Posts

John Durham’s Pyrrhic Privilege Victory

As I predicted might happen, Judge Christopher Cooper has ruled that a chunk of the Fusion GPS emails over which the Democrats claimed privilege are not privileged and ordered Fusion to give the emails to Durham.

Applying the two asserted privileges to the 38 emails it has reviewed, the Court finds that Fusion GPS had no valid basis to withhold 22 of the 38 emails, but that it has met its burden to establish privilege over the remaining 16. The Court analyzes each category separately.

[snip]

Consistent with this ruling, Fusion is directed to provide the Special Counsel the documents numbered 2–11, 15, 16, 19–21, and 24–30 in the privilege log accompanying the government’s motion by Monday, May 16, 2022.

But because Durham blew all his deadlines, he can’t use these emails at trial.

Based on the above timeline, the Special Counsel waited some eight months after it was aware of the privilege holders’ final position to seek court intervention. See Def’s Resp. at 6–7, ECF No. 71. The Special Counsel responds that it was engaged in good faith discussion with the privilege holders to resolve this issue without burdening the Court. That may well be so, and the Court obviously encourages parties to negotiate disputes on their own. Still, the record shows that these discussions ended in January 2022—yet the Special Counsel waited to file this motion until April 6, 2022, just over a month before trial was set to begin. And, given the number of privilege holders involved and the fact-bound nature of the issues, resolving the motion has naturally taken us to the eve of trial.

Under these circumstances, allowing the Special Counsel to use these documents at trial would prejudice Mr. Sussmann’s defense. See Armenian Assembly of Am., Inc. v. Cafesjian, 772 F. Supp. 2d 129, 158–59 (D.D.C. 2011) (production of documents “on the eve of trial . . . forced Defendants to spend a significant amount of time and resources reviewing these materials instead of preparing their witnesses, rehearsing their arguments, and otherwise preparing”). Although these documents are relatively few in number and do not strike the Court as being particularly revelatory, the Court is not in the best position to predict how new evidence might affect each side’s trial strategy and preparation. The Court therefore will not, as a matter of principle, put Mr. Sussmann in the position of having to evaluate the documents, and any implications they might have on his trial strategy, at this late date. See United States v. Alvin, 30 F. Supp. 3d 323, 343 (E.D. Pa. 2014) (granting defendant’s motion to dismiss indictment on speedy trial grounds, noting that the defendant “was put in the position of requiring” a prior continuance “by the Government’s failure to turn over discovery” until five days before trial); Leka v. Portuondo, 257 F.3d 89, 101 (2d Cir. 2001) (disclosure of evidence on the eve of trial “tend[s] to throw existing strategies and preparation into disarray”)

Accordingly, the government will not be permitted to introduce the emails and attachments that the Court has ruled are not subject to privilege. The Court takes no position on the other approximately 1500 documents that Fusion GPS withheld as privileged, as they are not the subject of the government’s motion. However, the Court will apply the principles set forth above to any assertions of privilege during witness testimony at trial.

Cooper ruled the 8 emails involving Laura Seago and Rodney Joffe are privileged.

Cooper did say these emails were not “particularly revelatory,” so this may not matter in the grand scheme of things. Based on what I’ve seen — as someone who was a Fusion critic before it was fashionable — they believed they were involved in a good faith effort to understand Trump’s ties to Russia and other corrupt actors.

But Durham will now go after 1,500 other Fusion emails in pursuit of his grand conspiracy theory. Which means that unless Durham does something really stupid, we may be stuck with him until he lets all his other statutes of limitation expire.

 

Before John Durham’s Originator-1, There Was a Claimed BGP Hijack

In this post, I described that “Phil,” the guy I went to the FBI about because I suspected he had a role in the Guccifer 2.0 persona, had a role in the Alfa Bank story. As noted, Phil’s provable role in pushing the Alfa Bank story in October 2016 was minor and would have no effect on the false statement charge — for an alleged lie told in September 2016 — against Michael Sussmann. But because of Durham’s sweeping materiality claims, it might have an impact on discovery.

It has to do with the theory that Alfa Bank has about the DNS anomalies, a theory that Durham seems to share: that the data was faked.

As Alfa laid out in its now abandoned John Doe lawsuits, it claims that the anomalous DNS traffic that Michael Sussmann shared with the FBI in September 2016 was faked. The bank appears to believe not just that the data was faked, but that April Lorenzen is involved in some way. For example, it describes that Tea Leaves and “two accomplices” were sources for Franklin Foer (though elsewhere, the lawsuit claims that Tea Leaves was pointed to the data by the unknown John Doe defendants).

Durham seems even more sure that Lorenzen is the culprit. For example, he always refers to the data as “purported.” He refers to Lorenzen as “Originator-1” rather than “Data Scientist-1” or “Tea Leaves,” insinuating she fabricated the data. And when Sussmann asked for all evidence indicating that Durham had bullied witnesses, Durham provided emails involving Lorenzen’s lawyers.

Alfa Bank might be excused for imagining that Lorenzen is the primary culprit to have fabricated the data. According to Krypt3ia, when Alfa asked him for his communications, he only had one email, with a different journalist, to share. They quite clearly don’t understand that someone else was involved in publicizing these claims.

Durham doesn’t have the same excuse.

That’s because DOJ – of which Durham remains a part – knows at least some of the details about “Phil” that I laid out in my last post. Because they would have checked Twitter to vet some of my most basic claims, they almost certainly obtained the Twitter DMs (or at least the metadata) showing that Phil brokered the tie between Krypt3ia and the NYT.

To be clear: I have no evidence that Phil altered the DNS records. I’m agnostic about what caused the anomaly (though am convinced that the experts involved believe the anomaly is real, even if they offer varying explanations for the cause). But Durham has made the source of the anomaly an issue to bolster his claims about materiality. And, as Sussmann noted in a recent filing, “Much as the Special Counsel may now wish to ignore the allegations in the Indictment, he is bound by them.” So, it seems, Durham’s on the hook for telling Sussmann if DOJ knows of anyone else involved in pushing the Alfa Bank story who could be a possible culprit for fabricating the data, especially if that person was known to have clandestinely signed a comment, “Guccifer 2.0.”

Phil probably faked a BGP hijack

The fact that Phil alerted the NYT to the Russian proxy of Lorenzen’s data matters not just because he had, months earlier, claimed to work for an FSB-led company and, even before that, claimed to have been coerced by Russian intelligence at an overseas meeting before the known DNC operation started.

It also matters because (I believe) Phil faked an Internet routing record in the same month the Alfa/Trump/Spectrum anomalies started.

In May 2016, Phil shared what he claimed was a traceroute of a request to my site, an Internet routing record that is different than but related to the DNS records at the heart of the Alfa Bank story. The screencap he sent me purported to show that a request to my site had been routed through (to the best of my memory) some L3 routers in Chicago, to Australia, back to those L3 switches, to my site. Phil was claiming to show me proof that someone had diverted requests to my site overseas along the way – what is known as a BGP hijack. Phil showed this to me in the wake and context of a DDOS attack that had brought my site down for days, an attack which led me to rebuild my site, change hosts, and add Cloudflare DDOS protection.

May 2016, the month Phil showed me what I believe to be a faked traceroute, is the same month the anomalous traffic involving Alfa Bank, Spectrum Health, and a Trump-related server started.

Phil used that traceroute to claim that the US intelligence community was diverting and spying on traffic to my website.

The claim made no sense. The only thing that diverting my traffic would get spies is access to my readers’ metadata, which would be readily accessible via easier means, including with a subpoena to my host provider. Aside from a bunch of drafts that I’ve decided didn’t merit publication, there’s no non-public content on my site. I was not competent (and did not ask others) to assess the validity of the screencap itself, but I considered it unreliable because it didn’t show the query or originating IP address behind the record, which would be needed to test its provenance.

I don’t have that original traceroute (I replaced my phone not long after he sent it). But in June 2016 he shared a reverse DNS look-up related to my site that wasn’t altered but in which Phil invoked the earlier one.

I corrected him in this case – this IP address was readily explainable; it was Cloudflare (which Phil surely knew). But Phil nevertheless repeated his earlier claim that “they” were hijacking my traffic.

When I said that Phil had been tracking how requests to my site worked for some time before he left a comment signed [email protected] in July 2016, this weeks-long exchange is what I was referring to. He had, effectively, been watching as I added Cloudflare protection to my site.

These screencaps show that Phil, who months later would play a role in pushing the Alfa Bank story, was using DNS records — real and possibly faked — as a prop in a false story.

Phil tracked DOD contracts closely

That’s not the only detail that DOJ may know about that Durham should consider before insinuating that Lorenzen is the most likely culprit if this data was fabricated. DOJ may know that Phil tracked DOD contracts very closely. That’s important because it explains how Phil could have learned researchers would be looking closely at DNS records.

For years, I’ve believed that the Alfa-Trump-Spectrum Health effort was disinformation, because so much of what came out that year was and because I viewed the Spectrum Health stuff to be such a reach. My belief it might be disinformation only grew stronger when I discovered the focus on Spectrum Health, with its link to Erik Prince’s sister’s spouse, came just after Prince had asked Roger Stone about his efforts to reach out to WikiLeaks.

Certainly, Putin exploited the allegations afterwards to his advantage. He used them to push Alfa Bank’s Petr Aven to take a primary role in reaching out to Trump during the transition, at least as recounted in the Mueller Report.

According to Aven, at his Q4 2016 one-on-one meeting with Putin,981 Putin raised the prospect that the United States would impose additional sanctions on Russian interests, including sanctions against Aven and/or Alfa-Bank.982 Putin suggested that Aven needed to take steps to protect himself and Alfa-Bank.983

981 At the time of his Q4 2016 meeting with Putin, Aven was generally aware of the press coverage about Russian interference in the U.S. election. According to Aven, he did not discuss that topic with Putin at any point, and Putin did not mention the rationale behind the threat of new sanctions

Aven even used Richard Burt, one of the people scrutinized by the Fusion and DNS research, to reach out to Trump, effectively pursuing precisely the back channel between Alfa and Trump that Fusion suspected months earlier.

The relevant part of Aven’s interview is redacted, so it’s not clear whether Aven mentioned that Alfa Bank had been a key focus of the interference allegations. But that’s the presumptive subtext: along with the Steele dossier, the DNS anomaly – both of which, in several lawsuits since, Aven or Alfa have claimed were “gravely damaging” – raised suspicions about Alfa Bank and made it more likely the bank would be sanctioned than had been the case previously.

And before the bank did get sanctioned last month, Alfa was using the DNS anomaly to conduct a lawfare campaign to learn how the US uses DNS tracking to thwart hacks (one wonders if Putin ordered that campaign, like he personally ordered Aven to reach out to Trump). That campaign even got a bunch of frothy right-wingers to decry efforts to prevent and detect nation-state hacks on the US. So at the very least, Russia has exploited the Alfa-Trump allegations to great benefit, one measure of whether something could be deliberate disinformation.

But as I’ve talked to people who’ve tried to figure out what the anomaly was – including experts who believed it did reflect real communication as well as some who didn’t – they always explained that seeding disinformation in such a fashion would be useless. That’s because you couldn’t ensure that any disinformation you planted would be seen. That is, unlike the Steele dossier, which was being collected by an Oleg Deripaska associate and shared with the press (and for which there’s far more evidence Russia used it to plant disinformation), you could never expect the disinformation to be noisy enough to attract the desired attention.

In the years since the original story, how researchers who found the anomalous data obtained the DNS data has driven a lot of the hostility behind it. The researchers have tried to hide where they got the data for proprietary and cybersecurity reasons. John Durham has alleged there was some legal impropriety behind using it, even when used (as the researchers understood they were doing) to research ongoing nation-state hacks. And Alfa Bank was using lawfare to try to find out as much about the means by which this DNS traffic was observed by cybersecurity experts as possible. The full story of how the researchers accessed the data has yet to be reported, but as I understand it, there’s more complexity to the question than initially made out or than has made it into Durham’s court filings. That complexity would make it even harder to anticipate where DNS researchers were looking. So, multiple experts told me, it would be crazy to imagine anyone would have thought to seed disinformation in DNS records expecting it’d get picked up via those collection points in 2016, because no one would have expected anyone was observing all those collection points.

If a Fancy Bear shits in the DNS woods but there’s no one there to see it, did it really happen?

But there was, in fact, a way to anticipate it might get seen.

As the Sussmann indictment vaguely alluded to and this NYT story laid out in detail, researchers found the DNS anomalies in the context of preparing a bid for a DARPA research contract.

The involvement of the researchers traces back to the spring of 2016. DARPA, the Pentagon’s research funding agency, wanted to commission data scientists to develop the use of so-called DNS logs, records of when servers have prepared to communicate with other servers over the internet, as a tool for hacking investigations.

DARPA identified Georgia Tech as a potential recipient of funding and encouraged researchers there to develop examples. Mr. Antonakakis and Mr. Dagon reached out to Mr. Joffe to gain access to Neustar’s repository of DNS logs, people familiar with the matter said, and began sifting them.

Separately, when the news broke in June 2016 that Russia had hacked the Democratic National Committee’s servers, Mr. Dagon and Ms. Lorenzen began talking at a conference about whether such data might uncover other election-related hacking.

The DOD bidding process provided public notice that DARPA was asking researchers to explore multiple ways, including DNS traffic, to attribute persistent hacking campaigns in real time.

The initial DARPA RFP was posted on April 22, 2016, ten days before the anomalous traffic started but well after the Russian hacking campaign had launched (documents FOIAed by the frothers reveal that the project was under discussion for months before that). This RFP provided a way for anyone who tracked DOD contracts closely to know that people would be looking and the announcement itself included DNS records and network infrastructure among its desired measurements. Depending on the means by which DARPA communicated about the contract, it might also provide a way to find out who would be looking and how and where they would be looking, though as I understand it, the team at Georgia Tech would have been an obvious choice in any case.

Phil tracked DOD contracts very closely. In September 2016, for example, he sent me a text alerting me to a new Dataminr contract just 66 minutes after I published a post about the company (I later wrote up the contract).

Phil also told me, verbally, he was checking what contracts DOD had with one of the US tech companies for which a back door was exposed in summer 2016. He claimed he was doing so to see how badly the government had fucked itself with its failure to disclose the vulnerability. By memory (though I am not certain), I believe it was Juniper Networks, in the wake of the Shadow Brokers release of an NSA exploit targeting the company.

