General

Kiper Explains; Demonstrates How FBI Lied About EXIF Data in Raniere Case

01/29/2023·

Frank Parlato

Bangkok wrote an impressive story. Raniere’s Rule 33 Motion Has Decent Chance; If It Succeeds, Raniere Goes Free

The story discusses how FBI Forensic Examiner Brian Booth seems to have falsely testified about the reliability of EXIF data, the sole evidence used to date Camila photos, and convict Raniere of predicate RICO acts of possession of child porn and sexual exploitation of a minor.

The EXIF data dates were the evidence that the photos were taken in 2005, when Camila was 15.

Bangkok made a point, strengthening a story I broke in the FR months ago.

FBI Forensic Examiner Stephen Flatley was taken off the case mid-trial because, the DOJ prosecutor told Judge Garaufis he had to go to Ghana.

FBI FA Flatley had testified at another trial, three years earlier, that EXIF data is not reliable.

In the case against Keith Raniere, with Flatley, purportedly sent to Ghana, the DOJ called Forensic Examiner Brian Booth, who testified that EXIF data is reliable.

According to FBI records, Flatley was in NYC until June 2019, one month after the Raniere trial began. When did Flatley get assigned to Ghana? Did he go?

Just prior to his testifying, Booth ma

de a second forensic FTK report of the camera card removed from Raniere’s camera.

Flatley had made an FTK report months before. Both FTK reports were made from the original camera card.

The second FTK report had 33 digital photograph files that were not on the first report. The camera card, which before, with Flatley’s report, had little to tie it to the hard drive, with Booth’s FTK report, now had more than thirty digital files also found on the hard drive. All the new files had EXIF dates of 2005.

This helped make the case of child porn. Camila was 15 in 2005.

The newer FTK camera card report had some hard to explain files.

For instance, the file names and metadata, including EXIF, of four digital files on the new report of the camera card matched the file names, and metadata [including EXIF data] on the hard drive where the Camila photos were found.

The problem, and it never came out at trial, because it was not known by the defense at the time, is that the files matched in meta data, including EXIF data, but the actual digital photos did not match. On the hard drive, the files were of Daniela. The same files on the camera card with their matching EXIF data, were photos of Angel.

Whether Raniere sexually abused Camila when she was underage is not under discussion. We are looking at evidence the FBI used to convict Raniere of abusing Camila.

The following is Dr. Kiper position, mostly from an white paper he wrote, and from my interview with him on testimony of FBI Forensic Examiner Brian Booth on the reliability of EXIF data.

EXIF Data and U.S. vs Raniere

By J. Richard Kiper, PhD, PMP

FBI Special Agent (Retired) and Forensic Examiner.

The US DOJ for the EDNY alleged Keith Raniere used a Canon digital camera to take 22 explicit photographs of a female, Camila, when she was 15, saved them to a compact flash camera
card, transferred them to a Dell computer, which was never found.

Then he backed up those photographs to an external hard drive, which was seized by the FBI.

Figure 1: The Government’s narrative regarding alleged contraband found on a “backup” drive.

To DOJ needed to prove two things to demonstrate that Raniere, using the Canon camera created the alleged contraband.

1. The contraband photographs were taken with the camera used by Raniere.

2. The contraband photographs were taken when Camila was legally underage. In 2005, she was 15.

The prosecution relied on information embedded inside the digital photographs, called Exchangeable Image Format (EXIF) data.

A Canon digital camera automatically records how a photo was taken, on what date, and with which camera settings.

This is called EXIF data and is saved into the content portion of a digital photograph file. The EXIF data does not automatically change when the digital photograph is transferred to another device, such as a computer or a hard drive.

The prosecution used the Camila photos’ EXIF data’s creation date, [November 2005] to argue that she was underage in the pictures.

They also showed that the EXIF data of the photos showed the make and model of the camera allegedly used by Raniere and seized from his library.

Canon Camera
EOS 20D

How reliable is EXIF data?

According to the FBI’s expert witness, Senior Forensic Examiner William Booth, a photo’s EXIF data is reliable because it is “very hard” to change.

Consider a few of his sworn statements from his testimony. The emphasis is mine:

Question: Is there a particular reason why EXIF data is more
difficult to alter?

Booth: They purposely designed it that way.

Question: Do you know —

Booth: It’s mainly to be able to store information. And they
don’t want data to be moved around and changed, especially time and date information. Those things are very hard for the
consumer to be able to modify, unless you wind up getting
software that’s just developed to do that (p.4820).

Booth: Well, the best reference is the EXIF data because that
gets put into the JPEG file and it’s not easily modifiable and
it moves with the file the same way from device to device, no
matter where you place it. It has nothing to do with the bearing
of a file system at all or the dates and times associated with
it. So it’s on its own, but are created at the same time that
you take the picture (p.4830).

Booth:… But when it comes to photos, they still keep you from
changing dates and times. It’s not easy to change those. You
have to go through special processes to change those things.
(p.4977)

The above are just a few of Booth’s statements about the reliability of EXIF data and how hard it is to modify.

Prosecutor Mark Lesko emphasized Booth’s testimony in his closing argument to the jury:

LESKO: … I’m no expert, don’t get me wrong, but I heard Examiner Booth, just like you did. Exif data is extremely reliable . It’s embedded in the jpeg, in the image itself. And the exif data shows that the data was created on the camera, in this instance, this particular instance, the 150 jpeg on November 2, 2005… (p.5572).

