the ridiculous folder-on-the-bedside-light story.

But Parlatore’s response to Reid’s follow-up on Parlatore’s claim that Boris interfered with searches may be more than that.

Reid: What searches are those?

Parlatore: This is the searches at Bedminster, um, initially. There was a lot of pushback from him where he didn’t want us doing the search and we had to, eventually, overcome him.

Reid: Why didn’t he want you to do the search?

Parlatore: I don’t know.

Trump’s lawyer do not know — never have! — why Boris was so reluctant to allow a search of the property to which Trump flew to host a Saudi golf tournament directly after failing to comply with a subpoena.

Immediately after that exchange, Reid invited Parlatore to clarify that when he testified to the grand jury in December, he did so in lieu of any custodian of records for the searches done on Mar-a-Lago. Parlatore clarified he did not testify in response to a subpoena and on several occasions, when he offered to come back and clarify, prosecutors declined his generous offer.

Reid then gave him an opportunity to explain why the claims Parlatore made to Congress (which conflicted with known facts and which Epshteyn declined to sign) didn’t fundamentally conflict with the insta-declassification story Boris has told. Parlatore left me convinced that everyone is lying, meaning by choosing to retain Boris over Parlatore, Trump is just picking which lie he finds more convenient.

Nevertheless, Parlatore got his story out. He got to describe how the story he planned to tell Merrick Garland doesn’t conflict with the currently operative declassification story and more importantly, that if his December testimony to the grand jury was incomplete in any way, it’s all Boris’ fault.

Parlatore said, midway between his testimony and now, that if Boris started looking like a target, he might be in trouble. But in the wake of a two day interview between Boris and Smith’s attorneys and in the wake of subpoenas that raise increased questions about why Boris may have tried to prevent any search of the property at which Trump hosted the Saudis immediately after Trump blew off a subpoena, Parlatore took to the TV and offered his defense. If Jack Smith finds the Bedminster obstruction interesting enough, Parlatore may well have earned himself a subpoena.

The belated, convenient description of Boris as a filter rather than worthwhile access “inside the palace gates” is particularly interesting given WaPo’s description about what kind of advice Boris gave, in lieu of legal advice.

Epshteyn, a lawyer, had helped guide communications for Trump’s campaign and the White House.

According to the source, Parlatore and Trusty argued that the lawyers needed to focus on protecting Trump legally, not politically.

A source close to the Trump campaign who spoke on the condition of anonymity to disclose the team’s private thinking defended Epshteyn and said he is focused on protecting Trump from a variety of angles, whether it’s legal, political or related to the media.

Parlatore imagines he was trying to defend Trump legally. Boris thinks he’s defending Trump from a “variety of angles,” one of which is politics. That’s consistent with how Boris billed his time, which until after the August search he billed as political consulting. But it also suggests Boris was not just a gap in Parlatore’s knowledge, but also a gap in any privilege claims Trump can make over the others.

If Trump’s own ex-lawyer says that Boris was lying to both sides about what went on there’s a big gap in anyone’s knowledge — at least outside the team that has been investigating for a year.

Plus there’s all the stuff — even beyond the evidence collected in this investigation that DOJ would have obtained about these particular documents — that DOJ already knows.

During the Mueller investigation, for example, DOJ spent some time investigating how Trump shared highly classified Israeli intelligence with Russia just days after he fired Jim Comey. That includes the way in which White House staffers altered the MemCon of that meeting (much as, years later, the White House would alter the MemCon of Trump’s perfect phone call with Volodymyr Zelenskyy). That particular leak of classified information did not violate US law, because as President, Trump could declassify it. But it is precedent for Trump sharing the secrets of America and its allies with foreign countries that have helped him.

More directly on point, DOJ has abundant evidence regarding Trump’s approval of Tom Barrack’s efforts to tailor US policy to serve the Emirates and, secondarily, the Saudis, including to treat Mohammed bin Salman with full diplomatic status. On Barrack’s request, during the course of discovery, DOJ obtained a great deal of information from other agencies about Trump’s policy towards the Gulf Kingdoms. DOJ’s prosecution of Barrack ended in failure. But what it showed is that from the very start, the guy who got Paul Manafort hired did so knowing he could use it to promise to shape US policy to the Emirates’ interests. Like sharing classified information with Russia in 2017, Trump’s choice to shape US policy to serve the Emiratis and Saudis is not illegal. It’s only after he left the presidency where a quid pro quo could be important.

Unless, of course, such business discussions started earlier.

Again, I want to emphasize that I’m not saying Jack Smith is about to indict Trump for selling US secrets to the Saudis. But investigative developments reported out in the last several weeks have suggested that this investigation may not be the obstruction investigation everyone is treating it as.

Instead, Jack Smith may get to obstruction via a conspiracy to hoard classified documents.

Update: Corrected date on NARA document return.

Share this entry

A Modest Proposal to Fix FBI’s FISA 702 Woes

/20 Comments/in , /by

There’s an easy way to fix the FBI’s FISA 702 woes: Simply provide a way for FBI to obtain probable cause warrants — from the FISA court, if need be — for any 702 data it wants to be able to query. Armed with those probable cause warrants, virtually all the queries that have been deemed violations in recent years will be compliant with the Fourth Amendment.

The FBI can go back to doing queries on all this information without having to worry about oversight on the back end.

Problem solved, Scoob.

Section 702 of FISA is up for reauthorization this year. Partly because Republicans are upset that Donald Trump is the serial subject of criminal investigations, and partly because a series of changes to FBI’s querying of 702 data has made FBI’s querying process (of all data) visible for the first time, resulting in persistent violations of the new querying standard, whether and how it will be reauthorized is going to be very contentious. The two sides are talking past each other and proposing yet more tweaks that won’t address two underlying causes to the problem. But my solution is an easy fix and will make all the current problems go away!

Don’t get me wrong: I think all sides would hate this solution. It would result in more surveillance and more criminal investigations of US persons. But it would solve the problem everyone thinks they have.

For the FBI, it would mean this material will become discoverable to potential future defendants. For civil libertarians, it would mean the FBI would revert to the status quo of about 2015, doing millions of usually fruitless queries on every assessment they did. But it would solve the legal problem before Congress. Which is a pretty good hint that the legal problem before Congress is not going to address the underlying reasons for the problem — and some potential solutions will make the underlying issues worse without serving US security.

I make my Modest Proposal for three reasons:

  • Virtually everyone engaged in the current debate is engaged in bad faith, because everyone has an incentive to ignore the fact that the violative queries are the way the program was designed from the start and the way the FBI runs everything else.
  • This Modest Proposal will demonstrate the degree to which current debates are ignoring two underlying problems, the way The Wall between intelligence and criminal evidence was eliminated in the wake of 9/11 and the degree to which the FBI runs on massive troves of data.
  • My Modest Proposal represents FBI’s likely response to current proposals for individualized warrants on query targets, rather than collection targets (indeed, some of this has already happened), so it’s a way for people to contemplate the obvious outcomes of the current impasse, including more spying on Americans with less oversight.

The system underlying Section 702 arose because the FBI missed the 9/11 terrorists and in the panic that ensued, the Bush Administration decided it needed to identify everyone in the US with ties to known or suspected terrorists overseas. The program operated illegally as part of Stellar Wind for several years. In 2004, Jack Goldsmith imposed some limitations (some of which remain secret and misunderstood). In 2005, James Risen and Eric Lichtblau started revealing what Stellar Wind had been. Between 2004 and 2008, the content collection part of Stellar Wind was legalized, first as the Protect America Act and then as Section 702. In both the public debates over that legislation and in a Yahoo challenge to its first PAA order, the Administration and a few members of Congress obscured — even lied — about the underlying intent to use the program to identify associates of targets in the United States. Then Snowden made what was already public public (along with the names of the then-recipients of standing orders). And in the years since, each FISA 702 certification has made more of this reality visible to the FISA Judges, who almost every year get all outraged and then nevertheless reapprove the program (in part, because both 702 and FISA applications don’t require the things that would really give FISC judges the means to implement real fixes).

I have laid out in recent years how this process has not worked and why we’d have the shitty opinion (again, this opinion is a year old) that we got, in part because it was obvious that Bill Barr was not making substantive changes:

The underlying problem is this: The point from the start was to allow the FBI to see who inside the United States had ties to first, suspected terrorists and then, people of intelligence interest (which includes but is not limited to suspected spooks, hackers, and weapons proliferators) overseas. It’s a great idea! But it also resulted in the FBI routinely searching on content obtained without a warrant with the intent of identifying the communications of Americans, a clear violation of the intent of the Fourth Amendment, but also what Congress and Presidents have demanded the FBI do to prevent another 9/11 or similar surprise.

On Friday, the DOJ released an opinion approving the delayed authorization of certificates first filed in October 2021 (months after my prediction that this process would continue to fail) that showed the FBI continued to commit egregious violations of the then-existing querying guidelines. (One problem with the 702 process is both the violations and the opinions have a significant lag time, and the lag time here has predictably led Republicans to blame Merrick Garland for violations that happened because Bill Barr — who is the grandfather of this entire system — didn’t make radical enough fixes in 2019.) Of specific note, it showed that the FBI had done queries in conjunction with the summer 2020 unrest, the January 6 attack, and a losing political campaign known to be targeted by a foreign intelligence service. That’s bad! In several cases, though, there was some foreign component to the investigation (indeed, three of the January 6 targets did find material, which is only supposed to happen if there’s some spooky tie, but it’s a violation because the FBI personnel in question didn’t know of those spooky ties in advance).

Numerous of the violative queries are actually pretty good uses of 702. In predicated criminal investigations against narcotics traffickers, for example, it’d be useful to learn of any unsuspected ties to an international trafficking network. In predicated domestic terrorism investigations, it’d be useful to know whether suspects are getting help or have associates hiding out overseas (as multiple people in the January 6 investigation are known to have); indeed the notion that we shouldn’t know this with white terrorists when we spent decades assuming we had to know it with brown terrorists is racist. In vetting people for clearance or use as informants, it’d be useful to know if they’ve got past ties to foreign spooks. But the way the current standard works, you’ll only be able to look if you already suspect such ties. As a result, the standard for associative querying is now far higher for international criminals than it is for domestic ones. In a globalized world, that seems like a stupid state to be in. But it’s also the result of ingesting a lot of content into FBI servers without a warrant.

Which brings me to one of the underlying problems this debate is not addressing: The FBI runs on databases. Back during the hellacious USA Freedom Act debates, I argued that all sides should work on a collect-and-query standard to the Fourth Amendment, one that reflected both the real privacy impact of what was dismissed as “just metadata” collected and stored in large volume, and to account for the vast amount of content collected and stored for years via search warrants. What we’re seeing described as violative queries are really just descriptions of how FBI analysts work — how they’ve been ordered to work since 9/11. Got some new identifiers in a narcotics investigation? Stick them into the database and see what you find! Investigating a new suspect in a domestic terrorism case? Stick his identifiers in the database and see what you find!

A dirty little secret is that, with three exceptions I can think of, the privacy impact on a US person by searches done on vast stores of material obtained with a warrant is not that different from searches done on vast stores of material on foreigners obtained via Section 702. It’s going to matter if the subject has incriminating or interesting ties to a past subject of surveillance, but because of the negligible cost of doing a search, millions of searches get done with no results. Most of the violative queries, in fact, result in nothing (which is one reason they went on for so long without attracting more attention).

One exception is that US law has entirely different standards for terrorism involving foreign organizations, including that people can be prosecuted for what in the domestic terrorism context would be protected by the First Amendment. Searches on content have repeatedly led to foreign terrorist investigations — though several appeals courts have reviewed such searches and found no big deal to them. Friday’s opinion cited all three in judging that the 702 program complies with the Fourth Amendment. Given the FBI’s success combatting domestic terrorism without such crutches, given the greater impact of domestic terrorism of late, we should reconsider the asymmetry of foreign terrorism investigations.

A second exception is that so much of our commerce is with China, but so much of China’s spying is economic, that US persons with legitimate economic ties to China undergo a great deal of scrutiny. There’s good reason to believe a number of US persons have been targeted for criminal investigation as a result, some in cases that have blown up in spectacular fashion.

A third exception is that the FBI uses (or probably, used) such searches to identify potential informants. And way back in 2002, John Yoo justified identifying derogatory information (like domestic abuse or rape) that had nothing to do with terrorism but could nevertheless be used to coerce someone to become an FBI informant. So there are definitely cases where someone will be coerced by the FBI not because of any crime they’ve committed (or at least, not because of any international crime), but because the FBI finds their network to be interesting and wants to get that person’s “cooperation” to learn more about it.

Side note: one premise of the Durham Report is that the use of informants, which the FBI considers a really low-impact investigative step, is actually really intrusive. I still believe nothing good will come out of the Durham Report, but a public debate about how intrusive the public and Congress believes the use of informants to be, which is dramatically different than what the FBI thinks, could lead to an adjustment of how it is treated in FBI’s Domestic Investigations Guide, would be one such good outcome.

Because only the target of a warrant has a Fourth Amendment interest, tons of communications of innocent people get swept up with every warrant, just as tons of communications of innocent people get swept up with every 702 directive. But as FISC imposes new requirements on FBI queries, the latter has started to be treated with far greater protection than the former. That makes sense from a legal perspective (because the former was collected with a probable cause warrant but the latter was not), but not from a privacy perspective. The privacy community has spent years getting worked up about the 702 queries while largely ignoring the privacy impact of all the other data on which these very same queries are run.

Another dirty little secret is that FISA allows the privacy community visibility on FBI behavior that the privacy community has to do a lot more work to get in the criminal context. So every three years the privacy community has an opportunity to make a big stink and raise money from donors, all while very similar criminal data is being queried zillions of times a year with little notice.

Which leads me to the second underlying problem here, The Wall. Whether true or not, one reason spooks used to excuse their failure to prevent 9/11 is that they weren’t permitted to use data collected using intelligence authorities in criminal investigations (which, in turn, made it harder to use intelligence information to coerce informants). So FISC was forced to permit the use of information collected using individualized FISA orders in criminal prosecutions (which only happens around ten times a year). But that approval was grand-fathered onto 702 collection. Because the FBI has a dual intelligence/law enforcement role, it was permitted to ask for a small percentage of the content collected under 702. But for years, that content got sucked into FBI databases and treated just like all the other content they had ingested, with the result that 702 content was queried zillions of times in usually fruitless searches a year. It is absolutely the FBI’s job to hunt down foreign hackers, terrorists, or spies using 702 data. But when those foreign hackers, terrorists, or spies network with Americans, because of the way The Wall came down after 9/11, that 702 data can be used to predicate investigations against Americans.