And even on top of Phil’s efforts to convince me that the DNC hack wasn’t done by APT 28, DOJ has other evidence that Phil tracked APT attribution efforts closely, even using official government resources to do so. So it would be unsurprising if he had taken an interest in a contract on APT attribution in real time.

Durham may have access to some or all of this

Durham insinuates the DNS records are faked and he appears to want to blame Lorenzen for faking them. But he may be ignoring evidence in DOJ’s possession that someone else who, I’ve now confirmed, played at least a minor role in pushing the Alfa Bank story was using Internet routing records, possibly faked, to support a false story in May 2016.

To be sure: while I know the investigation into Phil continued at least the better part of a year after my FBI interview about him, any feedback I’ve gotten about that investigation has been deliberately vague. So aside from the obvious things – like the Twitter records that would show Phil’s DMs with Krypt3ia and Nicole Perloth – I can’t be sure what is in DOJ’s possession.

I don’t even know whether the 302 from my FBI interview would mention Phil’s pitch of the Alfa Bank story to me. It was on a list of the things I had intended to describe in that interview. But I didn’t work from the list in the interview itself and I have no affirmative memory of having mentioned it. If I did, it would have amounted to me saying little more than, “he also was pushing the Alfa Bank story.”

That said, unless the FBI agents were epically incompetent, my 302 should mention Alfa Bank, because I’m absolutely certain I raised this post and its emphasis on the inclusion of Alfa Bank in an alarming April 2017 BGP hijack.

And in fact, there’s a way Durham could have found out about Phil’s role in the Alfa Bank story independent of my FBI interview. Of just two people in the US government with whom I shared some of the Alfa Bank-related texts I exchanged with Phil (both were Republicans), one was centrally involved in the investigations that fed into the Durham investigation. If this stuff matters, Durham should ask why several of his key source investigations didn’t focus on it.

Durham should know that Phil had a role in the Alfa Bank story.

And given his insinuations in the indictment that Lorenzen fabricated DNS data in May 2016, making the insinuation part of his materiality claims, Durham may be obligated to tell Michael Sussmann that DOJ already knows of someone who was pushing the Alfa Bank story who used DNS data to tell a false story in May and June 2016.

The Alfa Bank Dark Net at Noon

Before its John Doe nuisance lawsuits got shut down by Vladimir Putin’s invasion of Ukraine, Alfa Bank made several claims that led me to chase down a minor – but potentially important – part of the Alfa Bank story.
Someone totally uninvolved in the Michael Sussman/Fusion/April Lorenzen effort played a role in making their efforts public in 2016: “Phil,” the guy about whom I went to the FBI in 2017. As I told the FBI, I suspected he had played a role in the Guccifer 2.0 and Shadow Brokers operations.

This post will focus on what Alfa Bank got wrong. A follow-up post will look at why, if John Durham made the same error, it may matter for the Michael Sussmann case.

Someone exposes Tea Leaves’ research via Krypt3ia

At issue is this post on the eponymously-named InfoSec blog Krypt3ia. As the post describes, someone tipped Krypt3ia off to a WordPress site and a purported i2p site (also called an “eepsite”) that laid out a version of the claims that Michael Sussmann had shared with the FBI and the NYT in September 2016.

Those claims are at the heart of the false statement charge against Sussmann.

Along with the basic allegations about weird DNS look-ups between servers from Alfa Bank and Spectrum Health and a Trump marketing server, those sites also revealed that after the NYT called Alfa Bank for comment about the DNS anomaly in September 2016, the Trump DNS address changed. This is the digital equivalent of someone changing their phone number after discovering they were being surveilled. The seeming response by Trump to the NYT call to Alfa for comment has always been regarded as the smoking gun showing human acknowledgement of the communications (a report from Alfa Bank attempted, unpersuasively, to contest that).

By connecting to a Russian-hosted proxy service, the Krypt3ia post about all this added an element of Russian mystery to the story. But that’s it. The post offered no other new content.

The Krypt3ia post is more important for the function it played than its content. Krypt3ia’s post served to make the contents of a publicly available but difficult to find i2p site – believed to be created by data scientist April Lorenzen, but written under the pseudonym Tea Leaves – accessible.

In response to tips from source(s) of his, Krypt3ia focused attention on a series of communications, none tied in his post to a then-identified person. First, someone alerted him to the WordPress site. That site spoke of Tea Leaves as a third person; there was never a pretense that it was Tea Leaves or Lorenzen. Krypt3ia learned of that WordPress site because someone approached Krypt3ia, purportedly asking for help finding an incomplete i2p address listed in the post.

I caught wind of the site when someone asked me to look at an i2p address that they couldn’t figure out and once I began to read the sites [sic] claims I thought this would be an interesting post.

That tip led Krypt3ia to find what was actually a proxy allowing access to a real i2p site – the one that injected an air of Russian mystery to the story.

First off, the i2p address in the WordPress site is wrong from the start. Once I dug around I found that the real address was gdd.i2p.xyz which is actually a site hosted on a server in Moscow on Marosnet.

That led Krypt3ia to ask whether anyone at NYT wanted to verify the claim that Trump Organization seemingly took action after NYT called Alfa.

I also have to wonder about this whole allegation that a NYT reporter asked about this.

Say, any of you NYT’s people out there care to respond?

Ask and you shall receive! Someone–as I lay out below, I have confirmed that this was “Phil”–put Krypt3ia in touch with a NYT reporter.

First off, someone in my feed put me in touch with the NYT and a reporter has confirmed to me that what the site says about NYT reaching out and asking about the connections, then the connections going bye bye is in fact true.

[snip]

The biggest takeaway is that the NYT confirmed that they asked the question and shit happened. They are still looking into it.

In an update, someone purporting to be Tea Leaves responded to Krypt3ia via an untraceable Tutanota email account, and in response, Krypt3ia posed a bunch of questions, only to get no answer. That non-answer was a key reason why Krypt3ia later treated the allegations as a fraud – an opinion that Alfa Bank, at least, used to bolster their own claims of fraud.

As Krypt3ia mused in real time, it seemed that the entire point of the tips he was receiving was focusing attention on the allegations themselves. Except, if your goal was to release a story that might swing an election, it was a really weird way of doing so.

One does wonder though just who might be trying this tac to attempt to cause Donny trouble. It seems a half assed attempt at best or perhaps they were not finished with it yet.. But then why the tip off email to someone who then got in touch with me? Someone I spoke to about this alluded to maybe that was the plan, for me to blog about this from the start..

[snip]

I have to say it though, these guys are trying to get the word out but in a strange way. I mean this eepsite is now hosted in Czechoslovakia, staying with the Baltic flavor but why not broadcast this more openly? Why does the WordPress site have the wrong address to start and then the other eepsite disappears after a little poking and prodding?

There are at least four unattributed or unattributable communications that appeared in this post: an email to someone who, in turn, got in touch with Krypt3ia; a tip about the WordPress site (presumably from the person who got the email) and through it to the i2p gateway; the contact with the unnamed NYT reporter; and the email from someone claiming to be Tea Leaves via a service that made it impossible to prove it was the person who originally adopted that pseudonym.

Notably, this all happened between October 5, 2016 – before the Podesta drop and the DHS attribution of the DNC hack to Russia – and the days after it. Krypt3ia was checking out the i2p proxy on October 7, at 3:08PM ET – less than half an hour before DHS would release an unprecedented attribution statement, followed shortly by the Access Hollywood video, followed shortly by the first Podesta email drop. Krypt3ia wrote his post the following day.

i2p sites aren’t supposed to get noticed

To understand why using Krypt3ia to get noticed is so weird, you need to understand a little about i2p.

i2p is a network like Tor that provides obscurity and security. Even today, it’s far less accessible than Tor (and was even more so in 2016). Krypt3ia could credibly access it, but I couldn’t have. Reporter Eric Lichtblau or Fusion GPS’ Laura Seago probably couldn’t have either. Normally you need either a special browser or a gateway to to access an eepsite. Importantly, the public DNS routing information that was at the heart of the project that discovered the Alfa Bank anomalies doesn’t exist for i2p. You can’t just Google for a site.

If data scientist April Lorenzen put her research on an i2p site, as alleged, she may have done so to limit who noticed it and her role in it.

It didn’t work out that way.

(Note, because the Durham investigation remains ongoing, I am not contacting her or her lawyers for comment or others who are obviously still the focus of Durham’s investigation.)

Krypt3ia didn’t link directly to her i2p site at first. He started by linking a gateway, which would be accessible to mere mortals who don’t have an i2p browser or technical prowess. His second link may have been a different gateway – again, a link readily accessible to people without using special software. It was one of these links that got sent around by journalists and researchers.

That’s what I mean about content versus function: Krypt3ia added no new content to this story. He did, however, make parts of it accessible to people – like reporters – who would otherwise never have found it.

A comment purportedly from Lorenzen sent to Krypt3ia’s site, playing on Tea Leaves’ name, expressed (or feigned) surprise at finding what the email called a mirror (but which was a proxy).

Thank you to https://krypt3ia .wordpress.com for pointing out a possible mirror of this (the original, what you are reading, http://gdd.i2p). We did not know about gdd.i2p.xyz until hearing about it from Krypt3ia. So we did a little research and see that i2p.xyz has been around for years and appears to mirror a lot of *.i2p sites. *i2p.xyz probably functions as an alternative for everybody that doesn’t have the skills to reach an i2p site :)

Next question, why would somebody first mirror – and then drop their mirror – of our http://gdd.i2p website. The following is just speculation: maybe normally i2p.xyz just mirrors everything but oops! Something hot – drop the mirror. I don’t know. I didn’t try to visit it. Mirrors of course could choose to alter content and measure who visits. We have no such opportunity to see who is visiting our real i2p site.

Whoever wrote the email, it emphasized how the proxy was different from the “real i2p site:” The proxy “functions as an alternative for everybody who that doesn’t have the skills to reach an i2p site,” but it also can “measure who visits” whereas a “real i2p site” cannot.

Whatever the story behind the Krypt3ia post, it had the effect of making it clear that researchers who believed they could find hackers by looking at public DNS data couldn’t hide what they were doing, even on networks designed to be untrackable. It had the effect of making it clear their efforts to look for Russian hackers in DNS data had been seen.

Alfa Bank alleges the Krypt3ia notice is part of an imagined conspiracy targeting the bank

It also appears to have convinced Alfa Bank that Krypt3ia was a key cog in the publication of this story. Their lawsuit claimed that,

The scientists and researchers who obtained the nonpublic DNS data deliberately leaked portions of that data to other scientists and researchers and, ultimately, to the media.

Depositions in the Alfa Bank lawsuit make it clear that Alfa believed (presumably because of those characteristics about i2p) that Fusion GPS must have been behind the effort to alert Krypt3ia to the research site and, via his post, to alert the public.

In a February 10 bid to overcome privilege claims that Fusion GPS’ Laura Seago had previously made, Alfa Bank lawyer Margaret Krawiec argued that Seago must have breached any privilege by sharing information from the publicly posted Tea Leaves information. Krawiec’s logic was that someone internal to the privilege claims asserted by Perkins Coie must have told Seago where the i2p site was, because otherwise there would be no way she could find it.

Krawiec: So, your honor, let me jump in there because one of the things that happened is that we were trying to understand how it was that Ms. Seago knew that this data had been published on the internet because it was published in an obscure place in the internet by this Tea Leaves that I told you about.

And then what Fusion did was – so we asked about that. We said, “How did you know where to look for that data? Who told you?” Cut off, instruction not to answer, privileged. But guess what they did with those links of that data? They took that data that someone told them because no one would have known to find it where it was unless someone told them.

And they wouldn’t tell us who told them or how they found it, but then they took all those links – the supposed public source research – and disseminated it to seven or eight media outlets saying you have to check this out. This is big stuff.

Fusion’s lawyer Joshua Levy countered that the link and the site itself were public.

Levy: If you – if you take the example that Alfa-Bank’s lawyer just presented to the Court, the link that someone at Fusion had circulated to a reporter, that link is a link to the internet. It’s a publicly available link, right?

The link – it’s, it’s like sending a New York Times article to a reporter at the Washington Post. Have you – have you seen this article? You should look at it. It’s interesting. Here’s a link. It happens to do with the subject matter which (indiscernible) is fascinated, [sic] but it’s a publicly available link.

Ms. Seago may have had communications internally at Fusion about that link. Those are privileged communications, but the link itself is available online for the Court, for me, for Ms. Krawiec. It’s public. There’s, there’s nothing confidential about that link.

Alfa’s lawyer responded by arguing that because an i2p site was so difficult to find, Seago’s knowledge of its location must have come from privileged information, and because she subsequently shared a link to a gateway with journalists, she had waived privilege.

Krawiec: Your Honor, I can tell you that where this link was when it was on the internet, you, myself, Mr. Levy, no one could have found that by doing a basic Google search. They were instructed where to find it in this obscure location.

And all we were trying to understand is who instructed them because the person who posted it was Tea Leaves, the anonymous computer scientist who had this computer data.

Alfa’s lawyer argued, not unreasonably, that because Tea Leaves’ site could not have been discovered by a Google search, someone connected to Tea Leaves must have told Fusion where it was, and because Fusion, in turn, shared a link to it, any privilege around Fusion’s discussions about Tea Leaves had therefore been breached.

Alfa’s focus on how Tea Leaves’ i2p site became public continued during a February 14 deposition of Peter Fritsch. In it, Alfa raised an email from Seago to Fritsch describing that Krypt3ia had become aware of Tea Leaves’ work, in response to which questions Fritsch pled the Fifth. By the time Krypt3ia posted, it seems likely, Fusion already knew April Lorenzen was involved.

But in the Seago hearing, Fusion lawyer Joshua Levy stated clearly that, “Our client didn’t move that specific communication –” pushing Tea Leaves’ information (from the context, it’s unclear to me whether this was a link directly to a gateway to Tea Leaves i2p site or one that involved Krypt3ia). Elsewhere Levy explained that Mark Hosenball had sent the link to Fusion which, in turn, sent it out to other journalists.

Fusion’s claims are consistent with them knowing of Lorenzen’s work before the Krypt3ia post, but having nothing to do with the Krypt3ia post and/or public links directly to Lorenzen’s site.

