Posts

The Visibility of FBI’s Close Hold: John Durham Will Blame Michael Sussmann that FBI Told Alfa Bank They Were Investigating

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs of transcripts. But if you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations. This coverage reflects the culmination of eight months work. 

According to an exchange at the end of they day yesterday, John Durham’s team plans to introduce “a hundred” exhibits through their paralegal acting as a summary witness today.

My understanding is that the defense objects to the PowerPoint presentation style of the process. But, again, we think it just streamlines it in terms of — the alternative is to have to put literally a hundred exhibits in through Ms. Arsenault one at a time.

Given the exhibits from Monday, I assume Durham will throw a bunch of Fusion documents at the jury in an attempt to insinuate, once again, that Michael Sussmann shared with the press that the FBI was investigating the Alfa Bank anomaly.

The coming onslaught of Fusion documents

I say that because Mark Hosenball wrote the FBI for comment at 1:33PM on October 5, 2016, attaching the Mediafire package, asking for comment and noting that, “it has been suggested to me that this information and scenario is under careful investigation by the FBI.”

Hosenball’s email to the FBI puts it right at the beginning (in red, below) of the known universe of Fusion emails we’ve seen from that day, the timestamps of which Durham has repeatedly tried to obscure. (Maybe while paralegal Kori Arsenault is on the stand, Sussmann’s team can ask her why Durham’s exhibits misleadingly don’t correct for UTC.)

That said, there’s still a Hosenball email unaccounted for in which he shared one of the publicly available links to Tea Leaves packaged data. It’s quite possible that email precedes Seago’s question to Fritsch, which is currently the earliest email in the list, asking whether one of the i2p sites hosting the data was safe. See this post for background.

5:23PM (likely 1:23?): Seago to Fritsch, Is this safe?

1:31PM: [not included] Fritsch to Hosenball email with Alfa Group overview

1:32PM: Fritsch sends Isikoff the September 1, 2016 Alfa Group overview (full report included in unsealed exhibit)

1:33PM: Hosenball to FBI, “careful investigation by the FBI”

1:33PM [not included] Fritsch to Hosenball, “that memo is OTR — tho all open source”

1:35/1:36PM: Hosenball replies, “yep got it, but is that from you all or from the outside computer experts?”

1:37PM: Fritsch responds,

the DNS stuff? not us at all

outside computer experts

we did put up an alfa memo unrelated to all this

1:38PM: [not included] Hosenball to Fritsch:

is the alfa attachment you just sent me experts or yours ? also is there additional data posted by the experts ? all I have found is the summary I sent you and a chart… [my emphasis]

1:41PM: [not included] Fritsch to Hosenball:

alfa was something we did unrelated to this. i sent you what we have BUT it gives you a tutanota address to leave questions.  1. Leave questions at: [email protected]

1:41PM: [not included] Hosenball to Fritsch:

yes I have emailed tuta and they have responded but haven’t sent me any new links yet. but I am pressing. but have you downloaded more data from them ?

1:43PM: [not included] Fritsch to Hosenball, “no”

1:44PM: Fritsch to Lichtblau:

fyi found this published on web … and downloaded it. super interesting in context of our discussions

[mediafire link] [my emphasis]

2:23PM: [not included] Lichtblau to Fritsch, “thanks. where did this come from?”

2:27PM: [not included] Hosenball to Fritsch:

tuta sent me this guidance

[snip]

Since I am technically hopeless I have asked our techie person to try to get into this. But here is the raw info in case you get there first. Chrs mh

2:32PM: Fritsch to Lichtblau:

no idea. our tech maven says it was first posted via reddit. i see it has a tutanota contact — so someone anonymous and encrypted. so it’s either someone real who has real info or one of donald’s 400 pounders. the de vos stuff looks rank to me … weird

6:33PM (likely 2:33PM): Fwd Alfa Fritsch to Seago

6:57PM (like 2:57PM): Re alfa Seago to Fritsch

7:02PM (likely 3:02): Re alfa Seago to Fritsch

3:27PM: [not included] Fritsch to Hosenball cc Simpson: “All same stuff”

3:58PM: [not included] Hosenball to Fritsch, asking, “so the trumpies just sent me the explanation below; how do I get behind it?”

4:28PM: [not included] Fritsch to Hosenball, “not easily, alas”

4:32PM: Fritsch to Hosenball, cc Simpson:

Though first step is to send that explanation to the source who posted this stuff. I understand the trump explanations can be refuted.

So I assume that Durham will argue that Fusion must have passed on the information that the FBI was investigating — and they may have! (though none of the currently public emails reflect that — and suggest that was all part of Michael Sussmann’s devious plan on September 19.

When, under threat of prosecution, an attempt to prevent politicization turns into an attempt to hide political bias

That’s where things will get interesting. One key dispute in this case is why one keeps secrets. Durham wants to argue that keeping secrets can only serve a political purpose.

Sussmann will argue that keeping secrets facilitates national security interests.

Sussmann will show that everyone at the FBI recognized the value, to the FBI, of stalling a newspaper article about a potentially important threat so the FBI could covertly investigate it. All the more so during election season when — investigation after investigation into the Russian investigation has shown — the FBI was, if anything, being too careful in an attempt to avoid impacting Trump’s political fortunes, even while Jim Comey was tanking Hillary’s campaign. According to Sussmann’s own sworn testimony — testimony that Durham didn’t bother testing before charging Sussmann — allowing the FBI the opportunity to do that was the reason Sussmann shared the Alfa Bank anomaly with the FBI. Durham wants to imprison Sussmann for giving the FBI that heads up, arguing that because he hid his purported clients, it led the FBI to open a Full Investigation more quickly than they otherwise would have (even though, as Sussmann’s team has demonstrated, the FBI did nothing that would have required a Full Investigation in the short period during which they investigated).

