1,500 Investigative Subjects: A Competent Google GeoFence Motion to Suppress for January 6

/20 Comments/in , , /by

For some time, I’ve been waiting for a January 6 defendant to (competently) challenge the use of a Google GeoFence as one means to identify them as a participant in January 6. (There have been incompetent efforts from John Pierce, and Matthew Bledsoe unsuccessfully challenged the GeoFence of people who livestreamed on Facebook.)

The motion to suppress from David Rhine may be that challenge. Rhine was charged only with trespassing (though he was reportedly stopped, searched, and found to be carrying two knives and pepper spray, but ultimately released).

As described in his arrest affidavit, Rhine was first identified via two relatively weak tips and a Verizon warrant. But somewhere along the way, the FBI used the general GeoFence warrant they obtained on everyone in the Capitol that day. Probably using that (which shows where people went inside the Capitol), the FBI found him on a bunch of surveillance video, with his face partly obscured with a hat and hoodie.

The motion to suppress, written by Tacoma Federal Public Defender Rebecca Fish, attempts to build off a ruling in the case of Okello Chatrie (and integrates materials from his case) to get the GeoFence used to identify Rhine and everything that stemmed from it thrown out.

The three-step GeoFence Warrant and the returns specific to Rhine are sealed in the docket.

But the MTS provides a bunch of the details of how the FBI used a series of warrants to GeoFence the crime scene.

First, as Step 1, it got a list of devices at the Capitol during the breach, either as recorded in current records, or as recorded just after the attack. At this stage, FBI got just identifiers used for this purpose, not subscriber numbers.

The geofence warrant requested and authorized here collected an alarming breadth of personal data. In Step 1, the warrant directed Google to use its location data to “identify those devices that it calculated were or could have been (based on the associated margin of error for the estimated latitude/longitude point) within the TARGET LOCATION” during a four-and-a-half hour period, from 2:00 p.m. until 6:30 p.m. Ex. A at 6. The target location—the geofence—included the Capitol Building and the area immediately surrounding it, id. at 5, which covers approximately 4 acres of land, id. at 13. Indeed, the warrant acknowledges that “[t]o identify this data, Google runs a computation against all stored Location History coordinates for all Google account holders to determine which records match the parameters specified by the warrant.” Ex. A at 26 (emphasis added). Though not spelled out with clarity in the warrant itself, the warrant ordered that the list provided in step 1 not include subscriber information, but that such information may be ordered at a later step. See id. at 6; see also id. at 25 (“This process will initially collect a limited data set that includes only anonymous account identifiers, dates, times, and locations.”).

This yielded 5,723 unique devices (note, the MTS points to Google filings from the Chatrie case to argue that only a third of Google’s users turn on this location service).

Google ultimately identified 5,653 unique Device IDs that “were or could have been” within the geofence, responsive to the first step of the warrant. Ex. B (step 2 warrant and application) at 6. However, Google additionally searched location history data that Google preserved the evening of January 6. When searching this data, as opposed to the current data for active users at the time of the search, Google produced a list of 5,716 devices that were or could have been within the geofence during the relevant time period. Id. Google additionally searched location history data that Google preserved on January 7. When searching this data, Google produced a list of 5,721 devices that were or could have been within the geofence during the relevant time period. Id. The three lists combined yielded a total of 5,723 unique devices that Google estimated were or could have been in the geofence during the four-and-a-half hour period requested. Id. at 7.

In Step 2, the FBI asked Google to identify devices that had been present at the Capitol before or after the attack — an attempt to find those who were there legally. That weeded the list of potentially suspect devices to 5,518.

In this case, the second step of the geofence warrant was also done in bulk, given the lack of specificity as to the people sought. In the initial warrant, the Court ordered Google to make additional lists to eliminate some people who were presumptively within the geofence and committed no crimes. First, the warrant ordered Google to make a list of devices within the geofence from 12:00 p.m. to 12:15 p.m. on January 6. And second, the warrant ordered Google to make a list of devices within the geofence from 9:00 p.m. to 9:15 p.m. Ex. A at 6.

[snip]

Google provided these lists to the government in addition to the lists detailed above. Google identified 176 devices that were or could have been within the geofence between 12:00 p.m. and 12:15 p.m., and 159 devices that were or could have been within the geofence between 9:00 p.m. and 9:15 p.m. Ex. B at 6. The government ultimately subtracted these devices from those that they deemed suspect. Id. at 7. However, this still left 5,518 unique devices under the government’s suspicion. See id. The original warrant contemplated the removal of devices that were present at the window before and after the primary geofence time because the government asserted that the early and late windows were times when no suspects were in the Capitol Building, but legislators and staff were lawfully present. Ex. A at 27. However, the original warrant also indicated that “The government [would] review these lists in order to identify information, if any, that is not evidence of crime (for example, information pertaining to devices moving through the Target Location(s) in a manner inconsistent with the facts of the underlying case).” Ex. A at 6.

Aside from comparing the primary list with the lists for the early and late windows, the government appeared to do no culling of the device list based on movement. Rather, the government used other criteria to decide which devices to target for a request for subscriber information. 3.

The government then asked for the subscriber information of anyone who showed up at least once inside the Capitol (as the MTS notes, Google’s confidence levels on this identification is 68%). That identified 1,498 devices.

In step 3, as relevant to this case,4 the government sought subscriber information—meaning the phone number, google account, or other identifying information associated with the device—for two different categories of people. First, the government sought subscriber information for any device for which there was a single data point that had a display ratio entirely within the geofence. Ex. B at 7. In other words, the government sought identifying information for any device for which Google was 68 percent confident the device was somewhere within the geofence at a single moment during the four-and-a-half hour geofence period. Again, the government equated presence to criminality. The government sought and the warrant ordered Google to provide identifying information on 1,498 devices (and likely people) based on this theory. See id.

It also asked for subscriber information from anyone who had deleted location history in the week after the attack, which yielded another 37 devices.

Second, the government sought identifying subscriber information for any device where location history appeared to have been deleted between January 6 or 7 and January 13, and had at least one data point where even part of the display radius was within the geofence. See Ex. B at 7–8. The government agent asserted that such devices likely had evidence of criminality because: “Based on my knowledge, training, and experience, I know that criminals will delete their Google accounts and/or their Google location data after they commit criminal acts to protect themselves from law enforcement.” Id. at 8.

[snip]

The theory that potentially changed privacy settings or a deleted account as indicative of criminality led the government to request identifying information for 37 additional devices (and likely people). Ex. B at 8.

The MTS notes that at a later time, the FBI expanded the scope of the GeoFence for which they were seeking subscriber information, but that’s not applicable to Rhine.

4 Discovery indicates that the government later sought substantially more data from geofences in areas next to, but wholly outside of, the Capitol Building. However, Mr. Rhine addresses here the warrants and searches most relevant to his case.

The GeoFence was one of a number of things used to get the warrant to search Rhine’s house and digital devices.

I’ll hold off on assessing the legal merit of this MTS (though I do plan to share it with a bunch of Fourth Amendment lawyers).

For now, what is the best summary I know of how the known Google GeoFence reveals how the FBI used it: first obtaining non-subscriber identifiers for everyone in the Capitol, removing those who were by logic legally present before the attack, and then obtaining subscriber information that was used for further investigation.

And that GeoFence yielded 1,500 potential investigative subjects, which may be only be a third of Google users present (though would also by definition include a lot of people — victims and first responders — who were legally present). Which would suggest 4,500 people were inside the Google GeoFence that day, and (using the larger numbers) 15,000 were in the vicinity.

As I keep saying, the legal application here is very different in the Chatrie case, because everyone inside the Capitol was generally trespassing, a victim, a journalist, or a first responder.

To make things more interesting, Rudolph Contreras, who is the FISA Court presiding judge, is the judge in this case. He undoubtedly knows of similar legal challenges that are not public from his time on FISC.

Which may make this legal challenge of potentially significant import.

John Durham’s Missing Signals (and FaceTime and WhatsApp and iPad)

/38 Comments/in , , /by

As is common, the case agent for the Durham investigation against Igor Danchenko, Ryan James, was the last witness on Friday. Case agents are often used to summarize the case against a defendant and introduce boring communications records that the prosecution will rely on in the closing arguments.

As Durham cued James to describe, he spent the first nine years of his career as an FBI employee in New Haven, where Durham was, first an AUSA and then US Attorney.

Q When you finished up at the Quantico Training Academy, you would then be a first office agent as it’s sometimes referred to?

A Yes.

Q And what’s a first office agent?

A So that’s the term that you get when you graduate the academy, and it’s the first office you’re assigned to.

Q And where were you first assigned?

A New Haven, Connecticut.

Q And how long were you in New Haven, Connecticut?

A So I was there from late ’09 to September of 2018.

By description, he’s the single current or former FBI employee of five who testified at the trial (the others being Brian Auten, Kevin Helson, Amy Anderson, and Brittany Hertzog) who described no expertise in Russian counterintelligence.

James’ job was to introduce a bunch of travel and communications records that — Durham will claim on Monday — rule out the possibility that Igor Danchenko got a call from an anonymous caller, probably around July 24 or 25, 2016, someone Danchenko claimed to believe was Sergei Millian. This is the burden Durham chose to take on when he charged Danchenko with four counts — the four remaining after Judge Anthony Trenga dismissed the fifth on Friday — about whether Danchenko was lying on four different occasions in 2017 when he described what he had believed in July 2016.

Here are those four counts as quoted in transcripts or interview reports from the indictment, and how Durham charged the alleged lie.

Durham is not proving that Danchenko lied that the person on the call was Millian. He has to prove that Danchenko lied about what he believed in about the call in 2016, five years after the interviews in question and six after the call.

At times, even Durham seems not to have understood what he got himself into by charging that Danchenko lied when he said he believed in 2016 that he thought that a call he described to the FBI came from Millian. Durham can’t just prove that Millian didn’t call Danchenko (though he has presented insufficient evidence to prove that). To rule out the possibility that Danchenko really believed a call even he described as weird came from Millian, Durham is stuck — with one exception I’ll lay out below — attempting to prove that Danchenko received no call from anyone, whether Millian or anyone else.

In an attempt to do that on Friday, Durham had James walk through how his team obtained all the records possible for the phone numbers they identified for Millian at the time (at least one, a Russian one, seems not to have been included, though exhibits aren’t available remotely).

Q And as to telephone records, would you indicate to the ladies and gentlemen of the jury what telephone records — specific telephone records that you obtained relating to Mr. Millian.

A We obtained all the records possible for the phone numbers that we had identified for Mr. Millian.

Durham had Ryan describe what sounds like a time-consuming effort to track down every single telephony call that called Danchenko’s known line in that time period in late July early August 2016.

Q Now, you told the jurors that among other things that were subpoenaed were three telephone lines that were active in 2016 for Millian, correct?

A Yes.

Q But I think you also told them that you had looked for any other number that may have been in FBI databases that would tie in some fashion to Millian, correct?

A Yes.

Q And did you compare all of those numbers to any calls going into Mr. Danchenko’s telephone number?

A Yes.

Q And the jury saw a particular record that will be in evidence reflecting the fact that Millian was providing his new Moscow number. Do you remember that? It was a plus-45 telephone number?

A Yes.

Q Did you also check that number against any incoming calls to Mr. Danchenko’s telephone line?

A Yes.

Q And what can you tell the jurors about that?

A We didn’t identify any known numbers for Sergei Millian making an incoming call to Mr. Danchenko.

They made a great show of bragging about getting records from Sergei Millian and Danchenko that (they suggested) the NY Field Office and Mueller team before them had not.

Q To your knowledge, had anybody gotten those before?

A No.

[snip]

Q Do you know if prior to you and your colleagues retrieving that information, if anybody had gone and retrieved it? Do you know?

A I do know. No, they didn’t.

But in the entire performance, neither Durham nor James described the records that would be most probative to determine if Millian called Danchenko in late July 2016: Details of LinkedIn contacts between Danchenko and Millian (probably as early as May or June) and what Danchenko’s LinkedIn page looked like when that happened. That presumed LinkedIn contact was not mentioned at all during James’ testimony.

Durham’s entire premise — that a review of incoming telephony calls to Danchenko could serve to rule out a call from Millian — is based off a claim that Millian would have no way of contacting Danchenko on anything but his telephony line, because that’s all the information Danchenko included in the signature block of the email he sent on July 21, asking to meet. Mind you, even on direct examination, when Durham had Brian Auten agree there was no mention of mobile apps in the signature block, Auten noted there was a mention of a mobile app in the body of the message: to LinkedIn.