The legal contortions around justifying the way the barrier formerly known as The Wall have gotten really remarkable, always premised on the notion that what’s outside the US has national security implications but what’s inside does not. Again, in a globalized world — especially one in which domestic terrorism is a bigger threat than international terrorism — that’s a ridiculous stance. The stance arises from the definition of Presidential (and Executive) power, not from threats to the country.

The privacy community has decided they’re going to fight for an individualized warrant for every query, including “queries” that are part of combatting cyberattacks (including cyberattacks against corporate entities), which is what the IC credibly claims they’re increasingly using 702 for. They’re asking for this standard even though the FBI doesn’t have to get individualized warrants for queries of material obtained with a warrant.

My Modest Proposal would instead require the FBI to get a probable cause criminal warrant on the collection targets themselves for everything they otherwise would get under 702, targeted at the intelligence target, rather than the query target before they can query it. But once they’ve done so, they could put it in the same bucket on which the FBI does their zillion searches every year. Because, after all, at that point it would become the same kind of data. The FBI could keep other 702 data on entirely separate servers for use only with regards to the FBI’s foreign targets. There already is one such server at the FBI, because the FBI hasn’t been able to do drop down menus to record the purpose of queries to comply with the evolving query requirements.

I suspect that my Modest Proposal might be what results if this debate blows up — though it might happen with little notice. I say that because that’s precisely what has sometimes happened in the past when authorities surrounding surveillance techniques used in counterterrorism were made more onerous. Back in 2014, FISC required a higher standard to obtain prospective cell site location data than a number of states would, so in some cases, the FBI would choose to use criminal process rather than FISA process. Similarly, the reason the FBI never needed to rely on the Section 215 phone dragnet to find suspected terrorists in the US is that phone records are really easy to get in the US, and the FBI could accumulate enough of those phone records to get the coverage they needed. The number of individualized FISA orders has similarly dramatically shrank after the Carter Page fiasco — but that surveillance didn’t go away, it just went somewhere else, and much of that spying can be via other authorities.

Much of the content that the FBI obtains under 702 is cloud data from US providers, and the FBI has been able to do entire foreign focused national security investigations using criminal process, such as when the FBI indicted GRU hackers using much the same criminal process used to successfully prosecute Vladimir Klyushin. At least with regards to cloud providers, what you can’t get from a probable cause warrant, but that you get from 702, is prospective coverage, with new communications coming in on a timely basis in real time. But DOJ gets a shit-ton of stuff when they obtain warrants for cloud providers.

Such a Modest Proposal might require a kind of programmatic warrant — say, targeting all of GRU’s known identifiers. This kind of programmatic targeting was likely used for Section 215 when Obama imposed pre-approval for those queries. There would just be lots more of them, You’d have to create a FISC Magistrate to deal with the volume.

One more thing has changed in recent years that would make this feasible — which change would accelerate if the FBI had to use probable cause warrants to get the same data they’re currently getting under 702: The FBI has focused on a variety of crimes — foreign agent laws, sanctions violations, and cryptocurrency enabled crimes — that’d be the kinds of crimes they’d use if forced to get probable cause warrants on targets. If they were forced to go this route, there’d be more open investigations into people, including US persons.

It would ensure that data searched in any of the FBI’s zillion yearly searches was obtained using a warrant. But it wouldn’t at all limit the number of Americans exposed to such searches. And it would wildly limit the oversight on such searches.

Share this entry

Doo-Doo Process: John Durham Claims to Know Better than Anthony Trenga and Two Juries

/40 Comments/in , , /by

There’s something grotesque and unethical about John Durham’s conduct that has gotten little attention.

After getting his ass handed to him by two juries and one judge, in his report, Durham nevertheless repeated the allegations against Michael Sussmann and Igor Danchenko on which they have been acquitted. While in one discussion of his prosecutorial decisions, Durham described these as “allegations,” in his executive summary and elsewhere, he stated, as fact, that both men had made false or fabricated statements. Worse still, in his efforts to sustain his false statements allegations, Durham himself makes claims that were rebutted or undermined by the trial records.

John Durham lies about press contacts to cover up his failure to investigate exculpatory information

As a reminder, the researchers who found the Alfa Bank anomaly found it organically, and out of a suspicion — later validated by at least three Mueller prosecutions (Paul Manafort, Michael Cohen, and Alex Van der Zwaan) — that Trump and his associates were lying about their ties to Russia, Rodney Joffe shared the Alfa Bank anomaly with Michael Sussmann.

Sussmann definitely packaged up the allegations and asked Fusion GPS what they knew about Alfa Bank. He definitely billed that packaging-up process to Hillary. The campaign definitely approved sharing that information with the NYT.

But then, without the consent of the campaign, Sussmann blew their big story, by sharing the allegations with the FBI.

Sussmann claimed that he did so because, as a former cybersecurity prosecutor, he knew that if DOJ were going to have a chance to investigate these allegations, they would need to do so, covertly, before the allegations went public. He claimed to have done so because he had been in the position where a big allegation broke before law enforcement had an opportunity to investigate. As proof to support this claim, Sussmann noted — and over the course of months, forced Durham to collect the heretofore ignored evidence proving — that he helped the FBI kill the NYT story the campaign had approved, in the process making it clear that he had to ask someone (Joffe’s) consent to do so.

Because the FBI used overt means to investigate these allegations — a violation of DOJ pre-election guidelines that Durham doesn’t mention in his screed about the FBI — a seeming response to NYT’s efforts which was actually a response to the FBI bigfooting helped to fuel the story. The record shows, and Durham’s most aggressive prosecutor conceded at closing arguments, that the FBI fucked up this investigation in other ways, yet more FBI shortcomings that Durham doesn’t mention in his screed.

After the election, at a time when Sussmann no longer worked for Hillary, Joffe asked him to try to get the CIA to look at these anomalies. Before that meeting, Sussmann told one of his CIA interlocutors that he did have a client (something Sussmann also told to Congress), but described that his client wanted anonymity because of concerns about Russian retaliation. In the meeting where he passed off his thumb drives, he said he was not representing a client.

Those are the competing signals on which Durham obtained a criminal indictment and did so before having consulted significant swaths of directly relevant evidence: a question about how Sussmann intended those words, “represent” and “on behalf of,” a problem with the indictment that Sussmann identified immediately.

Here’s how Durham presented the Sussmann charges in the Executive Summary (all bold in this post my own).

The Office also investigated the actions of Perkins Coie attorney Michael Sussmann and others in connection with Sussmann’s provision of data and “white papers” to FBI General Counsel James Baker purporting to show that there existed a covert communications channel between the Trump Organization and a Russia-based bank called Alfa Bank. As set forth in Section IV.E.1.c.iii, in doing so he represented to Baker by text message and in person that he was acting on his own and was not representing any client or company in providing the information to the FBI. Our investigation showed that, in point of fact, these representations to Baker were false in that Sussmann was representing the Clinton campaign (as evidenced by, among other things, his law firm’s billing records and internal communications). 42 In addition, Sussmann was representing a second client, a technology executive named Rodney Joffe (as evidenced by various written communications, Sussmann’s subsequent congressional testimony, and other records).

Cyber experts from the FBI examined the materials given to Baker and concluded that they did not establish what Sussmann claimed they showed. At a later time, Sussmann made a separate presentation regarding the Alfa Bank allegations to another U.S. government agency and it too concluded that the materials did not show what Sussmann claimed. In connection with that second presentation, Sussmann made a similar false statement to that agency, claiming that he was not providing the information on behalf of any client.

[snip]

As explained in Section IV.E. l .c.i, the evidence collected by the Office also demonstrated that, prior to providing the unfounded Alfa bank claims to the FBI, Sussmann and Fusion GPS (the Clinton campaign’s opposition research firm) had provided the same information to various news organizations and were pressing reporters to write articles about the alleged secret communications channel. Moreover, during his September 2016 meeting at the FBI, Sussmann told Baker that an unnamed news outlet was in possession of the information and would soon publish a story about it. The disclosure of the media’s involvement caused the FBI to contact the news outlet whose name was eventually provided by Sussmann in the hope of delaying any public reporting on the subject. In doing so it confirmed for the New York Times that the FBI was looking into the matter. On October 31, 2016, less than two weeks before the election, the New York Times and others published articles on the Alfa Bank matter and the Clinton campaign issued tweets and public statements on the allegations of a secret channel of communications being used by the Trump Organization and a Russian bank – allegations that had been provided to the media and the FBI by Fusion GPS and Sussmann, both of whom were working for the Clinton campaign. [my emphasis; link]

And here’s how Durham presented his prosecutorial decision.

Accordingly, Sussmann’s conduct supports the inference that his representations to both the FBI and the CIA that he was not there on behalf of a client reflect attempts to conceal the role of certain clients, namely the Clinton campaign and Joffe, in Sussmann’s work. Such evidence also further supports the inference that Sussmann’s false statements to two different agencies were not a mistake or misunderstanding but, rather, a deliberate effort to conceal the involvement of specific clients in his delivery of data and documents to the FBI and CIA. [link]

[snip]

First, and as noted above, we identified certain statements that Sussmann made to the FBI and the CIA that the investigation revealed were false. Given the seriousness of the false statement and its effect on the FBI’s investigation, a federal Grand Jury found probable cause to believe that Sussmann had lied to the FBI and charged him with making a false statement to the Bureau, in violation of 18 U.S.C. § 1001. 1675 Ultimately, after a two-week trial, a jury acquitted Sussmann of the false statement charge.

We also considered whether any criminal actions were taken by other persons or entities in furtherance of Sussmann’s false statement to the FBI. The evidence gathered in the investigation did not establish that any such actions were taken. [link]

As noted above, just in these two passages Durham repeats, five times, that Sussmann made false statements, even though he never charged Sussmann with making false statements to the CIA and even though a jury found Sussmann not guilty of making false statements to the FBI (Durham also misrepresents that the billing evidence presented at trial, which didn’t show Sussmann billing Hillary for the meeting with Baker). This is a gross assault on due process, to accuse a man anew of the charges for which he has already been acquitted.

Durham claims, in explaining why he charged this flimsy case, that the [alleged] “false statement” was serious and had what he insinuates was a major effect on the FBI investigation. Remember: When Durham made this prosecutorial decision, he still had never bothered to check two Jim Baker phones in DOJ IG possession (one of which he had learned about years earlier), texts in Baker’s iCloud account that complicated his case, and documents in DOJ IG’s possession showing that the FBI understood — whether true or not — that the Alfa Bank allegation came from the DNC. Indeed, Durham obscures that while those Baker texts did show that Sussmann had conveyed such a claim by text, those belatedly discovered texts undermined Durham’s case at trial that Sussmann had repeated the claim in person (without providing any clarity about how Sussmann meant “on behalf of”). And one possible explanation for the acquittal is that the jury found that Sussmann didn’t repeat his claim that he was representing no client at the face-to-face meeting with Baker. Certainly, the record showed that whatever memory Baker had of that meeting had been selectively reconstructed with Durham’s help to match the story he needed to sustain a certain narrative, one that didn’t line up with the documentary evidence.

And evidence presented at trial completely undermined the claim that this was a material false claim, the reason Durham made the claim about seriousness in the first place. Sussmann’s attorneys showed that only the threat of prosecution altered FBI Agent Ryan Gaynor’s memory — backed by his contemporaneous notes — that, in fact, he always understood that the allegation came from a DNC attorney. Durham’s star FBI witness admitted on cross-examination that he developed his belief that a reference to the DNC in his colleague’s Lync texts was just a typo after prosecutor Andrew DeFilippis coached him on that point. There were other Lync texts recording a belief that the tip had come from the DNC. Several people at the FBI conducted this investigation as if they understood it to be an investigation of a DNC tip, which likely contributed to the errors the FBI made in their investigation. Durham claims the opposite.

Durham seems to hang his claim about seriousness on his own two inferences — one on top of another — that Sussmann had to have been deliberately hiding something, even though evidence presented at trial, most notably that Sussmann offered up information about having a client with both the FBI and CIA, undermined those inferences. As noted, Durham found April Lorenzen’s inferences as a private citizen to be potentially criminal, but he puts the weight of DOJ behind inferences that proved less robust than Lorenzen’s own.

Particularly given the fact that Durham only belatedly, months after indicting Sussmann, discovered evidence corroborating Sussmann’s explanation for reaching out to Baker — that he helped the FBI kill the NYT story the campaign very much wanted published — the Special Counsel’s misrepresentation of the timeline of press contacts is particularly dishonest. In response to an Eric Lichtblau email asking for more details about Russian hacking, Sussmann provided the tip. Durham’s claim that Sussmann “eventually provided” Lichtblau’s name falsely suggests it took more than a few days to make this happen. After that, Sussmann didn’t push the Alfa Bank story until it got published via other channels. For its part, Fusion was pushing this story weeks later, after April Lorenzen’s separately posted data had renewed questions about it. This muddled timeline repeats the outlandish claim Durham prosecutor Brittain Shaw made in opening arguments that an article most Democrats view as profoundly damaging was precisely the October Surprise Hillary wanted. But in this final report, it’s wildly dishonest spin to cover up the fact that Durham didn’t learn a key detail — that Sussmann helped kill the NYT story — until after charging him.

All the more so because telling the truth about Sussmann’s willingness to help the FBI kill the story suggests Sussmann’s version of the story is far more credible than Durham’s.

How Durham avoids admitting he charged a “literally true” statement as false

If you read nothing more than John Durham’s Executive Summary, you would never learn that John Durham falsely led the press to believe that Danchenko attributed the pee tape allegation to someone with distant ties to Hillary rather than the two Russians who admitted they went out drinking with Danchenko during the period in question. More importantly, you would never learn that Durham created that false pee tape panic out of what Judge Anthony Trenga ruled was a literally true statement.

This section of the Executive Summary, which doesn’t mention any prosecutorial decision regarding Dolan, is completely divorced from the prosecutorial decision it pertains to.

During the relevant time period, Danchenko maintained a relationship with Charles Dolan, a Virginia-based public relations professional who had previously held multiple positions and roles in the Democratic National Committee (“DNC”) and the Democratic Party. In his role as a public relations professional, Dolan focused much of his career interacting with Eurasian clients, with a particular focus on Russia. As described in Section IV.D. l.d.ii, Dolan previously conducted business with the Russian Federation and maintained relationships with several key Russian government officials, including Dimitry Peskov, the powerful Press Secretary of the Russian Presidential Administration. A number of these Russian government officials with whom Dolan maintained a relationship – and was in contact with at the time Danchenko was collecting information for Steele – would later appear in the Dossier.

In the summer and fall of 2016, at the time Danchenko was collecting information for Steele, Dolan traveled to Moscow, as did Danchenko, in connection with a business conference. As discussed in Section IV.D. l .d.iii, the business conference was held at the Ritz Carlton Moscow, which, according to the Steele Reports, was allegedly the site of salacious sexual conduct on the part of Trump. Danchenko would later inform the FBI that he learned of these allegations through Ritz Carlton staff members. Our investigation, however, revealed that it was Dolan, not Danchenko, who actually interacted with the hotel staff identified in the Steele Reports, so between the two, Dolan appears the more likely source of the allegations.

