Posts

Three Years into the Durham Investigation, a Jury Will Get to Hear about Trump’s Request that Russia Hack Hillary

/16 Comments/in , /by

There was a funny exchange in yesterday’s pre-trial hearing in the Michael Sussmann case. In the part of the hearing focused on objections to exhibits, Andrew DeFilippis raised the newspaper articles that — I noted — were necessary background to understand the mindset that led Sussmann and Rodney Joffe to believe that the Alfa Bank DNS anomaly raised national security concerns.

These articles explain why it was reasonable, not just for the Democrats’ cybersecurity lawyer who was spending most of his days trying to fight back against a persistent Russian hack, but also for the researchers and Rodney Joffe to try to first look for more Russian hacking (including that victimizing Republicans), and when they found an anomaly, to try to chase it down and even to bring it to the FBI for further investigation. Several threads of these articles — pertaining to Trump’s request that Russia hack Hillary and to Manafort’s corruption — were explicitly invoked in discussions that Durham wants to claim must arise from political malice.

In the hearing, DeFilippis predictably complained that prosecutors didn’t want this to become a trial on Donald Trump’s ties to Russia.

MR. DeFILIPPIS: The last category we had identified were a number of news articles about — again, on the face of — the headlines of the articles about — “Donald Trump’s ties to Russia,” I think, was the primary theme of the news articles.

We just — number one, they’re news articles, which we don’t think have, you know, probative weight here. Number two, we do not want to make this a trial on Donald Trump’s ties to Russia.

And again, we don’t have a lot of context for which it would be — why the defense would want to offer all of those. But I think our initial reaction is they would be a distraction.

Sussmann’s attorney Sean Berkowitz noted that prosecutors — who have made several newspaper articles the central point of their case — aren’t so much opposed to newspaper articles as evidence as they’re opposed to articles about Trump and Russia.

MR. BERKOWITZ: So as we understand the objection, your Honor, it’s not to articles generally. They have articles on their exhibit list. It’s to articles that talk about the issues with Trump and Russia in the summer of 2016.

Judge Christopher Cooper correctly noted that it would be unfair to send a bunch of articles back with the jury to read.

THE COURT: I think it’s broader than that. It’s sending back multiple newspaper articles to the jury with all sorts of stuff in them, and the jury is spending its time reading newspaper articles.

Berkowitz noted that they’re really trying to get to the mindset of Sussmann and Joffe, particularly their response to Trump’s request that Russia hack Hillary some more.

MR. BERKOWITZ:  The articles that we think are relevant, your Honor, relate to what’s going on in the world in July and August of 2016, which provide context and animate what’s going on for Mr. Sussmann and Mr. Joffe and why there are potential national security issues associated with this.

As you’ll remember, you know, on July 27th, at a press conference — again, this is shortly before the researchers start looking into issues, according to the Government — Trump has a press conference that says: Russia, if you’re listening, I hope that you’re able to find the 30,000 emails that are missing. I think you’ll probably be rewarded mightily by our press.

That fact being out there and well known provides context for the work that’s done and the motivation potentially to go to the FBI as to why it would be relevant that there were connections between — potential connections between Trump and Russia.

[snip]

But the fact that this was what was going on in the world at this time we think is very relevant to the state of mind and the rationale behind this as well as the opposition research that was going on.

Cooper cut off Berkowitz before he could explain how this related to the DNC hack. But he suggested that such information could instead come in via questioning of Robby Mook, Marc Elias, and James Baker.

THE COURT: — Mr. Elias, Mr. Mook, Mr. Baker perhaps can all certainly testify to that. Right?

MR. BERKOWITZ: I think that they certainly could, your Honor.

As I’ve noted, that the main redacted part of Elias’ declaration explaining why they hired Fusion for Russian-related research was introduced via a reference to Trump asking Russia to hack Hillary.

Because both sides have separate scope of testimony they’d like to elicit from Elias, he’ll be asked both sets when prosecutors call him.

I’m sure Elias has quite a lot he’d like to say about serving as General Counsel for a candidate whose opponent was soliciting help — and appears to have gotten it — from a hostile foreign country.

Friday is the three year anniversary of the Durham investigation. Tuesday, the likely day both sides will make opening arguments, marks the five year anniversary of the Mueller investigation.

And on that day, a jury will finally hear an argument about how reasonable it was to believe Donald Trump posed a threat to the United States after he asked Russia to help hack his opponent.

Old Friends: Scooter Libby and CIPA

/37 Comments/in , , /by

Judge Christopher Cooper will not have a media call-in line for this afternoon’s hearing in the Michael Sussmann case, so I’ll have to rely on the reporting of others and a delayed review of a transcript of the case.

But before then, I’d like to make two points about developments to supplement this post on the fight over what evidence will be presented at trial.

Judge Cooper rules that Durham must share two classified items with Sussmann

First, behind closed doors, the parties have begun the Classified Information Procedures Act, the process by which the government limits what classified information gets shared with the defendant and what information gets introduced at trial. I provided some background on how that might work in the (far more CIPA-dependent) Igor Danchenko trial, but for our purposes, there are three steps:

  • Section 4, which allows the government to withhold evidence from Sussmann or substitute classified information to protect classified information.
  • Section 5, which requires the defendant to list in advance what classified information he wants to use at trial.
  • Section 6, which requires the judge to make admissibility decisions on classified information before trial.

There are several things that might be included in the universe of classified evidence in Sussmann’s case. Durham has always explained there was highly classified information in the investigative case file itself.

The entirety of the FBI’s electronic case file for the investigation of the Russian Bank1 allegations – in both classified and unclassified form – with only minor redactions to protect especially sensitive and/or highly classified information;

This could pertain to Alfa Bank itself; many other public filings (such as FOIAed Mueller records or the SSCI Report) redact information pertaining to Alfa. And that would explain why Durham had to delay his CIPA filing because the people who needed to sign off were busy keeping the country safe from Russia, not safe for Russia.

Sussmann also asked for details of Rodney Joffe’s cooperation with the FBI and another agency that might be the NSA, much of which would also pertain to highly sensitive investigations. And Durham seems likely to attempt to use this CIA intelligence report to make claims that were questioned in real time about why Hillary’s campaign might respond to Trump asking for her to be hacked by trying to discover the multiple back channels with Russia that existed. (Yesterday, Peter Strzok, who is named in the document, raised questions about whether Durham even has the correct document.) That’s the kind of classified information these fights are likely about.

Yesterday, the government filed a sealed motion asking for a 6a hearing — basically an opportunity to challenge the information that Sussmann wants to use to defend himself. They also appear to be challenging the specificity with which he described the information he needs. None of that is surprising, but given how scrappy things have gotten (to say nothing of the vastly different understanding each side has of this case), this fight could get interesting.

Potentially more consequential, Judge Cooper issued a ruling finding that, of a body of classified evidence prosecutors had identified that might be relevant to Sussmann’s case in discovery, he agrees with prosecutors that the information is classified and not helpful to the defense, and so can be withheld in its entirety under CIPA. However, with respect to two items, Cooper found that the information might be helpful and so Durham has to provide it or a classified summary to Sussmann’s cleared defense counsel.

WHEREAS the Court finds that two of the Government’s proposed substitutions of certain Classified Information do not adequately inform the defense of information that arguably may be helpful or material to the defense, in satisfaction of the Government’s discovery obligations; it is hereby

[snip]

IT IS FURTHER ORDERED that the Government is directed, as explained at the ex parte hearing, to disclose to cleared defense counsel either the underlying classified material or a classified summary of the material from which the two proposed summaries were derived.

Several things could happen here. Sussmann could look at it and decide he doesn’t want to use it at trial, mooting the issue. Prosecutors could go back to the national security officials who are busy punishing Russia for its attack on democracy and try to get them to agree to a more fulsome substitution or declassification.

But one of the possibilities is that Durham can appeal Cooper’s decision, which likely would delay the trial.

Judge Cooper adopts Libby as the standard for evidentiary disputes

The other recent development was Judge Cooper’s decision to admit Durham’s FBI Agent witness, but to limit what he can testify to unless Sussmann attempts to argue there really was a back channel communication between Alfa Bank and Trump. Contrary to what dishonest frothy lawyers say on Twitter, this was a reasonable and expected decision basically laying initial guidelines as to the evidence admissible at trial.

This decision will not end things. Cooper’s decision left a lot of room for dispute. For example:

  • Cooper permitted the government to argue the Alfa Bank allegations were “unsubstantiated,” but Andrew DeFilippis in the hearing wanted to argue they were untrue (this ironically flips the frother stance about the Mueller investigation, which did not substantiate conspiracy charges against Trump, but nevertheless found plenty of evidence of one)
  • Cooper did not distinguish between the accuracy of the DNS data (which Sussmann would happily prove at trial) and the reasonableness of the inferences researchers drew from it (about which there is great dispute)

So expect this to come back up at trial.

The most important part of the opinion, in my opinion, however, came in how Cooper closed it, generally excluding lots of the data collection evidence Durham wanted to introduce by citing Reggie Walton’s CIPA decision on Scooter Libby.

[A]dditional testimony about the accuracy of the data—expert or otherwise—will not be admissible just because Mr. Sussmann presents evidence that he “relied on Tech Executive-1’s conclusions” about the data, or “lacked a motive to conceal information about his clients.” Gov’s Expert Opp’n at 11. As the Court has already explained, complex, technical explanations about the data are only marginally probative of those defense theories. The Court will not risk confusing the jury and wasting time on a largely irrelevant or tangential issue. See United States v. Libby, 467 F. Supp. 2d 1, 15 (D.D.C. 2006) (excluding evidence under Rule 403 where “any possible minimal probative value that would be derived . . . is far outweighed by the waste of time and diversion of the jury’s attention away from the actual issues”).

Back in the day, this Libby opinion was actually a ruling against Libby. As some of you old-timers may recall, Dick Cheney’s former Chief of Staff was attempting a graymail defense, basically arguing that he needed stacks and stacks of classified information to explain to the jury that he didn’t mean to lie about discussing Valerie Plame’s identity and other classified information during the week the Bush Administration launched an attack on Plame and Joe Wilson. Rather, his brain was so filled with scary information — with an emphasis on Terror! Terror! Terror! — presented in the Presidential Daily Briefs, that he did not retain a memory of burning the Wilsons when asked by investigators.

And Libby was a CIPA opinion, not a 404(b) opinion, the matter ostensibly before Cooper. But it’s important because Libby’s case, like Sussmann’s, is about his state of mind when he allegedly lied, in Libby’s case, to both the FBI and a grand jury. Ultimately, the cited passage of the decision was about ways to apply Rule 403, which limits confusing information, to CIPA. To get there, however, Judge Walton focused on the PDBs and other classified documents pertinent to the days when Libby was speaking to journalists about the Wilsons and the days when he was lying to investigators, thereby excluding years of PDBs from periods before or after his lies that didn’t need to be declassified for trial.

In fact, there is a “danger of unfair prejudice, confusion of the issues, or misleading the jury,” in providing the jury details of the defendant’s activities falling outside the critical time periods. Specifically, permitting the defendant to testify as to the details of what consumed his time outside the critical time periods discussed above would likely confuse the jury concerning what events actually allegedly consumed the defendant’s attention at the times that he had the conversations that form the basis for this prosecution. Accordingly, while the defendant will be permitted to testify generally about the matters that consumed his time and attention during those periods outside of the dates identified in the indictment, permitting detailed descriptions of events occurring during such periods will be excluded pursuant to Federal Rule of Evidence 403.

Walton also ruled that testimony is more probative than submitting the PDBs or Libby’s own notes.

As indicated during the Section 6(a) proceedings, many, if not most, of the documents themselves are unlikely to be admitted as evidence during the trial for several reasons. First, the documents would be cumulative of the testimony provided by the defendant. And second, it would appear at this time that the information contained in many of the documents will pose substantial hearsay problems.