Q And then there’s a signature block, correct?

A Correct.

[snip]

Q Is there anything anywhere in this document, Government’s Exhibit 204T, Mr. Danchenko’s initial outreach to Millian, that says anything about the use of apps?

A In the signature block, no. And the only app I believe that’s mentioned is LinkedIn, which is the last line of 204T in the letter.

Q And LinkedIn isn’t communication — verbal communication, correct?

A Not to my knowledge, no.

Q Right. So nothing in here about contact me using an app or anything of that sort?

A According to the block, no.

Durham wasn’t interested because LinkedIn, itself, does not support voice calls.

Danny Onorato emphasized the reference to LinkedIn at more length with Auten on cross.

Q. Okay. And that would be the email that Mr. Durham showed you July 21st, and that, kind of, starts off with the strange phone call, right? So the timeline is late May, right, where there’s an introduction?

A. Right.

Q. Which is Mr. Danchenko told you?

A. Yes.

Q. And then, he said in, kind of, late June or late July he reached out to Millian, right?

A. Correct.

Q. Okay. And so this is reach out, right?

A. This is — this is a July 21st —

Q. Yep.

A. — 2016, Igor Danchenko to [email protected].

Q. Okay. And what I want you to focus on, right, is that he said [As read:] “It would be interesting if it were possible to chat with you by phone or meet for coffee/beer in Washington or New York where I’ll be next week.” Right?

A. Right.

Q. “I am, myself, in Washington.” So he’s giving him alternatives as to where the meeting could take place, right?

A. Correct.

Q. Okay. I want you to focus on the last line of the email, please.

A. Yes.

Q. He said [As read:] “I sent you a request to LinkedIn. There my work is clearer.” Right?

A. Correct.

The reason Danchenko’s referral to his LinkedIn is important (aside from the prior communication that never got introduced as evidence) is because people often list all modes of communication at LinkedIn, including their mobile apps. Danchenko’s current LinkedIn bio has a link to his Telegram account.

At the time , before he started being stalked by frothers, Danchenko used at least four more mobile apps: in addition to the Telegram he still uses, WhatsApp, Viber, FaceTime, and Wickr.

Q. Okay. Thank you. Are you aware that when Mr. Danchenko spoke to the FBI he told them that he used, in this timeframe, WhatsApp, Viper, [sic] FaceTime, Wickr, and Telegram?

A. I think it would depend on what time frame you are talking about talking to the FBI.

Q. Sure. But between, let’s say, January, when you met with him, and call it July, after he’s meeting with Mr. Helson.

A. I don’t know if I would be able to rattle off all of those different things.

Q. Sure. Some of them?

A. Some of them.

Q. Okay. And, again, those apps — whether it’s one, two, three, four, or five of them — do not leave records on my Verizon cell phone bill, right?

A. I do not believe so.

If Danchenko had those apps listed on his LinkedIn in 2016, as he has Telegram listed on his LinkedIn today, then it would be readily apparent how Millian could have figured out how to call Danchenko in late July 2016: on the LinkedIn profile that Danchenko explicitly pointed him to.

The explanation from Ryan James — an FBI agent who likely worked closely with Durham since the start of his FBI career, but who claims no expertise at all in counterintelligence — about how he ruled out a call to Danchenko from Millian (much less anyone else) in 2016 did nothing to exclude mobile app calls, at all.

Short of having the cell phone Danchenko was using all the time and the devices used with the at-least four SIM cards Millian was using at the time, Durham couldn’t even begin to rule out such a call. That’s how mobile apps work, and that’s why people making spooky anonymous phone calls prefer to use apps.

Absent having the devices themselves, the FBI routinely uses Apple and Google store records to show what apps someone has downloaded onto their various phones. That’s how I know precisely when Roger Stone added ProtonMail, Signal, and WhatsApp to his phone in August, October, and (on the new phone he got after the election) November 2016: from app store records used in FBI affidavits. To make a show of figuring out what apps, besides LinkedIn, Danchenko and Millian used in common, James could have obtained records from the app stores. He didn’t describe doing that either.

But the details of the LinkedIn communications between Danchenko and Millian might have either explained or ruled out the most obvious explanation for how Millian would have known to call Danchenko on a mobile app: That Millian referred to Danchenko’s LinkedIn account, which we know he used because he used it himself to approach Papadoploulos.

When Danchenko’s lawyers lay all this out Monday, Durham will point to the single Danchenko LinkedIn communication he did introduce — a 2020 LinkedIn message confirming that he was the source for 80% of the raw intelligence in the Steele dossier.

BY MR. DURHAM: Q. Sir, with respect, then, to the Government’s Exhibit 1502, that’s a LinkedIn message, correct?

A. Correct.

Q. Now, the date of the Government’s Exhibit 1502, you indicated was, again, what?

A. It was October 11, 2020.

It’s unclear to me whether the LinkedIn messages that Durham obtained include the one(s) Danchenko sent Millian in 2016. He said he had deleted a bunch of records, including those pertaining to Millian, before first meeting with the FBI in 2017.

During cross-examination, Kevin Helson revealed that FBI themselves twice advised Danchenko to purge his phone to protect against compromise, including once after Bill Barr released his January 2017 interview materials.

Q. Okay. And, in fact, Agent Helson, once Mr. Danchenko became a confidential human source, and for good reason, you told him that he should scrub his phone, correct?

A. Yeah, at the beginning, there were two times that we had discussed that action was at the beginning to kind of mask and obfuscate his connection to Steele and any connection to us. And then after the three-day interview became public, we readdressed that as well as we assumed he would be most likely targeted from — by cyber means by the Russians.

Q. So to the extent it’s possible there were any communications that were left on his phone from the period when he was doing the reporting that later ended up being the dossier, they were likely erased?

A. Yeah, depending on how he did it.

When Danchenko submitted his objections to Durham’s exhibits on September 15, Durham had not yet identified that he planned to pull out only that October 2020 one.

The government has not identified which LinkedIn messages it seeks to introduce and Mr. Danchenko objects to admission of any messages not sent by Mr. Danchenko and objects to the inclusion of any messages not specifically admitted as evidence.

That would have been the period Durham was working on his strategy in the wake of Sergei Millian’s refusal to show up to testify under oath to any of this, the strategy preformed Friday to deny a call of any kind by reviewing only telephony calls,

The transcript reflects that only Exhibit 1502 — the October 2020 LinkedIn message — was introduced as evidence. But the stipulation mentions Exhibit 1500.

MR. DURHAM: Okay. This is in the matter of United States versus Igor Y. Danchenko, Criminal No. 1:21-cr-245, parenthesis, (AJT), close parenthesis. [As read]: It is hereby stipulated and agreed by and between the undersigned parties that, if called to testify, a records custodian from LinkedIn would testify as follows: Paragraph No. 1, Government’s Exhibits 1500 and 1502 are true and accurate copies of the contents of the LinkedIn account “Igor Danchenko” controlled by Igor Danchenko. Paragraph No. 2, Government’s Exhibits 1500 and 1502 are true and accurate copies of authentic business records of LinkedIn that were made at or near the time of the acts and events recorded in them by a person with knowledge and were prepared and kept in the course of LinkedIn’s regularly conducted business activity. And it was the regular practice of LinkedIn to make such business records, and the source of the information or the method and the circumstances of preparation are trustworthy. The parties stipulate to the authenticity of Government’s Exhibits 1500 and 1502.

All of Danchenko’s LinkedIn records that still existed in 2020 could have been available at trial, but just the October 2020 one was introduced.

There was, however, one LinkedIn message from 2016 introduced. In cross-examination of Auten, Onorato introduced the LinkedIn request that Millian sent to George Papadopoulos just days before Danchenko initially reached out to Millian on July 21.

Q. First of all, does it appear to be a LinkedIn message between George Papadopoulos and Mr. Millian?

A. Yes, it does.

Q. And the date of that is July 15th of 2016, right?

A. Correct.

Q. Okay. And just — it appears to be an email that LinkedIn is sending to Mr. Millian, correct?

A. Yes.

Q. Okay. And I’m just going to direct your attention to a specific portion of the second page. Okay?

A. Yes.

MR. ONORATO: And, Your Honor, I’m not going to talk about the —

THE COURT: All right.

BY MR. ONORATO: Q. Okay. Millian writes to George — do you see where it says, “To George”?

A. Yes.

Q. Okay. So that’s Millian sending a comment to Mr. Papadopoulos, right?

A. Correct.

Q. Okay. And I want to direct your attention to the bottom of the highlighted portion where it says, “Please do not hesitate to contact me at (212) 844-9455.”

A. I see that, yes.

Q. Okay. And do you see in the last line it says, “Sent from LinkedIn for iPad”? Okay?

A. Yes, I see that.

Q. Okay. And so in this timeframe Mr. Millian is saying on the 15th that Mr. Papadopoulos can call him at that phone number that we discussed, right?

A. Correct.

Q. Okay. And so do you know that the 212 area code is from New York?

A. Yes.

Q. Okay. And that’s where Mr. Millian lived, right?

A. Correct.

Q. Okay. And you also sent an iPad — a message from an iPad, right?

A. Correct.

Q. And, again, that’s a device that you can FaceTime people from that we all know, right?

A. Yes.

Q. And the one that doesn’t leave a record or footprint on a device, right? A. In terms of a record on a device.

Q. I mean a — with a cell phone carrier, like Verizon or Sprint or AT&T. A. Correct.

[snip]

Q. And so remember before when I introduced an email from Mr. Papadopoulos to Mr. Millian?

A. Yes.

Q. That came in the form of an email, didn’t it?

A. Yes, it did.

Q. And so this is, you know, him saying that I sent you a previous email, the LinkedIn email. And then I’m sending you an email on July 21st, correct?

A. I think it’s sending a request on LinkedIn.

Q. Right.

A. So I think that might be a little different than an actual email, but it’s a request.

Q. But when you get a request, it comes via email, right?

A. Yes, that does.

Millian was already in South Korea on July 15. Onorato made much of the fact, with Auten, that Durham hadn’t introduced these records. While Durham will point to the voicemail reference (which doesn’t help him as much as he thinks it does), the LinkedIn request will show that Millian wasn’t using the phone that Durham made a big deal out of being turned off. He was using an iPad.

And that detail will make the inadequacy of James’ search evident. When Durham got James to explain that he had pulled the records that would show up in a toll records report from the 917 phone number tied to Millian’s iPad. Durham almost seemed to concede you would get no phone records for telephony calls tied to an iPad.

Q You said there was a 917 area code, correct?

A Correct.

Q What were you able to determine as to that telephone number?

A It appeared that that number was assigned to an iPad.

Q Okay. And did you look at whatever records were available by way of subpoena or search warrant there?

A Yes.

James’ summary of Millian’s contacts is not online. But the LinkedIn contact with Papadopoulos would not show up on the call records Durham pulled. Its absence on James’ exhibit will serve as proof that Millian was communicating during the period for which James conducted a review in ways that would never show up in telephony records.

Danchenko’s team may have more to disprove Durham’s telephony distraction. Onorato seemed to want to say more about all this. After Durham finished questioning James on direct, Danny Onorato responded to Judge Trenga’s question about how long cross would take by hinting that he wanted to ask James questions, but he would have to convince Stuart Sears to do so first over lunch.

THE COURT: How long do you think you’ll be, Mr. Onorato?

MR. ONORATO: So Mr. Sears is going to —

THE COURT: Mr. Sears, how long do you think you’ll be? (Reporter clarification.)

MR. ONORATO: There may be no questions unless I talk him into questions.

When I read this in the transcript, I was thinking of all the questions I would want asked: about the coercion of witness testimony by threatening them with indictment, about James’ insinuation that having telephony records is more comprehensive than having actual devices — which is what Mueller’s team used to understand some of Millian’s contacts at the time. I would have asked James to describe how Durham never bothered to interview George Papadopoulos, either before Durham and Bill Barr went on a junket to Europe based off Papadopoulos’ claims, or in the wake of learning that Sergei Millian had handed him his ass.

I would have asked how he could competently claim to have ruled out a call with Danchenko without at least reviewing those LinkedIn exchanges.

