Posts

Garrett Ziegler Done in by His Chateau Marmont Field Trip

/21 Comments/in , , /by

Judge Hernán Vera has denied Garrett Ziegler’s motion to dismiss Hunter Biden’s lawsuit against him.

I had thought that Ziegler’s defense against the hacking claims, which argued that because Hunter Biden never owned the hard drive on which Ziegler received all Hunter’s data (including the iPhone protected by a password), might pose some interesting legal arguments.

I’m sure we’ll see the argument return, but for this stage of proceedings, Judge Vera agreed with Hunter’s argument that the relevant hacking laws focus on data, not devices.

Defendants assert that “[n]either the CFAA nor the CCDAFA authorizes a party whose data has been copied to assert a civil action over any computer, device or system not in their possession.” Motion at 5. But Defendants fail to point to language in these statutes that require possession of the physical device. Neither the CFAA nor the CCDAFA contain any requirement that Plaintiff must “own,” “possess,” or “control” the physical device or computer that Defendants accessed. The statute concerns the ownership of the data accessed. Both statutes allow Plaintiff to assert claims based on the facts asserted. See 18 U.S.C. § 1030(g) (extending civil remedy to “any person” who suffers damage or loss); Cal. Pen. Code § 502(e)(1) (extending civil remedy to owners of “data” who suffer damage or loss). In fact, Defendants’ ownership-and-control argument has been rejected by the Ninth Circuit. See Theofel v. Farey-Jones, 359 F.3d 1066, 1078 (9th Cir. 2004) (reversing “district court [that] erred by reading ownership or control requirement into the [CFAA] . . . . Individuals other than the computer’s owner may be proximately harmed by unauthorized access, particularly if they have rights to data stored on it.”).

The next time some tabloid journalist makes big news about Hunter’s spouse calling Ziegler a Nazi, she can state with confidence that this is a lawsuit about hacking, not about merely disseminating data.

The means by which Vera dismissed Ziegler’s claim that there was no personal jurisdiction over his activities in California are a bit more fun.

Among the evidence that Ziegler’s activity included a focus on California cited by Vera was the picture Ziegler posted to Instragram showing himself posing outside the Chateau Marmont in LA, holding a copy of his report.

Vera also noted that Ziegler’s sales of the report rely on Stripe and its CA-based servers.

Defendant Ziegler notes that the report Defendants prepared using Plaintiff’s data is available at the website www.bidenreport.com. Ziegler Decl. ¶ 8 & n.1. On this website, a “Purchase” button is prominently displayed, allowing users to spend $50.00 for a hardcopy of the Biden report. Declaration of Gregory A. Ellis (“Ellis Decl.”) ¶ 6, Ex. A [Dkt. No. 30-2]. Clicking the purchase button then links to a purchase page operated by Stripe.com, a California-based entity whose purchase terms are governed by California law.7

7 See www.stripe.com/legal/consumer, Section 12.

And Vera noted that Ziegler had sent copies of the report to CA residents like Elvis Chan (the FBI Agent at the center of right wing conspiracy theories about Twitter briefings) and Hunter’s criminal defense attorney, Angela Machala.

For example, he sent copies to multiple California residents to verify Plaintiff’s information. Ziegler said in interviews that his team talked with each person named in the report. Ellis Decl. Exs. C at 12 (“I took the time to call each and every person that is in this report”) [Dkt. No. 30-5]; D at 8 (“we’ve sent the dossier to all 4,000 contacts on Hunter’s laptop) [Dkt. No. 30-6]. He even includes a table of alleged Plaintiff family crimes with California area codes, many listing “where (venue)” as C.D. Cal. Ellis Decl. Ex. E at 233–35, 400–01. Other California residents include an FBI agent in the San Francisco field office, Ellis Decl. Ex. E at 22. And Ziegler even sent the Report to the personal residence of one of Plaintiff’s California-based attorneys. Ellis Decl. ¶ 12.

Vera’s ruling opens the way for discovery of the specific means and personnel involved in the exploitation of the hard drive, including the chain of custody via which Ziegler obtained it. Among the issues ripe for discovery cited in Hunter’s response include how Ziegler obtained the data, who funded his efforts, and who helped Ziegler exploit the data.

Defendants will have to explain how many copies of Plaintiff’s data they received and from whom, as well as the precise data they came to possess, during discovery in this case.

[snip]

Ziegler’s assertions about Defendants’ website views and support from California also demonstrate that the Court should exercise its discretion to allow jurisdictional discovery, should it still have questions about jurisdiction even after reviewing Plaintiff’s evidence. See, e.g., Orchid Biosciences, Inc. v. St. Louis Univ., 198 F.R.D. 670, 672-73 (S.D. Cal. 2001) (noting that courts have broad discretion in allowing jurisdictional discovery, citing multiple authorities). Here, discovery would be appropriate to address the following issues, at a minimum: the total number of Defendants’ financial supporters based in California; the percentage of their total financial supporters based in California; the total amount of money donated from California; the percentage of Defendants’ monetary donations emanating from California; the total number of unique website viewers from California; the percentage of unique website viewers from California; the number and percentages of website purchases of hardcopies of the Report emanating from California locations; and the number of California residents Ziegler sent hardcopies of the Report to in his “carpet-bombing” campaign, discussed infra.

[snip]

4 It is unclear whether the “team” of individuals who assisted Defendants with their data-related activities includes any California residents. In his declaration, Ziegler attests he has “hired no employees or independent contracts [sic] to conduct business in California, nor do any of Marco Polo’s board members reside in California.” (Ziegler Decl. ¶ 13.) But this careful wording leaves open many potential California connections, including the possibility that some aspects of Defendants’ unlawful data-related activities occurred in California and/or were perpetrated by California residents who were assisting Defendants in a capacity other than as “employees or independent contractors.” The location of Defendants’ “team” members is another appropriate topic for jurisdictional discovery.

The frothy right made a big deal about the fact that Hunter and Robert Costello put the lawsuit against Costello and Rudy Giuliani on hold pending Rudy’s bankruptcy. But discovery on this lawsuit will get to some of the very same issues.

