General

FBI Ethics: What Did Flatley Say About Metadata; Was It Different than Booth?

02/03/2023·

Frank Parlato

Keith Raniere went on trial on May 7, 2019. A jury convicted him on June 19, 2019, of, among other charges, racketeering, with predicate acts of possession of child pornography and sexual exploitation of a minor.

For this article, I am uninterested in his guilt or innocence.

I am not interested in whether he took photos or not, or how old Camila was when he took them.

I am interested in how the FBI testifies about metadata.

FBI forensic examiner Brian Booth testified about metadata, in particular a kind of metadata called EXIF data, which is, among other data, a kind of birth certificate for photos. EXIF data provides a creation date of photos.

Booth testified that EXIF data was reliable.

As we pointed out earlier, FBI Senior Forensic Examiner Stephen Flatley was taken off the case near the end of the trial because, as the DOJ prosecutors told Judge Garaufis, he had to go to Ghana, Africa.

Longtime readers of FR know Ghana is where a woman named Nancy claimed to live when a group of scammers swindled Ronnie, an old and lonely man, out of his life savings.

This photo above was used to lure Ronnie Robinson to send money to Ghana.

We do not know what lured Flatley to Ghana, whether it was Nancy or something else altogether.

We pointed out that there may have been another motive to get FBI FA Flatley out of New York and over to Ghana, though the Ivory Coast, Burkina Faso or Togo would have worked just as well.

That was because Flatley testified at another trial three years earlier that metadata, including EXIF data, is unreliable.

But EXIF data had to be reliable for Raniere’s case. For that was the only direct evidence of child porn – metadata creation dates.

They had circumstantial evidence that Raniere had sex with Camila when she was 15 or 16, texts and hearsay from her sister, but Camila was not going to testify. They had no proof he took underage pictures of Camila without the metadata. The charges concerned photos, not whether he had sex with her.

And there was conflicting metadata. One set of metadata showed the photos were taken in 2003, a year before the camera was manufactured.

The US DOJ alleged Raniere used a Canon camera to take 22 explicit photographs of Camila when she was 15.

The prosecution relied on information embedded inside the digital photographs, called Exchangeable Image Format (EXIF) data.

A Canon digital camera records how a photo was taken, on what date, and with which camera settings. This is called EXIF data.

The prosecution used Camila’s photos’ EXIF data’s creation date – November 2005 – to prove she was underage in the pictures.

How reliable is EXIF data?

Brian Booth started with a regular sized nose until the prosecutor touched him with her magic wand.

According to the FBI’s expert witness, Senior Forensic Examiner Brian Booth, a photo’s EXIF data is reliable because it is “very hard” to change.

Question: Is there a particular reason why EXIF data is more
difficult to alter?

Booth: They purposely designed it that way.

Question: Do you know —

Booth: It’s mainly to be able to store information. And they
don’t want data to be moved around and changed, especially time and date information. Those things are very hard for the
consumer to be able to modify, unless you wind up getting
software that’s just developed to do that (p.4820).

Booth: Well, the best reference is the EXIF data because that
gets put into the JPEG file and it’s not easily modifiable and
it moves with the file the same way from device to device, no
matter where you place it. It has nothing to do with the bearing
of a file system at all or the dates and times associated with
it. So it’s on its own, but are created at the same time that
you take the picture (p.4830).

Booth:… But when it comes to photos, they still keep you from
changing dates and times. It’s not easy to change those. You
have to go through special processes to change those things.
(p.4977)

The above are a few of Booth’s statements about the reliability of EXIF data and how hard it is to modify.

The FBI’s expert witness told the jury EXIF data is “extremely reliable” and “very hard” to modify.

The FBI witness, a digital forensic examiner, swore under oath that EXIF data cannot be easily modified.

The prosecution wanted the jury to believe that EXIF data could not be easily modified, because it was the only digital evidence that supported they were photos of an underage subject.

FBI Forensic Examiner Booth testified because Flatley had to go to Ghana. FBI records show Flatley was in New York in June, more than a month into the trial.

It has been supposed that Flatley was not allowed to testify because his view of EXIF data is not the same as Booth’s.

We know this because Flatley testified at another trial.

Flatley

It was US v John Galanis, Jared Galanis, Derek Galanis, Gavin Hamels, Ymer Shahinin, Jason Galanis, Gary Hirst.

Without getting into details of that case, I will quote from the 2nd Circuit about Flatley’s role.

