Posts

Before John Durham’s Originator-1, There Was a Claimed BGP Hijack

/61 Comments/in , , /by

In this post, I described that “Phil,” the guy I went to the FBI about because I suspected he had a role in the Guccifer 2.0 persona, had a role in the Alfa Bank story. As noted, Phil’s provable role in pushing the Alfa Bank story in October 2016 was minor and would have no effect on the false statement charge — for an alleged lie told in September 2016 — against Michael Sussmann. But because of Durham’s sweeping materiality claims, it might have an impact on discovery.

It has to do with the theory that Alfa Bank has about the DNS anomalies, a theory that Durham seems to share: that the data was faked.

As Alfa laid out in its now abandoned John Doe lawsuits, it claims that the anomalous DNS traffic that Michael Sussmann shared with the FBI in September 2016 was faked. The bank appears to believe not just that the data was faked, but that April Lorenzen is involved in some way. For example, it describes that Tea Leaves and “two accomplices” were sources for Franklin Foer (though elsewhere, the lawsuit claims that Tea Leaves was pointed to the data by the unknown John Doe defendants).

Durham seems even more sure that Lorenzen is the culprit. For example, he always refers to the data as “purported.” He refers to Lorenzen as “Originator-1” rather than “Data Scientist-1” or “Tea Leaves,” insinuating she fabricated the data. And when Sussmann asked for all evidence indicating that Durham had bullied witnesses, Durham provided emails involving Lorenzen’s lawyers.

Alfa Bank might be excused for imagining that Lorenzen is the primary culprit to have fabricated the data. According to Krypt3ia, when Alfa asked him for his communications, he only had one email, with a different journalist, to share. They quite clearly don’t understand that someone else was involved in publicizing these claims.

Durham doesn’t have the same excuse.

That’s because DOJ – of which Durham remains a part – knows at least some of the details about “Phil” that I laid out in my last post. Because they would have checked Twitter to vet some of my most basic claims, they almost certainly obtained the Twitter DMs (or at least the metadata) showing that Phil brokered the tie between Krypt3ia and the NYT.

To be clear: I have no evidence that Phil altered the DNS records. I’m agnostic about what caused the anomaly (though am convinced that the experts involved believe the anomaly is real, even if they offer varying explanations for the cause). But Durham has made the source of the anomaly an issue to bolster his claims about materiality. And, as Sussmann noted in a recent filing, “Much as the Special Counsel may now wish to ignore the allegations in the Indictment, he is bound by them.” So, it seems, Durham’s on the hook for telling Sussmann if DOJ knows of anyone else involved in pushing the Alfa Bank story who could be a possible culprit for fabricating the data, especially if that person was known to have clandestinely signed a comment, “Guccifer 2.0.”

Phil probably faked a BGP hijack

The fact that Phil alerted the NYT to the Russian proxy of Lorenzen’s data matters not just because he had, months earlier, claimed to work for an FSB-led company and, even before that, claimed to have been coerced by Russian intelligence at an overseas meeting before the known DNC operation started.

It also matters because (I believe) Phil faked an Internet routing record in the same month the Alfa/Trump/Spectrum anomalies started.

In May 2016, Phil shared what he claimed was a traceroute of a request to my site, an Internet routing record that is different than but related to the DNS records at the heart of the Alfa Bank story. The screencap he sent me purported to show that a request to my site had been routed through (to the best of my memory) some L3 routers in Chicago, to Australia, back to those L3 switches, to my site. Phil was claiming to show me proof that someone had diverted requests to my site overseas along the way – what is known as a BGP hijack. Phil showed this to me in the wake and context of a DDOS attack that had brought my site down for days, an attack which led me to rebuild my site, change hosts, and add Cloudflare DDOS protection.

May 2016, the month Phil showed me what I believe to be a faked traceroute, is the same month the anomalous traffic involving Alfa Bank, Spectrum Health, and a Trump-related server started.

Phil used that traceroute to claim that the US intelligence community was diverting and spying on traffic to my website.

The claim made no sense. The only thing that diverting my traffic would get spies is access to my readers’ metadata, which would be readily accessible via easier means, including with a subpoena to my host provider. Aside from a bunch of drafts that I’ve decided didn’t merit publication, there’s no non-public content on my site. I was not competent (and did not ask others) to assess the validity of the screencap itself, but I considered it unreliable because it didn’t show the query or originating IP address behind the record, which would be needed to test its provenance.

I don’t have that original traceroute (I replaced my phone not long after he sent it). But in June 2016 he shared a reverse DNS look-up related to my site that wasn’t altered but in which Phil invoked the earlier one.

I corrected him in this case – this IP address was readily explainable; it was Cloudflare (which Phil surely knew). But Phil nevertheless repeated his earlier claim that “they” were hijacking my traffic.

When I said that Phil had been tracking how requests to my site worked for some time before he left a comment signed guccifer2.0@kgb.ru in July 2016, this weeks-long exchange is what I was referring to. He had, effectively, been watching as I added Cloudflare protection to my site.

These screencaps show that Phil, who months later would play a role in pushing the Alfa Bank story, was using DNS records — real and possibly faked — as a prop in a false story.

Phil tracked DOD contracts closely

That’s not the only detail that DOJ may know about that Durham should consider before insinuating that Lorenzen is the most likely culprit if this data was fabricated. DOJ may know that Phil tracked DOD contracts very closely. That’s important because it explains how Phil could have learned researchers would be looking closely at DNS records.

For years, I’ve believed that the Alfa-Trump-Spectrum Health effort was disinformation, because so much of what came out that year was and because I viewed the Spectrum Health stuff to be such a reach. My belief it might be disinformation only grew stronger when I discovered the focus on Spectrum Health, with its link to Erik Prince’s sister’s spouse, came just after Prince had asked Roger Stone about his efforts to reach out to WikiLeaks.

Certainly, Putin exploited the allegations afterwards to his advantage. He used them to push Alfa Bank’s Petr Aven to take a primary role in reaching out to Trump during the transition, at least as recounted in the Mueller Report.

According to Aven, at his Q4 2016 one-on-one meeting with Putin,981 Putin raised the prospect that the United States would impose additional sanctions on Russian interests, including sanctions against Aven and/or Alfa-Bank.982 Putin suggested that Aven needed to take steps to protect himself and Alfa-Bank.983

981 At the time of his Q4 2016 meeting with Putin, Aven was generally aware of the press coverage about Russian interference in the U.S. election. According to Aven, he did not discuss that topic with Putin at any point, and Putin did not mention the rationale behind the threat of new sanctions

Aven even used Richard Burt, one of the people scrutinized by the Fusion and DNS research, to reach out to Trump, effectively pursuing precisely the back channel between Alfa and Trump that Fusion suspected months earlier.

The relevant part of Aven’s interview is redacted, so it’s not clear whether Aven mentioned that Alfa Bank had been a key focus of the interference allegations. But that’s the presumptive subtext: along with the Steele dossier, the DNS anomaly – both of which, in several lawsuits since, Aven or Alfa have claimed were “gravely damaging” – raised suspicions about Alfa Bank and made it more likely the bank would be sanctioned than had been the case previously.

And before the bank did get sanctioned last month, Alfa was using the DNS anomaly to conduct a lawfare campaign to learn how the US uses DNS tracking to thwart hacks (one wonders if Putin ordered that campaign, like he personally ordered Aven to reach out to Trump). That campaign even got a bunch of frothy right-wingers to decry efforts to prevent and detect nation-state hacks on the US. So at the very least, Russia has exploited the Alfa-Trump allegations to great benefit, one measure of whether something could be deliberate disinformation.

But as I’ve talked to people who’ve tried to figure out what the anomaly was – including experts who believed it did reflect real communication as well as some who didn’t – they always explained that seeding disinformation in such a fashion would be useless. That’s because you couldn’t ensure that any disinformation you planted would be seen. That is, unlike the Steele dossier, which was being collected by an Oleg Deripaska associate and shared with the press (and for which there’s far more evidence Russia used it to plant disinformation), you could never expect the disinformation to be noisy enough to attract the desired attention.

In the years since the original story, how researchers who found the anomalous data obtained the DNS data has driven a lot of the hostility behind it. The researchers have tried to hide where they got the data for proprietary and cybersecurity reasons. John Durham has alleged there was some legal impropriety behind using it, even when used (as the researchers understood they were doing) to research ongoing nation-state hacks. And Alfa Bank was using lawfare to try to find out as much about the means by which this DNS traffic was observed by cybersecurity experts as possible. The full story of how the researchers accessed the data has yet to be reported, but as I understand it, there’s more complexity to the question than initially made out or than has made it into Durham’s court filings. That complexity would make it even harder to anticipate where DNS researchers were looking. So, multiple experts told me, it would be crazy to imagine anyone would have thought to seed disinformation in DNS records expecting it’d get picked up via those collection points in 2016, because no one would have expected anyone was observing all those collection points.

If a Fancy Bear shits in the DNS woods but there’s no one there to see it, did it really happen?

But there was, in fact, a way to anticipate it might get seen.

As the Sussmann indictment vaguely alluded to and this NYT story laid out in detail, researchers found the DNS anomalies in the context of preparing a bid for a DARPA research contract.

The involvement of the researchers traces back to the spring of 2016. DARPA, the Pentagon’s research funding agency, wanted to commission data scientists to develop the use of so-called DNS logs, records of when servers have prepared to communicate with other servers over the internet, as a tool for hacking investigations.

DARPA identified Georgia Tech as a potential recipient of funding and encouraged researchers there to develop examples. Mr. Antonakakis and Mr. Dagon reached out to Mr. Joffe to gain access to Neustar’s repository of DNS logs, people familiar with the matter said, and began sifting them.

Separately, when the news broke in June 2016 that Russia had hacked the Democratic National Committee’s servers, Mr. Dagon and Ms. Lorenzen began talking at a conference about whether such data might uncover other election-related hacking.

The DOD bidding process provided public notice that DARPA was asking researchers to explore multiple ways, including DNS traffic, to attribute persistent hacking campaigns in real time.

The initial DARPA RFP was posted on April 22, 2016, ten days before the anomalous traffic started but well after the Russian hacking campaign had launched (documents FOIAed by the frothers reveal that the project was under discussion for months before that). This RFP provided a way for anyone who tracked DOD contracts closely to know that people would be looking and the announcement itself included DNS records and network infrastructure among its desired measurements. Depending on the means by which DARPA communicated about the contract, it might also provide a way to find out who would be looking and how and where they would be looking, though as I understand it, the team at Georgia Tech would have been an obvious choice in any case.