As discussed in Section IV.D. l .d.vi, our investigation also uncovered that Dolan was the definitive source for at least one allegation in the Steele Reports. This allegation, contained in Steele Report 2016/105, concerned the circumstances surrounding the resignation of Paul Manafort from the Trump campaign. When interviewed by the Office, Dolan admitted that he fabricated the allegation about Manafort that appeared in the Steele Report. Our investigation also revealed that, in some instances, Dolan independently received other information strikingly similar to allegations that would later appear in the Steele Reports. Nevertheless, when interviewed by the FBI, Danchenko denied that Dolan was a source for any information in the Steele Reports. [link]

When Durham gets around to describing his decision to charge Igor Danchenko in the Executive Summary, he makes no mention that one of those charges pertained to Dolan. Likewise, he makes no mention that Trenga threw out that charge before sending it to a jury.

Perhaps the most damning allegation in the Steele Dossier reports was Company Report 2016/95, which Steele attributed to “Source E,” one of Danchenko’s supposed sub-sources. This report, portions of which were included in each of the four Page FISA applications, contributed to the public narrative of Trump’s conspiring and colluding with Russian officials. As discussed in Section IV.D. l.f, Danchenko’s alleged source for the information (Source E) was an individual by the name of Sergei Millian who was the president of the Russian-American Chamber of Commerce in New York City and a public Trump supporter. The evidence uncovered by the Office showed that Danchenko never spoke with Sergei Millian and simply fabricated the allegations that he attributed to Millian.

When interviewed by Crossfire Hurricane investigators in late January 2017, Danchenko said that Source E in Report 2016/95 sounded as though it was Sergei Millian. As discussed in Section IV.D.1.f.i, Danchenko stated that he never actually met Millian. Instead, he said that in late-July 2016 he received an anonymous call from a person who did not identify himself, but who spoke with a Russian accent. Danchenko further explained that he thought it might have been Millian – someone Danchenko previously had emailed twice and received no response – after watching a YouTube video of Millian speaking. Thus, as detailed in Section IV.D. l .f.i, the total support for the Source E information contained in Steele Report 2016/95 is a purported anonymous call from someone Danchenko had never met or spoken to but who he believed might be Sergei Millian – a Trump supporter – based on his listening to a YouTube video of Millian. Unfortunately, the investigation revealed that, instead of taking even basic steps, such as securing telephone call records for either Danchenko or Millian to investigate Danchenko’ s hard-to-believe story about Millian, the Crossfire Hurricane investigators appear to have chosen to ignore this and other red flags concerning Danchenko’s credibility, as well as Steele’s.41

41 As noted in Section IV.D.2.f, a federal grand jury in the Eastern District of Virginia returned a five-count indictment against Danchenko charging him with making false statements. A trial jury, however, found that the evidence was not sufficient to prove his guilt beyond a reasonable doubt. See United States v. Igor Danchenko, 21-CR-245 (E.D. Va.). [link]

That’s what you’d learn from the Executive Summary.

It’s only in the body of his report where Durham reveals the Dolan-related charge and Judge Trenga’s finding that the statement he charged as a false statement was literally true. I’d like to congratulate Durham for here describing the false statements claims as “allegations” made by a grand jury, as distinct from the re-accusation of false statements made against Sussmann or his claim that Danchenko “fabricated the allegations” attributed to Millian. But even there he misrepresents the charges.

In November 2021, a grand jury sitting in the Eastern District of Virginia returned an indictment (“Indictment”) charging Igor Danchenko with five counts of making false statements to the FBI. The false statements, which were made during Danchenko’s time as an FBI CHS, related to his role as Steele’s primary sub-source for the Reports.

First, the Indictment alleged that Danchenko stated falsely that he had never communicated with Charles Dolan about any allegations contained in the Steele Reports. As discussed above, the documentary evidence clearly showed that Dolan was the source for at least one allegation in the Steele Reports. Specifically, that information concerned Manafort’s resignation as Trump’s campaign manager, an allegation Dolan told Danchenko that he sourced from a “GOP friend” but that he told our investigators was something he made up. 1384 The allegations regarding Dolan formed the basis of Count One of the Indictment.

Second, the Indictment alleged that Danchenko falsely stated that, in or about late July 2016, he received an anonymous phone call from an individual whom Danchenko believed to be Sergei Millian. Danchenko also falsely stated that, during this phone call, (i) the person he believed to be Millian informed him, in part, about information that the Steele Reports later described as demonstrating a well-developed “conspiracy of cooperation” between the Trump campaign and Russian officials, and (ii) Danchenko and Millian agreed to meet in New York. The available evidence was sufficient to prove beyond a reasonable doubt that Danchenko fabricated these facts regarding Millian. The allegations regarding Millian formed the bases for Counts Two through Five of the Indictment.

Following a one-week trial, and before the case went to the jury, the Court dismissed Count One of the Indictment pursuant to Federal Rule of Criminal Procedure 29. The Court held that Danchenko’s statement to the FBI regarding Dolan, i.e., that he [Danchenko] never “talked to [Dolan] about anything that showed up in the dossier” was “literally true” because, in fact, the information about Manafort was exchanged over email rather than in an actual verbal conversation. The Court denied Danchenko’s Rule 29 motion to dismiss related to the remaining counts of the Indictment. Following two days of deliberations, the jury concluded that the case had not been proven beyond a reasonable doubt.

In determining whether to bring criminal charges against Danchenko, the Office expected to be able to introduce additional evidence against Danchenko that supported the charged crimes. Thus, prior to trial, the Office moved in limine to introduce certain evidence as direct evidence of the charged crimes. Alternatively, the Office moved to admit the evidence as “other act” evidence pursuant to Federal Rule of Evidence 404(b) to prove Danchenko’ s motive, intent, plan and absence of mistake or accident. In particular, the Office sought permission to introduce evidence of:

(1) Danchenko’ s uncharged false statements to the FBI regarding his purported receipt of information reflecting Trump’s alleged salacious sexual activity at the Ritz Carlton Hotel in Moscow. In particular, the Office planned to call as a witness the German-national general manager of the Ritz Carlton, identified in the Steele Report 2016/080 as “Source E.” The Office expected the general manager would testify that he (i) had no recollection of speaking with Danchenko in June 2016 or at any time, (ii) had no knowledge of the allegations set forth in the Steele Report before their appearance in the media, and (iii) never discussed such allegations with Danchenko or any staff member at the hotel;

(2) Danchenko’s uncharged false statements to the FBI reflecting the fact that he never informed friends, associates, and/or sources that he worked for Orbis or Steele and that “you [the FBI] are the first people he’s told.” In fact, the evidence revealed that Danchenko on multiple occasions communicated and emailed with, among others, Dolan regarding his work for Steele and Orbis, thus potentially opening the door to the receipt and dissemination of Russian disinformation; and

(3) Danchenko’s email to a former employer in which Danchenko advised the employer, when necessary, to fabricate sources of information. Specifically, on February 24, 2016, just months before Danchenko began collecting information for the Steele Reports, the employer asked Danchenko to review a report that the employer’s company had prepared. Danchenko emailed the employer with certain recommendations to improve the report. One of those recommendations was the following:

Emphasize sources. Make them bold of CAPITALISED [sic]. The more sources the better. If you lack them, use oneself as a source ([Location redacted]-Washington-based businessman” or whatever) to save the situation and make it look a bit better. 1385

Danchenko’s advice that he attach multiple sources to information and obscure one’s own role as a source for information was consistent with Danchenko’s alleged false statements in which he denied or fabricated the roles of sources in the Steele Reports.

The Court ruled, however, that the evidence described above was inadmissible at trial. The prosecution was forced to then proceed without the benefit of what it believed in good faith was powerful, admissible evidence under Rule 404(6) of the Federal Rules of Evidence.

In reality, the question Danchenko answered about Dolan was an attempt to learn whether Dolan could have been a direct source to Steele, not to Danchenko. And Danchenko didn’t entirely deny talking to Dolan about such issues. He said they talked about “related issues perhaps but no, no, no, nothing specific.” One of the FBI Agents who tried to open an investigation into Dolan relied on the statements Danchenko did make, so it’s not like anything Danchenko said impeded that investigation.

Meanwhile, Durham’s description of the acquitted false statements against Millian conflates, as he repeatedly did during the prosecution, what Danchenko told the FBI he told Christopher Steele, and what showed up in the dossier, which Danchenko had no hand in writing. Danchenko said that some of the allegations in the dossier didn’t come from him — including the claim of conspiracy (and lots of FBI Agents have been disciplined because they didn’t pass on this detail to the FISA Court). What Danchenko told the FBI was that the caller had said there was an exchange of information with the Kremlin (which, in fact, Mueller’s investigation proved, there already had been!), but that there was, “nothing bad about it,” all of which (as Danchenko’s team made clear at trial) is utterly consistent with other things Millian was saying at the time. The alleged lie Danchenko told is that he believed at the time (in July 2016) that the caller was Millian. Also, Durham claims that Danchenko said he made plans to meet in New York; he doesn’t note that Danchenko said those were tentative plans. In other words, Durham here misrepresents what Danchenko actually said! Durham is the fabricator here, not Danchenko.

Having grossly overstated what the charge against Danchenko was, Durham claims that, “The available evidence was sufficient to prove beyond a reasonable doubt that Danchenko fabricated these facts regarding Millian.”

That’s why we have juries, buddy! No, there was not. Nuh uh.

For some reason, Durham feels the need to explain why he got his ass handed to him even though, he’s sure, he had enough evidence in hand to charge Danchenko.  He blames Judge Trenga’s exclusion of three pieces of evidence about uncharged conduct (here’s my post on that ruling and here’s Trenga’s order). Among the three pieces of evidence he claims he relied on when making a prosecutorial decision in November 2021 is an interview with the former General Manager of the Ritz that only happened in August 2022 (the indictment relies on Dolan and one of Dolan’s colleagues for that claim, not the Manager himself). At least as described, Durham would have needed a time machine for the GM’s testimony to have factored in his prosecutorial decision.

Plus, the claim that those three pieces of evidence — none of which directly pertain to Millian! — were what Durham relied on to make a prosecutorial decision in November 2021 conflicts with what his team said in a filing last September. Back then, they said certain emails from Millian were the most probative proof against Danchenko.

The July 2020 emails between Millian and Zlodorev also bear circumstantial guarantees of trustworthiness. Again, in July 2020, Millian had no motive to lie to Zlodorev.

Third, whether the statements relate to a material fact. The Government submits that this factor is not in dispute.

Fourth, whether the statements are the most probative evidence on the point. Millian’s emails written contemporaneous to the events at issue are undoubtedly the most probative evidence to support the fact that Millian had never met or spoken with the defendant.

Trenga decided those emails were inadmissible hearsay.

Durham probably points to three other pieces of evidence — one obtained nine months after the indictment and all unrelated to Millian — because to admit that his case relied on inadmissible hearsay would require Durham to admit something still more embarrassing. Those hearsay emails from Millian were only the most probative evidence because Durham insanely charged Danchenko relying on what Millian had said on his Twitter account.

Only three months after indicting Danchenko on November 3, 2021 did Durham get around to interviewing Millian.

1085 OSC Report of Interview of Sergei Millian on Feb. 5, 2022 at 1.

His team did that interview remotely; Durham didn’t even have direct proof that Millian was in Dubai when he did that interview.

The Government has conducted a virtual interview of Millian. Based on representations from counsel, the Government believes that Millian was located in Dubai at the time of the interview.

[snip]

The Government has also been in contact with Millian’s counsel about the possibility of his testimony at trial. Nonetheless, despite its best efforts, the Government’s attempts to secure Millian’s voluntary testimony have been unsuccessful. Moreover, counsel for Millian would not accept service of a trial subpoena and advised that he does not know Millian’s address in order to effect service abroad.

[snip]

In the case of a U.S. national residing in a foreign country, 28 U.S.C. § 1783 allows for the service of a subpoena on a U.S. national residing abroad. Here, the Government has made substantial and repeated efforts to secure Millian’s voluntary testimony. When those efforts failed, the Government attempted to serve a subpoena on Millian’s counsel who advised that he was not authorized to accept service on behalf of Mr. Millian. The Government, not being aware of Millian’s exact location or address, asked counsel to provide Millian’s address so that service of a subpoena could be effectuated pursuant to 28 U.S.C. § 1783. Counsel stated that he does not know Millian’s address. In any event, even if the Government had been able to locate Millian, it appears unlikely that Millian would comply with the subpoena and travel to the United States to testify.

And a week after that interview, Durham accused Millian (though he didn’t name him) of “misrepresent[ing] facts” when he claimed “they” were spying on the White House on the very same Twitter account on which Durham relied to obtain the indictment.

One day later, Millian’s Twitter account revealed that Millian told the Trump White House who was “working against them” long before it was publicly known (Durham made no mention of these Tweets when he tried to claim that emails Millian sent in 2020 could be considered reliable).

In other words, abundant evidence suggests that Durham indicted Danchenko without doing the most basic step first, testing Millian’s reliability. By the time he got to trial, Millian — who like Danchenko, had been the subject of a counterintelligence investigation, and who unlike Danchenko had been frolicking in St. Petersburg during 2016 with Oleg Deripaska, someone who had a key role in Russia’s interference in 2016 — proved more than unreliable.

Durham makes no mention of that truly humiliating prosecutorial misstep, an embarrassment set in motion when he decided to indict a man based on claims made on Twitter, in his entire Report.

And yet not only does Durham refuse to state clearly, in his description of the prosecutorial decision, that Danchenko was acquitted of the charges against him, in his Executive Summary he falsely claims that he has proven Danchenko fabricated the claim. Worse still, Durham complains about investigative steps the Crossfire Hurricane investigators appear to have taken (which are different from the Mueller ones, who obtained abundant records about Millian’s communications), but he himself focused exclusively on disproving a telephony call between the two men, in spite of evidence (including of the contacts setting up a meeting between Millian and George Papadopoulos in precisely the same period) that any such call would have happened over the Internet.

Durham does this while making it clear that one reason he charged the Millian counts is because the allegation attributed to Millian, “contributed to the public narrative of Trump’s conspiring and colluding with Russian officials.” That’s only a crime if someone lied to the FBI about it, and Durham didn’t prove his case that Danchenko did.

It should not be left to me, almost a week after this report got released, to point out something grotesque. Durham is still claiming that these men lied, even though two juries told him he didn’t have the evidence to prove that case. That’s not just a grave abuse of Michael Sussmann and Igor Dancheko’s due process, but it exhibits profound disrespect to the service of the jurors.