A key part of that story Durham wants to tell — needs to tell, given all the evidence that the FBI perceived this to be a DNC-related tip — is that some of his key villains were attempting to hide the perceived political nature of the tip, rather than ensuring the integrity of the investigation itself (or possibly, but I’m still working on this, protecting the identity of a CHS).

Central to that narrative is the changing testimony of FBI Agent Ryan Gaynor — his stated reasons for refusing to let the case agents in Chicago interview either Sussmann or Georgia Tech professor David Dagon. In an interview on October 30, 2020 (a week after Durham had been granted Special Counsel status), Gaynor explained that he had intervened to make sure agents couldn’t conduct interviews that would have led to a more robust investigation to ensure the integrity of the investigation.

Q. Okay. So you remember telling the government that you believed that the agents in Chicago would have been biased by Mr. Sussmann’s perception of the issue — the source’s perception of the issue if they had interviewed him before they got all of the data and analyzed it?

A. Yes.

Q. Okay. And that’s because, at the time, you believed the DNC was the source of the information itself. Right?

A. That’s because, at the time, I believed that he was a DNC attorney associated with the Democratic party and it would be potentially highly-biasing information.

Q. And you told the government, if you had provided the identity of the DNC as the source of the information, they would have known there was possible political motivation. rignt?

A. I recall that exact statement.

Shortly after he gave this testimony, prosecutors took a break, and told his lawyer they were moving towards treating Gaynor as a subject of, rather than just a witness in, the investigation.

Q. Okay. Well, at or around the time you were talking about passing along the source’s name or not, you took a break in the meeting. Do you remember taking breaks during the meeting?

A. I do.

Q. And do you remember when you broke at that point that the government told your attorney that your own status in the investigation had changed. Do you remember hearing that?

A. So I didn’t hear that, but when my attorney came back in, he advised me that my status was in jeopardy.

After that, Gaynor went back, looked at two sets of scribbled notes (Gaynor, because he remains at FBI, was able to review his notes, unlike a number of other Durham witnesses), and decided that now that he thought about it, Jonathan Moffa had actually instructed him to keep a close hold on Sussmann’s identity. It wasn’t his decision anymore, it was Moffa’s, and the dastardly Peter Strzok was in on it. Once Gaynor testified that way, he became a — to Andew DeFilippis, anyway — credible witness again.

Q. Okay. And when you told the government there was a close hold, were you told that your status changed back to being a witness?

A. At the conclusion of the interview, once I had gone over all of the material that I brought and walked through what I had reconstructed and what I could recollect after doing so, I was informed that my status had changed, yes.

Q. Changed back to being a witness?

A. To a witness, yes.

Q. So you go into meeting one being told you are a witness, telling them you decided not to share the agents’ names among other things. Then you are told you are a subject facing criminal charges, potentially. You come back. You tell them about a close hold, and you go back to being a witness; is that right?

Politico may have been the only outlet that described this fairly shocking testimony.

These conflicting claims about the purported reasons to keep Sussmann’s identity (as opposed to the investigation itself) a secret are important background to that Hosenball email on October 5, which I suspect Durham will use to claim that the Democrats were leaking about the investigation.

Starting almost immediately after getting the investigation, Chicago case agents started asking to interview the source, variously defined to be either Sussmann or the person who wrote the white paper. Gaynor kept pushing the agents to go review the logs again — though the file memorializing the contents of what it describes as a single thumb drive (Sussmann shared two) was not written up until October 4. But then, by October 5 (the same day that Hosenball asked the FBI for comment, albeit this report comes in four hours later), FBI had learned from one of their confidential human sources that David Dagon had a role in the white paper and he — and the FBI’s own source! — would be going public pushing the credibility of the allegations.

In that email, newbie agent Allison Sands explained that they were going to contact Dagon.

So, among other things, on the same day Hosenball writes in reflecting an awareness that there was an ongoing investigation, the FBI hears from a CHS who says he or she has already been talking with David Dagon and was going public backing the claims (though this source was speaking to the WaPo, not Reuters).

Note that, as of that date, the FBI still hadn’t received logs from Listrak.

By the time Allison Sands wrote that email, it appears from Lync messages that like others probably haven’t been noticed to reflect UTC time zone, had already contacted Rodney Joffe’s handler to contact Dagon.

Fun with missing Bates stamps

Side note. There are actually two versions of the notes that purportedly caused Gaynor to change his mind about there being a close hold and on what source that close hold was on. There’s Defense Exhibit 524, which has a slew of Bates stamps, and 7 redactions.

And then there’s a page from Government Exhibit 279, which appears between a page with Bates stamp SC-6454 and one with Bates stamp SC-6456, which has no Bates stamp at all (and lacks the protective order stamp that appears on the other pages of the exhibit).

That version of the exhibit has just four redactions, one of which is smaller. The unredacted bits on the exhibit reveal discussions of the informant and recognition that the statements of the informant “likely triggered” the press attention.

Incidentally, Durham’s team took an entire day to upload this set of exhibits. I’m wondering if the exhibit that was viewed by Gaynor and entered into evidence actually looked like this one does.

