Live-tweeting Sussmann-Durham trial, day one

Good morning from the E. Barrett Prettyman courthouse in Washington DC, where opening arguments are set to begin in the Sussmann-Durham case. Packed media room so will likely be plenty of people live tweeting.

One of the cybersecurity researchers who developed the Alfa Bank data and analysis and had been on the prosecutors witness list, Manos Antonakakis, has invoked Fifth Amendment so won’t testify, DeFilippis said. /2

DeFilippis wanted an FBI agent to talk about how the FBI wondered if DNS data was spoofed as part of its inquiry (reached no conclusion); judge rules it can’t get into that as part of his earlier ruling they can’t raise that spectre if no evidence Sussmann had reason to doubt. /3

After opening arguments, Marc Elias, Sussmann’s former partner at Perkins Coie and and the general counsel of the 2016 Hillary Clinton campaign, will testify today and there will likely be some discussion of Steele dossier materials. /4

Atmospheric note: Though it doesn’t look like he will talk, John Durham is at the prosecutorial table. Unfortunately can’t see him on the cc tv feed angle. (Being in media room means we can use laptops & be online, plus see faces of lawyers rather than backs of heads.) /5

Deborah Shaw, member of the Durham team, begins opening arguments. Tells the jury that Sussmann was a privileged lawyer with connections who lied about having no client in order to use the bureau as a political tool for his clients, Clinton campaign and a technology executive./6

Notable: while describing the night-before text in which Sussmann indisputably told Baker he was not coming on behalf of any client, Shaw says it was the alleged reiteration of that statement in person the next day that is the charged crime. /7

Shaw addresses “the elephant in the room” – tells jury their feelings about Russia, Trump, Clinton can’t play a role in the case. This is about “our FBI” which should not be used as a tool by anyone, Republicans or Democrats./8

Shaw says this was about a look a leak and a lie. Look – Joffe had researchers look for derogatory info about Trump and Russia in DNS data. Leak – Sussmann tried to get NYT to write about it. Lie – Sussmann brought it to FBI but lied about having no client. /9

Shaw tells jury the FBI knew Sussmann was representing Democrats they were the victim of a hack (contends if they knew he was allegedly repping campaign on Alfa Bank they might not have quickly met with him). She doesn’t tell them Russia the perpetrator of that hack. /10

Wrapping up she again calls Sussmann privileged because he could walk into FBI and get meeting with Baker. Whether Republican or Dem, whether love Trump or hate him, we should all agree that FBI should not be used for political ends, she says./11

Bosworth says Sussmann didn’t lie and wouldn’t. He worked alongside FBI, former prosecutor had a clearance. Joffe is no mere tech exec but global DNS expert, and FBI confidential informant. When Joffe brought him the info, he took it seriously./12

Bosworth says was a time when questions about Trump’s connections to Russia were swirling. The plan was to take this new weird thing public and they took it to NYT. That’s what campaign wanted, get article that hurts Trump and helps them. Campaign didn’t want FBI meeting./13

Bosworth says Sussmann wanted to give the FBI heads up so they wouldn’t be caught flat footed when article came out, and FBI shut down the article. So govt theory is nonsensical./14

Bosworth emphasizing the Russian hack of DNC Sussmann got hired for. Says Sussmann not involved in analysis of the Alfa Bank data, didn’t know about spam server, not in position to understand “gobbledygoop” of DNS data. /15

A key factual/interpretive thing comes into view: Shaw said Sussmann went to FBI bc frustrated NYT was delaying the story – to sex it up and create urgency. Bosworth says Sussmann believed story’s publication was imminent when went to FBI – to give heads up of what was coming./16

After talking about subsequent calls that week between Baker and Sussmann, Bosworth talks about Baker’s bad memory, has testified different things at different times. The March 2017 meeting notes discussing client. “That’s reasonable doubt if there ever was.” /17

Bosworth tries to poke other holes. Sussmann was the last lawyer Dems would have sent if trying to conceal since FBI knew he was a Dem/DNC/campaign lawyer. Campaign didn’t direct or want him there; Joffe gained nothing. Source didn’t matter anyway; FBI didn’t even ask./18

Bosworth wraps up. 20 minute break./19

First prosecution witness, FBI supervisory special agent David Martin, is sworn in. He is cyber crime specialist. Shaw is walking through his background and experience./20

Martin is explaining to the jury what DNS data is, laying out some basic background. I’m not going to live tweet much of this part./21

Shaw wraps up a dry Q&A with Martin on topics like DNS data and recursive servers and Tor exit nodes. Bosworth opens by getting him Martin to agree that this complicated stuff that has taken him a lot of education and training to become an expert in./22