“Phil” hooked Krypt3ia up with the NYT

Alfa Bank seems to doubt Fusion’s denials that they were behind all those levels of notice to Krypt3ia.

I have no idea who first alerted Krypt3ia to the WordPress site or the i2p site, and he says he doesn’t remember who did. I do know who hooked him up with the NYT.

As I noted when I criticized this story in 2016, I was pitched the Alfa Bank story, like the NYT. But unlike the NYT, I was not pitched it by the people Durham is trying to put in jail like Sussmann, the researchers, or Fusion GPS. I was pitched it by the guy whom I’ve referred to by the pseudonym “Phil,” the person I went to the FBI about in 2017. (This is a pseudonym and he has not been charged by DOJ.)

Not only did he pitch me on it, but he told me he was the one to have hooked Krypt3ia up with the NYT reporter.

The rest of our exchange is below…

The claim that Phil had introduced Krypt3ia to a NYT reporter was credible. At the time I knew of several NYT reporters he claimed to have ties to (at Phil’s request, I had introduced him to one of them, and I’ve confirmed his contacts with others since). He also publicly interacted with Krypt3ia on Twitter.

But I had never checked whether Phil had really introduced the NYT to Krypt3ia until the Alfa Bank filing that blamed that tie on Fusion.

Nicole Perloth has confirmed it was Phil. As she described, Phil basically pushed Krypt3ia on her. “Nicole: Krypt is a person who can be an invaluable resource on this,” specifically addressing Krypt3ia‘s expertise on the dark web, even while asking her to keep him (Phil) updated on when the story would be published.

When I asked Krypt3ia if it was possible that the same person alerted him to the i2p site as had connected him to a NYT journalist, he said he did not remember.

Do you know if the person who connected you with the NYT reporter was the same was the one who pointed out the mirror? As per your post? Or don’t you remember?

Honestly don’t remember. Did not take notes or anything, thought it all bullshit and some kind of game of disinformation.

Whether or not Phil had a role in first tipping Krypt3ia off to the i2p proxy, he had a role in making the NYT aware of a series of moving versions of that site, starting with the one in Russia.

Importantly, this is not the only attempt to broker these allegations that remains publicly unexplained. There’s another unexplained package of these allegations – a “mediafire” package first posted on Reddit – raised in the Alfa suit that Fusion disclaimed credit for.

At least one person pushing this story was (as far as I know) completely unrelated to the efforts Durham and Alfa have focused on. Given that April Lorenzen used a pseudonym for her efforts, it would have been easy to hijack those efforts. So until April Lorenzen certifies that all the communications posted under the name “Tea Leaves” out there are hers (including the comment attached to a Tutanota email in Krypt3ia’s post), neither should anyone assume she’s responsible for all of them.

Alfa Bank believed that the public notice of the Tea Leaves i2p site was proof that Fusion, and only Fusion, was dealing these allegations. The opposite is the case.

To be sure: that might have mattered if Vladimir Putin’s invasion hadn’t killed the Alfa Bank lawsuit. But Phil’s role in the Krypt3ia post doesn’t much matter to the Sussmann indictment. Sussmann’s alleged lie was on September 19, 2016, 16 days before the communications leading to the Krypt3ia post started. Nothing Phil did on October 8 and thereafter, it seems, could affect that alleged lie.

That said, Durham’s sprawling single-count indictment does include allegations about Sussmann’s outreach to the press that post-dates Phil’s involvement and may rely on it. Most notably, a paragraph describing that Sussmann emailed Lichtblau on October 10 encouraging him to send an opinion piece criticizing the NYT for its Trump coverage mentions that, “At or around that time, and according to public sources, [Lichtblau] was working on an article concerning the [Alfa Bank] allegations, but [Lichtblau’s] editors at [NYT] had not yet authorized publication of the article.” [my emphasis] Krypt3ia’s comment, “the NYT confirmed that they asked the question and shit happened. They are still looking into it” – a comment that indirectly involved Phil – is one of those public sources.

At the time, Phil was pushing a NYT article more aggressively than what Durham describes Sussmann doing, and he played at least some role in the public sources that reported NYT was working on an article.

So Phil’s involvement adds an important detail about how these claims were made public in the weeks leading up to the election, but none of that changes whether or not Sussmann lied to cover up Hillary and/or Rodney Joffe’s role in all this.

Update: I’ve corrected the post to reflect that the original site, hosted in Russia, was a proxy, not a mirror. Thanks to @i2p at geti2p.net for the corrections starting in this exchange.

Texts

The following includes all the Signal texts included in the exchange regarding the Alfa Bank DNS anomalies.

Two comments on these texts: I’m not sure what I meant in the text sent on October 9 at 10:51AM. I suspect I mistyped. I suspect I was trying to explain Betsy and Dick DeVos’ traditional role in the Republican party – money – was less urgent to Trump in October 2016 than some kind of credible Republican policy platform. 

I stand by everything else I said in these texts, though admit my observation about the adversity between UAE and Russia turned out to be hilariously and epically wrong, particularly as it pertained to Prince.

John Durham Wants Permission to Delay Providing Evidence of How Weak His Michael Sussmann Case Is

Donald Trump’s insurrectionists may be the only thing that can save John Durham’s indictment of Michael Sussmann.

That’s because Durham seems to think he’ll need to have two extra months over what Sussmann gauges should be necessary, and permission to delay production of Brady materials, to sustain the single false statement charge over Sussmann. As a Sussmann motion to set a trial date submitted yesterday revealed, his team and Durham’s are having a significant disagreement over when the trial should be scheduled. Durham wants four months from now to turn over discovery and wants to schedule the trial for July, whereas Sussmann thinks the trial should be held in May.

Given two exhibits Sussmann included with this motion (and other publicly available documents), it’s easy to see why Durham wants more time.

That’s because Jim Baker has said at least four different things that conflict with the alleged lie that Durham claims Sussmann told in a September 19, 2016 meeting with then-FBI General Counsel Baker:

On or about September 19, 2016, SUSSMANN met with the FBI General Counsel at FBI Headquarters in the District of Columbia to convey the Russian Bank-1 allegations. No one else attended the meeting. During the meeting, the following, in substance and part, occurred:

SUSSMANN stated falsely that he was not acting on behalf of any client, which led the FBI General Counsel to understand that SUSSMANN was conveying the allegations as a good citizen and not as an advocate for any client;

SUSSMANN stated that he had been approached by multiple cyber experts concerning the Russian Bank-1 allegations;

SUSSMANN provided the names of three cyber experts, but did not name or mention Tech Executive-1, the Clinton Campaign, or any other person or company referenced [in Durham’s indictment];

Durham has charged Sussmann with affirmatively lying about representing a client in that meeting.

In an earlier post, I argued that Durham probably hadn’t actually quoted what transpired in this meeting because his sources (meaning Baker, Bill Priestap’s hearsay notes of Baker’s account of the meeting, and some CIA personnel Sussmann met at a later meeting) offered different versions of what Sussmann actually said.

It’s quite possible that Durham has presented these allegations using such squishy language because what little evidence he has doesn’t actually agree on the claimed lies. That is, it may be that Baker believes Sussmann simply didn’t bother explaining which client he was working for, but Bill Priestap, the next in line in a game of telephone, differently understood from Baker’s report that Sussmann affirmatively failed to provide Baker information that (Priestap’s own notes prove) the FBI already had anyway, that he was working with Hillary Clinton.

But it’s far worse than that.

Jim Baker doesn’t agree with Jim Baker about what happened in the meeting. Baker has provided at least four different versions of his understanding of why Sussmann shared the Alfa Bank information with him (I’ve got longer excerpts below). At an October 3, 2018 interview with the Oversight Committee (where Baker brought it up), he said, “I don’t recall [Sussmann] saying that,” he worked for the DNC. At an October 10, 2018 interview with the Oversight Committee, he told Jim Jordan he didn’t “remember [Sussmann] saying that he was acting on behalf of a particular client.” In a July 15, 2019 interview with DOJ IG, Baker explained that Sussmann said their meeting “related to strange interactions that some number of people that were his clients, who were, he described as I recall it, sort of cyber-security experts, had found about some strange connection between some part of Donald Trump’s organizations and Alfa Bank.” In a June 2020 interview with Durham’s team (which as a 302 may be less reliable than the other sources), Baker said, “it did not seem like Sussmann was representing a client. Baker repeated his earlier assertion that he did not know Sussmann was representing the DNC at the time and Sussmann did not advise him of that fact at this particular meeting.” Presumably, Baker testified to the grand jury, too, but that interview would have been after all of these earlier versions. In none of the publicly available versions of Baker’s story does Sussmann affirmatively say he was not representing the DNC or any other client, and in one case — the DOJ IG interview — Baker remembered Sussmann commenting that he had a client; and that version (which Sussmann wouldn’t have had access to before getting it in discovery) matches Sussmann’s public story.

As Sussmann noted in his filing, Durham dumped a whole bunch of discovery on him shortly after the indictment, but it has taken over two months to turn over the conflicting evidence that goes to the core of the alleged false statements.

While the Special Counsel has produced significant discovery since Mr. Sussmann’s Indictment, the Special Counsel has delayed in producing key evidence, which the Special Counsel was required to timely disclose under Brady v. Maryland, 373 U.S. 83 (1963). Indeed, it was only last week—nearly two and a half months after Mr. Sussmann’s indictment, and in the face of persistent demands by Mr. Sussmann’s counsel—that the Special Counsel for the first time disclosed some (but not all) of Mr. Baker’s statements about the September 19, 2016 meeting.1

[snip]

1 Moreover, significant portions of the statements that were disclosed were redacted, an issue which defense counsel has raised with the Special Counsel.

Durham seems intent on similar delays in producing evidence undermining his case. Besides the two month date discrepancy, there are a few subtle but significant differences in their proposed schedules. In the proposed order scheduling order Sussmann has submitted, Durham would be, “under a continuing and ongoing obligation to provide defense counsel any favorable or exculpatory information (Brady), whether or not admissible in evidence, as soon as reasonably possible.” [my emphasis] Durham’s proposed version takes out the words, “as soon as reasonably possible.” Durham, of course, has already violated that part of Sussmann’s proposed scheduling order by sitting on multiple pieces of proof that have been in his and DOJ’s possession for over a year that undermine the claim Sussmann lied.

Durham may suspect the Brady discovery will make this indictment unsustainable. Durham’s more extended schedule would give Sussmann just two weeks after the final deadline for Brady discovery, from March 25 to April 8, to file the motion to dismiss he has already said he’d file. Sussmann’s more condensed schedule nevertheless gives himself three weeks, from January 28 to February 18, to incorporate classified Brady discovery into his motion to dismiss, and over a month, from January 14 to February 18, to incorporate unclassified Brady discovery.

From the start, I noted that this indictment really isn’t about the alleged false statement. Rather, Durham clearly wants to wrap this up into a grand Conspiracy to Defraud the US charge, incorporating Rodney Joffe, the researchers, Fusion GPS, and maybe Christopher Steele.

It’s not just that Durham is working on a theory that Sussmann deliberately dealt garbage to the FBI (which GOP sources also did on the Clinton Foundation) while trying to hide that fact. It’s that data originally sourced from the government was used in doing that research.

It’s actually the kind of argument that DOJ prosecutors typically succeed with. Except it’s all premised on proving that Sussman was trying to hide all this in his meeting with Baker. Even if the evidence surrounding the meeting weren’t so flimsy, this is another degree of motive that Durham is straining mightily to make.

Durham needs Sussmann to have lied, because a deliberate attempt to obscure the rest is necessary for his “storyline.” His evidence that Sussmann lied — much less, deliberately — is shoddy. But if he can’t get that, then his hopes for a larger “narrative” collapse.

So one thing Durham is likely trying to do with his delayed schedule is to buy time to try to make that claim stick. There are already several details that have been made public that show Durham will struggle to make this claim. Durham left out exculpatory details about the researchers in his indictment. The Federalist obtained — but downplayed — evidence that the researchers were not (as Durham insinuated in his indictment) involved with Fusion GPS.

Further, unlike Joffe, who worked hand-in-hand with Sussmann, according to Fusion GPS employee Laura Seago, who had worked on the Alfa project, she was not aware of anyone at Fusion GPS communicating with either [David] Dagon or [Manos] Antonakakis. And while she had heard Dagon’s name before, Seago first came across Antonakakis’s name in a newspaper article.

Antonakakis has not had any contact with Sussman, Marc Elias, or Fusion GPS, his lawyer Mark Schamel told The Federalist. “In this case,” Schamel added, “he reviewed a narrative presented to him by a well-known and respected researcher and provided his feedback, as he does for more than 100 unpublished research articles he receives every year.” Attorneys representing Lorenzen and Dagon did not return requests for comment.

Durham already confessed that he had no evidence Sussmann was working directly with the Hillary campaign on this. Most importantly, all the researchers believed and still believe that the Alfa Bank DNS data showed a real anomaly, and they first discovered it in a legitimate attempt to identify further attempts Russia made to tamper in the 2016 election. If that case were made to the jury, then Sussmann will be able to explain why Baker didn’t apparently think it all that important to ask who Sussmann was representing: because it was an alarming anomaly, no matter who brought it to the FBI.

Still, Durham is likely to get the time he wants. The backlog of trials for incarcerated pre-trial defendants in DC (including 70 or so January 6 defendants) will more likely dictate the trial date for Michael Sussmann than the substance of the dispute between the two of them.

Update: I should have also noted that Beryl Howell’s order tolling Speedy Trial because of COVID protocols will give Durham a way to get out of the 70 day Speedy Trial rule.


October 3, 2018 Oversight/HJC Interview

Mr. Baker. He told — he said that there had been — I’m not sure exactly how they originally learned about that information, but what he told me was that there were cyber — Mr. Meadows. I mean, is he a normal intel operative? How would he have come by this? Mr. Baker. He told me that he had cyber experts that had obtained some information that they thought they should get into the hands of the FBI.

[snip]

[Shen] Okay. So when Mr. Sussman came to you to provide some evidence, you were not specifically aware that he was representing the DNC or the Hillary Clinton campaign at the time? A I don’t recall, I don’t recall him specifically saying that at that time.