After both his acquittals, Durham issued a statement claiming, “we respect the jury’s decision and thank them for their service.” And then he wrote a 300-page report telling them he knew better.

Share this entry

Peter Baker Discovers that Russia Sows Partisan Antagonism and Then Helps Them Do So!

/30 Comments/in , , , /by

I laughed yesterday when Peter Baker tweeted about how “striking” it is that Vladimir Putin is adopting Trump’s perceived enemies as his own.

But then Baker wrote up his laughably naive observation into a NYT story.

Baker, you’ll recall, is one of NYT’s crack journalists who buried Trump’s admission that he had spoken to Putin about adoptions before writing a false explanation about the June 9, 2016 Trump Tower meeting emphasizing adoptions. Baker and Maggie Haberman chose instead to emphasize Trump’s scripted attack on Jeff Sessions. The Mueller Report showed that NYT’s willingness to dumbly repeat Trump’s script proved even more useful to Trump’s efforts to undermine the Rule of Law than his covert effort to get Corey Lewandowski to ferry orders to Jeff Sessions.

And here we are, almost five years later, and Baker still naively plays into obvious Russian efforts to sow division in the US, in significant part by playing to Trump’s narcissism and the feral loyalty of Trump’s supporters, to say nothing of playing up racial division. Baker picks out three names from among 500 newly added to Russian sanctions: Tish James, Brad Raffensperger, and Michael Byrd, the Black cop who prevented Ashli Babbitt from breaching the hallway through which Members of Congress were fleeing by shooting her.

Among the 500 people singled out for travel and financial restrictions on Friday were Americans seen as adversaries by Mr. Trump, including Letitia James, the state attorney general of New York who has investigated and sued him. Brad Raffensperger, the secretary of state of Georgia who rebuffed Mr. Trump’s pressure to reverse the outcome of the 2020 election, also made the list. And Lt. Michael Byrd, the Capitol Police officer who shot the pro-Trump rioter Ashli Babbitt on Jan. 6, 2021, was another notable name.

Reviewed more broadly, however, the sanctions were an attack on US Rule of Law generally, or certainly the notion that Trump’s people should be subject to it. They include the current or former Attorneys General of California, Colorado, Connecticut, Delaware, Illinois, Maryland, Minnesota, Nevada, New Hampshire, New Mexico, New York, Oklahoma, Oregon, Rhode Island, Vermont, Virginia, Washington, Washington, DC, Wisconsin. Aside from former Oklahoma AG John O’Connor, which may be a mistake, it almost seems like they worked from an outdated membership list from the Democratic Attorneys General Association. Though for some reason, Putin missed Michigan’s Attorney General Dana Nessel, maybe because she’s a badass lesbian who makes Putin afraid.

The sanctions list does include every US Attorney who has presided over the January 6 investigation.

  • Michael Sherwin (who as Acting US Attorney in DC oversaw the beginning of the January 6 investigation)
  • Channing Phillips (who, as Acting US Attorney for DC in 2021 oversaw the early parts of the January 6 investigation)
  • Michael Graves (currently US Attorney for DC overseeing the January 6 investigation)
  • Jack Smith (Special Counsel)

But it also includes other senior legal officials, some of whom have gotten more attention for investigating Russia than Trump.

The inclusion of Kohler, who played a key role in the Trump stolen documents case but who also presided over the Charles McGonigal and other Oleg Deripaska cases that came through SDNY, is particularly notable. This is, in significant part, an attempt to suggest that if either Russia or Trump is held accountable legally, it will harm Russia. It is a transparent effort — no different than dozens of similar efforts going back to 2016, and to the extent that this plays to racism, goes back a half century — to lead Trump supporters to believe their interests are more aligned with Putin’s than those of the United States, or at least the United States when led by Joe Biden.

In addition to Brad Raffensperger, Putin also included Mark Esper, who got fired as Defense Secretary because he undercut Trump’s authority to attack the US government by invoking the insurrection act.

A broad swathe of the list includes members of NGOs, particularly those NGOs that fascists are attempting to discredit with claims that attempts to combat disinformation equate to censorship. Nina Jankewicz got sanctioned in her own right.

Of two members of the Open Society Fund, Leonard Benardo is included; his name may become prominent if John Durham’s abusive attempt to investigate Benardo, which may be detailed in the classified section of the Durham Report, begins to leak.

Along with all those defenders of truth and justice, Putin included Stephen Colbert and Heather Cox Richardson.

Again, this is a transparent effort, one that continues past efforts that extend to sheltering members of the far right and stoking US racism, to supplant the allegiance of Trump’s supporters to the United States with an affiliation, through Trump, to Russia. Trump’s narcissism might lead him to magnify these sanctions. His campaign advisors likely will try to prevent that.

But Putin won’t need to rely on Trump to magnify this statement of a shared allegiance.

He has Peter Baker for that.

Baker somehow could not distinguish language as transparent truth from language as an attempt to manipulate, and so stated as fact that “Trump’s perceived enemies” are Putin’s own. Aside from the law enforcement officials who’ve targeted both Russian hackers and Trump, they’re not. Rather, this is an attempt — an utterly transparent one!! — to make Trump’s followers believe that, and so regard Russia more favorably.

Because Baker thought his banal observation about these sanctions was worth a story in the NYT, he called up the Russian Foreign Ministry for comment. That’s how the claim that the people who attacked democracy on January 6 are simply dissidents got inserted into the NYT.

None of those three has anything to do with Russia policy and the only reason they would have come to Moscow’s attention is because Mr. Trump has publicly assailed them. The Russian Foreign Ministry offered no specific explanation for why they would be included on the list but did say that among its targets were “those in government and law enforcement agencies who are directly involved in the persecution of dissidents in the wake of the so-called storming of the Capitol.”

You got played, Peter Baker, into serving as a mouthpiece for Russian propaganda.

You got played into contributing to Russia’s efforts to undermine US democracy.

Share this entry

Rudy’s Very Bad Week

/57 Comments/in , , /by

Three things happened with Rudy Giuliani’s legal woes this week that could have larger repercussions.

As the Philly Inquirer reported, Bruce Castor, the sole noticed attorney in one of the voter fraud lawsuits against Rudy from 2020, asked to be relieved. The Inky lays out how people close to Trump asked Castor to sponsor Joseph Sibley Pro Hac Vice into Philadelphia, only to have Sibley refuse to sign something and then back out of the case, leaving Castor holding the bag. Castor complains that he hasn’t gotten paid and hasn’t gotten Rudy to cooperate at all on discovery.

But a more interesting detail may be that some unnamed lawyer recently contacted Castor to inform him he would pay for the representation, but would do nothing to secure cooperation from Rudy.

23. A lawyer, previously unknown to Petitioner, wrote to Petitioner portraying that he represented Mr. Giuliani, and Petitioner immediately inquired in a response writing when this lawyer would be assuming responsibility for defending the present case.

24. Instead, the lawyer wrote Petitioner that he would be coordinating funding for Defendants, that payment would be forthcoming, but that Defendants expected Petitioner to conduct their defense.

[snip]

26. Petitioner advised the lawyer, who contacted him to relate that funding for the Defendants was forthcoming, of the motion to compel discovery, and pleaded with him to solicit substantive cooperation from Defendants (since this lawyer evidently was in contact with Defendants), in addition to simply the payment of Petitioners’ fees. Petitioner also continued to contact Defendants directly to keep them informed of developments, such as the motion to compel, further demands for payment of the retainer, and to seek cooperation in the discovery process. Petitioner unequivocally threatened both the newly revealed lawyer who was promising funding, and Defendants that he would file the instant motion to withdraw if Defendants failed to comply with Petitioner’s demands by a certain deadline.  [emphasis original]

This is a plea by Castor not to have to represent an uncooperative defendant for free. But it also reads like a plea by Castor not to force him to risk his legal reputation in a situation where shady lawyers call up out of the blue and promise to pay respectable lawyers to stall a case.

Sibley, the guy who was supposed to represent this case in Philly and who also represented Christina Bobb before the January 6 Committee, remains Rudy’s lawyer of record in Ruby Freeman’s lawsuit in DC, which I wrote about here. Depending on your vantage point, it either seems that Sibley is having as much trouble as Castor is getting Rudy’s cooperation, or that the lawyer has successfully stonewalled discovery so as to avoid increasing Rudy’s criminal liability.

I should say, had successfully stonewalled.

Yesterday, Judge Beryl Howell issued an order requiring certain cooperation from Rudy, including that he list all his devices, social media accounts, and financial assets on which he allegedly defamed Freeman and her daughter, Shaye Moss, with deadlines attached.

MINUTE ORDER (paperless): Upon consideration of plaintiffs’ [44] Motion to Compel Discovery, For Attorneys’ Fees and Costs, and For Sanctions (“Motion”), defendant’s [51] Response to Plaintiffs’ Motion to Compel, plaintiffs’ [56] Reply in Support of Plaintiffs’ Motion, and the parties’ representations to the Court in the proceedings held on May 19, 2023 regarding plaintiffs’ Motion, GRANTING plaintiffs’ Motion in part, and RERSERVING [sic] ruling in part.

Specifically, plaintiffs’ Motion is GRANTED as follows:

1) by May 30, 2023, defendant Rudolph W. Giuliani shall file a declaration, subject to penalty of perjury, that details:

a) All efforts taken to preserve, collect, and search potentially responsive data and locations that may contain responsive materials to all of plaintiffs’ Requests for Production (RFP);

b) A complete list of all “locations and data” that defendant used to communicate about any materials responsive to any of Plaintiffs’ RFPs (including, but not limited to, specific email accounts, text messaging platforms, other messaging applications, social media, devices, hardware, and any form of communication);

c) The specific “data” located in the TrustPoint database, including–

i) a list identifying the source devices from which the data was extracted or obtained;

ii) for each such device, the type of device (i.e., iPhone, Macbook, laptop, iPad, etc.) and user, if known;

iii) a list identifying any social media accounts, messaging applications, and email accounts from which the data was extracted or obtained; and

iv) for each such account and application, the account name and user; and

d) What searches, if any, have occurred as to both categories (b) and (c), see Plaintiffs’ [44-16] Proposed Order Granting Plaintiffs’ Motion; and

2) By May 30, 2023, in order to evaluate defendant’s claim of an inability to afford the cost of access to, and search of, the TrustPoint dataset or to use a professional vendor, either to access the original electronic devices seized from defendant by the Federal Bureau of Investigation in April 2021 and returned to defendant, or, alternatively, to conduct a search of the archived TrustPoint dataset, defendant is DIRECTED to produce to plaintiffs:

a) full and complete responses to plaintiffs’ requests for financial information in RFP Nos. 40 and 41; and

b) documentation to support his estimated costs for further searches on the TrustPoint dataset.

3) By June 16, 2023, plaintiffs are DIRECTED to submit to the Court an assessment of defendant’s ability to bear the cost of further searches, along with any response to defendant’s submission required under paragraph 1, above; and

4) By June 30, 2023, defendant shall file any response to plaintiffs’ submission required under paragraph 3, above.

The Court RESERVES ruling on the remainder of plaintiffs’ relief, pending the parties’ compliance with directions set out in paragraphs 1) through 4), above. Signed by Judge Beryl A. Howell on May 19, 2023.

In two weeks, if and when Rudy continues to stonewall, then Judge Howell will start imposing penalties on him.

The 3-hour hearing that led to this order was as interesting for the insane comments Rudy made outside the courthouse as anything else. The guy who helped Trump attempt a coup complained that he is being persecuted by fascists. And he claimed that he faces no legal risk from either the Jack Smith investigation or the Fani Willis one, in the latter of which he was already specifically named as a target.

Outside the courthouse following the hearing, Giuliani said he hadn’t received any communication from Justice Department Special Counsel Jack Smith’s office and wasn’t worried about federal charges since he cooperated with investigators immediately after the Jan. 6, 2021, attack on the US Capitol.

Asked if he had any pending federal grand jury subpoenas, he replied, “not that I know of.”

Regarding a separate probe into efforts by former President Donald Trump and allies to overturn Georgia’s 2020 election results by the Fulton County district attorney’s office, Giuliani said he wasn’t worried because he was serving as an attorney at the time. Last summer, his lawyer confirmed that they’d received notice Giuliani was a target of that probe.

He said on Friday that he hadn’t heard anything from that office since he appeared before a special investigative grand jury in August 2022; District Attorney Fani Willis recently indicated that charges could come later this summer.

Sure, Pops. A judge found crime-fraud exception over a year ago, and you’re in no danger because you’re a lawyer.

Side note: I find it interesting that Robert Costello, who represented Rudy in the Ukraine investigation and before the January 6 Committee and who was involved in the “Hunter Biden” “laptop” caper, has not sued Rudy for payment. He did sue Bannon, for what must be far less unpaid work. Maybe some shady lawyer showed up and found a way to pay Costello too?

Finally, against the background of 1) the lawsuits that Rudy appears to be attempting to stonewall for free, 2) the twin criminal investigations that are expected to start issuing indictments no later than August, and 3) Trump’s attempt to win the presidency again, a former Rudy associate, Noelle Dunphy, filed a lawsuit against Rudy for sexual assault and harassment and unpaid labor going back to 2019.

This lawsuit is — and it is designed to be — eye-popping, alleging lots of drunken coerced sex, some bigotry and kink caught on tape, as well as allegations that implicate Trump just in time for campaign season.

Just as one example, Dunphy makes an allegation that exactly matches a John Kiriakou claim about Rudy selling pardons for $2 million, but unlike some of her other allegations, she doesn’t claim to have proof.

132. He also asked Ms. Dunphy if she knew anyone in need of a pardon, telling her that he was selling pardons for $2 million, which he and President Trump would split. He told Ms. Dunphy that she could refer individuals seeking pardons to him, so long as they did not go through “the normal channels” of the Office of the Pardon Attorney, because correspondence going to that office would be subject to disclosure under the Freedom of Information Act.

And the allegation is not tied, in any way, to the complaints in the lawsuit. But it is one thing that has ensured the lawsuit will attract a lot of attention.

I’m sure many of the claims made in this suit are true, but packaged up as it is, it feels too convenient, just like the “Hunter Biden” “laptop.”

What makes that analogy even more apt, in my own humble opinion, is that the period during which Dunphy most credibly claims to have had damaging contact with Rudy largely overlaps with the period in which Rudy was hunting dirt in Ukraine to help Trump win the presidency, from January 21 through November 2019. She claims to have reviewed his interview with Viktor Shokin as well as his plan to accuse Marie Yovanovitch of corruption. Throughout that period, she claims have been involved in the shady pitches he received. One of those pitches — one she recorded! — involved a $72 billion gas deal in China.

See what I mean about how it feels like the “Hunter Biden” “laptop”?