But Sears convinced Onorato to holster whatever surprises they have. After lunch, Stuart Sears revealed that Onorato hadn’t talked him into questions of James at all.

THE COURT: Please be seated. Mr. Sears, any cross?

MR. SEARS: It’s a little anti-climatic, Your Honor, but I have no questions for this witness.

Rather than point out the gaping problems with James’ claimed proof that Millian didn’t call Danchenko, rather than giving Durham a chance to add to the record, they let it rest.

Damnit!

But particularly given their sustained effort to show that Durham has been withholding comms far more than Danchenko has, I expect James’ silence about LinkedIn records to be central.

So will Durham’s effort to get Auten to testify inaccurately to suggest that Danchenko had said the call from someone he believed to be Millian could only have been a telephony call.

Q. Okay. But I do want to try to correct something about what you testified about this morning. Okay?

A. Okay.

Q. And you prepared to testify with Mr. Durham and his team, right?

A. Yes.

Q. Okay. And I think he asked you to look at Government Exhibit 100.

A. Yes.

Q. Okay. And when he asked you to look at Government one- — Exhibit 100, I think you may have answered that he did not mention a call app on Page 20, right, in response to his questions?

A. Yes.

Q. Okay. Well, do me a favor. Look at Page 20 and then 21, And see if that refreshes your memory the first day about what Mr. Danchenko told you.

A. I apologize. Yes, it basically says — would you like me to read it?

Q. Yeah.

A. Okay. I’ll start at the middle of — middle of the last paragraph of Page 20. [As read:] “The two of them talked for a bit and the two of them tentatively agreed to meet in person in New York City at the end of July. At the end of July, Danchenko traveled with his daughter to New York but the meeting never took place and no one ever called Danchenko back. Altogether, he had only a single phone call with an individual he thought to be Millian. The call was either a cellular call or it was a communication through a phone app.”

Q. I’m sorry, what did you just say?

A. “Or it was a communication through a phone app.”

Q. Okay. So remember when Mr. Durham asked you questions this morning, right?

A. Yes.

Q. Did he omit — ask you to look at page 21 to see what Mr. Danchenko told you that day?

A. I don’t think he was omitting. I think I —

Q. Okay. And did you intentionally omit, intentionally tell the jury something wrong, right?

A. No.

Q. But the import of the testimony was that, no, he never mentioned in that first meeting it could have been a phone app, right?

A. Correct.

Q. And now we all know that that’s false, right?

A. Correct.

Q. So he did mention a mobile app?

A. That is correct.

Onorato then introduced Auten’s notes from the interview where he underlined “app.”

Q. Okay. And just for the record, again, we’re at — they’re not page-numbered, but it’s Defense Exhibit 497, and it’s Bates-stamped SCO350067270. Okay? And those appear to be — but I don’t want you to just agree with me — the interview notes from your first conversation with Mr. Danchenko. So that’s on July 24th — or January 24th. I keep saying July.

A. Yeah.

Q. Okay. I want you to look at the middle of the page.

A. Yes.

Q. And he said to you, which you wrote down at the same time and it looks like you underlined it, “Either cell phone or an app,” with an underscore, right?

A. That is correct.

Q. Those are your handwritings, right?

A. That is my handwriting, yes.

Q. And when he wrote “app,” the instant is that it’s probably an app because you’re emphasizing “app,” right?

A. I don’t necessarily know if I was emphasizing, but I did draw a line under it, yes.

Q. And you would agree that when you draw a line under something that’s generally — one of the reasons you do it is you want to emphasize —

A. It can be one of the reasons, yes.

Onorato repeated the point: Durham had introduced affirmatively false testimony about whether that call, hypothetically from Millian, may have been on a phone app.

Q. All right. And just to show the jury what you were looking at, right? A. Right. Q. So, again, despite the testimony this morning, that Mr. Danchenko did not mention a phone app, just to highlight it for you, right?

A. Correct.

Q. And so that’s the correct testimony, right?

A. Yes.

Q. And whether it was Mr. Durham’s question or whether it was your misunderstanding, you did not intentionally leave the jury with the impression, right?

A. Correct.

Q. That he didn’t say that on the first day, right?

A. Correct.

Q. But you would think as lawyers in the case that we should know the general state of the evidence?

A. Correct.

Q. And could correct that for you, right?

A. Correct.

Q. And Mr. Durham didn’t take any steps to correct your wrong answer, did he?

A. I don’t recall him correcting that.

Q. Okay. But now, I’m correcting it, right?

A. You are correcting it.

To be fair to Durham, for Onorato’s complaints here that Durham misrepresented the evidence, on several occasions, Danchenko’s lawyers have suggested that Danchenko said the call was on a mobile app, rather than it could have been. But unlike Durham and his team, Danchenko’s lawyers didn’t repeatedly elicit false testimony about what transcripts said.

None of that will be the most central part of Danchenko’s closing argument tomorrow. What will come before debunking Durham’s claim that such a call could not have taken place and showing how Durham tried to exclude records corroborating that such a call did take place is the testimony from both men who interviewed Danchenko, saying they believe him.

With Brian Auten there was some equivocation (during which Danny Onorato raised the fact that Durham had made him a subject of the investigation during the period any doubts creeped in), but ultimately he said he still does not doubt that Danchenko believed the call came from Millian, the only thing at issue in the remaining four counts.

Q. And so when you made that statement under oath before the Senate, you didn’t think he was lying to you that he had contact with Mr. Millian, right, or believed — not that he did, that he believed? A. I — I have no reason to doubt that he believed he was talking to Mr. Millian based upon what he told us in the interview. Q. Okay. I’m sorry. Once more, can you please repeat that to the jury? A. I don’t have any basis to — at the time to believe that —

[snip]

Q. So do you remember being — do you remember giving the following answer: [As read:] “On the whole, you did not see any reason to doubt the information the primary sub-source provided about who he received information from, which was the supervisory intel’s analyst focus.” Right?

A. Yes. That is from my — that’s from my OIG testimony.

Q. Right. But you said it under oath, subject to penalty of perjury?

A. Correct.

Q. And it’s true?

A. Correct.

Q. And it’s true today?

A. Correct.

Stuart Sears walked Helson first through his general opinion that Danchenko never lied to him.

Q. Agent Helson, it was no — it was no secret, during the course of your relationship with Mr. Danchenko, that there was a discrepancy between how Mr. Steele described how Mr. Danchenko represented his interactions with Mr. Millian and how Mr. Danchenko told you he actually explained his interactions?

A. Yes.

Q. Okay. It was no — it was no secret. Everyone knew all along that there was a disconnect there?

A. Correct.

Q. And at no point during your entire time of meeting with Mr. Danchenko over those three years, did you ever walk away thinking that he was lying to you about anything; is that fair?

A. That’s fair.

Q. In fact, for years after your conversations with Mr. Danchenko about his anonymous phone call with the person he believed to be Mr. Millian, you would submit reports indicating that he was a reliable source?

A. Correct.

Q. And some of those reports would even mention the Millian discrepancy and you would write that you believed that Mr. Danchenko had accurately reported the information as best you could recall?

Sears then had Helson describe how, in reports in 2019 and 2020, he had dismissed the import of any inconsistencies in the Millian reporting.

Q. And this report even addresses the inconsistency regarding the Millian issue?

A. Correct.

Q. Correct? And this report that you generated says that Mr. Danchenko’s position or story on the Millian situation never changed while the motivation of others came into question, right?

A. Correct.

Q. And that’s Chris Steele?

A. That is true.

The most important testimony from Helson, though, addresses the one exception I noted above. As I noted in this post and this table above, Danchenko’s story about the Millian call, in the four charged conversations and the one with Auten, deviated from form on one occasion: on October 24, 2017.

That October 24 conversation came during the period when Auten was trying to address the discrepancies between Steele’s claims of the Millian conversations and Danchenko’s (though the FBI didn’t tell Danchenko they were interviewing Steele — they were basically playing the men off each other).

I fully expect that Durham, in an attempt to salvage at least one guilty verdict, will focus on the October 24 case and claim that the deviation from prior testimony — at a time when Danchneko was trying to fix immigration issues — was the tell that he lied.

Who knows? It might work! If he can convince the jury that the October 24 deviation was a tell that he was lying, maybe he can convince the jury that Danchenko invented the lie that he believed he had actually talked to Millian to cover up inventing a story for Durham.

That’s what he’s left with.

Which is why Helson’s note, on the back of his interview notes from that conversation, will be critically important. Explaining that he pushed Danchenko really hard on this point (this is one of the interviews for which there’s no recording and less reliable documentation), he wrote that he believed Danchenko’s response — including the inconsistent reference to two calls — was what you’d expect from particularly confrontational questioning.

Q. Okay. And you wrote — and you can close that now. And you wrote — going back to Government Exhibit 102, which was your memorandum of the interview of Mr. Danchenko — you wrote in addition to that he didn’t inquire about the nature of the questions regarding Mr. Millian, quote, “Mr. Danchenko’s responses were consistent with what would be expected during this type of questioning.”

A. Correct.

Q. And that meant that his reaction to the line of questioning did not lead you to believe he was lying to you, correct?

A. Correct.

Whether you find Danchenko’s stories credible or not, the fact of the matter is that Durham charged Danchenko with lying in these conversations in spite of the fact that his primary witnesses both attested, sometimes under oath, that they believed him.

There’s no telling what the jury will do. Durham will use testimony from a validation review to suggest that at least one person at the FBI, someone who didn’t have a personal investment in Danchenko’s success, suspected he was a GRU spy. Durham will likely argue that Auten and Helson only believe Danchenko because they’re incompetent.

Which is why, ultimately, Durham’s own evasions and failures will be central.

Igor Danchenko Would Have Been a Crucial Witness to Understanding the Disinformation in the Dossier

/38 Comments/in , , /by

Igor Danchenko claims that a Supervisory Special Agent involved in the Russian investigation described his cooperation with the FBI as a confidential source as one of the upsides of that investigation.

As one supervisory special agent has agreed, “one of the upshots [of the Crossfire Hurricane Investigation] has been a relationship with [Mr. Danchenko] which has provided the FBI insights into individuals and to areas that it otherwise was lacking [ ] because of the difficulty with which the FBI has in recruiting people from that part of the world.” The agent further agreed that the FBI’s relationship with Mr. Danchenko was “one thing that in terms of usefulness really did result from this [investigation].”

Danchenko cited it as part of his successful effort to limit how much detail about the 2010 counterintelligence into him John Durham could present at trial, which starts today.

It’s an odd statement, insofar as he doesn’t cite the source (I was wondering if it comes from a pre-trial interview of a witness he plans to call, the precise details of which he’s withholding until the trial). Plus, there are FBI agents who seemed happy to have participated in the investigation, notwithstanding the way Trump found a way to ruin the career of virtually every FBI person involved in it (besides the two guys who botched the Alfa Bank investigation). This person, with the reference to “usefulness,” sounds like one of the skeptics.

Imagine if one of the FBI agents the frothers have been celebrating as a Mueller skeptic for years had good things to say about the (hopefully last) target in Durham’s witch hunt?

Whoever it is, the frothers’ continued obsession with Danchenko’s role as an FBI source — now joined by Chuck Grassley and Ron Johnson — and their certainty there was impropriety about it is a testament to how deep within a bubble they all are, in which Trump matters but US security does not.

Start with what we know or can infer about his vetting. First, he was brought on as a source in March 2017, before the FBI stopped including FISA material among the databases it used to vet potential informants. So they likely checked collections of communications from known Russian spies before they formalized the relationship, including those they knew he had contact with years earlier. If that’s right, they knew a lot about what ties he had with Russians.

Then, at least if we can believe Danchenko, every time there was a discrepancy between what he said and others said, they were resolved in his favor.

To the contrary, not only did investigators and government officials repeatedly represent that Mr. Danchenko had been honest and forthcoming in his interviews, but also resolved discrepancies between his recollection of events and that of others in Mr. Danchenko’s favor.

Frothers blew over the implications of this just like they blew over Danchenko’s reference, in this same filing that, “The government had unfettered access to Mr. Danchenko for approximately four years following his first interview in January 2017” (a presumed allusion to his relationship with the FBI).

This statement about “discrepancies” between Danchenko’s versions and those of others would have to include the interview with Christopher Steele that Durham attempted (unsuccessfully) to introduce as evidence.