[snip]

Q Okay. So I guess it is just my interpretation, but I believe last round it was somewhat implied that if he did have an association to the Democratic National Committee and the Hillary Clinton campaign that that might lead someone to believe that something improper was done. And I wonder if you could just explain to me, you know, why your view is that it was not improper because, just the mere notion that someone who is a Democrat or Republican, you know, comes to you with information, should that information somehow be discounted or considered less credible because of, you know, partisan affiliation? A Well, the FBI is responsible for protecting everybody in this country. Period, full stop. And we do that, without regard to who they are or what their political background is or anything else. If they believe they have evidence of a crime or believe they have been a victim of a crime, we will do what we can within our lawful authorities to protect them. And so when a citizen comes with evidence, we accept it. That is my, just general understanding over many, many years. We, the Bureau, we, the Department of Justice. And so that is how I construed what Michael was doing. It was, he believed he had evidence, again, either of a crime or of a national security threat, and he believed it was appropriate to provide it to us. When he did, I didn’t think there was anything improper about it whatsoever.

[snip]

Mr. Jordan. Okay. Do you know how Sussman got this material? Mr. Baker. What I recall is he told me that there were some cyber experts that somehow would come across this information and brought it somehow to his attention, and that they were alarmed at what it showed, and that, therefore, they wanted to bring it to the attention of the FBI. Mr. Jordan. Did he — Mr. Baker. They and Sussman. Mr. Jordan. They. Any names? Mr. Baker. I don’t think I ever found out who these experts were. Mr. Jordan. Did he indicate that he got this — may have got some of this information from the Democratic National Committee? Mr. Baker. I don’t recall him saying that. Mr. Jordan. Did you know when he was giving this information did you know he was working for — that he did extensive work for the DNC and the Clinton campaign? Mr. Baker. I am not sure what I knew about that at the time. I remember hearing about him in connection — when the bureau was trying to deal with the hack and investigating the hack, that my recollection is that Michael was involved in that process to some degree. I didn’t interact with him on that, so I am not sure if I knew that before this meeting or after, but I don’t recall him specifically saying —

October 18, 2018 Oversight/HJC Interview

Mr. Baker. To the best of my recollection, he told me that it had been obtained by some type of cyber experts, and I don’t know who — how they started their inquiry into this. But that is what he told me, that some certain cyber experts had obtained information about some anomalous looking thing having, to my knowledge, nothing to do with the dossier. But anyway — Mr. Jordan. Did he mention — did Fusion GPS play a role in him getting information that he subsequently gave to you? Mr. Baker. I don’t remember him mentioning Fusion GPS in connection with this material. Mr. Jordan. Did he mention at all when he was talking to you? Mr. Baker. Not to my recollection, no. Mr. Jordan. What about Glenn Simpson? Mr. Baker. Not on this thing, no. Mr. Jordan. How about Christopher Steele? Mr. Baker. No. Mr. Jordan. Okay. Did you meet with anyone else at Perkins Coie relative to this issue, Russia investigation issue?

[snip]

Mr. Baker. Yes, sir. And there was some effort — there was some belief that this was a — being conducted in a way so as to make it a covert communications channel. Mr. Jordan. Okay. And my first question would be how’d you get this? Did you ask that question? Mr. Baker. I did ask that question at a high level, yes. And he explained that he had obtained it from, again, cyber experts who had — who had obtained the information, and he said that the details of it would explain themselves. That’s my recollection. Mr. Jordan. And was he representing a client when he brought this information to you? Or just out of the goodness of his heart, someone gave it to him and he brought it to you? Mr. Baker. In that first interaction, I don’t remember him specifically saying that he was acting on behalf of a particular client. Mr. Jordan. Did you know at the time that he was representing the DNC in the Clinton campaign? Mr. Baker. I can’t remember. I have learned that at some point. I don’t — as I think I said last time, I don’t specifically remember when I learned that. So I don’t know that I had that in my head when he showed up in my office. I just can’t remember. Mr. Jordan. Did you learn that shortly thereafter if you didn’t know it at the time? Mr. Baker. I wish I could give you a better answer. I just don’t remember. Mr. Jordan. I mean, I just find that unbelievable that the guy representing the Clinton campaign, the Democrat National Committee, shows up with information that says we got this, and you don’t ask where he got it, you didn’t know how he got it. But he got it from some, you know, quote, expert. Mr. Baker. Well, if I could respond to that. Mr. Jordan. Sure. Mr. Baker. I mean, so I was uncomfortable with being in the position of having too much factual information conveyed to me, because I’m not an agent. And so I wanted to get this — get the information into the hands of the agents as quickly as possible and let them deal with it. If they wanted to go interview Sussmann and ask him all those kind of questions, fine with me. Mr. Jordan. Did that happen? Mr. Baker. I don’t know that. But I — I mean, I — well, A, I did hand it off to the — to the investigators. Mr. Jordan. I think you told us you handed it off to Mr. Strzok and Mr. Priestap? Mr. Baker. My recollection is Mr. Priestap. Mr. Jordan. Okay. And you don’t know if they followed up or not? Mr. Baker. Bill Priestap told me that they did follow up extensively.

July 15, 2019 OIG interview

Did you generally have a sense that they represented, that their political law practice had a Democratic clientele?

MR. BAKER: Maybe I should have, but I didn’t really understand it at the time.

MS. TERZAKEN: Is that right?

MR. BAKER: I did not, no.

MS. TERZAKEN: Okay.

MR. BAKER: I came to understand, you know, that, that Perkins-Coie was playing a role with respect to the DNC hack. But the, the extensiveness of their contacts with the Democratic Party, I did not, at the time, have an understanding about, that I recall.

[snip]

MS. TERZAKEN: Okay. With Michael Sussman, your conversations with him before the election, if you could briefly describe how the conversations came about, what information he provided to you.

MR. BAKER: So, I’ll go into the Sussman stuff, yeah, okay. So he came in, he, he, all of this is gone over in the transcript with the committee, so I won’t, I’ll try to just summarize briefly. My basic recollection is, in some way, shape, or form, Michael reached out, and wanted to come in and meet with me. And so we scheduled that. So Michael came in and met with me. And he had some amount of information, physical evidence, printed out, and also a thumb drive or two, that he said related to strange interactions that some number of people that were his clients, who were, he described as I recall it, sort of cyber-security experts, had found about some strange connection between some part of Donald Trump’s organizations and Alfa Bank, which was described as being controlled by the Kremlin. And that it appeared to be the case that this was a, it was, it, it was surmised that this was a back-channel, what do you call it, a back-channel of electronic communications. That, that somehow the Trump organization and Alfa Bank were using this, what looked like a, basically a surreptitious channel to communicate with each other.

June 2020 Durham interview (302)

Sussmann arrived at Baker’s office alone and gave Baker some electronic media and some paper approximately one inch thick. He and Baker met alone in Baker’s office, with no one else present. Sussmann advised Baker that some cyber security researchers had discovered the information and brought it to Sussmann’s attention. The information purported to describe a digital relationship between the Trump organization and Alfa Bank, and Sussmann gave Baker a technical description of that relationship. Sussmann also told Baker he thought it was important for the FBI to have the information. Sussmann also told Baker that the press had the information. Baker said that Sussmann did not specify that he was representing a client regarding the matter, nor did Baker ask him if he was representing a client. Baker said it did not seem like Sussmann was representing a client. Baker repeated his earlier assertion that he did not know Sussmann was representing the DNC at the time and Sussmann did not advise him of that fact at this particular meeting. Baker also said he did not know Sussmann’s firm, Perkins Coie, represented the Hillary Clinton campaign. Baker does not recall Sussmann advising him of the rationale for the cybersecurity researchers bringing the information to him. Additionally, Baker recalls Sussmann telling him that he believed the information was serious and credible. Baker said the meeting with Sussmann lasted approximately 15-20 minutes and he described it as short and cordial. He did not feel there was anything inappropriate about Sussmann meeting with him and providing the information to him.

[snip]

Baker said he could not recall telling Priestap at that time that Sussmann represented the DNC and the Clinton Foundation, but he (Baker) may have known it at the time.

 

What Does the ‘Doomsday Investor’ Get out of Trump?

[Note the byline. This post may contain speculative content. / ~Rayne]

There’s a particularly interesting long read by Sheelah Kolhatkar in this week’s New Yorker, entitled, Paul Singer, Doomsday Investor.

If you’re not into investment and Wall Street machinations, you might go to sleep on this one. Even the subhead is a bit of a snooze if you’re not interested in the world of money:

The head of Elliott Management has developed a uniquely adversarial, and immensely profitable, way of doing business.

This blurb could describe almost any manager on Wall Street if they’ve broken with trends and employed some testosterone-enhanced swagger at some point in their career.

But stay with this one, the payoff is in the latter half of the article. Perhaps you already know of Paul Singer — just roll to the latter half.

Singer is a major funder of Washington Free Beacon, which some of you will recognize as a conservative online media outlet. It’s not very big and its output is rather predictable once you grasp its apparent ideology.

You may also remember this outlet as the progenitor of the competitive intelligence dossier on then-candidate Donald Trump, which eventually ended with Free Beacon and picked up again with law firm Perkins Coie on behalf of the Hillary Clinton campaign. The folio eventually included the Steele dossier once Free Beacon’s research contractor Fusion GPS was signed on by Perkins Coie and Fusion GPS hired Christopher Steele’s UK-based firm Orbis Business Intelligence to provide additional overseas content.

Free Beacon admitted it was the origin of the initial pre-Steele Trump dossier, copping to it on October 27, 2017 — long after part of the Steele dossier had been published by BuzzFeed and after Fusion GPS’ Glenn Simpson had been interviewed by the Senate Intelligence Committee (August 22, 2017) but before an interview with the House Permanent Select Committee on Intelligence (November 14, 2017).

What’s particularly interesting about the New Yorker article is the description of dossiers compiled and used as leverage to muscle a certain type of performance from business managers. Singer’s team at his hedge fund Elliott Management uses them with what appears to be practiced ease for profit as in this example:

The pressure that Elliott exerts, combined with its fearsome reputation, can make even benign-sounding statements seem sinister. In 2012, Elliott made an investment in Compuware, a software company based in Detroit. Arbitration testimony by former Compuware board members hints at just how negatively they interpreted some of Elliott’s actions. During an early meeting, one of them testified, Cohn presented folders containing embarrassing personal information about board members, which they saw as a threat to publicize the contents. Cohn allegedly mentioned the daughter of one board member, and commented disapprovingly on the C.E.O.’s vintage Aston Martin, a car that few people knew he owned. The company’s co-founder, Peter Karmanos, accused Elliott of “blackmailing” Compuware’s board, and reportedly remarked that the fund “can come in, rip apart the pieces” of a company, and “try to have a fire sale and maybe make twenty per cent on their money, and they look like heroes.”

Cohn told me that Compuware’s executives were “very firmly in that fear camp.” He was surprised that material on their professional backgrounds—which he says was all those folders contained—was “interpreted as a dossier of threatening personal information,” and noted that driving an Aston Martin looked bad for a C.E.O. whose biggest customers were Detroit automakers. Compuware was ultimately sold to a private-equity firm.

The really nifty trick Singer pulled off outside of Elliott Management is his arm’s length relationship to the Washington Free Beacon as a funder though the Free Beacon uses research dossiers prepared by contractors in much the same way as Elliott Management.

Conversion of Washington Free Beacon from a nonprofit 501(c)4 news outlet to a for-profit business in August 2014 also assured additional distance and privacy for Singer. A nonprofit is obligated to file reports with the government which are available to the public. For-profit businesses that are privately held do not.

And for-profit news outlets can do all manner of research and not have to share it with the public, protected by the First Amendment (“reporters’ privilege,” however, does have a limit — see Branzburg v. Hayes, 408 U.S. 665 (1972))

One can only wonder what kind of research Washington Free Beacon has collected but not actually shared with the public in reporting. Has funder Paul Singer or his business Elliott Management had access to this research?

One can only wonder, too, what it is that Paul Singer has obtained from the Trump presidency, as Singer has been depicted as anti-Trump:

… The Beacon has a long-standing and controversial practice of paying for opposition research, as it did against Hillary Clinton throughout the 2016 Presidential campaign. Singer was a vocal opponent of Trump during the Republican primaries, and, last year, it was revealed that the Beacon had retained the firm Fusion GPS to conduct research on Trump during the early months of the campaign. By May, 2016, when it had become clear that Trump would be the Republican nominee, the Beacon told Fusion to stop its investigation. Fusion was also hired by the Democratic National Committee, and eventually compiled the Christopher Steele dossier alleging collusion between the Trump campaign and the Russian government. … (Emphasis mine.)

With so little daylight between Singer and Free Beacon and the abrupt end of Free Beacon’s intelligence research when Trump became the Republican Party’s presumptive nominee for president, one might wonder why the research halted if Singer was so anti-Trump.

Or are there benefits for a “Doomsday Investor” to having someone so easily compromised and predictably narcissistic in the White House — benefits none of the GOP primary candidates nor Hillary Clinton offered? Was the Free Beacon’s initial dossier on Trump prepared not to find fault in order to deter his election, but instead to provide leverage?

Note once again the Free Beacon is “a privately owned, for-profit online newspaper” according to its About Us page. Yet the outlet doesn’t have advertising — only a single banner slot off the front page which might be a donation rather than a sold spot — and a store selling Free Beacon branded items, the kind typically used for promotional swag. If this is a for-profit business, what’s it selling?

Treat this as an open thread.

10 Years Out: What’s with the Bear in the Middle?

[NB: Check the byline — it’s me, Rayne. I am not a registered financial representative or a lawyer; this post is based on my own observations and opinions. As always, your mileage may vary.]

On a chilly March evening ten years ago tonight, I was yelling at loved ones: Sell. For gods’ sake, SELL.

My own household had moved its investments from a number of mutual funds to guaranteed income. Every fund in the portfolio to that point contained a chunk of an investment bank and was therefore exposed to what I felt was sure to come.

It was obvious to anyone who was really paying attention that something was really off. Trying to buy a house in 2004 was almost impossible where I live, in spite of the ongoing migration of manufacturing jobs offshore. In the target price range for a 2000-square foot house, there were only a handful of homes listed and they all needed more than $50K in improvements. The nearby farmers’ fields were full of a new crop: single-family homes, mostly 3-bedroom and up, had eaten acres and acres in less than a year. It was insanity — there was no way this pace could be maintained, not with my state’s problematic over-reliance on the automobile industry.