Meanwhile, she suggests she’s a first-hand witness to matters that were part of the Ukraine investigation into Rudy, and that Rudy coached her to obstruct justice. She says she and Rudy discussed whether he had an obligation to register under FARA — and as proof, she included a photo from a February 9, 2019 meeting with Lev Parnas.

A week later, she claims, after reviewing the emails he had exchanged with various Ukrainian officials, she offered to file a FARA registration for Rudy, but he declined because, he said, he had immunity.

Perhaps most incredible, she claimed that in June and July of 2019, the guy who had just spent a year helping Trump dodge obstruction of justice charges, “asked Ms. Dunphy for help Googling information about obstruction of justice, among other topics.” I don’t doubt that that search exists in her Google account, but I do question whether it got there in the way she describes.

That same period, she claims, is when he first instructed her not to talk to the FBI about him — at a time when the investigation into Parnas and Igor Fruman was not yet public.

Dunphy claims that on October 22, 2019 — after the arrest of Parnas and Fruman but at a time when (at least according to SDNY’s subsequent claims) the investigation into Rudy was not overt — the FBI called and asked for an interview.

209. On October 22, 2019, Ms. Dunphy received a voicemail from the FBI regarding an investigation they were conducting into Giuliani. The FBI was apparently aware that she was working for Giuliani and sought to interview her. The FBI was clear that Ms. Dunphy was considered a witness and was not a target of the investigation.

Nowhere in this 70-page lawsuit does Dunphy say whether she ever was interviewed about all the things she witnessed firsthand when Rudy was soliciting dirt from Ukraine. She does say that within a month, on a day when the FBI showed up in person seeking an interview, Rudy promised to put her on his payroll, seemingly tying that payment to her willingness to claim she didn’t know who he was.

210. On November 19, 2019, Ms. Dunphy went to Giuliani’s home office, and they spoke. Giuliani promised Ms. Dunphy that he would officially put Ms. Dunphy on the books and would “straighten it [i.e., her employment situation] out.” Giuliani and Ms. Dunphy discussed Giuliani’s increasing legal concerns, including his fear that Lev Parnas was “turning on him” in connection with the FBI investigation. Ms. Dunphy told him that the FBI had come to her family’s home in Florida that day seeking to question her. Giuliani informed Ms. Dunphy that his friend and private detective, Bo Dietl, had already told him the specific FBI agents who were involved. Ms. Dunphy was concerned that Giuliani was apparently so powerful that his investigators had secret information, including the names of the FBI agents who had just appeared at her family’s Florida home. Giuliani demanded that Ms. Dunphy not talk to or cooperate with the FBI. Giuliani told Ms. Dunphy that they are all “after him” and that one or two of them are “going to get totally destroyed.” This situation made Ms. Dunphy confused and fearful, and added another layer of tension to a work environment that was already outrageously hostile.13

13 From this point on, Giuliani often spoke to Ms. Dunphy about he FBI’s investigation of him, and Ms. Dunphy understood that participating in these discussions was part of her work for him. He told her that if the FBI sought to interview her, she should “not remember” anything, and should claim that she did not know Giuliani. Ms. Dunphy refused to agree to lie to the FBI, which angered Giuliani.

It’s certainly possible that Bill Barr’s very active obstruction of the investigation at that point — an effort to stave off impeachment, though Dunphy doesn’t mention impeachment — led the FBI to decide not to interview her. But that wouldn’t explain why the FBI wouldn’t interview her in 2021, when the investigation did become overt.

At one level, this lawsuit seems more like an offer to testify to the FBI at a time (have I mentioned there’s an election coming up?) when the statutes of limitation still have a year before they expire.

At another, it’s an implicit threat.

Close to the beginning of the lawsuit, Dunphy reveals that — whether because he thought it’d be a good idea or because he got really drunk and did something stupid — Rudy accessed his work email account from her computer, giving her access to a his email correspondence with a whole lot of corrupt people.

93. Therefore, Giuliani added one of his work email accounts into Ms. Dunphy’s email program on her computer, typing his password onto her computer.

94. Once Giuliani’s email account was loaded onto Ms. Dunphy’s computer, at least 23,000 emails associated with the account, including many from before her employment with Giuliani, were stored on her computer.

95. Since Giuliani gave Ms. Dunphy access to his email account, she had access to information that was, upon information and belief, privileged, confidential, and highly sensitive.

96. For example, Ms. Dunphy was given access to emails from, to, or concerning President Trump, the Trump family (including emails from Donald Trump, Jr., Ivanka Trump, and Eric Trump), Trump’s son-in-law Jared Kushner, former FBI director Louis Freeh, Trump lawyer Jay Sekulow, Secretaries of State, former aides to President Trump such as Steve Bannon, Reince Priebus, and Kellyanne Conway, former Attorneys General Michael Mukasey and Jeff Sessions, media figures such as Rupert Murdoch, Sean Hannity, and Tucker Carlson, and other notable figures including Newt Gingrich, presidential candidates for Ukraine, President Recep Tayyip Erdogan of Turkey, the Ailes family, the LeFrak family, Bernard Kerik, Igor Fruman, Lev Parnas, and attorneys Marc Mukasey, Robert Costello, Victoria Toensing, Fred Fielding, and Joe DeGenova.

97. Ms. Dunphy understood that she was given access to these emails because she was employed by Giuliani and the Giuliani Companies. Indeed, although Giuliani and his surrogates have argued that Ms. Dunphy was not an employee of Giuliani or the Giuliani Companies, it is impossible to understand Giuliani’s decision to give Ms. Dunphy complete access to (and copies of) these sensitive emails in any other context.

98. As a lawyer, Giuliani sent and received emails containing privileged information that could not legally be shared with Ms. Dunphy if she were not an employee or consultant. Likewise, Giuliani’s business often involved highly confidential information, and upon information and belief, there were confidentiality and nondisclosure agreements governing access to some of this information. Upon information and belief, those agreements barred Giuliani from sharing covered confidential information with someone who was not an employee or consultant.

99. Giuliani never asked Ms. Dunphy to sign a non-disclosure or confidentiality agreement.

Dunphy suggests she continued to have access to Rudy’s emails and his social media accounts — the very same social media accounts he is trying to hide from Ruby Freeman — through January 31, 2021.

And, as she notes, Rudy never asked Dunphy to sign a non-disclosure agreement about all this.

The FBI may be seeking this information. Several plaintiffs, including Freeman, definitely are (Dunphy also helpfully includes a summary of the property he owns, including five homes). And nothing prevents her from sharing it with them unless Rudy retroactively claims she was an employee, covered by non-disclosure obligations, through this entire period, with the $2 million payment she claims he promised her to go along with that nondisclosure agreement.

Not just Rudy — but also the entire Trump family (have I mentioned there’s an election coming up?), Rupert Murdoch and some of his star current and former employees, as well as a bunch of lawyers who’ve been involved in some shady shit — all of them have an incentive to retroactively make her status as an employee official, so that she won’t release these communications.

Many of these very same emails would have been unavailable to the FBI under a privilege claim, but unless Dunphy is an employee, then she can hand them over because Rudy waived privilege over them. I can’t decide whether I’m more interested in seeing the emails that might show Jay Sekulow alerted Trump to the false claims that were made on his behalf during the Russian investigation, or the ones that show Hannity was about to board a plane to meet with a mobbed up Russian asset in support of Trump’s 2020 election bid. But if I know of specific emails I’d like to see, then the people named in paragraph 96 surely do as well.

And that, I think, is the point — perhaps a bid to invite some unnamed lawyer to call her, too, to say he can fund certain things.

But such an unnamed lawyer will need to get there before Ruby Freeman does.

Share this entry

John Durham, High Priest of the Cult of the Coffee Boy

/37 Comments/in , , /by

One of the most telling passages in the entire Durham Report is this one:

245 See supra§ IV.A.3.a (discussing the views of Papadopoulos held by the Australian diplomats and noting his strengths and weaknesses). Understandably, as noted below, when Crossfire Hurricane was opened, serious efforts were made to keep the investigation quiet so as not to interfere with the upcoming election. Ultimately, however, the Mueller investigation reported that:

When interviewed, Papadopoulos and the Campaign officials who interacted with him told the [Mueller] Office that they could not recall Papadopoulos’ sharing the information that Russia had obtained “dirt” on candidate Clinton in the form of emails or that Russia could assist the Campaign through the anonymous release of information about Clinton ….No documentary evidence, and nothing in the email accounts or other communications facilities reviewed by the [Mueller] Office, shows that Papadopoulos shared this information with the Campaign.

I Mueller Report at 93-94 [Ellipsis emphasis mine]

It appears in a section reviewing the Crossfire Hurricane investigation. There are no prosecutorial decisions tied to this section, meaning the section is — at least arguably — one of the 100 pages of extraneous material in this report outside the scope of “closing documentation” required by regulation.

In a section discussing whether the investigation should ever have been opened, preceding the discussion falsely claiming to have found a conflict between Alexander Downer’s version of George Papadopoulos’ statement about the Russian offer of help and Erika Thompson’s (which I laid out in this post), Durham footnotes a passage in which he discusses how little the FBI evaluated the Papadopoulos tip before opening an investigation by quoting what he claims is the Mueller Report conclusion on this matter.

Here’s what that passage from the Mueller Report actually looks like.

Durham omits with an ellipsis the part of the report that describes Papadopoulos, “wavered about whether he accurately remembered an incident in which Clovis had been upset after hearing Papadopoulos tell Clovis that Papadopoulos thought ‘they have her emails.'”

Durham purports to quote from the Mueller Report, but then leaves out language from it that utterly changes the entire meaning of the passage, showing that Papadopoulos did have some memory of telling Sam Clovis, “they have her emails,” rather than concluding definitively that he did not.

To sustain his narrative that the tip about Papadopoulos should not have been used to open an investigation, Durham distorts what the evidence about Papadopoulos actually shows.

This is not the only misrepresentation Durham makes with regards to the Papadopoulos investigation. Here’s how he describes Papadopoulos’ prosecution.

With regard to misleading and incomplete information being provided to the FBI, Papadopoulos was subsequently charged in a one-count Information with and convicted of making false statements in violation of 18 U.S.C. § 1001(a)(2). United States v. George Papadopoulos, Crim. No. 17-cr-182 (RMD) (D.D.C.), Document 8 (Information). Specifically, during his first interview with the Crossfire Hurricane Agents on January 27, 2017, Papadopoulos told the Agents about an individual associated with a London-based entity who had told him about the Russians having “dirt” on Clinton. Although Papadopoulos provided the FBI with the name of the individual and where he could be contacted, Papadopoulos lied to the Agents about when he had received the information (it was received after not before he was named as a foreign policy advisor to the Trump campaign) and he downplayed his understanding of the individual’s connections to Russian government officials. U.S. v. Papadopoulos Document 19 (Statement of the Offense) at 1-2. In addition, Papadopoulos misled the Agents about his attempts to use the individual and a female associated with that person to arrange a meeting between the Trump campaign and Russian government officials. Id. at 2-3. Ultimately, Papadopoulos pleaded guilty to making false statements. On multiple occasions he then met with, answered questions for, and provided information to the Government, id. at 13, and eventually was sentenced to 14 days incarceration. U.S. v. Papadopoulos Document 50.

He cites a few words in Papadopoulos’ Statement of Offense to suggest that Papadopoulos “provided information” to the government. He doesn’t quote the sentencing memo, which explains that Papadopoulos cooperated to the extent that DOJ had obtained a written record debunking the things he had earlier said to the FBI.

The defendant did not provide “substantial assistance,” and much of the information provided by the defendant came only after the government confronted him with his own emails, text messages, internet search history, and other information it had obtained via search warrants and subpoenas well after the defendant’s FBI interview as the government continued its investigation. The defendant also did not notify the government about a cellular phone he used in London during the course of the campaign – that had on it substantial communications between the defendant and the Professor – until his fourth and final proffer session.

And Durham definitely doesn’t cite the September 19 proffer in which Papadopoulos claimed to be unable to read his own notes, written around July 11, 2016 — so just weeks before the opening of Crossfire Hurricane — that appear to discuss plans for a September 2016 meeting with “Office of Putin” in London.

Just a few weeks before the FBI opened an investigation into Papadopoulos, he had discussed plans for a secret meeting with Putin’s office in London. Papadopoulos ultimately refused to explain that plan to the FBI.

And John Durham questions whether this investigation should ever have been opened.

This misrepresentation of the record on Papadopoulos is fairly significant. That’s because sixteen pages of Durham’s investigative review and two of his actual prosecutorial decisions pertain to whether the FBI committed a crime by having informants record conversations with Papadopoulos and Sam Clovis (again, remember that in his report Durham did not mention the informant, handled by pro-Trump agents, targeting the Clinton Foundation in the same period, a far clearer violation of what he complains about here), but not including everything that Durham believed helped Trump in Carter Page’s FISA application.

Durham goes to great lengths to conclude that there was not only exculpatory information in the recordings that didn’t make the Carter Page FISA applications (something about which DOJ IG agreed with him on), that Papadopoulos’ labeling of what Roger Stone ultimately did do — at Manafort’s request — to be treason as similarly exculpatory, but that Sam Clovis (who may have had advance notice about the emails) raising voter suppression in response to a question about Russia, or Papadopoulos, confessing he responded to Halper in the belief he might report back to the CIA were not inculpatory statements. These are all opinions. Significantly, some of the are opinions that Congress first floated in a hearing that served as the impetus for this very investigation, an investigation that concluded that investigations shouldn’t be driven by direction from Congress.

To prove the FBI wrong about this difference of opinion, though, Durham provides his own opinion about whether Papadopoulos had offered a scripted answer to the question that he later said he believed would be shared with the CIA. To attempt to criminalize the decision to leave out denials that the FBI believed to be scripted, Durham did his own review.

Things get weirder when Durham credits Papadopoulos’ statements — made to a friendly informant on March 31, 2017, after having already lied to the FBI and misrepresented to this particular informant his ties with Sergei Millian, though before FBI discovered the relationship with Ivan Timofeev that Papadopoulos had hidden in his initial interviews — that he had nothing to do with Russia.

14:03:45

CHS-2: Do you think the Russians would come and kill you if you said something? The Russian Mafia?

GP: I have nothing to do with the Russians.

14:14:30

CHS-2: If Russia [expletive] meddled in our elections, what else are they controlling about us? That just makes America look weak.

GP: I still don’t believe that [they did].

And we can be sure that Durham left out inculpatory statements.

For example, Durham makes no mention of the fact that Papadopoulos talked about monetizing his relationship with Trump specifically in context of a question about Russia, as described in the Horowitz Report.