Garrett Ziegler’s Landscaping Problem

/96 Comments/in , , , /by

According to emails posted at BidenLaptopEmails dot com made available by Garrett Ziegler, sometime around May 31, 2017, someone set a Google alert for weekly landscaping work, which usually took place in the mornings. Many weeks, Hunter Biden would receive a Google alert on Wednesday, reminding him landscapers would show up the next day. Then the next day, his iCloud email would email his RosemontSeneca email (hosted by Google) with a reminder.

In the depths of his addiction — again, per emails made available by Garrett Ziegler — the only emails that Hunter Biden “sent,” the only sign of life on his email accounts, was that email. For weeks on end, the only communication “from” Hunter is that eerie repetitive notice: “Alert – FYI landscapers at CBR (usually in AM).” It’s like that Google alert is a phantom, always there in Hunter’s email box.

I’m not sure the technical explanation for it — though I expect that experts would be able to use the nature of those weekly alerts to determine what inboxes were really used to load up the laptop that found its way to John Paul Mac Isaac and from there, on a hard drive, to Rudy Giuliani and then, another hard drive, to Garrett Ziegler. The technical explanation may also explain why the FBI relied on the laptop for Google alert information rather than the information the FBI received from Google itself, as I laid out here.

“Alert – FYI landscapers at CBR (usually in AM).” There must be over 150 versions of either the Google alert or the email from Hunter’s iCloud email to Hunter’s RosemontSeneca email in the collection made available by Garrett Ziegler.

In fact, those emails, “Alert – FYI landscapers at CBR (usually in AM),” may doom Ziegler’s effort to defeat Hunter Biden’s hacking lawsuit against him.

Ziegler filed his response, along with a sworn but not notarized declaration from Ziegler himself, yesterday.

As to the claim that he hacked Hunter Biden’s phone — which I’ve noted is a key vulnerability for Ziegler — Ziegler admits he used a password to access the backup from a phone Hunter allegedly owned in 2019.

19. Paragraph 29 falsely casts my comments to imply thta I and Defendant Marco Polo “hacked” into Plaintiff’s iPhone backup file.

20. In the case of the iPhone backup file referred to in paragraph 29, I received a copy of an iPhone backup file which existed as part of the copied files.

21. Also contained on the external hard drive given to me were files containing passcodes, which are essentially similar in function to passwords designed to allow access to password-protected files. Although it took months of examination, we were able to locate the passcode which allowed access to the iPhone backup file. Those files existed on the external hard drive when it was first given to me.

But he argues that because the disk drive he received from an associate of Rudy Giuliani had the password for the phone on it, and because Hunter never owned the hard drive on which Ziegler received both sets of data, he did not “hack” anything.

Plaintiff selectively cites to Defendant Ziegler’s December 2022 remarks about decrypting a specific file which stored the passcode to the iPhone backup file, both of which were on Defendants’ copy of the Laptop. (Compl. at ¶ 29). The Complaint falsely suggests Defendants “hacked” into Plaintiff’s iPhone backup. (Zeigler Decl. at ¶ 19). Defendants received a copy of Plaintiff’s iPhone backup file which existed as part of the files. (Id. at ¶ 20). When Defendants received the external hard drive, it contained passcodes, which allowed access to the iPhone backup file. (Id. at ¶ 21).

[snip]

Moreover, Plaintiff does not allege unlawful access to a computer within the meaning of the CFAA. A computer user “without authorization” is one who accesses a computer the user has no permission to access whatsoever—an “outside hacker[ ].” Van Buren v. United States, 141 S. Ct. 1648, 1658, (2021). Here, Plaintiff admitted that Defendants accessed and used a hard drive that Plaintiff never possessed. Specifically, Plaintiff alleges that Defendants accessed a hard drive provided by a third party which contains a copy (duplicates) of files. (Compl. at ¶ 18). Plaintiff does not allege that Defendants possessed or accessed Biden’s computer or original files.

Plaintiff alludes to his actual iPhone and iCloud account when he alleges that “at least some of the data that Defendants have accessed, tampered with, manipulated, damaged and copied without Plaintiff’s authorization or consent originally was stored on Plaintiff’s iPhone and backed-up to Plaintiff’s iCloud storage.” (Id. at ¶ 28). However, Plaintiff alleges no facts which demonstrate Defendants ever accessed any computer, storage, or service which Plaintiff either owns or has exclusive control over. Likewise, the Complaint also shows facts which conclusively prove that Defendants had no need to access any service or storage because the laptop copy in their possession admittedly contained all of the necessary information, including the passcode to view all of the files contained on the Biden Laptop regardless of encryption. (Id. at ¶ 18). Put simply, both the encrypted iPhone backup file and the passcode to open the iPhone backup file were on the Laptop copy.

Given that Hunter’s lawsuit also names a bunch of John Does, blaming his access to this backup on Rudy’s unnamed associate and Rudy and John Paul Mac Isaac may not help Ziegler.

In any case, Ziegler may hope he doesn’t have to rely on this argument. His response actually spends more time arguing that venue, in California, is improper than he does that using a password to access an encrypted backup is legal. The “work” Ziegler did to make ten years of Hunter Biden’s emails available took place in Illinois. He has no employees or board members in California. Fewer than 10% of Marco Polo’s supporters live in California (Ziegler doesn’t say what percentage of his donations they provide, however).

His venue argument and his hacking argument ignore a part of Hunter’s lawsuit, though, which alleges that Ziegler “directed illegal conduct to occur in California.”

Plaintiff is informed and believes that Defendant Ziegler intentionally directed illegal conduct to occur in California and has therefore subjected himself to jurisdiction in California.

Similarly, his response only mentions Hunter’s allegation that in addition to accessing that iPhone, he also accessed data in the cloud once.

Plaintiff accuses Defendants of “knowingly accessing and without permission taking and using data from” Plaintiff’s devices or “cloud” storage (Compl. at ¶¶ 40, 41), computer service (id. at ¶ 42), or protected computer (id. at ¶ 35) but fails to identify a single device Defendants accessed without authorization

That allegation is a key part of alleging that Ziegler broke the law in California.

40. Defendants have violated California Penal Code § 502(c)(1) by knowingly accessing and without permission taking and using data from Plaintiff’s devices or “cloud” storage, including but not limited to, Plaintiff’s encrypted iPhone backup to devise or execute a scheme to defraud or deceive, or to wrongfully obtain money, property, or data.