You can already see how this citation may be indicative of how Judge Cooper imagines he’ll get through the evidentiary swamp ahead of him. The government is asking to introduce a bunch of highly technical concepts, inflammatory names, and emails to which Sussmann was not a party, and asking to do so for a period that is totally attenuated from the day Sussmann went in to meet with James Baker.

But it’s relevant for another reason.

Sussmann has cited it over and over and over. In his April 4 filing moving to exclude information on data collection and Christopher Steele, Sussmann cited the opinion six times, including for:

  • Walton’s exclusion of what President Bush said in front of Libby
  • Walton’s exclusion of the scary terrorists Libby fought
  • The import of the defendant’s state of mind when he allegedly lied
  • Details of what others were told

Sussmann cited Libby again in his April 8 motion to exclude Durham’s expert, citing Walton’s exclusion of “the foreign affairs of the country, which is totally irrelevant to this case.” Sussmann cited it again in his April 15 omnibus response to Durham’s motions in limine, in a section aiming to exclude a bunch of Fusion GPS emails, for the argument that what others were told is simply irrelevant to the defendant’s state of mind in a false statements case. And he cited it again in his April 18 opposition to Durham’s motion to compel production of a bunch of privileged communications to which he was not party.

Unless I missed it, during that entire period in which Sussmann was citing Libby Libby Libby Libby Libby Libby Libby Libby Libby, Durham didn’t address the precedent at all.

As I noted, the Walton’s Libby decision worked against Libby; it prevented him from turning his trial into a debate over the War on Terror.

In this case, however, Durham is the one attempting to turn a single count false statement trial into a conspiracy trial implicating Hillary Clinton, Christopher Steele, and Donald Trump. Which suggests the Libby decision may not help him.

Confirmed: John Durham Has Withheld Discovery That DOJ Already Disproved His Claims of Political Malice

/123 Comments/in , , , /by

In his reply filing in the fight over what evidence will be submitted at his trial, Michael Sussmann confirmed something I’ve long suspected: John Durham has not provided Sussmann with the discovery Durham would need to have provided to present his own conspiracy theories at trial without risking a major discovery violation.

Were the Special Counsel to try to suggest that Mr. Sussmann and Mr. Steele engaged in a common course of conduct, that would open the door to an irrelevant mini-trial about the accuracy of Mr. Steele’s allegations about Mr. Trump’s ties to Russia—something that, like the Alfa Bank allegations, many experts continue to believe in, and about which the Special Counsel has tellingly failed to produce any significant discovery.

Sussmann dropped this in the filing without fanfare. But it is clear notice that if Durham continues down the path he is headed, he may face discovery sanctions down the road.

I explained why that’s true in these two posts. A core tenet of Durham’s conspiracy theories is that the only reason one would use proven cybersecurity methods to test certain hypotheses about Donald Trump would be for malicious political reasons. Here’s how Durham argued that in his own reply.

As the Government will demonstrate at trial, it was also the politically-laden and ethically-fraught nature of this project that gave Tech Executive-1 and the defendant a strong motive to conceal the origins of the Russian Bank-1 allegations and falsely portray them as the organic discoveries of concerned computer scientists.

There’s no external measure for what makes one thing political and makes another thing national security. But if this issue were contested, I assume that Sussmann would point, first, to truth as a standard. And as he could point out, many of the hypotheses April Lorenzen tested, which Durham points to as proof the project was malicious and political, turned out to be true. They were proven to be true by DOJ. Some of those true allegations involved guilty pleas to crimes, including FARA, explicitly designed to protect national security; another involved Roger Stone’s guilty verdict on charges related to his cover-up of his potential involvement in a CFAA hacking case.

DOJ (under the direction of Trump appointee Rod Rosenstein, who in those very same years was Durham’s direct supervisor) has already decided that John Durham is wrong about these allegations being political. Sussmann has both truth and DOJ’s backing on his side that these suspicions, if proven true (as they were), would be a threat to national security. Yet Durham persists in claiming to the contrary.

Here’s the evidence proving these hypotheses true that Durham has withheld in discovery:

The researchers were testing whether Richard Burt was a back channel to the Trump campaign. And while Burt’s more substantive role as such a (Putin-ordered) attempt to establish a back channel came during the transition, it is a fact that Burt was involved in several events earlier in the campaign at which pro-Russian entities tried to cultivate the campaign, including Trump’s first foreign policy speech. Neither Burt nor anyone else was charged with any crime, but Mueller’s 302s involving the Center for National Interest — most notably two very long interviews with Dmitri Simes (one, updated, two, updated), which were still under investigation in March 2020 — reflect a great deal of counterintelligence interest in the organization.

The researchers were also testing whether people close to Trump were laundering money from Putin-linked Oligarchs through Cyprus. That guy’s name is Paul Manafort, with the assistance of Rick Gates. Indeed, Manafort was ousted from the campaign during the period researchers were working on the data in part to distance the campaign from that stench (though it didn’t stop Trump from pardoning Manafort).

A more conspiratorial Lorenzen hypothesis (at least on its face) was that one of the family members of an Alfa Bank oligarch might be involved — maybe a son- or daughter-in-law. And in fact, German Khan’s son-in-law Alex van der Zwaan was working with Gates and Konstantin Kilimnik in precisely that time period to cover up Manafort’s ties to those Russian-backed oligarchs.

Then there was the suspicion — no doubt driven, on the Democrats’ part, by the correlation between Trump’s request to Russia for more hacking and the renewed wave of attacks that started hours later — that Trump had some back channel to Russia.

It turns out there were several. There was the aforementioned Manafort, who in the precise period when Rodney Joffe started more formally looking to see if there was a back channel, was secretly meeting at a cigar bar with alleged Russian spy Konstantin Kilimnik discussing millions of dollars in payments involving Russian-backed oligarchs, Manafort’s plan to win the swing states, and an effort to carve up Ukraine that leads directly to Russia’s current invasion.

That’s the kind of back channel researchers were using proven cybersecurity techniques to look for. They didn’t confirm that one — but their suspicion that such a back channel existed proved absolutely correct.

Then there’s the Roger Stone back channel with Guccifer 2.0. Again, in this precise period, Stone was DMing with the persona. But the FBI obtained at least probable cause that Stone’s knowledge of the persona went back much further, back to even before the persona went public in June 2016. That’s a back channel that remained under investigation, predicated off of national security crimes CFAA, FARA, and 18 USC 951, at least until April 2020 and one that, because of the way Stone was scripting pro-Russian statements for Trump, might explain Trump’s “Russia are you listening” comment. DOJ was still investigating Stone’s possible back channel as a national security concern well after Durham was appointed to undermine that national security investigation by deeming it political.

Finally, perhaps the most important back channel — for Durham’s purposes — was Michael Cohen. That’s true, in part, because the comms that Cohen kept lying to hide were directly with the Kremlin, with Dmitri Peskov. That’s also true because on his call to a Peskov assistant, Cohen laid out his — and candidate Donald Trump’s — interest in a Trump Tower Moscow deal that was impossibly lucrative, but which also assumed the involvement of one or another sanctioned bank as well as a former GRU officer. That is, not only did Cohen have a back channel directly with the Kremlin he was trying to hide,  but it involved Russian banks that were far more controversial than the Alfa Bank ties that the researchers were pursuing, because the banks had been deemed to have taken actions that threatened America’s security.

This back channel is particularly important, though, because in the same presser where Trump invited Russia to hack his opponent more, he falsely claimed he had decided against pursuing any Trump Organization developments in Russia.

Russia that wanted to put a lot of money into developments in Russia. And they wanted us to do it. But it never worked out.

Frankly I didn’t want to do it for a couple of different reasons. But we had a major developer, particular, but numerous developers that wanted to develop property in Moscow and other places. But we decided not to do it.

The researchers were explicitly trying to disprove Trump’s false claim that there were no ongoing business interests he was still pursuing with Russia. And this is a claim that Michael Cohen not only admitted was false and described recognizing was false when Trump made this public claim, but described persistent efforts on Trump’s part to cover up his lie, continuing well into his presidency.

For almost two years of Trump’s Administration, Trump was lying to cover up his efforts to pursue an impossibly lucrative real estate deal that would have required violating or eliminating US sanctions on Russia. That entire time, Russia knew Trump was lying to cover up those back channel communications with the Kremlin. That’s the kind of leverage over a President that all Americans should hope to avoid, if they care about national security. That’s precisely the kind of leverage that Sally Yates raised when she raised concerns about Mike Flynn’s public lies about his own back channel with Russia. Russia had that leverage over Trump long past the time Trump limped out of a meeting with Vladimir Putin in Helsinki, to which Trump had brought none of the aides who would normally sit in on a presidential meeting, looking like a beaten puppy.

Durham’s failures to provide discovery on this issue are all the more inexcusable given the fights over privilege that will be litigated this week.

As part of the Democrats’ nesting privilege claims objecting to Durham’s motion to compel privileged documents, Marc Elias submitted a declaration describing how, given his past knowledge and involvement defending against conspiracy theory attacks on past Democratic presidential candidates launched by Jerome Corsi and Donald Trump, and given Trump’s famously litigious nature, he believed he needed expertise on Trump’s international business ties to be able to advise Democrats on how to avoid eliciting such a lawsuit from Trump. (Note, tellingly, Durham’s motion to compel doesn’t mention a great deal of accurate Russian-language research by Fusion — to which Nellie Ohr was just one of a number of contributors — that was never publicly shared nor debunked as to quality.)

There are four redacted passages that describe the advice he provided; he is providing these descriptions ex parte for Judge Cooper to use to assess the Democrats’ privilege claims. Two short ones probably pertain to the scope of Perkins Coie’s relationship with the Democratic committees. Another short one likely describes Elias’ relationship, and through him, Fusion’s, with the oppo research staff on the campaign. But the longest redaction describing Elias’ legal advice, one that extends more than five paragraphs and over a page and a half, starts this way:

That is, the introduction to Elias’ description of the privilege claims tied to the Sussmann trial starts from Trump’s request of Russia to hack Hillary. Part of that sentence and the balance of the paragraph is redacted — it might describe that immediately after Trump made that request, the Russians fulfilled his request — but the redacted paragraph and the balance of the declaration presumably describes what legal advice he gave Hillary as she faced a new onslaught of Russian hacking attempts that seemingly responded to her opponent’s request for such hacking.

Given what Elias described about his decision to hire Fusion, part of that discussion surely explains his effort to assess an anomaly identified independently by researchers that reflected unexplained traffic between a Trump marketing server and a Russian bank. Elias probably described why it was important for the Hillary campaign to assess whether this forensic data explained why Russian hackers immediately responded to Trump’s request to hack her.

As I have noted, in past filings Durham didn’t even consider the possibility that Elias might discuss the renewed wave of hacking that Hillary’s security personnel IDed in real time with Sussmann, Perkins Coie’s cybersecurity expert.

It’s a testament to how deep John Durham is in his conspiracy-driven rabbit hole that he assumes a 24-minute meeting between Marc Elias and Michael Sussmann on July 31, 2016 to discuss the “server issue” pertained to the Alfa Bank allegations. Just days earlier, after all, Donald Trump had asked Russia to hack Hillary Clinton, and within hours, Russian hackers obliged by targeting, for the first time, Hillary’s home office. Someone who worked in security for Hillary’s campaign told me that from his perspective, the Russian attacks on Hillary seemed like a series of increasing waves of attacks, and the response to Trump’s comments was one of those waves (this former staffer documented such waves of attack in real time). The Hillary campaign didn’t need Robert Mueller to tell them that Russia seemed to respond to Trump’s request by ratcheting up their attacks, and Russia’s response to Trump would have been an urgent issue for the lawyer in charge of their cybersecurity response.