When Source 3 asked Papadopoulos if he had ever met Putin, Papadopoulos said that he was invited “to go and thank God I didn’t go though.” Papadopoulos said that it was a “weird story” from when he “was working at … this law firm in London” that involved a guy who was “well connected to the Russian government.” Papadopoulos also said that he was introduced to “Putin’s niece” and the Russian Ambassador in London. 472 Papadopoulos did not elaborate on the story, but he added that he needed to figure out

how I’m going monetize it, but I have to be an idiot not to monetize it, get it? Even if [Trump] loses. If anything, I feel like if he loses probably could be better for my personal business because if he wins I’m going to be in some bureaucracy I can’t do jack … , you know?

This expressed enthusiasm to monetize his access to Trump and his relationship with “Putin’s niece” is a clear counterintelligence concern. Durham doesn’t mention it.

All this provides likely explanation for why Durham misrepresented the results of the investigation against Papadopoulos.

Immediately before the section, quoted above, where Durham describes Papadopoulos’ guilty plea and exaggerates his cooperation, Durham complains that a footnote in the Carter Page FISA applications referring to lies Papadopoulos later pled guilty to telling in interviews with FBI Agents “contained qualifying language regarding the denials.” Here’s the footnote from the last two Page FISA applications:

As of March 2017, the FBI has conducted several interviews with Papadopoulos. During these interviews, Papadopoulos confirmed that he met with officials form the above-referenced friendly foreign government, but he denied that he discussed anything related to the Russian Government during these meetings. Based on the FBI’s investigative efforts and some of the comments made by Papadopoulos, the FBI believes that Papadopoulos provided misleading or incomplete information to the FBI during the interviews.

Durham’s own interviews with Downer and Thompson confirm Papadopoulos’ statements about the Australians were incorrect. And yet Durham complains that the FBI correctly observed that Papadopoulos was misleading the FBI about statements that he himself proved to be inaccurate.

As noted above, certain denials made by Papadopoulos in FBI interviews were mentioned in a footnote, but the Crossfire Hurricane team reported that it believed Papadopoulos was misleading in those interviews. This denial from Papadopoulos in this conversation with CHS-2, which occurred prior to those two renewal applications being submitted to the FISC, was also omitted from any discussion in that referenced footnote.

I would write this all off as just Durham’s effort to parrot what people like Mark Meadows and Jim Jordan urged him to investigate, or desperation, or maybe just an old man seeing clouds in old informant recordings, except for a few more details about Durhams’ treatment of Papadopoulos.

First, as I noted here, as of June 2022, Durham had never interviewed Papadopoulos himself. In fact, if you can believe Papadopoulos, rather than interviewing him, Durham relied on Papadopoulos’ congressional testimony conducted without any of the underlying documents in question, in which Papadopoulos repeatedly laundered conspiracy theories told in right wing rags into the Congressional record. If you can believe Papadopoulos, Durham took those conspiracy theories, and ran off to Europe to chase them down.

Papadopoulos: So, that’s a good question. In 2018, I was one of five witnesses who was invited by–under oath, behind closed doors–in front of the House Oversight Committee. And the other four witnesses, besides myself, were Rod Rosenstein, Sally Yates, uh, Jim Comey, and Loretta Lynch. Now, back in 2018, and there’s a Washington Post article, I think it’s called “Papadopoulos and Rosenstein about to testify behind closed doors,” back in 2018, people were scratching their heads, why on earth is George Papadopoulos one of four, one of five witnesses who is going to testify to both John Ratcliffe and Mark Meadows. Back then, obviously, before Mark Meadows was Chief of Staff at the White House and Ratcliffe was the head of DNI, they were Congressmen. They were in charge of the House Oversight Committee. During that testimony back then, both of those individuals who later served in senior White House, uh, Administrative capacities were asking me questions about wiretaps. They were asking me if I was being monitored while I was in Europe. They were asking me whether my lawyers were ever given so-called exculpatory information about any of, about Joseph Mifsud, any of these other type of operatives, both domestic and foreign. And I basically let them know, under oath, that I’m telling you. How I met him, what my background was, why I believe there was this target on my back, why I think it followed me all the way from the beginning, all the way until the summer of 2017, where they were, the FBI was trying to set me up while I was in Israel with this other bizarre exchange that I had, that I talk about in my book. So that testimony, I believe, was used with the Durham team, to help get this entire thing started, that’s how Durham and Barr flew to both to Rome, to talk to Italian intelligence services — not the FBI — to learn about Mifsud, and I believe — that’s why NBC has also been quoted as saying that Western intelligence officials have gone on the record and stated that it’s Papadopoulos’ breadcrumbs, if you want to call it that, that have led to Durham’s real conspiracy case that he’s trying to uh–

Stone: So, but to go to my direct question, have you had any direct contact with Durham or his office, or your attorneys?

Papadopoulos: No, I haven’t. No no no, no I haven’t. But my understanding is that that testimony, 2018, was used by the Durham, that’s my understanding.

Rather than corroborating Papadopoulos’ conspiracy theories, Durham instead learned of evidence implicating Trump in a crime, an investigation that has disappeared. Durham makes no mention of these junkets in his final report — he makes no mention that Papadopoulos, whose criminal investigation he misrepresents, sent him and the Attorney General on wild goose chases to Europe.

That’s one reason it matters that Durham made no mention of these junkets in his final report, because doing so would discredit the testimony Papadopoulos made to Congress, and in the process make it even more clear that the FBI was right to open an investigation into the Coffee Boy.

But there’s an even bigger reason that Durham’s failure to interview Papadopoulos matters: because he was the one person known to have undeniably relevant testimony about Sergei Millian’s communication practices during July 2016, someone who could provide direct insight onto whether it was possible that Igor Danchenko and Millian communicated in those very same weeks.

Durham’s failure to interview Papadopoulos on that topic is all the more telling given that in the 11-page section of the report in which Durham discusses the basis for four charges against Igor Danchenko that a jury acquitted on, he makes just three references to actual interviews his own team did:

1085 OSC Report of Interview of Sergei Millian on Feb. 5, 2022 at 1.

[snip]

1136 OSC Report of Interview of Brian Auten on July 26, 2021 at 21; OSC Report of Interview of Kevin Helson on July 27, 2021 at 3-4.

The Millian interview was conducted remotely; Millian refused to make the same comments under oath, in a venue in which he could be held accountable for lies.

The interviews with Auten and Helson were significantly debunked on the stand at Danchenko’s trial.

Under cross-examination by Danchenko attorney Stuart Sears, for example, Helson testified he never walked away from his meetings with Danchenko believing he had lied.

Q. Agent Helson, it was no — it was no secret, during the course of your relationship with Mr. Danchenko, that there was a discrepancy between how Mr. Steele described how Mr. Danchenko represented his interactions with Mr. Millian and how Mr. Danchenko told you he actually explained his interactions?

A. Yes.

Q. Okay. It was no — it was no secret. Everyone knew all along that there was a disconnect there?

A. Correct.

Q. And at no point during your entire time of meeting with Mr. Danchenko over those three years, did you ever walk away thinking that he was lying to you about anything; is that fair?

A. That’s fair.

Q. In fact, for years after your conversations with Mr. Danchenko about his anonymous phone call with the person he believed to be Mr. Millian, you would submit reports indicating that he was a reliable source?

A. Correct.

Q. And some of those reports would even mention the Millian discrepancy and you would write that you believed that Mr. Danchenko had accurately reported the information as best you could recall?

A. Yes.

Helson is likely the person whom Durham referred for further investigation for his handling of Danchenko. The report doesn’t provide the date of the referral, suggesting he may have retaliated against Helson for this testimony given under oath.

In cross-examination, Danchenko attorney Danny Onorato first got Auten to acknowledge that Danchenko himself had said the communication he had with someone he believed was Millian was “strange,” and Auten never followed to up clarify if they meant the same thing by “strange.”

Q. All right. So, first of all, I think your testimony yesterday was that you thought that the interaction was strange between Millian, the person he believed to be Millian, and Mr. Danchenko.

A. I thought that that interaction, as described, was peculiar and strange, yes.

Q. Right. And before you thought they were peculiar, Mr. Danchenko told you, on the 24th, is that he thought what happened was strange, right?

A. I do recall that, yes.

Q. Right. Because when you write a 302 or your memo, you write what the witness tells you, right?

A. Correct.

Q. Okay. And you would agree that his characterization was, “Guys, this is strange,” and that’s what you wrote in that report?

A. I believe that’s how I characterized it.

Q. Okay. So you agree with him when he said, “This was strange.” You said, “You know what, he’s right. This seems strange,” right?

A. He characterized it as strange. I think my characterization of strange might not be the same characterization of strange.

Q. Okay. But you used the same word?

A. Used the same word, yes.

Q. So you can use the same word, and sometimes people can interpret the word differently is what you’re telling me.

A. Yes.

Q. Okay. And the only way for you to know that is to ask a follow-up question and say, “Hey, when you say ‘strange,’ this is what I think and this is what you think,” right?

A. Right.

Q. But you never did that?

A. I don’t recall asking him to define what he meant by strange in that.

Q. Very well. But he told you that he got information from a person who did not identify himself, correct?

A. Correct.

Q. Okay. And, again, I’m not giving you a hard time because you didn’t ask a lot of probing questions on that day because you were just trying to break the ice with him to see if you can get him to work with you. Somma said you’d have more time to work with him, right?

A. Correct.

Then, Onorato demonstrated that Durham had gotten Auten to lie unwittingly on the stand by withholding the part of the Danchenko transcript where, in his first interviews with the FBI, he said the call he had with the person he believed was Millian could have been via app.

Q. Okay. But I do want to try to correct something about what you testified about this morning. Okay?

A. Okay.

Q. And you prepared to testify with Mr. Durham and his team, right?

A. Yes.

Q. Okay. And I think he asked you to look at Government Exhibit 100.

A. Yes.

Q. Okay. And when he asked you to look at Government one- — Exhibit 100, I think you may have answered that he did not mention a call app on Page 20, right, in response to his questions?

A. Yes.

Q. Okay. Well, do me a favor. Look at Page 20 and then 21, And see if that refreshes your memory the first day about what Mr. Danchenko told you.

A. I apologize. Yes, it basically says — would you like me to read it?

Q. Yeah.

A. Okay. I’ll start at the middle of — middle of the last paragraph of Page 20. [As read:] “The two of them talked for a bit and the two of them tentatively agreed to meet in person in New York City at the end of July. At the end of July, Danchenko traveled with his daughter to New York but the meeting never took place and no one ever called Danchenko back. Altogether, he had only a single phone call with an individual he thought to be Millian. The call was either a cellular call or it was a communication through a phone app.”

Q. I’m sorry, what did you just say?

A. “Or it was a communication through a phone app.”

Q. Okay. So remember when Mr. Durham asked you questions this morning, right?

A. Yes.

Q. Did he omit — ask you to look at page 21 to see what Mr. Danchenko told you that day?

A. I don’t think he was omitting. I think I —

Q. Okay. And did you intentionally omit, intentionally tell the jury something wrong, right?

A. No.

Q. But the import of the testimony was that, no, he never mentioned in that first meeting it could have been a phone app, right?

A. Correct.

Q. And now we all know that that’s false, right?

A. Correct.

Q. So he did mention a mobile app?

A. That is correct.

Onorato then got Auten to testify to how Durham had withheld the Amtrak records that corroborated Danchenko’s version of what happened.

What happened next was more dramatic. Durham attempted to exclude just the metadata of communications between Papadopoulos and Millian in these very same weeks of July 2016 because — he said in a bench conference — the content of the communications “sound[ed] creepy.”

The defendant has provided what he has premarked as Defendant’s Exhibit 480, 4-8-0, which is an email, a LinkedIn message from Millian to George Papadopoulos. Unless the defendant is going to somehow explain to the jury what Millian and Papadopoulos were communicating about at this period of time, then the Court should not permit it. Papadopoulos and Millian, as I think the defense knows from the discovery in this case, were exchanging any number of emails or Facebook exchanges or LinkedIn all about real estate, potential real estate transactions.

And so what the defense would be asking the jury to do is to draw some adverse inference that there was something going on between Millian and Papadopoulos that they really don’t know about, but it certainly sounds creepy. Well, in fact, if you look at what the communications were, as I say, between Papadopoulos and Millian, they are all about real estate, potential real estate investments.

[snip]

MR. DURHAM: 486 is from Millian to Papadopoulos. Again, you know, its irrelevant to these proceedings, but for the same reason, in the government’s view, it would be inadmissible unless we want to get into evidence relating to what Papadopoulos and Millian were doing at or about the time these email exchanges were occurring. [my emphasis]

Then, when Durham made another attempt to prevent just this metadata from coming into evidence, he spent five minutes trying unsuccessfully to get Auten to rule out that these communications could be proof of Russian “collusion.”

Q. And do you remember what Papadopoulos and Millian were involved in that generated these numbers?

A. I don’t recall exactly what they were involved in, but it was —

Q. But was it pretty much they were involved in real estate or investment discussions over a long period of time?

A. That, I don’t recall exactly.

Q. Well, how about generally? Do you generally refer — recall that Papadopoulos and Millian were involved in discussions about real estate projects and the like?

A. In January of…

Q. Well, this whole period that’s reflected in Defendant’s Exhibit 403.

A. Yeah, again, I don’t know if I — I don’t know if I can speak to that at this point.

Q. Well, you — you were the analyst — that supervisory analyst, correct?

A. Yes.

Q. Did you recall, sir, what it was that Mr. Millian was involved in, the kind of investments?

A. Yes, he was involved in investments and the like.

Q. Right.

A. But I don’t know if I can speak to, at this point, these phone records being tied to any real estate deals or anything of that sort.

Q. Right. So all of these records have shown there was contact between the two of them, correct?

A. Correct.

Q. And did you know that Millian was involved in the energy sector as well?

A. Yes, correct.

Q. And did you know that Papadopoulos was talking about getting involved in the energy sector in the Middle East?

A. Yes, I did know that.

Q. Does that refresh any recollection as to whether or not the contact between Millian and Papadopoulos had to do with energy and other investments?

A. Again, I am familiar with both of those things. I don’t know if that is what this document was actually written for.

Q. Okay. And there’s nothing in this document that tells you what it is about, correct?

A. No. Gmail talks about — there are a couple of references on — it’s not — it’s Bates Number — last Bates number is 105262.

Q. Uh-huh.

A. And there are two paragraphs that talk about another individual involved with energy.

Q. Right. This is all about business, correct?

A. Again, I don’t know if all of this is about business. I know that there are paragraphs in here involving energy.

Q. Okay. So one can tell from this is that they were involved in exchanges of emails or the like, correct?

A. Correct.

Q. And it appears it has to do with energy, correct?

A. It might , yes. Again, there are a lot of — there are a lot of communications on here.

Q. Yes.

A. So I would not be able to state with any substance that these are all involving energy issues.

Q. You can’t say that because the document doesn’t tell the jury what it’s about, other than that it, at least it has partially to do with energy?