41. Defendants also have violated California Penal Code § 502(c)(2) by knowingly and without permission accessing, taking, copying, and making use of programs, data, and files from Plaintiff’s devices or “cloud” storage, including but not limited to, Plaintiff’s encrypted iPhone backup.

Ziegler denies accessing any computer in the possession of Hunter Biden. That falls short of denying that he hacked data owned by Hunter Biden.

22. Neither I nor any person associated with Marco Polo have accessed, or attempted to access, any computer, device, or system owned or controlled by Plaintiff. We are not hackers, we are simply publishers, and the Plaintiff is attempting to chill our First Amendment rights and harass us through a frivolous and vexatious lawsuit.

I think Ziegler has a problem with his description of where the iPhone backup came from in the first place: he says that the “laptop” was in Hunter Biden’s possession when the iPhone backup was saved to it on February 6, 2019.

The metadata concerning the duplicated iPhone backup file on our external hard drive indicates that the last backup made of the iPhone file to the plaintiff’s laptop, which he left at the repair show of John Paul Mac Isaac on April 12, 2019, occurred on February 6, 2019, while still in the plaintiff’s possession based upon all the facts known to me to be provably true beyond dispute.

Hunter may be able to prove that Ziegler, of all people, doesn’t believe that to be true, doesn’t believe that when that iPhone was backed up on February 6 — a day when someone presenting as Hunter was involved in a car accident in DC — Hunter was in possession of that laptop.

But the bigger problem Ziegler that has is that phantom landscaping reminder.

According to emails that Garrett Ziegler has made publicly available, an October 14, 2021 notice triggered by a Google alert was received on November 24, 2021, long past the time, per Ziegler’s declaration, he was in possession of this hard drive.

Again, I’m not sure how that happened technically. But if it involved either Apple servers or Google servers (or both, given that the notice was dated October 24, 2021), that would get you venue in California.

Hunter Biden may not have been in possession of Apple’s and Google’s servers in 2021, but accessing them using passwords stored on the hard drive — at least one password that Ziegler admits to using — would also constitute hacking.

Update, to answer a question below: The text of the email shows that the notice was October 14, but the email was received on November 24, 2021.

Hunter Biden Sues the IRS

/135 Comments/in , /by

I can’t help but wonder whether the lawsuits Abbe Lowell is filing on behalf of Hunter Biden are preparation for an assault on the criminal charges against the President’s son.

Last week, for example, Lowell alleged that Garrett Ziegler had criminally hacked an iPhone encrypted on “the laptop” and had altered information on it. Whatever else the lawsuit will do, it will establish that DOJ chose to charge a non-violent recovering addict for owning a gun for 11 days in 2018, but has yet to do anything about the people who’ve serially compromised the digital life of the President’s son.

Lowell already has a bunch of other information to substantiate a selective prosecution case. But if he can demonstrate that DOJ ignored more serious felonies while still pursuing Hunter, it would only add to the evidence.

Today, Lowell sued the IRS for the media tour that Gary Shapley and Joseph Ziegler have conducted since April, enumerated as follows (note, this only includes live appearances; Tristan Leavitt has made obviously problematic claims to print journalists as well):

Attorney A’s public statements in a letter to the Committee on Ways and Means on April 19, 2023.

Attorney A’s public statements to Mr. Solomon of John Solomon Reports on April 19, 2023.

Attorney A’s public statements to Mr. Axelrod of CBS News on April 19, 2023.

Attorney A’s public statements to Mr. Baier of Fox News on April 20, 2023.

Mr. Shapley’s public statements to Mr. Axelrod of CBS News on May 24, 2023.

Mr. Shapley’s public statements to Mr. Baier of Fox News on June 28, 2023.

Mr. Shapley’s public statements to Mr. Axelrod of CBS News on June 28, 2023.

Mr. Shapley’s public statements to Mr. Solomon of John Solomon Reports on June 29, 2023.

Mr. Ziegler’s public statements to Jake Tapper of CNN on July 20, 2023.

Mr. Shapley and Mr. Ziegler’s public statements to Megyn Kelly of the Megyn Kelly Show on July 20, 2023.

Attorney B’s public statements to Mr. Solomon of John Solomon Reports on July 21, 2023.

Mr. Ziegler’s public statements to John Solomon of John Solomon Reports on July 24, 2023.

Attorney A’s public statements to Martha MacCallum of Fox News on July 26, 2023.

Attorney A’s public statements on Fox News on July 31, 2023.

Mr. Shapley’s public statements to Kaitlan Collins of CNN on August 11, 2023.

While statute permits and Hunter Biden did ask for punitive damages, ultimately he only asked for attorneys fees and $1,000 per disclosure — just $15,000 for this listed disclosures, as well as a program to ensure that IRS uphold the Privacy Act.

He’s not going to get rich with this lawsuit.

But Lowell also asked for all information in the IRS’ possession relating to these disclosures.

Ordering Defendant to produce to Mr. Biden all documents in its possession, custody, or control regarding the inspection, transmittal, and/or disclosure of Mr. Biden’s confidential tax return information;

If successful, this request would generate a good deal of information about the IRS tracking of these leaks (and any earlier ones). It might provide proof, in the form of metadata, showing when the IRS agents accessed this information and under what circumstances, including Ziegler’s overt promise to go back and find more data in response to demands from members of Congress. It might obtain information on the IRS’ own investigation of this leaking.

If DOJ is going to charge Hunter with tax charges, they’re going to need to present the investigation as conducted by Shapley and Ziegler — a point Abbe Lowell made in a letter to David Weiss last month.

Among other ways, these agents, sill employed by the Government, would likely be witnesses should any tax charge you file ever be tried. It is unprecedented for Government officials who are the investigators or prosecutors in the case and would be witnesses and rial counsel to conduct themselves in this manner which seks to try the issues in the court of public opinion rather than properly in a court of law. That conduct itself (in addition to the various other infirmities with the Government attempting to bring charges against Mr. Biden26) would support dismissal of any charges you have fled or would try to so file in the future.27

26 To be clear, we do not believe the Government could validly bring charges against our client concerning these issues given the express language of he agreed-upon Diversion Agreement.

