Posts

John Durham Keeps Chasing Possible Russian Disinformation

/59 Comments/in , /by

Yesterday, the two sides in the Michael Sussmann case submitted the proposed jury questions they agree on and some they disagree on.

Durham objects to questions about security clearances and educational background (presumably Durham wants to make it harder for Sussmann to get people who understand computers and classification on the jury).

Sussmann objects to questions about April Lorenzen’s company and Georgia Tech.

He also objects to a question that assumes, as fact, that the Hillary campaign and the DNC “promoted” a “collusion narrative.”

I suspect Sussmann’s objections to these questions are about direct contact. For all of Durham’s heaving and hollering, while Sussmann definitely met with Fusion GPS, of the researchers, the indictment against Sussmann only shows direct contact with David Dagon. Everything else goes through Rodney Joffe. Plus, a document FOIAed by the frothy right shows that Manos Antonakakis believes what is portrayed in the indictment is at times misleading and other times false, which I assume he’ll have an opportunity to explain at trial.

As regards the campaign, as I already noted, when Sussmann asked Durham what proof the Special Counsel had that he was coordinating with the campaign, Durham pointed to Marc Elias’ contacts with the campaign and, for the first time (over a month after the indictment), decided to interview a Clinton staffer.

Sussmann will probably just argue that Durham’s plan to invoke these things simply reflects Durham’s obstinate and improper treatment of a single false statement charge as a conspiracy the Special Counsel didn’t have the evidence to charge.

But Durham’s inclusion of it makes me suspect that Durham wants to use an intelligence report that even at the time analysts noted, “The IC does not know the accuracy of this allegation or the extent to which the Russian intelligence analysis may reflect exaggeration or fabrication.” Nevertheless, John Ratcliffe, who has a history of exaggeration for career advancement, declassified, unmasked Hillary’s name, and then shared with Durham.

If Durham does intend to use this, though, it would likely mean Durham would have to share parts of the Roger Stone investigation file with Sussmann. That’s because the report in question ties the purported Clinton plan to Guccifer 2.0.

And as the FBI later discovered, there was significant evidence that Roger Stone had been informed of the Guccifer 2.0 persona before it went public.

That information, along with a bunch of other things revealed about Stone’s activities before this Russian report, suggest the Russian report may actually be an attempt to protect Stone, one that anticipated Stone’s claims in the days after the report that Guccifer 2.0 was not Russian.

Unless Durham finds a way to charge conspiracy in the next two months, Judge Christopher Cooper would do well to prevent Durham from continuing his wild conspiracy theorizing. Because it’s not clear Durham knows where the strings he is pulling actually lead.

John Durham’s Top Prosecutor, Andrew DeFilippis, Allegedly Miffed that DARPA Investigated Guccifer 2.0

/59 Comments/in , , /by

Vladimir Putin’s invasion of Ukraine and the sanctions imposed as a result has led lawyers in the US to drop the now-sanctioned Alfa Bank and its owners, leading to the dismissal of the John Doe, BuzzFeed, and Fusion GPS lawsuits filed by Alfa Bank or its owners. That has, for now, brought an end to a sustained Russian effort to use lawfare to discover “U.S. cybersecurity methods and means” (as some of Alfa’s targets described the effort).

But the dismissal of the Alfa Bank suits hasn’t halted the effort to expose US cybersecurity efforts in the guise of pursuing right wing conspiracy theories. Both Federalist Faceplant Margot Cleveland and “online sleuths” goaded, in part, by Sergei Millian have picked up where Alfa Bank left off. In recent days, for example, documents obtained via a Federalist FOIA to Georgia Tech exposed the members of a cybersecurity sharing group, including a bunch at Three-Letter Agencies, which has little news value but plenty of intelligence value to America’s adversaries (these names were released even while someone — either Georgia Tech or the Federalist — chose to redact the contact information for Durham’s investigators, some of which is otherwise public).

Even while doing her part to make America less safe (raising the perennial question of who funds the Federalist), Cleveland has continued to do astounding work misrepresenting Durham’s investigation. From the same FOIA release, she published a document in which research scientist Manos Antonakakis described that chief Durham AUSA Andrew DeFilippis insinuated to him that it was abusive for DARPA to try to discover the network behind the Guccifer 2.0 persona.

Finally, I will leave you with an anecdote and a thought. During one of my interviews with the Special Counsel prosecutor, I was asked point blank by Mr. DeFilippis, “Do you believe that DARPA should be instructing you to investigate the origins of a hacker (Guccifer_2.0) that hacked a political entity (DNC)?” Let that sync for a moment, folks. Someone hacked a political party (DNC, in this case), in the middle of an election year (2016), and the lead investigator of DoJ’s special council would question whether US researchers working for DARPA should conduct investigations in this matter is “acceptable”! While I was tempted to say back to him “What if this hacker hacked GOP? Would you want me to investigate him then?”, I kept my cool and I told him that this is a question for DARPA’s director, and not for me to answer.

Assuming this is an accurate description, this is a shocking anecdote, a betrayal of US national security.

It suggests that Durham’s lead prosecutor doesn’t believe the government should throw its most innovative research at a hostile nation-state attack while that nation-state is attempting to influence an election. Sadly, though, it’s not surprising.

It is consistent with things we’ve seen from Durham’s team throughout. It’s consistent with Durham’s treatment of a loose tie between an indirect and unwitting Steele dossier source and the Hillary campaign as a bigger threat than multiple ties to Russian intelligence (or Dmitry Peskov’s office, which knew that Michael Cohen and Donald Trump were lying about the former’s secret communications with Peskov’s office). It is consistent with Durham’s more recent suggestion that the victim of such a nation-state attack must wait until after an election to report a tip that might implicate her opponent.

I almost feel like DeFilippis will eventually say Hillary should have just laid back and enjoyed being hacked in 2016.

DeFilippis, and Durham generally, have consistently treated Hillary as a far graver threat than Russia, even now, even as Russia conducts a barbaric invasion of a peaceful democracy.

But Antonakakis’ anecdote is all the more troubling because it suggests that DeFilippis seems to misunderstand what happened with the DARPA contract in question in 2016. The Enhanced Attribution RFP’s description of the hacking campaigns it was targeting — “multiple concurrent independent malicious cyber campaigns, each involving several operators” — pretty obviously aims to tackle Advanced Persistent Threats, of which APT 28 and 29 (both of which targeted the DNC) were among the most pressing in 2016. DARPA presumably didn’t ask Antonakakis to focus on Guccifer 2.0 — a persona which didn’t exist when the contract was put up for bid in April 2016, much less in the months earlier when it was originally conceived. Rather, by description, they were asking bidders to look at APTs, and looking at APT 28 would have happened to include looking at Guccifer 2.0, the DNC hack, and a number of hacks elsewhere in the US and the world.  The reason DARPA would ask Georgia Tech to look at APT 28 is because APT 28 was hacking a lot of targets in the time period, all of which provided learning sets for a researcher like Antonakakis. DeFilippis, then, seems miffed that the APT that DARPA wanted to combat happened to be one of two that targeted Hillary.

That’s a choice Russia made, not DARPA.

While I think Cleveland did serious damage with some of her releases, I’m glad she released this document because it provides a way for Michael Sussmann to make DeFilippis’ troubling views on national security a central issue at trial, something that normally is difficult to do.

It also provided Cleveland another opportunity to faceplant in spectacular trademark Federalist fashion. Cleveland used this document to rile up the frothers by suggesting this is proof that Durham is investigating the DNC attribution.

Exclusive: Special Counsel’s Office Is Investigating The 2016 DNC Server Hack

The U.S. Department of Defense tasked the same Georgia Tech researcher embroiled in the Alfa Bank hoax with investigating the “origins” of the Democratic National Committee hacker, according to an email first obtained by The Federalist on Wednesday. That email also indicates the special counsel’s office is investigating the investigation into the DNC hack and that prosecutors harbor concerns about the DOD’s decision to involve the Georgia Tech researcher in its probe.

[snip]

The public storyline until now had been that CrowdStrike, the cybersecurity firm Sussmann hired in April 2016, had concluded Russians had hacked the DNC server, and that the FBI, which never examined the server, concurred in that conclusion. Intelligence agencies and former Special Counsel Robert Mueller likewise concluded that Russian agents were behind the DNC hack, but with little public details provided.

It now appears that DARPA had some role in that assessment, or rather Antonakakis did on behalf of DARPA, which leads to a whole host of other questions, including whether DARPA had access to the DNC server and data and, if so, from whom did the DOD’s research arm get that access? Was it Sussmann?

There’s no reason to believe this and every reason to believe that — as I said — DeFilippis is pissed that DARPA prioritized their research on a target that was badly affecting national security (and not just in US, but also in allied countries) in 2016, one that happened to attempt to help Trump get elected.

But look how many errors Faceplant’s Cleveland made in the process:

Cleveland repeats the Single Server Fallacy, imagining that the DNC, DCCC, and Hillary had just one server between them to be hacked and all the servers that got hacked were in the possession of one of those victims. That’s, of course, ridiculous. The server that GRU hacked to get John Podesta’s emails belonged to Google. The server that GRU hacked to get Hillary’s analytics belonged to AWS. There was a staging server in AZ; I have been told that the FBI seized at least one US-based server that did not belong to the DNC (that server is why the frothy right’s focus on what Shawn Henry testified to HPSCI is so painfully ignorant — because it ignores that the FBI had access to servers that Henry did not that did show exfiltration).