On September 18 and 19, 2017, FBI personnel from the Robert Mueller Special Counsel team interviewed Christopher Steele. Steele informed the FBI personnel, in part, that the defendant had collected election-related material in the United States for Orbis. As part of that undertaking, the defendant informed Steele that he met in person with Sergei Millian on two or three occasions – in New York and once in Charleston, South Carolina. The defendant subsequently informed the FBI that he had not in fact met with Millian on any occasion. On November 2, 2017, the defendant further stated to the FBI that Steele incorrectly believed the defendant had met in-person with Millian, and that he (the defendant) did not correct Steele in that misimpression.

Danchenko makes this even more explicitly clear later.

[W]hile the facts alleged in the indictment may show that [Steele] provided the FBI with an inaccurate statement about a meeting between Mr. Danchenko and [Millian] in New York, the facts also clearly show that Mr. Danchenko corrected the record for the FBI by unequivocally stating, on multiple occasions, that he had never met with [Millian] in New York and did not know whether he ever spoke on the phone with [Millian].

Most Republicans claim that Steele’s dossier was garbage. Danchenko maintains he had no role in writing it and Durham doesn’t seem to have any evidence to the contrary. Everything in Danchenko’s prosecution (and the entire DOJ IG Report on Carter Page) is consistent with the FBI believing Danchenko over Steele. And yet the frothers are sure that one of the first guys to raise questions about Steele (Bruce Ohr was actually the first, though he never gets credit for that) is suspect.

If Danchenko’s claim (made after reviewing discovery) is true — something I expect we’ll learn more about during the trial — Mueller, at least, came away from a series of interviews in fall 2017 crediting Danchenko’s claims about the construction of the Steele dossier over Steele’s own. I think the record is somewhat more equivocal than that. For example, Danchenko’s claim that he, “did not view his/her contacts as a network of sources, but rather as friends with whom he/she has conversations about current events and government relations,” is not credible; he knew he was getting paid for this information. But Danchenko showed proof of some of his other claims (for example, in texts with his friend Olga Galkina), and I assume whatever vetting FBI did — including the FISA 702 collection targeting Galkina — held up as well.

If you think Steele fucked over Trump, that should matter to you.

But Danchenko (and that anonymous FBI agent) make it clear Steele was not the only person who Danchenko helped the FBI to understand. Danchenko describes that the investigation into the dossier ended in November 2017.

The investigation into the Reports was ultimately completed by Special Counsel Robert S. Mueller, III, in or about November 2017

But he remained an approved source until October 2020. A Danchenko filing describes being interviewed “dozens of times,” of which roughly eight are included in the scope of the indictment against him (three in January, and one each in March, May, June, October, and November 2017), which therefore must be the only ones that pertain to the dossier. Durham’s project, with his conspiracy theory driven prosecution, is to claim that Danchenko lied at least once in every interview about the dossier.

That Danchenko was interviewed some 16 more times is news: it would suggest Danchenko’s was asked to explain more than just Steele’s reporting methods. It’s not even clear Durham would have reviewed all that reporting before he charged Danchenko; he’s not known to have investigated past the beginnings of the Mueller investigation, and Durham only produced a December 2017 draft opening memo for an investigation into Charles Dolan in the last month.

[W]hen agents drafted a December 2017 communication in support of opening an investigation into Dolan, they included the information Mr. Danchenko provided them as support for opening the investigation. 3

3 The December communication is highly exculpatory with regard to the essential element of materiality and it is not clear why it was only produced 30 days from the start of trial. It was produced as Jencks material (also late by the terms of the Court’s Order requiring all Jencks to be produced by September 1) but is obviously Brady evidence. 

Durham certainly didn’t bother learning all of Rodney Joffe’s contributions to the FBI before he made wild insinuations about him and got him discontinued as an FBI source, so it’s possible he did not for Danchenko either.

And that’s interesting given what is in the public record about related events.

Try to look at the Russian investigation not as an attempt to sink Trump (much of what we know about matters Danchenko may have cooperated on comes from before the investigation was predicated on Trump), and not as the precursor to the prosecutions we know happened. Try to consider the Russian investigation as an investigation in the wake of a hostile attack from a foreign power. And consider what the DOJ IG Report on Carter Page — a document most frothers treat with near biblical reverence and ignorance, the declassified footnotes to the report, the Bruce Ohr 302s, and details revealed in the Danchenko filings disclose about where the investigation into the dossier and related topics developed between December 2016 and September 2000.

In the period when Danchenko was brought on as an informant (and before the time Steele was interviewed) the FBI learned that Steele had problematic ties with Oleg Deripaska and his (and Danchenko’s) source network had been compromised by Russian spooks.

  • December 2016: As much as Steele was trying to push the dossier to the FBI, he was also trying to push Oleg Deripaska’s complaints that Manafort had stolen money from him
  • January 12, 2017: Another intelligence service relayed an inaccuracy about the Michael Cohen claims in the Steele Report, claims Danchenko sourced to his friend Galkina, who had gotten close to Dmitry Peskov via Dolan
  • January 24, 2017: Danchenko didn’t know that Deripaska was the one who paid Steele to investigate Manafort in spring 2016
  • February 14, 2017: Steele was working for certain attorneys, including the attorney for Oleg Deripaska
  • February 27, 2017: An individual with ties to Trump and Russia said the pee tape was the product of Russia infiltrating a source into the Steele network
  • March 2017: The Crossfire Hurricane considers the full import of the open counterintelligence investigation on Millian
  • June 2017: Someone affiliated with Oleg Deripaska learned of Steele’s project by early July 2016 — so before all but the first report
  • Early June 2017: Russian spooks became aware of Steele’s election investigation in early 2016 [this date is probably wrong but still an indication that Russia learned about the project from the start]
  • Early June 2017: FBI targeted Olga Galkina under Section 702 (and discovered her ties to Chuck Dolan and both their ties to Dmitry Peskov)
  • December 2017: FBI at least considered opening an investigation into Dolan
  • February 2018: The reason Manafort shared campaign information in August 2016 was in an effort to get “whole” with Deripaska; Kilimnik shared a clever plot to defeat Hillary
  • April 2018: Treasury sanctions Deripaska, among others
  • May 2018: More on how Kilimnik’s August meeting pertained to a plan to beat Hillary
  • September 2000: Deripaska’s US associate, Olga Shriki, appears before grand jury

By 2019, the IG Report makes clear, there were abundant reasons to suspect that Deripaska had played a key role in injecting disinformation into the dossier. In the earlier days of the investigation, key people on the Crossfire Hurricane team didn’t know of Steele’s ties to Deripaska, something that, “could have indicated that Steele was being used in a Russian ‘controlled operation’ to influence perceptions (i.e., a disinformation campaign).” Until the way Deripaska was working both sides — increasing Manafort’s legal jeopardy while using his desperation to get his cooperation with the election operation — became clear, Deripaska’s ties to the dossier didn’t make sense, as Bill Priestap explained.

[I]f that’s the theory [that Russian Oligarch 1 ran a disinformation campaign through [Steele] to the FBI], then I’m struggling with what the goal was. So, because, obviously, what [Steele] reported was not helpful, you could argue, to then [candidate] Trump. And if you guys recall, nobody thought then candidate Trump was going to win the election. Why the Russians, and [Russian Oligarch 1] is supposed to be close, very close to the Kremlin, why the Russians would try to denigrate an opponent that the intel community later said they were in favor of who didn’t really have a chance at winning, I’m struggling, with, when you know the Russians, and this I know from my Intelligence Community work: they favored Trump, they’re trying to denigrate Clinton, and they wanted to sow chaos. I don’t know why you’d run a disinformation campaign to denigrate Trump on the side.

But as the Manafort side of the equation became clear, it all made more sense. And the implication is that by 2019, that’s what the FBI understood to have happened.

Chuck Grassley was the first person to start raising public questions about Deripaska’s role in the dossier. Similarly, he was among the first to raise concerns about disinformation and the dossier.

The more likely explanation for Danchenko’s CHS status is one he and other Republicans should welcome: that the FBI investigated how the dossier was used as disinformation. Danchenko was fed a lot of shit, from people (like Galkina) he trusted implicitly; that shit happened to be tailored to sow maximal dissension in US politics. And then Steele, unbeknownst to Danchenko, packaged it up inside exaggerations.

If it bothers you that the dossier was larded with disinformation — and it should bother people on both sides of the aisle — then you should welcome FBI’s effort to understand how that happened. And one crucial step in that process is to understand how the network behind it tied right back to the Russians who played central roles in the 2016 attack on US democracy. Danchenko would have been a key guide to that information.

Trump’s File B-076: Calvinball Ping Pong

/55 Comments/in , , /by

I spent part of last weekend attempting to understand how Judge Cannon might explain throwing out Raymond Dearie’s work plan (which included a rolling process designed to finish up by November 30). This is what I came up with (by all means please let me know if I’ve made errors, but otherwise, don’t invest too much in this because the big takeaway is that Judge Cannon is playing Calvinball, so the current rules mean little).

What Cannon appears to have done is with no formal notice of what the deadline was or even that ten plus five was no longer operative, treat Dearie’s September 23 filing as his final action in setting the plan, but along the way use her own five day deadline for complaints instead of the September 27 deadline Dearie gave, which is the only way Trump’s temporal complaint would be timely yet have her order not be days premature.

The next day, with no notice of any new deadline, Cannon issued her order throwing out most of Dearie’s plan. I’ve spent hours and days looking at this, and there’s no making sense of the deadlines. Certainly, this could not have happened if any of Dearie’s deadlines had been treated as valid.

DOJ took a look at what Cannon had done and moved the 11th Circuit to accelerate the review process. They cited a number of reasons for the change in schedule. They described that Cannon sua sponte extended the deadline on the review to December 16.

On September 29, subsequent to the parties’ submission of letters to Judge Dearie, the district court sua sponte issued an order extending the deadline for the special master’s review process to December 16 and making other modifications to the special master’s case management plan, including overruling the special master’s direction to Plaintiff to submit his designations on a rolling basis.

Depending on how you make sense of Cannon’s Calvinball deadlines, it was a sua sponte order, because Trump’s complaint about the deadlines (not to mention his complaints generally) came in after the deadline attached to the Dearie plan that Cannon seems to treat as his final official action.

I think what really happened is that Cannon fired Dearie without firing him in response to being told by the 11th Circuit she had abused her authority, ensuring not only that nothing he decides will receive any consideration, but also ensuring that he has almost no time to perform whatever review role he has been given.

Effectively, Judge Cannon has just punted the entire process out after the existing appeals schedule, at which point — she has made clear — she’ll make her own decisions what government property she’s going to claim Trump owns.

I believed, when I wrote that a week ago, Judge Dearie would have no real say in the process until November 14 (see the timeline below), after Trump had made designations on all the seized documents and then spent ten days fighting over those designations with DOJ.

I don’t know what Dearie thought, but on October 4 — one day after receiving the designations from the filter team materials, five days after Cannon’s order — he canceled a scheduled October 6 status hearing, citing the order.

Then, yesterday, he had a say, issuing an order in response to the filter team designations he received on October 3. The order did the following:

  • Reveal a set of about 35 pages of Category A files that Trump had raised no attorney-client privilege over (marked in turquoise below)
  • Ordered the Privilege Review Team to provide those files to the Case Team by October 10 so they can review Trump’s Executive Privilege and Presidential Records Act claims
  • Indicated he would “promptly issue a report making recommendations” about Trump’s attorney client privilege claims as to the remaining Category A and Category C documents
  • In fact of a dispute over whether Dearie should make a privilege designation on file B-076, confirmed there was no dispute about the document in question because Trump made no privilege claim over it
  • Ordered DOJ to return the originals of all the Category B documents to Trump by October 10, including file B-076
  • Set a status hearing for October 18

As I laid out here, Category A documents are government documents involving some legal issue. Category B documents are the personal documents (including those pertaining to Trump’s health, taxes or accounting) that DOJ proposed returning 38 days ago. Category C is a new category, possibly limited to this document turned over to the filter team after the initial filter team inventory was completely,

On Monday, September 26, counsel for the Privilege Review Team provided Plaintiff’s counsel with another example of filter failure. The email in question was identified by the “FBI case team,” and returned to the Privilege Review Team, which is characterizing the communication as non-privileged. Plaintiff believes the email falls squarely into the category of attorney-client privileged.