It’s certainly possible this reference to the “server” issue pertained to the Alfa Bank allegations. But Durham probably doesn’t know; nor do I. None of the other billing references Durham suggests pertain to the Alfa Bank issue reference a server.

Durham took a reference that might pertain to a discussion of a correlation between Trump’s ask and a renewed wave of Russian attacks on Hillary (or might pertain to the Alfa Bank anomaly), and assumed instead it was proof that Hillary was manufacturing unsubstantiated dirt on her opponent. He never even considered the legal challenges someone victimized by a nation-state attack, goaded by her opponent, might face.

And yet, given the structure of that redaction from Elias, that event is the cornerstone of the privilege claims surrounding the Alfa Bank allegations.

Because of all the things I laid out in this post, Judge Cooper may never have to evaluate these privilege claims at all. To introduce privileged evidence, Durham has to first withstand:

  • Denial because his 404(b) notice asking to present it was late, and therefore forfeited
  • Denial because Durham’s motion to compel violated local rules and grand jury process, in some ways egregiously
  • Rejection because most of the communications over which the Democrats have invoked privilege are inadmissible hearsay
  • The inclusion or exclusion of the testimony of Rodney Joffe, whose privilege claims are the most suspect of the lot, but whose testimony would make the communications Durham deems to be most important admissible

Cooper could defer any assessment of these privilege claims until he decides these other issues and, for one or several procedural reasons, simply punt the decision entirely based on Durham’s serial failures to follow the rules.

Only after that, then, would Cooper assess a Durham conspiracy theory for which Durham himself admits he doesn’t have proof beyond a reasonable doubt. As part of his bid to submit redacted and/or hearsay documents as exhibits under a claim that this all amounted to a conspiracy (albeit one he doesn’t claim was illegal), Durham argues that unless he can submit hearsay and privileged documents, he wouldn’t otherwise have enough evidence to prove his conspiracy theory.

Nor is evidence of this joint venture gratuitous or cumulative of other evidence. Indeed, the Government possesses only a handful of redacted emails between the defendant and Tech Executive-1 on these issues. And the defendant’s billing records pertaining to the Clinton Campaign, while incriminating, do not always specify the precise nature of the defendant’s work.

Accordingly, presenting communications between the defendant’s alleged clients and third parties regarding the aforementioned political research would hardly amount to a “mini-trial.” (Def. Mot. at 20). Rather, these communications are among the most probative and revealing evidence that the Government will present to the jury. Other than the contents of privileged communications themselves (which are of course not accessible to the Government or the jury), such communications will offer some of the most direct evidence on the ultimate question of whether the defendant lied in stating that he was not acting for any other clients.

In short, because the Government here must prove the existence of client relationships that are themselves privileged, it is the surrounding events and communications involving these clients that offer the best proof of those relationships.

Moreover, even if the Court were to find that no joint venture existed, all of the proffered communications are still admissible because, as set forth in the Government’s motions, they are not being offered to prove the truth of specific assertions. Rather, they are being offered to prove the existence of activities and relationships that led to, and culminated in, the defendant’s meeting with the FBI. Even more critically, the very existence of these written records – which laid bare the political nature of the exercise and the numerous doubts that the researchers had about the soundness of their conclusions – gave the defendant and his clients a compelling motive, separate and apart from the truth or falsity of the emails themselves, to conceal the identities of such clients and origins of the joint venture. Accordingly, they are not being offered for their truth and are not hearsay.

This passage (which leads up to a citation from one of the Georgia Tech researchers to which Sussmann was not privy that the frothers have spent the weekend drooling over) is both a confession and a cry for help.

In it, Durham admits he doesn’t actually have proof that the conspiracy he is alleging is the motive behind Michael Sussmann’s alleged lie.

He’s making this admission, of course, while hiding the abundant evidence — evidence he didn’t bother obtaining before charging Sussmann — that Sussmann and Joffe acceded to the FBI request to help kill the NYT story, which substantiates Sussmann’s stated motive.

And then, in the same passage, Durham is pointing to that absence of evidence to justify using that same claimed conspiracy for which he doesn’t have evidence to pierce privilege claims to obtain the evidence he doesn’t have. It’s a circular argument and an admission that all the claims he has been making since September are based off his beliefs about what must be there, not what he has evidence for.

Thus far the researchers’ beliefs about what kind of back channels they might find between Trump and Russia have far more proof than Durham’s absence of evidence.

Again, Durham doesn’t even claim that such a conspiracy would be illegal (much less chargeable under the statute of limitations), which is why he didn’t do what he could have had he been able to show probable cause that a crime had been committed: obtaining the communications with a warrant and using a filter team. Bill Barr’s memoir made it quite clear that he appointed Durham not because a crime had been committed, but because he wanted to know how a “bogus scandal” in which DOJ found multiple national security crimes started. ”Even after dealing with the Mueller report, I still had to launch US Attorney John Durham’s investigation into the genesis of this bogus scandal.” In his filing, Durham confesses to doing the same, three years later: using his feelings about a “bogus scandal” to claim a non-criminal conspiracy that he hopes might provide some motive other than the one — national security — that DOJ has already confirmed.

An absolutely central part of Durham’s strategy to win this trial is to present his conspiracy theories, whether by belatedly piercing privilege claims he should have addressed before charging Sussmann (even assuming he’ll find what he admits he doesn’t have proof is there), or by presenting his absence of evidence and claiming it is evidence. He will only be permitted to do if Judge Cooper ignores all his rule violations and grants him a hearsay exception.

But if he manages to present his conspiracy theories, Sussmann can immediately pivot and point out all the evidence in DOJ’s possession that proves not just that the suspicions Durham insists must be malicious and political in fact proved to be true, but also that DOJ — his former boss! — already deemed these suspicions national security concerns that in some cases amounted to crimes.

John Durham’s entire trial strategy consists of claiming that it was obviously political to investigate a real forensic anomaly to see whether it explained why Russia responded to Trump’s call for more hacks by renewing their attack on Hillary. He’s doing so while withholding abundant material evidence that DOJ already decided he’s wrong.

So even if he succeeds, even if Cooper grants him permission to float his conspiracy theories and even if they were to succeed at trial, Sussmann would have immediate recourse to ask for sanctions, pointing to all the evidence in DOJ’s possession that Durham’s claims of malice were wrong.

Update: The bad news I’m still working through my typos, with your help, including getting the name of Dmitri Simes’ organization wrong. The good news is the typos are probably due to being rushed out to cycle in the sun, so I have a good excuse.

Update: Judge Cooper has issued an initial ruling on Durham’s expert witness. It limits what Durham presents to the FBI investigation (excluding much of the CIA investigation he has recently been floating), and does not permit the expert to address whether the data actually did represent communications between Trump and Alfa Bank unless Sussmann either affirmatively claims it did or unless Durham introduced proof that Sussmann knew the data was dodgy.

Finally, the Court takes a moment to explain what could open the door to further evidence about the accuracy of the data Mr. Sussmann provided to the FBI. As the defense concedes, such evidence might be relevant if the government could separately establish “what Mr. Sussmann knew” about the data’s accuracy. Data Mot. at 3. If Sussmann knew the data was suspect, evidence about faults in the data could possibly speak to “his state of mind” at the time of his meeting with Mr. Baker, id., including his motive to conceal the origins of the data. By contrast, Sussmann would not open the door to further evidence about the accuracy of the data simply by seeking to establish that he reasonably believed the data were accurate and relied on his associates’ representations that they were. Such a defense theory could allow the government to introduce evidence tending to show that his belief was not reasonable—for instance, facially obvious shortcomings in the data, or information received by Sussmann indicating relevant deficiencies.

Ultimately, Cooper is treating this (as appropriate given the precedents in DC) as a question of Sussmann’s state of mind.

Importantly, this is what Cooper says about Durham blowing his deadline (which in this case was a deadline of comity, not trial schedule): he’s going to let it slide, in part because Sussmann does not object to the narrowed scope of what the expert will present.

Mr. Sussmann also urges the Court to exclude the expert testimony on the ground that the government’s notice was untimely and insufficiently specific. See Expert Mot. at 6–10; Fed. R. Crim. P. 16(a)(1)(G). Because the Court will limit Special Agent Martin’s testimony largely to general explanations of the type of technical data that has always been part of the core of this case—much of which Mr. Sussmann does not object to—any allegedly insufficient or belated notice did not prejudice him. See United States v. Mohammed, No. 06-cr-357, 2008 WL 5552330, at *3 (D.D.C. May 6, 2008) (finding that disclosure nine days before trial did not prejudice defendant in part because its subject was “hardly a surprise”) (citing United States v. Martinez, 476 F.3d 961, 967 (D.C. Cir. 2007)).

This suggests Cooper may be less willing to let other deadlines slide, such as the all-important 404(b) one.

Josh Marshall’s “Team on the Field:” Putting GOP on Defense Over Russia Requires Reversing Their Offense

/101 Comments/in , , /by

Josh Marshall argued yesterday that the Democratic Party needs to start going on offense on the GOP’s complicity in Russia’s attack on Ukraine.

A new AP poll says that 54% of Americans think President Biden has been “not tough enough” on Russia for its invasion of Ukraine. These kinds of public perceptions can be shaped by perceptions of a leader as much as they drive them. So you think Biden is weak as your starting point and therefore you think he’s not being tough enough on Russia rather than the other way around. Also notable, Americans’ hawkishness over Ukraine has dipped a bit from a month ago. But the first, second and third most important thing about this poll is that this is what you get when you’re not reminding Americans every day — and I mean every god-damned day — that the GOP has spent the last 7 years boosting, allying with and even conspiring with Russia.

[snip]

Will pushing the GOP’s guilt and complicity on Russia make people stop caring about inflation? Of course not. But if you’re not even putting that team on the field you are simply not doing the simplest blocking and tackling of politics. It’s that bad. [my emphasis]

I don’t disagree with him. But for a guy with his own media outlet, he needs to start taking his own advice. That’s because his site has done little to undercut the flood of disinformation that the GOP has used to hide their own complicity.

Between the tag, “Durham,”

And “John Durham,” Marshall’s site shows four stories this year.

The tag, “Hunter Biden,” returns just two things this year.

While I haven’t focused on undermining the ridiculous claims the GOP are making about the “Hunter Biden” “laptop” — I have written just three stories this year (one, two, three), though that number would be far more if you count my focus on the investigation into Rudy — I’ve written 28 stories on the Durham investigation this year. Among other things, I have shown that:

One of the only other reporters covering this stuff with any attention, Charlie Savage, has to cater to a general audience. Meanwhile, an absolute torrent of propaganda from the frothy right has ignored the accumulated evidence not just of prosecutorial abuse, but shocking sloppiness. Instead, they spin Durham’s unsubstantiated conspiracy theories as fact, and from that, conclude that Trump wasn’t really badly implicated by Russia, but instead that was all made up by Hillary ahead of time.

If I weren’t alone swimming against this tide, Durham’s rank ignorance would actually be a great vehicle to correct the frothers. As I’ve noted, Durham and his rubes appear entirely unaware that the suspicions of the researchers trying to understand the Alfa Bank anomalies — that Trump had back channel communications with the Kremlin, that people close to Trump were laundering payments from oligarchs close to Trump, and that a family member of an Alfa Bank oligarch might be helping — all proved to be true.

The story of the Durham investigation is that he has criminalized people investigating reasonable inferences that turned out to be true. And yet the story that has gotten told, largely because other reporters are largely silent about it, is that he continues to chase Russian-seeded conspiracy theories in defiance of the evidence obtained as part of the Mueller investigation.

Josh Marshall has been far more successful than me in the two decades we’ve done this online journalism thing, so I’m in no place to tell him how to run his business.

But people believe that Biden is weak on Ukraine not just because Democrats aren’t screaming about how complicit Trump and his enablers are. They believe it because Trump has seeded two screaming conspiracy theories that have filled that void with false denials that all the suspicions about Trump turned out to be true.