“The government qualified one expert, Stephen Flatley, an FBI computer forensics professional, solely to rebut (in advance) testimony Hirst offered concerning the Warrant Agreement metadata, which showed it was not backdated.
Flatley testified, over objection, that nothing about the Warrant Agreement metadata indicated alteration, and that the FBI does not rely on metadata alone in determining a document’s date because metadata can be manipulated.

The defense took the same position in Hirsh’s case that the prosecution took in Raniere’s case — that metadata – including EXIF data – was reliable and pointed to the defendant’s innocence, just like it pointed three years later to Raniere’s guilt.

Either that or truth is not important to the government, only winning is important. EXIF data is either reliable or not.

You can read Flatley’s complete testimony here.

Here are some excerpts

On September 20, 2016 Flatley testified.

Q. Now, Mr. Flatley, does the FBI rely on creation dates alone in PDF files in determining the date on which that PDF file was, in fact, created?

A. No, we do not do that. …

***

Q. In your experience, Mr. Flatley, what sorts of things does
the FBI rely on in determining the create date of a particular
computer file?

A. We would require that we have some kind of corroborating
evidence [besides EXIF data]. For instance, if the file had been emailed, we would want to see that email and be able to open up what we call the long header on that email. For instance, when you email something to somebody, it goes from your computer, through a number of servers, to their computer. You can change your time
and date on your computer, but you will not be able to change
the time and date on, for instance, AT&T’s computer when the
file passed through there.

When the file passes through there, that server will give it a timestamp, and that timestamp is unalterable from the user standpoint, and most users don’t even know it exists. That would be a date that we would rely on.

So something that was not just from the standalone system that would require some kind of corroboration or something outside of the user’s control.

Q. In your experience, does the FBI rely on create dates in metadata of a PDF file alone in determining the date on which a document was created?

A. No, we do not.

Q. Now, what are some reasons that the create date in a PDF
file that’s reflected in the file’s metadata may not match the
actual creation date?

A. A computer’s clock is too easily changed. It’s very easy
to go down and change your time and date on the machine. It’s
also a standalone system. It could just flat be wrong….

***

Q. Are there software products available that would allow a
user to change the create date reflected in the metadata on the
PDF file?

A. There are a number of programs that will allow you to change metadata on a PDF file or a Word file.

Q. How can a computer user access such software?

A. You just download it from the web.

***

Q. Mr. Flatley, what is the create date reflected in this particular document’s metadata?

A. It is April 9th, 2010, 11:05:03 p.m.

***

Q…. Based on your training and experience, would the FBI rely on the create dates alone in the metadata of Government’s Exhibits 509A through D in determining the dates on which these documents were created?

A. No, we would not.

Q. What other information would you need to make that
determination?

A. Some other kind of corroborating evidence.

Q. So Mr. Flatley, in your opinion, can you conclude that
Government’s Exhibits 509A through D were created on the dates
reflected in the metadata in those documents?

A. I cannot.

So metadata such as EXIF data is not reliable to Flatley but it is to Booth.

Booth said:

“[EXIF data] stays into that photo and it’s very hard to remove.”

“Most commercial software will not touch EXIF data.”

“They purposely designed it that way…”

“They don’t want data to be moved around and changed, especially time and date information.”

“When it comes to photos, they still keep you from changing dates and times.”

“It’s not easy to change those.”

AUSA Moira Kim Penza told the jury:

Now you also know that the photographs were taken in 2005 because that’s what the data shows. The forensic examiner, Brian Booth testified that the most reliable metadata that the FBI could obtain from the images on the Western digital hard drive, said that they were taken exactly when the folders stated they were taken.

AUSA Mark Lesko told the jury:

I’m no expert, don’t get me wrong, but I heard Examiner Booth, just like you did. EXIF data is extremely reliable. It’s embedded in the jpeg, in the image itself. And the EXIF data shows that the data was created on the camera, in this instance, this particular instance, the 150 jpeg [one of the Camila photos] on November 2, 2005…
But with EXIF data, once it’s embedded in a picture, it doesn’t matter how many times you move it around. It stays into that photo and it’s very hard to remove. In fact, most commercial software will not touch EXIF data. It will allow you maybe to add data to it, but even in that sense, it’s in this instance, this particular instance, the 150 jpeg [one of the Camila photos] on November 2, 2005.

It’s a good thing they sent Flatley to Ghana, or even if they didn’t, it’s a good thing the prosecutors told the judge he went to Ghana.

Where in Ghana did Flatley go? Was it nearer Kumasi or Bobo-Dioulasso? Did he run into Nancy?

Booth testified because Flatley was in Ghana.