Cleveland apparently doesn’t know that FBI knew who was hacking the DNC when they warned them starting in September 2015 they were being hacked. The FBI’s awareness of that not only explains why APT 29 and 28 would have been included in DARPA’s targets for EA, but proves that the government was tracking these hacking groups above and beyond the attack on Hillary. This was never just a reaction to the election year hack.

Cleveland claims Mueller’s attribution of the DNC hack to the GRU provided “little public details,” when in fact the Mueller Report showed 29 sources other than CrowdStrike, including:

  • Gmail
  • Linked-In
  • Microsoft
  • Facebook
  • Twitter
  • WordPress
  • ActBlue
  • AWS
  • AOL
  • Smartech Corporation
  • URL shortening service
  • Bitcoin exchanges
  • VPN services

According to Mueller’s report, all these sources also corroborated the GRU attribution. And Mueller’s list doesn’t include a number of other known entities that corroborated the attribution, including NSA and Dutch intelligence, which couldn’t be named in a public DOJ document. Mueller’s list doesn’t include Georgia Tech either, but it wouldn’t need to, because there was so much other evidence.

The Mueller Report described obtaining almost 500 warrants, but the released list — from which FBI’s Cyber Division successfully withheld those pertaining to the GRU investigation — only includes around 370-400 warrants (based on an 156 pages of warrants with roughly three per page), suggesting there may be 100 warrants tied to the GRU attribution alone.

By the time Antonakakis started looking at the DNC hack as part of EA, multiple entities, including several Infosec contractors, non-US intelligence services, and non-governmental entities like tech giants (including at least three of the ones on Mueller’s list), had plenty of evidence that the Guccifer 2.0 campaign was run by the APT 28. Including Guccifer 2.0 as part of the research set would simply be part of the existing targeting of a dangerous APT.

But apparently neither DeFilippis nor Cleveland understand that 2016 was part of an ongoing identified threat to US national security.

One thing Putin did in 2016 was to use disinformation to train the frothy right to favor Russia more than fellow Americans from the opposing party. Even as Russia attacks Ukraine, that still seems to be true.

John Durham Says Election-Hack Victims Should Wait Until After the Election to Report Tips

/46 Comments/in , , , /by

Even as Russia assaults a peaceful democracy (which invasion, in a separate filing, Durham calls, “recent world events in Ukraine”), John Durham suggests that a political campaign victimized by Russia should expect to wait until after the election before the FBI opens an investigation into a cybersecurity anomaly potentially implicating her opponent.

Durham even asserts that such a cybersecurity anomaly is not a cybersecurity matter, but instead a political one.

Almost six years after Trump’s request, “Russia are you listening,” was met with a renewed Russian attack on Hillary Clinton, John Durham continues to treat Hillary’s attempts to run a campaign while being attacked as a greater threat than that nation-state attack by Russia.

Durham’s latest contortions come in a response to Micheal Sussmann’s motion to dismiss the indictment.

Sussmann argued that the alleged lie he told (motions to dismiss must accept the alleged facts as true), could not have affected the single decision facing the FBI when he shared information about a DNS anomaly: whether to open an investigation or not.

Following the Supreme Court’s clear instruction in Gaudin, in order to assess the materiality of the false statement that Mr. Sussmann is alleged to have made, this Court must ask what statement he is alleged to have made to the FBI; what decision the FBI was trying to make; and whether the false statement could have influenced that decision. Here, even accepting all the allegations in the Indictment as true—and the evidence would prove otherwise—the only decision the FBI was trying to make was the decision whether or not to commence an investigation into the allegations of suspicious internet data involving the Trump Organization and Russian Bank-1. Ample precedent—and the Special Counsel’s own allegations in this case—make clear that Mr. Sussmann’s purported false statement did not influence, and was not capable of influencing, that decision.

Predictably and reasonably, Durham’s response cited the precedent that leaves it up to juries to determine whether something is material or not.

In any event, the defendant’s arguments on the materiality of his statement are also premature. The Supreme Court in Gaudin held that materiality is an essential element of Section 1001 that must be resolved by a jury.

As I noted back in October, “Prosecutors will argue that materiality is a matter for the jury to decide.”

Prosecutors also noted what I did: a long list of precedents about materiality that Sussmann cited in his motion are all post-trial challenges to materiality, not pretrial motions to dismiss.

The defendant cites to multiple cases where the Supreme Court and Circuit Courts have held that the false statements and misrepresentations at issue were immaterial as a matter of law. See Def. Mot. at 7-10. But critically, all of those cases involved post-conviction appeals or motions to vacate the conviction after the Government presented its case at trial. Accordingly, none of these cases support the defendant’s requested relief here – that is, that the court dismiss the Indictment before trial because it fails to sufficiently allege that the defendant’s false statement is material. What the cases do show is that courts have routinely declined to usurp the jury’s role in making the determination on whether a false statement is material.

For those two reasons, Sussmann’s motion to dismiss is unlikely to succeed, and should instead be viewed as an opening bid to frame his defense and establish issues for appeal.

Those two arguments are all Durham really needed to respond to Sussmann’s motion to dismiss. Instead of leaving it with responsible lawyering, however, Durham instead launches into an illogical attempt to criminalize tip reporting.

Take his attempt to dismiss Rodney Joffe’s real cybersecurity expertise. In the three months since he charged Sussmann, Durham belatedly (at Sussmann’s request) discovered how closely Joffe had worked with the FBI on other investigations. As Sussmann scoffed in an earlier filing, “The notion that the FBI would have been more skeptical of the information had it known of Tech Executive-1’s involvement is, in a word, preposterous.” Now that Durham has discovered the close ties between Joffe and the FBI, he claimed that that history of reliability was itself something the FBI needed to know.

Namely, as the defendant’s motion reveals (Def. Mot. at 18-19, fn. 8), Tech Executive-1 had a history of providing assistance to the FBI on cyber security matters, but decided in this instance to provide politically-charged allegations anonymously through the defendant and a law firm that was then-counsel to the Clinton Campaign. Given Tech Executive-1’s history of assistance to law enforcement, it would be material for the FBI to learn of the defendant’s lawyer-client relationship with Tech Executive-1 so that they could evaluate Tech Executive-1’s motivations. As an initial step, the FBI might have sought to interview Tech Executive-1. And that, in turn, might have revealed further information about Tech Executive-1’s coordination with individuals tied to the Clinton Campaign, his access to vast amounts of sensitive and/or proprietary internet data, and his tasking of cyber researchers working on a pending federal cybersecurity contract.

Durham’s claim that “learning” how much data Joffe had access to (which is something the FBI undoubtedly knew — it is surely the reason why FBI partnered with him, because the volume of data Neustar had made their observations more useful) would make them more skeptical of the DNS tip is nonsensical. In fact, elsewhere (in tracking all the YotaPhone requests in the US over a three year period), Durham treated it as presumptively reliable.

Plus, Durham made no mention here of one of a number of the other things he belatedly learned: that the September 2016 tip Sussmann shared with FBI General Counsel James Baker was not the only one Joffe had shared via Sussmann anonymously. He shared a tip anonymously during this same time period with DOJ IG. Durham has no way of knowing, either, whether those two were the only ones, but his revised theory of materiality depends on an anonymous tip like this one being unique.

Similarly, Durham struggled to explain (including by citing an inapt precedent) why the FBI would need to be told that Sussmann represented Hillary when, in notes of Baker’s retelling of the meeting, Bill Priestap wrote that Sussmann represented the DNC and Clinton Foundation.

As he did with Joffe, Durham tried to flip Sussmann’s expertise, arguing that the former prosecutor’s recognized qualification as a cybersecurity expert, something that would help him assess whether DNS data were anomalous or not, is precisely why the Perkins Coie lawyer needed to disclose he was working for Hillary.

In an effort to downplay the materiality of this false statement, the defendant asserts that the FBI General Counsel was aware that the defendant represented the DNC. See Def. Mot at 18. But the Government expects that evidence at trial will establish that the FBI General Counsel was aware that the defendant represented the DNC on cybersecurity matters arising from the Russian government’s hack of its emails, not that he provided political advice or was participating in the Clinton Campaign’s opposition research efforts. Indeed, the defendant held himself out to the public as an experienced national security and cybersecurity lawyer, not an election lawyer or political consultant. Accordingly, when the defendant disclaimed any client relationships at his meeting with the FBI General Counsel, this served to lull the General Counsel into the mistaken, yet highly material belief that the defendant lacked political motivations for his work.

There are many crazy assumptions built into this statement: that, had Sussmann identified Hillary as his client, it would have required him to reveal her motives as political rather than security-related to the FBI, breaching privilege; that reporting an anomaly potentially involving Trump after Trump had begged Russia to further hack Hillary would not be a sound decision from a cybersecurity standpoint; that researching the context of an anomaly, such as Alfa Bank’s ties to Putin, is not part of cybersecurity. Effectively, Durham has unilaterally decided that pursuing this anomaly was a political act, with no basis in law or fact.

Which is how Durham espoused the claim that the FBI, facing an unprecedented attack by Russia on American elections in 2016, might have delayed investigation of a part of it that might have implicated one of the contestants.