Update: Added a third “Hunter Biden” “laptop” story.

John Durham Unveils His Post-Putin Puppet Strategy

/33 Comments/in , , /by

I first complained publicly about the Alfa Bank allegations on November 1, 2016. I raised questions about the provenance of the Steele dossier the day after it was released, on January 11, 2017. I started raising concerns that Russia had succeeded in injecting the dossier with disinformation just a year later — literally years before the Republicans investigating it full-time did. When Democrats revealed that they had paid for the dossier in October 2017, I wrote a very long post labeling the entire project “fucking stupid.” Part of that was about the Democrats’ delayed admission they were behind the dossier. But part of that was because of the way the dossier distracted from Trump’s very real very concerning ties to Russia.

It has been clear for some time that Steele’s reports had some kind of feedback loop, responding to information the Democrats got. That was most obvious with respect to the September 14 Alfa Bank report, which was obviously written after first news of the Alfa Bank/Trump Tower story, which was pushed by Democratic partisans. Particularly given that we know the released report is a selective release of just some reports from the dossier, the inclusion of Alfa Bank in that release makes no sense. Even if reports about old corrupt ties between Alfa and Putin are true (as if Democratic politicians and corrupt American banks never have old ties), the inclusion of the Alfa report in the dossier on Trump made zero sense.

Which is why Alfa Bank decided — after consulting with big Republican lawyers like Viet Dinh and soon-to-be DOJ Criminal Division Chief Brian Benczkowski — to sue for defamation. Now I understand why (particularly given that Republicans seem to have known who paid for the dossier for some time). I’m not sure Alfa Bank executives pass the bar for defamation here (though the publication of a report that misspelled Alfa’s name is pretty damning), but the fact that Elias paid for this dossier on behalf of the Democrats is going to make that defamation case far more explosive (and I’ll be surprised if Elias doesn’t get added into the mix).

As I said when I began this: I have no doubt Russia tampered with the election, and if the full truth comes out I think it will be more damning than people now imagine.

But the Democrats have really really really fucked things up with their failures to maintain better ethical distance between the candidate and the dossier, and between the party and the FBI sharing. They’ve made things worse by waiting so long to reveal this, rather that pitching it as normal sleazy political oppo research a year ago.

The case of Russian preference for Trump is solid. The evidence his top aides were happy to serve as Russian agents is strong.

But rather than let FBI make the case for that, Democrats instead tried to make their own case, and they did in such a way as to make the very solid case against Trump dependent on their defense of the dosser, rather than on better backed claims released since then.

Boy it seems sadly familiar, Democrats committing own goals like this. And all that’s before where the lawfare on this dossier is going to go.

I may be the earliest and most prescient critic of all this, in either party. Sit down, Kash Patel! Sit down, Chuck Ross!

Sit down, John Durham!

And boy was I right, way back in October 2017, about where this was going to go.

But I have also shown that people close to Oleg Deripaska succeeded in exploiting this project as part of a vicious double game, victimizing both Hillary Clinton and Paul Manafort, making it more likely Manafort would cooperate in the Russian operation against Hillary, which he did. I have shown that the most obvious disinformation in the dossier, probably sourced to Dmitri Peskov — claiming that Michael Cohen had secret communications with the Kremlin on election interference — served to hide Michael Cohen’s very real secret communications with Peskov on a Trump Tower deal involving sanctioned banks and a former GRU official. I have more recently confirmed that someone who claimed to work for an FSB front was pushing the Alfa Bank allegations more aggressively than Michael Sussmann in October 2016; that same person was using Internet routing records to support a false story in May 2016, the same month the DNS anomalies started. I showed that large numbers of Republicans rationalize their attack on democracy on January 6 based on the dossier, even while they accept the dossier was Russian disinformation, thereby literally claiming that Russian disinformation convinced them to attack American democracy.

And Russia’s wild success at using this to sow division continues, even as Russia massacres children in an assault on Ukrainian democracy. Just Monday, after all, John Durham suggested that because private citizen April Lorenzen investigated the actions of the people married to Alfa Bank Oligarch children, she was part of a criminal conspiracy, even though it is a provable fact that the man married to the daughter of an Alfa Bank founder, Alex Van der Zwaan, was — in those very same weeks!!! — acting on orders from Russian spy Konstantin Kilimnik to cover up Manafort’s ties to the Oligarchs behind the 2016 election interference. Durham is so far down his conspiratorial rabbit hole, he doesn’t even realize he’s trying to criminalize being right about a real threat to democracy.

Which brings us to Durham’s motion to compel submitted last night, predictably asking Judge Christopher Cooper to review the privilege claims behind the Democrats and Fusion GPS’ privilege claims. I’m pretty sympathetic that some of the privilege claims the parties involved have made are bullshit, just as the claims Trump’s supporters have made to hide the events that led up to January 6 or any number of other things that go well beyond election-year rat-fucking are obviously bullshit. But it now seems clear that Durham is making the same error Alfa Bank did, not only assuming that everyone pushing the Alfa Bank allegations was being directed by the Democrats (when Lorenzen played a more important role), but also assuming people working for Hillary were behind all new push on the story; I’ve proven that was false.

Worse still, the specific form of Durham’s demand and its timing not only prove Durham’s bad faith, but strongly suggest that Durham viewed his own investigation to form part of a symbiotic whole with the Alfa Bank lawfare (the lawfare I rightly identified in 2017) still exploiting the dissension sowed by Russia in 2016. In the month of March, Durham did three things that were, as Sussmann’s lawyers described, “wildly untimely” for a trial scheduled to start in May. After getting an approved extension to their CIPA deadline, Durham filed a 404(b) notice on March 23; those notices were due on March 18. Durham told Sussmann of a new expert witness in the last days in March; that notice was also due by March 18. And then, on March 30, Durham told Sussmann he was going to attempt to pierce privilege claims that had been under discussion for a year.

All these belated steps look like a desperate, last minute attempt to change strategy. And it seems likely that the strategy change was necessitated, at least in part, by the stay and then dismissal of Alfa Bank’s lawfare, necessitated by the sanctions imposed by Putin’s aggression in Ukraine.

Consider the following timeline:

  • February 9: DC Superior Judge Shana Frost Matini observes that Durham case and Alfa Bank lawsuit appear reading from the same script and stays Alfa’s motions until after the Sussmann trial
  • February 11: In the wake of the expiration of the statute of limitation on a February 9, 2017 Sussmann meeting at the CIA, Durham files an inflammatory and belated conflict filing, raising new allegations and setting off death threats
  • Mid-February 2022: Alfa Bank continues its efforts to breach the privilege and Fifth Amendment claims of John Durham’s subjects
  • February 22: Russia invades Ukraine in an attempt to rid it of its democracy and sovereignty
  • February 24: A first set of sanctions on Alfa Bank
  • March 3: Durham asks for an extension on filing his CIPA filing from March 18 to March 25
  • March 4: Alfa dismisses John Doe lawsuits
  • March 18: Alfa dismisses Fusion GPS lawsuit
  • March 23: Durham files a Supplement to his 404(b) notice making wild new claims about the scope of the material pertinent to Sussmann’s alleged lie
  • March 25: Durham submits his CIPA notice, probably asking to use an intelligence product viewed as possible Russian disinformation in real time (and, given what we’ve learned about Roger Stone’s activities before that, likely designed as cover for him)
  • March 30: Durham informs Sussmann they want to call an FBI expert, in part to explain DNS data, but in part to attack the credibility of the data and also want to use a motion in limine to breach privilege claims made by the Democrats
  • March 31: Andrew DeFilippis tells attorney for Rodney Joffe that Joffe remains under investigation
  • April 4: Competing motions in limine present two different versions of the conspiracy that happened in 2016
  • April 6: Second set of sanctions on Alfa Bank; Durham moves to compel privilege review

Since Alfa’s lawsuit was stayed, Durham has taken at least four untimely steps, apparently in an effort to turn a single sketchy false statement charge into the conspiracy Durham has not yet been able to substantiate, the conspiracy without which his single false statement claim is far weaker.

With all that in mind, consider the basis on which Durham argues he should be able to breach privilege claims, no matter how flimsy.

Durham admits that he only asked for redacted copies of those documents Fusion and the Democrats have claimed privilege over on September 16, the day Durham indicted Sussmann.

On September 16, 2021, the Government issued grand jury subpoenas to Law Firm1 and the U.S. Investigative Firm, requiring them to produce – in redacted form – the documents previously listed on privilege logs prepared by counsel for those entities so that such documents would be available for admission into evidence at any trial in this matter. Those entities subsequently produced the requested documents with redactions.

In other words, Durham didn’t even begin the process of trying to pierce this privilege claim until over 850 days into his investigation, and days before the statutes of limitation started to expire. And in the ensuing six months, Durham has done nothing. So he’s making this request less than six weeks before the start of the trial (as I noted, litigating the much more specious John Eastman privilege claims has been pending since January 20), claiming the information is necessary for his case.

But some of the arguments Durham makes rely on the belated filings he has submitted in the last month. For example, he invokes Christopher Steele, whose first appearance in this case was in that untimely 404(b) notice.

Perhaps most notably, the U.S. Investigative Firm retained a United Kingdom-based investigator (“U.K. Person-1”) who compiled information and reports that became a widely-known “dossier” containing allegations of purported coordination between Trump and the Russian government.

Durham intertwines discussion of the Alfa Bank allegations with those of the dossier, even though — as Sussmann noted,

the Special Counsel has not identified, nor could he, any evidence showing that Mr. Sussmann … had any awareness Mr. Steele was separately providing information to the FBI.

That is, Steele’s activities might matter to the Sussmann case if this were a charged conspiracy, but not only didn’t Durham charge it, he only asserted the theory of conspiratorial relationship that involves Steele by relying on his delayed 404(b) notice.

Durham’s bid to pierce privilege claims with Rodney Joffe and Marc Elias similarly tie to events in which Sussmann was not involved. False statements cases are, as Sussmann noted the other day, about the state of mind of the defendant, not about events that took place weeks after his alleged lie.

But even if this were a conspiracy, Durham reserves for himself the right to determine what is necessary for a law firm to determine how to respond when a campaign opponent invites crimes from a hostile nation-state while making false claims about his ties to that state, and what is, instead, just political dirt.

To the extent these entities continue to assert privilege over the cited documents, they cannot plausibly rely on the “intermediary” exception. To be sure, the record available to the Government does not reflect that employees of the U.S. Investigative Firm were necessary in any way to facilitate Law Firm-1’s provision of legal advice to HFA and DNC, much less to Tech Executive-1. As noted above, many of the actions taken by the U.S. Investigative Firm pursuant to its retention agreement fell outside the purpose outlined in Law Firm-1’s engagement letter – that is, to provide expertise related to Law Firm-1’s legal advice to the DNC and Clinton Campaign regarding defamation and libel. When U.S. Investigative Firm employees communicated with Tech Executive-1, they were doing so in furtherance of collaborating and promoting the Russian Bank1 allegations, not facilitating legal advice from [Law Firm-1] to Tech Executive-1. Simply put, these were communications related to political opposition research and were not made “in confidence for the purpose of obtaining legal advice from the lawyer.” In re Lindsey, 158 F.3d at 1280. Any confidentiality that Tech Executive-1 might have otherwise maintained over these communications was waived when he and the defendant chose to disclose such information to a third party that did not have any formal or informal contract or retention agreement with Tech Executive-1 (i.e., the U.S. Investigative Firm).

These claims, absent evidence of the sort Robert Mueller showed Beryl Howell to breach Paul Manafort’s privilege claims, would be controversial even if they were timely (and if they were timely, they should have been presented to Howell before charging Sussmann instead of presenting them to Cooper six weeks before the trial date).

But they’re not timely, and they rely on other claims that are not timely. And all those untimely claims came in the wake of altered circumstances created by Putin’s invasion of Ukraine.