Instead of buying an existing home, I built a new one. It didn’t make sense to spend $50K on improvements requiring a lot of construction if I couldn’t guarantee I could hire a contractor when new construction was so hot. I didn’t build in the top end neighborhood, either. I left myself some room in case I had to leave the area quickly for a new job; I also left room for the market to improve.

Except it didn’t. The last landscaping contractor must have pulled away from my new home in 2005 just as the bubble began to deflate. There were signs it was going to get worse, too, what with fuel prices skyrocketing. Banks increasingly offered crazy terms on mortgages just so they could something, anything, not taking the hint the market was saturated. Given the number of people relying too heavily on adjustable rate mortgages with ridiculously low entry rates, the increased gasoline price costing the average family more than $1000 a year was certain to cause credit card defaults and foreclosures.

Something ugly was coming.

~ ~ ~

In March 2008 — almost exactly a month after the Washington Post published an op-ed by New York’s then-Governor Eliot Spitzer exhorting action on subprime mortgages — 85-year-old  American investment bank Bear Stearns crashed and burned.

After urgent, fancy foot work by the Federal Reserve Bank, J.P. Morgan and other key investors, settlements were made with bail out money and remnants of the firm were ultimately snapped up by J.P. Morgan for what amounted to the cost of Bear Stearn’s headquarters building, about $2 per share. By St. Patrick’s Day, Bear Stearns was no more, completely subsumed.

It would be another six months before the next large investment bank crashed — Lehman Brothers — taking the global economy with it.

~ ~ ~

At the time the crash was blamed on lax controls on lending to home buyers, encouraging an excess of subprime mortgages, combined with investment banks’ more recent taste for collateralized debt obligations bundling mortgages into tranches for slicing up and trading.

But not all of the trash loans were residential mortgages stuffed into tranches. Some of the loans were to developers and contractors who were building commercial facilities and multi-family buildings. Some of these loans were packaged into funds which were more like offshore corporations.

The two funds triggering Bear Stearns’ meltdown were just that: offshore funds incorporated in the Cayman Islands in 2003, holding various assets including tranches of poorly-collateralized mortgages, managed by Bear Stearns Asset Management (BSAM). What mortgages were in these two funds the public doesn’t really know; were they single-family residential mortgages or commercial facilities mortgages, or some combination? The information is out there somewhere but it’s not at the public’s fingertips.

The financial media still paints a messy picture even a decade later, blaming Bear Stearns management but not its own persistent failure to provide a more comprehensive and accessible picture of the financial industry’s health.

These two funds collapsed because too many mortgages within their CDOs failed; the effect on the bank was like pulling out two critical load-bearing pieces in a game of Jenga. The cascading demand for cash to resolve the failures may have pushed other investment banks’ equally sketchy funds to fail as well, crashing the entire heap nearly a decade ago.

~ ~ ~

It was a surprise blast from the unpleasant past to see Bear Stearns’ name pop up in the middle of recent testimony before the House Permanent Subcommittee on Intelligence. Fusion GPS’ Glenn Simpson cited the investment bank as a source of financing for Donald Trump and some sketchy condominium development.

[SIMPSON]… There’s the Trump vodka business that was earlier. And then ultimately, you know, what we came to realize was that the money was actually coming out of Russia and going into his properties in Florida and New York and Panama and Toronto and these other places.

And what we, you know, gradually begun to understand, which, you know, I suppose I should kick myself for not figuring out earlier, but I don’t know that much about the real estate business, which is I alluded to this earlier, so, you know, by 2003, 2004, Donald Trump was not able to get bank credit for — and if you’re a real estate developer and you can’t get bank loans, you know, you’ve got a problem.

And all these guys, they used leverage like, you know, — so there’s alternative systems of financing, and sometimes it’s — well, there’s a variety of alternative systems of financing. But in any case, you need alternative financing.

One of the things that we now know about how the condo projects were financed is that you have to — you can get credit if you can show that you’ve sold a certain number of units.

So it turns out that, you know, one of the most important things to look at is — this is especially true of the early overseas developments, like Toronto and Panama — you can get credit if you can show that you sold a certain percentage of your units.

And so the real trick is to get people who say they’ve bought those units, and that’s where the Russians are to be found, is in some of those pre-sales, is what they’re called. And that’s how, for instance, in Panama they got the credit of — they got a — Bear Stearns to issue a bond by telling Bear Stearns that they’d sold a bunch of units to a bunch of Russian gangsters.

And, of course, they didn’t put that in the underwriting information, they just said, we’ve sold a bunch of units and here’s who bought them, and that’s how they got the credit. So that’s sort of an example of the alternative financing. … [bold mine, excerpt pages 95-96]

The timing mentioned, 2003-2004, is very close to the time that Bear Stearns launched the two Cayman-based funds which failed first. Is it possible Trump’s financing provided by Bear Stearns ended up in the funds’ CDOs? Probably not — Simpson refers to bonds. But let’s look at a financial statement from one of the subject funds:

It’s difficult to tell what’s in any of the CDOs listed in this summary. Who knows what mortgages are in them or from where they originated without access to more details?

Note the bonds at the bottom — again, what’s in them? What percentage of these bonds consisted of dicey or outright fraudulent financing for construction related to money laundering? Again, we can’t tell without access to more granular details. We don’t know whether bond(s) offered to Trump developments were in Bear Stearns’ first two failed funds or if they helped cause the eventual financial pyroclastic flow toward Bear Stearns’ end.

~ ~ ~

Another thing sticks in my craw — a bit from Michael Lewis’ The Big Short:

The bond market, because it consisted mainly of big institutional investors, experienced no similarly populist political pressure. Even as it came to dwarf the stock market, the bond market eluded serious regulation. Bond salesmen could say and do anything without fear that they’d be reported to some authority. Bond traders could explore inside information without worrying that they would be caught. Bond technicians could dream up ever more complicated securities without worrying too much about government regulation — one reason why so many derivatives had been derived, one way or another, from bonds. … [bold mine]

In other words, nobody would look askance at all at bonds sold to finance a condominium development with rather thin commitment to payment. Nobody looked askance at the ratio of CDOs to bonds, either, though Bear Stearns would try to offset the CDOs’ losses by liquidating bonds. This fund as an example couldn’t manage this offset based on the ratio alone; it would have been catastrophically worse if the collateral beneath the bonds was as fraudulent as many subprime adjustable rate mortgages in CDOs were at the time.

The root cause of the 2008 crash remains the collapse of poorly collateralized as well as fraudulent mortgages. But I have to wonder:

— With so much attention on CDOs and mortgage defaults combined with a lack of bond market adequate monitoring, how much did crappy bonds, based on fraudulent representations of collateral, contribute to the crash?

— If there was so little regulation and oversight of the bond market, how much sketchy or fraudulent project financing was in bonds on the banks’ books — including projects like Trump’s, based on promises to pay made by offshore vehicles or non-U.S. citizens?

— With so little regulation and oversight, would it have been possible for one or more nation-states using offshore finance vehicles to “weaponize” banks’ books? How many of the crappy bonds contributing to the 2008 crash were based on poorly collateralized pre-sales to Russian oligarchs and gangsters?

— What assurances do we have today — especially with Mick Mulvaney defunding the Consumer Finance Protection Bureau and knocking off an opportunity to look more deeply into credit reporting by killing off the Equifax investigation — that investment banks have changed their practices and ensured legitimate projects are financed?

—What assurances do we have that our legislators see the slippery slip when they approve legislation like S. 2155 just this week, weakening Dodd-Frank reforms?

~ ~ ~

Recall the state of the economy between Bear Stearns’ and Lehman Brothers’ crashes. Oil prices rose to over $150/barrel, resulting in $4/gallon gasoline. Other commodity prices rose in tandem with fuel prices. The home buyers who could least afford any change in their household expenses were the same ones targeted for subprime mortgages with shady terms; it came down to paying for gas to get to work and feeding the family, or making the mortgage payment.

The price of oil at the time had been driven up by excess speculation. Legislation passed in June 2008 requiring all commodity futures trading to require a minimum of 30% margin upfront rather than 10%. Oil prices dropped drastically and reduced in volatility almost overnight, but it was already too late. Too many home buyers could no longer afford their payments and mortgage defaults began to snowball.

Which brings me to yet another question: if the bond market could have been “weaponized” at that time, could a volatile commodities market likewise have been used as a trigger?

Are there any other weak points in our market which could be “weaponized,” for that matter?

~ ~ ~

On this tenth anniversary after the crash began with Bear Stearns’ collapse, I feel more secure about my retirement portfolio. There were no frantic phone calls to family members exhorting moves to safety this evening. My exposure to the remaining weaknesses of investment banking have been minimized as much as possible, though I remain vulnerable because I have a mortgage. Real estate isn’t the sure return it once was. Only uber-wealthy investors buying into certain urban markets come out on top. But wealthy real estate investors can still cause self-inflicted damage.

Atlanta, Georgia’s market has turned around since the crash — but it was home to another failed Trump real estate project, a 363-unit Trump Tower which went into foreclosure with pre-sales of only 100 units. (In January 2017, Trump ranted about Atlanta as Rep. John Lewis’ district, calling it “falling apart” and “crime infested.” One wonders what crime he meant…)

Hollywood, Florida had a brush with a failed Trump project:

In 2006, he and billionaire condo king Jorge Perez began selling a 23-story apartment building near Mar-a-Lago, but the project was abandoned a year later because of slow sales. Another Perez-Trump deal, the 200-unit Hollywood oceanfront tower, was foreclosed in 2010 after selling less than 15% of its units. (The building eventually opened, still Trump-branded, but without Perez.)

So did the Miami, Florida area:

Trump Sunny Isles, a three-tower residential complex outside Miami, has also struggled. Trump partnered with Perez again and another developer named Gil Dezer to build the project, which targeted wealthy Latin Americans. . . .

Unfortunately, the last two towers of the development opened in the middle of the financial crisis, and Perez bailed on them. . . .

And Puerto Rico, too, was home to a Trump-branded golf course which failed in 2015.

Though with so many failures followed by continued attempts, it’s worth asking if this is a business model. How does Trump continue to benefit from so much failure? How do the backers he has benefit from staking Trump money or title?

Trump’s business alone wasn’t the cause of the 2008 crash. There were far more players involved — millions, if we want to blame residential homeowners who were misled by banks to believe they could safely contract a mortgage in spite of either inadequate collateral or income and ultimately forced into foreclosure. But at least one of Trump’s business projects was in the mix if Fusion’s Simpson’s testimony is truthful; what would keep Trump or real estate investors like Trump from contributing to (if not causing) another crash today?

We must ask when we see that Trump’s former campaign manager Paul Manafort and his former son-in-law Jeffrey Yohai were engaged in sketchy real estate development projects the community/regional Banc of California may have deterred by forcibly shutting their accounts.

And ask again when we see a community bank like The Federal Savings Bank of Chicago involved in another of Manafort’s bank frauds.

The damage could be even worse, in the case of Trump’s son-in-law Jared Kushner, who is over his head in debt on 666 Fifth Avenue and whose family business is distressed, possibly causing geopolitical turmoil to shakedown new financing.

How many of these flimsy real estate deals and junky mortgages, loans, and bonds are there in the system when we can now see these affiliated with the president and his campaign advisers? How many of them will it take to cause another crash if legislators continue to pick away at safeguards?

Let’s hope I’m not writing another financial postmortem like this one in March 2028.

Three Things: This Matin, Think Latin

I have three things cluttering up my notes — just big enough to give pause but not big enough for a full post. I’ll toss them out here for an open thread.

~ 3 ~
Aluminum -> Aeronautics -> Stock Market and Spies
I’ve spent quite a while researching the aeronautics industry over the couple of years, trying to make sense out of a snippet in the Buryakov spy case indictment. The three spies were at one point digging into an aeronautics company, but the limited amount of information in the indictment suggested they were looking at a non-U.S. company.

You can imagine my surprise on December 6, 2016, when then-president-elect tweeted about Boeing’s contract for the next Air Force One, complaining it was too expensive. Was it Boeing the spies were discussing? But the company didn’t fit what I could see in the indictment, though Boeing’s business is exposed to Russia, in terms of competition and in terms of components (titanium, in particular).

It didn’t help that Trump tweeted before the stock market opened and Boeing’s stock plummeted after the opening bell. There was plenty of time for dark pool operators to go in and take positions between Trump’s tweet and the market’s open. What an incredible bonanza for those who might be on their toes — or who knew in advance this was going to happen.

And, of course, the media explained this all away as Trump’s “Art of the Deal” tactics, ignoring the fact he wasn’t yet president and he was renegotiating the terms of a signed government contract before he took office. (Ignoring also this is not much different than renegotiating sanctions before taking office…)

I was surprised again only a couple weeks later about Boeing and Lockheed; this time I wasn’t the only person who saw the opportunity, though the timing of the tweet and market opening were different.

Again, the media took note of the change in stock prices before rolling over and playing dead before the holidays.

There have been a few other opportunities like this to “take advantage of the market,” though they are a bit more obscure. Look back at the NYSE and S&P trends whenever Trump has tweeted about North Korea; if one knew it was coming, they could make a fortune.

A human would only need the gap as long as that between a Fox and Friends’ mention of bad, bad North Korea and a corresponding Trump tweet to make the play (although one might have to watch that vomit-inducing program to do this). An algorithm monitoring FaF program and Trump tweets would need even less time.

Yesterday was somebody’s platinum opportunity even if Trump was dicking around with U.S. manufacturers (including aeronautics companies) and global aluminum and steel producers. His flip-flop on tariffs surely made somebody beaucoup bucks — maybe even an oligarch with a lot of money and a stake in one of the metals, assuming he knew in advance where Trump was going to end up by the close of the market day. The market this morning is still trying to make sense of his ridiculous premise that trade wars are good and winnable; too bad the market still believes this incredibly crappy businessman is fighting a war for U.S. trade.

Just for the heck of it, go to Google News, search for [trump tariffs -solar], look for Full Coverage, sort by date and not relevance. Note how many times you see Russia mentioned in the chronologically ordered feed — mine shows exactly zero while China, Korea, Germany are all over the feed. I sure hope somebody at the SEC is paying as much attention to this as cryptocurrency.

I suppose I have to spell this out: airplanes are made of aluminum and steel, capisce?

