In an earlier life (before I started focussing on cyber issues) I was, for the first 15 years of my career, a specialist in complex criminal, and political investigations, having worked at DOJ (on the Exxon Valdez disaster); in Congress (on e.g. the ValuJet crash) and in an independent counsel's office (Whitewater). A good investigation needs to proceed at both a macro level and at a micro level. Which is to say that often complex investigations begin because there is a general miasma of concern—about an individual or a company—and that concern takes many varied forms. Often, a poor investigation focuses too much on the miasma of the macro concern and does not proceed with enough tactical sophistication at a micro level. Put another way, investigations are built from the bottom up on building blocks related to specific events which, only when validated, can be fit into a larger pattern (or not, as the case may be—many investigations turn out to be inconclusive).
The Trump/Russia investigation is looking now to be of the bad sort. It starts with the problem of general concern about President Trump and his Russian connection. But at least as it stands now, the overall miasma of concern is insufficiently particularized—and so one day we are talking about testimonial perjury and the next we are talking about bank funding and after that, we are talking about meetings with ambassadors. The macro/strategic concerns are ill-defined and the micro/tactical ones are getting all mixed up.
That way lies confusion and failure. Rather than continue down this road, were I tasked with leading the investigation, I would step back, identify the major subheads of investigation; conduct a thorough analysis and ONLY when those investigations were substantially complete would I attempt to explain how they might come together. In other words, I would proceed as follows based on the predicate information which seems sufficient to begin an inquiry (with the very, very strong caveat that everything I am writing about is based on the exceedingly strong assumption that the public speculation is based on underlying reality—and we all know that may not be the case).
First, and foremost, a Trump/Russia investigation should subdivide any inquiry into at least five distinct legal/factual questions—each with significantly different investigative needs and, likely, significantly different potential outcomes. Each distinct aspect would have its own investigative team, its own line of inquiry and, for the most part, its own independent objectives. For me, based on the public record as of this date, the subdivisions would be:
1) Allegations relating to President Trump's personal conduct in Russia. The thesis of this aspect of any investigation would be that public knowledge of the President's behavior would be embarrassing to him and that, therefore, he is subject to potential compromise by those who might threaten him with disclosure. Almost certainly the behavior in question is unlikely to have violated any American civil or criminal law (though part of alleged activity may have formally violated Russian law). Evidence of this behavior would likely involve individuals who witnessed or were told about the behavior. Proof would be extremely difficult to come by as any evidence would likely be outside of the United States and not readily available to investigations. It also (at least to me) seems the least plausible aspect of the allegations—but also the one most likely to be explosive if true. Given the lack of likely criminal charges, however, this investigation sounds in the nature of a counter-intelligence inquiry. As far as the public record reflects, nobody is conducting this investigation at this time.
2) Allegations relating to President Trump, the Trump family and the Trump organizations and their financial connections to Russia. The thesis of this aspect of the investigation would be two-fold. First, as with the investigation of the President's personal behavior, it is possible that embarrassing aspects of the suspected financial dealings would be a basis for potentially compromising the President—either to protect himself, his children or his companies. After all, if the Trump Organization were indebted to a Russian bank, even if that were a lawful transaction, its existence might cast doubt on the President's decision making. In addition, unlike the investigation of personal conduct, this aspect of the investigation might also result in the discovery of criminal conduct. One can readily imagine that some aspects of financial dealings would involve concealment in violation of law, or the receipt of funding from prohibited sources. Unlike the personal conduct investigation, this aspect of the inquiry would also be different in that it would be driven by paper records of complex financial transactions, at least as much (if not more) than by the testimony of percipient witnesses. Finally, given all this, it seems clear that far more of the evidence would actually be readily available within the US to American investigators—the tax and financial records, as well as many (though not all) of the witnesses, are here. As is evident, this part of our inquiry would, therefore, be tactically quite different and also have a dual focus—both on CI and on criminal issues. In terms of motive, this aspect of the inquiry seems to make the most sense—and it is also the most readily investigable. Based on public reports it seems likely that the FBI/FISA investigation that the President has been tweeting about may be related to this line of inquiry.