The defendant’s false statement to the FBI General Counsel was plainly material because it misled the General Counsel about, among other things, the critical fact that the defendant was disseminating highly explosive allegations about a then-Presidential candidate on behalf of two specific clients, one of which was the opposing Presidential campaign. The defendant’s efforts to mislead the FBI in this manner during the height of a Presidential election season plainly could have influenced the FBI’s decision-making in any number of ways. The defendant’s core argument to the contrary rests on the flawed premise that the FBI’s only relevant decision was binary in nature, i.e., whether or not to initiate an investigation. But defendant’s assertion in this regard conveniently ignores the factual and practical realities of how the FBI initiates and conducts investigations. For example, the Government expects that evidence at trial will prove that the FBI could have taken any number of steps prior to opening what it terms a “full investigation,” including, but not limited to, conducting an “assessment,” opening a “preliminary investigation,” delaying a decision until after the election, or declining to investigate the matter altogether.

[snip]

Moreover, the Department of Justice and the FBI maintain stringent guidelines on dealing with matters that bear on U.S. elections. Given the temporal proximity to the 2016 U.S. presidential election, the FBI also might have taken any number of different steps in initiating, delaying, or declining the initiation of this matter had it known at the time that the defendant was providing information on behalf of the Clinton Campaign and a technology executive at a private company.

[snip]

And the evidence will show that it would have been all the more material here because the defendant was providing this information on behalf of the Clinton Campaign less than two months prior to a hotly contested U.S. presidential election. [my emphasis]

The first paragraph here is really telling, given Durham’s public complaint that the Crossfire Hurricane team should have opened the investigation as a preliminary investigation, not a full investigation (the investigation into Mike Flynn, specifically, wasn’t opened as a full investigation, but none of the techniques used would have otherwise been unavailable, not least because there was already a full investigation opened on Carter Page). This is an argument Durham may reprise in his report: That it was unreasonable for Hillary Clinton to ask the FBI to inquire into Trump’s campaign after he publicly asked a foreign country for help (even ignoring the tip from Australia).

Durham seems to think Hillary should have had no assistance from law enforcement when her opponent publicly asked Russia to hack her some more if people close to her found more reason to be concerned. He even mocked Sussmann as too powerful to choose to use anonymity.

[W]hile the defendant’s motion seeks to equate the defendant with a “jilted ex-wife [who] would think twice about reporting her ex-husband’s extensive gun-smuggling operation,” this comparison is absurd. Def. Mot. at 24

Far from finding himself in the vulnerable position of an ordinary person whose speech is likely to be chilled, the defendant – a sophisticated and well-connected lawyer – chose to bring politically-charged allegations to the FBI’s chief legal officer at the height of an election season.”

This also betrays pure insanity. The anomaly involving Trump could always have reflected disloyal insiders compromising the candidate, as could the YotaPhones potentially in use in Trump headquarters. In fact, Page did compromise Trump when he went to Russia in December 2016 and tell Russians there that he was representing Trump on matters pertaining to Ukraine, just as Mike Flynn did by selling his access to Trump to Turkey, just as Tom Barrack is accused of doing with the Emirates. The reason why Sussmann was providing this information less than two months before an election is because cybersecurity researchers had gone looking because there was an ongoing multi-faceted cybersecurity attack, one that continued right through the election, one that could have victimized Trump as well as Hillary.

Which brings me to the one point Sussmann made that Durham completely ignored. In his response, Durham’s response uses the word “purported” to describe the DNS allegations from Sussmann five times:

  1. The defendant provided the FBI General Counsel with purported data and “white papers” that allegedly demonstrated a covert communications channel between the Trump Organization and a Russia-based bank
  2. the purported data and white papers
  3. the purported DNS traffic that Tech Executive-1 and others had assembled
  4. the defendant provided data which he claimed reflected purportedly suspicious DNS lookups by these entities of internet protocol (“IP”) addresses affiliated with a Russian mobile phone provider (“Russian Phone Provider-1”)
  5. examine the origins of the purported data

What Durham did not do is ever address this point from Sussmann:

Indeed, the defense is aware of no case in which an individual has provided a tip to the government and has been charged with making any false statement other than providing a false tip. But that is exactly what has happened here.

In the fall of 2016, Michael Sussmann, a prominent national security lawyer, voluntarily met with the Federal Bureau of Investigation (“FBI”) to pass along information that raised national security concerns. He met with the FBI, in other words, to provide a tip. There is no allegation in the Indictment that the tip he provided was false. And there is no allegation that he believed that the tip he provided was false. Rather, Mr. Sussmann has been charged with making a false statement about an entirely ancillary matter—about who his client may have been when he met with the FBI—which is a fact that even the Special Counsel’s own Indictment fails to allege had any effect on the FBI’s decision to open an investigation.

[snip]

Again, nowhere in the Indictment is there an allegation that the information Mr. Sussmann provided was false. Nowhere is there an allegation that Mr. Sussmann knew—or should have known—that the information was false. And nowhere is there an allegation that the FBI would not have opened an investigation absent Mr. Sussmann’s purported false statement.

I could fund an entire Special Counsel investigation if I had $5 for every time in this prosecution Durham has used the word “purported.” For almost six months, his entire prosecution has been premised on this anomaly not being “real,” meaning unexplained traffic that might represent something serious.

And yet he has not charged that (though he seems to have bullied April Lorenzen, perhaps because he needs her to be something other than she was). Instead, he just keeps doing the work for which actual evidence is normally required by repeating the word “purported” over and over.

This motion to dismiss will likely fail, because juries get to decide what is material. But contrary to Durham’s claims, unless and until he can prove that Sussmann, Jofffe, and Lorenzen didn’t believe this was a real anomaly worth investigating given all the other attacks that, Sussmann especially, knew were ongoing, then he really will be prosecuting someone for reporting a valid national security concern.

John Durham Drops Claim that Rodney Joffe “Mined” EOP Data for Derogatory Information on Trump from Boilerplate

/30 Comments/in , /by

On Friday, John Durham’s team did two things. Publicly, they responded to Michael Sussmann’s motion to dismiss his indictment. I’ll deal with both those later, but the short summary is that Sussmann argued his alleged lie could not have been material, whereas Durham (predictably) cited precedent saying that’s a matter for the jury to decide.

Under seal, Durham’s team responded on Friday to a sealed motion to intervene in the Sussmann case and expunge references filed by Rodney Joffe’s attorneys.

Presumably, Joffe objected to the unsubstantiated and uncharged claims that Durham had made in a conflicts motion that led the former President to suggest Sussmann and Joffe should be put to death.

We may not find out about the substance of this dispute for some time. But it may already be reflected in Durham’s filings.

In his response to Sussmann, Durham obstinately repeated most of the inflammatory claims first floated in the conflicts memo that elicited the calls for death and other lies from Durham’s sources and witnesses. But there are two passages that Durham took out.

Durham removed the two passages italicized below.

The Government’s evidence at trial will also establish that among the Internet data Tech Executive-1 and his associates exploited was domain name system (“DNS”) Internet traffic pertaining to (i) a particular healthcare provider, (ii) Trump Tower, (iii) Donald Trump’s Central Park West apartment building, and (iv) the Executive Office of the President of the United States (“EOP”). (Tech Executive-1’s employer, Internet Company-1, had come to access and maintain dedicated servers for the EOP as part of a sensitive arrangement whereby it provided DNS resolution services to the EOP. Tech Executive-1 and his associates exploited this arrangement by mining the EOP’s DNS traffic and other data for the purpose of gathering derogatory information about Donald Trump.)

The Indictment further details that on February 9, 2017, the defendant provided an updated set of allegations – including the Russian Bank-1 data and additional allegations relating to Trump – to a second agency of the U.S. government (“Agency-2”). The Government’s evidence at trial will establish that these additional allegations relied, in part, on the purported DNS traffic that Tech Executive-1 and others had assembled pertaining to Trump Tower, Donald Trump’s New York City apartment building, the EOP, and the aforementioned healthcare provider. In his meeting with Agency-2, the defendant provided data which he claimed reflected purportedly suspicious DNS lookups by these entities of internet protocol (“IP”) addresses affiliated with a Russian mobile phone provider (“Russian Phone Provider-1”). The defendant further claimed that these lookups demonstrated that Trump and/or his associates were using supposedly rare, Russian-made wireless phones in the vicinity of the White House and other locations. The Special Counsel’s Office has identified no support for these allegations. Indeed, more complete DNS data that the Special Counsel’s Office obtained from a company that assisted Tech Executive-1 in assembling these allegations reflects that such DNS lookups were far from rare in the United States. For example, the more complete data that Tech Executive-1 and his associates gathered – but did not provide to Agency-2 – reflected that between approximately 2014 and 2017, there were a total of more than 3 million lookups of Russian Phone-Provider-1 IP addresses that originated with U.S.-based IP addresses. Fewer than 1,000 of these lookups originated with IP addresses affiliated with Trump Tower. In addition, the more complete data assembled by Tech Executive-1 and his associates reflected that DNS lookups involving the EOP and Russian Phone Provider-1 began at least as early 2014 (i.e., during the Obama administration and years before Trump took office) – another fact which the allegations omitted. 

The second of these passages was an innumerate claim that falsely suggested Russian YotaPhones were common in the United States because between 2014 and 2017, there had been three million such look-ups. As William Ockham explained, these three million look-ups aren’t much more than his own family’s DNS requests during the same four (or even three) year period.

Contra Durham, 3 million DNS requests for a related IP addresses over a four-year period means these requests are very rare.