Calling the agent of a foreign agent to ask for comment

There’s one other thing going on. On the stand, Gaynor spent a great deal of time explaining about how important it was to hide an investigation — particularly from anyone who might have a partisan interest — during an election.

Except for all the talk of a close hold, the FBI wasn’t holding this very close. They were stomping around to a bunch of sources asking for data logs, even before they had checked what was on (one of) the thumb drives that Sussmann had dropped off. They fairly demonstrably were stomping around before they understood what they should be looking for.

They also were calling Mandiant, which was working for Alfa Bank, which by October 19 when they were formally interviewed discovered Alfa Bank had no logs, but which knew of the investigation by October 5.

Q. Uh-huh. You testified about the reasons why you’d want to keep it covert, you wouldn’t want to do anything that could affect the election so close to the election. Right?

A. Yes.

Q. The FBI, as part of the Alfa-Bank investigation, talked to a number of different individuals outside of the FBI to acquire information, to get you information so that you could investigate the allegations. Right?

A. Yes.

Q. Okay. You spoke to people at Central Dynamics?

A. Yes, and I believe the investigative team documented in the email that I saw that they had done it in a manner to attempt to avoid it outing the allegation.

[snip]

A. I’m sorry?

Q. And how is that that they could conduct an interview with a third party in a way that the third party wouldn’t tell other people about it?

A. They described it in a manner that they had obfuscated what their direct interest was.

Q. So from the Central Dynamics’ perspective, they didn’t know what you were looking at?

A. That is what I had in the email chain, yes. n

Q. But you testified that the FBI interviewed Mandiant as part of the investigation. Correct?

A. Yes. My understanding there is that was a private liaison relationship that occurred.

Q. Mandiant — just to be clear — Alfa-Bank itself hired Mandiant to analyze whether there was a secret communications channel. Correct?

A. Yes.

Q. So Alfa-Bank paid Mandiant to look into whether there was a secret communications channel. Right?

A. Yes.

Q. And Alfa-Bank obviously had a relationship with Mandiant that was put at issue by hiring Mandiant. Right?

A. Yes.

Q. Okay. So the FBI went to Alfa-Bank’s paid consultant and asked them for their view on the allegation. Correct?

A. I believe the FBI had a prior relationship with one of the employees, and they utilized that in the field. Plus, I don’t think the Bureau would violate policy on a sensitive investigative matter when the Chief Division Counsel of the office is involved. So I would assume that they did that in a manner that they did not feel would be alerting or go to the media.

Q. Mr. Gaynor, the FBI in this investigation went to Alfa-Bank’s paid consultant and asked them for their views of the allegations. correct?

A. Yes.

Q. And Alfa-Bank’s paid consultant could have told Alfa-Bank. Correct?

A. Yes.

Q. And could have told the press for all you know. Correct?

A. Yes. And I don’t know how Chicago mitigated that.

Q. And is it your testimony that going to Alfa-Bank, the Russian bank that is the focus of this investigation, and asking their paid consultant for their views on the matter wasn’t going to overt?

A. Again, I don’t know how Chicago mitigated that issue.

[snip]

Q. Did you ever have a conversation with anybody at headquarters about whether to provide the names of the source to the Chicago agents?

A. Yes. There was a conversation about the close hold, as I mentioned, although it wasn’t correctly, I guess, documented between Pete Strzok, myself and Mr. Moffa at some point during that time period.

[snip]

Q. And the reason that you say no one talked to him is because, as of that point, October 6th, you had already concluded that there was nothing to these allegations. Right?

A. As of October 5th, evening of October 5th, we had come to a pretty solid conclusion that these allegations did not have merit and there wasn’t a national security threat.

Q. Are you aware that the agents first interviewed Alfa-Bank’s paid consultant, Mandiant, merely two weeks later on October 19th?

A. So I’m aware that we had information from Mandiant as of October 5th that they had looked at this allegation and found that it didn’t have merit. And then I’m also aware that there was an interview that was conducted later, October 19th or so, when I was made aware of it, yes.

A text between Allison Sands and Scott Hellman reflects the FBI had contact with Alfa Bank by October 4.

It appears that contact occurred in London — a place where Mark Hosenball has strong source ties since the time in 1976 when he got expelled for reporting on Northern Ireland.

In other words, Gaynor’s currently operative stance is that case agents couldn’t contact David Dagon — much less Rodney Joffe, who had business ties with the FBI — to find out what was going on, because that would present a conflict.

But it was okay for the FBI to contact the agent of the subject of the investigation overtly.

Agent Gaynor belatedly rediscovers the Mediafire package

Incidentally, when that original request for comment from Hosenball came in, it got transferred to people in the cyber division, then shared with the investigative team. In response, the senior-most person on that team sent it to Peter Strzok. Strzok forwarded it, at 3:02 on October 5, to Ryan Gaynor.

On October 13, just over a week after he had originally received it, Gaynor sent the Mediafire package to the case team, noting that the observations in it reflected actions taken in response to their investigation, but asking for their technical opinion.

He included Moffa and Joe Pientka on that email.

But not Strzok, who knew he had received it 8 days earlier.