27 Courts recognize that the crime of leaking or disclosing such information by Government agents sworn to uphold the law is often more egregious than the crimes those agents are charged with investigating. See, e.g., United States v. Walters, No. 17. 2373 (2d Cir. Dec. 4, 2018) Jacobs, J. concurring) ([Tlhe leak of grand jury tesimony in some respects more egregious than anything [Defendant] did (insider wading) — the FB supervisor took an oath to uphold the law and was acting in a supervisory capacity to discharge an important public function.” (emphasis ddd).

Again, on top of all the other things Lowell could point to to substantiate a claim that Hunter was being selectively prosecuted, Lowell might ask why Hunter is being prosecuted but not Shapley and Ziegler.

For five years, the government has (apparently) chosen to relentlessly pursue pickayune charges against Hunter Biden while ignoring the crimes committed to try to set up those charges.

And Abbe Lowell may be preparing to make that case in the case of any trial.

Hunter Biden Sues Garrett Ziegler for Hacking His iPhone

/77 Comments/in , /by

Back in July, as part of an effort to understand whence the IRS obtained WhatsApp texts that weren’t on the “Hunter Biden” “laptop” made available by Rudy Giuliani, I noted that those WhatsApp texts appear to have come from an iPhone backed up to a different iCloud account than the one the laptop was synched to.

On the laptop itself, the iPhone content was encrypted.

That meant anyone without a warrant accessing that content was likely violating the Computer Fraud and Abuse Act.

In part four of Dimitrelos’ report, he describes that there were, indeed, WhatsApp messages on the iPhone, registered to that entirely different iCloud account, seemingly backed up to iTunes on the [email protected] account.

I can’t be sure about this, because I’m not a forensics expert, both Shapley and Dimitrelos are deliberately unreliable narrators, and even they don’t have all the data to understand what went on here. But it appears that the reason why there were no WhatsApp texts on the laptop itself, which had all the content in the [email protected] iCloud account, is that they weren’t used by a device registered to the [email protected] iCloud account. They were used by a device registered to the [email protected] account, which was (as Shapley’s notes reflect) stored in encrypted fashion on the laptop.

There’s one more very important point about this.

The government had a warrant. If they really did find a business card (one not described anywhere I’ve seen in Dimitrelos’ report) with a password, they were able to get the encrypted content (though oftentimes prosecutors will recommend you go back and get a second warrant for that). From there, it seems, the IRS got another warrant for the other iCloud account, the [email protected] one. That’s how they got a legally sound copy of the WhatsApp texts in August 2020.

But for people like Rudy Giuliani or Garrett Ziegler or John Paul Mac Isaac, taking a laptop they purport to have been abandoned, and then using a password found on that laptop to access an encrypted container — especially one of a different iCloud account — is legally another level of conduct.

Hunter Biden’s newly aggressive legal team appears to agree. They’ve just sued Garrett Ziegler. One of the key claims is that he hacked the “laptop” to access encrypted data.

28. Plaintiff further is informed and believes and thereon alleges that at least some of the data that Defendants have accessed, tampered with, manipulated, damaged and copied without Plaintiff’s authorization or consent originally was stored on Plaintiff’s iPhone and backed-up to Plaintiff’s iCloud storage. On information and belief, Defendants gained their unlawful access to Plaintiff’s iPhone data by circumventing technical or code-based barriers that were specifically designed and intended to prevent such access.

29. In an interview that occurred in or around December 2022, Defendant Ziegler bragged that Defendants had hacked their way into data purportedly stored on or originating from Plaintiff’s iPhone: “And we actually got into [Plaintiff’s] iPhone backup, we were the first group to do it in June of 2022, we cracked the encrypted code that was stored on his laptop.” After “cracking the encrypted code that was stored on [Plaintiff’s] laptop,” Defendants illegally accessed the data from the iPhone backup, and then uploaded Plaintiff’s encrypted iPhone data to their website, where it remains accessible to this day. It appears that data that Defendants have uploaded to their website from Plaintiff’s encrypted “iPhone backup,” like data that Defendants have uploaded from their copy of the hard drive of the “Biden laptop,” has been manipulated, tampered with, altered and/or damaged by Defendants. The precise nature and extent of Defendants’ manipulation, tampering, alteration, damage and copying of Plaintiff’s data, either from their copy of the hard drive of the claimed “Biden laptop” or from Plaintiff’s encrypted “iPhone backup” (or from some other source), is unknown to Plaintiff due to Defendants’ continuing refusal to return the data to Plaintiff so that it can be analyzed or inspected.

Of course, this means that DOJ should have been investigating Ziegler for hacking the President’s son rather than spending five years pursuing misdemeanor tax charges.

Perhaps that will become more clear going forward.

Update: These kinds of videos will be of interest to Hunter’s team.

Hunter Biden’s Matryoshka Cell Phone: How the IRS and Frothers Got Hunter’s Encrypted iPhone Content

/88 Comments/in , /by

Believe it or not, what sent me down the rabbit hole of Hunter Biden’s “laptop” was not the laptop itself.

It was a cell phone.

Or, more specifically, it was two details in purported IRS whistleblower Gary Shapley’s testimony. First, after introducing summaries from some Hunter Biden WhatsApp chats — summaries that, Abbe Lowell claimed, got the most basic details wrong — Shapley explained that the chats didn’t come from the laptop itself, they came from a warrant served on Apple for the iCloud backup to which they were saved.

Q Could you tell us about this document, what is it, and how was it obtained —

A Sure. So there was an electronic search warrant for iCloud backup, and these messages were in that backup and provided —

Q Okay.

A — from a third party, from iCloud.

This appears to be the search warrant return obtained — again, per Shapley’s testimony — in August 2020.

For example, in August 2020, we got the results back from an iCloud search warrant. Unlike the laptop, these came to the investigative team from a third-party record keeper and included a set of messages. The messages included material we clearly needed to follow up on.

Shapley’s disclosure that there were WhatsApp texts saved to iCloud stunned me. That’s because, for all the material produced from the laptop itself — which even frothers have treated as all the content in Hunter Biden’s iCloud account — I had never seen WhatsApp texts.

Plus, there’s a technical issue. WhatsApp texts, like Signal texts, don’t automatically back up to iCloud. If one really wants to use their end-to-end encryption to best advantage, one doesn’t store them in the cloud, because then the only easy way to get the texts would be directly from someone’s phone. These texts purported to involve a Chinese national (though, as noted, Lowell says that’s false) whose phone would presumably be inaccessible overseas. And at the time the IRS obtained these texts, Hunter Biden didn’t know about the investigation into himself. They hadn’t seized his phone.