Possibly it includes different kinds of documents (such as the call logs) that don’t precisely fit the other two categories.

Here’s what we know of the designations so far, with turquoise being things Dearie cleared to share with the Case Team. (I’ve marked items Trump has claimed no privilege over with an N, items he has claimed privilege over parts of with a P, items that he must be claiming privilege over with a Y, and used question marks for items that, because of the additional category, I’m not certain about.)

 

Here’s what happens next, best as I can tell according to the rules of Calvinball.

First by Monday, DOJ will give all the original documents in Category B back. That seems to comply with Judge Cannon’s plans, because according to Judge Cannon’s original order, if both sides agree on the privilege designation for a file, it “shall be handled in accordance with the parties’ agreement.”

If the Privilege Review Team agrees with Plaintiff’s position, the subject document shall be handled in accordance with the parties’ agreement. If the Privilege Review Team disagrees with Plaintiff’s position, the dispute shall go to the Special Master for a report and recommendation and, if either party objects to the report and recommendation, to the Court for de novo review and decision. Failure to object to a report and recommendation within five (5) calendar days shall result in waiver of that objection.

Both sides say Trump should have the originals, and by Monday — a federal holiday — Trump will have the originals back. As I’ve written, that will eliminate one of the harms that Judge Cannon deliberately inflicted on Trump in order to justify getting involved.

It’s the other part of the order I find more interesting: If someone objects to what Dearie has done, they’ve got five calendar days — so until October 12 — to complain to Cannon so she can overrule Dearie.

One side has complained about what Dearie did to not make a privilege determination on B-076, because there’s no dispute: Trump has not claimed privilege over it. Making the determination wasn’t controversial. Rather, deciding to make the determination at all is what one side has complained about.

Document B-076 is a one-page document from Morgan Lewis, the law firm involved in Trump’s taxes.

It’s significant because the duplicate (item 3, which is four copies of the same one-page letter) is one basis for Judge Cannon’s claim that DOJ had made a filter failure. Here’s how the filter team has described it.

An additional seventh box was transferred to the custody and control of the Privilege Review Team agents on August 10 ,2022, after a Case Team agent observed a document on Morgan Lewis letterhead comingled with newspapers.6 Consistent with the filter protocol set forth in the Affidavit, the Case Team stopped its review of the entire box and provided it to the Privilege Review Team agents to conduct a review to identify and segregate potentially privileged materials.

6That document is item Number 3 in Exhibit B (FILTER-B-065 to FILTER-B-068). Also contained within the seventh box were Item Numbers 1 to 4 in Exhibit A (FILTER-A-001 to FILTER-A-005), which the Privilege Review Team agents identified as potentially privileged after receiving custody and control of the box.

And here’s how Judge Cannon used that document (among others) to claim both that Trump was being deprived of personal tax documents and that the filter process had failed.

According to the Privilege Review Team’s Report, the seized materials include medical documents, correspondence related to taxes, and accounting information [ECF No. 40-2; see also ECF No. 48 p. 18 (conceding that Plaintiff “may have a property interest in his personal effects”)]. The Government also has acknowledged that it seized some “[p]ersonal effects without evidentiary value” and, by its own estimation, upwards of 500 pages of material potentially subject to attorney-client privilege [ECF No. 48 p. 16; ECF No. 40 p. 2]

[snip]

Review is further warranted, as previewed, for determinations of privilege. The Government forcefully objects, even with respect to attorney-client privilege, pointing out that the Privilege Review Team already has screened the seized property and is prepared to turn over approximately 520 pages of potentially privileged material for court review pursuant to the previously approved ex parte filter protocol [ECF No. 48 p. 14]. In plain terms, the Government’s position is that another round of screening would be “unnecessary” [ECF No. 48 p. 22]. The Court takes a different view on this record.

To begin, the Government’s argument assumes that the Privilege Review Team’s initial screening for potentially privileged material was sufficient, yet there is evidence from which to call that premise into question here. See In re Sealed Search Warrant & Application for a Warrant by Tel. or Other Reliable Elec. Means, 11 F.4th at 1249–51; see also Abbell, 914 F. Supp. at 520 (appointing a special master even after the government’s taint attorney already had reviewed the seized material). As reflected in the Privilege Review Team’s Report, the Investigative Team already has been exposed to potentially privileged material. Without delving into specifics, the Privilege Review Team’s Report references at least two instances in which members of the Investigative Team were exposed to material that was then delivered to the Privilege Review Team and, following another review, designated as potentially privileged material [ECF No. 40 p. 6]. Those instances alone, even if entirely inadvertent, yield questions about the adequacy of the filter review process.13

13 In explaining these incidents at the hearing, counsel from the Privilege Review Team characterized them as examples of the filter process working. The Court is not so sure. These instances certainly are demonstrative of integrity on the part of the Investigative Team members who returned the potentially privileged material. But they also indicate that, on more than one occasion, the Privilege Review Team’s initial screening failed to identify potentially privileged material. The Government’s other explanation—that these instances were the result of adopting an over-inclusive view of potentially privileged material out of an abundance of caution—does not satisfy the Court either. Even accepting the Government’s untested premise, the use of a broad standard for potentially privileged material does not explain how qualifying material ended up in the hands of the Investigative Team. Perhaps most concerning, the Filter Review Team’s Report does not indicate that any steps were taken after these instances of exposure to wall off the two tainted members of the Investigation Team [see ECF No. 40]. In sum, without drawing inferences, there is a basis on this record to question how materials passed through the screening process, further underscoring the importance of procedural safeguards and an additional layer of review. See, e.g., In re Grand Jury Subpoenas, 454 F.3d 511, 523 (6th Cir. 2006) (“In United States v. Noriega, 764 F. Supp. 1480 (S.D. Fla. 1991), for instance, the government’s taint team missed a document obviously protected by attorney-client privilege, by turning over tapes of attorney-client conversations to members of the investigating team. This Noriega incident points to an obvious flaw in the taint team procedure: the government’s fox is left in charge of the appellants’ henhouse, and may err by neglect or malice, as well as by honest differences of opinion.”).

In other words, this Morgan Lewis document is one of the central documents to Cannon’s argument that the FBI is not to be trusted, that the investigative team has been tainted, that poor Donald Trump is being deprived of his personal tax records.

And Dearie has now made public that that’s bullshit.

But Trump, who didn’t claim it was privileged, now has the opportunity — by October 12 — to complain to Cannon that his hand-picked Special Master is being mean again.

And that would happen before DOJ submits its merits brief to appeal Cannon’s decision to get involved in the first place, which is due on October 14.

Regardless of the error that the 11th Circuit already ruled Cannon had made by intervening, Dearie has now eliminated much of the claimed harm that Cannon invented to intervene. He has ordered returned all the personal medical and tax documents that Cannon used to claim he was being deprived of very sensitive documents. And he has confirmed that for one of three claimed filter failures — the only one, importantly, pertaining to a non-governmental document — was not a privileged document at all.

Trump could ask Cannon to overrule Dearie for even making that public. But that would make it clear — and public for DOJ’s brief — that Cannon was once again intervening to create a harm she could then invoke to claim a need to intervene.

I don’t know whether under Judge Cannon’s Calvinball rules Dearie was supposed to take these steps at all. But if she wants to override them (again), it’ll make it clear that she’s simply creating harms to excuse her intervention.

Update: Reworded the B-076 language per nedu’s comments.

Timeline

September 29, 2022: Cannon order alters Dearie work plan

September 30, 2022: DOJ motion to extradite 11th Circuit appeal

October 3, 2022; Trump response to 11th Circuit; motion to seal privilege log; original privilege status report unsealed; Potentially privileged material designations submitted (under seal)

October 4, 2022: Trump SCOTUS appeal of part of 11th Circuit decision; Dearie cancels October 6 status hearing

October 5: Vendor selected

October 7: Dearie issues order on filter team materials, sets October 10 and October 20 deadlines (in bold)

October 10: Deadline to return originals of Category B documents to Trump

October 11: DOJ Reply to Trump Emergency Motion at SCOTUS

October 12: Deadline to complain to Cannon about Dearie’s October 7 order

October 13: DOJ provides materials to Trump

By October 14: DOJ provides notice of completion that Trump has received all seized documents

On or before October 14: DOJ revised deadline to 11th Circuit

October 18: Phone Special Master conference

October 19: Original deadline for DOJ appeal to 11th Circuit

October 20: Deadline for disputes about Executive Privilege and Presidential Records Act on filtered material

21 days after notice of completion (November 4): Trump provides designations for all materials to DOJ

November 8: Election Day

November 10, 2022: Trump revised deadline to 11th Circuit

10 days after receiving designations (November 14): Both sides provide disputes to Dearie

November 17, 2022: DOJ revised reply to 11th Circuit

30 days after DOJ appeal (November 18): Original Trump response to 11th Circuit

21 days after Trump reply (December 9): Original DOJ reply to 11th Circuit

December 16: Dearie provides recommendations to Cannon

January 3: New Congress sworn in

No deadline whatsoever: Cannon rules on Dearie’s recommendations

Seven days after Cannon’s no deadline whatsoever ruling: Trump submits Rule 41(g) motion

Fourteen days after Cannon’s no deadline whatsoever ruling: DOJ responds to Rule 41(g) motion

Seventeen days after Cannon’s no deadline whatsoever ruling: Trump reply on Rule 41(g)

The Additional Complexities of the Proud Boy Sedition Case

/12 Comments/in , , /by

Some weeks ago, someone involved in the Proud Boy case emailed me a personal invitation to the Proud Boy leader trial later this year: “please accept my invitation to come report on the proceedings in person.  In my opinion, it will prove far more interesting than the OK trial.” It had been a long time since I had heard from this person — since I warned him, for a second time, I would not treat his emails to me as presumptively off the record, because by then the frequency of them and the conflicts between what he said about the First Amendment publicly and what he said to me on emails had become newsworthy in and of itself.

I have no intention of traveling to DC for the Proud Boy trial. Like the Oath Keeper one, there will be scores of journalists who are very familiar with the case who will do great live coverage. I would add little, if anything.

But this person’s promise that the trial will be more interesting than the Oath Keeper one is a sound prediction. To be clear: I think the evidence shows that the Proud Boys are far more complicit in the attack on democracy on January 6 than the Oath Keepers, who were mostly whack right wingers with delusions of grandeur. But I also recognize that the Proud Boy case has been far more difficult for DOJ to put together than the Oath Keeper one, in significant part because they have been more successful at cultivating authoritarian law enforcement that likes their mob culture.

Remember, several Proud Boys, including Tarrio, worked with Roger Stone to threaten Amy Berman Jackson and Bill Barr’s DOJ treated it as a mere legal technicality. The Proud Boys got sanction, as a mob, from the President’s own mouth, which had ripple effects throughout government on the way they were treated.

So I wanted to look at three indications of the difficulties the Proud Boy prosecution may face that the Oath Keeper prosecutors did not.

Delayed phone exploitation

First, in a hearing yesterday in the case against five men who were co-travellers with Joe Biggs the day of the attack, prosecutor Nadia Moore mentioned that she had just provided the “scoped” phones from (I think) Paul Rae and Eddie George — “scoped” is what they call it when the FBI pulls out the things that are responsive to a warrant. That’s a fairly shocking delay in exploiting their phones. Rae was arrested on March 24, 2021 and George was arrested on July 15, 2021. But it’s true that a May discovery index from the Proud Boy leader case only shows a scoped LG Tablet from George, with no scoped phone listed for either (though there is a phone video from Rae listed).

It may well be that — like Enrique Tarrio — they had really complex passwords on their phone. It took over a year to exploit the content of his phone, even though it was seized before January 6. There appear to be others, too, whose phones were not yet exploited in May.

Aside from a delay in the scoping of Stewart Rhodes’ phone due to the volume of encrypted texts on it and a privilege review holding up the exploitation of Kellye SoRelle’s phone, there were no known similar delays on the Oath Keeper side.

Complicit FBI and law enforcement

While the Oath Keepers, like the Proud Boys, intentionally recruit law enforcement, the Proud Boys have been better at co-opting cops. Around five of the charged Proud Boys were former or still cops when charged. Tarrio had been a formal informant during a prior criminal prosecution. And several other members of the Proud Boys, including Joe Biggs, provided information to the FBI about what they claimed were Antifa.