OTHER SUSSMANN TRIAL COVERAGE

Scene-Setter for the Sussmann Trial, Part One: The Elements of the Offense

Scene-Setter for the Sussmann Trial, Part Two: The Witnesses

The Founding Fantasy of Durham’s Prosecution of Michael Sussmann: Hillary’s Successful October Surprise

With a Much-Anticipated Fusion GPS Witness, Andrew DeFilippis Bangs the Table

John Durham’s Lies with Metadata

emptywheel’s Continuing Obsession with Sticky Notes, Michael Sussmann Trial Edition

Brittain Shaw’s Privileged Attempt to Misrepresent Eric Lichtblau’s Privilege

The Methodology of Andrew DeFilippis’ Elaborate Plot to Break Judge Cooper’s Rules

Jim Baker’s Tweet and the Recidivist Foreign Influence Cheater

That Clinton Tweet Could Lead To a Mistrial (or Reversal on Appeal)

John Durham Is Prosecuting Michael Sussmann for Sharing a Tip on Now-Sanctioned Alfa Bank

Apprehension and Dread with Bates Stamps: The Case of Jim Baker’s Missing Jencks Production

Technical Exhibits, Michael Sussmann Trial

Jim Baker’s “Doctored” Memory Forgot the Meeting He Had Immediately After His Michael Sussmann Meeting

The FBI Believed Michael Sussmann Was Working for the DNC … Until Andrew DeFilippis Coached Them to Believe Otherwise

John Durham’s Lies with Metadata

Thanks to those who’ve donated to help defray the costs of trial transcripts. Your generosity has funded the expected costs. If you appreciate the kind of coverage no one else is offering, we’re still happy to accept donations for this coverage — which reflects the culmination of eight months work. 

I’d like to thank John Durham for showing us back in April how he was going to mislead the jury with metadata.

He appears to have done just that, yesterday, with several exhibits entered into evidence. And I fear that unless Durham’s lie is corrected, he will gravely mislead the jury.

As I pointed out in April, because of the email system at Fusion GPS, the first email in any thread they produced to Durham renders as UTC; the rest render as ET. So, for the emails on which one could check, the first email in every thread they released in April was four hours later than the time the email was actually sent.

Durham has revealed that his exhibit has irregularities in the emails pertaining to a key issue: whether Fusion sent out a link to April Lorenzen’s i2p site before Mark Hosenball sent it to them.

This shows up in the timestamps. In the exhibit, the lead email for each appearance appears to be set to UTC, whereas the sent emails included in any thread appear to be set to ET.

For example, in this screencap, the time shown for Mark Hosenball’s response to Peter Fritsch (the pink rectangle) is 1:35 PM, which is presumably Eastern Time.

In this screencap, the very same response appears to be sent at 5:36PM, which is presumably UTC.

Both instances of Peter Fritsch’s email (the green rectangle), “that memo is OTR–tho all open source,” show at 1:33PM, again, Eastern Time.

To be clear: this irregularity likely stems from Fusion’s email system, not DOJ’s. It appears that the email being provided itself is rendered in UTC, while all the underlying emails are rendered in the actual received time.

That means if you show someone only the first email in a thread, you will be misrepresenting what time that email was sent.

That’s what Durham did yesterday with a bunch of Fusion-produced emails he submitted during Laura Seago’s testimony, including (but not limited to):

Over and over, Andrew DeFilippis showed these to Laura Seago and asked her to state what date and time the emails were.

MR. DeFILIPPIS: Okay. And, Your Honor, if there’s no objection from the defense, we’ll offer Government’s Exhibit 612.

MR. BERKOWITZ: No objection.

THE COURT: So moved.

Q. Okay. So what is the date and time of this email?

A. October 5, 2016, at 5:23 p.m.

Q. And the “Subject” line?

A. “Re: so is this safe to look at” — excuse me — “so this is safe to look at.”

While these emails appear to have been produced to Durham at a later time (their Bates numbers from Fusion are about 3000 pages off some of the earlier ones), they’re from the same series and produced by the same custodian, so we should assume that the same anomaly that existed on the earlier ones exists here.

Seago hasn’t seen these emails for years and — because they were treated as privileged — she can only see the first email in a thread, even if there are replies in that thread (and there clearly are, in some of them). She had no way of knowing if she was looking at UTC time!

But Andrew DeFilippis surely does. Indeed, he’s prepping an attack on Sussmann for not understanding that Durham turned over Lync files from the FBI without making clear they, also, get produced in UTC. So he’s aware of which exhibits he has sent to Sussmann without clarifying the correct time. Yet over and over again, DeFilippis asked Seago what time these emails were sent, even though he likely knows (especially since these are files that are no longer privileged, so he has seen those that are threads) that he was deceiving her.

And the timing of these Fusion emails — and possibly some earlier ones exchanged with Rodney Joffe — almost certainly matter.

As I showed in my earlier post, because Durham didn’t fix the anomaly in these emails, they have created the false impression that an October 5 email from Mark Hosenball that shared public links to Tea Leaves’ files came in after Fusion sent it out to Eric Lichtblau. They appear to be prepping another deceit, this one conflating a link that Hosenball sent with one Seago found on Reddit.

Assuming the emails released yesterday share this same anomaly, here’s how the timeline would work out. I’ve bolded the ones that would be grossly misleading taken out of order.

5:23PM (could be 1:23?): Seago to Fritsch, Is this safe?

1:31PM: [not included] Fritsch to Hosenball email with Alfa Group overview

1:32PM: Fritsch sends Isikoff the September 1, 2016 Alfa Group overview (full report included in unsealed exhibit)

1:33PM [not included] Fritsch to Hosenball, “that memo is OTR — tho all open source”

1:35/1:36PM: Hosenball replies, “yep got it, but is that from you all or from the outside computer experts?”