For Shapley’s description to be true, then, Hunter Biden would have had to back up the texts to his iCloud. But if he had, they should have shown up on the laptop itself, right along with every other scrap of the President’s son’s private life.

There were crumbs of an explanation for this in Shapley’s notes from the October 22, 2020 meeting on the government’s treatment of the laptop attributed to Hunter Biden.

In the meeting, Whistleblower X — who by his own description saw things online that he hadn’t obtained via the laptop directly, even though DOJ warned the agents not to do that — kept prodding about whether the investigative team had been provided all the messages on the laptop.

29. SA [Whistblower X] asked if all information on the hard drive had been reviewed…the answer is that they did not look at all of that SA [Whistleblower X] questions if Dillon reviewed all iMessage’s that wore relevant and not privileged. They would find the answer.

As Shapley recorded, on February 27, 2020, the forensics people provided all messages from the hard drive of material John Paul Mac Isaac restored from the laptop.

30. 2/27/2020 DE3 with all messages from the hard drive were provided by computer forensics— via USB Drive

That production included iPad and MacBook messages, but no iPhone messages.

32. 227 Productions

DE3 USB containing exported messages (ipad and macbook messages) No iphone messages

They didn’t get messages off any iPhone until they found a password, conveniently written on a business card, and with that password, were able to get into encrypted iPhone content on the laptop.

Laptop — iphone messages were on the hard drive but encrypted they didn’t get those messages until they looked at laptop and found a business card with the password on it so they were able to get into the iphone messages [my emphasis]

This still didn’t answer my question — how was the IRS able to get WhatsApp texts from iCloud when they weren’t on the iCloud content that appears on the Hunter Biden laptop.

But a detail on the fourth of Guy Dimitrelos’ reports on Hunter Biden’s laptop may explain it.

In his first report, Dimitrelos explained that the 5 million artifacts found on the hard drive were connected to Hunter Biden’s iCloud account, which he says was tied to the email [email protected].

  1. The hard drive contained approximately 5,791,819 files and system artifacts and was connected to and authenticated on an Apple iCloud account of [email protected] which is owned by Robert Hunter Biden (RHB).

[snip]

  1. Since this Apple MacBook Pro model was not released until 2017, all data prior to 2017 was stored (backed-up) to the [email protected] account and then downloaded to the MacBook Pro hard drive Downloads folder as illustrated in paragraph 30.

In his fourth report — basically 133 pages into his sequential reporting — Dimitrelos noted that Hunter Biden had another iCloud account, one tied to one of the emails he identified on page 4 of his report: [email protected].

In fact, at least according to the unreliable emails released at BidenLaptopEmails dot com (AKA MarcoPolo), that’s the account to which the laptop believed to be the one that ended up at Mac Isaac’s shop was registered to, not the [email protected] account.

At the Marco Polo site, there are 453 pages of emails from the [email protected] account (so around 22650). They include some of the most interesting in the collection, the ones directly with the Biden family and others indicating sensitive travel. There are 269 from the [email protected] account (so around 13,450) — but it’s the latter that seems to have been taken over in early 2019. I’ve described that the droidhunter88 gmail account effectively took over control of the iCloud account in that period (though I need to go back to the timeline and distinguish which events happened on one iCloud account and which on the other), and I think that’s right. But importantly, at times, the RosemontSeneca email is linked into it. That is, a RosemontSeneca email was used on both iCloud accounts.

As to the phone, Dimitrelos describes that he found a phone registered to the [email protected] account in an encrypted container in an iTunes backup.

I identified an encrypted container located within Apple’s MobileSync iTunes default backup folder.

[snip]

I identified the iOS backup to be an iPhone with the phone number below and Apple id of

[email protected] which is one of Robert Hunter Biden’s iCloud accounts.

Part two of Dimitrelos’ report described finding passwords for the iTunes account in two places. First, a picture of a partly rumpled lined piece of paper stored in a Hidden Album. This picture included Amazon, WiFi, iTunes, GMail, and Apple ID passwords, all registered to a different Gmail account. And then, associated with an iPad registered to still a third iCloud account, registered to a Gmail account.

The latter shows that Hunter Biden’s iTunes password was changed on January 30, 2019, solidly in the middle of the period I’ve argued that his account was taken over by the DroidHunter gmail account.

And screencaps in parts two and four of Dimitrelos’ report show that both the iPad and the iPhone were backed up during this same period, on February 6, 2019. Someone changed the iTunes password, and backed up these two devices, where they were found on the laptop. All in this same period where Hunter Biden seems to have lost control over his laptop.

In part four of Dimitrelos’ report, he describes that there were, indeed, WhatsApp messages on the iPhone, registered to that entirely different iCloud account, seemingly backed up to iTunes on the [email protected] account.

I can’t be sure about this, because I’m not a forensics expert, both Shapley and Dimitrelos are deliberately unreliable narrators, and even they don’t have all the data to understand what went on here. But it appears that the reason why there were no WhatsApp texts on the laptop itself, which had all the content in the [email protected] iCloud account, is that they weren’t used by a device registered to the [email protected] iCloud account. They were used by a device registered to the [email protected] account, which was (as Shapley’s notes reflect) stored in encrypted fashion on the laptop.

There’s one more very important point about this.

The government had a warrant. If they really did find a business card (one not described anywhere I’ve seen in Dimitrelos’ report) with a password, they were able to get the encrypted content (though oftentimes prosecutors will recommend you go back and get a second warrant for that). From there, it seems, the IRS got another warrant for the other iCloud account, the [email protected] one. That’s how they got a legally sound copy of the WhatsApp texts in August 2020.

But for people like Rudy Giuliani or Garrett Ziegler or John Paul Mac Isaac, taking a laptop they purport to have been abandoned, and then using a password found on that laptop to access an encrypted container — especially one of a different iCloud account — is legally another level of conduct.

Update: I screwed up the number of emails; I’ve corrected that now.

James Comer’s Dick Pics Hearing Just Became an Alleged Stolen Laptop Hearing

/128 Comments/in /by

As I have repeatedly pointed out, the first thing that James Comer chose to do after becoming Chair of the House Oversight Committee was to schedule a hearing about why he can’t look at non-consensually posted pictures of Hunter Biden’s dick on Twitter.

