Thursday, February 16, 2012

Claim that the Metadata Changed the Day of the Leak

Here is a comment from yesterday, by "Grypo," that's worth highlighting:
I used a pdfinfo script to analyse the memos. The info I got is that all the meta data dates changed on the day of the leak in the Pacific time zone (-8 GMT). This is likely where our thief resides. This is also where the “fake” was created on 2/13. The other docs, with the exception of the IRS form were in the central time zone (-6 GMT). The IRS form was -4 GMT. This has been corroborated by a commenter at Lucia’s. Based on this, and I’m not sure if I’ve covered every base, the strategy memo is a fake.

The only other option would be if the create dates were faked, highly, highly unlikely or, the sender from HI didn’t have the doc, and someone from the west coast scanned it , emailed to her to send to the leaker. This, to me, doesn’t seem likely either. Logically, I have to go with HI’s story.


Steve Bloom said...

Interesting, but one obvious shoelace that analysis trips over is the absence of any possible reason to bother converting a faked document into a scanned pdf.

A possible scenario: Doc makes its way into someone's hands in paper form, then s/he determines to get more and deliver up the batch. Familarity with the strategy document could have been the hook needed to convince the (presumably low-level) HI staffer of the legitimacy of the request for more.

But again, this entire discussion is a big fat distraction for the librul journos and bloggers, whose finely honed sense of fairness makes them so easy to manipulate by people who have none.

Let's repeat: The factual contents of the so-called "fake" are corroborated by the other documents.

Also, any of the aforesaid bloggers or journos inclined to give HI a break on this should carefully contemplate the "Angry Badger" disinformation operation (which BTW ought to result in HI's 501c3 status being yanked).

Steve Bloom said...

Actually something perhaps more likely just occurred to me:

Lots of people, me for instance, are aware of metadata and that it's editable, but have no idea how to go about it. If I had a document with metadata I was worried about, I'd print it out, scan it back in and only then send it.

If correct, this explanation fits neatly with that document having come via a different route.

Jon Hendry said...

A hypothetical explanation for the time zone being Pacific time if it were scanned in Chicago:

The document was scanned on a low-end multi-function printer/scanner/fax which isn't used as a fax machine. (I suspect many are, since you can't really buy a printer/scanner, and printer/scanner/fax units are cheap anyway. With people ditching landlines for mobiles, they'd have nowhere to plug in to send faxes.)

If it's never used as a fax machine, there's no real reason to set the correct time on it. If it's networked, it might pull the time off of a network time server, but could still have a wrong time zone.)

Many electronic devices in the US assume a Pacific time zone when new. Even the brand-new Nissan car I bought last weekend in Connecticut came with the stereo/navigation system set to the Pacific TZ.

So, in theory, if someone at Heartland had used a low-end Epson multifunction printer/scanner to scan a document, it could just conceivably end up with a west coast time stamp.

But I'm not about to go out and buy a $100 Epson multifunction printer to test the hypothesis.

Steve Bloom said...

Interesting. I had no idea, but then having spent my entire adult life on Pacific time I wouldn't. But Epson could just be asked.

Steve Bloom said...

Hmm, looked at the manuals for a couple of current Epson multis and they didn't seem to default to any time zone. As soon as the power goes on the clocks start running from 12:00 AM. Based on this, if the scanner stamp was PST there was only a 1-in-24 chance of it being so.

Also, for scanners in general these days, isn't the time stamp generated by the software loaded in the computer?

David, it's time to ask HI for evidence, as in copies of those emails. Perhaps they could then be verified with the ISP and/or Google.

Also, isn't there some sort of illegal act involved here if what HI says is true? If so, why haven't the police or FBI been asked to investigate? That cowboyish line about HI tracking down the leaker sounds a bit silly.