This series of late game curveballs would be abusive in any case, even if they were caused by long-planned deliberate malice or even incompetence. But the way they coincide with the collapse of the symbiotic lawfare project probably ordered — as was Petr Aven’s post-election outreach to Trump — by Putin really makes this look like a mere continuation of a six year plan to use Russia’s assault on democracy in 2016 to continue to sow discord in the US.

Claims made in untimely March 23 404(b) notice:

In a supplement to his Federal Rule of Evidence 404(b) notice provided to the defense on March 23 (the “Supplemental Notice”), the Special Counsel argues that such data gathering “constitute[s] direct evidence of the charged offense” as “factual context for the defendant’s conduct” and “to prove the existence of the defendant’s attorney-client relationships with [Mr. Joffe] and the Clinton Campaign.” Suppl. Notice at 2.

[snip

In his Supplemental Notice, the Special Counsel suggests that data was gathered “in a manner that may be considered objectionable—whether through invasions of privacy, breaches of contract, or other [unspecified] unlawful or unethical means.” Suppl. Notice at 2. But the Supplemental Notice does not identify—nor could it—any evidence that Mr. Sussmann had any awareness of or involvement in the alleged “objectionable” conduct of others related to gathering data, to the extent there even was any such “objectionable” conduct.

[snip]

The Special Counsel has also provided notice of his intention to adduce evidence regarding the accuracy of both “the purported data and [the] allegations” that Mr. Sussmann provided to the FBI and Agency 2. See Suppl. Notice at 2 (emphasis added).

[snip]

Elsewhere, the Special Counsel has suggested that data provided to Agency-2 was “misstated, overstated, and/or cherry-picked facts,” Suppl. Notice at 2,

[snip]

The Special Counsel has asserted he will offer evidence regarding the “origin” of the technical data gathered by Mr. Joffe and Others as “direct evidence” of “factual context for the defendant’s conduct” and “the existence of the defendant’s attorney-client relationships with [Mr. Joffe] and the Clinton Campaign” as to both the data provided to the FBI in September 2016 and the data provided to Agency-2 in 2017.1 Suppl. Notice at 2.

[snip]

The Special Counsel has also indicated an intention to offer evidence that (1) the data Mr. Sussmann provided was inaccurate; and (2) the analysis and conclusions drawn from that data were inaccurate. Suppl. Notice at 2 (seeking to introduce evidence regarding the “strength and reliability” of the data and allegations provided to the FBI and Agency-2, including that the white papers “may have misstated, overstated, and/or cherry-picked facts” or that certain FBI or Agency2 personnel determined that “data was potentially incomplete, fabricated, and/or exaggerated”).

[snip]

Second, the Special Counsel has utterly failed to provide an explanation for how such evidence is admissible against Mr. Sussmann. Instead, the Special Counsel simply asserts that evidence regarding the strength and reliability of the information provided to the FBI and Agency 2 is “direct evidence” of the false statements charge against Mr. Sussmann. Suppl. Notice at 2.

 

John Durham Is Hiding Evidence of Altered Notes

/29 Comments/in , , /by

On Monday, both John Durham and Michael Sussmann submitted their motions in limine, which are filings to argue about what can be admitted at trial. They address a range of issues that I’ll cover in several posts:

Sussmann:

Durham wants to:

  • Admit witnesses’ contemporaneous notes of conversations with the FBI General Counsel
  • Admit emails referenced in the Indictment and other, similar emails (see this post)
  • Admit certain acts and statements (including the defendant’s February 2017 meeting with a government agency, his December 2017 Congressional testimony, and his former employer’s October 2018 statements to the media) as direct evidence or, alternatively, pursuant to Federal Rule of Evidence 404(b)
  • Exclude evidence and preclude argument concerning allegations of political bias on the part of the Special Counsel (addressed in this post)
  • Admit an October 31, 2016 tweet by the Clinton Campaign

I will link my discussions in serial fashion.

In John Durham’s bid to introduce notes from Bill Priestap and Trisha Anderson, he presented a color scan of Anderson’s notes [red annotation added]:

But he presented a black and white scan of Priestap’s notes [red annotation added]:

That’s important for two reasons. First, because blue sticky tabs were implicated in altered documents submitted in the Mike Flynn case. There was a blue sticky tab on another page of Priestap notes submitted in Flynn’s case.

There were what appear to be blue and red stickies visible on the original version of some Peter Strzok notes submitted in that case.

When the government ultimately confessed to adding dates (affirmatively misleading, in at least one case) to both that set of Strzok notes

And some Andrew McCabe notes

… The government claimed that the date added to some Andrew McCabe notes was added via a blue sticky — what sounds like the same sticky we saw in the Priestap notes.

In response to the Court and counsel’s questions, the government has learned that, during the review of the Strzok notes, FBI agents assigned to the EDMO review placed a single yellow sticky note on each page of the Strzok notes with estimated dates (the notes themselves are undated). Those two sticky notes were inadvertently not removed when the notes were scanned by FBI Headquarters, before they were forwarded to our office for production. The government has also confirmed with Mr. Goelman and can represent that the content of the notes was not otherwise altered.

Similarly, the government has learned that, at some point during the review of the McCabe notes, someone placed a blue “flag” with clear adhesive to the McCabe notes with an estimated date (the notes themselves are also undated). Again, the flag was inadvertently not removed when the notes were scanned by FBI Headquarters, before they were forwarded to our office for production. Again, the content of the notes was not otherwise altered. [my emphasis]

If that’s right, then whoever altered the McCabe notes altered them with the same kind of blue sticky note that appears on the Priestap notes that Durham wants to submit at trial.

Whether that date was added via blue sticky note has never been publicly tested. Rather than submitting unaltered versions of McCabe’s notes in the Flynn docket, DOJ — metadata suggests that Jocelyn Ballantine did this — simply digitally removed the date and a footer, effectively submitting a realtered exhibit in place of an altered one. So one cannot rule out that that date was written right onto the notes themselves. McCabe was being specifically prevented by DOJ from reviewing his original notes in the period, not even to prepare for Senate Judiciary Committee testimony, so he hasn’t been able to test that either.

That, by itself, suggests some of the alterations that were an issue in the Flynn docket were altered before they were shared with Jeffrey Jensen.

But that’s all the more interesting given a detail that Michael Sussmann included in his bid to exclude these notes. In Priestap’s grand jury testimony in this case, he testified he didn’t know why he wrote the “no specific client” comment on a slant, or why those notes were, “perhaps darker or thicker than some of the other notes.”

The Indictment characterizes the Priestap Notes as a contemporaneous record of Mr. Priestap’s conversation with Mr. Baker. See id. But beyond offering that they “looked like his writing and organizational style,” Mem. of Special Counsel’s June 2, 2021 Interview of E.W. Priestap, SCO-3500U-018701, at -01, Mr. Priestap said he “[doesn’t] remember why [he] wrote them down and who gave [him] the information,” E.W. Priestap’s June 3, 2021 Grand Jury Test., SCO-3500U-018746, at -98. Not only that, but Mr. Priestap “[does] not recall actually writing these notes,” id. at SCO-3500U-018815, nor can he confirm that the notes actually reflect any conversation he had with Mr. Baker, as opposed to a conversation he had with someone else, id. Indeed, Mr. Priestap “advised he did not remember Baker conveying to him the information about Sussmann,” Mem. of Special Counsel’s June 2, 2021 Interview of E.W. Priestap at SCO-3500U 018702, and was “not certain whether th[e] conversation reflected in the notes . . . was with Mr. Baker or maybe with someone else,” E.W. Priestap’s June 3, 2021 Grand Jury Test. at SCO3500U-018815. Mr. Priestap also has “[n]o idea” why the phrase “said not doing this for any client”—written diagonally to the side of the main body of the notes—was written at all, and could offer no explanation for why those words were “perhaps darker or thicker than some of the other notes.” Id. at SCO-3500U-018816.

The date in the January 24, 2017 Priestap notes is even more irregular — at cross-direction from his other notes on the page, and with uneven ink — and I have always wondered whether that date was added too.

And lo and behold, the Anderson notes also appear to have a sticky note right by the date (as annotated), albeit apparently a red one, though some of the tags on the Strzok notes were of a similar color. She also found aspects of her notes surprising.

Ms. Anderson’s notes (the “Anderson Notes”) include, on top, “Deputies Mtg. 9/19/16,” and then, after a redaction and under a second heading reading “9/19[/]16,” go on to state: “Sussman[n] Mtg w/ Baker” and “No specific client but group of cyber academics talked w/ him abt research,” followed by the phrase, “article this Friday – NYT/WaPo/WSJ.” Anderson Notes at SCO-3500U-000018. The relevant sentence fragment contains no subject revealing who had “[n]o specific client,” nor any other context for that phrase. Ms. Anderson, who was first asked about these notes by the Special Counsel over five years after they were written, has no meaningful memory of the notes or their context: she has only a “vague recollection” of discussing this topic with Mr. Baker and cannot “recall specifics.” Mem. of Special Counsel’s Jan. 5, 2022 Interview of T. Anderson, SCO-3500U-000087, at -88, -96. When shown the notes, Ms. Anderson stated that she had been “surprised” to learn about the “no specific client” phrase, and she “d[id] not now recall hearing from Baker his use” of that phrase; she could only assume that she got that phrase from Mr. Baker “because her notes reflect[ed] it.” Id. at -88.

Durham has only provided a partial scan of theses notes, hiding that the date, 9/19/16, appears earlier on the page, describing a different kind of meeting. That’s consistent with what the added date and the redaction on the McCabe notes did: It served to suggest that McCabe briefed the Flynn case to SSCI the day after Jim Comey was fired. Here, the September 19 date that appears next to the sticky is necessary for Durham’s case to claim that Anderson took these notes the same day of the meeting and not some time after that.

But why would Anderson date her notes twice?

According to a discovery filing in this case, Sussmann has reviewed redacted versions of the originals of the Priestap notes, which were still in the notebook Priestap took them in.

On October 13, 2021, the defense requested, among other things, to inspect the original notes that a former FBI Assistant Director of Counterintelligence took reflecting the defendant’s alleged false statement. The original notes were contained in a hard-bound notebook located at FBI Headquarters and contained extremely sensitive and highly classified information on a variety of topics and unrelated investigative matters. The Government immediately agreed to make the original notebook available to the defense in redacted form, and the defense conducted its review of the notebook on October 20, 2021.

But to test why all these notes have post-it notes on them and why the dates are so unreliable (and affirmatively misleading, in the case of the alteration in the January 5, 2017 Strzok notes), Sussmann would need to review all the notes together, probably with the assistance of the original authors.

It’s still not clear who altered the notes submitted in the Flynn docket, the extent of those alterations, or why the government is submitting exhibits with investigative stickies on them as evidence at trial. DOJ’s filing in the Flynn case blamed the misleading date on the Strzok notes on an FBI agent associated with the Jeffrey Jensen investigation (which would suggest that alteration post-dated Durham’s access to it), but it did not say who altered the McCabe notes.

But by showing that the blue sticky notes existed in Durham’s copy of the exhibits, Durham makes it clear some of the alterations exhibited in the Flynn docket happened before he shared the documents with Jensen’s investigation, if that’s how the notes got shared around.

The misleading date added to the Strzok notes ultimately was part of a packaged Trump attack on Joe Biden at the first debate, one that Sidney Powell, who has since been sanctioned for making fraudulent claims in an attempt to keep Trump in office, appears to have had a part in.

President Donald J. Trump: (01:02:22)
We’ve caught them all. We’ve got it all on tape. We’ve caught them all. And by the way, you gave the idea for the Logan Act against General Flynn. You better take a look at that, because we caught you in a sense, and President Obama was sitting in the office.

Given that even Chuck Grassley recognized the alteration added to the Strzok notes was incorrect, it’s hard to believe that was an innocent mistake.