But if Flatley had testified, and Booth too, both of them, they might have confused the jury.

Flatley said the FBI would never rely on EXIF creation date metadata.

Booth said it was reliable, because they make it hard to change.

It’s harder to change EXIF data than not to take a trip to Ghana, but have someone say you did.

The two men disagree on things, or see things a different way.

When Flatley did his FTK report on the camera card found inside Raniere’s Canon camera, he found only four photos that matched the hard drive where Camila photos were found.

When Flatley had to go to Ghana, Booth had to make a brand new FTK report on the same camera card. And guess what?

Booth found 37 photos that matched the hard drive, making it almost 10 times better for showing Raniere’s camera took Cami’s photos in 2005.

A photo of a Lexar camera card similar to the one seized at the executive library of Keith Raniere.

Booth found 34 new photo files, but some were mixed up, and a brunette named Daniela and a blonde named Angel traded places on the hard drive and the camera card.

Somehow, other than the mixed up brunette and blonde, all the new photo files could not be opened, but the EXIF data bore out everything Booth said — all matched to a tee.

But even though the files cannot be opened, we have Booth’s good word for it, and if Flatley wasn’t in Ghana, we might have asked him too.

Comments (45)

Add Your Comment

Nutjob02/03/2023

I'm beginning to think Ronnie was really sending the money so that the pictures would continue. Getting Nancy to the US would have been gravy . As a thank you to Frank for posting Nancy's pics, I'm willing to contribute and send some duckets to Ghana. Just give me an address to mail the check or VENMO or something. I'll even say it's from Ronnie if it will help out my poor horny kindred spirit.

Frank Parlato02/03/2023

Ronnie was terribly upset with me. When I told him Nancy was a fraud, he accused me of wanting to steal his girl. Later when he stopped paying, they shifted gears and instead of pretending to be Nancy they said they were from Interpol and were going to arrest him if he did not pay a indictment waiver.

Natashka02/03/2023

Did he pay the waiver?

Frank Parlato02/04/2023

I did one of the cruelest to be kind things I ever did in my life. He called me frantic that Interpol was going to arrest him for sending cash to Nancy. I told him it was true. I said get your toothbrush and be ready. I wanted to scare him into not paying these Ghana scammers. He promised me he would never pay any more money to them again. This was about the 10th time he said this. But this time he changed his phone number. So he did not pay the waiver — but he might have reconnected with them and paid them for Nancy. I got into a heated exchange with them on the phone, calling the 'Interpol' guy. I pretended I was Ronnie…

StevenJ02/04/2023

Sad but great story. Please elaborate on your call with the scammers. That must have been fun!

Frank Parlato02/04/2023

I had a virulent call, at first pretending to be mortally afraid of the Interpol agents. Then I gardually revealed that I knew they were frauds. There were rising voices and tempers and it ended with them hanging up the phone. I will elaborate and update on Ronnie, who has yet to meet his lady, and no Nutjob did not steal her although I am pretty sure he plans to.

Natashka02/04/2023

Well cruel to be kind because nothing was getting through to Ronnie. I hope he changed his email too and they weren't able to contact him again but some other scam could get to him. Please do do an update. I found these articles interesting.

ShadowState195802/03/2023

Some people believe that the Chinese balloon over Montana is a dry run for an EMP (Electro Magnetic Pulse) to use a nuclear weapon to send out a pulse to fry America's electric grid.

StevenJ02/04/2023

Yes, and no doubt you are one of them, my dear conspiracy buff!

CultObsessed.02/03/2023

Well I don't want to talk about the EXIF data, or a testimony that was never challenged during the trial. But I think what occurred during the trial and what was challenged in court is very relevant. In the transcripts for Keith's Sentencing, his lawyers did submit objections regarding the photos. Let's read verbatim what was read in court what his objection was. “He argues that the offense at issue involves the pornographic photographs that he took of Jane Doe 2 when she was a minor, and that because the photographs themselves do not depict a sexual act or sexual contact, the two-level increase is improper.” He said because the pictures don't show him actually touching her or them engaging in sex he shouldn't get more time for that. No objection to the authenticity of the pictures. In fact, one of the last things Agnifilo addressed before sentencing and the hammer came down was the pictures. Let's see what he said. “As your Honor knows, he wasn't charged with or convicted of having sex with Camila. He was charged and convicted of the photographs. And if your Honor remembers my trial defense, I didn't really dispute the photographs all that much. The way I disputed them is they were never shown to anybody and the jury shouldn't consider them as either child pornography or as a racketeering predicate because they were photographs that were taken and then for the rest of time they just stayed on a device, they never got sent anywhere, never got shown anywhere. So that's how I dealt with the photographs at the trial. I didn't say anything one way or another about them. I didn't say at the trial anything one way or another about Camila at 15 years old.” That is so strange that the smartest man in the world didn't make sure there was a defense against these really damning pictures DURING HIS TRIAL. Depending on what experts you get on the stand on any given day, their opinion and testimony can change. If they wanted to challenge any of that, they could have put someone on the stand for their time during defense. To pretend he didn't have ample opportunity to after those pictures during a 6 week trial is insulting to everyone's intelligence.