In letters asking former Twitter executives Jim Baker, Yoel Roth, and Vijaya Gadde to testify next week, Comer described the substance of the hearing to be about their, “role in suppressing Americans’ access to information about the Biden family on Twitter shortly before the 2020 election.” As Matt #MattyDickPics Taibbi has helpfully revealed, some of the “information about the Biden family” that Twitter suppressed Americans’ access to before the election were nonconsensual dick pics, including a number posted as part of a campaign led by Steve Bannon’s buddy Guo Wengui.

Certainly, the Twitter witnesses, who themselves have been dangerously harassed as the result of #MattyDickPics’ sloppy propaganda, would be within the scope of Comer’s stated inquiry to explain why a private company doesn’t want to be part of an organized revenge porn campaign, even if a Congressman from Kentucky wants to see those dick pics.

But Comer’s campaign also just became about something else: Twitter’s decision to suppress a story based off a laptop that its purported owner claims was unlawfully obtained.

As several outlets have reported (WaPo, CNN, NBC, ABC), Hunter Biden has hired Abbe Lowell, who has written letters to DOJ, Delaware authorities, and the IRS, asking for investigations into those who have disseminated the materials from the alleged laptop (though Lowell made clear that no one is confirming any of the versions of the laptop). Those included in the letters are:

  • John Paul Mac Isaac (whom a prior lawyer, Chris Clark, had already referred to SDNY)
  • Robert Costello, who first obtained the laptop from Mac Isaac
  • Rudy Giuliani
  • Steve Bannon
  • Garrett Ziegler (who plays a key role in the January 6 investigation but who now hosts the content as part of a non-profit)
  • Jack Maxey (who provided the “laptop” to multiple outlets)
  • Yaacov Apelbaum (whom Mac Isaac claimed had helped to create a “forensic” image of the laptop)

The lawyers also sent a defamation letter to Tucker Carlson for a story since proven to be false.

These letters aren’t likely to change what DOJ, at least, will do about the laptop. They’ve had the Mac Isaac copy in hand for some time, and the earlier SDNY referral would likely go to the same people already investigating the theft of Ashley Biden’s diary.

Ziegler may be an exception. DOJ likely already has interest for his role in January 6, the invitation to conduct an investigation may give reason to look more closely.

Eric Herschmann is not, according to reports, on these letters but he was even pitching “laptop” content while working at the White House.

But the public coverage of this will undoubtedly change the tenor of next week’s hearing. At the very least, it will validate Yoel Roth’s concerns in real time that the NYPost story was based on stolen data. It will, retroactively, mean that the NYPost story was a violation of Twitter’s terms of service agreement.

None of (the coverage of) these letters describes a key detail: How the Oversight Committee got the copy of the laptop they claim they have. These criminal complaints are broad enough that they likely include at least a few people involved in the channel via which the Committee obtained the laptop, meaning that the Committee would be — is — harboring data from a private citizen that he claims was illegally obtained.

Significantly, the letters include false statements to Congress among the crimes raised (probably with respect to Mac Isaac). Given that Comer’s actions are premised on what Mac Isaac has claimed (and as several of these stories note, Mac Isaac’s story has changed in significant ways, and never made sense in the first place), the allegation may give the Committee further reason to exercise caution.

At the very least, it’ll give Democrats on the Committee plenty to talk about in next week’s hearing.

I thought it would take some doing to top kicking off one’s chairmanship by having a hearing to complain about non-consensual dick pics. But having a hearing to complain that stolen private information wasn’t more widely disseminated may top that.

Trump Worked with People Who Allegedly Worked with the Proud Boys to Obstruct the Peaceful Transfer of Power

/59 Comments/in , , /by

By my count, at least 14 people are known to have pled guilty to some kind of conspiracy on January 6, with four more cooperating against them. Another four were found guilty of one or more conspiracy in November’s Oath Keeper verdict. Eighteen people, in one way or another have been convicted of conspiring to prevent the peaceful transfer of power on January 6, most by obstructing the vote certification.

Trump played a key part in all those conspiracies.

Ronnie Sandlin, for example, first started planning to go, armed, to DC in response to Trump’s December 19 tweet, posting on December 23 that he planned to “stop the steal and stand behind Trump when he decides to cross the rubicon.” After he watched Trump’s speech on January 6, Sandlin did a live stream where he said, “I think it is time to take the Capitol.” Once he arrived at the Capitol, Sandlin and co-conspirator Nate DeGrave participated in tactically critical assaults on cops in two places, the East door and the door to the Senate gallery. After Sandlin helped him get into the gallery, Josiah Colt then rappelled from the gallery to the Senate floor.

Like Sandlin, Brad Smith started arming himself and planning to come to DC in response to Trump’s December 19 tweet.

The call to action was put out to be in DC on January 6th from the Don himself. The reason is that’s the day pence counts them up and if the entire city is full of trump supporters it will stop the for sure riots from burning down the city at least for awhile.

By December 31, Smith predicted, “Militias will be there and if there’s enough people they may fucking storm the buildings and take out the trash right there.” Smith and his co-conspirator, Marshall Neefe, participated in an assault on cops using an 8′ by 10′ Trump sign. And after the attack he boasted that the mission was successful because “we literally chased them out into hiding. No certification lol.”

Trump played a slightly different role in the Oath Keepers conspiracy. The Oath Keepers — Stewart Rhodes above all — viewed Trump as a means to prevent Biden’s election, because as President he could invoke the Insurrection Act and with it (the Oath Keepers believed) make the militias a legal arm of the state, defending Trump. Rhodes repeatedly called on Trump to invoke the Insurrection Act — on November 9, December 12, December 23, and January 6.

He dictated a note to Trump after January 6 asking him to call on the militias as his army to stop Biden from taking power.

For the most part, none of the channels via which Rhodes tried to speak directly to Trump (including Kellye SoRelle’s attempt to work through Rudy Giuliani’s son) are known to have reached Trump.

One of his attempted interlocutors, though, undoubtedly had access to Trump: Roger Stone, on whose Friends of Stone list Rhodes was sharing his plans for insurrection shortly after the election.