Biggs described his own relationship with the FBI this way:

By late 2018, Biggs also started to get “cautionary” phone calls from FBI agents located in Jacksonville and Daytona Beach inquiring about what Biggs meant by something politically or culturally provocative he had said on the air or on social media concerning a national issue, political parties, the Proud Boys, Antifa or other groups. Biggs regularly satisfied FBI personnel with his answers. He also stayed in touch with a number of FBI agents in and out of Florida. In late July 2020, an FBI Special Agent out of the Daytona Beach area telephoned Biggs and asked Biggs to meet with him and another FBI agent at a local restaurant. Biggs agreed. Biggs learned after he travelled to the restaurant that the purpose of the meeting was to determine if Biggs could share information about Antifa networks operating in Florida and elsewhere. They wanted to know what Biggs was “seeing on the ground.” Biggs did have information about Antifa in Florida and Antifa networks in other parts of the United States. He agreed to share the information. The three met for approximately two hours. After the meeting, Biggs stayed in touch with the agent who had called him originally to set up the meeting. He answered follow-up questions in a series of several phone calls over the next few weeks. They spoke often.

This is the same office where an FBI Agent, in August, refused to participate in the arrest of militia-associated men who planned to bring weapons to January 6. The agent then ran to Chuck Grassley and Ron Johnson, bitching, after his clearance was suspended because he didn’t like the way FBI was running domestic terrorism investigations.

The single FBI informant known to have been present on January 6 appears not to have told his handlers about a meeting he was at the night before where using violence was discussed. And so DOJ has given two members of the Kansas City Proud Boy cell who were with him — Ryan Ashlock and Louis Colon — unbelievably sweet plea deals, I suspect to sustain the rest of the cases against the Proud Boys.

Both Tarrio and Biggs have made specific requests for their own communications with law enforcement — in Tarrio’s case, he claims it is Brady material. That is, they plan to argue they couldn’t be guilty of plotting against the government because they’ve been so chummy with often right wing authoritarian cops in the past.

Witness backsliding

The Proud Boys have also been very good at pressuring witnesses not to testify against the mob. It had seemed that Ryan Samsel might enter into a plea deal describing what transpired between him and Biggs right before he kicked off the entire riot, for example, until Samsel was assaulted in still unexplained circumstances at the DC jail. Zach Rehl seemed like he was considering a plea deal until Tarrio called Rehl’s wife about it.

Jeff Finley, who was a co-traveller of Rehl’s, seems like he cooperated his way into a misdemeanor plea deal (like Brandon Straka is known to have), but in a July request for a four-month continuance, the government seemed to suggest they weren’t sure how complicit Finley was.

The government requests this continuance to allow time for the parties to fully evaluate the nature and seriousness of the defendant’s misconduct and for the parties to prepare a full and complete allocution to assist this Court in its sentencing.

All this is background to the Jeremy Bertino plea rolled out yesterday. Bertino was a high level Proud Boy who, because he was injured in a December 12 brawl, was not present on January 6, but was closely involved in discussions in advance of it.

Bertino’s possible arrest has been anticipated for months. A misdemeanor docket for Bertino was briefly unsealed on September 15 but then sealed. Yesterday, he pled guilty to one count of seditious conspiracy and one count of unlawful weapons possession for a small arsenal he had in spite of a past felony conviction. He is, as everyone (including me) has reported, the first Proud Boy to plead to seditious conspiracy. And he’s another participant in key leadership discussions in advance of the attack.

His statement of offense, however, leads me to wonder whether he didn’t get this plea deal in part to keep Charles Donohoe — who like Bertino is from North Carolina, and who pled guilty to obstruction and assault in April — from backsliding as a cooperator.

Most of the new details the SOO provides focus on 2020, describing how the Proud Boys radicalized in late 2020 and emphasizing the import of the December 12, 2020 confrontations, including explicit discussions about using Tarrio’s anticipated arrest to rile people up against the cops. The description of changing attitudes about the cops (something that has featured in Proud Boy indictments from the start) may serve to combat Tarrio and Biggs’ efforts to claim chumminess with the cops.

Bertino further understood that due to a number of negative interactions with law enforcement, including the events of December 12, the Proud Boys increasingly viewed police as the enemy and Proud Boy members increasingly referred to the police as “coptifa,” meaning that they viewed the police as siding with Antifa.

The SOO explains that Bertino did not know what plan Biggs and Nordean came up with at a still unexplained meeting around 9PM on January 5. A very similar paragraph appears in Donohoe’s statement of offense.

What I’m most surprised about is who it includes and who it excludes: The SOO names Donohoe at least twelve times — sworn statements implicating Donohoe in events, many of which he himself admitted to in his own SOO. That shouldn’t be necessary for a cooperating witness (though because they were both in the Carolinas, the two men would have worked closely together). While it mentions Person-3, whom Alan Feuer has identified as John Stewart, it does not name Aaron Wolkind at all, referred to frequently in earlier Proud Boy materials as Person-2. With the exception of Person-3 (who is not yet charged), the focus is entirely on those already charged in the leaders conspiracy, not any other Proud Boys.

It is undoubtedly an important step to get a plea to sedition from someone who wasn’t even present the day of the attack. But that doesn’t alleviate the many things that make this case more complex than the Oath Keeper one.

NARA Asked for 24 Boxes … Trump Gave Them 15

/102 Comments/in , , /by

The Archives (NARA) has released several sets of documents pertaining to the documents Trump stole, including the email that kicked off the entire hunt for documents on May 6, 2021. In it, NARA General Counsel Gary Stern emailed Pat Philbin, Mike Purpura, and Scott Gast talking about known missing items (including the love letters from Kim Jong Un).

Of those love letters, Stern described that Trump had a binder of them made right before he left office, just like he had a binder of the records pertaining to the Russian investigation.

[I]n January 2021, just prior to the end of the Administration, the originals were put in a binder for the President, but were never returned to the Office of Records Management for transfer to NARA.

More hilariously, Stern told the Trump lawyers that he knew of around 24 boxes of records that had been kept in Trump’s residence that weren’t returned. Stern told Trump’s lawyers that he knew that Pat Cipollone had told Trump to give them back — all 24 boxes of Presidential Records!

It is also our understanding that roughly two dozen boxes of original Presidential records were kept in the Residence of the White House over the course of President Trump’s last year in office and have not been transferred to NARA, despite a determination by Pat Cipollone in the final days of the Administration that they need to be. I had also raised this concern with Scott during the final weeks.

NARA emailed Trump’s lawyers and told them he knew that there were roughly 24 boxes that Trump’s own White House Counsel had determined belonged to NARA.

And after an extended fight, Trump returned just 15.

Trump apparently thought a building full of archivists would just round up from 15.

Aileen Cannon’s Calvinball Special Master

/100 Comments/in , , /by

In the first paragraph of her order reversing Raymond Dearie’s order that Trump verify the inventory DOJ provided, Aileen Cannon identified three documents by name: Dearie’s amended case management plan, dated September 23, Trump’s objections, which were originally sent to Dearie on September 25 but which she may have only seen on September 28, and a government filing she renames, which was originally titled, “Motion to Modify and Adopt the Amended Case Management Plan with Comments on the Amended Plan and Plaintiff’s Objections.” That was filed on September 27.

THIS CAUSE comes before the Court upon the Amended Case Management Plan (the “Plan”) [ECF No. 112], filed on September 23, 2022. The Court has reviewed the Plan, Plaintiff’s Objections [ECF No. 123-1], Defendant’s Response to Plaintiff’s Objections and Motion to Modify and Adopt the Plan [ECF No. 121], and the full record.

Later in her order, when she discusses Dearie’s own order that Trump confirm the inventory before the start of the designations, she describes the deadline he set for the inventory verification as September 30, then notes in a footnote that he modified that deadline in an interim report to her on September 27.

In addition to requiring Defendant to attest to the accuracy of the Inventory, the Plan also requires Plaintiff, on or before September 30, 2022, to lodge objections to the Inventory’s substantive contents.2

2 The Special Master’s Interim Report No. 1 modified this deadline to October 7, 2022 [ECF No. 118 p. 2].

Those two details are a tell to understand what, bureaucratically, Cannon imagines she did on Thursday. On Thursday, she was overruling Dearie’s plan as it existed on September 23, not as it existed on September 27.  She was effectively taking over the review starting on September 23, but without telling anyone that or explaining what deadlines applied.

It’s a way — and was used as a way in this instance — to make Dearie entirely superfluous, a mere showpiece to give her own direct intervention to give Trump his way the patina of legitimacy.

Start with Cannon’s order appointing Dearie, dated September 15. It required that Dearie submit a plan to her within ten days, so by September 25.

Within ten (10) calendar days following the date of this Order, the Special Master shall consult with counsel for the parties and provide the Court with a scheduling plan setting forth the procedure and timeline—including the parties’ deadlines—for concluding the review and adjudicating any disputes.

She set a five day deadline for the parties to object to that order, after which she would review the matter de novo.

The parties may file objections to, or motions to adopt or modify, the Special Master’s scheduling plans, orders, reports, or recommendations no later than five (5) calendar days after the service of each, and the Court shall review those objections or motions, and any procedural, factual, or legal issues therein, de novo. Failure to timely object shall result in waiver of the objection.

The day after the 11th Circuit overruled her injunction on classified documents, on September 22, Cannon issued an order that everyone thought was just her acknowledging that the classified documents were no longer covered by the order (that’s not technically true, and I think she doesn’t believe it’s true even now, but it took the classified documents out of Dearie’s work plan). In taking out the reference to classified documents, it also took out this entire paragraph, including the bolded language about interim reports.

The Special Master and the parties shall prioritize, as a matter of timing, the documents marked as classified, and the Special Master shall submit interim reports and recommendations as appropriate. Upon receipt and resolution of any interim reports and recommendations, the Court will consider prompt adjustments to the Court’s orders as necessary. [my emphasis]

I raised it at the time, people poo pooed my concern (and scolded Dearie for raising it later). But this was the moment when Cannon told Dearie to fuck off, only without telling him she had done that.

Shortly after that, on day 7 after his appointment, Dearie submitted to the two sides his original plan. He gave them until September 27 to raise objections.

This Case Management Plan shall be filed on the docket and deemed served on each party today. The parties may file objections to, or motions to adopt or modify, the foregoing Case Management Plan by September 27, 2022. Failure to timely object shall result in waiver of the objection. See Appointing Order, ¶ 11; Fed. R. Civ. P. 53(f).1

1. To the extent the parties file objections with the Court as to this Case Management Plan, the deadlines set forth above shall remain in effect while such objections are pending.

Clearly, at that point, he believed he would have time to address any concerns himself. The work plan included his plan to use (and pay, as the only paid employee) retired Magistrate Judge James Orenstein to help with the review.

On September 23, DOJ informed Dearie that Trump still hadn’t contracted with a vendor to scan the documents, and asked for a one business day extension, but still with the expectation that Trump would arrange the contract (since he is paying). DOJ also asked him to tweak his order to make it clear the inventory would not include the potentially privileged documents. They noted that Trump still hadn’t provided his proposed protective order, which had been due September 20, which would have held up the document scanning anyway.

Later that day, Trusty filed a protective order.

Dearie issued an updated work order, with the same September 27 deadline for changes. It also still included his plan to hire Orenstein. I believe this is the work order Cannon took as operative on Thursday.

Also on September 23, Dearie issued a protective order that (the docket entry noted) had been approved by Cannon. It sided with Trump that he didn’t have to share the name of his reviewers, something that was made less urgent after the 11th Circuit had taken the classified documents out of the work plan.

On September 25, on Dearie’s original deadline for filing a work plan with Cannon (but before the date he provided for changes), Jim Trusty emailed Dearie his three objections: they didn’t want to affirmatively confirm the inventory, they didn’t want to distinguish between Executive Privilege that could and could not be shared with the Executive Branch, and they didn’t think they had to brief the appropriateness of filing a Rule 41(g) motion to Cannon rather than to Reinhart. This was not docketed and Judge Cannon is not listed as a recipient of this email. Chris Kise was on the signature block of this letter.

The next day, September 26, the second public deadline (after the protective order, which Trump missed), DOJ filed a revised and sworn affidavit. That was also the deadline for Trump to designate all the potentially privileged files he had had since September 16.

A bunch of things happened on September 27. I’ll treat them in the order they appear in the docket, which looks like this:

First, Dearie filed a staffing proposal to Cannon, noting that the window for the two sides to object to it had expired. This was the first moment that the staffing got separated from his work plan.