Phil tracked DOD contracts very closely. In September 2016, for example, he sent me a text alerting me to a new Dataminr contract just 66 minutes after I published a post about the company (I later wrote up the contract).

Phil also told me, verbally, he was checking what contracts DOD had with one of the US tech companies for which a back door was exposed in summer 2016. He claimed he was doing so to see how badly the government had fucked itself with its failure to disclose the vulnerability. By memory (though I am not certain), I believe it was Juniper Networks, in the wake of the Shadow Brokers release of an NSA exploit targeting the company.

And even on top of Phil’s efforts to convince me that the DNC hack wasn’t done by APT 28, DOJ has other evidence that Phil tracked APT attribution efforts closely, even using official government resources to do so. So it would be unsurprising if he had taken an interest in a contract on APT attribution in real time.

Durham may have access to some or all of this

Durham insinuates the DNS records are faked and he appears to want to blame Lorenzen for faking them. But he may be ignoring evidence in DOJ’s possession that someone else who, I’ve now confirmed, played at least a minor role in pushing the Alfa Bank story was using Internet routing records, possibly faked, to support a false story in May 2016.

To be sure: while I know the investigation into Phil continued at least the better part of a year after my FBI interview about him, any feedback I’ve gotten about that investigation has been deliberately vague. So aside from the obvious things – like the Twitter records that would show Phil’s DMs with Krypt3ia and Nicole Perloth – I can’t be sure what is in DOJ’s possession.

I don’t even know whether the 302 from my FBI interview would mention Phil’s pitch of the Alfa Bank story to me. It was on a list of the things I had intended to describe in that interview. But I didn’t work from the list in the interview itself and I have no affirmative memory of having mentioned it. If I did, it would have amounted to me saying little more than, “he also was pushing the Alfa Bank story.”

That said, unless the FBI agents were epically incompetent, my 302 should mention Alfa Bank, because I’m absolutely certain I raised this post and its emphasis on the inclusion of Alfa Bank in an alarming April 2017 BGP hijack.

And in fact, there’s a way Durham could have found out about Phil’s role in the Alfa Bank story independent of my FBI interview. Of just two people in the US government with whom I shared some of the Alfa Bank-related texts I exchanged with Phil (both were Republicans), one was centrally involved in the investigations that fed into the Durham investigation. If this stuff matters, Durham should ask why several of his key source investigations didn’t focus on it.

Durham should know that Phil had a role in the Alfa Bank story.

And given his insinuations in the indictment that Lorenzen fabricated DNS data in May 2016, making the insinuation part of his materiality claims, Durham may be obligated to tell Michael Sussmann that DOJ already knows of someone who was pushing the Alfa Bank story who used DNS data to tell a false story in May and June 2016.

Share this entry

John Durham Keeps Chasing Possible Russian Disinformation

/59 Comments/in , /by

Yesterday, the two sides in the Michael Sussmann case submitted the proposed jury questions they agree on and some they disagree on.

Durham objects to questions about security clearances and educational background (presumably Durham wants to make it harder for Sussmann to get people who understand computers and classification on the jury).

Sussmann objects to questions about April Lorenzen’s company and Georgia Tech.

He also objects to a question that assumes, as fact, that the Hillary campaign and the DNC “promoted” a “collusion narrative.”

I suspect Sussmann’s objections to these questions are about direct contact. For all of Durham’s heaving and hollering, while Sussmann definitely met with Fusion GPS, of the researchers, the indictment against Sussmann only shows direct contact with David Dagon. Everything else goes through Rodney Joffe. Plus, a document FOIAed by the frothy right shows that Manos Antonakakis believes what is portrayed in the indictment is at times misleading and other times false, which I assume he’ll have an opportunity to explain at trial.

As regards the campaign, as I already noted, when Sussmann asked Durham what proof the Special Counsel had that he was coordinating with the campaign, Durham pointed to Marc Elias’ contacts with the campaign and, for the first time (over a month after the indictment), decided to interview a Clinton staffer.

Sussmann will probably just argue that Durham’s plan to invoke these things simply reflects Durham’s obstinate and improper treatment of a single false statement charge as a conspiracy the Special Counsel didn’t have the evidence to charge.

But Durham’s inclusion of it makes me suspect that Durham wants to use an intelligence report that even at the time analysts noted, “The IC does not know the accuracy of this allegation or the extent to which the Russian intelligence analysis may reflect exaggeration or fabrication.” Nevertheless, John Ratcliffe, who has a history of exaggeration for career advancement, declassified, unmasked Hillary’s name, and then shared with Durham.

If Durham does intend to use this, though, it would likely mean Durham would have to share parts of the Roger Stone investigation file with Sussmann. That’s because the report in question ties the purported Clinton plan to Guccifer 2.0.

And as the FBI later discovered, there was significant evidence that Roger Stone had been informed of the Guccifer 2.0 persona before it went public.

That information, along with a bunch of other things revealed about Stone’s activities before this Russian report, suggest the Russian report may actually be an attempt to protect Stone, one that anticipated Stone’s claims in the days after the report that Guccifer 2.0 was not Russian.

Unless Durham finds a way to charge conspiracy in the next two months, Judge Christopher Cooper would do well to prevent Durham from continuing his wild conspiracy theorizing. Because it’s not clear Durham knows where the strings he is pulling actually lead.

Share this entry

John Durham Says Election-Hack Victims Should Wait Until After the Election to Report Tips

/46 Comments/in , , , /by

Even as Russia assaults a peaceful democracy (which invasion, in a separate filing, Durham calls, “recent world events in Ukraine”), John Durham suggests that a political campaign victimized by Russia should expect to wait until after the election before the FBI opens an investigation into a cybersecurity anomaly potentially implicating her opponent.

Durham even asserts that such a cybersecurity anomaly is not a cybersecurity matter, but instead a political one.

Almost six years after Trump’s request, “Russia are you listening,” was met with a renewed Russian attack on Hillary Clinton, John Durham continues to treat Hillary’s attempts to run a campaign while being attacked as a greater threat than that nation-state attack by Russia.

Durham’s latest contortions come in a response to Micheal Sussmann’s motion to dismiss the indictment.

Sussmann argued that the alleged lie he told (motions to dismiss must accept the alleged facts as true), could not have affected the single decision facing the FBI when he shared information about a DNS anomaly: whether to open an investigation or not.

Following the Supreme Court’s clear instruction in Gaudin, in order to assess the materiality of the false statement that Mr. Sussmann is alleged to have made, this Court must ask what statement he is alleged to have made to the FBI; what decision the FBI was trying to make; and whether the false statement could have influenced that decision. Here, even accepting all the allegations in the Indictment as true—and the evidence would prove otherwise—the only decision the FBI was trying to make was the decision whether or not to commence an investigation into the allegations of suspicious internet data involving the Trump Organization and Russian Bank-1. Ample precedent—and the Special Counsel’s own allegations in this case—make clear that Mr. Sussmann’s purported false statement did not influence, and was not capable of influencing, that decision.

Predictably and reasonably, Durham’s response cited the precedent that leaves it up to juries to determine whether something is material or not.

In any event, the defendant’s arguments on the materiality of his statement are also premature. The Supreme Court in Gaudin held that materiality is an essential element of Section 1001 that must be resolved by a jury.

As I noted back in October, “Prosecutors will argue that materiality is a matter for the jury to decide.”

Prosecutors also noted what I did: a long list of precedents about materiality that Sussmann cited in his motion are all post-trial challenges to materiality, not pretrial motions to dismiss.

The defendant cites to multiple cases where the Supreme Court and Circuit Courts have held that the false statements and misrepresentations at issue were immaterial as a matter of law. See Def. Mot. at 7-10. But critically, all of those cases involved post-conviction appeals or motions to vacate the conviction after the Government presented its case at trial. Accordingly, none of these cases support the defendant’s requested relief here – that is, that the court dismiss the Indictment before trial because it fails to sufficiently allege that the defendant’s false statement is material. What the cases do show is that courts have routinely declined to usurp the jury’s role in making the determination on whether a false statement is material.

For those two reasons, Sussmann’s motion to dismiss is unlikely to succeed, and should instead be viewed as an opening bid to frame his defense and establish issues for appeal.

Those two arguments are all Durham really needed to respond to Sussmann’s motion to dismiss. Instead of leaving it with responsible lawyering, however, Durham instead launches into an illogical attempt to criminalize tip reporting.

Take his attempt to dismiss Rodney Joffe’s real cybersecurity expertise. In the three months since he charged Sussmann, Durham belatedly (at Sussmann’s request) discovered how closely Joffe had worked with the FBI on other investigations. As Sussmann scoffed in an earlier filing, “The notion that the FBI would have been more skeptical of the information had it known of Tech Executive-1’s involvement is, in a word, preposterous.” Now that Durham has discovered the close ties between Joffe and the FBI, he claimed that that history of reliability was itself something the FBI needed to know.

Namely, as the defendant’s motion reveals (Def. Mot. at 18-19, fn. 8), Tech Executive-1 had a history of providing assistance to the FBI on cyber security matters, but decided in this instance to provide politically-charged allegations anonymously through the defendant and a law firm that was then-counsel to the Clinton Campaign. Given Tech Executive-1’s history of assistance to law enforcement, it would be material for the FBI to learn of the defendant’s lawyer-client relationship with Tech Executive-1 so that they could evaluate Tech Executive-1’s motivations. As an initial step, the FBI might have sought to interview Tech Executive-1. And that, in turn, might have revealed further information about Tech Executive-1’s coordination with individuals tied to the Clinton Campaign, his access to vast amounts of sensitive and/or proprietary internet data, and his tasking of cyber researchers working on a pending federal cybersecurity contract.

Durham’s claim that “learning” how much data Joffe had access to (which is something the FBI undoubtedly knew — it is surely the reason why FBI partnered with him, because the volume of data Neustar had made their observations more useful) would make them more skeptical of the DNS tip is nonsensical. In fact, elsewhere (in tracking all the YotaPhone requests in the US over a three year period), Durham treated it as presumptively reliable.