DOJ has exploited at least four phones owned by members of the Friends of Stone list: Rhodes and SoRelle, Owen Shroyer, and Enrique Tarrio. Probably DOJ asked for content from Ali Alexander as well (though he disclaimed having any Signal texts to the January 6 Committee).

While a jury found all the Oath Keepers guilty of obstructing the vote certification, with the key exception of Kelly Meggs (who was also in contact separately with the Proud Boys, Roger Stone, Ali Alexander, and alleged 3 Percenter Jeremy Liggett, who in turn had ties to the MAGA Bus Tour) as well as Jessica Watkins, it found the greater part of their conspiracy either overthrowing the government or interfering with with official duties: not obstructing the vote count. Their larger plan to keep Trump in power used different means than Trump used.

That’s not true of the Proud Boy Leaders, who are three days into their trial.

Not only did the Proud Boys allegedly pursue the same plan that Trump was pursuing — obstructing the vote certification on January 6 — but they were in communication with people who were in communication, and central to, Trump’s plan: most notably, Alex Jones, Ali Alexander, and Roger Stone. They were in communication with people who were in communication with people close to Trump during the attack.

Even their telephony records show that Enrique Tarrio, Joe Biggs, and Ethan Nordean were in contact with Alex Jones and Owen Shroyer during the period.

Records for Enrique Tarrio’s phone show that while the attack on the Capitol was ongoing, he texted with Jones three times and Shroyer five times.124 Ethan Nordean’s phone records reflect that he exchanged 23 text messages with Shroyer between January 4th and 5th, and that he had one call with him on each of those days.125 Records of Joseph Biggs’s communications show that he texted with Shroyer eight times on January 4th and called him at approximately 11:15 a.m. on January 6th, while Biggs and his fellow Proud Boys were marching at and around the Capitol.126

Given the known communication habits of the men, it’s possible there are Signal or Telegram communications that were unavailable to the J6C as well.

Alex Jones and Ali Alexander knew in advance they would lead the mob to the Capitol (the January 6 Report offers an unpersuasive explanation that the request came exclusively from Caroline Wren). Roger Stone had planned to join them, probably until he got cranky about being denied a speaking role on the morning of January 6. Mike Flynn wanted to latch on, as well, until the General got too cold and had to go back to his posh hotel room. “Hell no,” he said, according to Caroline Wren. “It’s freezing.”

Meanwhile, even as Shroyer was in touch with Biggs, Alexander was in touch with Caroline Wren, who remained at the Ellipse, and asked for 5-minute updates on the Trump’s progress to the Capitol (the text in question appears to have come from Wren, but may not have been provided in Alexander’s production).

The communication between Proud Boys and Jones in real time is critical because once the riot police showed up and slowed the attack, the Proud Boy leaders pulled up, effectively waiting until Jones appeared. And after Jones did appear, he told the mob following him that Trump was coming to give another speech — something Alexander, and so almost certainly Jones — knew to be false because Wren had told Alexander. Nevertheless, Jones led his mob to the East steps, riled them up with a 1776 chant, and left them there, where they were soon joined by the Oath Keepers (led by Kelly Meggs, who also was in touch with Alexander) and Joe Biggs and some other Proud Boys (including one who had been directing traffic). That collective mob breached the East door of the Capitol, opening a second major front on the Capitol and adding to the invasion of the Senate chamber.

There are rioters who were sentenced to two months in jail because they followed Alex Jones credulously to the top of those steps and joined the mob storming the Capitol.

And it wasn’t just Jones and Alexander who were in touch with Trump’s handlers.

Mark Meadows was, per Cassidy Hutchinson, in communication with Stone about his plans for January 6, at a time when Stone still planned to march to the Capitol with Jones and Alexander.

LIZ CHENEY: Thank you, Mr. Chairman. Before we turn to what Ms. Hutchinson saw and heard in the White House during the violent attack on the Capitol on January 6th, let’s discuss certain communications White House Chief of Staff Mark Meadows had on January 5th. President Trump’s associate, Roger Stone, attended rallies during the afternoon and the evening of January 5th in Washington, DC On January 5th and 6th, Mr. Stone was photographed with multiple members of the Oath Keepers who were allegedly serving as his security detail.

As we now know, multiple members of that organization have been charged with or pled guilty to crimes associated with January 6th. Mr. Stone has invoked his Fifth Amendment privilege against self-incrimination before this committee. General Michael Flynn has also taken the Fifth before this committee. Mr. Stone previously had been convicted of other federal crimes unrelated to January 6th.

General Flynn had pleaded guilty to a felony charge, also predating and unrelated to January 6th. President Trump pardoned General Flynn just weeks after the Presidential election, and in July of 2020, he commuted the sentence Roger Stone was to serve.

The night before January 6th, President Trump instructed his Chief of Staff Mark Meadows to contact both Roger Stone and Michael Flynn regarding what would play out the next day. Ms. Hutchinson, Is it your understanding that President Trump asked Mark Meadows to speak with Roger Stone and General Flynn on January 5th?

CASSIDY HUTCHINSON: That’s correct. That is my understanding.

LIZ CHENEY: And Ms. Hutchinson, is it your understanding that Mr. Meadows called Mr. Stone on the 5th?

CASSIDY HUTCHINSON: I’m under the impression that Mr. Meadows did complete both a call to Mr. Stone and General Flynn the evening of the 5th.

In an earlier interview, when she was still represented by Stefan Passantino, she had attributed the idea for this call to Peter Navarro or a Navarro staffer; the Navarro staffer who had let Mike Flynn into the White House on December 18, Garrett Ziegler, was another White House contact of Ali Alexander’s, in addition to Wren.

All this matters because of the way conspiracy law works, as laid out in the bullet points from Elizabeth de la Vega that I always rely on.

CONSPIRACY LAW – EIGHT THINGS YOU NEED TO KNOW.

One: Co-conspirators don’t have to explicitly agree to conspire & there doesn’t need to be a written agreement; in fact, they almost never explicitly agree to conspire & it would be nuts to have a written agreement!

Two: Conspiracies can have more than one object- i.e. conspiracy to defraud U.S. and to obstruct justice. The object is the goal. Members could have completely different reasons (motives) for wanting to achieve that goal.

Three: All co-conspirators have to agree on at least one object of the conspiracy.

Four: Co-conspirators can use multiple means to carry out the conspiracy, i.e., releasing stolen emails, collaborating on fraudulent social media ops, laundering campaign contributions.