No party has submitted any comment to the foregoing proposal, and the time for such comment has lapsed. Accordingly, the undersigned respectfully submits the foregoing proposal to the Court for approval.

Then Dearie filed an interim report to Cannon. In it, he recommended Cannon add back in the language authorizing interim reports that she struck along with language about classified documents.

Interim Reports and Adjustments to Prior Orders. In the original Appointing Order, the Court directed that “the Special Master shall submit interim reports and recommendations as appropriate. Upon receipt and resolution of any interim reports and recommendations, the Court will consider prompt adjustments to the Court’s orders as necessary.” Appointing Order ¶ 6. However, the Court later struck that language as part of its order implementing an unrelated ruling by the Eleventh Circuit. As the language quoted above as to interim reports and adjustments to prior orders is consistent with the Eleventh Circuit’s ruling and the efficient administration of the Appointing Order as amended, the undersigned respectfully recommends that the Court issue an order reinstating that language.

His interim report clearly expected he’d get one more shot to resolve disputes. In it, he said the parties would have until October 2 to respond.

This Interim Report and Recommendation shall be filed on the docket and deemed served on each party today. The parties may file objections to, or motions to adopt or modify, the foregoing report and recommendation by October 2, 2022

Next, there’s a sealed (and still sealed) order.

Then Cannon approved Dearie’s staffing plan, but declined to replace the language in her original order that permitted interim reports.

The Court takes no other action at this time, recognizing that the Order Appointing Special Master authorizes the Special Master to file reports and make recommendations as appropriate.

It was not clear at the time, but this effectively told Dearie that his understanding of how things would work — that he could issue interim reports and only after that Cannon would intervene — had been changed in the wake of the 11th Circuit ruling on classified documents. Effectively, Cannon told Dearie on September 27 she had taken over the work plan on September 23. That’s why, I suspect, that she only cited his September 27 Interim Report in a footnote. She basically ignored everything he did after September 23.

After that, DOJ filed its request for another deadline extension, along with its objections to Trump’s objections received two days earlier.

On September 28, Trump for the first time raised timeline concerns in writing, also claiming that DOJ had told Trump there were 200,000 pages (as I’ve written here, that’s virtually impossible; I suspect it came from the work order DOJ provided to solicit the vendor). The letter was not signed by Kise, and raised a lot of bogus claims about privilege (and also seemed to indicate that Trump had already missed the privilege deadline). Along with those concerns about timing, Trump filed his complaints, which (at least based on the public record) was the first time Cannon would have seen the complaints; the docket exhibit is what she cited in her order.

Working under Dearie’s deadline, DOJ had four more days to respond to Trusty’s probably bogus claims of 200,000 documents and to rebut the privielge claims. Working off a five day deadline from Dearie’s submission of his amended work order on September 27, DOJ also had four more days. Working under Cannon’s original deadline — five days after Dearie’s original deadline of September 25 — they had two more days. Under Dearie’s September 23 order, the final deadline was September 27.

What Cannon appears to have done is with no formal notice of what the deadline was or even that ten plus five was no longer operative, treat Dearie’s September 23 filing as his final action in setting the plan, but along the way use her own five day deadline for complaints instead of the September 27 deadline Dearie gave, which is the only way Trump’s temporal complaint would be timely yet have her order not be days premature.

The next day, with no notice of any new deadline, Cannon issued her order throwing out most of Dearie’s plan. I’ve spent hours and days looking at this, and there’s no making sense of the deadlines. Certainly, this could not have happened if any of Dearie’s deadlines had been treated as valid.

DOJ took a look at what Cannon had done and moved the 11th Circuit to accelerate the review process. They cited a number of reasons for the change in schedule. They described that Cannon sua sponte extended the deadline on the review to December 16.

On September 29, subsequent to the parties’ submission of letters to Judge Dearie, the district court sua sponte issued an order extending the deadline for the special master’s review process to December 16 and making other modifications to the special master’s case management plan, including overruling the special master’s direction to Plaintiff to submit his designations on a rolling basis.

Depending on how you make sense of Cannon’s Calvinball deadlines, it was a sua sponte order, because Trump’s complaint about the deadlines (not to mention his complaints generally) came in after the deadline attached to the Dearie plan that Cannon seems to treat as his final official action.

I think what really happened is that Cannon fired Dearie without firing him in response to being told by the 11th Circuit she had abused her authority, ensuring not only that nothing he decides will receive any consideration, but also ensuring that he has almost no time to perform whatever review role he has been given.

Effectively, Judge Cannon has just punted the entire process out after the existing appeals schedule, at which point — she has made clear — she’ll make her own decisions what government property she’s going to claim Trump owns.

Timeline

September 15, 2022: Cannon opinion denying stay; Cannon’s order of appointment; Raymond Dearie declaration

September 16, 2022: DOJ motion for a stay

September 19, 2022: DOJ topics for initial Dearie conference; Trump topics for initial Dearie conference

September 20, 2022: Trump 11th Circuit response; DOJ 11th Circuit reply

September 21, 2022: 11th Circuit opinion granting stay

September 22, 2022: Cannon order removing documents marked as classified from Seized Materials covered by her order; Dearie proposed work plan

September 23, 2022: Protective order; amended case management plan; motion for extension of time

September 25, 2022: Trump objections to Dearie order (released on September 28)

September 26, 2022: Sworn affidavit with more detailed inventory; Julie Edelstein

September 27, 2022: Dearie interim report; Staffing proposal; Government motion for extension and to adopt case management plan

September 28, 2022: Trump objection that DOJ didn’t ask for enough additional time

September 29, 2022: Cannon order alters Dearie work plan

September 30, 2022: DOJ motion to accelerate 11th Circuit appeal

Stop Magnifying the Former President’s Incitement

/126 Comments/in /by

After far too many mass shootings, commentators in the US have started to learn that when you immediately circulate the manifestos of mass shooters, you are making further mass shootings more likely. You are according the death wishes and death wish of that mass shooter value. You are often disseminating his (mass shooters are usually men) ideology to others who might be searching for some cobble of beliefs to make their own lives meaningful. And you are contributing to the spectacle of the mass killing, ensuring the focus will be on the horror of the act rather than the tragedy of the lives lost, much less the policies we could pursue to stop the epidemic of mass killing.

We have gotten so well-practiced with mass shootings in the US, we know well enough not to participate in the mass shooter’s actions by magnifying his manifesto.

But we don’t follow that rule about terrorism-in-process, at least not in the form of the former President’s own tweets.

With each new level of outrageousness — most recently in a Tweet inciting violence against the Senate Minority Leader and racism against his spouse — people who applauded Twitter’s decision to deplatform the realty TV show host and other forms of violent speech circulate that very same violent speech, often with little more than an expression of outrage to mediate it.

Not only does circulating the former President’s speech with no mediation magnify it, just like circulating the manifesto of a mass killer. But it accepts — willfully participates in! — the reality TV show host’s structure of power.

Every time one of his tweets goes viral, especially on a platform that has told him his incendiary speech violates the rules of the platform, he says — the actions of those who participate in it say — that the rules don’t apply to him. That he remains the center of attention. He remains the center of attention because the rules don’t apply to him. And that we all remain in the very same positions we did for the four years of his presidency: He commands by commanding attention, including the attention of those for whom our very scolding reinforces his value, because we are the “elite” a demagogue derives his power by opposing.

And because this economy works so well for him, because it is a way to retain his power long after voters acted to take it away, because it’s the only trick he’s got, he’s willing to ratchet up the outrageousness of his speech if that’s what he needs to do to remain the center of attention.

This is the same impulse that leads the networks to cover every single rally the former President stages (complicitly hiding the empty seats in the back), while ignoring historical speeches of the man who is, at least on paper, the most powerful man in the world, Joe Biden. If you hate it when the networks make such decisions stop making the equivalent decision yourself.

The former President continues to exercise power not via a rational calculus, not by an argument that he’s fit to govern. He failed to deliver on every single one of his campaign promises, and codified racism is the only promise that he consistently pursued. (Mitch McConnell and his White House Counsels, of course, never stopped their relentless efforts to stack the courts.)

The way to neutralize that power is not to observe, for the 1000th time, “my gosh he has said something outrageous” or even, “my gosh he’s going to get someone killed.”

Besides, he already did that.

If you choose to make the former President’s incitement  the center of attention — and many Twitter commentariat are voting with their attention to do just that every day — you choose to make spectacle, emotion, and fear the currency of politics.

So long as he dictates the political agenda through his expert deployment of spectacle, we will never have a rational conversation about politics. We will never get voters to listen when we describe how Rick Scott plans to cut their social security. We will never successfully point out the Republicans who are running on spending they voted against. We barely get voters (older, male voters at least) to listen to what the Sam Alito Court did to women’s autonomy. There is no “better argument” when politics is dominated by spectacle.

The way to neutralize spectacle is not to magnify it. The way to neutralize spectacle is to expose it as such, to help people see the theatricality of it all (and to point out the flimsiness of it along the way).

It’s not a perfect solution, but that’s why I use X-es anytime I screencap a tweet from the former President anymore. It makes it more work to read them, emphasizes that these tweets are stage-managed things, and interrupts the process of an immediate emotional reaction.

Better yet, don’t screen cap him: if you need to refer to something he has done — if he has actually done something that has any effect beyond ratcheting up emotion — then describe it without even using his name. Describe why he’s attempting to gin up emotion again — in this case, because Mitch McConnell has moved on to doing his job trying to help run the country without the guy who lost. If the country starts functioning quasi-normally again, then people might realize that the former President benefitted from and therefore encouraged dysfunction, which in turn fed the cycle of distrust in government. McConnell has taken baby steps towards helping the Senate to function normally again, and the former President needs to halt that process before the benefits of a quasi-functioning government become apparent.

The former President may be hoping that he’ll lead the Minority Leader to hesitate as he starts acting like a powerful Republican in his own right again, to worry about some crazed MAGAt with an arsenal. And yes, the former President might genuinely hope that happens, to show his threats are real. He’s undoubtedly hoping his own followers will continue to hate, in this case, Americans of Chinese descent. His power necessitates that Americans hate other Americans, because without that conflict, hate, and fear, their loyalty to him can’t be stoked.

The point is, the former President is ratcheting up threats because he can sense his own power, at least over Mitch, melting away.

Don’t help him renew that power.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

FBI Seems to Be Collecting Offers to Spy for Russia

/27 Comments/in , /by

In late August, alleged aspiring spy Jareh Dalke told someone he believed to be a Russian spy that he had already reached out on the “SVR [Russia’s foreign intelligence service] TOR site.”

In addition, in two emails on or about August 23 and 24, 2022, DALKE requested that the OCE take steps to verify that the person DALKE was communicating with was truly a member of Foreign Government-1. DALKE claimed that he had reached out through “multiple published channels to gain a response. This included submission to the SVR TOR site.”3 DALKE sought assurances that the OCE truly was a “[Foreign Government-1] entity rather than americans [sic] trying to stifle a patriot.” DALKE requested that the OCE provide verification of the association with Foreign Government-1, through a posting on an official website or through a report in one of the “media services associated with the government.”

That may provide useful insight into why Dalke was arrested on the same day as Anna Gabrelian and her spouse, Jamie Lee Henry, also for attempting to spy for Russia. Gabrielian told the undercover officer she wanted to support Russia, including its war in Ukraine.

During that meeting, GABRIELIAN told the UC she was motivated by patriotism toward Russia to provide any assistance she could to Russia, even if it meant being fired or going to jail.

Like Dalke, Gabrielian allegedly reached out to Russia at some unspecified time in the preceding months. Like Dalke, an undercover FBI officer had followed up on that outreach and gotten the aspiring spies to reconfirm an interest in working with Russia (they’re not the same undercover employee, though; one is referred to with female pronouns and the other is referred to with male pronouns).

On or about August 17, 2022, an FBI Undercover Agent (“UC”) approached GABRIELIAN and introduced herself by name. The UC told GABRIELIAN she was asked to contact GABRIELIAN about the assistance she offered a couple of months ago. GABRIELIAN asked if the UC was from the Russian Embassy, and the UC confirmed that she was.