1:37PM: Fritsch responds,

the DNS stuff? not us at all

outside computer experts

we did put up an alfa memo unrelated to all this

1:38PM: [not included] Hosenball to Fritsch:

is the alfa attachment you just sent me experts or yours ? also is there additional data posted by the experts ? all I have found is the summary I sent you and a chart… [my emphasis]

1:41PM: [not included] Fritsch to Hosenball:

alfa was something we did unrelated to this. i sent you what we have BUT it gives you a tutanota address to leave questions.  1. Leave questions at: [email protected]

1:41PM: [not included] Hosenball to Fritsch:

yes I have emailed tuta and they have responded but haven’t sent me any new links yet. but I am pressing. but have you downloaded more data from them ?

1:43PM: [not included] Fritsch to Hosenball, “no”

1:44PM: Fritsch to Lichtblau:

fyi found this published on web … and downloaded it. super interesting in context of our discussions

[mediafire link] [my emphasis]

2:23PM: [not included] Lichtblau to Fritsch, “thanks. where did this come from?”

2:27PM: [not included] Hosenball to Fritsch:

tuta sent me this guidance

[snip]

Since I am technically hopeless I have asked our techie person to try to get into this. But here is the raw info in case you get there first. Chrs mh

2:32PM: Fritsch to Lichtblau:

no idea. our tech maven says it was first posted via reddit. i see it has a tutanota contact — so someone anonymous and encrypted. so it’s either someone real who has real info or one of donald’s 400 pounders. the de vos stuff looks rank to me … weird

6:33PM (likely 2:33PM): Fwd Alfa Fritsch to Seago

6:57PM (like 2:57PM): Re alfa Seago to Fritsch

7:02PM (likely 3:02): Re alfa Seago to Fritsch

3:27PM: [not included] Fritsch to Hosenball cc Simpson: “All same stuff”

3:58PM: [not included] Hosenball to Fritsch, asking, “so the trumpies just sent me the explanation below; how do I get behind it?”

4:28PM: [not included] Fritsch to Hosenball, “not easily, alas”

4:32PM: Fritsch to Hosenball, cc Simpson:

Though first step is to send that explanation to the source who posted this stuff. I understand the trump explanations can be refuted.

 

 

What Durham will completely and utterly misrepresent if it doesn’t clarify this anomaly (and this is the second time they have declined to) is that Seago and Mark Hosenball both accessed different packages of the Tea Leaves materials, one of which then got sent out to Lichtblau. Between 2:33 and 2:57, Seago appears to have compared the files and told Fritsch, who then told Hosenball, that the packages were “all the same stuff.”

John Durham Continues to Hide How Michael Sussmann Helped Kill the NYT Story

The two sides in the Michael Sussmann case have submitted their responses to motions in limine.  They include:

I’m not going to do a detailed analysis of the merit of these arguments here. The filings make it clear that, unless Durham accidentally turns this into a trial about Donald Trump’s numerous back channels to Russia, the trial will focus on the meanings of “benefit” and “on behalf of.” The entire record makes it clear Sussmann understood he was representing Rodney Joffe but that he was not asking for any benefit for Joffe, and as such said he was not there on behalf of a client. Because Durham doesn’t believe that Russia was a real threat even to Donald Trump, he doesn’t believe that such a tip could benefit the country, and so sees such a tip exclusively as a political mission. As I’ll show, the YotaPhone allegation–which Durham has recently turned to as his smoking gun–in fact undermines Durham’s argument on that point (which is probably why Sussmann has no complaint about it coming in as evidence).

In general, I think Sussmann’s arguments are stronger, sometimes substantially so, but could see Judge Christopher Cooper ruling for Durham on some of them.

But I want to look at some of the new facts revealed by these filings.

Non-expert expert

As noted, Durham provided the kind of information in his response to Sussmann’s challenge to his expert that one normally provides with a first notice (here’s what Durham initially provided). Durham describes he’ll provide the basis to qualify Agent David Martin in a future disclosure (a tacit admission the resumé they had originally submitted was inadequate) which will explain,

[T]he Government intends to provide defense with a supplemental disclosure regarding his training and experience with DNS and TOR, including the following:

  • As part of his cyber threat investigations, Special Agent Martin regularly analyzes network traffic, which includes DNS data;
  • in furtherance of his investigations, Special Agent Martin reviews DNS data regularly, often on a daily and/or weekly basis ; and
  • as an FBI Unit Chief, Special Agent Martin supervises analysts and other agents work product, which includes technical review of DNS data analysis

Which is to say Martin uses DNS data but is not as expert as a number of the possible witnesses at trial he would be suggesting were part of some grand conspiracy (note, this summary is silent on his Tor expertise, which is both a more minor part of the evidence but will be a far more contentious one at trial).

The more remarkable claim that Durham says Martin will make in rebuttal if Sussmann affirms the authenticity of the data is that, because the data was necessarily a subset of all global DNS data, it’s like it was cherry-picked, even if it was not deliberately so.

That while he cannot determine with certainty whether the data at issue was cherry-picked, manipulated, spoofed or authentic, the data was necessarily incomplete because it was a subset of all global DNS data;

Given what I’ve learned about the data in question, this judgment seems both to misunderstand the collection process and may badly misstate what an expert should be able to say. Significantly, this suggests Martin will testify as an expert without trying to replicate the effort of the various strands of research that identified the data in the first place, which is the process an expert would need to do to comment on the authenticity of the data. Not attempting to do so would only make sense if the FBI had less visibility into DNS data than the researchers in question (or if they knew replicating it would replicate the results and kill their case).