And yet, 18 months later, DOJ is still trying to submit notes with all these investigative sticky notes as exhibits, without explaining why or how they appeared there.

And Durham’s choice to present the Priestap notes — with what appear to be the same blue sticky as appeared on his earlier notes, as well was the the blue sticky described to have been used to alter the McCabe notes — in black-and-white suggests he may know that’s a problem.

Michael Sussmann’s Lawyers Complain of “Wildly Untimely” Notices from John Durham [Updated, with Confirmation]

/43 Comments/in , /by

Republished given confirmation that Durham is trying to point to privilege claims to insinuate wrong-doing. 

On March 31, there was a combined motions and status hearing in the Michael Sussmann case. The parties started by arguing Sussmann’s motion to dismiss (response; reply) based on a claim his alleged lie was not material. Here’s my live-tweet of the hearing.

Judge Christopher Cooper observed that the dispute was “Well briefed and argued on both sides” and promised to rule quickly. But the odds are still really good that he’ll rule against Sussmann because the standard for materiality is so thin. So that argument was perhaps more interesting for a few details that came out in the process, such as that the claim is that Sussmann offered up that he had no client, and that in all the discovery Sussmann has received, there’s no evidence anyone every asked the source of the DNS data he shared with the government even while they repeatedly recognized that Sussmann was a lawyer for the DNC.

We don’t think Baker or anyone else at FBI ever asked, btw, where’d this info come from. If source mattered so much, you’d think someone would have said, where’d this come from, how’d they get it.

Both details would help Sussmann defeat a materiality claim at trial, but Cooper can’t take it into account.

It was in the status discussion where things got more interesting. Cooper asked why he hadn’t seen any 404(b) notices (which is notice that the government wants to use otherwise incriminating information to prove its case in chief, often to prove motive), and AUSA Andrew DeFilippis said they had provided it to the defense. Sussmann’s lawyer, Sean Berkowitz, described that they were going to file motions in limine about the notices, but observed that “one was untimely,” meaning Durham’s team missed the March 18 deadline.

DeFilippis then asked for extra time to deal with Sussmann’s CIPA 5 motion, which is where he asks for classified information to be declassified to use at trial. Sussmann had little problem with that.

Then Berkowitz complained about an expert the government just informed Sussmann they wanted to call — an FBI agent whose primary purpose would be to explain the DNS and Tor technologies at the core of the tip Sussmann shared with the FBI. Cooper quipped, “aren’t we going to have the jury understand the technical” aspects of the trial, and suggested he, himself, needed such a tutorial as well. Berkowitz noted that that deadline had passed weeks ago and the late notice didn’t give Sussmann enough time to qualify their own expert to respond.

The real issue, it soon became clear, was that the government wants to reserve the right to use this witness to rebut any claim Sussmann would make that the data was “real.” DeFilippis argued they need to be able to rebut Sussmann’s claim that the allegation he made was “unsupported.” “That’s different,” Judge Cooper noted, “than whether the data was accurate.”

It’s clear, based on what DeFilippis said, that he intends to conflate accurate data — a real, still unexplained anomaly — with an unpersuasive hypothesis about what that anomaly might be. DeFilippis countered that if the data were “cherry picked or fabricated” — neither of which he has charged — then it might suggest a motive for Sussmann to lie. But Berkowitz argued that the only thing that matters it that Sussmann believed the data was accurate. Importantly, Durham’s indictment falsely suggests that Sussmann was privy to some of the researchers discussion about this.

Berkowitz’s frustration with all that was nothing compared to his fury that, just the night before, prosecutors had told them that they intended to use a motion in limine (which is supposed to deal with what evidence can and cannot be introduced at trial) to try to breach privilege claims that various witnesses have made. As Cooper noted, that’s not a motion in limine, it’s a motion to compel.

Berkowitz: We learned last night that SC is challenging privilege. Only last night we learned they do intend to challenge privilege in motion in limine. Wildly untimely. Implicates underlying case.

DeFilippis: We’ve been working with asserted privilege holders. Those holders would be Tech Executive-1, Clinton campaign, another political organization. We have tried to understand theory of privilege. Unable to get comfort. We now intend to call witnesses from [Fusion] and [Perkins Coie].

Cooper: Not a motion in limine, it is a motion to compel.

Berkowitz: This issue is an issue that has been discussed for well over a year. Honestly to only now bring it up, 6 weeks before trial. Violations of due process, we’re going to get new info, it’s an ambush.

It’s really hard to view this as anything but a stunt to try to save Durham’s conspiracy theories.

In a normal situation involving a big law firm like Perkins Coie, well-lawyered people associated with the Hillary campaign (because of PC’s role as Sussmann’s former employer, Hillary and the DNC would count as separate entities), as well as Fusion GPS (which has been fighting similar issues from Russian oligarchs for years now), such privilege claims would take at least three months to work out.

For sake of comparison, John Eastman’s privilege fight, for a legal argument with none of the formal retainer agreements like those PC has, for emails inappropriately stored on Chapman University’s cloud, in which there’s substantive evidence — now affirmed by a judge — that Eastman himself has criminal exposure, has been going on since January 20, and it is nowhere near done.

As Berkowitz notes, the trial is six weeks away.

The most likely outcome of this effort would either be a delay of the trial and/or some inconclusive outcome, which Durham would undoubtedly use to sow more conspiracy theories without charging them, pointing to Democrats’ defense of privilege to insinuate the privilege claims must hide some proof of conspiracy.

But it looks all the more intentional given the now-famous delayed waiver motion Durham went through in February. The waivers covered by Durham’s filing include several of the witnesses he has belatedly said he wants to pierce privilege now:

  • Whether Perkins Coie (which Latham represented along with Sussmann in the Durham investigation) knew how Sussmann was billing his time
  • Perkins Coie’s past claims about the DNC’s activities
  • The advice Kathryn Ruemmler gave Sussmann when Kash Patel raised his meeting with the FBI in a December 2017 HPSCI appearance
  • What Latham told a PR firm regarding public statements about the meeting in 2018

That is, more than six weeks before telling Sussmann that, after not formally attempting to pierce privilege in the last year, Durham now wants to do so, Durham made Sussmann waive any conflict with all the privileged relationships that Durham wants to pierce.

As I noted at the time, Durham was asking Sussmann to waive conflicts even without having pierced privilege.

Latham also provided Perkins Coie advice regarding a PR statement that, Durham admits, he’s not been able to pierce the privilege of and he knows those who made the statement had no knowledge that could implicate the statement in a conspiracy.

He’s now trying to do that. It’s really hard to believe that’s a coinkydink.

And unlike the attorney-client waiver used in the Paul Manafort case, Durham is not citing independent proof that Sussmann lied to his lawyers. Unlike the waiver with Eastman or with Michael Cohen’s hush payments, Durham is not citing participation in a conspiracy.

This is still a false statements case that Durham is sure, absent the evidence to charge it, is a conspiracy. And now at the last minute, he’s attempting to salvage that conspiracy.

Update: A motion in limine from Sussmann confirms I was totally right about Durham’s ploy. He wants to submit privilege logs to the jury — privilege logs to which Sussmann is not the privilege holder and therefore is helpless to waive — to insinuate that he’s covering something up.

Again, there can be no mistake as to the purpose for the Special Counsel’s tactics here. The animating theory of the Special Counsel’s Indictment is that, in meeting with the FBI and Agency-2, Mr. Sussmann sought to conceal that he was secretly working on behalf of the Clinton Campaign and Mr. Joffe. Lacking actual evidence of Mr. Sussmann’s guilt, the Special Counsel seeks instead to convict Mr. Sussmann by insinuating to the jury that such evidence must exist— by inviting them to draw the inference that, because Mr. Sussmann’s alleged clients and co-conspirators have chosen to withhold information relating to the very same relationship the Special Counsel alleges they and Mr. Sussmann sought to conceal, that information must be inculpatory.

Permitting the Special Counsel to prejudice Mr. Sussmann and to shirk his burden of proof by leading the jury to an adverse inference would be impermissible under any circumstance. But it is particularly egregious here, because Mr. Sussmann is not the privilege holder. The Special Counsel’s tactics would accordingly penalize Mr. Sussmann for another party’s invocation of their own right to assert the privilege, a decision that was not his to make. Convicting him on the basis of such fundamentally unfair circumstances would amount to a miscarriage of justice.

Durham Prosecutor Andrew DeFilippis Confirmed to Rodney Joffe He May Continue Indefinitely

/20 Comments/in , /by

On Monday, both John Durham and Michael Sussmann submitted their motions in limine, which are filings to argue about what can be admitted at trial. They address a range of issues that I’ll cover in several posts:

Sussmann:

Durham wants to:

  • Admit witnesses’ contemporaneous notes of conversations with the FBI General Counsel
  • Admit emails referenced in the Indictment and other, similar emails (see this post)
  • Admit certain acts and statements (including the defendant’s February 2017 meeting with a government agency, his December 2017 Congressional testimony, and his former employer’s October 2018 statements to the media) as direct evidence or, alternatively, pursuant to Federal Rule of Evidence 404(b)
  • Exclude evidence and preclude argument concerning allegations of political bias on the part of the Special Counsel (addressed in this post)
  • Admit an October 31, 2016 tweet by the Clinton Campaign

I will link my discussions in serial fashion.

In a motion to dismiss, Michael Sussmann just requested that Judge Christopher Cooper give Special Counsel Durham a choice: either immunize Rodney Joffe, or dismiss the case.

Sussmann wants to call Joffe to provide exculpatory testimony.

Mr. Joffe would offer critical exculpatory testimony, including that: (1) Mr. Sussmann and Mr. Joffe agreed that information should be conveyed to the FBI and to Agency-2 to help the government, not to benefit Mr. Joffe; (2) the information was conveyed to the FBI to provide a heads up that a major newspaper was about to publish a story about links between Alfa Bank and the Trump Organization; (3) in response to a later request from Mr. Baker, Mr. Sussmann conferred with Mr. Joffe about sharing the name of that newspaper before Mr. Sussmann told Mr. Baker that it was The New York Times; (4) the researchers and Mr. Joffe himself held a good faith belief in the analysis that was shared with the FBI, and Mr. Sussmann accordingly and reasonably believed the data and analysis were accurate; and (5) contrary to the Special Counsel’s entire theory, Mr. Joffe was neither retained by, nor did he receive direction from, the Clinton Campaign.

But after Joffe’s lawyer Steven Tyrell received Sussmann’s trial subpoena, he asked Andrew DeFilippis if he remained a subject of the investigation — more than five years after his last action in this case — DeFilippis stated that he continued to chase vague claims about the YotaPhone allegations shared in the February 9, 2017 meeting with the CIA.

On March 31, the day after receipt of the subpoena, I spoke by telephone with representatives of the Office of Special Counsel (“OSC”) in an effort to obtain sufficient information from which I could assess and advise my client whether he has a credible fear of prosecution. I then explained that I had requested an update because my client had received your trial subpoena. Given the impending trial date, I stated that we wished to inform you as soon as possible whether Mr. Joffe intends to invoke his Fifth Amendment rights if called to testify. I indicated that Mr. Joffe has a desire to testify, but he has concerns about doing so ifhe is a subject of the OSC’s investigation. In response, Mr. Defilippis confirmed that Mr. Joffe remains a subject of the investigation (as he has been since our first contact with the OSC fifteen months ago). I then asked if Mr. DeFilippis could explain what basis remains for Mr. Joffe’s possible prosecution. Rather than provide any additional information to aid in our assessment of the risk of prosecution, Mr. Defilippis stated that in his view, Mr. Joffe’s status in the investigation was sufficient to establish a good faith basis to invoke the privilege against self-incrimination. Mr. Defilippis further stated that OSC did not want to get into any more detail, and presumed that Latham would understand if Mr. Joffe decided to invoke.