Plus, Durham made no mention here of one of a number of the other things he belatedly learned: that the September 2016 tip Sussmann shared with FBI General Counsel James Baker was not the only one Joffe had shared via Sussmann anonymously. He shared a tip anonymously during this same time period with DOJ IG. Durham has no way of knowing, either, whether those two were the only ones, but his revised theory of materiality depends on an anonymous tip like this one being unique.

Similarly, Durham struggled to explain (including by citing an inapt precedent) why the FBI would need to be told that Sussmann represented Hillary when, in notes of Baker’s retelling of the meeting, Bill Priestap wrote that Sussmann represented the DNC and Clinton Foundation.

As he did with Joffe, Durham tried to flip Sussmann’s expertise, arguing that the former prosecutor’s recognized qualification as a cybersecurity expert, something that would help him assess whether DNS data were anomalous or not, is precisely why the Perkins Coie lawyer needed to disclose he was working for Hillary.

In an effort to downplay the materiality of this false statement, the defendant asserts that the FBI General Counsel was aware that the defendant represented the DNC. See Def. Mot at 18. But the Government expects that evidence at trial will establish that the FBI General Counsel was aware that the defendant represented the DNC on cybersecurity matters arising from the Russian government’s hack of its emails, not that he provided political advice or was participating in the Clinton Campaign’s opposition research efforts. Indeed, the defendant held himself out to the public as an experienced national security and cybersecurity lawyer, not an election lawyer or political consultant. Accordingly, when the defendant disclaimed any client relationships at his meeting with the FBI General Counsel, this served to lull the General Counsel into the mistaken, yet highly material belief that the defendant lacked political motivations for his work.

There are many crazy assumptions built into this statement: that, had Sussmann identified Hillary as his client, it would have required him to reveal her motives as political rather than security-related to the FBI, breaching privilege; that reporting an anomaly potentially involving Trump after Trump had begged Russia to further hack Hillary would not be a sound decision from a cybersecurity standpoint; that researching the context of an anomaly, such as Alfa Bank’s ties to Putin, is not part of cybersecurity. Effectively, Durham has unilaterally decided that pursuing this anomaly was a political act, with no basis in law or fact.

Which is how Durham espoused the claim that the FBI, facing an unprecedented attack by Russia on American elections in 2016, might have delayed investigation of a part of it that might have implicated one of the contestants.

The defendant’s false statement to the FBI General Counsel was plainly material because it misled the General Counsel about, among other things, the critical fact that the defendant was disseminating highly explosive allegations about a then-Presidential candidate on behalf of two specific clients, one of which was the opposing Presidential campaign. The defendant’s efforts to mislead the FBI in this manner during the height of a Presidential election season plainly could have influenced the FBI’s decision-making in any number of ways. The defendant’s core argument to the contrary rests on the flawed premise that the FBI’s only relevant decision was binary in nature, i.e., whether or not to initiate an investigation. But defendant’s assertion in this regard conveniently ignores the factual and practical realities of how the FBI initiates and conducts investigations. For example, the Government expects that evidence at trial will prove that the FBI could have taken any number of steps prior to opening what it terms a “full investigation,” including, but not limited to, conducting an “assessment,” opening a “preliminary investigation,” delaying a decision until after the election, or declining to investigate the matter altogether.

[snip]

Moreover, the Department of Justice and the FBI maintain stringent guidelines on dealing with matters that bear on U.S. elections. Given the temporal proximity to the 2016 U.S. presidential election, the FBI also might have taken any number of different steps in initiating, delaying, or declining the initiation of this matter had it known at the time that the defendant was providing information on behalf of the Clinton Campaign and a technology executive at a private company.

[snip]

And the evidence will show that it would have been all the more material here because the defendant was providing this information on behalf of the Clinton Campaign less than two months prior to a hotly contested U.S. presidential election. [my emphasis]

The first paragraph here is really telling, given Durham’s public complaint that the Crossfire Hurricane team should have opened the investigation as a preliminary investigation, not a full investigation (the investigation into Mike Flynn, specifically, wasn’t opened as a full investigation, but none of the techniques used would have otherwise been unavailable, not least because there was already a full investigation opened on Carter Page). This is an argument Durham may reprise in his report: That it was unreasonable for Hillary Clinton to ask the FBI to inquire into Trump’s campaign after he publicly asked a foreign country for help (even ignoring the tip from Australia).

Durham seems to think Hillary should have had no assistance from law enforcement when her opponent publicly asked Russia to hack her some more if people close to her found more reason to be concerned. He even mocked Sussmann as too powerful to choose to use anonymity.

[W]hile the defendant’s motion seeks to equate the defendant with a “jilted ex-wife [who] would think twice about reporting her ex-husband’s extensive gun-smuggling operation,” this comparison is absurd. Def. Mot. at 24

Far from finding himself in the vulnerable position of an ordinary person whose speech is likely to be chilled, the defendant – a sophisticated and well-connected lawyer – chose to bring politically-charged allegations to the FBI’s chief legal officer at the height of an election season.”

This also betrays pure insanity. The anomaly involving Trump could always have reflected disloyal insiders compromising the candidate, as could the YotaPhones potentially in use in Trump headquarters. In fact, Page did compromise Trump when he went to Russia in December 2016 and tell Russians there that he was representing Trump on matters pertaining to Ukraine, just as Mike Flynn did by selling his access to Trump to Turkey, just as Tom Barrack is accused of doing with the Emirates. The reason why Sussmann was providing this information less than two months before an election is because cybersecurity researchers had gone looking because there was an ongoing multi-faceted cybersecurity attack, one that continued right through the election, one that could have victimized Trump as well as Hillary.

Which brings me to the one point Sussmann made that Durham completely ignored. In his response, Durham’s response uses the word “purported” to describe the DNS allegations from Sussmann five times:

  1. The defendant provided the FBI General Counsel with purported data and “white papers” that allegedly demonstrated a covert communications channel between the Trump Organization and a Russia-based bank
  2. the purported data and white papers
  3. the purported DNS traffic that Tech Executive-1 and others had assembled
  4. the defendant provided data which he claimed reflected purportedly suspicious DNS lookups by these entities of internet protocol (“IP”) addresses affiliated with a Russian mobile phone provider (“Russian Phone Provider-1”)
  5. examine the origins of the purported data

What Durham did not do is ever address this point from Sussmann:

Indeed, the defense is aware of no case in which an individual has provided a tip to the government and has been charged with making any false statement other than providing a false tip. But that is exactly what has happened here.

In the fall of 2016, Michael Sussmann, a prominent national security lawyer, voluntarily met with the Federal Bureau of Investigation (“FBI”) to pass along information that raised national security concerns. He met with the FBI, in other words, to provide a tip. There is no allegation in the Indictment that the tip he provided was false. And there is no allegation that he believed that the tip he provided was false. Rather, Mr. Sussmann has been charged with making a false statement about an entirely ancillary matter—about who his client may have been when he met with the FBI—which is a fact that even the Special Counsel’s own Indictment fails to allege had any effect on the FBI’s decision to open an investigation.

[snip]

Again, nowhere in the Indictment is there an allegation that the information Mr. Sussmann provided was false. Nowhere is there an allegation that Mr. Sussmann knew—or should have known—that the information was false. And nowhere is there an allegation that the FBI would not have opened an investigation absent Mr. Sussmann’s purported false statement.

I could fund an entire Special Counsel investigation if I had $5 for every time in this prosecution Durham has used the word “purported.” For almost six months, his entire prosecution has been premised on this anomaly not being “real,” meaning unexplained traffic that might represent something serious.

And yet he has not charged that (though he seems to have bullied April Lorenzen, perhaps because he needs her to be something other than she was). Instead, he just keeps doing the work for which actual evidence is normally required by repeating the word “purported” over and over.

This motion to dismiss will likely fail, because juries get to decide what is material. But contrary to Durham’s claims, unless and until he can prove that Sussmann, Jofffe, and Lorenzen didn’t believe this was a real anomaly worth investigating given all the other attacks that, Sussmann especially, knew were ongoing, then he really will be prosecuting someone for reporting a valid national security concern.

Share this entry

The Error that Betrays Insufficient Attention to the Obstruction Standard in the January 6 Eastman Filing

/46 Comments/in , /by

There’s a telling error in the January 6 Committee’s filing aiming to overcome John Eastman’s claims his emails are covered by Attorney-Client privilege. In the section asserting that Trump had probably violated 118 USC 1512(c)(2) — the same obstruction statute used to charge over 200 of the other January 6 defendants — the filing asserts that six judges “to date” have “refused to dismiss charges against defendants under the section.”

That number is incorrect. As of March 2, at least ten judges had upheld DOJ’s application of 18 USC 1512(c)(2), and a few more have as much as said they would.

  1. Dabney Friedrich, December 10, 2021, Sandlin*
  2. Amit Mehta, December 20, 2021, Caldwell*
  3. James Boasberg, December 21, 2021, Mostofsky
  4. Tim Kelly, December 28, 2021, Nordean*
  5. Randolph Moss, December 28, 2021, Montgomery
  6. Beryl Howell, January 21, 2022, DeCarlo
  7. John Bates, February 1, 2022, McHugh
  8. Colleen Kollar-Kotelly, February 9, 2022, Grider
  9. Richard Leon (by minute order), February 24, 2022, Costianes
  10. Christopher Cooper, February 25, 2022, Robertson

When I first made this observation, I thought I was being a bit churlish in making it. But on reflection (and after reading the quotes from lawyers in this Charlie Savage article), I think it’s an important point. All the more so given how TV lawyers have claimed that, because the January 6 Committee has claimed Trump could be charged with obstruction, then damnit DOJ should already have done so.

The fact that the Jan 6 Committee isn’t even aware of all the obstruction rulings suggests they’ve been insufficiently attentive to what the rulings actually say, aside from the baseline holding of all of them that the vote certification was an official proceeding.

While ten judges have upheld the application, there are some differences between these opinions, particularly with regards to their formulation of the corrupt mens rea required by the statute. The most important differences from my review (but I’m not a constitutional lawyer and so I should not be the one doing this analysis!!!!!), are:

  • Whether “corrupt” intent requires otherwise illegal action
  • Whether such corruption would be transitive (an attempt to get someone else to act improperly) or intransitive (whether it would require only corruption of oneself)

Dabney Friedrich argued (and I laid out briefly here) — and has repeatedly warned in pretrial hearings for Guy Reffitt — that as she understand this application it must involve otherwise illegal actions. Amit Mehta ruled (as I wrote up here) that, at least for the Oath Keepers, this corruption may be just intransitive.