Killed the story

Several more details in the filings reveal just how far over his skis Durham is in claiming that the Democrats were the real impetus to the story (rather than, for example, April Lorenzen). Sussmann’s indictment, remember, starts with the two Alfa Bank articles published on October 31, 2016 even while he admits that Franklin Foer sources his story to Tea Leaves.

That’s true even though the indictment provides just three ways in which Sussmann was involved in the story. First and very significantly, in response to Eric Lichtblau asking (in a question that reflects past discussions about the very real hacking Russia was doing), “I see Russians are hacking away. any big news?,” Sussmann met with Lichtblau, brought Marc Elias into the loop, who in turn brought Jake Sullivan in. He undoubtedly seeded the initial story. And per his own testimony he may have pitched it to Foer and Ellen Nakashima, though Durham provides no evidence of that (unless it involves follow-up after the first Foer story).

Then, Durham describes that on October 10 — at a time when “Phil” was sending a series of DMs to the NYT about the Alfa Bank allegations and when several NYT reporters were in contact with a number of other experts, at least one of whom has never been mentioned in any Durham filings — Sussmann gave Lichtblau a nudge, but a nudge that (at least as described) not only didn’t mention the Alfa Bank allegation, but didn’t even mention Russia. He did so by forwarding an opinion piece talking about how NYT wasn’t reporting as aggressively on Trump as other outlets.

Then after Franklin Foer’s story (sourced to Tea Leaves and Jean Camp though possibly involving Sussmann) came out, Sussmann’s billing records show, he responded to other reporters’ inquiries about the story.

I have no doubt Sussmann would have loved this story to break, but Durham provides no evidence that Sussmann was the big push behind it (and the public evidence shows Tea Leaves was).

Indeed, new details in Sussmann’s filing make it clear that Durham has, as I suspected, replicated some of the erroneous assumptions that Alfa Bank did to sustain his conspiracy theories. Sussmann summarizes the journalist-involved communications to which Sussmann was not a party that Durham wants to introduce at trial.

This table puts names to the narrative Durham tells in his filing. Importantly, it reveals that the reporter who — in addition to making it clear he had gotten to Fusion’s “experts via different channels,” raised questions about the source of the data (the same topic Durham’s expert doesn’t seem prepared to address) — is Mark Hosenball.

That’s important because, according to Fusion’s lawyer Joshua Levy, Hosenball sent Fusion the link to Tea Leaves’ data, not vice versa. It’s not clear whether this later email reflects Hosenball sending that link (plus there’s a discrepancy between what date Durham says these emails were exchanged and what date Sussmann does, October 16 and October 18 respectively), but if so, it would mean Hosenball was shopping data that had been available via other means, means that aren’t known to involve Sussmann or Fusion.

In other words, just a single one of these later emails that Durham is pointing to to support his claim that Democrats were pushing this story involves the Democrats taking the initiative, and it only involves Peter Fritsch forwarding this story and pushing Foer to hurry up on his own story (which he sourced to Tea Leaves and Camp) on the Alfa Bank anomaly.

That’s important because Durham completely leaves out of his narrative how Sussmann helped kill the initial NYT story, and now he says that helping the FBI kill a story on his client’s opponent just before an election would not be exculpatory.

As a reminder, Sussmann testified to HPSCI that the reason he shared the information with the FBI was to provide them the maximum flexibility to decide what to do with it.

I was sharing information, and I remember telling him at the outset that I was meeting with him specifically, because any information involving a political candidate, but particularly information of this sort involving potential relationship or activity with a foreign government was highly volatile and controversial. And I thought and I remember telling him that it would be a not-so-nice thing ~ I probably used a word more stronger than “not so nice” – to dump some information like this on a case agent and create some sort of a problem. And I was coming to him mostly because I wanted him to be able to decide whether or not to act or not to act, or to share or not to share, with information I was bringing him to insulate or protect the Bureau or — I don’t know. just thought he would know best what to do or not to do, including nothing at the time.

And if I could just go on, I know for my time as a prosecutor at the Department of Justice, there are guidelines about when you act on things and when close to an election you wait sort of until after the election. And I didn’t know what the appropriate thing was, but I didn’t want to put the Bureau or him in an uncomfortable situation by, as I said, going to a case agent or sort of dumping it in the wrong place. So I met with him briefly and

Q Did you meet — was it a personal meeting or a phone call?

A Personal meeting.

Q At the FBI?

A At the FBI. And if I could just continue to answer your question, and soI told him this information, but didn’t want any follow-up, didn’t ~ in other words, I wasn’t looking for the FBI to do anything. I had no ask. I had no requests. And I remember saying, I’m not you don’t need to follow up with me. I just feel like I have left this in the right hands, and he said, yes.

He described then how Baker called him back and asked him for the name of the journalist who was about to publish the story.

Q The conversations you had with the journalists, the ~

A Oh, excuse me. I did not recall a sort of minor conversation that I had with Mr. Baker, which I don’t think it was necessarily related to the question you ‘asked me, but I just wanted to tell you about a phone call that I had with him 2 days after I met with him, just because I had forgotten it When I met with him, I shared with him this information, and I told him that there was also a news organization that has or had the information. And he called me 2 days later on my mobile phone and asked me for the name of the journalist or publication, because the Bureau was going to ask the public — was going to ask the journalist or the publication to hold their story and not publish it, and said that like it was urgent and the request came from the top of the Bureau. So anyway, it was, you know, a 5-minute, if that, phone conversation just for that purpose.