Starting with the premise that DNS data doesn’t tell you for sure whether a computer actually communicated with another one, he gets Martin to agree that to actually find out if it happened, you’d need steps like search warrants, subpoenas — i.e. stuff FBI can do./23

Bosworth gets Martin to agree that Joffe is a respected DNS for-real expert and was an FBI confidential source, which he did. Shaw comes back to ask him if he knew Joffe was terminated as a source for cause, which he didn’t. That’s it for Martin./24

Now we will hear from FBI supervisory special agent Scott Hellman who oversees cybercrime investigations. DeFilippis is now leading the questioning, for now just laying groundwork and basics./25

Hellman took custody of the thumb drives of Alfa Bank-Trump-related DNS data Sussmann provided to Baker. Discussion of chain of custody. Baker gave to Peter Strzok, and then along to less prominent names. /26

I think Hellman said he didn’t learn where Baker had gotten the data from. He and his supervisor analyzed the data and compared their assessment to a narrative that came with it./27

Hellman explains he and his supervisor were skeptical. They looked at the data & the white paper that accompanied it & disagreed with the methodology/conclusions. Didn’t think it made sense that a secret channel would use a server with Trump’s name on it, connecting directly./28

Hellman says they thought it was “conveniently coincidental” that the supposed secret coms had started three weeks before the inquiry described in the white paper. And they thought Russia had more sophisticated means to communicate secretly if it wanted. /29

Hellman says in terms of technical analysis, he would do the same steps regardless of knowing where the data came from. But…/30

…In terms of what level of investigation to open, he would want to know who provided the data and with what motivation to figure out how much he trusts the “facts” & whether to gather more info. (He didn’t open investigation bc no hacking; Chicago FBI did – a full, he said)./31

DeFilippis wraps up. Break for lunch until 2 p.m./32

We’ve been back a bit. Before jury came in, there was discussion of Joffe being terminated as a confidential source in 2021. The reason was he should have given Alfa Bank info to his handler, not the FBI general counsel. Judge told prosecution to stay away from termination. /33

Sean Berkowitz, another lawyer for Sussmann, is cross-examining Hellman. Hellman thought it was weird Baker didn’t tell him where the data came from. (Someone above him in the chain didn’t either.) Berkowitz shows internal FBI messages showing others knew it was from Sussmann./34

When Hellman started reading the material he texted a colleague & said the more he reads it, it feels a little 5150ish. Hellman testifies that means he wondered if the person who wrote it was suffering from a mental disability./35

Berkowitz brings up Sept 21, 2016, text message to Hellman from his supervisor saying they had been asked to write up a summary of their analysis of the DNC report, suggesting contemporaneous knowledge it had a Dem source. Hellman disclaims memory of seeing that in realtime./36

Berkowitz gets Hellman to say that DeFilippis recently suggested to him that “DNC report” was maybe just a typo for “DNS report.” Hellman doesn’t think it’s likely he just missed at the time that there was knowledge it was DNC. /37

Berkowitz established that Hellman’s not a DNS expert and his look at the data/analysis was about a day. Got Hellman to say his technical steps would have been the same if knew where data came from, but Hellman says he would have noted that in his report. DeF back now. /38

DeF asked Hellman about rules for opening investigations in the DIOG. Hellman doesn’t remember the acronym. (It’s Domestic Investigations and Operations Guide.) Berkowitz is annoyed at asking Hellman about this topic since H’s team didn’t open one. (Counterintelligence did.) /39

DeF uses Hellman to establish that confidential human sources are supposed to give info to the FBI via their handlers. Berkowitz comes back with email to establish that Joffe did apparently give info on this topic in Sept 2016 via a SA Tom Brasso who was apparently handler./40

That’s it for Hellman. In a break now, back at 4. Not clear who next witness will be but hot mic picks up judge suggesting this will be over today 4:30 or 4:45./41

We’re back. Next witness is Steve De Jong, a Neustar employee whose group does DNS internet services and hosting for companies. DeF questioning about what Neustar does. /42

DeJong says Joffe & GA Tech researcher Antonakakis asked for searing Neustar’s DNS data for long list of Trump & Alfa domains. He pulled logs back to June ’16. (Recall Hellman finding it “conveniently coincidental” that traces seemed to begin just 6 weeks before the study.)/43

Bosworth briefly questions De Jong. Establishes that Joffe is respected DNS expert and worked with government/FBI, won FBI award. Sussmann had nothing to do with pulling and analyzing the DNS data. And we’re done for the day./44

Cleanup: Tomorrow will pick up w/ Deborah Fine, Laura Seago, Marc Elias, Tom McMahon, and then Jim Baker if they get to him which seems ambitious. Prosecution no longer intends to call Robby Mook but defense will; he has asked if can go early bc has trip planned./45

Conventional news article:

Originally tweeted by Charlie Savage (@charlie_savage) on May 17, 2022.