For comparison purposes, my best estimate is that my family (7 users, 14 devices) generated roughly 2.9 million DNS requests just from checking our email during the same time frame. That’s not even counting DNS requests for normal web browsing.

This seeming concession that Durham was wrong makes the other removal especially interesting, particularly given Joffe’s motion to intervene.

Durham also removed a passage claiming that Joffe “exploited” his access to data from the White House “for the purpose of gathering derogatory information about Donald Trump.”

Remember, the data in question all preceded January 20, 2017. Even assuming “exploit” and “mine” are the appropriate verbs here, to suggest accessing data from before Trump became President was an effort to obtain derogatory information on him makes no sense. And the inclusion of Spectrum Health in all of this — for which people made baseless claims about the DeVoses — is further proof that Joffe wasn’t looking for derogatory information. He was looking for anomalies, and those anomalies ended up implicating Trump-related servers. Plus, even if Joffe were accessing just Trump-related data, finding some unexplained Russian traffic would normally be seen as a risk to Trump, not a political attack on him.

Durham claims he didn’t say anything in the conflicts memo that needed to be struck. That issue (and the claimed conflict) will be reviewed at a hearing on Monday. But in the meantime, Durham already dropped two claims.

John Durham and Newly-Sanctioned Alfa Bank’s Filings: “Almost like they were written by the same people”

/71 Comments/in , , /by

In a DC hearing on February 9 regarding Alfa Bank’s attempt to obtain documents from Michael Sussmann before his trial, DC Superior Judge Shana Frost Matini observed that the Alfa Bank allegations and the John Durham indictment seemed like they could be written by the same people.

[R]ight now, given the — if the closeness of Alpha’s allegations, I mean, quite frankly, it’s — reading Alpha’s submissions and what the — and that compared to the indictment, there’s — it’s almost like they were written by the same people in some way. [Alpha misspelling original]

Judge Matini, a Trump appointee, scolded Alfa — which over this past weekend was included in sanctions against Russian banks in retaliation for the invasion — for claiming that their lawsuit and Durham’s indictment of Sussmann were not closely related after having raised the indictment in the first place.

As to the claims that the criminal and civil proceedings are not closely related, this is a surprising representation for Alpha to make, given that Alpha was the one to bring the criminal charges to the Court’s attention by filing what was styled as a notice of supplemental authority in support of its Motion to Compel.

Of course, there is no Supplemental Authority here. A criminal indictment is not an opinion of the Court. It’s just a charge that the prosecuting authority is bringing against an individual with facts that are alleged to support the charge.

In dual lawsuits in FL and PA, Alfa Bank purports to be trying to figure out who allegedly faked DNS records to make it look like Alfa was in contact with Trump back in 2016 so it can sue those people. Rather than finding anyone to sue, however, it has instead spent its time subpoenaing experts to learn as much as it can about how the US tracks DNS records to prevent cyberattacks by — among other hostile countries — Russia.

Matini ruled that Alfa’s effort to get more information from Sussmann will have to wait until June, after his trial. (It’s unclear whether the sanctioned bank will still have legal means to pay Skadden lawyers to pursue this lawsuit at that point.)

But since then, the timelines of the Alfa Bank and Durham investigations have closely paralleled.

Of particular interest, on the morning of February 11, Rodney Joffe — referred to as Tech Executive-1 in the Durham filings — sat for an almost 5-hour deposition with Alfa Bank’s lawyers. He revealed that Durham had first approached him for an interview at least a year earlier. He revealed he had been asked to testify before the grand jury, but he “declined to interview,” presumably meaning he told Durham he’d invoke the Fifth (just as Don Jr and probably his daddy are understood to have done with Mueller).

Joffe’s refusal to voluntarily feed this witch hunt continued in his Alfa deposition. Citing the ongoing Durham investigation, he invoked the Fifth Amendment a slew of times (though not as many times as your average Trump man in a financial fraud deposition or even Alex Jones in an interview about an insurrection). Those questions to which he invoked his Fifth Amendment rights and those he answered mapped out an interesting territory, marking who he does know and those Alfa thought he did but that he does not.

For example, he said he had never heard of Alfa Bank before investigating the anomaly related to it. He said he had never met Jean Camp or several of the other researchers that frothers are certain he conspired with. Joffe twice said he had never met Christopher Steele and also said he “had no idea” that Sussmann met with Steele about the server allegations. He denied knowing what the contract between Georgia Tech and DARPA looked like.

Alfa made a number of mistakes — confusing a domain name with a business. Claiming he authored a paper that David Dagon had. Asking him about several emails he hadn’t been sent.

There were several claims Alfa made that Joffe’s lawyer, Steven Tyrrell, established a record were unproven assumptions on Alfa’s part, such as that Joffe got one of the white papers described in the indictment. Importantly, that includes a question about the EOP server.

Q: I was just going to ask Mr. Joffe whether or not he knows who the executive branch office of the U.S. government is?

A: I have to invoke my Fifth Amendment rights.

Mr. Tyrrell: And Margaret, if I may, just — I apologize. Just for the record, I want to be clear that — that in invoking his rights and my allowing my client to invoke his rights, that should not be interpreted as an admission that the — I mean, you’ll argue whatever it is, if you do, that the allegations, which are just allegations in the indictment, are accurate.

In addition to those curious objections, there were several things alleged in the indictment that Joffe outright denied. In several questions, Joffe challenged the meaning of an email Durham has used to suggest he anticipated, and wanted, a top cybersecurity job within a hypothetical Hillary Administration. After objecting to the form of the way the Alfa Bank’s Skadden lawyer tried to corner Joffe into answering the question, Tyrrell answered,

You know, again, our position on this is Mr. Joffe is happy to answer the question that was posed about whether he was ever offered the top cybersecurity job by the Democrats when it looked like they’d win. I think he’s answered that question.

He’s not going to answer questions about communications that he may or may not have had with other people about the topic. And as to those, he would invoke his rights under the Fifth Amendment.

Joffe answered no to three questions about whether the Clinton campaign paid him for his work on the server allegations, a false claim that Kash Patel spread.  Joffe also distinguished his concern about Donald Trump from a political desire to see him lose.

I’ve never been interested in politics. I’ve never been involved in politics. I haven’t voted for many, many years. I haven’t donated to any parties or any — or given any kind of benefit to any parties, but I certainly over the last few years have had an interest in the politics of the country that I live in.

That explanation premised two invocations of his Fifth Amendment in response to questions about Trump specifically.

In other words, Joffe’s Alfa Bank deposition on February 11 undermined several of the premises of the Durham investigation, while it identified several areas where his lawyer suggested Alfa’s assumptions were wrong (in the hearing on Laura Seago’s deposition, there was a central Alfa Bank assumption I know to be badly wrong).

Joffe’s deposition ended at 2:07PM ET on February 11.

Nine hours later, at 11:32PM, Durham submitted the belated conflicts motion — which would have been filed in September if Durham really had concerns about any conflict — and floated a number of claims about Joffe, claims that went beyond those in the indictment. Joffe is mentioned twenty times, including the following:

The defendant’s billing records reflect that the defendant repeatedly billed the Clinton Campaign for his work on the Russian Bank-1 allegations. In compiling and disseminating these allegations, the defendant and Tech Executive-1 also had met and communicated with another law partner at Law Firm-1 who was then serving as General Counsel to the Clinton Campaign (“Campaign Lawyer-1”).

The Indictment also alleges that, beginning in approximately July 2016, Tech Executive-1 had worked with the defendant, a U.S. investigative firm retained by Law Firm-1 on behalf of the Clinton Campaign, numerous cyber researchers, and employees at multiple Internet companies to assemble the purported data and white papers. In connection with these efforts, Tech Executive-1 exploited his access to non-public and/or proprietary Internet data. Tech Executive-1 also enlisted the assistance of researchers at a U.S.-based university who were receiving and analyzing large amounts of Internet data in connection with a pending federal government cybersecurity research contract. Tech Executive-1 tasked these researchers to mine Internet data to establish “an inference” and “narrative” tying then-candidate Trump to Russia. In doing so, Tech Executive-1 indicated that he was seeking to please certain “VIPs,” referring to individuals at Law Firm-1 and the Clinton Campaign.

The Government’s evidence at trial will also establish that among the Internet data Tech Executive-1 and his associates exploited was domain name system (“DNS”) Internet traffic pertaining to (i) a particular healthcare provider, (ii) Trump Tower, (iii) Donald Trump’s Central Park West apartment building, and (iv) the Executive Office of the President of the United States (“EOP”). (Tech Executive-1’s employer, Internet Company-1, had come to access and maintain dedicated servers for the EOP as part of a sensitive arrangement whereby it provided DNS resolution services to the EOP. Tech Executive-1 and his associates exploited this arrangement by mining the EOP’s DNS traffic and other data for the purpose of gathering derogatory information about Donald Trump.)