~ 2 ~
Italian Son
One niggling bit from Glenn Simpson’s testimony for Fusion GPS before the Senate Intelligence Committee has stuck with me. I wish I could time travel and leave Simpson a note before testimony and tell him, “TELL US WHAT YOU SEE, GLENN!” when he is presented with Paul Manafort’s handwritten notes. The recorder only types what was actually said and Glenn says only the sketchiest bit about what he sees. Reading this transcript, we have only the thinnest amount of context to piece together what he sees.

Q. Do any of the other entries in here mean anything to you in light of the research you’ve conducted or what you otherwise know about Mr. Browder?

A. I’m going to — I can only speculate about some of these things. I mean, sometimes —

MR. LEVY: Don’t speculate.

A. Just would be guesses.

Q. Okay.

A. I can skip down a couple. So “Value in Cyprus as inter,” I don’t know what that means.”Illici,” I don’t know what that means. “Active sponsors of RNC,” I don’t know what that means. “Browder hired Joanna Glover” is a mistaken reference to Juliana Glover, who was Dick Cheney’s press secretary during the Iraq war and associated with another foreign policy controversy. “Russian adoptions by American families” I assume is a reference to the adoption issue.

Q. And by “adoption issue” do you mean Russia prohibiting U.S. families from adopting Russian babies as a measure in response to the Magnitsky act?

A. I assume so.

Bold mine, to emphasis the bit which has been chewing away at me. “Illici” could be an interrupted “illicit”; the committee and Simpson use the word or a modifier, illicitly, eight times during the course of their closed door session. It’s not a word we use every day; the average American Joe/Josie is more likely to use “illegitimate” or the even more popular “illegal” to describe an unlawful or undesirable action or outcome.

(I’m skeptical Manafort was stupid enough to begin scratching out “illicit” and catch himself in time, but then I can’t believe how stupid much of this criminality has been.)

But the average American Joe/Josie doesn’t travel abroad, speak with Europeans often, or speak second languages. The average white Joe/Josie may be three or more generations from their immigrant antecedents.

Not so Mr. Manafort, who is second generation Italian on both sides of his family. He may speak some Italian since his grandfather was an immigrant — and quite likely Catholic, too. Hello, Latin masses in Italian American communities.

Did Manafort mean “illici,” a derivative of Latin “illicio,” which means to entice or seduce? Or was it a corrupted variant of Latin “illico,” which means immediately?

Or is Manafort a bad speller who really meant either “elici”, “elicio,” or “elicit,” meaning to draw out or entice?

Like Simpson, these are just guesses. Only Manafort really knows and I seriously doubt he’ll ever tell what he meant.

~ 1 ~
If you haven’t checked your personal online privacy and cybersecurity recently, give Privacy Haus’s checklist a look. Nearly all of the items I’ve already addressed but I tried one of the items suggested as a fix to an ongoing challenge. Good stuff!

~ 0 ~
That’s it, have at it in this open thread! One last thing: if you didn’t read Marcy’s op-ed, Has Jared Kushner Conspired to Defraud America? in Wednesday’s NYT, you should. You’re going to need it as part of a primer going forward.

The Ohrs’ Activities Raise New Questions about the December 13 Dossier Report

In recent days, Republicans have leaked details about the actions of Bruce and Nellie Ohr with respect to the Fusion GPS dossier on Trump. Yesterday, Glenn Simpson confirmed those details in a filing in Fusion’s efforts to prevent the House Intelligence Committee from obtaining more details about Fusion’s finances.

The bank records reflect that Fusion contracted with Nellie Ohr, a former government official expert in Russian matters, to help our company with its research and analysis of Mr. Trump[.]

[snip]

I disclosed that I met with Bruce Ohr, at his request, after the November 2016 election to discuss our findings regarding Russia and the election[.]

In short, this revelation means that Fusion employed the wife of then Associate Deputy Attorney General Bruce Ohr to conduct research on Trump’s Russian ties. Ohr met with Christopher Steele before the election, and met with Simpson after the election.

This probably means that this reference, in HPSCI’s request for documents, is to Nellie Ohr.

Which in turn would man that Fusion paid Ohr on March 22, April 6, May 25, July 13, August 2, September 1, October 5, November 1.

That would mean the payments to Steele are either item 2 or 4 in this analysis. That’s significant because both of those entities received payments in January.

I’m interested in all that for two reasons. First, the record conflicts on whether DOJ ever paid Steele.

WaPo reported that Steele had reached a verbal agreement that the FBI would pay him to continue his investigation of Russia’s involvement with Trump after still unnamed Democrats stopped paying him after the election. CNN then reported that FBI actually had paid Steele for his expenses. Finally, NBC reported Steele backed out of the deal before it was finalized.

If Ohr met with Steele after the election (and after Perkins Coie reportedly stopped paying for Steele’s work), it means it’s possible DOJ paid him, contrary to some reports. Steele has claimed (in otherwise dubious court filings) that he was neither pair nor affirmatively solicited information for the last report, dated December 13.

The December 13 report was by far the most inflammatory one, alleging that Trump’s campaign paid for the hack of the DNC. It’s also at the center of some of the lawfare surrounding the dossier, Webzilla’s multiple lawsuits.

This is by no means definitive. But the circumstances of the December 13 report will come out one way or another. Thus far, the story about it is bad. And it could get far worse.

Three Months After Problematic John Sipher Post, Just Security Makes Clear It Let Known Errors Sit for Two Months

This post was first published on September 6, the same day John Sipher’s post was published. Because of something that happened today, December 10, I’m reposting it in its entirety, along with the two updates that make it clear when Just Security corrected one of the egregious errors I pointed out on September 6 two months later, around November 4, they didn’t credit me. In other words, they let a significant error sit for two months (and presumably haven’t even reviewed all the other problems I point out here, in spite of an extended conversation Ryan Goodman and I had about this post on September 6). Given the lefties are still making some of the same errors (notably, when Rachel Maddow hid how badly the Steele dossier was on the hack-and-leak by not mentioning the Guccifer 2.0 publications), the continued errors are telling. 

If I were to write this post now, it’d show a bunch more problems. But I believe the analysis from September stands up.


I generally find former CIA officer John Sipher’s work rigorous and interesting, if not always persuasive. Which is why I find the shoddiness of this post — arguing, just as Republicans in Congress and litigious Russians start to uncover information about the Christopher Steele dossier, that the dossier is not garbage  — so telling.

I don’t think the Steele dossier is garbage.

But neither do I think it supports the claim that it predicted a lot of information we’ve found since, something Sipher goes to great pains to argue. And there are far more problems with the dossier and its production than Sipher, who claims to be offering his wisdom about how to interpret raw intelligence, lets on. So the dossier isn’t garbage (though the story behind its production may well be). But Sipher’s post is. And given that it appears to be such a desperate — and frankly, unnecessary — attempt to reclaim the credibility of the dossier, it raises questions about why he feels the need.

Making and claiming accuracy for a narrative out of raw intelligence

Sipher’s project appears to be taking what he admits is raw intelligence and providing a narrative that he says we should continue to use to understand Trump’s Russian ties.

Close to the beginning of his piece, Sipher emphasizes that the dossier is not a finished intelligence report, but raw intelligence; he blames the media for not understanding the difference.

I spent almost thirty years producing what CIA calls “raw reporting” from human agents.  At heart, this is what Orbis did.  They were not producing finished analysis, but were passing on to a client distilled reporting that they had obtained in response to specific questions.  The difference is crucial, for it is the one that American journalists routinely fail to understand.

[snip]

Mr. Steele’s product is not a report delivered with a bow at the end of an investigation.  Instead, it is a series of contemporaneous raw reports that do not have the benefit of hindsight.

Sipher explains that you need analysts to make sense of these raw reports.

The onus for sorting out the veracity and for putting the reporting in context against other reporting – which may confirm or deny the new report – rests with the intelligence community’s professional analytic cadre.

He then steps into that role, an old clandestine services guy doing the work of the analysts. The result, he says, is a narrative he says we should still use — even in the wake of eight months of aggressive reporting since the dossier came out — in trying to understand what went on with the election.

As a result, they offer an overarching framework for what might have happened based on individuals on the Russian side who claimed to have insight into Moscow’s goals and operational tactics.  Until we have another more credible narrative, we should do all we can to examine closely and confirm or dispute the reports.

[snip]

Looking at new information through the framework outlined in the Steele document is not a bad place to start.

How to read a dossier

One thing Sipher aspires to do — something that would have been enormously helpful back in January — is explain how an intelligence professional converts those raw intelligence reports into a coherent report. He describes the first thing you do is source validation.

In the intelligence world, we always begin with source validation, focusing on what intelligence professionals call “the chain of acquisition.”  In this case we would look for detailed information on (in this order) Orbis, Steele, his means of collection (e.g., who was working for him in collecting information), his sources, their sub-sources (witting or unwitting), and the actual people, organizations and issues being reported on.

He goes to great lengths to explain how credible Steele is, noting even that he “was the President of the Cambridge Union at university.” I don’t dispute that Steele is, by all accounts, an accomplished intelligence pro.

But Sipher unwisely invests a great deal of weight into the fact that the FBI sought to work with Steele.

The fact that the FBI reportedly sought to work with him and to pay him to develop additional information on the sources suggest that at least some of them were worth taking seriously.  At the very least, the FBI will be able to validate the credibility of the sources, and therefore better judge the information.  As one recently retired senior intelligence officer with deep experience in espionage investigations quipped, “I assign more credence to the Steele report knowing that the FBI paid him for his research.  From my experience, there is nobody more miserly than the FBI.  If they were willing to pay Mr. Steele, they must have seen something of real value.”

This is flat-out dumb for two reasons. First, it is one of the things the GOP has used to discredit the dossier and prosecution — complaining (rightly) that the FBI was using a document designed as opposition research, possibly even to apply for a FISA warrant. If the FBI did that, I’m troubled by it.

More importantly, the actual facts about whether FBI did pay Steele are very much in dispute, with three different versions in the public record and Chuck Grassley claiming the FBI has been giving conflicting details about what happened (it’s likely that FBI paid Steele’s travel to the US but not for the dossier itself).

WaPo reported that Steele had reached a verbal agreement that the FBI would pay him to continue his investigation of Russia’s involvement with Trump after still unnamed Democrats stopped paying him after the election. CNN then reported that FBI actually had paid Steele for his expenses. Finally, NBC reported Steele backed out of the deal before it was finalized.

If the FBI planned to pay Steele, but got cold feet after Steele briefed David Corn for a piece that made explicit reference to the dossier, it suggests FBI may have decided the dossier was too clearly partisan for its continued use. In any case, citing a “recently retired senior intelligence officer” claiming the FBI did pay Steele should either be accompanied by a “BREAKING, confirming the detail no one else has been able to!” tag, or should include a caveat that the record doesn’t affirmatively support that claim.

After vouching for Steele (again, I don’t dispute Steele’s credentials), Sipher lays out the other things that need to happen to properly vet raw intelligence, which he claims we can’t do.

The biggest problem with confirming the details of the Steele “dossier” is obvious: we do not know his sources, other than via the short descriptions in the reports.  In CIA’s clandestine service, we spent by far the bulk of our work finding, recruiting and validating sources.  Before we would ever consider disseminating an intelligence report, we would move heaven and earth to understand the access, reliability, trustworthiness, motivation and dependability of our source.  We believe it is critical to validate the source before we can validate the reliability of the source’s information.  How does the source know about what he/she is reporting?  How did the source get the information?  Who are his/her sub-sources?  What do we know about the sub-sources?  Why is the source sharing the information?  Is the source a serious person who has taken appropriate measures to protect their efforts?

The thing is, we actually know answers to two of these questions. First, Steele’s sources shared the information (at least in part) because they were paid. [Update, 11/15: According to CNN, Glenn Simpson testified that Steele did not pay his sources. That somewhat conflicts with suggestions made by Mike Morell, who said Steele paid intermediaries who paid his sources, but Simpson’s testimony may simply be a cute legal parse.] That’s totally normal for spying, of course, but if Sipher aspires to explain to us how to assess the dossier, he needs to admit that money changes hands and that’s just the way things are done (again, that’s all the more important given that it’s one of the bases the GOP is using to discredit the report).

More importantly, Sipher should note that Steele worked one step removed — from London, rather than from Moscow — than an intelligence officer otherwise might. The reports may still be great, but that additional step introduces more uncertainty into the validation. It’s all the more important that Sipher address these two issues, because they’re the ones the GOP has been and will continue to use to discredit the dossier.

Ultimately, though, in his section on vetting the document, Sipher doesn’t deal with some key questions about the dossier. Way at the end of his piece, he questions whether we’re looking at the entire dossier.

We also don’t know if the 35 pages leaked by BuzzFeed is the entirety of the dossier.  I suspect not.

He doesn’t raise two other key questions about the provenance of the dossier we’ve been given, some of which I laid out when the dossier came out when I also noted that the numbering of the dossier by itself makes it clear it’s not the complete dossier. Importantly: is the copy of the dossier leaked to BuzzFeed an unaltered copy of what Steele delivered to Fusion, in spite of the weird textual artifacts in it? And how and why did the dossier get leaked to BuzzFeed, which Steele has told us was not one of the six outlets that he briefed on its contents.

Finally, Sipher includes the obligation to “openly acknowledge the gaps in understanding” outside of the section on vetting, which is telling given that he notes only a few of the obvious gaps in this dossier.

Sipher claims the dossier predicted what wasn’t known

So there are a lot of aspects of vetting Sipher doesn’t do, whether or not he has the ability to. But having done the vetting of checking Steele’s college extracurricular record, he declares the dossier has proven to be “stunningly accurate.”

Did any of the activities reported happen as predicted?

To a large extent, yes.

The most obvious occurrence that could not have been known to Orbis in June 2016, but shines bright in retrospect is the fact that Russia undertook a coordinated and massive effort to disrupt the 2016 U.S. election to help Donald Trump, as the U.S. intelligence community itself later concluded.  Well before any public knowledge of these events, the Orbis report identified multiple elements of the Russian operation including a cyber campaign, leaked documents related to Hillary Clinton, and meetings with Paul Manafort and other Trump affiliates to discuss the receipt of stolen documents.  Mr. Steele could not have known that the Russians stole information on Hillary Clinton, or that they were considering means to weaponize them in the U.S. election, all of which turned out to be stunningly accurate.