3) Orthogonal to the prior parts of our inquiry, and potentially completely unrelated (though, as I will note below, one reasonable hypothesis is to the contrary) would be an investigation into Russian efforts to effect the American election. The thesis here, however, is less well defined—it may be a Russian effort simply to discredit democracy; it might have a more particular interest in discrediting Secretary Clinton; or it might have the even more ambitious objective of securing the election of President Trump. One hopes that a full investigation would confirm that there was no actual vote tampering. But it seems likely that it would also confirm that the US was on the receiving end of a Russian influence operation and it might (though this is less likely) also be able to determine Russian motivation. At its farthest remove it might also establish direct coordination between the campaign and the hackers ... though as yet there is no evidence of that at all in the public record, that I can see.
Again, the type of investigation would be significantly different from the earlier two discussed—a large fraction would be based on computer forensics and analysis, supplemented by information collected by our intelligence agencies regarding Russian motives and methodologies. The actors who penetrated the DNC and the Clinton campaign almost certainly violated American criminal law (the Computer Fraud and Abuse Act) but also engaged in something that resembles traditional espionage. Evidence would be both within the US and in unavailable locations abroad. Notably, this is the only aspect of our inquiry under active Congressional investigation at this time—but since it is being conducted by the Senate Select Committee on Intelligence it might well be an investigation that produces little public results.
4) Trump campaign contacts with Russia. This aspect of the inquiry is the one most in the headlines these days. General Flynn, Attorney General Sessions, Jared Kushner, and other White House staff and Trump campaign advisors are all said to have met with various Russian actors during the course of the campaign and in the run-up to the inauguration. Some of the people involved are the same people who might have knowledge of the Trump/Russia financial dealings, and thus there is some overlap. Here, most of the evidence would be through witness testimony, as well as records of email conversations and telephone calls—the traditional evidence of a criminal inquiry. The weakness of this aspect of the inquiry is that, at least at first blush, there is nothing illegal in conducting such meetings. It might be unwise, to be sure, for, say, the President-elect's team to signal that it intends to discard President Obama's sanctions—but it could as readily have made that statement publicly, and so the private message is not, inherently, unlawful. In short, we have no "thesis" for this aspect of the inquiry that, to me, is convincing. While most of the evidence is readily available this seems a less likely fruitful avenue of inquiry. As of today, it also appears as though the only investigation being conducted is by the press—not by any governmental agency.
5) And, finally, of course, there is the cover-up. Here, as in so many cases, our thesis is simple: Often political embarrassment leads to concealment. And, again, there is nothing unlawful in the President being less than fully candid with the Amerian public—it has a political cost if discovered but the cost is one that many politicians are willing to bear the risk of. It is only when (as may be the case with the Attorney General) materially false statements are made under oath that the inquiry takes on a more promising color. For now, we would "park" this issue until the facts of our other inquiries were developed.
So much for the micro/tactical level. What of the strategic aspects of the inquiry? In other words, what links them all together?
Perhaps nothing. Often where there is smoke, there is fire—but sometimes if there is smoke there is .... just smoke.
Still, the threads are there that allow some strategic connection between all five of these investigations. If either of the first two inquiries (into personal conduct or financial dealings) proves true, then the plausibility of Russian interest in a particular outcome of the election becomes greater. And that, in turn, when successful would lead to coordination and to cover-up. The overarching thesis—that Russian influence over the President is related to its electoral interference—is certainly one that would tie these threads together.
But in the end—and this is the important point—the overarching thesis isn't necessary. Each of the subunits of investigation stands on its own. Only if a solid foundation is constructed will the arch stand. Perhaps none of the inquiries will prove out—one certainly hopes so for the country's sake! But only if they do does the overarching question become interesting.
If I were to give one piece of advice to investigators today it would be "focus on the trees; the forest will take care of itself."