I then stated to Mr. DeFilippis that more than five years has elapsed since the events that are described in the indictment against your client and the OSC’s related public filings, including the September 19, 2016, meeting with the FBI and the February 9, 201 7, meeting with , and asked what other basis the OSC might have to charge Joffe with criminal conduct. Mr. Defilippis replied in general terms that while it was fair to say that the Alfa-related allegations tied back to Sussmann’s September 19, 2016 meeting, the Yota phone-related allegations continued to “percolate through various branches of the government and around the private sector after that date, in various forms.” Defilippis further noted that certain fraud statutes have longer than a five-year limitations period, although he did not specify what statutes might be implicated by the events in question. Beyond that, Mr. Defilippis was unwilling to comment further. In light of Mr. Defilippis’ unwillingness to provide additional information, I asked whether he ever envisioned an end to my client’ status as a subject of the OSC’s investigation, and if so, when that might be. Mr. Defilippis indicated that he was unable to put an end date on the investigation at this point, and that it would depend upon various factors, including the conduct in question and the applicability of various limitations periods. [my emphasis]

According to Sussmann attorney Sean Berkowitz, just weeks ago, Durham was pressuring Joffe to testify against Sussmann.

Third, given the Special Counsel’s repeated entreaties to Mr. Joffe to cooperate in the Special Counsel’s investigation against Mr. Sussmann, including only weeks ago, the Special Counsel’s refusal to confer immunity on Mr. Joffe, and the Special Counsel’s insistence that Mr. Joffe continues to face criminal exposure, seems to be not only retaliatory, but tantamount to a “deliberate[] deni[al] [of] ‘immunity for the purpose of withholding exculpatory evidence and gaining a tactical advantage through such manipulation.’” Ebbers, 458 F.3d at 119 (citation omitted). As in Smith, “[i]f the witness were guilty of [the threatened offenses], he should have been charged with those offenses whether he testified or not. The [Special Counsel is] obviously threatening the witness to stop him from testifying-even truthfully.” Simmons, 670 F.2d at 369 (describing Smith, 478 F.2 at 979).

The message is clear: John Durham will keep his investigation open indefinitely so he can threaten to prosecute anyone for testimony that doesn’t confirm his preconceived prior beliefs, even on things that make the strained Sussmann charge look conventional by comparison.

Durham doesn’t want truthful testimony. He wants testimony that will bolster his conspiracy theories. And he’s willing to continue indefinitely to get it.

John Durham’s Top Prosecutor, Andrew DeFilippis, Allegedly Miffed that DARPA Investigated Guccifer 2.0

/59 Comments/in , , /by

Vladimir Putin’s invasion of Ukraine and the sanctions imposed as a result has led lawyers in the US to drop the now-sanctioned Alfa Bank and its owners, leading to the dismissal of the John Doe, BuzzFeed, and Fusion GPS lawsuits filed by Alfa Bank or its owners. That has, for now, brought an end to a sustained Russian effort to use lawfare to discover “U.S. cybersecurity methods and means” (as some of Alfa’s targets described the effort).

But the dismissal of the Alfa Bank suits hasn’t halted the effort to expose US cybersecurity efforts in the guise of pursuing right wing conspiracy theories. Both Federalist Faceplant Margot Cleveland and “online sleuths” goaded, in part, by Sergei Millian have picked up where Alfa Bank left off. In recent days, for example, documents obtained via a Federalist FOIA to Georgia Tech exposed the members of a cybersecurity sharing group, including a bunch at Three-Letter Agencies, which has little news value but plenty of intelligence value to America’s adversaries (these names were released even while someone — either Georgia Tech or the Federalist — chose to redact the contact information for Durham’s investigators, some of which is otherwise public).

Even while doing her part to make America less safe (raising the perennial question of who funds the Federalist), Cleveland has continued to do astounding work misrepresenting Durham’s investigation. From the same FOIA release, she published a document in which research scientist Manos Antonakakis described that chief Durham AUSA Andrew DeFilippis insinuated to him that it was abusive for DARPA to try to discover the network behind the Guccifer 2.0 persona.

Finally, I will leave you with an anecdote and a thought. During one of my interviews with the Special Counsel prosecutor, I was asked point blank by Mr. DeFilippis, “Do you believe that DARPA should be instructing you to investigate the origins of a hacker (Guccifer_2.0) that hacked a political entity (DNC)?” Let that sync for a moment, folks. Someone hacked a political party (DNC, in this case), in the middle of an election year (2016), and the lead investigator of DoJ’s special council would question whether US researchers working for DARPA should conduct investigations in this matter is “acceptable”! While I was tempted to say back to him “What if this hacker hacked GOP? Would you want me to investigate him then?”, I kept my cool and I told him that this is a question for DARPA’s director, and not for me to answer.

Assuming this is an accurate description, this is a shocking anecdote, a betrayal of US national security.

It suggests that Durham’s lead prosecutor doesn’t believe the government should throw its most innovative research at a hostile nation-state attack while that nation-state is attempting to influence an election. Sadly, though, it’s not surprising.

It is consistent with things we’ve seen from Durham’s team throughout. It’s consistent with Durham’s treatment of a loose tie between an indirect and unwitting Steele dossier source and the Hillary campaign as a bigger threat than multiple ties to Russian intelligence (or Dmitry Peskov’s office, which knew that Michael Cohen and Donald Trump were lying about the former’s secret communications with Peskov’s office). It is consistent with Durham’s more recent suggestion that the victim of such a nation-state attack must wait until after an election to report a tip that might implicate her opponent.

I almost feel like DeFilippis will eventually say Hillary should have just laid back and enjoyed being hacked in 2016.

DeFilippis, and Durham generally, have consistently treated Hillary as a far graver threat than Russia, even now, even as Russia conducts a barbaric invasion of a peaceful democracy.

But Antonakakis’ anecdote is all the more troubling because it suggests that DeFilippis seems to misunderstand what happened with the DARPA contract in question in 2016. The Enhanced Attribution RFP’s description of the hacking campaigns it was targeting — “multiple concurrent independent malicious cyber campaigns, each involving several operators” — pretty obviously aims to tackle Advanced Persistent Threats, of which APT 28 and 29 (both of which targeted the DNC) were among the most pressing in 2016. DARPA presumably didn’t ask Antonakakis to focus on Guccifer 2.0 — a persona which didn’t exist when the contract was put up for bid in April 2016, much less in the months earlier when it was originally conceived. Rather, by description, they were asking bidders to look at APTs, and looking at APT 28 would have happened to include looking at Guccifer 2.0, the DNC hack, and a number of hacks elsewhere in the US and the world.  The reason DARPA would ask Georgia Tech to look at APT 28 is because APT 28 was hacking a lot of targets in the time period, all of which provided learning sets for a researcher like Antonakakis. DeFilippis, then, seems miffed that the APT that DARPA wanted to combat happened to be one of two that targeted Hillary.

That’s a choice Russia made, not DARPA.

While I think Cleveland did serious damage with some of her releases, I’m glad she released this document because it provides a way for Michael Sussmann to make DeFilippis’ troubling views on national security a central issue at trial, something that normally is difficult to do.

It also provided Cleveland another opportunity to faceplant in spectacular trademark Federalist fashion. Cleveland used this document to rile up the frothers by suggesting this is proof that Durham is investigating the DNC attribution.

Exclusive: Special Counsel’s Office Is Investigating The 2016 DNC Server Hack

The U.S. Department of Defense tasked the same Georgia Tech researcher embroiled in the Alfa Bank hoax with investigating the “origins” of the Democratic National Committee hacker, according to an email first obtained by The Federalist on Wednesday. That email also indicates the special counsel’s office is investigating the investigation into the DNC hack and that prosecutors harbor concerns about the DOD’s decision to involve the Georgia Tech researcher in its probe.

[snip]

The public storyline until now had been that CrowdStrike, the cybersecurity firm Sussmann hired in April 2016, had concluded Russians had hacked the DNC server, and that the FBI, which never examined the server, concurred in that conclusion. Intelligence agencies and former Special Counsel Robert Mueller likewise concluded that Russian agents were behind the DNC hack, but with little public details provided.

It now appears that DARPA had some role in that assessment, or rather Antonakakis did on behalf of DARPA, which leads to a whole host of other questions, including whether DARPA had access to the DNC server and data and, if so, from whom did the DOD’s research arm get that access? Was it Sussmann?

There’s no reason to believe this and every reason to believe that — as I said — DeFilippis is pissed that DARPA prioritized their research on a target that was badly affecting national security (and not just in US, but also in allied countries) in 2016, one that happened to attempt to help Trump get elected.

But look how many errors Faceplant’s Cleveland made in the process:

Cleveland repeats the Single Server Fallacy, imagining that the DNC, DCCC, and Hillary had just one server between them to be hacked and all the servers that got hacked were in the possession of one of those victims. That’s, of course, ridiculous. The server that GRU hacked to get John Podesta’s emails belonged to Google. The server that GRU hacked to get Hillary’s analytics belonged to AWS. There was a staging server in AZ; I have been told that the FBI seized at least one US-based server that did not belong to the DNC (that server is why the frothy right’s focus on what Shawn Henry testified to HPSCI is so painfully ignorant — because it ignores that the FBI had access to servers that Henry did not that did show exfiltration).

Cleveland apparently doesn’t know that FBI knew who was hacking the DNC when they warned them starting in September 2015 they were being hacked. The FBI’s awareness of that not only explains why APT 29 and 28 would have been included in DARPA’s targets for EA, but proves that the government was tracking these hacking groups above and beyond the attack on Hillary. This was never just a reaction to the election year hack.

Cleveland claims Mueller’s attribution of the DNC hack to the GRU provided “little public details,” when in fact the Mueller Report showed 29 sources other than CrowdStrike, including:

  • Gmail
  • Linked-In
  • Microsoft
  • Facebook
  • Twitter
  • WordPress
  • ActBlue
  • AWS
  • AOL
  • Smartech Corporation
  • URL shortening service
  • Bitcoin exchanges
  • VPN services

According to Mueller’s report, all these sources also corroborated the GRU attribution. And Mueller’s list doesn’t include a number of other known entities that corroborated the attribution, including NSA and Dutch intelligence, which couldn’t be named in a public DOJ document. Mueller’s list doesn’t include Georgia Tech either, but it wouldn’t need to, because there was so much other evidence.

The Mueller Report described obtaining almost 500 warrants, but the released list — from which FBI’s Cyber Division successfully withheld those pertaining to the GRU investigation — only includes around 370-400 warrants (based on an 156 pages of warrants with roughly three per page), suggesting there may be 100 warrants tied to the GRU attribution alone.

By the time Antonakakis started looking at the DNC hack as part of EA, multiple entities, including several Infosec contractors, non-US intelligence services, and non-governmental entities like tech giants (including at least three of the ones on Mueller’s list), had plenty of evidence that the Guccifer 2.0 campaign was run by the APT 28. Including Guccifer 2.0 as part of the research set would simply be part of the existing targeting of a dangerous APT.

But apparently neither DeFilippis nor Cleveland understand that 2016 was part of an ongoing identified threat to US national security.

One thing Putin did in 2016 was to use disinformation to train the frothy right to favor Russia more than fellow Americans from the opposing party. Even as Russia attacks Ukraine, that still seems to be true.

John Durham and Newly-Sanctioned Alfa Bank’s Filings: “Almost like they were written by the same people”

/71 Comments/in , , /by

In a DC hearing on February 9 regarding Alfa Bank’s attempt to obtain documents from Michael Sussmann before his trial, DC Superior Judge Shana Frost Matini observed that the Alfa Bank allegations and the John Durham indictment seemed like they could be written by the same people.