Now as I said above, I don’t believe the dossier is junk. But this defense of the dossier, specifically as formulated here, is junk. Central to Sipher’s proof that Steele’s dossier bears out are these claims:

  • Russia undertook a coordinated and massive effort to disrupt the 2016 U.S. election to help Donald Trump
  • The Orbis report identified multiple elements of the Russian operation including
    • A cyber campaign
    • Leaked documents related to Hillary Clinton
    • Meetings with Paul Manafort and other Trump affiliates to discuss the receipt of stolen documents

As I’ll show, these claims are, with limited exceptions, not actually what the dossier shows. Far later into the dossier, the reason Sipher frames it this way is clear. He’s taking validation from recent details about the June 9, 2016 meeting.

Of course, to determine if collusion occurred as alleged in the dossier, we would have to know if the Trump campaign continued to meet with Russian representatives subsequent to the June meeting.

The Steele dossier was way behind contemporary reporting on the hack-and-leak campaign

I consider the dossier strongest in its reports on early ties between Trump associates and Russians, as I’ll lay out below. But one area where it is — I believe this is the technical term — a shit-show is the section claiming the report predicted Russia’s hacking campaign.

Here’s how Sipher substantiates that claim.

By late fall 2016, the Orbis team reported that a Russian-supported company had been “using botnets and porn traffic to transmit viruses, plant bugs, steal data and conduct ‘altering operations’ against the Democratic Party leadership.” Hackers recruited by the FSB under duress were involved in the operations. According to the report, Carter Page insisted that payments be made quickly and discreetly, and that cyber operators should go to ground and cover their tracks.

[snip]

Consider, in addition, the Orbis report saying that Russia was utilizing hackers to influence voters and referring to payments to “hackers who had worked in Europe under Kremlin direction against the Clinton campaign.” A January 2017 Stanford study found that “fabricated stories favoring Donald Trump were shared a total of 30 million times, nearly quadruple the number of pro-Hillary Clinton shares leading up to the election.”  Also, in November, researchers at Oxford University published a report based on analysis of 19.4 million Twitter posts from early November prior to the election.  The report found that an “automated army of pro-Trump chatbots overwhelmed Clinton bots five to one in the days leading up to the presidential election.”  In March 2017, former FBI agent Clint Watts told Congress about websites involved in the Russian disinformation campaign “some of which mysteriously operate from Eastern Europe and are curiously led by pro-Russian editors of unknown financing.”

The Orbis report also refers specifically to the aim of the Russian influence campaign “to swing supporters of Bernie Sanders away from Hillary Clinton and across to Trump,” based on information given to Steele in early August 2016. It was not until March 2017, however, that former director of the National Security Agency, retired Gen. Keith Alexander in Senate testimony said of the Russian influence campaign, “what they were trying to do is to drive a wedge within the Democratic Party between the Clinton group and the Sanders group.”

Here’s what the dossier actually shows about both kompromat on Hillary and hacking.

June 20: In the first report, issued 6 days after the DNC announced it had been hacked by Russia, and 5 days after Guccifer 2.0 said he had sent stolen documents to WikiLeaks, the dossier spoke of kompromat on Hillary, clearly described as years old wiretaps from when she was visiting Russia. While the report conflicts internally, one part of it said it had not been distributed abroad. As I note in this post, if true, that would mean the documents Natalia Veselnitsaka shared with Trump folks on June 9 was not the kompromat in question.

July 19: After Guccifer 2.0 had released 7 posts, most with documents, and after extended reporting concluding that he was a Russian front, the second report discussed kompromat — still seemingly meaning that dated FSB dossier — as if it were prospective.

July 26: Four days after WikiLeaks released DNC emails first promised in mid-June, Steele submitted a report claiming that Russian state hackers had had “only limited success in penetrating the ‘first tier’ of foreign targets. These comprised western (especially G7 and NATO) governments, security and intelligence services and central banks, and the IFIs.” There had been public reports of FSB-associated APT 29’s hacking of such targets since at least July 2015, and public reporting on their campaigns that should have been identified when DNC did a Google search in response to FBI’s warnings in September 2015. It’s stunning anyone involved in intelligence would claim Russia hadn’t had some success penetrating those first tier targets.

Report 095: An undated report, probably dating sometime between July 26 and July 30, did state that a Trump associate admitted Russia was behind WikiLeaks release of emails, something that had been widely understood for well over a month.

July 30: A few weeks before WikiLeaks reportedly got the second tranche of (Podesta) emails, a report states that Russia is worried that the email hacking operation is spiraling out of control so “it is unlikely that these [operations] would be ratcheted up.”

August 5: A report says Dmitry Peskov, who is reportedly in charge of the campaign, is “scared shitless” about being scapegoated for it.

August 10: Just days before WikiLeaks purportedly got the Podesta tranche of emails, a report says Sergei Ivanov said “Russians would not risk their position for the time being with new leaked material, even to a third party like WikiLeaks.”

August 10: Months after a contentious primary and over two weeks after Debbie Wasserman Schultz’s resignation during the convention (purportedly because of DNC’s preference for Hillary), a report cites an ethnic Russian associate of Russian US presidential candidate Donald TRUMP campaign insider, not a Russian, saying the email leaks were designed to “swing supporters of Bernie SANDERS and away from Hillary CLINTON and across to TRUMP.” It attributes that plan to Carter Page, but does not claim any Russian government involvement in that strategy. Nor would it take a genius for anyone involved in American politics to pursue such a strategy.

August 22: A report on Manafort’s “demise” doesn’t mention emails or any kompromat.

September 14: Three months after Guccifer 2.0 first appeared, the dossier for the first time treated the Russians’ kompromat as the emails, stating that more might be released in late September. That might coincide with Craig Murray’s reported contact with a go-between (Murray has been very clear he did not ferry the emails themselves though he did have some contact in late September).

October 12: A week after the Podesta emails first started appearing, a report states that “a stream of further hacked CLINTON materials already had been injected by the Kremlin into compliant media outlets like Wikileaks, which remained at least “plausibly deniable”, so the stream of these would continue through October and up to the election, something Julian Assange had made pretty clear. See this report for more.

October 18, 19, 19: Three reports produced in quick succession describe Michael Cohen’s role in covering up the Trump-Russia mess, without making any explicit (unredacted) mention of emails. See this post on that timing.

December 13: A virgin birth report produced as the US intelligence community scrambled to put together the case against Russia for the first time ties Cohen to the emails in unredacted form).

What the timeline of the hacking allegations in the Steele dossier (and therefore also “predictions” about leaked documents) reveal is not that his sources predicted the hack-and-leak campaign, but on the contrary, he and his sources were unbelievably behind in their understanding of Russian hacking and the campaign generally (or his Russian sources were planting outright disinformation). Someone wanting to learn about the campaign would be better off simply hanging out on Twitter or reading the many security reports issued on the hack in real time.

Perhaps Sipher wants to cover this over when he claims that, “The Russian effort was aggressive over the summer months, but seemed to back off and go into cover-up mode following the Access Hollywood revelations and the Obama Administration’s acknowledgement of Russian interference in the fall, realizing they might have gone too far and possibly benefitted Ms. Clinton.” Sure, that’s sort of (though not entirely) what the dossier described. But the reality is that WikiLeaks was dropping new Podesta emails every day, Guccifer 2.0 was parroting Russian (and Republican) themes about a rigged election, and Obama was making the first ever cyber “red phone” call to Moscow because of Russia’s continued probes of the election infrastructure (part of the Russian effort about which both the dossier and Sipher’s post are silent).

The quotes Sipher uses to defend his claim are even worse. The first passage includes two clear errors. The report in question was actually the December 13 one, not “late fall 2016” one. And the Trump associate who agreed (in the alleged August meeting in Prague, anticipating that Hillary might win) to making quick payments to hackers was Michael Cohen, not Carter Page. [Update, 12/10/17: Just Security has fixed this error.] Many things suggest this particular report should be read with great skepticism, not least that it post-dated both the disclosure of the existence of the dossier and the election, and that this intelligence was offered up to Steele, not solicited, and was offered for free.

Next, Sipher again cites the December 13 report to claim Steele predicted something reported in a November Oxford University report (and anyway widely reported by BuzzFeed for months), which seems to require either a time machine or an explanation for why Steele didn’t report that earlier. He attributes a quote sourced to a Trump insider as indicating Russian strategy, which that report doesn’t support. And if you need Keith Alexander to suss out the logic of Democratic infighting that had been clear for six months, then you’re in real trouble!

Sipher would have been better off citing the undated Report 095 (which is another report about which there should be provenance questions), which relies on the same ethnic Russian Trump insider as the August 10 report, which claims agents/facilitators within the Democratic Party and Russian émigré hackers working in the United States — a claim that is incendiary but (short of proof that the Al-Awan brothers or Seth Rich really were involved) — one that has not been substantiated.

In short, the evidence in the dossier simply doesn’t support the claim it predicted two of the three things Sipher claims it does, at least not yet.

The dossier is stronger in sketchy contacts with Russians

The dossier is stronger with respect to some, but not all Trump associates. But even there, Sipher’s defense demonstrates uneven analytic work.

First, note that Sipher relies on “renowned investigative journalist” Michael Isikoff to validate some of these claims.

Renowned investigative journalist Michael Isikoff reported in September 2016 that U.S. intelligence sources confirmed that Page met with both Sechin and Divyekin during his July trip to Russia.

[snip]

A June 2017 Yahoo News article by Michael Isikoff described the Administration’s efforts to engage the State Department about lifting sanctions “almost as soon as they took office.”

Among the six journalists Steele admits he briefed on his dossier is someone from Yahoo.

The journalists initially briefed at the end of September 2016 by [Steele] and Fusion at Fusion’s instruction were from the New York Times, the Washington Post, Yahoo News, the New Yorker and CNN. [Steele] subsequently participated in further meetings at Fusion’s instruction with Fusion and the New York Times, the Washington Post and Yahoo News, which took place in mid-October 2016.

That the Yahoo journalist is Isikoff would be a cinch to guess. But we don’t have to guess, because Isikoff made it clear it was him in his first report after the dossier got leaked.

Another of Steele’s reports, first reported by Yahoo News last September, involved alleged meetings last July between then-Trump foreign policy adviser Carter Page and two high-level Russian operatives, including Igor Sechin — a longtime associate of Russian President Vladimir Putin who became the chief executive of Rosneft, the Russian energy giant.

In other words, Sipher is engaging in navel-gazing here, citing a report based on the Steele dossier, to say it confirms what was in the Steele dossier.

Sipher similarly cites a NYT article that was among the most criticized for the way it interprets “senior Russian intelligence officials” loosely to include anyone who might be suspect of being a spook.

We have also subsequently learned of Trump’s long-standing interest in, and experience with Russia and Russians.  A February 2017 New York Times article reported that phone records and intercepted calls show that members of Trump’s campaign and other Trump associates had repeated contacts with senior Russian officials in the year before the election.  The New York Times article was also corroborated by CNN and Reuters independent reports.

The two reports he claims corroborate the NYT one fall far short of the NYT claim about talks with Russian intelligence officials — a distinction that is critical given what Sipher claims about Sergey Kislyak, which I note below.

Carter Page

Sipher cites the Carter Page FISA order as proof that some of these claims have held up.

What’s more, the Justice Department obtained a wiretap in summer 2016 on Page after satisfying a court that there was sufficient evidence to show Page was operating as a Russian agent.

But more recent reporting, by journalists Sipher elsewhere cites approvingly, reveals that Page had actually been under a FISA order as early as 2014.

Page had been the subject of a secret intelligence surveillance warrant since 2014, earlier than had been previously reported, US officials briefed on the probe told CNN.

Paul Manafort

I have no complaint with Sipher’s claims about Manafort — except to the extent he suggests Manafort’s Ukrainian corruption wasn’t know long before the election. Sipher does, however, repeat a common myth about Manafort’s influence on the GOP platform.

The quid pro quo as alleged in the dossier was for the Trump team to “sideline” the Ukrainian issue in the campaign.  We learned subsequently the Trump platform committee changed only a single plank in the 60-page Republican platform prior to the Republican convention.  Of the hundreds of Republican positions and proposals, they altered only the single sentence that called for maintaining or increasing sanctions against Russia, increasing aid for Ukraine and “providing lethal defensive weapons” to the Ukrainian military.  The Trump team changed the wording to the more benign, “appropriate assistance.”

Republicans have credibly challenged this claim about the platform. Bob Dole is credited with making the platform far harsher on China in the service of his Taiwanese clients. And Trump’s team also put in language endorsing the revival of Glass-Steagall, with support from Manafort and/or Carl Icahn.

Michael Cohen

Sipher’s discussion of Trump lawyer Michael Cohen is the weirdest of all, not least because the Cohen reports are the most incendiary but also because they were written at a time when Steele had already pitched the dossier to the media (making it far more likely the ensuing reports were the result of disinformation). Here’s how Sipher claims the Steele dossier reports have been validated.

We do not have any reporting that implicates Michael Cohen in meetings with Russians as outlined in the dossier.  However, recent revelations indicate his long-standing relationships with key Russian and Ukrainian interlocutors, and highlight his role in a previously hidden effort to build a Trump tower in Moscow. During the campaign, those efforts included email exchanges with Trump associate Felix Sater explicitly referring to getting Putin’s circle involved and helping Trump get elected.

Go look at that “recent revelations” link. It goes to this Josh Marshall post which describes its own sourcing this way:

TPM Reader BR flagged my attention to this 2007 article in The New York Post.

[snip]

Because two years ago, in February 2015, New York real estate trade sheet The Real Deal reported that Cohen purchased a $58 million rental building on the Upper East Side.

This is not recent reporting!! Again, this is stuff that was publicly known before the election.

More importantly, given Cohen’s rebuttal to the dossier, Marshall supports a claim that Cohen has ties to Ukraine, not Russia. The dossier, however, claims Cohen has ties to the latter, as Cohen mockingly notes.

Felix Sater

Then there are the Trump associates who are now known to have been central to any ties between Trump and the Russians that the Steele dossier didn’t cite — as least not as subjects (all could well be sources, which raises other questions). The first is Felix Sater, whom Sipher discusses three times in suggesting that the dossier accurately predicts Cohen’s involvement in the Russian negotiations.