On both these issues, the Jan 6 Committee’s argument is a bit muddled. Here’s how they argue that Trump’s actions (and, less aggressively, Eastman’s) demonstrate that corrupt intent.

The Electoral Count Act of 1887 provides for objections by House and Senate members, and a process to resolve such objections through votes in each separate chamber. 3 U.S.C. §§ 5, 6, 15. Nothing in the Twelfth Amendment or the Electoral Count Act provides a basis for the presiding officer of the Senate to unilaterally refuse to count electoral votes — for any reason. Any such effort by the presiding officer would violate hte law. This is exactly what the Vice President’s counsel explained at length to Plaintiff and President Trump before January 6. Plaintiff acknowledge that the Supreme Court would reject such an effort 9-0. And the Vice President made this crystal clear in writing on January 6: [1] any attempt by the Vice President to take the course of action the President insisted he take would have been illegal

Nevertheless, pursuant to the Plaintiff’s plan, the President repeatedly asked the Vice President to exercise unilateral authority illegally, as presiding officer of the Joint Session of Congress, to refuse to count electoral votes. See supra at 11-13. In service of this effort, he and Plaintiff met with the Vice President and his staff several times to advocate that he universally reject and refuse to count or prevent the counting of certified electoral votes, and both also engaged in a public campaign to pressure the Vice President. See supra at 3-17.

The President and Plaintiff also took steps to alter the certification of electors from various states.

[snip]

The evidence supports an inference that President Trump and members of his campaign knew he had not won enough legitimate state electoral votes to be declared the winner of the 2020 Presidential election during the January 6 Joint Session of Congress, but [2] the President nevertheless sought to use the Vice President to manipulate the results in his favor.

[snip]

[T]he President and the Plaintiff engaged in an extensive public and private campaign to convince the Vice President to reject certain Biden electors or delay the proceedings, without basis, so that the President and his associates would have additional time to manipulate the results. [3] Had this effort succeeded, the electoral count would have been obstructed, impeded, influenced, and (at the very least) delayed, all without any genuine legal justification and based on the false pretense that the election had been stolen. There is no genuine question that the President and Plaintiff attempted to accomplish this specific illegal result. [numbering and bold mine]

As I said, I think this is a bit of a muddle. For starters, the Jan 6 Committee is not arguing that the delay actually caused by Trump’s mob amounted to obstruction. Rather, they’re arguing (at [3]) that had Eastman’s efforts to get Pence to himself impose a delay would be obstruction.

They make that argument even though they have evidence to more closely align their argument to the fact pattern ten judges have already approved. The emails included with this filing show Pence Counsel Greg Jacob twice accusing Eastman of convincing Trump of a theory that Trump then shared with his followers, which in turn caused the riot.

[T]hanks to your bullshit, we are now under siege.

[snip]

[I]t was gravely, gravely irresponsible of you to entice the President of with an academic theory that had no legal viability, and that you well know we would lose before any judge who heard and decided the case. And if the courts declined to hear it, I suppose it could only be decided in the streets. The knowing amplification of that theory through numerous surrogates, whipping large numbers of people into a frenzy over something with no chance of ever attaining legal force through actual process of law, has led us to where we are.

That is, Jacob argued, in real time, that Eastman’s knowingly impossible theory, amplified by the President, caused the riot that ended up putting Pence’s life at risk and delaying the vote certification. But the Jan 6 Committee argues instead that the attempted persuasion of Pence the was the obstructive act.

Perhaps as a result, the agency (transitive versus intransitive) involved in this obstructive act is likewise muddled. In one place (at [1]), the Jan 6 Committee argues that the obstructive act was a failed attempt to persuade Pence to take an illegal action. I’m not sure any of the failed attempts to persuade people to do something illegal (to persuade Pence to do something he couldn’t do, to persuade members of Congress to challenge the vote with either good faith or cynical challenges, to persuade Jeffrey Clark to serve as Acting Attorney General) would sustain legal challenges.

If the Commander in Chief ordered his Vice President to take an illegal act, that would be a bit different, but that’s not what the Jan 6 Committee argues happened here.

Elsewhere, this filing (and other attempts to apply obstruction to Trump) point to Trump’s awareness (at [2]) that he lost the election, and so his attempts to win anyway exhibit an intransitive corrupt intent.

As Charlie Savage noted in his story and a thread on same, to some degree the Jan 6 Committee doesn’t need to do any better. They’re not indicting Trump, they’re just trying to get emails they will likely get via other means anyway (and as such, the inclusion of this argument is significantly PR).

But to the extent that this filing — and not, say, the opinion issued by Judge Mehta after he had approved obstruction, in which he both ruled it was plausible that Trump had conspired with two militias and, more importantly (and to me, at least, shockingly), said it was also plausible that Trump may be liable under an aid and abet standard — is being used as the model for applying obstruction to Trump, it is encouraging a lot of unicorn thinking and, more importantly, a lot of really sloppy thinking. There are so many ways to charge Trump with obstruction that don’t require an inquiry into his beliefs about losing the election, and those are the ones DOJ has laid a groundwork for.

Plus, there are a few more realities that TV lawyers who want to talk about obstruction should consider.

First, it is virtually guaranteed that Friedrich’s opinion — the one that holds that “corrupt” must involve otherwise illegal actions — will be the first one appealed. That’s because whatever happens with the Guy Reffitt trial this week and next, it’s likely it will be appealed. And Reffitt has been building in an appeal of Friedrich’s obstruction decision from the start. First trial, first appeal. So TV lawyers need to study up what she has said about otherwise illegal action and lay out some rebuttals if their theory of Trump’s liability involves mere persuasion.

Second, while ultimately all 22 judges are likely to weigh in on this obstruction application (and there are only two or three judges remaining who might conceivably rule differently than their colleagues), there are just a handful of judges who might face this obstruction application with Trump or a close associate like Roger Stone or Rudy Giuliani. Judge Mehta (by dint of presiding over the Oath Keeper cases) or Judge Kelly (by dint of ruling over the most important Proud Boy cases) might see charges against Roger Stone, Rudy Giuliani, or Alex Jones. Chief Judge Howell might take a higher profile case herself. Or she might give it to either Mehta (who is already presiding over closely related cases, including the January 6 lawsuits of Trump) or one of the two judges who has dealt with issues of Presidential accountability, either former OLC head Moss or Carl Nichols. Notably, Judge Nichols, who might also get related cases based on presiding over the Steve Bannon case, has not yet (as far as I’m aware) issued a ruling upholding 1512(c)(2); I imagine he would uphold it, but don’t know how his opinion might differ from his colleagues.

The application of 18 USC 1512(c)(2) to January 6 is not, as the TV lawyers only now discovering it, an abstract concept. It is something that has been heavily litigated already. There are eight substantive opinions out there, with some nuances between them. The universe of judges who might preside over a Trump case is likewise finite and with the notable exception of Judge Nichols, the two groups largely overlap.

So if TV lawyers with time on their hands want to understand how obstruction would apply to Trump, it’d do well — and it is long overdue — to look at what the judges have actually said and how those opinions differ from the theory of liability being thrown around on TV.

I’m convinced not just that Trump could be prosecuted for obstruction, but that DOJ has been working towards that for some time. But I’m not convinced the current January 6 Committee theory would survive.

Share this entry

John Durham and Newly-Sanctioned Alfa Bank’s Filings: “Almost like they were written by the same people”

/71 Comments/in , , /by

In a DC hearing on February 9 regarding Alfa Bank’s attempt to obtain documents from Michael Sussmann before his trial, DC Superior Judge Shana Frost Matini observed that the Alfa Bank allegations and the John Durham indictment seemed like they could be written by the same people.

[R]ight now, given the — if the closeness of Alpha’s allegations, I mean, quite frankly, it’s — reading Alpha’s submissions and what the — and that compared to the indictment, there’s — it’s almost like they were written by the same people in some way. [Alpha misspelling original]

Judge Matini, a Trump appointee, scolded Alfa — which over this past weekend was included in sanctions against Russian banks in retaliation for the invasion — for claiming that their lawsuit and Durham’s indictment of Sussmann were not closely related after having raised the indictment in the first place.

As to the claims that the criminal and civil proceedings are not closely related, this is a surprising representation for Alpha to make, given that Alpha was the one to bring the criminal charges to the Court’s attention by filing what was styled as a notice of supplemental authority in support of its Motion to Compel.

Of course, there is no Supplemental Authority here. A criminal indictment is not an opinion of the Court. It’s just a charge that the prosecuting authority is bringing against an individual with facts that are alleged to support the charge.

In dual lawsuits in FL and PA, Alfa Bank purports to be trying to figure out who allegedly faked DNS records to make it look like Alfa was in contact with Trump back in 2016 so it can sue those people. Rather than finding anyone to sue, however, it has instead spent its time subpoenaing experts to learn as much as it can about how the US tracks DNS records to prevent cyberattacks by — among other hostile countries — Russia.

Matini ruled that Alfa’s effort to get more information from Sussmann will have to wait until June, after his trial. (It’s unclear whether the sanctioned bank will still have legal means to pay Skadden lawyers to pursue this lawsuit at that point.)

But since then, the timelines of the Alfa Bank and Durham investigations have closely paralleled.

Of particular interest, on the morning of February 11, Rodney Joffe — referred to as Tech Executive-1 in the Durham filings — sat for an almost 5-hour deposition with Alfa Bank’s lawyers. He revealed that Durham had first approached him for an interview at least a year earlier. He revealed he had been asked to testify before the grand jury, but he “declined to interview,” presumably meaning he told Durham he’d invoke the Fifth (just as Don Jr and probably his daddy are understood to have done with Mueller).

Joffe’s refusal to voluntarily feed this witch hunt continued in his Alfa deposition. Citing the ongoing Durham investigation, he invoked the Fifth Amendment a slew of times (though not as many times as your average Trump man in a financial fraud deposition or even Alex Jones in an interview about an insurrection). Those questions to which he invoked his Fifth Amendment rights and those he answered mapped out an interesting territory, marking who he does know and those Alfa thought he did but that he does not.

For example, he said he had never heard of Alfa Bank before investigating the anomaly related to it. He said he had never met Jean Camp or several of the other researchers that frothers are certain he conspired with. Joffe twice said he had never met Christopher Steele and also said he “had no idea” that Sussmann met with Steele about the server allegations. He denied knowing what the contract between Georgia Tech and DARPA looked like.