While it’s quite clear that Sussmann seeded the NYT story before his meeting and the follow-up phone call with Baker (and also spoke, at some time or another, to Foer and Ellen Nakashima), Durham provides no evidence that Sussmann — and even Fusion! — were doing anything more after FBI intervened to kill the story than responding to inquiries, inquiries that were largely based off Tea Leaves’ efforts.

They may well have been. Durham is not presenting any evidence of it.

We know from discovery records that at the time that Durham indicted Sussmann, he had not yet bothered to chase this follow-up down. Altogether, there were 37 emails on top of the records of the face-to-face meeting where the FBI asked the NYT to hold the story.

On September 27, November 22, and November 30, 2021, the defense requested, in substance, “any and all documents including the FBI’s communications with The New York Times regarding any of [the Russian Bank-1] allegations in the fall of 2016.” In a subsequent January 10, 2022 letter, the defense also asked for information relating to a meeting attended by reporters from the New York Times, the then-FBI General Counsel, the then-FBI Assistant Director for Counterintelligence, and the then-FBI Assistant Director for Public Affairs. In response to these requests, the Special Counsel’s Office, among other things, (i) applied a series of search terms to its existing holdings and (ii) gathered all of the emails of the aforementioned Assistant Director for Public Affairs for a two-month time period, yielding a total of approximately 8,900 potentially responsive documents. The Special Team then reviewed each of those emails for relevant materials and produced approximately 37 potentially relevant results to the defense.

This was a significant effort to avoid a story about an ongoing investigation, one that helped FBI protect Trump.

And Sussmann believes — correctly — that the fact he helped the FBI kill a damaging story on Hillary’s opponent is exculpatory. Here’s what Sussmann says Joffe would say if he testified:

And the defense believes that, if called to testify, Mr. Joffe would offer critical exculpatory testimony, including that: (1) Mr. Sussmann and Mr. Joffe agreed that information should be conveyed to the FBI and to Agency-2 to help the government, not to benefit Mr. Joffe; (2) the information was conveyed to the FBI to provide a heads up that a major newspaper was about to publish a story about links between Alfa Bank and the Trump Organization; (3) in response to a later request from Mr. Baker, Mr. Sussmann conferred with Mr. Joffe about sharing the name of that newspaper before Mr. Sussmann told Mr. Baker that it was The New York Times; (4) the researchers and Mr. Joffe himself held a good faith belief in the analysis that was shared with the FBI, and Mr. Sussmann accordingly and reasonably believed the data and analysis were accurate; and (5) contrary to the Special Counsel’s entire theory, Mr. Joffe was neither retained by, nor did he receive direction from, the Clinton Campaign. [my emphasis]

To sustain his claim that there would be no benefit to the FBI in getting such a heads up and the opportunity — which they availed themselves of — to kill the story, Durham restates and seriously downplays the decision that both Joffe and Sussmann made to give the FBI the opportunity to kill the story.

The defendant’s further proffer that Tech Executive-1 would testify that (i) the defendant contacted Tech Executive-1 about sharing the name of a newspaper with the FBI General Counsel, (ii) Tech Executive-1 and his associates believed in good faith the Russian Bank-1 allegations, and (iii) Tech Executive-1 was not acting at the direction of the Clinton Campaign, are far from exculpatory. Indeed, even assuming that all of those things were true, the defendant still would have materially misled the FBI in stating that he was not acting on behalf of any client when, in fact, he was acting at Tech Executive-1’s direction and billing the Clinton Campaign. [my emphasis]

He makes no mention of the fact that FBI spent considerable effort — an effort made possible by Sussmann and Joffe — to protect the investigation and Trump. He doesn’t even admit that the reason why Sussmann asked Joffe about sharing Lichtblau’s name is so that the FBI could kill the story.

The YotaPhone that was not in Trump’s hands

Michael Sussmann could be putting up a far bigger stink that Durham wants to introduce Sussmann’s meeting with the CIA in February 9, 2017, especially the way that Durham keeps revealing inaccurate details about it. This is an event that happened five months after his alleged crime, one that (as Sussmann notes) could not be part of the same effort as Durham alleges the FBI meeting was about, because there no longer was a Hillary campaign.

He’s not. In fact, he says he has no problem with Durham introducing the February 9 meeting.

In any event, Mr. Sussmann does not object to the introduction of this discrete CIA statement pursuant to Rule 404(b).9 But Mr. Sussmann disagrees with the Special Counsel’s characterization and interpretation of that statement, and he reserves his right to introduce evidence rebutting the Special Counsel’s claims, including evidence that will demonstrate that Mr. Sussmann disclosed to CIA personnel that he had a client and that he had worked with political clients. See, e.g., Mem. of Conversation at SCO-3500U-010119-120 (Jan. 31, 2017) (“Sussman[n] said that he represents a CLIENT who does not want to be known. . . Sussman[n] would not provide the client’s identity and was not sure if the client would reveal himself . .”); id.at SCO3500U-010120 (“Sussman[n] is [] openly a Democrat and openly told [CIA personnel] that he does lots of work with DNC”).

The reason why Sussmann has no objection likely has to do with that January 31 document, which Durham posted to docket along with the memorialization of the February 9 meeting. Indeed, given the Bates stamp on the document — SCO-00081634 for the January 31 document as compared to SCO-074877 — Durham may have only obtained this document in response to Sussmann’s repeated requests for the complete list of the people he spoke with at the CIA.