Five: Co-conspirators don’t have to know precisely what the others are doing, and, in large conspiracies, they rarely do.

Six: Once someone is found to have knowingly joined a conspiracy, he/she is responsible for all acts of other co-conspirators.

Seven: Statements of any co-conspirator made to further the conspiracy may be introduced into evidence against any other co-conspirator.

Eight: Overt Acts taken in furtherance of a conspiracy need not be illegal. A POTUS’ public statement that “Russia is a hoax,” e.g., might not be illegal (or even make any sense), but it could be an overt act in furtherance of a conspiracy to obstruct justice.

Co-conspirators don’t all have to meet in a room together and agree to enter a conspiracy. That can happen (and did, in the Oath Keepers’ case) via a series of communications which networks everyone.

The demonstrative exhibit prosecutors used in the Oath Keeper trials showed how the various communications channels included everyone, even if some members of the conspiracy only interacted with a limited group of other co-conspirators.

I circled Rhodes and SoRelle in pink to show that even in the Oath Keeper trial, prosecutors treated the Friends of Stone list part of the communications infrastructure of the conspiracy.

Here’s what the larger conspiracy looks like, reflecting  the known communications between Rhodes, Meggs, Tarrio, Biggs, and Nordean and Jones and Stone, and the known communications between Jones and Stone and Alexander with Trump or his handlers, like Meadows, Wren, and Ziegler by way of Navarro.

The numbers and letters in parentheses come from one or another of the indictments charging conspiracy. As you can see, Trump’s known actions map onto the known, charged overt acts of various conspiracies to obstruct the vote count like a mirror.

Obviously, the pink part of this table has not been charged (yet). And it may not be unless prosecutors win guilty verdicts in the Proud Boys case. It also may not be if the obstruction charge gets narrowed on appeal.

For reasons I laid out here, the Proud Boys trial is far more complex than the Oath Keepers trial. And in the Proud Boys trial, like the Oath Keepers trial, prosecutors don’t have a clear map showing that the plan was to occupy the Capitol; instead they have testimony that Biggs and Nordean kept consulting, and everyone took orders from them, and those orders had the effect of sending cells of Proud Boys off to breach parts of the building. So it is not at all certain that prosecutors will win convictions of the men — Tarrio, Biggs, and Nordean — who were working with people who were working with Trump and his handlers.

But this is one of the means via which DOJ has been working to hold Trump accountable since just months after the attack (I first laid this out in July 2021, long before most commentators understood how DOJ was using obstruction).

Even with the disorganized conspiracy (Sandlin and friends), prosecutors have carefully shown how the men took Trump’s December 19 tweet as an explicit instruction, took instructions from a WildProtest flyer put out by Ali Alexander, believed Trump had ordered them to march to the Capitol. There are hundreds more rioters who took Trump’s December 19 tweet as an instruction, though in the case of Sandlin and his co-conspirators, they took steps that were critical to the occupation of the Capitol and the Senate chamber in response.

But with the Proud Boys, to an extent thus far only seen with Oath Keeper Kelly Meggs, the communication ties, via a two step network, to Trump’s own actions and directions. And with the Proud Boys, that coordination builds off years-long relationships, particularly between Biggs and Jones and Stone, and through them, to Trump.

Everyone was working towards the same goal: to prevent Congress from certifying Joe Biden’s victory. There were, in various places, explicit agreements made. There were, as with Trump’s Stand Back and Stand By comment that prosecutors used to kick off this trial, more implicit agreements as well.

And DOJ is now at the point where it is beginning to show how those agreements, explicit and implicit, all worked together to make the assault on the Capitol successful.

Conspiracy guilty verdicts

Oath Keepers Stewart Rhodes, Kelly Meggs, Jessica Watkins, Kenneth Harrelson, Kelly Meggs, Mark Grods, Caleb Berry, James Dolan, Joshua James, Brian Ulrich, Todd Wilson (11 conspiracy verdicts)

Proud Boys Matthew Greene, Charles Donohoe, Jeremy Bertino, with Isaiah Giddings, Louis Colon, and James Stewart cooperating (3 known conspiracy verdicts)

Disorganized Militia Ronnie Sandlin, Nate DeGrave, with Josiah Colt cooperating (2 conspiracy verdicts)

“Patriots” Marshall Neefe and Charles Smith (2 conspiracy verdicts)

The J6C Transcripts: Patrick Byrne’s Conduit, Garrett Ziegler

/97 Comments/in , , /by

The other day, I noted that while I agree with Rayne that the January 6 Committee could use referrals to make important symbolic statements, the Committee’s referral, in practice, was weaker than it should have been to make that symbolic impact. That made bmaz’ earlier gripes about such a referral look more justified.

Similarly, the release of the first set of January 6 Committee transcripts last night show how right he has been that the Committee was remiss in not turning these over to DOJ sooner. Most of these transcripts are people who pled the Fifth and most you’re hearing about are the big name people like Mike Flynn and Roger Stone. But the first I read, from a Peter Navarro aide, Garrett Ziegler, hinted at just how valuable the J6C interviews will be, even of those who (like Ziegler) refused to cooperate.

Ziegler is most famous as the guy who let Sidney Powell, Mike Flynn, and Patrick Byrne into the White House for a famously confrontational meeting on December 18, 2020, which preceded Trump’s announcement of the January 6 riot. But Ziegler’s non-answers to J6C staffers serve as roadmap of the larger operation. He refused to answer questions about the following:

Ziegler was — is — a kid, totally unqualified for the role he had at the White House, which it sounds like he didn’t do anyway, instead at least partly working for Trump’s reelection on the taxpayer dime. But he was also totally wired into most aspects of the coup attempt.

His role in all this is interesting for several more reasons. First, it appears that Ziegler did not turn over the “path to victory” email in response to his January 6 subpoena, which means for all the times he invoked the Fifth, he might still have exposure to obstruction charges.

He is represented by John Kiyonaga — a lawyer who has represented key assault defendants in January 6, including former Special Forces guy Jeffrey McKellop. In fact, prosecutors are considering charging McKellop in January for violating the protective order covering evidence on January 6 by sending evidence from jail to others.

And Ziegler published a copy of both the “Hunter Biden” “laptop” and the diary stolen from Ashley Biden.