The Indictment further details that on February 9, 2017, the defendant provided an updated set of allegations – including the Russian Bank-1 data and additional allegations relating to Trump – to a second agency of the U.S. government (“Agency-2”). The Government’s evidence at trial will establish that these additional allegations relied, in part, on the purported DNS traffic that Tech Executive-1 and others had assembled pertaining to Trump Tower, Donald Trump’s New York City apartment building, the EOP, and the aforementioned healthcare provider. In his meeting with Agency-2, the defendant provided data which he claimed reflected purportedly suspicious DNS lookups by these entities of internet protocol (“IP”) addresses affiliated with a Russian mobile phone provider (“Russian Phone Provider-1”). The defendant further claimed that these lookups demonstrated that Trump and/or his associates were using supposedly rare, Russian-made wireless phones in the vicinity of the White House and other locations. The Special Counsel’s Office has identified no support for these allegations. Indeed, more complete DNS data that the Special Counsel’s Office obtained from a company that assisted Tech Executive-1 in assembling these allegations reflects that such DNS lookups were far from rare in the United States. For example, the more complete data that Tech Executive-1 and his associates gathered – but did not provide to Agency-2 – reflected that between approximately 2014 and 2017, there were a total of more than 3 million lookups of Russian Phone-Provider-1 IP addresses that originated with U.S.-based IP addresses. Fewer than 1,000 of these lookups originated with IP addresses affiliated with Trump Tower. In addition, the more complete data assembled by Tech Executive-1 and his associates reflected that DNS lookups involving the EOP and Russian Phone Provider-1 began at least as early 2014 (i.e., during the Obama administration and years before Trump took office) – another fact which the allegations omitted.

As I noted, less than a day after Durham filed that motion, the former President suggested that Joffe had been spying and should be killed. In response to the furor, Joffe’s spox later issued a statement clarifying what went on — precisely the information he had tried to plead the Fifth over.

In a statement, a spokesperson for Mr. Joffe said that “contrary to the allegations in this recent filing,” he was apolitical, did not work for any political party, and had lawful access under a contract to work with others to analyze DNS data — including from the White House — for the purpose of hunting for security breaches or threats.

After Russians hacked networks for the White House and Democrats in 2015 and 2016, it went on, the cybersecurity researchers were “deeply concerned” to find data suggesting Russian-made YotaPhones were in proximity to the Trump campaign and the White House, so “prepared a report of their findings, which was subsequently shared with the C.I.A.”

And some of the other researchers had to provide more details to push back on the frenzy (including that the data from EOP preceded Trump’s inauguration). Few outlets, though, have presented the basic innumeracy in Durham’s filing about the rarity of YotaPhones as anything but a contested issue.

And after Durham incited claims that Joffe should be killed, one week later Alfa Bank then affirmed the tie between Joffe and Tech Executive 1 by posting his deposition in their motion to get another four months to conduct their fishing expedition. That has had the effect of further inflaming the frothy right, and providing Durham sworn testimony from Joffe that he was otherwise not entitled to (including several warnings about how his case against Sussmann may be vulnerable).

In the wake of the release of the Florida filing, Joffe’s lawyers intervened in the Sussmann case and then filed a separate sealed motion to strike the (misleading) references to Joffe in the filing.

A Trump appointed judge in DC believes these efforts look like they’re being written by the same people. Whether Durham’s sources and a sanctioned Russian Bank’s sources are “colluding,” these parallel developments had the effect of depriving Joffe of his ability to fully invoke the Fifth Amendment. And with the help of a sanctioned Russian bank, it gave Durham a substantial benefit in a criminal investigation.

Timeline

January 25: Durham asks to extend discovery deadline

January 28: Durham admits that Durham was informed about the James Baker phone he claimed to forget knowing about

February 9: Michael Sussmann succeeds in staying Alfa Bank’s effort to get documents from him

February 10: Fusion GPS’ Laura Seago attempts to quash a subpoena

February 11, 9:30AM: Rodney Joffe deposition

February 11, 11:32PM: Durham files a motion purporting to be a conflicts motion that misrepresents the evidence

February 14: Sussmann asks to strike unsupported allegations in conflicts motion

February 14: Peter Fritsch deposition

February 17: Sussmann moves to dismiss the case, arguing his alleged lie would not be material

February 17: Durham claims that the close associates of the investigation that lied about what the conflicts motion said have nothing to do with the Durham team

February 18: Alfa Bank requests another extension to keep looking for John Does in FL

February 24: Rodney Joffe’s lawyers file notices of appearance in the Sussmann docket

February 25: Judge Christopher Cooper schedules a hearing on the conflicts motion for March 7

February 28: Joffe files a sealed motion to expunge the references to Tech Executive-1

March 1: Judge Cooper sets a Friday deadline for the government to respond to Joffe’s motion

March 7: Hearing scheduled to address conflicts memo

John Durham Accuses One of His Key Fact Witnesses — Sergei Millian’s Twitter Account — of “Misinterpret[ing] Facts”

/68 Comments/in , , /by

As I documented the other day, John Durham responded to the uproar over his conflicts filing stunt by claiming to have had nothing at all to do with the “third parties” who “overstated, understated, or otherwise misinterpreted facts contained in the Government’s Motion.”

If third parties or members of the media have overstated, understated, or otherwise misinterpreted facts contained in the Government’s Motion, that does not in any way undermine the valid reasons for the Government’s inclusion of this information.

The claim that the uproar was created by “third parties” is so obviously false it raises conflict problems for Durham himself.

Durham falsely claims those pushing lies are “third parties” to his investigation

As I laid out, one of the key perpetrators of the false claims — including the false claims (1) that Hillary paid Rodney Joffe, (2) that Joffe had “infiltrated” the White House, and (3) Joffe had done so when Trump was President — was Kash Patel, the originator of this entire line of inquiry in December 2017, and someone who for years had means to learn that those claims were false.

John Ratcliffe, whom Durham was meeting rather than interviewing Hillary staffers who could substantiate or debunk his accusations that Michael Sussmann was coordinating with the campaign, made these unsubstantiated claims in a TV appearance earlier this week:

  • There was a “Hillary Clinton campaign plan to falsely accuse Donald Trump of collusion with Russia”
  • Rodney Joffe used DNS data “for an unlawful purpose”
  • Sussmann “pitched” information “to the FBI as evidence of Trump-Russia connections that simply weren’t true and that the lawyer, Michael Sussmann, and the tech executive knew not to be true”

Donald Trump, who personally nominated John Durham as US Attorney and whose demands for criminal investigations led to Durham’s appointment as Special Counsel, asserted that his “presidency [was] spied on by operatives paid by the Hillary Clinton campaign in an effort to develop a completely fabricated connection to Russia.”

These are not “third parties.” These are:

  • The originator of the allegations against Sussmann
  • A self-described repeat Durham witness
  • The man who nominated Durham to be US Attorney and, ultimately, was his boss for almost 3 years

But there’s actually another key player in the effort to magnify Durham’s conflicts filing stunt who is even more central to Durham’s work: One of his most important “witnesses,” Sergei Millian’s twitter account.

The pipeline from online conspiracy theorists through former investigators to the former President

Yesterday, Glenn Kessler attempted to trace how the filing became a propaganda tool. The timeline he laid out looks like this (these times are ET):

11:33PM: Filing hits PACER.

12:43AM: Whispers of Dementia screencaps the filing, noting Durham claimed “Sussmann is likely to be in an “adversarial posture” against Perkins Coie.”

9:24AM: emptywheel notes that Durham is criminalizing lying to the FBI about traffic involving Trump Tower, which Trump himself did at the time.

9:25AM: Hans Mahncke links and screencaps the filing and claims,

Rodney Joffe and his buddies at Georgia Tech monitored Trump’s internet traffic *while* he was President of the United States.

9:39AM: Kessler’s gap

9:45AM: emptywheel RTs Mahncke and notes that this is about cybersecurity.

10:25AM: Techno Foggy tweets that,

DNC/Perkins Coie allies – Rodney Joffe, et al. – Joffe et al, “exploited a sensitive US govt arrangement” to gather intel on the “Executive Office of the President of the U.S.” They spied on Trump.

11:11AM: House Judiciary GOP [so a Jim Jordan staffer] RTs Foggy’s tweet, claiming:

We knew they spied. But it was worse than we thought.

11:44AM: Techno Foggy tweets out his Substack with the claim,

Clinton allies used sensitive data from the Office of the President to push false Trump/Russia claims to the CIA

Why did they risked jail to link Trump to Russia?

Maybe because the origin of their fraud was the “Russian hack” of the DNC.

2:27PM: John Ratcliffe responds to House Judiciary tweet with claim, “And now you’re finding out why…,” thereby seemingly endorsing the “spying” claim, and linking the Durham release with his own cooperation with Durham’s inquiry.

3:24PM: Mark Meadows RT’s Foggy’s tweet, claiming,

They didn’t just spy on Donald Trump’s campaign.

They spied on Donald Trump as sitting President of the United States.

It was all even worse than we thought.

5:51PM: Center for Renewing America tweets out Kash Patel statement making numerous false claims.

6:47PM: Trump’s spox tweets out his claims of spying.

This timeline is damning enough: It shows how these false claims went from “sleuths” who spend much of their time spinning Durham’s conspiracy theories, through Techno Foggy (a self-described lawyer who has for years interacted openly with lawyers like Sidney Powell and Billy Barr’s spox Kerri Kupec), to Jim Jordan’s staffer to Ratcliffe to Mark Meadows to Kash Patel to Trump. Every single one of these current and former officials have played a central role in these investigations; none is a “third party.”

Sergei Millian’s twitter account calls it spying

But there’s a very key step in Kessler’s timeline that is missing. At 9:39AM (the time shown here is Irish time) — which I’ve marked above in red — Sergei Millian’s twitter account tweeted, “They were spying on the White House, folks!!.”