The entirety of the case against Gabrielian and Henry was put together during a few weeks in August, during a period between the time when Dalke first shared fragments of three documents in early August and a period in early September when Dalke’s undercover officer was trying (unsuccessfully) to lure him to DC. It appears to have sat, largely wrapped up, until former Mueller prosecutor Aaron Zelinsky presented it to a grand jury on Tuesday.

Ultimately, the FBI set up an electronic dead drop for Dalke at Denver’s Union Station for a four hour window on Wednesday.

In Gabrielian and Henry’s case, the couple only provided medical records from Fort Bragg and Johns Hopkins (though each HIPAA violation carries a potential ten year sentence). Dalke is accused of sharing Top Secret NSA information and documents from two other agencies.

And his case is far more alarming for the way that he seems to have gotten hired at the NSA with the intent of stealing documents he could use to pay off his debt.

He was in the Army from 2015 to 2018. The next year, he got an online Bachelors in cybersecurity, and what is probably another online degree, a Masters, sometime after that. He bought a place with his partner in Colorado Springs in 2020. In June, he took a job at the NSA, but only remained there for 25 days, from June 6 until July 1. He claimed he left because of a family illness that would require nine months away, but then he applied for a new NSA job on August 11, after setting up the cryptocurrency account he would use to get paid by the presumed Russian spy.

The affidavit describes two reasons, besides debt, why Dalke might have considered spying. His arrest affidavit describes him expressing dissatisfaction with the US, particularly how it treated members of the military. “This country it is not as great as it thinks it once was. It is all about the businesses and their money, not anything about the people or those that serve it to include the military.” And he, “recently learned that my heritage ties back to your country, which is part of why I have come to you as opposed to others.”

But in 2017, he filed for bankruptcy, reporting over $80,000 of debt. And in a conversation with the presumed spy, he described even more extensive debts than reflected in his bankruptcy filings (though that may reflect the mortgage on his home).

In addition, according to court filings, on December 12, 2017, DALKE filed for Chapter 7 bankruptcy, which was granted on March 29, 2018. At that time, DALKE reported that he had approximately $32,809.52 in student loan debt and $50,987.34 in other non-secured debt, primarily credit card debt. At the time of the bankruptcy filing, DALKE also reported that he had approximately $8,373.12 in total assets.

[snip]

DALKE further noted that he was in financial need and was seeking compensation via a specific type of cryptocurrency in return for providing information he had procured, stating, “[t]here is an opportunity to help balance scales of the world while also tending to my own needs.” DALKE requested payment in the specific type of cryptocurrency because “as in these things privacy is extremely important.”

[snip]

On or about August 26, 2022, DALKE told the OCE that the total amount of his debt was $237,000, $93,000 of which was “coming due very soon.”

So, with his two online degrees, he started a job at the NSA on June 6. He either came in knowing — or soon learned — of a vulnerability that he used to access stuff for which he wasn’t cleared.

DALKE also noted that certain of the information he had access to was due to a misconfiguration in the system that granted him access to information beyond what he should otherwise have.

On June 17, June 22, and June 23 he printed out some of the documents he is accused of stealing. On June 28, the told the NSA he was leaving for a family illness, and left three days later. And then, after he had sent four documents to the guy pretending to be a Russian spy, Dalke applied for an external vacancy at the NSA, 8 months before he planned to return to the agency. (Update: The affidavit is not entirely clear whether Dalke would have taken a job earlier.)

In short, this was a guy who appears to have treated NSA like a quick fix for his debt woes. And at a time of heightened intelligence concerns and in the wake of Edward Snowden and Josh Schulte, he still wasn’t IDed during the vetting process.

“Somewhat Convoluted:” Debunking the Judge Cannon Claims

/129 Comments/in , , /by

Before I went to sleep last night, I suggested there was some suspense about whether journalists would accurately report the power grab Judge Aileen Cannon made yesterday. Who was I kidding? Rather than report what happened, virtually all news coverage simply quoted what Cannon claimed she had done. Not only didn’t the press call out Cannon’s own misrepresentations, but they introduced some of their own.

First, some outlets had suggested that Raymond Dearie had set really aggressive deadlines and Cannon simply altered them. That’s not really accurate. Cannon definitely tweaked with how Dearie would deal with the disputes (mandating a single report from Trump rather than cascading productions, a decision that Trump will cite next month when they ask for an extension). But her original order didn’t mandate any interim deadlines on the review itself (meaning, she can’t say the delay in hiring a vendor changed her own timeline); she just gave Raymond Dearie deadlines and timeframes during which the parties could challenge his decisions. The new interim deadlines she provided are premised on when Trump first receives the materials, so the delay Trump introduced by stalling on a vendor may not affect the process all that much. Dearie’s own deadlines were timed to meet Cannon’s deadline. So effectively, Cannon has simply arbitrarily extended her own deadline by 17 days, from November 30 to December 16.

Finally, in light of delays in securing an appropriate vendor to scan and make available the Seized Materials to Plaintiff and the Special Master, and recognizing the more precise quantification of the implicated pages of material [ECF No. 123 p. 1 (describing that the 11,000 documents approximate 200,000 pages of materials)], the Court hereby extends the end date for completion of the Special Master’s review and classifications from the prior date of November 30, 2022 [ECF No. 91 p. 5], to December 16, 2022. This modest enlargement is necessary to permit adequate time for the Special Master’s review and recommendations given the circumstances as they have evolved since entry of the Appointment Order.

As I note below, that happens to delay the end of Dearie’s work until after such time as the appeal will be fully briefed.

Cannon bases her timeline on three things. First, there’s the delay Trump introduced in getting a vendor (a delay Jim Trusty telegraphed at the hearing before Dearie). Cannon currently envisions the two sides having to agree on a vendor, so Trump may be able to delay the process further still.

Cannon also bought Trump’s claim there are 200,000 pages of materials. As I’ll show in a follow-up, she timed her order in such a way as to prevent DOJ from correcting this claim. I suspect it comes from a draft work order DOJ gave to Trump, but we shall see if and when DOJ explains that it’s impossible for there to be 200,000 documents in the 27 seized boxes plus Trump’s desk drawers.

Cannon also has decided that it will take three weeks to do the review based off her claim that it took DOJ three weeks to do a preliminary review of the seized material.

For context, it took Defendant’s Investigative Team approximately three weeks to complete its preliminary review of the Seized Material [ECF No. 39 p. 1].

She bases that off the interim status report from DOJ, which doesn’t say how long the review took. Rather, it says,

As of the date of this filing, the investigative team has completed a preliminary review of the materials seized pursuant to the search warrant executed on August 8, 2022, with the exception of any potentially attorney-client privileged materials that, pursuant to the filter protocols set forth in the search warrant affidavit, have not been provided to the investigative team.

DOJ would have said the same thing whether they finished their review minutes before filing this status report or two weeks earlier. Cannon simply invented the claim that DOJ had only just finished the review on August 30, three weeks after the seizure.

Cannon likewise misrepresents the nature of Trump’s objection to the inventory review and what the inventory review would have been (and reporters made her misrepresentation worse).

In addition to requiring Defendant to attest to the accuracy of the Inventory, the Plan also requires Plaintiff, on or before September 30, 2022, to lodge objections to the Inventory’s substantive contents.2

[snip]

Plaintiff objects to the pre-review Inventory objection requirement, citing the Court’s Order Appointing Special Master [ECF No. 91] and the current inability to access the Seized Materials [ECF No. 123-1 p. 1].

[snip]

There shall be no separate requirement on Plaintiff at this stage, prior to the review of any of the Seized Materials, to lodge ex ante final objections to the accuracy of Defendant’s Inventory, its descriptions, or its contents.

2 The Special Master’s Interim Report No. 1 modified this deadline to October 7, 2022 [ECF No. 118 p. 2].

Here’s what Trump’s objection actually said:

To help find facts, the appointing order authorized a declaration or affidavit by a Government official regarding the accuracy of the Detailed Property Inventory [ECF 39-1] as to whether it represents a full and accurate accounting of the property seized from Mara-Lago. Appointing Order ¶ 2(a). The Appointing Order contemplated no corresponding declaration or affidavit by Plaintiff, and because the Special Master’s case management plan exceeds the grant of authority from the District Court on this issue, Plaintiff must object. Additionally, the Plaintiff currently has no means of accessing the documents bearing classification markings, which would be necessary to complete any such certification by September 30, the currently proposed date of completion. [my emphasis]

The material he couldn’t review was limited to documents with classification markings, not the documents as a whole. And as Cannon notes in a footnote (there’s a reason it’s in the footnote, which I’ll come back to in a follow-up), Dearie had given Trump the same four days after receiving the materials to review the inventory after he adjusted the deadlines. In spite of the fact that Dearie’s most recent order only envisioned this verification to happen after Trump got the material, Cannon calls it a “pre-review” and “ex ante” process, suggesting Trump would have had to verify the inventory blind.

Perhaps Cannon’s most cynical move, however, came in her order dismissing Dearie’s suggestion that the two sides might have to brief whether Trump should file a Rule 41(g) in this court or before Bruce Reinhart.

As explained in the Court’s previous Order, Plaintiff properly brought this action in the district where Plaintiff’s property was seized [see ECF No. 64 p. 7 n.7 (citing Fed. R. Crim. P. 41(g); United States v. Wilson, 540 F.2d 1100, 1104 (D.C. Cir. 1976); In the Matter of John Bennett, No. 12-61499-CIV-RSR, ECF No. 1 (S.D. Fla. July 31, 2012))].

The 11th Circuit has already ruled that intervening absent any evidence of callous disregard for Trump’s rights was an abuse of discretion.

We begin, as the district court did, with “callous disregard,” which is the “foremost consideration” in determining whether a court should exercise its equitable jurisdiction. United States v. Chapman, 559 F.2d 402, 406 (5th Cir. 1977). Indeed, our precedent emphasizes the “indispensability of an accurate allegation of callous disregard.” Id. (alteration accepted and quotation omitted).

Here, the district court concluded that Plaintiff did not show that the United States acted in callous disregard of his constitutional rights. Doc. No. 64 at 9. No party contests the district court’s finding in this regard. The absence of this “indispensab[le]” factor in the Richey analysis is reason enough to conclude that the district court abused its discretion in exercising equitable jurisdiction here. Chapman, 559 F.2d at 406

Even ignoring that two Trump appointees have already told Cannon she was wrong, the sentence before the one Cannon cites here notes the absurdity of filing for a Special Master and a Rule 41(g) motion in the same effort, calling it “somewhat convoluted.”

As previewed, Plaintiff initiated this action with a hybrid motion that seeks independent review of the property seized from his residence on August 8, 2022, a temporary injunction on any further review by the Government in the meantime, and ultimately the return of the seized property under Rule 41(g) of the Federal Rules of Criminal Procedure. 6 Though somewhat convoluted, this filing is procedurally permissible7 and creates an action in equity.

Yet even after straining to approve this in her first review and then getting smacked down by the 11th, Cannon still persists in envisioning that she’ll be able to take government property and give it to Trump.

I suspect Cannon’s wrong about at least one more thing — whether Trump has complied with his deadline to mark privileged material. These issues, however, all exhibit the same dishonesty we’ve seen in the past.

Yet the very same press that Judge Cannon is blowing off nevertheless failed to identify any of these problems.

Current Schedule

September 26: Trump provides designations on potentially privileged materials

October 3: Both sides identify areas of dispute on potentially privileged designations

October 5: Finalize a vendor (Cannon fashions this as a common agreement, giving Trump ability to delay some more)

October 13: DOJ provides materials to Trump (Cannon does not note this does not include classified documents)

By October 14: DOJ provides notice of completion that Trump has received all seized documents

October 19: Deadline for DOJ appeal to 11th Circuit

21 days after notice of completion (November 4): Trump provides designations to DOJ

November 8: Election Day

10 days after receiving designations (November 14): Both sides provide disputes to Dearie

30 days after DOJ appeal (November 18): Trump reply to 11th Circuit

21 days after Trump reply (December 9): DOJ reply to 11th Circuit

December 16: Dearie provides recommendations to Cannon

January 3: New Congress sworn in

No deadline whatsoever: Cannon rules on Dearie’s recommendations

Seven days after Cannon’s no deadline whatsoever ruling: Trump submits Rule 41(g) motion

Fourteen days after Cannon’s no deadline whatsoever ruling: DOJ responds to Rule 41(g) motion

Seventeen days after Cannon’s no deadline whatsoever ruling: Trump reply on Rule 41(g)