[R]ight now, given the — if the closeness of Alpha’s allegations, I mean, quite frankly, it’s — reading Alpha’s submissions and what the — and that compared to the indictment, there’s — it’s almost like they were written by the same people in some way. [Alpha misspelling original]

Judge Matini, a Trump appointee, scolded Alfa — which over this past weekend was included in sanctions against Russian banks in retaliation for the invasion — for claiming that their lawsuit and Durham’s indictment of Sussmann were not closely related after having raised the indictment in the first place.

As to the claims that the criminal and civil proceedings are not closely related, this is a surprising representation for Alpha to make, given that Alpha was the one to bring the criminal charges to the Court’s attention by filing what was styled as a notice of supplemental authority in support of its Motion to Compel.

Of course, there is no Supplemental Authority here. A criminal indictment is not an opinion of the Court. It’s just a charge that the prosecuting authority is bringing against an individual with facts that are alleged to support the charge.

In dual lawsuits in FL and PA, Alfa Bank purports to be trying to figure out who allegedly faked DNS records to make it look like Alfa was in contact with Trump back in 2016 so it can sue those people. Rather than finding anyone to sue, however, it has instead spent its time subpoenaing experts to learn as much as it can about how the US tracks DNS records to prevent cyberattacks by — among other hostile countries — Russia.

Matini ruled that Alfa’s effort to get more information from Sussmann will have to wait until June, after his trial. (It’s unclear whether the sanctioned bank will still have legal means to pay Skadden lawyers to pursue this lawsuit at that point.)

But since then, the timelines of the Alfa Bank and Durham investigations have closely paralleled.

Of particular interest, on the morning of February 11, Rodney Joffe — referred to as Tech Executive-1 in the Durham filings — sat for an almost 5-hour deposition with Alfa Bank’s lawyers. He revealed that Durham had first approached him for an interview at least a year earlier. He revealed he had been asked to testify before the grand jury, but he “declined to interview,” presumably meaning he told Durham he’d invoke the Fifth (just as Don Jr and probably his daddy are understood to have done with Mueller).

Joffe’s refusal to voluntarily feed this witch hunt continued in his Alfa deposition. Citing the ongoing Durham investigation, he invoked the Fifth Amendment a slew of times (though not as many times as your average Trump man in a financial fraud deposition or even Alex Jones in an interview about an insurrection). Those questions to which he invoked his Fifth Amendment rights and those he answered mapped out an interesting territory, marking who he does know and those Alfa thought he did but that he does not.

For example, he said he had never heard of Alfa Bank before investigating the anomaly related to it. He said he had never met Jean Camp or several of the other researchers that frothers are certain he conspired with. Joffe twice said he had never met Christopher Steele and also said he “had no idea” that Sussmann met with Steele about the server allegations. He denied knowing what the contract between Georgia Tech and DARPA looked like.

Alfa made a number of mistakes — confusing a domain name with a business. Claiming he authored a paper that David Dagon had. Asking him about several emails he hadn’t been sent.

There were several claims Alfa made that Joffe’s lawyer, Steven Tyrrell, established a record were unproven assumptions on Alfa’s part, such as that Joffe got one of the white papers described in the indictment. Importantly, that includes a question about the EOP server.

Q: I was just going to ask Mr. Joffe whether or not he knows who the executive branch office of the U.S. government is?

A: I have to invoke my Fifth Amendment rights.

Mr. Tyrrell: And Margaret, if I may, just — I apologize. Just for the record, I want to be clear that — that in invoking his rights and my allowing my client to invoke his rights, that should not be interpreted as an admission that the — I mean, you’ll argue whatever it is, if you do, that the allegations, which are just allegations in the indictment, are accurate.

In addition to those curious objections, there were several things alleged in the indictment that Joffe outright denied. In several questions, Joffe challenged the meaning of an email Durham has used to suggest he anticipated, and wanted, a top cybersecurity job within a hypothetical Hillary Administration. After objecting to the form of the way the Alfa Bank’s Skadden lawyer tried to corner Joffe into answering the question, Tyrrell answered,

You know, again, our position on this is Mr. Joffe is happy to answer the question that was posed about whether he was ever offered the top cybersecurity job by the Democrats when it looked like they’d win. I think he’s answered that question.

He’s not going to answer questions about communications that he may or may not have had with other people about the topic. And as to those, he would invoke his rights under the Fifth Amendment.

Joffe answered no to three questions about whether the Clinton campaign paid him for his work on the server allegations, a false claim that Kash Patel spread.  Joffe also distinguished his concern about Donald Trump from a political desire to see him lose.

I’ve never been interested in politics. I’ve never been involved in politics. I haven’t voted for many, many years. I haven’t donated to any parties or any — or given any kind of benefit to any parties, but I certainly over the last few years have had an interest in the politics of the country that I live in.

That explanation premised two invocations of his Fifth Amendment in response to questions about Trump specifically.

In other words, Joffe’s Alfa Bank deposition on February 11 undermined several of the premises of the Durham investigation, while it identified several areas where his lawyer suggested Alfa’s assumptions were wrong (in the hearing on Laura Seago’s deposition, there was a central Alfa Bank assumption I know to be badly wrong).

Joffe’s deposition ended at 2:07PM ET on February 11.

Nine hours later, at 11:32PM, Durham submitted the belated conflicts motion — which would have been filed in September if Durham really had concerns about any conflict — and floated a number of claims about Joffe, claims that went beyond those in the indictment. Joffe is mentioned twenty times, including the following:

The defendant’s billing records reflect that the defendant repeatedly billed the Clinton Campaign for his work on the Russian Bank-1 allegations. In compiling and disseminating these allegations, the defendant and Tech Executive-1 also had met and communicated with another law partner at Law Firm-1 who was then serving as General Counsel to the Clinton Campaign (“Campaign Lawyer-1”).

The Indictment also alleges that, beginning in approximately July 2016, Tech Executive-1 had worked with the defendant, a U.S. investigative firm retained by Law Firm-1 on behalf of the Clinton Campaign, numerous cyber researchers, and employees at multiple Internet companies to assemble the purported data and white papers. In connection with these efforts, Tech Executive-1 exploited his access to non-public and/or proprietary Internet data. Tech Executive-1 also enlisted the assistance of researchers at a U.S.-based university who were receiving and analyzing large amounts of Internet data in connection with a pending federal government cybersecurity research contract. Tech Executive-1 tasked these researchers to mine Internet data to establish “an inference” and “narrative” tying then-candidate Trump to Russia. In doing so, Tech Executive-1 indicated that he was seeking to please certain “VIPs,” referring to individuals at Law Firm-1 and the Clinton Campaign.

The Government’s evidence at trial will also establish that among the Internet data Tech Executive-1 and his associates exploited was domain name system (“DNS”) Internet traffic pertaining to (i) a particular healthcare provider, (ii) Trump Tower, (iii) Donald Trump’s Central Park West apartment building, and (iv) the Executive Office of the President of the United States (“EOP”). (Tech Executive-1’s employer, Internet Company-1, had come to access and maintain dedicated servers for the EOP as part of a sensitive arrangement whereby it provided DNS resolution services to the EOP. Tech Executive-1 and his associates exploited this arrangement by mining the EOP’s DNS traffic and other data for the purpose of gathering derogatory information about Donald Trump.)

The Indictment further details that on February 9, 2017, the defendant provided an updated set of allegations – including the Russian Bank-1 data and additional allegations relating to Trump – to a second agency of the U.S. government (“Agency-2”). The Government’s evidence at trial will establish that these additional allegations relied, in part, on the purported DNS traffic that Tech Executive-1 and others had assembled pertaining to Trump Tower, Donald Trump’s New York City apartment building, the EOP, and the aforementioned healthcare provider. In his meeting with Agency-2, the defendant provided data which he claimed reflected purportedly suspicious DNS lookups by these entities of internet protocol (“IP”) addresses affiliated with a Russian mobile phone provider (“Russian Phone Provider-1”). The defendant further claimed that these lookups demonstrated that Trump and/or his associates were using supposedly rare, Russian-made wireless phones in the vicinity of the White House and other locations. The Special Counsel’s Office has identified no support for these allegations. Indeed, more complete DNS data that the Special Counsel’s Office obtained from a company that assisted Tech Executive-1 in assembling these allegations reflects that such DNS lookups were far from rare in the United States. For example, the more complete data that Tech Executive-1 and his associates gathered – but did not provide to Agency-2 – reflected that between approximately 2014 and 2017, there were a total of more than 3 million lookups of Russian Phone-Provider-1 IP addresses that originated with U.S.-based IP addresses. Fewer than 1,000 of these lookups originated with IP addresses affiliated with Trump Tower. In addition, the more complete data assembled by Tech Executive-1 and his associates reflected that DNS lookups involving the EOP and Russian Phone Provider-1 began at least as early 2014 (i.e., during the Obama administration and years before Trump took office) – another fact which the allegations omitted.

As I noted, less than a day after Durham filed that motion, the former President suggested that Joffe had been spying and should be killed. In response to the furor, Joffe’s spox later issued a statement clarifying what went on — precisely the information he had tried to plead the Fifth over.

In a statement, a spokesperson for Mr. Joffe said that “contrary to the allegations in this recent filing,” he was apolitical, did not work for any political party, and had lawful access under a contract to work with others to analyze DNS data — including from the White House — for the purpose of hunting for security breaches or threats.

After Russians hacked networks for the White House and Democrats in 2015 and 2016, it went on, the cybersecurity researchers were “deeply concerned” to find data suggesting Russian-made YotaPhones were in proximity to the Trump campaign and the White House, so “prepared a report of their findings, which was subsequently shared with the C.I.A.”

And some of the other researchers had to provide more details to push back on the frenzy (including that the data from EOP preceded Trump’s inauguration). Few outlets, though, have presented the basic innumeracy in Durham’s filing about the rarity of YotaPhones as anything but a contested issue.

And after Durham incited claims that Joffe should be killed, one week later Alfa Bank then affirmed the tie between Joffe and Tech Executive 1 by posting his deposition in their motion to get another four months to conduct their fishing expedition. That has had the effect of further inflaming the frothy right, and providing Durham sworn testimony from Joffe that he was otherwise not entitled to (including several warnings about how his case against Sussmann may be vulnerable).

In the wake of the release of the Florida filing, Joffe’s lawyers intervened in the Sussmann case and then filed a separate sealed motion to strike the (misleading) references to Joffe in the filing.

A Trump appointed judge in DC believes these efforts look like they’re being written by the same people. Whether Durham’s sources and a sanctioned Russian Bank’s sources are “colluding,” these parallel developments had the effect of depriving Joffe of his ability to fully invoke the Fifth Amendment. And with the help of a sanctioned Russian bank, it gave Durham a substantial benefit in a criminal investigation.

Timeline

January 25: Durham asks to extend discovery deadline

January 28: Durham admits that Durham was informed about the James Baker phone he claimed to forget knowing about

February 9: Michael Sussmann succeeds in staying Alfa Bank’s effort to get documents from him

February 10: Fusion GPS’ Laura Seago attempts to quash a subpoena

February 11, 9:30AM: Rodney Joffe deposition

February 11, 11:32PM: Durham files a motion purporting to be a conflicts motion that misrepresents the evidence

February 14: Sussmann asks to strike unsupported allegations in conflicts motion

February 14: Peter Fritsch deposition

February 17: Sussmann moves to dismiss the case, arguing his alleged lie would not be material

February 17: Durham claims that the close associates of the investigation that lied about what the conflicts motion said have nothing to do with the Durham team

February 18: Alfa Bank requests another extension to keep looking for John Does in FL

February 24: Rodney Joffe’s lawyers file notices of appearance in the Sussmann docket

February 25: Judge Christopher Cooper schedules a hearing on the conflicts motion for March 7

February 28: Joffe files a sealed motion to expunge the references to Tech Executive-1

March 1: Judge Cooper sets a Friday deadline for the government to respond to Joffe’s motion

March 7: Hearing scheduled to address conflicts memo