This claim was before Techno Foggy made the spying claim. The first person to have made the “spying” claim in this timeline, then, was Sergei Millian’s twitter account.

In fact, the next day, Millian’s twitter account insinuated to have started all this in the first place — that the twitter account “had a direct line into the White House” via which it “told them who was working against them.”

Thanks for identifying this phone call, Sergei, because Igor Danchenko will now have cause to demand details of it in discovery, which will mean, on top of the other unprecedented discovery challenges Durham has taken on in prosecuting Danchenko, he’s now going to have to get Trump records from the Archives. Michael Sussmann, too, likely now has cause to demand those records.

The Millian twitter account RT of Mahncke to belatedly explain the spying claim makes it clear it is an active participant in the “Sleuths Corner” that drives many of the false claims about Durham. In fact the Millian twitter account even advertises it on the twitter account.

Durham says his key witness “misrepresented the facts”

This all amounts to Durham himself discrediting one of his witnesses, perhaps fatally.

As I have noted, when John Durham charged Igor Danchenko with four counts of lying about believing that he had spoken to Sergei Millian back in July 2016, Durham didn’t actually claim to have obtained testimony from the human being named Sergei Millian. Durham did not appear to have required that Millian show up and make statements for which he could be legally held accountable.

Instead, Durham presented an unverified twitter account to the grand jury and based on that, claimed “Chamber President-1 has claimed in public statements and on social media that he never responded to DANCHEKNO’s [sic] emails, and that he and DANCHENKO never met or communicated.”

I refer to this entity as “Sergei Millian’s twitter account” to emphasize that there is not a scrap of evidence in the public record showing that Durham did anything to confirm that Millian, the person, even operates it exclusively. While I have no reason to doubt that he does, from a legal standpoint, Durham is at least publicly relying on nothing but an unverified account, something journalists have been loathe to do for years with Millian.

And this claim attributed to an unverified twitter account is a very important piece of evidence. There’s nothing else in the public record that shows Durham affirmatively ruled out that Danchenko and Millian really did have a phone call.

When I first realized how reckless that was, I though it impossible for Durham to have been that negligent. But we’ve since learned that he accused Sussmann of coordinating with Hillary’s staffers without ever first interviewing a single full-time staffer. So perhaps it is, in fact, true that Durham charged a man based off the unsubstantiated claims of a twitter account.

Danchenko appears to have obtained a pre-trial subpoena on February 8; I have wondered whether it was for the Millian twitter account. If so, the subpoena might well obtain the traffic of what has happened in recent days.

As it stands, though, Durham makes no claim to have anything else.

Just that twitter account.

And that twitter account is part of a pipeline that took Durham’s filing and made egregiously false claims about it. Durham is now on the record claiming that that twitter account “misinterpreted the facts.” But Danchenko will have good reason — and abundant proof, given the details of last week’s little propaganda explosion — to argue that Sergei Millian’s twitter account is willing to make false claims to create a scandal around the Durham investigation.

That shreds the credibility of the only claimed “witness” that the call never happened.

Durham Says It’s Not His Fault His Former Boss Called for the Death of His Defendant

/83 Comments/in , /by

John Durham didn’t have much to say after being called out for making baseless accusations that their source Kash Patel lied about, leading the former President to suggest Michael Sussmann should be killed.

They’re not responsible for the death threats, the attorney who filed a notice of appearance in the wake of Friday’s stunt, Brittain Shaw, insists.

If third parties or members of the media have overstated, understated, or otherwise misinterpreted facts contained in the Government’s Motion, that does not in any way undermine the valid reasons for the Government’s inclusion of this information.

She said this even while acknowledging it might be prudent to take measures against death threats in the future.

That said, to the extent the Government’s future filings contain information that legitimately gives rise to privacy issues or other concerns that might overcome the presumption of public access to judicial documents – such as the disclosure of witness identities, the safety of individuals, or ongoing law enforcement or national security concerns – the Government will make such filings under seal. United States v. Hubbard, 650 F. 2d 293, 317-323 (D.C. Cir. 1980) (setting forth factors for considering whether the presumption of public access is overridden, including (1) the need for public access to the documents at issue; (2) the extent of previous public access to the documents; (3) the fact that someone has objected to disclosure, and the identity of that person; (4) the strength of any property and privacy interests asserted; (5) the possibility of prejudice to those opposing disclosure; and (6) the purposes for which the documents were introduced during the judicial proceedings.) The Government respectfully submits that no such issues or concerns are implicated here. [my emphasis]

The former President implied the defendant and a witness should be killed. But it’s not Durham’s fault and so he doesn’t have to deal with the fact that it happened!!

This is factually specious. Kash Patel, who was among the first to make egregiously false claims, is not a “third party.” He is the originator of this inquiry, and he knew well his statements to be false. Donald Trump, who suggested Sussmann and others should be killed, is not a “third party.” He was Durham’s boss and his demands for prosecutions are what led to Durham being appointed Special Counsel in the first place.

Plus, Durham’s team have already made the identities of some grand jury witnesses public in discovery filings.

The claim that the architects of this mob are neutral “third parties” is all the more pathetic given the excuse Shaw provides for including the false insinuation that Rodney Joffe spied on Trump’s White House rather than tried to keep the White House safe from hackers at the time it happened to be occupied by Barack Obama.

The reason they mentioned the White House, you see (Shaw claims), is because of one of the conflicts they raised.

The Government included two paragraphs of limited additional factual detail in its Motion for valid and straightforward reasons. First, those paragraphs reflect conduct that is intertwined with, and part of, events that are central to proving the defendant’s alleged criminal conduct. Second, the Government included these paragraphs to apprise the Court of the factual basis for one of the potential conflicts described in the Government’s Motion, namely, that a member of the defense team was working for the Executive Office of the President of the United States (“EOP”) during relevant events that involved the EOP. [my emphasis]

Shaw here argues that events in February 2017 are “intertwined” with an alleged crime that took place five months earlier.

She also suggests that the reason they raised the White House is because one of Sussmann’s team members worked there (Charlie Savage has now IDed the lawyer as Michael Bosworth).

I mean, so did Kash Patel, a central player in the false claims that led to the former President calling for death.

Here’s what the actual conflict memo said about that purported conflict.

Based on its review of documents in its investigation and other information, the Special Counsel’s Office also has learned that one of the members of the defendant’s current defense team (“Defense Team Member-1”) previously worked as Special Counsel to the then-FBI Director from 2013 to 2014. In connection with that work, Defense Team Member-1 developed professional and/or personal relationships with several individuals who later were involved with and/or knowledgeable of the FBI’s investigation of the Russian Bank-1 allegations. For example, Defense Team Member-1 appears to have developed a professional relationship with the former FBI General Counsel to whom the defendant made his alleged false statement and who will likely be a central witness at trial.4 While it is unlikely that these past interactions and activities will give rise to an actual conflict of interest, the Government respectfully requests in an abundance of caution that the Court inquire with the defense concerning whether Defense Team Member-1’s relationships with persons and entities who might be witnesses in this case could give rise to a potential conflict or appearance issue and, if so, whether the defendant waives any such conflict.

4 Following his employment at the FBI, Defense Team Member-1 worked from 2014 to early 2017 as an attorney in the EOP which, as noted above, was involved in certain factual issues that the Government expects will be relevant at trial and any sentencing proceedings. Latham has represented to the Government that while employed at the EOP, Defense Team Member-1 had no role in the aforementioned events or arrangements involving Tech Executive-1, Internet Company1, and/or allegations involving the purported use of Russian-made phones. The Government similarly has not seen evidence to suggest that Defense Team Member-1 had any role in, or direct knowledge of, the Russian Bank-1 allegations or the FBI’s ensuing investigation. [my emphasis]

It’s the tie to Jim Comey and through him to James Baker, not the subsequent job at the White House, that Durham’s team presented as a potential conflict — and even then, Durham’s team admits this is not likely a conflict. By this standard, several members of the prosecutorial team, not to mention the guy from whom this allegation came from, Kash Patel, have a conflict. John Durham was hired by Donald Trump; that’s a more serious conflict than anything his team spins up as one.

The White House will not be called to the stand at Sussmann’s trial. None of this is actually about the White House. As Andrew DeFilippis noted in his filing making wild claims of conflict, the White House job was not one of those conflicts. Indeed, this is yet another marker of Durham’s dishonesty. This team member, as described, was a victim of Rodney Joffe’s purportedly vicious efforts to make sure the Obama White House was not hacked. The team member only has an adversarial relationship if one believes that protecting against hacks is an adversarial stance. But that’s not how they describe the purported conflict which even they admit is not one.

Which is a pretty big hint their understanding of conflicts here is whacked beyond all reason.

Even in a terse four page motion (which I guess is one way she’s an improvement over DeFilippis), Shaw still had room for bullshit.

Having given a transparently bogus excuse for raising the White House, she then says that raising it in a conflict memo is cool because Durham plans to later raise these issues in a motion in limine (pre-trial motions about what can and cannot be presented during the trial).