Alfa made a number of mistakes — confusing a domain name with a business. Claiming he authored a paper that David Dagon had. Asking him about several emails he hadn’t been sent.

There were several claims Alfa made that Joffe’s lawyer, Steven Tyrrell, established a record were unproven assumptions on Alfa’s part, such as that Joffe got one of the white papers described in the indictment. Importantly, that includes a question about the EOP server.

Q: I was just going to ask Mr. Joffe whether or not he knows who the executive branch office of the U.S. government is?

A: I have to invoke my Fifth Amendment rights.

Mr. Tyrrell: And Margaret, if I may, just — I apologize. Just for the record, I want to be clear that — that in invoking his rights and my allowing my client to invoke his rights, that should not be interpreted as an admission that the — I mean, you’ll argue whatever it is, if you do, that the allegations, which are just allegations in the indictment, are accurate.

In addition to those curious objections, there were several things alleged in the indictment that Joffe outright denied. In several questions, Joffe challenged the meaning of an email Durham has used to suggest he anticipated, and wanted, a top cybersecurity job within a hypothetical Hillary Administration. After objecting to the form of the way the Alfa Bank’s Skadden lawyer tried to corner Joffe into answering the question, Tyrrell answered,

You know, again, our position on this is Mr. Joffe is happy to answer the question that was posed about whether he was ever offered the top cybersecurity job by the Democrats when it looked like they’d win. I think he’s answered that question.

He’s not going to answer questions about communications that he may or may not have had with other people about the topic. And as to those, he would invoke his rights under the Fifth Amendment.

Joffe answered no to three questions about whether the Clinton campaign paid him for his work on the server allegations, a false claim that Kash Patel spread.  Joffe also distinguished his concern about Donald Trump from a political desire to see him lose.

I’ve never been interested in politics. I’ve never been involved in politics. I haven’t voted for many, many years. I haven’t donated to any parties or any — or given any kind of benefit to any parties, but I certainly over the last few years have had an interest in the politics of the country that I live in.

That explanation premised two invocations of his Fifth Amendment in response to questions about Trump specifically.

In other words, Joffe’s Alfa Bank deposition on February 11 undermined several of the premises of the Durham investigation, while it identified several areas where his lawyer suggested Alfa’s assumptions were wrong (in the hearing on Laura Seago’s deposition, there was a central Alfa Bank assumption I know to be badly wrong).

Joffe’s deposition ended at 2:07PM ET on February 11.

Nine hours later, at 11:32PM, Durham submitted the belated conflicts motion — which would have been filed in September if Durham really had concerns about any conflict — and floated a number of claims about Joffe, claims that went beyond those in the indictment. Joffe is mentioned twenty times, including the following:

The defendant’s billing records reflect that the defendant repeatedly billed the Clinton Campaign for his work on the Russian Bank-1 allegations. In compiling and disseminating these allegations, the defendant and Tech Executive-1 also had met and communicated with another law partner at Law Firm-1 who was then serving as General Counsel to the Clinton Campaign (“Campaign Lawyer-1”).

The Indictment also alleges that, beginning in approximately July 2016, Tech Executive-1 had worked with the defendant, a U.S. investigative firm retained by Law Firm-1 on behalf of the Clinton Campaign, numerous cyber researchers, and employees at multiple Internet companies to assemble the purported data and white papers. In connection with these efforts, Tech Executive-1 exploited his access to non-public and/or proprietary Internet data. Tech Executive-1 also enlisted the assistance of researchers at a U.S.-based university who were receiving and analyzing large amounts of Internet data in connection with a pending federal government cybersecurity research contract. Tech Executive-1 tasked these researchers to mine Internet data to establish “an inference” and “narrative” tying then-candidate Trump to Russia. In doing so, Tech Executive-1 indicated that he was seeking to please certain “VIPs,” referring to individuals at Law Firm-1 and the Clinton Campaign.

The Government’s evidence at trial will also establish that among the Internet data Tech Executive-1 and his associates exploited was domain name system (“DNS”) Internet traffic pertaining to (i) a particular healthcare provider, (ii) Trump Tower, (iii) Donald Trump’s Central Park West apartment building, and (iv) the Executive Office of the President of the United States (“EOP”). (Tech Executive-1’s employer, Internet Company-1, had come to access and maintain dedicated servers for the EOP as part of a sensitive arrangement whereby it provided DNS resolution services to the EOP. Tech Executive-1 and his associates exploited this arrangement by mining the EOP’s DNS traffic and other data for the purpose of gathering derogatory information about Donald Trump.)

The Indictment further details that on February 9, 2017, the defendant provided an updated set of allegations – including the Russian Bank-1 data and additional allegations relating to Trump – to a second agency of the U.S. government (“Agency-2”). The Government’s evidence at trial will establish that these additional allegations relied, in part, on the purported DNS traffic that Tech Executive-1 and others had assembled pertaining to Trump Tower, Donald Trump’s New York City apartment building, the EOP, and the aforementioned healthcare provider. In his meeting with Agency-2, the defendant provided data which he claimed reflected purportedly suspicious DNS lookups by these entities of internet protocol (“IP”) addresses affiliated with a Russian mobile phone provider (“Russian Phone Provider-1”). The defendant further claimed that these lookups demonstrated that Trump and/or his associates were using supposedly rare, Russian-made wireless phones in the vicinity of the White House and other locations. The Special Counsel’s Office has identified no support for these allegations. Indeed, more complete DNS data that the Special Counsel’s Office obtained from a company that assisted Tech Executive-1 in assembling these allegations reflects that such DNS lookups were far from rare in the United States. For example, the more complete data that Tech Executive-1 and his associates gathered – but did not provide to Agency-2 – reflected that between approximately 2014 and 2017, there were a total of more than 3 million lookups of Russian Phone-Provider-1 IP addresses that originated with U.S.-based IP addresses. Fewer than 1,000 of these lookups originated with IP addresses affiliated with Trump Tower. In addition, the more complete data assembled by Tech Executive-1 and his associates reflected that DNS lookups involving the EOP and Russian Phone Provider-1 began at least as early 2014 (i.e., during the Obama administration and years before Trump took office) – another fact which the allegations omitted.

As I noted, less than a day after Durham filed that motion, the former President suggested that Joffe had been spying and should be killed. In response to the furor, Joffe’s spox later issued a statement clarifying what went on — precisely the information he had tried to plead the Fifth over.

In a statement, a spokesperson for Mr. Joffe said that “contrary to the allegations in this recent filing,” he was apolitical, did not work for any political party, and had lawful access under a contract to work with others to analyze DNS data — including from the White House — for the purpose of hunting for security breaches or threats.

After Russians hacked networks for the White House and Democrats in 2015 and 2016, it went on, the cybersecurity researchers were “deeply concerned” to find data suggesting Russian-made YotaPhones were in proximity to the Trump campaign and the White House, so “prepared a report of their findings, which was subsequently shared with the C.I.A.”

And some of the other researchers had to provide more details to push back on the frenzy (including that the data from EOP preceded Trump’s inauguration). Few outlets, though, have presented the basic innumeracy in Durham’s filing about the rarity of YotaPhones as anything but a contested issue.

And after Durham incited claims that Joffe should be killed, one week later Alfa Bank then affirmed the tie between Joffe and Tech Executive 1 by posting his deposition in their motion to get another four months to conduct their fishing expedition. That has had the effect of further inflaming the frothy right, and providing Durham sworn testimony from Joffe that he was otherwise not entitled to (including several warnings about how his case against Sussmann may be vulnerable).

In the wake of the release of the Florida filing, Joffe’s lawyers intervened in the Sussmann case and then filed a separate sealed motion to strike the (misleading) references to Joffe in the filing.

A Trump appointed judge in DC believes these efforts look like they’re being written by the same people. Whether Durham’s sources and a sanctioned Russian Bank’s sources are “colluding,” these parallel developments had the effect of depriving Joffe of his ability to fully invoke the Fifth Amendment. And with the help of a sanctioned Russian bank, it gave Durham a substantial benefit in a criminal investigation.

Timeline

January 25: Durham asks to extend discovery deadline

January 28: Durham admits that Durham was informed about the James Baker phone he claimed to forget knowing about

February 9: Michael Sussmann succeeds in staying Alfa Bank’s effort to get documents from him

February 10: Fusion GPS’ Laura Seago attempts to quash a subpoena

February 11, 9:30AM: Rodney Joffe deposition

February 11, 11:32PM: Durham files a motion purporting to be a conflicts motion that misrepresents the evidence

February 14: Sussmann asks to strike unsupported allegations in conflicts motion

February 14: Peter Fritsch deposition

February 17: Sussmann moves to dismiss the case, arguing his alleged lie would not be material

February 17: Durham claims that the close associates of the investigation that lied about what the conflicts motion said have nothing to do with the Durham team

February 18: Alfa Bank requests another extension to keep looking for John Does in FL

February 24: Rodney Joffe’s lawyers file notices of appearance in the Sussmann docket

February 25: Judge Christopher Cooper schedules a hearing on the conflicts motion for March 7

February 28: Joffe files a sealed motion to expunge the references to Tech Executive-1

March 1: Judge Cooper sets a Friday deadline for the government to respond to Joffe’s motion

March 7: Hearing scheduled to address conflicts memo

Share this entry

John Durham Accuses One of His Key Fact Witnesses — Sergei Millian’s Twitter Account — of “Misinterpret[ing] Facts”

/68 Comments/in , , /by

As I documented the other day, John Durham responded to the uproar over his conflicts filing stunt by claiming to have had nothing at all to do with the “third parties” who “overstated, understated, or otherwise misinterpreted facts contained in the Government’s Motion.”

If third parties or members of the media have overstated, understated, or otherwise misinterpreted facts contained in the Government’s Motion, that does not in any way undermine the valid reasons for the Government’s inclusion of this information.

The claim that the uproar was created by “third parties” is so obviously false it raises conflict problems for Durham himself.

Durham falsely claims those pushing lies are “third parties” to his investigation

As I laid out, one of the key perpetrators of the false claims — including the false claims (1) that Hillary paid Rodney Joffe, (2) that Joffe had “infiltrated” the White House, and (3) Joffe had done so when Trump was President — was Kash Patel, the originator of this entire line of inquiry in December 2017, and someone who for years had means to learn that those claims were false.