Anonymous02/03/2023

I see. The FBI is corrupt unless it’s the FBI agent that said something I think agrees with my story.

Frank Parlato02/03/2023

The FBI is no more and no less honest than your typical Amway salesman.

Anonymous02/03/2023

Sure they are since they are all background checked and have actual strict ethical and legal requirements that all employees engaged in investigations of criminal conduct must sign and adhere to unlike “The Vanguard” (who never signs anything) or Amway salesman. .

Frank Parlato02/04/2023

So do Amway distributors, who not only pledge to be ethical they pledge to make their downline money.

The prosecution did a stellar job02/03/2023

Every time these silly conspiracy theories about Keith's trial are posted all it does is highlight what a f****** Stellar job the prosecution did. This was a massive sprawling case. It had International components. A cast of hundreds. It's truly a miracle there wasn't a f******. It's so impressive. Keith will leave this Mortal coil while incarcerated. And not for nothing but this is all based on a dispute over someone's opinion. That's not a lie it's not impeachable. It's the person's opinion. If Keith had decided to try to mount a defense against the indefensible then a different person would have spoken up on the stand on behalf of the defense and they also would have offered an opinion. That person would also be very difficult to impeach. Because it's their opinion. Anyway great job Moira! And your team. Amazingly well done. Congratulations again!

CultObsessed02/03/2023

I agree completely. This was just one dirt pile in a mountain of evidence. Don’t get me wrong, it’s a dirt pile very high up on the peak, but just one piece of evidence. It feels like Keith is trying to get a redo. As a judo champion though, he should know, there are no redo’s, you lost. The idea that anyone is going to consider this “new found non-evidence” in a vacuum and just ignore the rest of the trial is ridiculous and sad. My honorary degree from watching over 20 years of Law and Order is enough to tell me that. But yes, let’s drag out the process. I love to see him fail.

Aristotle’s Sausage02/03/2023

“It has been supposed that Flatley… “ That is what is known as speculation. You and Chakravorty can speculate all you like about FBI conspiracies. Possible motives and what they might have done. It’s singularly unpersuasive. “It has been supposed”. Yeah, by Chakravorty. It don’t amount to a hill of beans. We were promised proof or at least some evidence of actual evidence tampering. All we got was speculation. All we got was a big fat zero.

Frank Parlato02/03/2023

Please be patient. And by the way, I am NOT saying Raniere is innocent. This is NOT about Raniere. It's about FBI conduct. Two things are possible, Raniere is guilty of what he was charged with and the FBI is guilty of cheating to convict him to ensure their conviction. Let's see what happens.

Touchdown02/03/2023

If the Fbi knows he's guilty that's what counts. A little maneuvering is no more than what business people do every day. If I am in business and need to set things up to take care of my family. The FBI just bought a little insurance to make sure cuuse juries are stupid. It ain't tampering it's protecting society

Anonymous02/03/2023

Wait. In the quoted excerpts Flatly was talking about PDF files not photo files with EXIF metadata. How is this testimony relatable? They are different file formats.

Frank Parlato02/04/2023

I shall explain that to you, and others who are not computer wizards like yourself.

Anonymous02/04/2023

That question was rhetorical. Neither metadata of the different file formats have anything to do with each other. I understand the desire for corroborating evidence part of it, i.e., talking about server times “stamping” an email to establish with a much greater probability. But that doesn’t make either of the metadata types unreliable per se. It just doesn’t make it sufficient for establishing the case with certainty, and the defense team already pointed this out. But that is a far cry from proving the FBI tampered with evidence and it’s really lame that you keep rehashing the same thing over and over again in “new” articles that aren’t really new (kind of like propaganda) just because you’re getting paid and you have your own agenda against the FBI.