In light of the above, there is no basis to strike any portion of the Government’s Motion. Indeed, the Government intends to file motions in limine in which it will further discuss these and other pertinent facts to explain why they constitute relevant and admissible evidence at trial. Pursuant to caselaw and common practice in this and other districts, the filing of documents containing reference to such evidence on the public docket is appropriate and proper, even in highprofile cases where the potential exists that such facts could garner media attention. See, e.g., United States v. Stone, 19 Cr. 18 (D.D.C. October 21, 2019) (ABJ), Minute Order (addressing the Government’s publicly-filed motion in limine seeking to admit video clip from the movie “Godfather II” that defendant sent to an associate and permitting admission of a transcript of the video); United States v. Craig, 19 Cr. 125 (D.D.C. July 10, 2019) (ABJ), Minute Order (addressing Government’s publicly-filed Rule 404(b) motion to offer evidence of defendant’s efforts to assist Paul Manafort’s relative in obtaining employment); United States v. Martoma, S1 12 Cr. 973, 2014 WL 164181 (S.D.N.Y. January 9, 2014) (denying defendant’s motion for sealing and courtroom closure relating to motions in limine concerning evidence of defendant’s expulsion from law school and forgery of law school transcript);1 see also Johnson v. Greater SE Cmty. Hosp. Corp., 951 F. 2d 1268, 1277 (D.C. Cir. 1991) (holding that there is a “strong presumption in favor of public access to judicial proceedings”). Moreover, any potential prejudice or jury taint arising from such media attention can effectively and appropriately be addressed through the voir dire process during jury selection.

1 The publicly-filed evidentiary motions and judicial rulings in each of the above-cited cases received significant media attention. See, e.g., Prosecutors Can’t Show Godfather II Clip at Roger Stone Trial, Judge Rules, CNN, October 21, 2019 (https://www.cnn.com/2019/10/21/politics/godfather-ii-roger-stone/index.html; Greg Craig Pushed to Hire Manfort’s Relative at Skadden, Prosecutors Say, POLITICO, May 10, 2019 (https://www.politico.com/story/2019/05/10/greg-craig-hire-manaforts-relative-1317600); SAC’s Martoma Tried to Cover Up Fraud at Harvard, Documents Show, REUTERS, January 9, 2014 (https://www.reuters.com/article/us-sac-martoma-harvard/sacs-martoma-tried-to-cover-up-fraudat-harvard-documents-show-idUSBREA081C720140109).

Roger Stone Roger Stone Roger Stone and Mueller, she throws in for good measure.

This is a fairly bald admission that the time to raise these issues, pretending they were relevant, would be the later 404(b) fight (over whether evidence of related conduct can be admitted at trial to help prove the case), not now, on a totally separate issue. That this might be a relevant issue later (which is itself admission that these topics are not direct evidence about Sussmann’s alleged lie and must first demonstrate relevance to even be admitted at trial) is not an excuse to use them in untimely and off-purpose fashion.

And yet that’s Durham’s excuse for saying a bunch of things that predictably led to calls for death.

According to John Durham’s logic of conflicts, he is the one with an unwaivable conflict. The guy who hired him to this job is the same guy suggesting, based off Durham’s filing, that the guy he is prosecuting should be executed.

Updated for clarity.

Update: Corrected Bosworth’s last name.

The Durham Investigation Has Lasted 50% Longer than the Mueller Investigation

/61 Comments/in , , /by

It seems like just days ago we were celebrating a big milestone in the life of the Durham investigation: the 1,000 day mark.

Time flies when you’re unethically making accusations designed to rile up the frothy base, because Durham hits another major milestone today.

Today makes day 1,011 for Durham. The Mueller investigation lasted 674 days, total. So as of today, John Durham has been investigation for 50% longer than the entire Mueller investigation he was hired to undermine.

I had to highlight the end date for Mueller because it gets lost when compared to the Durham timeline.

In 22 months, Mueller got convictions of Trump’s Coffee Boy, his National Security Advisor, his Campaign Manager and the Campaign Manager’s Deputy, Trump’s personal lawyer, as well as another American and the son-in-law of Alfa Bank Oligarch German Khan. On a referral, a second Konstantin Kilimnik partner, Sam Patten pled guilty. Mueller charged 25 Russian involved in attacks on the country, as well as Kilimnik himself in a conspiracy with Manafort (though not the conspiracy for trading campaign strategy for debt relief). With another eight months, DC’s US Attorney would win Roger Stone’s conviction. None of those things — not the George Papadopoulos guilty plea, not the guilty plea of Khan’s son-in-law Alex Van der Zwaan, and not Michael Cohen’s plea to covering up the communications he had (on Trump’s behalf) with the Kremlin — derives from either the Steele dossier or the Alfa-Bank anomalies.

In half again that time span, John Durham has won the guilty plea of Kevin Clinesmith (whose misconduct DOJ Inspector General Michael Horowitz found), charged Michael Sussmann for lying about coordinating with Hillary staffers he didn’t coordinate with, and charged Igor Danchenko for lies that Durham’s prosecutors created, at least in part, with cut-and-paste failures. All because he’s sure — and he’s going to keep going until he finds proof — that the abundant prosecutions Mueller obtained were the fruit of stuff that Durham is working hard to criminalize and not the criminal conduct that all those Trump flunkies but Stone admitted to.

With the addition of a new financial crimes prosecutor yesterday to the Michael Sussmann prosecution team, I feel like Durham is barely getting started. Why not double the length of time it Mueller took to investigate rather than avoid admitting you can’t substantiate any of your conspiracy theories?

Indict First Interview Later: Durham’s Belated Efforts to Substantiate His Claims that Michael Sussmann Coordinated with Hillary

/73 Comments/in , /by

Among the accusations John Durham made when he charged Michael Sussmann with a single false statement count in September 2021 was that Sussmann had coordinated with the Hillary Campaign.

SUSSMANN, [Rodney Joffe], and [Perkins Coie] had coordinated, and were continuing to coordinate, with representatives and agents of the Clinton Campaign with regard to the data and written materials that SUSSMANN gave to the FBI and the media.

Coordinating with a client is not a crime. Working with a client to share suspicious data with the FBI is also not a crime. Indeed, Sussmann spent a great deal of his time in 2016 doing just that after the Hillary Campaign and several other Democratic Party committees were hacked by Russia.

The allegation that Sussmann “coordinated” with a client is included as one of three materiality claims regarding Sussmann’s alleged lie. To prove Sussmann is guilty, Durham has to prove not just that Sussmann made a willfully false claim to James Baker in a meeting on September 19, 2016, but that it mattered. One way Durham claims he will do that is, first, by proving that this effort was coordinated with the Hillary campaign and then establishing that,

it was relevant to the FBI whether the conveyor of these allegations (SUSSMANN) was providing them as an ordinary citizen merely passing along information, or whether he was instead doing so as a paid advocate for clients with a political or business agenda. Had SUSSMANN truthfully disclosed that he was representing specific clients, it might have prompted the FBI General Counsel to ask SUSSMANN for the identity of such clients, which in turn might have prompted further questions.

One of the first things Sussmann did after being charged was ask — first, informally, and then, via a Motion for a Bill of Particularswith whom on the Hillary Campaign he coordinated.

Fifth and finally, the Indictment conceals the actual identity of certain individuals and entities alleged to have witnessed and otherwise been involved in the conduct giving rise to the false statement charge, including the names of the agents and representatives of the campaign on whose behalf Mr. Sussmann was allegedly working. Id. ¶ 6. The entire animating theory of the Special Counsel’s Indictment is that, in meeting with the FBI and the other government agency, Mr. Sussmann was secretly working on behalf of Hillary Clinton’s 2016 campaign for president (the “Clinton Campaign”). The Special Counsel should be required to identify with which agents and representatives of the Clinton Campaign Mr. Sussmann was allegedly working so that Mr. Sussmann can adequately prepare his defense.

Counsel for Mr. Sussmann previously asked the Special Counsel to provide the detail and particulars identified above, but the Special Counsel declined to do so. The Special Counsel should not be permitted, on the one hand, to allege that Mr. Sussmann was working on behalf of the Clinton Campaign, but on the other hand, decline to identify the specific individuals with whom he was purportedly working.

7 The Special Counsel has identified virtually all of the other anonymous individuals and entities referred to in the Indictment (except, as noted above, the Agency-2 employees).

That motion was filed on October 6. In a response filed on October 20, Durham refused to provide the names of those on the Clinton Campaign with whom Sussmann coordinated, but instead pointed to these paragraphs of the indictment, only one of which even names people from the campaign, and none of which describes Sussmann speaking directly to anyone from the campaign.

d. In or around the same time period [mid-August 2016], SUSSMANN, [Marc Elias], and personnel from [Fusion GPS] began exchanging emails with the subject line, “Connecting you all by email.”

[snip]

g. Later in or about August 2016, [Rodney Joffe] exchanged emails with personnel from [Fusion GPS].

[snip]

e. On or about September 15, 2016, [Elias] exchanged emails with the Clinton Campaign’s campaign manager, communications director, and foreign policy advisor concerning the [Alfa Bank] allegations that SUSSMANN had recently shared with [Franklin Foer]. [Elias] billed his time for this correspondence to the Clinton Campaign with the billing entry, “email correspondence with [Jake Sullivan], [name of campaign manager], [name of communications director] re: [Alfa Bank] Article.” [emphasis added by Durham]

On October 20, over a month after indicting Sussmann, Durham was still refusing to name any Clinton Campaign personnel with whom Sussmann had coordinated directly.

That’s why this detail in Sussmann’s response to Durham’s conflict motion matters so much:

[T]he Special Counsel has alleged that Mr. Sussmann met with the FBI on behalf of the Clinton Campaign, but it was not until November 2021—two months after Mr. Sussmann was indicted—that the Special Counsel bothered to interview any individual who worked full-time for that Campaign to determine if that allegation was true.