John Ratcliffe, whom Durham was meeting rather than interviewing Hillary staffers who could substantiate or debunk his accusations that Michael Sussmann was coordinating with the campaign, made these unsubstantiated claims in a TV appearance earlier this week:

  • There was a “Hillary Clinton campaign plan to falsely accuse Donald Trump of collusion with Russia”
  • Rodney Joffe used DNS data “for an unlawful purpose”
  • Sussmann “pitched” information “to the FBI as evidence of Trump-Russia connections that simply weren’t true and that the lawyer, Michael Sussmann, and the tech executive knew not to be true”

Donald Trump, who personally nominated John Durham as US Attorney and whose demands for criminal investigations led to Durham’s appointment as Special Counsel, asserted that his “presidency [was] spied on by operatives paid by the Hillary Clinton campaign in an effort to develop a completely fabricated connection to Russia.”

These are not “third parties.” These are:

  • The originator of the allegations against Sussmann
  • A self-described repeat Durham witness
  • The man who nominated Durham to be US Attorney and, ultimately, was his boss for almost 3 years

But there’s actually another key player in the effort to magnify Durham’s conflicts filing stunt who is even more central to Durham’s work: One of his most important “witnesses,” Sergei Millian’s twitter account.

The pipeline from online conspiracy theorists through former investigators to the former President

Yesterday, Glenn Kessler attempted to trace how the filing became a propaganda tool. The timeline he laid out looks like this (these times are ET):

11:33PM: Filing hits PACER.

12:43AM: Whispers of Dementia screencaps the filing, noting Durham claimed “Sussmann is likely to be in an “adversarial posture” against Perkins Coie.”

9:24AM: emptywheel notes that Durham is criminalizing lying to the FBI about traffic involving Trump Tower, which Trump himself did at the time.

9:25AM: Hans Mahncke links and screencaps the filing and claims,

Rodney Joffe and his buddies at Georgia Tech monitored Trump’s internet traffic *while* he was President of the United States.

9:39AM: Kessler’s gap

9:45AM: emptywheel RTs Mahncke and notes that this is about cybersecurity.

10:25AM: Techno Foggy tweets that,

DNC/Perkins Coie allies – Rodney Joffe, et al. – Joffe et al, “exploited a sensitive US govt arrangement” to gather intel on the “Executive Office of the President of the U.S.” They spied on Trump.

11:11AM: House Judiciary GOP [so a Jim Jordan staffer] RTs Foggy’s tweet, claiming:

We knew they spied. But it was worse than we thought.

11:44AM: Techno Foggy tweets out his Substack with the claim,

Clinton allies used sensitive data from the Office of the President to push false Trump/Russia claims to the CIA

Why did they risked jail to link Trump to Russia?

Maybe because the origin of their fraud was the “Russian hack” of the DNC.

2:27PM: John Ratcliffe responds to House Judiciary tweet with claim, “And now you’re finding out why…,” thereby seemingly endorsing the “spying” claim, and linking the Durham release with his own cooperation with Durham’s inquiry.

3:24PM: Mark Meadows RT’s Foggy’s tweet, claiming,

They didn’t just spy on Donald Trump’s campaign.

They spied on Donald Trump as sitting President of the United States.

It was all even worse than we thought.

5:51PM: Center for Renewing America tweets out Kash Patel statement making numerous false claims.

6:47PM: Trump’s spox tweets out his claims of spying.

This timeline is damning enough: It shows how these false claims went from “sleuths” who spend much of their time spinning Durham’s conspiracy theories, through Techno Foggy (a self-described lawyer who has for years interacted openly with lawyers like Sidney Powell and Billy Barr’s spox Kerri Kupec), to Jim Jordan’s staffer to Ratcliffe to Mark Meadows to Kash Patel to Trump. Every single one of these current and former officials have played a central role in these investigations; none is a “third party.”

Sergei Millian’s twitter account calls it spying

But there’s a very key step in Kessler’s timeline that is missing. At 9:39AM (the time shown here is Irish time) — which I’ve marked above in red — Sergei Millian’s twitter account tweeted, “They were spying on the White House, folks!!.”

This claim was before Techno Foggy made the spying claim. The first person to have made the “spying” claim in this timeline, then, was Sergei Millian’s twitter account.

In fact, the next day, Millian’s twitter account insinuated to have started all this in the first place — that the twitter account “had a direct line into the White House” via which it “told them who was working against them.”

Thanks for identifying this phone call, Sergei, because Igor Danchenko will now have cause to demand details of it in discovery, which will mean, on top of the other unprecedented discovery challenges Durham has taken on in prosecuting Danchenko, he’s now going to have to get Trump records from the Archives. Michael Sussmann, too, likely now has cause to demand those records.

The Millian twitter account RT of Mahncke to belatedly explain the spying claim makes it clear it is an active participant in the “Sleuths Corner” that drives many of the false claims about Durham. In fact the Millian twitter account even advertises it on the twitter account.

Durham says his key witness “misrepresented the facts”

This all amounts to Durham himself discrediting one of his witnesses, perhaps fatally.

As I have noted, when John Durham charged Igor Danchenko with four counts of lying about believing that he had spoken to Sergei Millian back in July 2016, Durham didn’t actually claim to have obtained testimony from the human being named Sergei Millian. Durham did not appear to have required that Millian show up and make statements for which he could be legally held accountable.

Instead, Durham presented an unverified twitter account to the grand jury and based on that, claimed “Chamber President-1 has claimed in public statements and on social media that he never responded to DANCHEKNO’s [sic] emails, and that he and DANCHENKO never met or communicated.”

I refer to this entity as “Sergei Millian’s twitter account” to emphasize that there is not a scrap of evidence in the public record showing that Durham did anything to confirm that Millian, the person, even operates it exclusively. While I have no reason to doubt that he does, from a legal standpoint, Durham is at least publicly relying on nothing but an unverified account, something journalists have been loathe to do for years with Millian.

And this claim attributed to an unverified twitter account is a very important piece of evidence. There’s nothing else in the public record that shows Durham affirmatively ruled out that Danchenko and Millian really did have a phone call.

When I first realized how reckless that was, I though it impossible for Durham to have been that negligent. But we’ve since learned that he accused Sussmann of coordinating with Hillary’s staffers without ever first interviewing a single full-time staffer. So perhaps it is, in fact, true that Durham charged a man based off the unsubstantiated claims of a twitter account.

Danchenko appears to have obtained a pre-trial subpoena on February 8; I have wondered whether it was for the Millian twitter account. If so, the subpoena might well obtain the traffic of what has happened in recent days.

As it stands, though, Durham makes no claim to have anything else.

Just that twitter account.

And that twitter account is part of a pipeline that took Durham’s filing and made egregiously false claims about it. Durham is now on the record claiming that that twitter account “misinterpreted the facts.” But Danchenko will have good reason — and abundant proof, given the details of last week’s little propaganda explosion — to argue that Sergei Millian’s twitter account is willing to make false claims to create a scandal around the Durham investigation.

That shreds the credibility of the only claimed “witness” that the call never happened.

Share this entry

Durham Says It’s Not His Fault His Former Boss Called for the Death of His Defendant

/83 Comments/in , /by

John Durham didn’t have much to say after being called out for making baseless accusations that their source Kash Patel lied about, leading the former President to suggest Michael Sussmann should be killed.

They’re not responsible for the death threats, the attorney who filed a notice of appearance in the wake of Friday’s stunt, Brittain Shaw, insists.

If third parties or members of the media have overstated, understated, or otherwise misinterpreted facts contained in the Government’s Motion, that does not in any way undermine the valid reasons for the Government’s inclusion of this information.

She said this even while acknowledging it might be prudent to take measures against death threats in the future.

That said, to the extent the Government’s future filings contain information that legitimately gives rise to privacy issues or other concerns that might overcome the presumption of public access to judicial documents – such as the disclosure of witness identities, the safety of individuals, or ongoing law enforcement or national security concerns – the Government will make such filings under seal. United States v. Hubbard, 650 F. 2d 293, 317-323 (D.C. Cir. 1980) (setting forth factors for considering whether the presumption of public access is overridden, including (1) the need for public access to the documents at issue; (2) the extent of previous public access to the documents; (3) the fact that someone has objected to disclosure, and the identity of that person; (4) the strength of any property and privacy interests asserted; (5) the possibility of prejudice to those opposing disclosure; and (6) the purposes for which the documents were introduced during the judicial proceedings.) The Government respectfully submits that no such issues or concerns are implicated here. [my emphasis]

The former President implied the defendant and a witness should be killed. But it’s not Durham’s fault and so he doesn’t have to deal with the fact that it happened!!

This is factually specious. Kash Patel, who was among the first to make egregiously false claims, is not a “third party.” He is the originator of this inquiry, and he knew well his statements to be false. Donald Trump, who suggested Sussmann and others should be killed, is not a “third party.” He was Durham’s boss and his demands for prosecutions are what led to Durham being appointed Special Counsel in the first place.

Plus, Durham’s team have already made the identities of some grand jury witnesses public in discovery filings.

The claim that the architects of this mob are neutral “third parties” is all the more pathetic given the excuse Shaw provides for including the false insinuation that Rodney Joffe spied on Trump’s White House rather than tried to keep the White House safe from hackers at the time it happened to be occupied by Barack Obama.

The reason they mentioned the White House, you see (Shaw claims), is because of one of the conflicts they raised.

The Government included two paragraphs of limited additional factual detail in its Motion for valid and straightforward reasons. First, those paragraphs reflect conduct that is intertwined with, and part of, events that are central to proving the defendant’s alleged criminal conduct. Second, the Government included these paragraphs to apprise the Court of the factual basis for one of the potential conflicts described in the Government’s Motion, namely, that a member of the defense team was working for the Executive Office of the President of the United States (“EOP”) during relevant events that involved the EOP. [my emphasis]

Shaw here argues that events in February 2017 are “intertwined” with an alleged crime that took place five months earlier.

She also suggests that the reason they raised the White House is because one of Sussmann’s team members worked there (Charlie Savage has now IDed the lawyer as Michael Bosworth).

I mean, so did Kash Patel, a central player in the false claims that led to the former President calling for death.

Here’s what the actual conflict memo said about that purported conflict.