In any case, both documents actually help Sussmann more than Durham. They show that even in the February 9 meeting, Sussmann was upfront about his ties to the Democrats and described the data source as private — the very same things Durham claims Sussmann was deliberately hiding from the FBI in September. In the January 31 meeting, he explicitly said he had a client and even conveyed that Joffe is a Republican.

Read together, these meeting records are consistent with Sussmann’s story: that he went to the government bringing data from someone — Joffe — who wanted it shared but was not otherwise asking Sussmann to intervene as a lawyer. On behalf of someone, but not making a formal request as a lawyer.

Very importantly, both meetings make it clear that the suspicion was not that Trump was using a YotaPhone, but that someone in his vicinity was. That’s because “there was once [sic] instance when Trumbo [sic] was not in Trump p Tower at but the phone was active on Trump tower WIFI network” and “the information provided would show instances when the Yota-phone and then candidate Trump were not believed to be collocated.” This is the description of someone suspected of infiltrating Trump’s campaign, not Trump secretly siding with Russia.

There are still problems with it: The claim that the phone moved to the White House with Trump is not possible because the phone moved in December 2016, when Obama was still occupying it (and to the extent that Trumpsters had moved to DC yet, Trump was working out of Trump Hotel). Given Durham’s claim that there was YotaPhone metadata at the White House going back to 2014, it’s unclear whether the phone at the White House in December 2016 could be the earlier phone or a Trump one.

For example, the more complete data that Tech Executive-1 and his associates gathered – but did not provide to Agency-2 – reflected that between approximately 2014 and 2017, there were a total of more than 3 million lookups of Russian Phone-Provider-1 IP addresses that originated with U.S.-based IP addresses. Fewer than 1,000 of these lookups originated with IP addresses affiliated with Trump Tower. In addition, the more complete data assembled by Tech Executive-1 and his associates reflected that DNS lookups involving the EOP and Russian Phone Provider-1 began at least as early 2014 (i.e., during the Obama administration and years before Trump took office) – another fact which the allegations omitted

But even Durham agrees there were YotaPhone look-ups from Trump’s vicinity, and while he doesn’t understand it, his own filing confirms that these phones are super rare. And given the description that the YotaPhone showed up in MI when Trump was interviewing a cabinet member (and given some things I’ve heard about this allegation), it does seem to tie the YotaPhone to Betsy DeVos.

John Durham has said the only reason you could write up details about DNS anomalies implicating Trump is malicious partisanship, and yet his filing does just that.

Still, the traffic might be most consistent with a Secret Service agent on Trump’s detail using a YotaPhone, something that — given the Secret Service’s never ending scandals — wouldn’t be the kind of thing you could rule out.

The story is consistent with Joffe and the researchers identifying — via DNS look-ups, not the servers at Trump Tower or the White House — that there was metadata reflecting something that could be a significant counterintelligence concern, one that had the intent of hurting Trump, not helping him. The frothers think it was a good thing that a spy on DiFi’s staff and another volunteering for an Eric Swalwell campaign were identified; but if it’s Trump, they want counterintelligence concerns to take a back seat.

And in retrospect, the possibility there was a Russian spy in Trump’s vicinity would be no big surprise, given his track record. His campaign manager admitted he had hidden his work for Ukrainian oligarchs and was hoping to exploit his ties to Trump to get paid by them and a Russian oligarch. His National Security Advisor admitted he had secretly been working for Turkey while getting classified briefings with the candidate. The guy who got him hired, who went on to run his Inaugural Committee, is accused of working for the Emirates when he did all that.

The only way that finding potential spies infiltrating Trump’s campaign would be an attack on his campaign is if he wanted those spies there.

Then again, that seems to be what Tom Barrack is going to use as his defense, so maybe that’s what is really driving this scandal.

Once Again, US Ratchets Up Rhetoric Against Pakistan

The pattern by now is all too familiar.  Once again, the US is ratcheting up its rhetoric against Pakistan.  Earlier instances included the “crisis” when the US killed three Pakistani soldiers and Pakistan responded by closing strategic border crossings.  This was followed by the Raymond Davis fiasco. Then came exchanges of bluster over the US unilateral action that took out Osama bin Laden.  Now, the target of US ire is the cozy relationship between the Haqqani network and Pakistan’s intelligence agency, the ISI.

Reporting for Reuters, Mark Hosenball and Susan Cornwell tell us this morning that some in the US intelligence community are now assigning a direct role for ISI in the Haqqani network attack on the US embassy in Kabul:

Some U.S. intelligence reporting alleges that Pakistan’s Inter Services Intelligence directorate (ISI) specifically directed, or urged, the Haqqani network to carry out an attack last week on the U.S. Embassy and a NATO headquarters in Kabul, according to two U.S. officials and a source familiar with recent U.S.-Pakistan official contacts.

The article informs us that the Senate Appropriations Committee has added to the pressure on Pakistan:

The Senate committee approved $1 billion in aid to support counter-insurgency operations by Pakistan’s military, but voted to make this and any economic aid conditional on Islamabad cooperating with Washington against militant groups including the Haqqanis.

A series of high-level meetings between US and Pakistani officials also has taken place over the last week to hammer home these allegations against Pakistan, despite this warning in the Reuters article:

However, U.S. officials cautioned that the information that Pakistan’s spy agency was encouraging the militants was uncorroborated.

A series of articles on the website for Pakistan’s Dawn news agency provides some perspective on the coverage of the issue in Pakistan.  One article provides a forum for Interior Minister Rehman Malik after his meeting with FBI Director Robert Mueller yesterday: Read more