When Durham refused to answer Sussmann’s requests, in September and October,  to tell him with whom on the Clinton campaign he had been coordinating, Durham still had never interviewed a single Clinton staffer. He first did so in November.

The discovery update submitted on January 25 reveals that that single Clinton staffer remained the sole Clinton staffer Durham had interviewed to that date.

Yesterday, Durham added a securities fraud prosecutor to his team, suggesting he’s going to try to change the theory of his case (I suspect, by suggesting Sussmann’s billing practices show he was trying to hide Rodney Joffe’s role).

But as I’ll lay out, there’s tons of instances of this, where Durham demonstrably failed to do basic investigative work before charging Sussmann five years after a claimed lie.

Update: Sussmann has filed his motion to dismiss. It is entirely a challenge to the materiality of his alleged lie. Motions to dismiss rarely work. He’s got good lawyers and he’s making a solid argument. Of note, he points out that Durham has never claimed that the tip wasn’t true or that Sussmann should have known it was not.

John Durham Chose to Meet with John Ratcliffe Rather than Witnesses Necessary to His Investigation

/109 Comments/in , /by

The evidence continues to mount that John Durham has done an epically incompetent investigation. I’ll pull together all that evidence later this week.

But one that I find hilarious and shocking can’t wait.

A piece written by the Fox News propagandist who played a key role in magnifying Kash Patel’s false claims over the weekend credulously continues the Murdoch effort to jack up the frothers by claiming that — rather than letting statutes of limitation expire with no charges — Durham has instead sped up his investigation. Fox also cites a single source claiming that Durham’s investigation has been run very professionally.

Special Counsel John Durham’s investigation has “accelerated,” and more people are “cooperating” and coming before the federal grand jury than has previously been reported, a source familiar with the probe told Fox News.

The source told Fox News Monday that Durham has run his investigation “very professionally,” and, unlike Special Counsel Robert Mueller’s investigation, his activities, and witness information and cooperation status are rarely, if ever, leaked.

Fox unsurprisingly doesn’t cite the part of a recent filing that makes it clear that April Lorenzen doesn’t think it has been run professionally.

In fact, this piece demonstrates that no one who would actually know whether Durham’s investigation has been conducted professionally would talk to them:

Durham’s Feb. 11 filing says that the “FBI General Counsel” will “likely be a central witness at trial.”

Baker did not immediately respond to Fox News’ request for comment.

Durham also provided grand jury testimony from “the above-referenced former FBI Assistant Director for Counterintelligence.” It is unclear to which official Durham is referring, but the title could be a reference to Bill Priestap, who served as the FBI’s assistant director for counterintelligence from 2015 to 2018.

Priestap did not immediately respond to Fox News’ request for comment.

Durham also lists “a former FBI Deputy Assistant Director for Counterintelligence.” It is unclear to whom Durham is referring.

[snip]

Strzok, who was part of the original FBI investigation into whether the Trump campaign was colluding with Russia to influence the 2016 presidential election, and later in Special Counsel Robert Mueller’s office, was fired from the FBI in 2018 after months of scrutiny regarding anti-Trump text messages exchanged with former FBI General Counsel Lisa Page. Their anti-Trump text messages were uncovered by the Justice Department inspector general.

Fox News was unable to reach Strzok for comment.

[snip]

Elias’ law firm, Perkins Coie, is the firm that the Democratic National Committee and the Clinton campaign funded the anti-Trump dossier through. The unverified dossier was authored by ex-British Intelligence agent Christopher Steele and commissioned by opposition research firm Fusion GPS.

A spokesperson for Elias did not immediately respond to Fox News’ request for comment. [my emphasis]

But somebody who would speak with Fox News is John Ratcliffe, the former AUSA who misrepresented his record to get elected but who nevertheless got to be Director of National Intelligence for a short period because Ric Grenell was so much more unsuited to hold the position.

As DNI, Ratcliffe made false claims about Chinese intervention in the election as a way to downplay Russia’s ongoing efforts to help Trump. Ratcliffe is currently spending a lot of time denying that his politicized views (and delay of) a mandated election interference report played some role in January 6 conspiracy theories.

We now know that Ratcliffe should be happy to make those denials to the January 6 Committee directly and under oath — because he has apparently been very happy to chat with Durham’s investigators.

Meanwhile, this week, sources told Fox News that former Director of National Intelligence John Ratcliffe met with Durham on multiple occasions and told him there was evidence in intelligence to support the indictments of “multiple people” in his investigation into the origins of the Trump-Russia probe.

Ratcliffe’s meetings with Durham are significant (beyond suggesting he may be the single source who told Fox News this isn’t a shitshow investigation) because, days before Billy Barr made Durham a Special Counsel, Ratcliffe unmasked Hillary’s identity in foreign intercepts and burned collection on Russian internal intelligence analysis in order to release a report trying to insinuate that Hillary’s fairly unsurprising decision to tie Trump to Russia is what led the FBI to investigate Trump’s ties to Russia.

At issue is a report from John Ratcliffe, sent on September 29, 2020, explaining that,

In late July 2016, U.S. intelligence agencies obtained insight into Russian intelligence analysis alleging that U.S. Presidential candidate Hillary Clinton had approved a campaign plan to stir up a scandal against U.S. Presidential candidate Donald Trump by tying him to Putin and the Russians’ hacking of the Democratic National Committee. The IC does not know the accuracy of this allegation or the extent to which the Russian intelligence analysis may reflect exaggeration or fabrication.

The following week, presumably in an attempt to dredge up some kind of attack out of an absurd attack, Ratcliffe released the underlying reports that, he claimed in his original report, show the following:

According to his handwritten notes, former Central Intelligence Agency Director Brennan subsequently briefed President Obama and other senior national security officials on the intelligence, including the “alleged approval by Hillary Clinton on July 26, 2016 of a proposal from one of her foreign policy advisors to vilify Donald Trump by stirring up a scandal claiming interference by Russian security services.”

On 07 September 2016, U.S. intelligence officials forward an investigative referral to FBI Director James Comey and Deputy Assistant Director of Counterintelligence Peter Strzok regarding “U.S. Presidential candidate Hillary Clinton’s approval of a plan concerning U.S. Presidential candidate Donald Trump and Russian hackers hampering U.S. elections as a means of distracting the public from her use of a private mail server.”

By releasing the exhibits, Ratcliffe should raise real questions about his credibility. For example, I’m not at all sure this date, from Brennan’s notes, reads July 26 and not July 28, a critical difference for a ton of reasons.

The FBI report has a slew of boilerplate making it clear how sensitive this report was (for obvious reasons; effectively it shows that the CIA had some kind of visibility into Russian intelligence analysis), which makes it clear how utterly unprecedented this desperate declassification is. Former CIA lawyer Brian Greer discusses that in this Lawfare post.

Plus, Ratcliffe left out an unbelievably important part of the report: the role of Guccifer 2.0 in the Russian report. Intelligence collected in late July 2016 claimed that Hillary was going to work her alleged smear around neither the GRU (which had already been identified as the perpetrator of the DNC hack) nor WikiLeaks (which had released the DNC files, to overt celebration by the Trump campaign), but Guccifer 2.0, who looked to be a minor cut-out in late July 2016 (when this intelligence was collected), but who looked a lot more important once Roger Stone’s overt and covert communications with Guccifer 2.0 became public weeks later.

The report suggests Hillary magically predicted that days after this plot, President Trump’s rat-fucker would start a year’s long campaign running interference for Guccifer 2.0. Not only did Hillary successfully go back and trick George Papadopoulos into drunkenly bragging about Russian dangles in May 2016, then, Hillary also instantaneously tricked Stone into writing propaganda for Guccifer 2.0 days later.

The report never made any sense. As I noted at the time, to be true, it would require Hillary to have gone back in time to trick the Coffee Boy to learn of and pass on Russia’s plans. Worse still, the claim suggested that Roger Stone — whom FBI has evidence was in contact with the Guccifer 2.0 persona starting in spring 2016 — started parroting the same line the Russians were pushing, even before the FBI learned of it. In other words, read in conjunction with the actual evidence about 2016, the intelligence report on Russia actually suggested that Stone’s ties to Russian intelligence may have been far more direct than imagined.

But John Ratcliffe was too stupid to understand that, and everything we’ve seen about John Durham suggests he is too. That Durham has been repeatedly interviewing Ratcliffe suggests he buys Ratcliffe’s theory that this should have undermined the very real reason to investigate Trump. It also explains why, on the Sussmann indictment, Durham was so squishy about the July 2016 timeline: he needs this report to be more important than the fact that Trump stood up in public and asked Russia to hack some more (which is what led the researchers to look twice at this anomalous data).

Nevertheless, it appears that rather than interviewing witnesses who would be necessary to vet the charges he filed against Michael Sussmann, such as a single Hillary staffer, Durham has, instead, just kept going back to serial liars like Ratcliffe to renew his own conspiracy theories.

Ah well, this disclosure gives Michael Sussmann cause to subpoena Ratcliffe, just like this stunt has given him reason to subpoena Kash Patel. It’s increasingly clear that these addle-brained Republicans fed these conspiracies into Durham’s investigation, and now are magnifying them as Durham’s investigation gets exposed as incompetent, without disclosing that they’re the ones who provided the conspiracy theories in the first place.