Based on its review of documents in its investigation and other information, the Special Counsel’s Office also has learned that one of the members of the defendant’s current defense team (“Defense Team Member-1”) previously worked as Special Counsel to the then-FBI Director from 2013 to 2014. In connection with that work, Defense Team Member-1 developed professional and/or personal relationships with several individuals who later were involved with and/or knowledgeable of the FBI’s investigation of the Russian Bank-1 allegations. For example, Defense Team Member-1 appears to have developed a professional relationship with the former FBI General Counsel to whom the defendant made his alleged false statement and who will likely be a central witness at trial.4 While it is unlikely that these past interactions and activities will give rise to an actual conflict of interest, the Government respectfully requests in an abundance of caution that the Court inquire with the defense concerning whether Defense Team Member-1’s relationships with persons and entities who might be witnesses in this case could give rise to a potential conflict or appearance issue and, if so, whether the defendant waives any such conflict.

4 Following his employment at the FBI, Defense Team Member-1 worked from 2014 to early 2017 as an attorney in the EOP which, as noted above, was involved in certain factual issues that the Government expects will be relevant at trial and any sentencing proceedings. Latham has represented to the Government that while employed at the EOP, Defense Team Member-1 had no role in the aforementioned events or arrangements involving Tech Executive-1, Internet Company1, and/or allegations involving the purported use of Russian-made phones. The Government similarly has not seen evidence to suggest that Defense Team Member-1 had any role in, or direct knowledge of, the Russian Bank-1 allegations or the FBI’s ensuing investigation. [my emphasis]

It’s the tie to Jim Comey and through him to James Baker, not the subsequent job at the White House, that Durham’s team presented as a potential conflict — and even then, Durham’s team admits this is not likely a conflict. By this standard, several members of the prosecutorial team, not to mention the guy from whom this allegation came from, Kash Patel, have a conflict. John Durham was hired by Donald Trump; that’s a more serious conflict than anything his team spins up as one.

The White House will not be called to the stand at Sussmann’s trial. None of this is actually about the White House. As Andrew DeFilippis noted in his filing making wild claims of conflict, the White House job was not one of those conflicts. Indeed, this is yet another marker of Durham’s dishonesty. This team member, as described, was a victim of Rodney Joffe’s purportedly vicious efforts to make sure the Obama White House was not hacked. The team member only has an adversarial relationship if one believes that protecting against hacks is an adversarial stance. But that’s not how they describe the purported conflict which even they admit is not one.

Which is a pretty big hint their understanding of conflicts here is whacked beyond all reason.

Even in a terse four page motion (which I guess is one way she’s an improvement over DeFilippis), Shaw still had room for bullshit.

Having given a transparently bogus excuse for raising the White House, she then says that raising it in a conflict memo is cool because Durham plans to later raise these issues in a motion in limine (pre-trial motions about what can and cannot be presented during the trial).

In light of the above, there is no basis to strike any portion of the Government’s Motion. Indeed, the Government intends to file motions in limine in which it will further discuss these and other pertinent facts to explain why they constitute relevant and admissible evidence at trial. Pursuant to caselaw and common practice in this and other districts, the filing of documents containing reference to such evidence on the public docket is appropriate and proper, even in highprofile cases where the potential exists that such facts could garner media attention. See, e.g., United States v. Stone, 19 Cr. 18 (D.D.C. October 21, 2019) (ABJ), Minute Order (addressing the Government’s publicly-filed motion in limine seeking to admit video clip from the movie “Godfather II” that defendant sent to an associate and permitting admission of a transcript of the video); United States v. Craig, 19 Cr. 125 (D.D.C. July 10, 2019) (ABJ), Minute Order (addressing Government’s publicly-filed Rule 404(b) motion to offer evidence of defendant’s efforts to assist Paul Manafort’s relative in obtaining employment); United States v. Martoma, S1 12 Cr. 973, 2014 WL 164181 (S.D.N.Y. January 9, 2014) (denying defendant’s motion for sealing and courtroom closure relating to motions in limine concerning evidence of defendant’s expulsion from law school and forgery of law school transcript);1 see also Johnson v. Greater SE Cmty. Hosp. Corp., 951 F. 2d 1268, 1277 (D.C. Cir. 1991) (holding that there is a “strong presumption in favor of public access to judicial proceedings”). Moreover, any potential prejudice or jury taint arising from such media attention can effectively and appropriately be addressed through the voir dire process during jury selection.

1 The publicly-filed evidentiary motions and judicial rulings in each of the above-cited cases received significant media attention. See, e.g., Prosecutors Can’t Show Godfather II Clip at Roger Stone Trial, Judge Rules, CNN, October 21, 2019 (https://www.cnn.com/2019/10/21/politics/godfather-ii-roger-stone/index.html; Greg Craig Pushed to Hire Manfort’s Relative at Skadden, Prosecutors Say, POLITICO, May 10, 2019 (https://www.politico.com/story/2019/05/10/greg-craig-hire-manaforts-relative-1317600); SAC’s Martoma Tried to Cover Up Fraud at Harvard, Documents Show, REUTERS, January 9, 2014 (https://www.reuters.com/article/us-sac-martoma-harvard/sacs-martoma-tried-to-cover-up-fraudat-harvard-documents-show-idUSBREA081C720140109).

Roger Stone Roger Stone Roger Stone and Mueller, she throws in for good measure.

This is a fairly bald admission that the time to raise these issues, pretending they were relevant, would be the later 404(b) fight (over whether evidence of related conduct can be admitted at trial to help prove the case), not now, on a totally separate issue. That this might be a relevant issue later (which is itself admission that these topics are not direct evidence about Sussmann’s alleged lie and must first demonstrate relevance to even be admitted at trial) is not an excuse to use them in untimely and off-purpose fashion.

And yet that’s Durham’s excuse for saying a bunch of things that predictably led to calls for death.

According to John Durham’s logic of conflicts, he is the one with an unwaivable conflict. The guy who hired him to this job is the same guy suggesting, based off Durham’s filing, that the guy he is prosecuting should be executed.

Updated for clarity.

Update: Corrected Bosworth’s last name.

Share this entry

The Durham Investigation Has Lasted 50% Longer than the Mueller Investigation

/61 Comments/in , , /by

It seems like just days ago we were celebrating a big milestone in the life of the Durham investigation: the 1,000 day mark.

Time flies when you’re unethically making accusations designed to rile up the frothy base, because Durham hits another major milestone today.

Today makes day 1,011 for Durham. The Mueller investigation lasted 674 days, total. So as of today, John Durham has been investigation for 50% longer than the entire Mueller investigation he was hired to undermine.

I had to highlight the end date for Mueller because it gets lost when compared to the Durham timeline.

In 22 months, Mueller got convictions of Trump’s Coffee Boy, his National Security Advisor, his Campaign Manager and the Campaign Manager’s Deputy, Trump’s personal lawyer, as well as another American and the son-in-law of Alfa Bank Oligarch German Khan. On a referral, a second Konstantin Kilimnik partner, Sam Patten pled guilty. Mueller charged 25 Russian involved in attacks on the country, as well as Kilimnik himself in a conspiracy with Manafort (though not the conspiracy for trading campaign strategy for debt relief). With another eight months, DC’s US Attorney would win Roger Stone’s conviction. None of those things — not the George Papadopoulos guilty plea, not the guilty plea of Khan’s son-in-law Alex Van der Zwaan, and not Michael Cohen’s plea to covering up the communications he had (on Trump’s behalf) with the Kremlin — derives from either the Steele dossier or the Alfa-Bank anomalies.

In half again that time span, John Durham has won the guilty plea of Kevin Clinesmith (whose misconduct DOJ Inspector General Michael Horowitz found), charged Michael Sussmann for lying about coordinating with Hillary staffers he didn’t coordinate with, and charged Igor Danchenko for lies that Durham’s prosecutors created, at least in part, with cut-and-paste failures. All because he’s sure — and he’s going to keep going until he finds proof — that the abundant prosecutions Mueller obtained were the fruit of stuff that Durham is working hard to criminalize and not the criminal conduct that all those Trump flunkies but Stone admitted to.

With the addition of a new financial crimes prosecutor yesterday to the Michael Sussmann prosecution team, I feel like Durham is barely getting started. Why not double the length of time it Mueller took to investigate rather than avoid admitting you can’t substantiate any of your conspiracy theories?

Share this entry

John Durham Chose to Meet with John Ratcliffe Rather than Witnesses Necessary to His Investigation

/109 Comments/in , /by

The evidence continues to mount that John Durham has done an epically incompetent investigation. I’ll pull together all that evidence later this week.

But one that I find hilarious and shocking can’t wait.

A piece written by the Fox News propagandist who played a key role in magnifying Kash Patel’s false claims over the weekend credulously continues the Murdoch effort to jack up the frothers by claiming that — rather than letting statutes of limitation expire with no charges — Durham has instead sped up his investigation. Fox also cites a single source claiming that Durham’s investigation has been run very professionally.

Special Counsel John Durham’s investigation has “accelerated,” and more people are “cooperating” and coming before the federal grand jury than has previously been reported, a source familiar with the probe told Fox News.

The source told Fox News Monday that Durham has run his investigation “very professionally,” and, unlike Special Counsel Robert Mueller’s investigation, his activities, and witness information and cooperation status are rarely, if ever, leaked.

Fox unsurprisingly doesn’t cite the part of a recent filing that makes it clear that April Lorenzen doesn’t think it has been run professionally.

In fact, this piece demonstrates that no one who would actually know whether Durham’s investigation has been conducted professionally would talk to them:

Durham’s Feb. 11 filing says that the “FBI General Counsel” will “likely be a central witness at trial.”

Baker did not immediately respond to Fox News’ request for comment.

Durham also provided grand jury testimony from “the above-referenced former FBI Assistant Director for Counterintelligence.” It is unclear to which official Durham is referring, but the title could be a reference to Bill Priestap, who served as the FBI’s assistant director for counterintelligence from 2015 to 2018.

Priestap did not immediately respond to Fox News’ request for comment.

Durham also lists “a former FBI Deputy Assistant Director for Counterintelligence.” It is unclear to whom Durham is referring.

[snip]

Strzok, who was part of the original FBI investigation into whether the Trump campaign was colluding with Russia to influence the 2016 presidential election, and later in Special Counsel Robert Mueller’s office, was fired from the FBI in 2018 after months of scrutiny regarding anti-Trump text messages exchanged with former FBI General Counsel Lisa Page. Their anti-Trump text messages were uncovered by the Justice Department inspector general.