A. Correct.

Q. Between Millian and Papadopoulos, correct?

A. That’s what it appears, correct.

Q. So it would be unreasonable to conclude anything or draw any conclusions from this other than Papadopoulos and Millian were involved in investments in the energy sector, right?

A. I don’t know if I can say that it follows necessarily from this, that all of these things deal with that.

Q. That wasn’t my question, though.

A. Okay.

Q. My question was: It would be unreasonable to conclude from this document anything other than they were at least involved in talking about — the energy sector, correct?

A. I would say that from this document there may —

Q. Uh-huh.

A. — there are likely communications within this list of communications dealing with energy, though I cannot say, analytically speaking, that all of these deal with energy

Q. Fair enough. You know that Millian was involved in the energy sector and real estate?

A. I do recall that.

Q. And Papadopoulos is involved in the energy sector and real estate?

A. I recall that.

Q. And so this document doesn’t have anything to do, from looking at it on its particulars, anything to do with Russia and Russia collusion and the like, correct?

A. So the only thing that this has is — it has a list of — most of it is a list of communications between the two parties, dates, times.

Q. Okay. [my emphasis]

Durham, in open court, tried to prevent any mention of the relationship between Papadopoulos and his sole affirmative witness against Danchenko, Sergei Millian, because, in his own words, the communications between Millian and Papadopoulos “certainly sound[] creepy.”

And he made no mention of any of this in his report. He sure as hell made no mention of getting a prosecution witness to make a false claim on the stand by withholding information.

This is the witness, Papadopoulos, he never interviewed to learn about the nature of Millian’s communications at the time.

This is the witness he spent pages and pages of his report misrepresenting.

This is the witness, George Papadopoulos, whose Congressional testimony launched him onto multiple international junkets with the Attorney General, in search of conspiracy theories that yielded only some useless Blackberries and evidence of financial crimes involving Trump.

In his report to Merrick Garland, John Durham maintains that the FBI was overly hasty to open an investigation into Papadopoulos, the guy who weeks before the investigation was opened was planning a secret meeting with Putin.

But in open court, Durham admitted that in very weeks the FBI opened the investigation, the Coffee Boy was involved in “creepy” communications with Sergei Millian.

And he doesn’t mention those creepy communications in his report.

Share this entry

The Media’s Past Indifference to Trump’s Past Abuse of Pardons Invites Him To Do It Again

/75 Comments/in , , , /by

It took former Reagan and Poppy appointee Wayne Beyer to raise the subject of pardons as the very first question at CNN’s Town Hall on Wednesday.

[Wayne] BEYER: My question to you is: will you pardon the January 6th rioters who were convicted of federal offenses?

TRUMP: I am inclined to pardon many of them. I can’t say for every single one because a couple of them, probably, they got out of control.

But, you know, when you look at Antifa, what they’ve done to Portland, and if you look at Antifa, look at what they’ve done to Minneapolis and so many other – so many other places, look at what they did to Seattle. And BLM – BLM, many people were killed.

These people – I’m not trying to justify anything, but you have two standards of justice in this country, and what they’ve done – and I love that question because what they’ve done to see many people is nothing – nothing. And then what they’ve done to these people, they’ve persecuted these people.

And yeah, my answer is I am most likely – if I get in, I will most likely – I would say it will be a large portion of them. You know, they did a very –

And it’ll be very early on. And they’re living in hell right now.

Given his legal focus on police misconduct and sometime membership in a GOP lawyers association, Beyer may have been teeing Trump up to promise to pardon the men and women who attacked the Capitol on January 6 and might have assassinated Mike Pence. Given his background, this feels like a scripted question, designed to provide Trump an opportunity to promise those facing prosecution (including some lawyers!) to remain loyal to Trump.

In response, Kaitlin Collins attempted to point out Trump’s hypocrisy by raising one of the several cops and former cops who rioted on January 6, to say nothing of the former and active duty service men and women who participated in the attack (she was probably alluding to Thomas Webster, the most celebrated of the former cops charged with assaults, but he is not the only one). That only teed up another opportunity for Trump to undermine the rule of law in the US.

COLLINS: So when it comes to pardons –

TRUMP: They’re living in hell, and they’re policemen, and they’re firemen, and they’re soldiers, and they’re carpenters and electricians and they’re great people. Many of them are just great people.

COLLINS: Mr. President, one of the people who was convicted was a former policeman but he was convicted of attacking a police officer, I should note.

But when you said you are considering pardoning a large portion of those charged with crimes on January 6th, does that include the four Proud Boys members who were charged and convicted of seditious conspiracy?

TRUMP: I don’t know. I’ll have to look at their case, but I will say in Washington, D.C., you cannot get a fair trial, you cannot. Just like in New York City, you can’t get a fair trial either.

Collins made no mention — none — about Trump’s past pardons. She let one of the most unprecedented abuses committed during Trump’s first term, his pardons for those who lied to protect him, go unmentioned even when discussing a topic directly on point.

She’s not alone in her silence. Six months after Trump announced he was running, I’m aware of no deep dive on Trump’s abuse of the pardon power in his first term, not even the pardons that were — as a mass pardon of January 6 convicts would be — pardons of criminals whose crimes served his own power.

Take Paul Manafort. Whatever you imagine the Mueller Report says, whether or not you’ve read the far more damning Senate Intelligence Committee Report, it is a fact that Trump pardoned his way out of legal trouble with Manafort.

After entering into a plea deal in September 2018 that averted a damaging trial during the 2018 pre-election period, Manafort immediately changed his testimony on several key subjects. Judge Amy Berman Jackson ultimately ruled that his changed testimony amounted to lies that breached his plea agreement. She ruled that Manafort lied about three topics, one of which was what happened during an August 2, 2016 meeting with Konstantin Kilimnik at which:

  • Manafort explained how the campaign planned to win the swing states where Trump would eventually win the election
  • Kilimnik discussed how Manafort could get millions in payments from his Ukrainian paymasters and $19 million in disputed funds forgiven with Oleg Deripaska
  • Kilimnik recruited Manafort’s involvement in a plan to carve up Ukraine very similar to the plan Russia pursued until they invaded last February

Had Manafort not entered the plea deal he abrogated within hours, weeks of pre-election coverage would have focused on Manafort’s FARA trial, the proof that Manafort had worked for pro-Russian Ukrainians and then lied to cover it up. Such a trial might have led to even greater Republicans losses in the November 2018 elections.

On the other hand, had Manafort cooperated in good faith, Mueller would have had three witnesses to the meeting, days after the conventions, where Manafort took steps — either wittingly or unwittingly — that provided someone who played a key role in the Russian interference operation with inside information about the Trump campaign.

Instead, Manafort forestalled the trial and undermined any value that his damning testimony (including that Roger Stone had pre-knowledge that WikiLeaks would release John Podesta emails) would have.

And after Manafort lied to cover up what really happened at that meeting and thereby faced a stiffer sentence, Trump pardoned his former campaign manager. In the process, Trump — who has bitched about the cost of the Mueller investigation — reversed the forfeitures that would have contributed to the expense of investigating Manafort’s crimes.

Intelligence judgments since make the meeting even more damning. In June 2020, the FBI offered a $250,000 reward for information leading to Kilimnik’s arrest. The Senate Intelligence Committee Report included two redacted sections (one, two) describing evidence that Kilimnik may have been more closely tied the hack-and-leak activities.

An April 2021 sanctions report stated as fact that Kilimnik had shared campaign information with Russian intelligence.

Konstantin Kilimnik (Kilimnik) is a Russian and Ukrainian political consultant and known Russian Intelligence Services agent implementing influence operations on their behalf. During the 2016 U.S. presidential election campaign, Kilimnik provided the Russian Intelligence Services with sensitive information on polling and campaign strategy. Additionally, Kilimnik sought to promote the narrative that Ukraine, not Russia, had interfered in the 2016 U.S. presidential election. In 2018, Kilimnik was indicted on charges of obstruction of justice and conspiracy to obstruct justice regarding unregistered lobbying work. Kilimnik has also sought to assist designated former President of Ukraine Viktor Yanukovych. At Yanukovych’s direction, Kilimnik sought to institute a plan that would return Yanukovych to power in Ukraine.

Kilimnik was designated pursuant to E.O. 13848 for having engaged in foreign interference in the U.S. 2020 presidential election. [my emphasis]

The declassified intelligence report on the 2020 election (which was declassified in March 2021 but completed in classified form on January 7, 2021, before Trump left office) described that Kilimnik continued to interfere in US elections in 2020.

A network of Ukraine-linked individuals— including Russian influence agent Konstantin Kilimnik—who were also connected to the Russian Federal Security Service (FSB) took steps throughout the election cycle to damage US ties to Ukraine, denigrate President Biden and his candidacy, and benefit former President Trump’s prospects for reelection. We assess this network also sought to discredit the Obama administration by emphasizing accusations of corruption by US officials, and to falsely blame Ukraine for interfering in the 2016 US presidential election.

Derkach, Kilimnik, and their associates sought to use prominent US persons and media conduits to launder their narratives to US officials and audiences. These Russian proxies met with and provided materials to Trump administration-linked US persons to advocate for formal investigations; hired a US firm to petition US officials; and attempted to make contact with several senior US officials. They also made contact with established US media figures and helped produce a documentary that aired on a US television network in late January 2020.

In other words, the tie to Kilimnik ended up being far more damaging than imagined at the time of the Mueller Report, but by the time voters learned it, Trump had already bought Manafort’s silence with a pardon, one that because it reversed the forfeiture, ended up being worth millions to Trump’s former Campaign Manager.

Though the evidence is sketchier, Trump may have pardoned his way out of even worse Russian trouble with Roger Stone. A jury found that Trump’s rat-fucker lied to cover up the true means by which he learned that WikiLeaks would release files from John Podesta (Manafort and Gates both testified that he did get advance knowledge). As Stone was about to report to prison, Stone did a series of appearances where he specified the number of calls Stone had with Trump during 2016 that (Stone claimed, unreliably) prosecutors had asked him about, a list of calls that may have come from a notebook of such contacts prosecutors hoped to find in the search of Stone’s properties. And amid Stone’s claims to have refused to tell prosecutors about the substance of dozens of contacts he had with Trump during 2016, Trump first commuted Stone’s sentence and then — the same day as Manafort — pardoned him.

Importantly, within days of getting that full pardon, Stone met with Trump to thank him for that pardon. At what was likely the same meeting, they talked about January 6, including Trump speaking; the meeting immediately preceded the White House’s shift on making that speech happen. Prosecutors have tied a January 3 appearance Stone did with the Proud Boys with efforts some of those Proud Boys made days later to prevent the vote certification.

Which leads to the most remarkable unremarked pardon of one of Trump’s co-conspirators, that of Steve Bannon.

Bannon did not get pardoned, directly, for lying to cover up what went on in 2016 (indeed, Bannon’s testimony helped to convict Stone).

Rather, as one of his last acts as President, Trump pardoned Bannon for defrauding Trump voters, to the tune of millions, using Trump’s image to do that.

Several of Bannon’s victims testified about believing they were investing in Trump’s wall at his co-conspirator Timothy Shea’s trial. Public school teacher Nicole Keller described investing because border security was so important to her late border patrol agent spouse.

Q. Why did you decide to donate to We Build the Wall? A. My late husband was a border patrol agent. We lived at the southern border in the Rio Grand Valley from 1998 through fall of 2007. Border security is something that is very — was very important to him. He dedicated his career to it. At that point in time, I was a teacher at the southern border. I taught sixth grade and high school science. And we believed that the southern border should be secure, just like the door to our house. It’s not that we’re trying to keep people out; it’s just making sure when someone comes in to our home or residence, we know who they are and what business that they might have at our house.

William Ward, a veteran and retired Washington State Medicare fraud administrator, described contributing because he didn’t believe Congress was doing enough to build Trump’s wall.

Q. Why did you decide to make that donation to We Build the Wall?

A. It was symbolic on my part more than anything else, that I thought if there were a whole lot of people that donated that way, that it might draw some attention to what I think is a difficulty along our Southern Border.

Q. Why do you think there’s a difficulty along the Southern Border? Explain what you mean by that, please.

A. Well, it’s a personal view, but I’m not sure that Congress has done what they should in passing laws that have sort of gotten out of date with the truth on the ground now, for a couple of decades, and that I think that’s where it should start. It should be a congressional thing.

Both described feeling cheated when they discovered their donations were being misused. Keller:

Q. Did there come a time when you became concerned that We Build the Wall wasn’t using donors’ money properly?

A. There did, yes.

Q. Why did you become concerned about that?

A. Again, it was something that was being talked about on news websites.

Q. And when you saw news that caused you concern, what, if anything, did you do about it?

A. I went to the GoFundMe website and tried to get my money back. Mr. Kolfage had implied that if I did not — if the monies were not used as they could be, that we would get our money back.

Q. Were you able to get your money back?

A. I was not, no.

Q. Why did you want your money back?

A. I was insulted that somebody had taken what should be a position of honor and valor, being injured for their country, and, instead, used it to defraud me.

And Ward:

Q. Did there come a time when you became concerned that We Build the Wall wasn’t using donated money in the right way?

A. Yes, there was.

Q. Why did you become concerned about that?

A. The — again, going through a news feed at breakfast every morning, I saw something that there was an investigation of misuse of the funds.

Q. When you saw that, what, if anything, did you do?

A. I got a hold of the GoFundMe page to see if I could recover my donation.

Q. Were you able to get your donation back?

A. No, I was not.

Q. Why did you want your money back?

A. I just felt I’d been cheated.

A restitution filing ordered the defendants to pay over $25 million to their victims.

Bannon cheated people who believed in Trump and his goddamn wall. And Trump pardoned him for it. And Kaitlan Collins didn’t think it worth mentioning to an audience of potential Trump supporters.

Trump obviously didn’t find the charges themselves faulty; he didn’t pardon Bannon’s co-conspirators. They were just sentenced — to three to four-plus years in prison — for the fraud they perpetrated against Trump supporters. And while Dustin Stockton’s testimony to the January 6 Committee has proven unreliable, he and Jennifer Lawrence claimed they were floated pardons in conjunction with their involvement with planning January 6.

The full story of why Trump pardoned Bannon in one of his last acts as President has not been — may never be — told. But there’s no way to regard a pardon for defrauding Trump supporters outside the context of Bannon’s involvement in Trump’s efforts to overturn the election. And, particularly given the absence of any defect in the charges themselves — given that Trump didn’t pardon all the Build the Wall fraudsters — it’s impossible to understand Bannon’s pardon as anything but payback.

And yet, when Kaitlin Collins talked about how horrible it would be if Trump started pardoning everyone else who helped Trump attack Congress, she treated as if it would be an unprecedented abuse. She did so even though she made that tie herself in breaking the story of the Bannon pardon.