To take one example, the first report says that Kremlin spokesman Dmitry Peskov was responsible for Russia’s compromising materials on Hillary Clinton, and now we have reports that Michael Cohen had contacted Peskov directly in January 2016 seeking help with a Trump business deal in Moscow (after Cohen received the email from Trump business associate Felix Sater saying “Our boy can become president of the USA and we can engineer it. I will get all of Putins team to buy in on this.”).

[snip]

Following the inauguration, Cohen was involved, again with Felix Sater, to engage in back-channel negotiations seeking a means to lift sanctions via a semi-developed Russian-Ukrainian plan (which also included the hand delivery of derogatory information on Ukrainian leaders) also fits with Orbis reporting related to Cohen.

Given that Sater’s publicly known links between mobbed up Russians and Trump go back a decade, why isn’t he mentioned in the dossier? And why does the dossier seemingly contradict these claims about an active Trump Tower deal?

Aras Agalarov and Rinat Akhmetshin

There are far more significant silences about two other Trump associates, Aras Agalarov and Rinat Akhmetshin.

To be fair, the dossier isn’t entirely silent about the former, noting in at one place that Agalarov would be the guy to go to to learn about dirt on Trump in Petersburg (elsewhere he could be a source).

Far, far more damning is the dossier’s silence (again, at least as a subject rather than source) about Akhmetshin. That’s long been one of the GOP complaints about the dossier — that Akhmetshin was closely involved with Fusion GPS on Magnitsky work in parallel with the Trump dossier, which (if Akhmetshin really is still tied to Russian intelligence) would provide an easy feedback loop to the Russians. The dossier’s silence on someone well known to Fusion GPS is all the more damning given the way that Sipher points to the June 9 meeting (which the dossier didn’t report, either) as proof that the dossier has been vindicated.

It was also apparently news to investigators when the New York Times in July 2017 published Don Jr’s emails arranging for the receipt of information held by the Russians about Hillary Clinton. How could Steele and Orbis know in June 2016 that the Russians were working actively to elect Donald Trump and damage Hillary Clinton?

[snip]

To take another example, the third Orbis report says that Trump campaign manager Paul Manafort was managing the connection with the Kremlin, and we now know that he was present at the June 9 2016 meeting with Donald Trump, Jr., Russian lawyer Natalia Veselnitskaya and Rinat Akhmetshin, who has reportedly boasted of his ties to ties and experience in Soviet intelligence and counterintelligence.  According to a recent New York Times story, “Akhmetshin told journalists that he was a longtime acquaintance of Paul J. Manafort.”

There’s no allegation that investigations didn’t know about June 2016 plan to hurt Hillary (indeed, the Guccifer 2.0 stuff that Sipher ignores was public to all). Rather they didn’t know — but neither did Fusion, who has an established relationship with Akhmetshin — about the meeting involving Akhmetshin. If you’re going to claim the June 9 meeting proves anything, it’s that the dossier as currently known has a big hole right in Fusion’s client/researcher list.

Sergey Kislyak

Which brings me — finally! — to Sipher’s weird treatment of Sergey Kislyak. Sipher argues (correctly) that Trump associates’ failure to report details of their contacts with Russians may support a conspiracy claim.

 Of course, the failure of the Trump team to report details that later leaked out and fit the narrative may make the Steele allegations appear more prescient than they otherwise might.  At the same time, the hesitancy to be honest about contacts with Russia is consistent with allegations of a conspiracy.

Of course, Trump’s folks have failed to report details of that June 9 meeting as well as meetings with Sergey Kislyak. Having now invested his vindication story on that June 9 meeting, he argues that reports about Kislyak (on which the NYT article he cites approvingly probably rely) are misguided; we need to look to that June 9 meeting intead.

It should be noted in this context, that the much-reported meetings with Ambassador Kislyak do not seem to be tied to the conspiracy. He is not an intelligence officer, and would be in the position to offer advice on politics, personalities and political culture in the United States, but would not be asked to engage in espionage activity.  It is likewise notable that Ambassador Kislyak receives only a passing reference in the Steele dossier and only having to do with his internal advice on the political fallout in the U.S. in reaction to the Russian campaign.

Of course, to determine if collusion occurred as alleged in the dossier, we would have to know if the Trump campaign continued to meet with Russian representatives subsequent to the June meeting.

This seems utterly bizarre. We know what happened after June 9, in part: Per Jared Kushner (who also is not mentioned in the dossier or Sipher’s column), immediately after the election Kislyak started moving towards meeting about Syria (not Ukraine). But in the process, Kushner may have asked for a back channel and at Kislyak’s urging, Kushner took a meeting with the head of a sanctioned bank potentially to talk about investments in his family’s debt-ridden empire. And all that is the lead-up to the Mike Flynn calls with Kislyak about sanctions relief which provide some of the proof that Trump was willing to deliver the quo that the dossier claims got offered for quids.

That latter story — of the meetings Kushner and Flynn did in the wake of the election and events that may have taken place since — is every bit as coherent a narrative as the Steele dossier or the entirely new narratives tied to the June 9 meeting (which Sipher claims are actually the Steele narrative).

Of course, neither is yet evidence of collusion. And that’s, frankly, what we as citizens should be after.

A narrative offered up by an intelligence contractor who was always trying to catch up to the central part of the story — the hack-and-leak — is not what we should be striving for. That’s why this dossier is probably mostly irrelevant to the Mueller probe, no matter how the GOP would like to insinuate the opposite. If there was collusion (or rather, coordination on all this stuff between the campaign and Russia), we should expect evidence of it. The Steele dossier, as I have noted, left out one of the key potential proofs of that, in spite of having ties with someone who attended the meeting.

All that said, it would be useful for someone responsible to respond to GOP criticisms and, where invented (such as with the claim that Steele paying sources diminishes its value), demonstrate that. It would be useful for someone to explain what we should take from the dossier.

Sipher didn’t do that, though. Indeed, his post largely suffers from the same bad analysis he accuses the media of.

Update: In the original I got the date of the final report incorrect. That has been corrected.

Update, 12/10/17: I didn’t realize it, but Just Security updated Sipher’s post to include this language, which it explains with an editor’s note saying “Editor’s note: This article was update to provide additional analysis on Carter Page.” Compare this with this. Here’s the language.

Admittedly, Isikoff’s reporting may have relied on Steele himself for that information. Isikoff, however, also reported that U.S. intelligence officials were confident enough in the information received about Page’s meeting Russian officials to brief senior members of Congress on it. There are also other indicia that are also consistent with the Orbis report but only developed or discovered later. In early December 2016, Page returned to Moscow where he said he had “the opportunity to meet with an executive from” Sechin’s state oil company. In April 2017, Page confirmed that he met with and passed documents to a Russian intelligence officer in 2013. Court documents include an intercept in April 2013 of conversations between the Russians discussing their effort to recruit Page as “as an intelligence source.” A Russian intelligence officer said of Page: “He got hooked on Gazprom … I don’t know, but it’s obvious that he wants to earn lots of money … For now his enthusiasm works for me. I also promised him a lot … You promise a favor for a favor. You get the documents from him and tell him to go fuck himself.” In late December 2016, Sechin’s chief of staff, Oleg Erovinkin “who may have been a source for ex-British spy Christopher Steele’s Trump dossier,” according to multiple reports, was found dead in the back of his car in Moscow.

But this passage introduces new errors for Sipher’s post!

First, here’s the language (in an article Just Security never links) Sipher relies on to justify using Isikoff’s Steele-based reporting to claim Steele had been proven correct.

After one of those briefings, Senate minority leader Harry Reid wrote FBI Director James Comey, citing reports of meetings between a Trump adviser (a reference to Page) and “high ranking sanctioned individuals” in Moscow over the summer as evidence of “significant and disturbing ties” between the Trump campaign and the Kremlin that needed to be investigated by the bureau.

Some of those briefed were “taken aback” when they learned about Page’s contacts in Moscow, viewing them as a possible back channel to the Russians that could undercut U.S. foreign policy, said a congressional source familiar with the briefings but who asked for anonymity due to the sensitivity of the subject. The source added that U.S. officials in the briefings indicated that intelligence reports about the adviser’s talks with senior Russian officials close to President Vladimir Putin were being “actively monitored and investigated.”

A senior U.S. law enforcement official did not dispute that characterization when asked for comment by Yahoo News. “It’s on our radar screen,” said the official about Page’s contacts with Russian officials. “It’s being looked at.”

It is true that “U.S. intelligence officials were confident enough in the information received about Page’s meeting Russian officials to brief senior members of Congress on it,” and that Harry Reid was leaking from the Steele dossier just like Isikoff was. But the “senior US law enforcement officer” does not back the identities of those Page met with, just that “it’s being looked at.”

That’s important for the way that Page’s meetings with people other than Igor Sechin have been used to claim the dossier has borne out. Not-A = A. Which is what Sipher does here, by pointing to Page saying he met with Rosneft but not Sechin. “Page says he was not referring to Sechin in his remarks,” the linked AP story says (as does Page’s congressional testimony).

Then Sipher points to language unsealed in a court filing in January 2015 that Page admitted — after reporting on it — was him. That Page was wrapped up in an earlier Russian spy prosecution is another of those things one might ask why Steele didn’t know, particularly given that the filing and the case was already public.

But the citation also exacerbates the problems with Sipher’s reliance on Page’s FISA wiretap as proof the Steele dossier proved out. As I noted above, later reports stated Page had been under FISA wiretap “since 2014, earlier than had been previously reported, US officials briefed on the probe told CNN.” That means it wasn’t the meetings in Russia, per se, that elicited the interest, but (at least) the earlier interactions with Russian spies.

Finally, Sipher points to the death of Oleg Erovinkin, something I’ve pointed to myself (and which would only be “Carter Page” analysis if Page actually had met with Sechin). Since Sipher updated this post, however, Luke Harding wrote (on page 101),

Steele was adamant that Erovinkin wasn’t his source and “not one of ours.”

As a person close to Steele put it to me: “Sometimes people just die.”

I’m not sure I find Harding entirely reliable elsewhere, and I can see why Steele would deny working with Erovinkin if the leak of his work had gotten the man killed. But if you buy Harding, then Erovinkin no longer proves the value of the Steele dossier either.

Update, 12/10: According to the Wayback Machine this change was made between October 25 and November 6. Ryan Goodman explained that he didn’t give me a hat-tip for this correction because he’s not sure whether he corrected because of me because a Daily Caller reporter also weighed in.

It is true that Chuck Ross (with whom I discuss the dossier regularly) tweeted that Sipher’s Isikoff reference was self-confirming on November 4, shortly before the change was made.

Ryan and I had a conversation about the errors in this piece on September 6, when the post first came out, both on Twitter then–late that evening–on DM. I included a link to my post and he said he was going to read it.

I guess Ryan is now confessing he never read this post, and let notice of egregious errors sit unreviewed for two months, because he didn’t like my tone.

 

How Did Christopher Steele Collect Information after Sources (Allegedly) Dried Up?

Sorry to those who think I’m overly focused on the Christopher Steele dossier, but I’m reading Luke Harding’s book on the Russian investigation, which uses the dossier as a centerpiece. I may do a longer post about what his overall narrative does, but for now there’s a weird paragraph that conveniently is in this long excerpt I want to focus on.

After introducing the first report of the dossier (the one that features the pee tape and dated, non-email kompromat), Harding writes,

The memo was sensational. There would be others, 16 in all, sent to Fusion between June and early November 2016. At first, obtaining intelligence from Moscow went well. For around six months – during the first half of the year – Steele was able to make inquiries in Russia with relative ease. It got harder from late July, as Trump’s ties to Russia came under scrutiny. Finally, the lights went out. Amid a Kremlin cover-up, the sources went silent and information channels shut down.

There are several details that conflict with known facts and/or claimed (in some cases, sworn) ones.

First, Harding suggests there were 16 reports in all. I’m not sure whether he’s suggesting the final total of reports written between June and early November was 16 or whether he’s suggesting there were 16 additional reports in all, for a total of 17. Either way the number works out (there were 17 total reports, one of which was written after November). But that makes the November reference weird. There was no report written in early November. The last known report before the election was dated October 20, and then there wasn’t another one until that December 13 one.

  • 080: June 20, 2016
  • 086: July 26, 2015 (citing events in 2016)
  • 095: not dated
  • 94: July 19, 2016
  • 097: July 30, 2016
  • 100: August 5, 2016
  • 101: August 10, 2016
  • 102: August 10, 2016
  • 136: October 20, 2016
  • 105: August 22, 2016
  • 111: September 14, 2016
  • 112: September 14, 2016
  • 113: September 14, 2016
  • 130: October 12, 2016
  • 134: October 18, 2016
  • 135: October 19, 2016
  • 166: December 13, 2016

In any case, Harding gets the December date sort of correct later in the passage. Except he describes Glenn Simpson giving John McCain the report, dated December 13, before McCain called Jim Comey about it on December 8.

Less than 24 hours later, Kramer returned to Washington. Glenn Simpson then shared a copy of the dossier confidentially with McCain, along with a final Steele memo on the Russian hacking operation, written in December.

McCain believed it was impossible to verify Steele’s claims without a proper investigation. He made a call and arranged a meeting with Comey. Their encounter on 8 December 2016 lasted five minutes. Not much was said. McCain gave Comey the dossier.

I explain the significance of these December dates in this post.

Things are even weirder with the third sentence in this passage.

For around six months – during the first half of the year – Steele was able to make inquiries in Russia with relative ease.

According to the public narrative, Steele wasn’t working for Fusion until the Democrats asked for a Russian focus in June. And the first of his released reports relies on reporting from June. But Harding here suggests Steele was working on it for the six months before that! I pointed to circumstantial evidence that Fusion paid Steele on March 22, April 6, and May 25, in payments they don’t associate with Perkins Coie, in addition to the payments that were probably to him on July 13, August 2, September 1, October 5, and November 1.

Now check out the following sentences. Starting in “late July … the lights went out and … the sources went silent and information channels shut down.”

As the timeline above makes clear, the numbering in the dossier gets funky almost immediately, but the most likely reading suggests after that first, June 20 report, there are 4 reports from late July, and the remaining 12 reports all postdate late July. Report 100, the first post-July one, is sourced to “early August 2016” (and dated August 5).

Now, maybe the paragraph is just totally screwy. But if there’s any basis in fact to it, it suggests the public timeline is wrong (something which may be backed by the payments). More importantly, it suggests Steele’s extensive (albeit very indirect) network of sources stopped providing intelligence not long after he allegedly started his inquiry.