Fox News was unable to reach Strzok for comment.

[snip]

Elias’ law firm, Perkins Coie, is the firm that the Democratic National Committee and the Clinton campaign funded the anti-Trump dossier through. The unverified dossier was authored by ex-British Intelligence agent Christopher Steele and commissioned by opposition research firm Fusion GPS.

A spokesperson for Elias did not immediately respond to Fox News’ request for comment. [my emphasis]

But somebody who would speak with Fox News is John Ratcliffe, the former AUSA who misrepresented his record to get elected but who nevertheless got to be Director of National Intelligence for a short period because Ric Grenell was so much more unsuited to hold the position.

As DNI, Ratcliffe made false claims about Chinese intervention in the election as a way to downplay Russia’s ongoing efforts to help Trump. Ratcliffe is currently spending a lot of time denying that his politicized views (and delay of) a mandated election interference report played some role in January 6 conspiracy theories.

We now know that Ratcliffe should be happy to make those denials to the January 6 Committee directly and under oath — because he has apparently been very happy to chat with Durham’s investigators.

Meanwhile, this week, sources told Fox News that former Director of National Intelligence John Ratcliffe met with Durham on multiple occasions and told him there was evidence in intelligence to support the indictments of “multiple people” in his investigation into the origins of the Trump-Russia probe.

Ratcliffe’s meetings with Durham are significant (beyond suggesting he may be the single source who told Fox News this isn’t a shitshow investigation) because, days before Billy Barr made Durham a Special Counsel, Ratcliffe unmasked Hillary’s identity in foreign intercepts and burned collection on Russian internal intelligence analysis in order to release a report trying to insinuate that Hillary’s fairly unsurprising decision to tie Trump to Russia is what led the FBI to investigate Trump’s ties to Russia.

At issue is a report from John Ratcliffe, sent on September 29, 2020, explaining that,

In late July 2016, U.S. intelligence agencies obtained insight into Russian intelligence analysis alleging that U.S. Presidential candidate Hillary Clinton had approved a campaign plan to stir up a scandal against U.S. Presidential candidate Donald Trump by tying him to Putin and the Russians’ hacking of the Democratic National Committee. The IC does not know the accuracy of this allegation or the extent to which the Russian intelligence analysis may reflect exaggeration or fabrication.

The following week, presumably in an attempt to dredge up some kind of attack out of an absurd attack, Ratcliffe released the underlying reports that, he claimed in his original report, show the following:

According to his handwritten notes, former Central Intelligence Agency Director Brennan subsequently briefed President Obama and other senior national security officials on the intelligence, including the “alleged approval by Hillary Clinton on July 26, 2016 of a proposal from one of her foreign policy advisors to vilify Donald Trump by stirring up a scandal claiming interference by Russian security services.”

On 07 September 2016, U.S. intelligence officials forward an investigative referral to FBI Director James Comey and Deputy Assistant Director of Counterintelligence Peter Strzok regarding “U.S. Presidential candidate Hillary Clinton’s approval of a plan concerning U.S. Presidential candidate Donald Trump and Russian hackers hampering U.S. elections as a means of distracting the public from her use of a private mail server.”

By releasing the exhibits, Ratcliffe should raise real questions about his credibility. For example, I’m not at all sure this date, from Brennan’s notes, reads July 26 and not July 28, a critical difference for a ton of reasons.

The FBI report has a slew of boilerplate making it clear how sensitive this report was (for obvious reasons; effectively it shows that the CIA had some kind of visibility into Russian intelligence analysis), which makes it clear how utterly unprecedented this desperate declassification is. Former CIA lawyer Brian Greer discusses that in this Lawfare post.

Plus, Ratcliffe left out an unbelievably important part of the report: the role of Guccifer 2.0 in the Russian report. Intelligence collected in late July 2016 claimed that Hillary was going to work her alleged smear around neither the GRU (which had already been identified as the perpetrator of the DNC hack) nor WikiLeaks (which had released the DNC files, to overt celebration by the Trump campaign), but Guccifer 2.0, who looked to be a minor cut-out in late July 2016 (when this intelligence was collected), but who looked a lot more important once Roger Stone’s overt and covert communications with Guccifer 2.0 became public weeks later.

The report suggests Hillary magically predicted that days after this plot, President Trump’s rat-fucker would start a year’s long campaign running interference for Guccifer 2.0. Not only did Hillary successfully go back and trick George Papadopoulos into drunkenly bragging about Russian dangles in May 2016, then, Hillary also instantaneously tricked Stone into writing propaganda for Guccifer 2.0 days later.

The report never made any sense. As I noted at the time, to be true, it would require Hillary to have gone back in time to trick the Coffee Boy to learn of and pass on Russia’s plans. Worse still, the claim suggested that Roger Stone — whom FBI has evidence was in contact with the Guccifer 2.0 persona starting in spring 2016 — started parroting the same line the Russians were pushing, even before the FBI learned of it. In other words, read in conjunction with the actual evidence about 2016, the intelligence report on Russia actually suggested that Stone’s ties to Russian intelligence may have been far more direct than imagined.

But John Ratcliffe was too stupid to understand that, and everything we’ve seen about John Durham suggests he is too. That Durham has been repeatedly interviewing Ratcliffe suggests he buys Ratcliffe’s theory that this should have undermined the very real reason to investigate Trump. It also explains why, on the Sussmann indictment, Durham was so squishy about the July 2016 timeline: he needs this report to be more important than the fact that Trump stood up in public and asked Russia to hack some more (which is what led the researchers to look twice at this anomalous data).

Nevertheless, it appears that rather than interviewing witnesses who would be necessary to vet the charges he filed against Michael Sussmann, such as a single Hillary staffer, Durham has, instead, just kept going back to serial liars like Ratcliffe to renew his own conspiracy theories.

Ah well, this disclosure gives Michael Sussmann cause to subpoena Ratcliffe, just like this stunt has given him reason to subpoena Kash Patel. It’s increasingly clear that these addle-brained Republicans fed these conspiracies into Durham’s investigation, and now are magnifying them as Durham’s investigation gets exposed as incompetent, without disclosing that they’re the ones who provided the conspiracy theories in the first place.

Share this entry

Donald Trump Suggested Michael Sussmann Should Be Killed because Rodney Joffe “Spied” on Barack Obama

/44 Comments/in , /by

Michael Sussmann has filed his response to John Durham’s transparent attempt to inflame the frothers. In it, he notes what I did: Durham used an unrelated filing (one that, Sussmann’s filing noted, had already been addressed between the parties) to make claims that were not charged.

Importantly, he notes that Durham misrepresented the dates of the anomalous data found at the Executive Office of the Presidency that Sussmann presented at a February 9, 2017 meeting with the CIA. The data predates the Donald Trump inauguration.

In his Motion, the Special Counsel included approximately three pages of purported “Factual Background.” See Dkt. No. 35 at 2–5. Approximately half of this Factual Background provocatively—and misleadingly1 —describes for the first time Domain Name System (“DNS”) traffic potentially associated with former President Donald Trump, including data at the Executive Office of the President (“EOP”), that was allegedly presented to Agency-2 in February 2017. See id. at 3–4. These allegations were not included in the Indictment; these allegations post-date the single false statement that was charged in the Indictment; and these allegations were not necessary to identify any of the potential conflicts of interest with which the Motion is putatively concerned. Why then include them? The question answers itself.

1 For example, although the Special Counsel implies that in Mr. Sussmann’s February 9, 2017 meeting, he provided Agency-2 with EOP data from after Mr. Trump took office, the Special Counsel is well aware that the data provided to Agency-2 pertained only to the period of time before Mr. Trump took office, when Barack Obama was President. Further—and contrary to the Special Counsel’s alleged theory that Mr. Sussmann was acting in concert with the Clinton Campaign—the Motion conveniently overlooks the fact that Mr. Sussmann’s meeting with Agency-2 happened well after the 2016 presidential election, at a time when the Clinton Campaign had effectively ceased to exist. Unsurprisingly, the Motion also omits any mention of the fact that Mr. Sussmann never billed the Clinton Campaign for the work associated with the February 9, 2017 meeting, nor could he have (because there was no Clinton Campaign). [my emphasis]

Not only must Durham know the true dates of the data involved but so — as I’ve noted — must Kash Patel, who has known about this issue for four years. That means Patel insinuated that Hillary’s associates hacked Trump, knowing full well the claim was false.

And it led the former President to claim that those involved should be killed.

Sussmann has asked Judge Christopher Cooper to strike the improper language from the motion.

He has also provided yet more evidence that Durham didn’t take basic investigative steps necessary to vet the allegations he made in the indictment before actually indicting Sussmann. Durham didn’t interview any Clinton Campaign staffer to find out whether Sussmann coordinated with the campaign until after the indictment.

[T]he Special Counsel has been investigating for years, and some of the Special Counsel’s “ongoing” investigation seems to be work that should have been completed before indicting Mr. Sussmann. For example, the Special Counsel has alleged that Mr. Sussmann met with the FBI on behalf of the Clinton Campaign, but it was not until November 2021—two months after Mr. Sussmann was indicted—that the Special Counsel bothered to interview any individual who worked full-time for that Campaign to determine if that allegation was true. It is not.

As I noted earlier, Durham had to admit that he had no basis to substantiate claims of coordination with the Hillary Campaign in a filing last year. But that was October. It was not until after he had to confess he had overblown that claim in the indictment that Durham first interviewed a Hillary staffer.

In his filing, Sussmann makes it clear he intends to move to dismiss the indictment.

In addition, Mr. Sussmann reserves all rights to submit appropriate motions and seek appropriate relief concerning this conduct should the Indictment not be dismissed and should the case proceed to trial, including by seeking extensive voir dire about potential jurors’ exposure to prejudicial media resulting from the Special Counsel’s irresponsible actions.

If he keeps to the original filing deadline, that motion will be submitted this Friday. While not normally a basis to dismiss an indictment, Sussmann will be able to present entire swaths of proof that Durham didn’t take basic investigative steps before accusing Sussmann of things that turned out not to be true.

And now he’ll be able to point back to this filing to show that Durham misrepresented basic facts that might get someone killed.

Update: I managed a whole appearance on MSNBC without potty mouth.

Share this entry