Bannon’s pardon would follow a frantic scramble during the President’s final hours in office as attorneys and top aides debated his inclusion on Trump’s outgoing clemency list. Despite their falling out in recent years, Trump was eager to pardon his former aide after recently reconnecting with him as he helped fan Trump’s conspiracy theories about the election.

[snip]

Things shifted in recent months as Bannon attempted to breach Trump’s inner circle once again by offering advice before the election and pushing his false theories after Trump had lost.

One concern that had stalled debate over the pardon was Bannon’s possible connection to the riot of Trump supporters at the US Capitol earlier this month, a source familiar with the discussions told CNN.

“All hell is going to break loose tomorrow,” Bannon promised listeners of his podcast – “War Room” – on January 5, the day before the deadly siege on the Capitol.

[snip]

While some advisers believed it was decided last weekend that Bannon was not getting a pardon, Trump continued to raise it into Tuesday night. Throughout the day, Trump had continued to contemplate pardons that aides believed were settled, including for his former strategist – something he continued to go back and forth on into Tuesday night, sources told CNN.

Ultimately, Trump sided with Bannon.

It would be the exact same thing Trump did in the wake of the November 2020 election, at a time he thought he would face no consequences for such an abuse of the pardon power.

Trump waited to pardon those who had protected him until after voters weighed in. He waited, because he knew that making these pardons before an election would harm his chances of getting elected.

And yet no one — not even Collins, when discussing pardons in the direct context of the next election — could be bothered to mention how abusive were Trump’s past pardons.

Of course Trump will pardon January 6 criminals if he wins in 2024, Kaitlan! Why wouldn’t he?!?! You let him blather on for an hour, even discussed future pardons with him, with not a single mention of his past abuses.

Share this entry

Russia’s Snakes Got DePlaned

/28 Comments/in , /by

The US Attorney’s Office in Brooklyn, EDNY, had a busy day on Tuesday. In addition to indicting George Santos for various kinds of fraud, EDNY’s US Attorney, Breon Peace, got to take credit for the “remediation” of a peer-to-peer network of compromised computers exploited by Russian hacking group “Turla” to hack collection targets around the world.

For geeks, the claimed effect of the operation was pretty cool. The FBI developed code (or had a contractor do it for them) that would exploit the very thing that makes the Snake malware so tricky — the proprietary communications sessions it uses to run a global network of relay nodes through which it launches collection attacks.

The majority of compromised systems serve as relay nodes (referred to as “hop points”) in the Snake network, that route traffic from the FSB’s ultimate target systems (referred to as “endpoints”) through the network back to Turla operators in Russia.

The FBI code was designed to command Snake to overwrite its operational components.

[A]n FBI-created tool named PERSEUS [] issued commands that caused the Snake malware to overwrite its own vital components.

[snip]

[T]hrough analysis of the Snake malware and the Snake network, the FBI developed the capability to decrypt and decode Snake communications. With information gleaned from monitoring the Snake network and analyzing Snake malware, the FBI developed a tool named PERSEUS which establishes communication sessions with the Snake malware implant on a particular computer, and issues commands that causes the Snake implant to disable itself without affecting the host computer or legitimate applications on the computer.

[snip]

Specifically, the FBI has developed a technique that exploits some of Snake’s built-in commands, discussed above, which, when transmitted by PERSEUS from an FBI-controlled computer to the Snake malware on the Subject Computers, will terminate the Snake application and, in addition, permanently disable the Snake malware by overwriting vital components of the Snake implant without affecting any legitimate applications or files on the Subject Computers..

We’ll see whether the operation was as successful as DOJ and NSA claimed. But the government at least claims to have significantly neutralized a hacking platform that has been a complex challenge for two decades.

A quote from a specialist on this hacking group made me want to look closer to understand what DOJ did, both technically and legally. Juan Andres Guerrero-Saade complained to CNN that the FBI had taken down the peer-to-peer network, rather than just sat on it to continue to observe what Russia’s FSB was doing.

Turla operatives are “genuine professionals,” Juan Andres Guerrero-Saade, a researcher who has tracked Turla for years, told CNN.

“They’re not traipsing around breaking things or calling attention to themselves in stupid ways,” said Guerrero-Saade, who is senior director of SentinelLabs, the research arm of security firm SentinelOne. He said that’s what you’d “expect from the GRU,” referring to Russia’s military intelligence agency, whose hackers are generally more conspicuous. “You don’t see that out of Turla.”

[snip]

While the FBI touted the action as another example of the bureau’s strategy to protect hacking victims, Guerrero-Saade wondered what visibility the FBI might have lost into Turla’s operations by exposing the network of hacked computers.

“The FBI has a hammer and they’ve decided this is just another nail,” Guerrero-Saade said. “And I don’t think espionage operations should be handled the same way that criminal operations are.”

But the search warrant affidavit suggests that’s what the FBI has been doing since 2016.

The materials released by the government provide a very selective narrative both of the hacking group and the intervention:

May 4, 2023: Search warrant affidavit

May 8, 2023: Planned operation

May 9, 2023: DOJ Press release; NSA press release; Joint Cybersecurity Advisory

The narrative starts in 2004, when investigators first started tracking Turla, ignores a 2008 Turla compromise of DOD computers, only names one collection target (a journalist) that might be in the US, and only describes likely German and French collection targets in passing.

As the affidavit describes, the FBI’s understanding of Turla derived from both “sensitive sources” and the monitoring of victims.

[T]hrough existing legal authorities, the cooperation of several U.S. victims[,] and sensitive sources, the FBI and U.S. Intelligence Community have obtained significant insight into the FSB’s cyberespionage activities against the United States and its allies using Snake.

A key part of the affidavit’s narrative describes that monitoring process. The FBI discovered that Turla compromised computers at US Victim A in San Jose, which let the FBI monitor how the malware worked. Using US Victim A, Turla compromised US Victim B in Syracuse, which in turn let the FBI monitor what happened from there. Using both US Victims A and B, Turla compromised US Victim D in Columbia, SC, which in turn let the FBI monitor traffic. Using Victim B, Turla compromised US Victim C, in Boardman, OR, which in turn let the FBI monitor traffic.

Over seven years, then, the FBI has been monitoring communications traffic from a growing number of US victim companies that Turla used as nodes. The affidavit emphasizes that these sites were used to attack overseas targets — like the presumed German and French targets mentioned in the affidavit. Aside from the journalist working for a US outlet (who could be stationed overseas), the affidavit doesn’t mention any US collection targets. Nor does it explain whence Turla targets US collection targets.

2004: Investigation begins

2008: Turla compromises US military computer via thumb drive (not mentioned in affidavit)

2015 to 2017: FBI monitored communication between US-compromised computer and Minister of Foreign Affairs in NATO member-state, collected and decrypted

Turla operators used Snake in an attempt to exfiltrate a large volume of what they believed to be internal United Nations and NATO documents sent from the NATO Victim-1

By description — particularly the reference to what hackers thought they were getting — this is likely Germany, as described in this report on the group.

It was Tuesday, Dec. 19, 2017, when German security officials received the tipoff. A foreign intelligence service informed the Bundesnachrichtendienst (BND), Germany’s foreign intelligence service, that somebody had hacked into the IT system belonging to Germany’s Foreign Ministry.

[snip]

And the hackers hadn’t actually stolen all that much by the beginning of 2018 – a total of six documents, only one of which was classified. Nevertheless, the BSI decided to throw the hackers out of the network. A short time later, public prosecutors launched an official investigation into the cyberintrusion.

2016: After finding IP address in Queue File on computers belonging to US Victim A in San Jose, CA, victim permitted FBI to do custom scan and monitor communication traffic to ID other hop points and victims

2017: FBI provides victim notification of earlier version of Snake on US Victim E computers in Van Nuys, CA

2017 to 2020: FBI monitored communications between US-compromised computer and NATO Victim-2 (possibly France)

2018: EDNY grand jury seated

2018: FBI observed communications between US Victim A and computers in Syracuse, NY, owned by US Victim B and performed custom scan and monitored traffic

2018 to 2022: FBI identified traffic between US Victims A and B and computers in Columbia, SC owned by US Victim D; FBI performed a scan and monitored traffic

January 2020: FBI identified communication between US Victim B and cloud provider US Victim C in Boardman, OR; FBI performed custom scan and monitored ongoing traffic

2020 to 2021: FBI identified traffic between US Victim A and computer located in Hicksville, NY owned by US Victim F

2021 to 2022: FBI observes traffic between US Victims D and US Victim E; FBI provided custom scan but Victim E did not permit ongoing monitoring

2022: By the time FBI alerts US Victim E, it had ceased operation and discarded the computers

February to March 2022: FBI identified communication between US Victim A and computers in Gaithersburg, MD owned by US Victim G, which refused to cooperate with the FBI

nd: Turla used Snake to target journalist for US news media company (country location not stated)

As this timeline lays out, in the last two years, Turla exploited three US victim companies — US Victim E and G, both of which refused full cooperation, as well as the defunct one, US Victim F, in Hicksville, NY, that might be how EDNY would claim to establish venue if you ignore that that hack happened after the grand jury that conducted this investigation was seated in 2018 — from which the FBI was unable to get the kind of voluntary cooperation that US Victims A, B, C, and D offered. At first I mistakenly thought that FBI might have acted now because they were finding less success with the monitoring approach they’ve used since 2016.

But those computers are a different set (though possibly overlapping) than the set of computers targeted by this warrant. While Subject Computers 2 and 3 listed in the affidavit, both located in Columbia, SC, could be owned by US Victim D, US Victims E and G are not targeted. The additional targeted computers are located in Portland (Subject Computers 1 and 2), Atlanta (Subject Computer 4), Windsor, CT (Subject Computer 5), and Rancho Cordova, CA (Subject Computers 6, 7, and 8). If Subject Computers 2 and 3 do belong to US Victim D, including them might serve primarily to qualify this for remote search under 41(b)(6)(B) (which requires 5 districts).

For US purposes, the more important part of the operation may be parallel efforts done overseas. The affidavit suggests that the FBI will only execute the search within the US and foreign governments will only execute the search within their jurisdictions.

On or about May 8, 2023, the FBI, in coordination with certain foreign governments acting outside of the United States, intends to execute a technical operation, codenamed MEDUSA, to disable Snake malware on numerous computers worldwide. Specifically, at a chosen time, FBI personnel will use PERSEUS to authenticate and establish sessions with the Snake malware on the Subject Computers, and send to the Snake implants on the Subject Computers built-in commands that will terminate the Snake application and, in addition, permanently disable the Snake malware by overwriting vital components of the Snake implant without affecting any legitimate applications or files on the Subject Computers. At the same time that the FBI executes the remote search technique described in this Affidavit to disable the Snake malware on computers located in the United States, certain foreign government authorities will take action to remediate Snake-compromised computers within their territories.

The press release is a bit more vague about that (and there are probably nodes in countries that the US IC would not trust enough to coordinate such an operation).

For victims outside the United States, the FBI is engaging with local authorities to provide both notice of Snake infections within those authorities’ countries and remediation guidance.

[snip]

The FBI and U.S. Department of State are also providing additional information to local authorities in countries where computers that have been targeted by the Snake malware have been located.

As the affidavit described it, the FBI used a Rule 41(b)(6)(B) warrant permitting the government to search remotely in more than one District at a time so as to allow for the simultaneous worldwide operation.

The FBI believes that use of the remote search technique described in this Affidavit is necessary to ensure the success of the coordinated technical operation to disrupt the Snake malware network worldwide. As detailed above, the Subject Computers are located in geographically disparate locations throughout the United States. There are not sufficient FBI personnel available who possess the specialized training and experience with the sophisticated Snake malware to physically travel to each location to disable the Snake malware on each of the Subject Computers simultaneously. Thus, without authorization to use the remote search technique requested in this Affidavit, the FBI would not be able to timely disable the Snake malware on the Subject Computers as part of a coordinated operation against the worldwide Snake network.

Whatever the case, the press release speaks in fairly expansive terms about neutralizing the entire network, not just some nodes in it.

To cycle back to Guerrero-Saade’s complaint, then, it seems that FBI has been monitoring this network for years. Indeed, one wonders how much of the roll-up of Russian spying in recent years has benefitted from doing so.

But it seems that the US and its partners decided they had the capability and the will to attempt to shut down this network now (at a time, it should be said, when Russia is ratcheting up attacks on Ukraine and in advance of Ukraine’s planned counterattack). Perhaps it is just part of the larger response rolled out in the wake of Russia’s attack on Ukraine.

Share this entry

Stand Back and Stand By: Proud Boys Enrique Tarrio, Joe Biggs, Ethan Nordean, and Zach Rehl Guilty of Sedition

/205 Comments/in , , /by

The verdict is just coming in from the Proud Boys trial.

Update: The jury came back with a not guilty verdict for Pezzola on seditious conspiracy, and Judge Tim Kelly ruled them hung on everything else.

It’s finally over.

Count One: Seditious Conspiracy (18 USC 2384)

Tarrio: Guilty

Biggs: Guilty

Nordean: Guilty

Rehl: Guilty

Pezzola: Not Guilty

Count Two: Conspiracy to Obstruct an Official Proceeding (18 USC 1512(k))

Tarrio: Guilty

Biggs: Guilty

Nordean: Guilty

Rehl: Guilty

Pezzola: Hung

Count Three: Obstruction of an Official Proceeding (18 USC 1512(c)(2))

Tarrio: Guilty

Biggs: Guilty

Nordean: Guilty

Rehl: Guilty

Pezzola: Guilty

Count Four: Conspiracy to Impede an Officer (18 USC 372)

Tarrio: Guilty

Biggs: Guilty

Nordean: Guilty

Rehl: Guilty

Pezzola: Guilty

Count Five: Civil Disorder (18 USC 231)

Tarrio: Guilty

Biggs: Guilty

Nordean: Guilty

Rehl: Guilty

Pezzola: Guilty

Count Six: Deprecation of Government Property (metal barrier) (18 USC 1361)

Tarrio: Guilty

Biggs: Guilty

Nordean: Guilty

Rehl: Guilty

Pezzola: Guilty

Count Seven: Deprecation of Government Property (front door) (18 USC 1361)

Tarrio: Hung

Biggs: Hung

Nordean: Hung

Rehl: Hung

Pezzola: Guilty

Count Eight: Assault (throwing water bottle) (18 USC 111)

Tarrio: No verdict

Biggs: No verdict

Nordean: No verdict

Rehl: No verdict

Pezzola: No verdict

Count Nine: Assault (fighting with cop) (18 USC 111)

Tarrio: Not guilty

Biggs: Not guilty

Nordean: Not guilty

Rehl: Not guilty

Pezzola: Guilty

Count Ten: Robbery (stealing shield)

Pezzola: Guilty

Update, May 8: Corrected Tim Kelly’s last name.

Share this entry