We need as many whistleblowers as possible ASAP.02/03/2023

A few high-society types had a lot to lose in that case. It’s possible “Intelligence“ tried to torpedo the case by wrecking evidence. “Intelligence” doesn’t have the best reputation and they’ve disappeared evidence and people before. Unfortunately, that kind of underhanded deceit wouldn’t surprise many if someone eventually tells us that’s what happened. If a FBI guy or gal tampered with the photo and has the courage to tell us who told him/her to do it, he/she will be a hero.

Peaches02/03/2023

Someone's hearts will break if Flately went to see Nicole from Ghana.

Frank Parlato02/04/2023

What other reason could there be for him going there all of a sudden like that. And Nancy had gold bullion she was going to give Ronnie, if only he could just pay the import fee of $1000.

Anonymous02/04/2023

Unless I’m missing it Flatley doesn’t testify about EXIF data. He’s talking about metadata document creation date related to a pdf not EXIF data for a picture. Moreover, that’s why we have trials. The prosecution put on their expert to say EXIF data is reliable. Nothing prevented Raniere from getting his own expert to say something else. Happens every day. Why didn’t Raniere attack the photos because he took them and he knew they were on the card.

AI02/04/2023

Frank, do you think this evidence gives KR a chance to walk? Or get his sentenced reduced?

Frank Parlato02/04/2023

As far as his walking, it is not my concern. I am interested in whether the FBI cheated or not. Even if the FBI cheated, I doubt the system could admit its error. Releasing Raniere would mean the system, not just Raniere, is corrupt. They cannot admit that. Before they would release him, an accident would befall him, and possibly myself too. It's not about releasing him. I could care less about that. Raniere gave the orders to Clare Bronfman to hunt me and harm me – now 12 years later I am still fighting because of him. Freeing him is hardly my quest. Sentence reduction for him means little. If it were cut in half or by three-fourths, it's still likely life, though his grandmother lived to be 106. The other thing is, as much as I believe Raniere upended my life I do not believe he should be in the SHU, I think it is inhumane and must be abolished. I think the way defendants are held in pretrial custody makes it impossible to get a fair trial.

What happened?02/05/2023

1. Did prosecutors just out of the blue tell Michele they would charge her with perjury — or after hearing details of her experience, tell her that would happen as it should happen according to law? If we weren’t all so divided, we could all work together to hurry up and figure out what happened. 2. “emails that appear to show Raniere helped orchestrate the affidavit from prison“ 👈 might be the kind of thing The Bureau of Prisons employees have had to appropriately address while protecting the public from Mr. Raniere, Ms. Bronfman and maybe Ms. Maxwell. Excerpts from a CBS article September 29, 2020: 🔍 “Among the allegations NXIVM supporters make against prosecutors, is that they threatened Hatchette with a perjury charge if she testified for the defense in Raniere's trial.“ 🔍 “I met with them twice, and then just before the trial, they called my lawyer and asked if I wanted to be a witness for them,” Hatchette said. “They said if I decided to go on the stand and not come meet with them they would charge me with perjury. So if I decided to testify for the defense, I would have been risking going to jail just for sharing my experience.” 🔍 Prosecutors declined to comment on the petition and the allegations. But they did point CBS News to a new court filing where they provide emails that appear to show Raniere helped orchestrate the affidavit from prison. The supporters admitted to CBS News that it was Raniere's idea.” https://www.cbsnews.com/news/keith-raniere-nxivm-supporters-petition/

Anonymous02/06/2023

Michele did 2 proffers. Michele was given the “seduction assignment” and told authorities that she only had sexual contact with Raniere because of coercion. Michele also stated if she wasn't blackmailed she would have left DOS. The prosecution did Michele a favor, in the sense that they warned her that if she chose to get on the stand and lie under oath, they would hold her accountable. Prosecution could have just let Michele put herself out there to lie on the stand and then suffer the consequences. But the truth is Keith was never going to mount a defense. Because not one person the defense could have called would have stood up under cross-examination and it would have backfired on Keith terribly. It's easy for all the dead-enders to pretend that they were so brave and it was only through nefarious threats that they were kept from testifying. But if you're telling the truth there is no fear of being charged with perjury.

Information Man02/06/2023

RE The FBI’s trip to Ghan: FBI agents being sent a broad is not noteworthy. The FBI routinely sends its agents around the World. What is “noteworthy” is the desperation of the DeadEnders to find any piece of information, which they twist, to fit their narrative. So sad.

IT Man02/06/2023

To Readers & Editor: Simply because you have some cute laymen’s factoid graphics regarding EXIF doesn’t make you knowledgeable enough about the computer code to render a true opinion. Suneel deserves some high praise for delivering “slick press” packets. He duped you dummies.