The FBI’s expert witness and the DOJ prosecutor told the jury they could rely on the photo EXIF data to determine Raniere created the alleged contraband with the Canon camera in 2005, because the EXIF data is “extremely reliable” and “very hard” to modify.

Is it true that digital photograph EXIF data is “very hard” to change?

Modifying Photograph EXIF Data

A Google search will enable anyone to find freely-available, simple-to-use tools for editing EXIF data.

One of my favorites, ExifTool, was featured in an article titled, “7 Free Tools to Change Photo’s Exif Data, Remove Metadata and hide dates.

For purposes of the following demonstration on how easy it is to modify EXIF data, I will use a digital photograph from U.S. vs KEITH RANIERE case.

The photograph, with the file name “IMG_0043.JPG,” is a picture of a maple tree. It was found on the “backup” hard drive, in the same studies folder that the alleged contraband photos of Camila were found.

The EXIF data shows it was taken with the same Canon camera around the same time.

In Figure 2 below, the Microsoft Windows details pane (invoked by selecting the “View” tab of any Windows folder) is interpreting the EXIF data of Figure 2.

Windows display of EXIF data for IMG_0043.JPG.

According to the Windows display of EXIF data, this photo was taken on 10/17/2005 with a Canon EOS 20D digital camera.

I verified this information by using the industry standard
ExifTool I mentioned earlier.

Here is how ExifTool interprets the EXIF data:

Figure 3. ExifTool display of EXIF data for IMG_0043.JPG.

How hard is it to change the camera model?

In the Windows folder with the Details Pane enabled, I click the “Camera model” field and type whatever I want.

I changed the camera model to an iPhone XR.

Figure 4. Changing the “Camera model” field in the EXIF data of a photo.

I also changed the Camera maker to Apple.

Then I clicked on the “Date taken” field and set it to the United States Independence Day, July 4, 1776 –246 years ago.

Figure 5. Changing the “Date taken” field in the EXIF data of a photo.

Therefore, a person viewing the file in Windows would now see a photo that was taken by an Apple iPhone XR, in 1776.

Figure 6. Windows display of saved changes in the EXIF data of photo IMG_0043.JPG.

Despite the government’s contention in court, the EXIF data was very easy to change.

At this point, you might be thinking, “That’s fine for the Windows interpretation, but was the EXIF data really modified? or just changed in the Windows on that computer?”

To verify that I changes I made in the Windows folder changed the EXIF data in the file, I opened the file again in ExifTool:

Figure 7. ExifTool display of saved changes in the EXIF data of photo IMG_0043.JPG, showed the EXIF data was changed to an Apple I phone and July 4, 1776.

The next question one might ask is: “What about a forensic tool?

Would a digital forensic tool verify these changes in the EXIF portion of the file?”

ExifTool is a forensic tool, although it is in the public domain.

But to put to rest any doubts about whether the EXIF data was changed and would not be detected as changed, I viewed the photo in the FBI-approved digital forensic tool, AccessData’s FTK Imager.

In Figure 8 below, I imported IMG_0043.JPG and used the Hex viewer to read the raw EXIF data.

All the EXIF changes I made were readily visible, and there were no traces to indicate that I or anyone else had ever made those changes.

Figure 8. FTK Imager display of saved changes in the EXIF data of photo IMG_0043.JPG.

Conclusion

What does this mean?

It means the government misled the jury about EXIF data. They used that misleading information to to convict Keith Raniere.

I could have used many other freely available tools to modify the EXIF data that the government claimed was “extremely reliable” and “very hard” to modify.

Instead, I did not even have to use software. I simply used the built-in features of Windows on my computer to modify the EXIF data of an actual digital photographs produced by the government at trial.

I verified those changes in three different ways.

Anyone can reproduce what I demonstrated in this article, using any digital photograph.

Modifying EXIF data requires none of the “software” or “special
processes” claimed by FBI examiner Booth, nor is it “very hard” to modify, as he claimed in sworn testimony.

It is unclear to me why a Senior Forensic Examiner of his caliber would have made those false statements under oath.

Implications

Why would the FBI’s star witness, the digital forensic examiner, swear under oath that EXIF data cannot be easily modified? And why would he make such false statements multiple times during
his testimony?

The prosecution needed the jury to believe that EXIF data could not be easily modified because it was the only piece of digital information that supported the narrative that the photos on the
hard drive allegedly belonging to Raniere were of an underage subject.

If the prosecution told the truth – that EXIF data can be easily modified with no special skills or tools – the jury may have reasonably doubted the reliability of the dates as evidence of a crime.

It is a miscarriage of justice for the prosecution (and the jury) to have relied on the authenticity of EXIF data to prove creation dates and the origin of digital photographs.

If the government could blatantly mislead a jury about something so easy to disprove, it leaves me to ponder: What else were they lying about?

Comments (39)

Add Your Comment

Bangkok01/29/2023

Awesome article, Frank. Small Typo: “Just prior to his testifying, Booth ma” (line was cutoff mid-word) Next line says: “de a second forensic FTK report…” (line begins mid-word from previous line) That's how it appears in my Firefox browser, anyway.

Anonymous01/29/2023

What an astute observation!

Anonymous01/30/2023

If you continue with writing readable, intelligent, cogent articles (sans political bias), you'll soon have the THE BANKOK REPORT. Congratulations and keep the journalism coming.

Erasend01/29/2023

Ug this old chestnut again? It not even if agree or disagree with Kiper, its just well worn ground. If Frank's timeline from his aborted series is accurate, the card should have never been admitted to begin with because a forensic copy was not made before an agent looked at it, breaking chain of custody of the data. If they planted evidence, yes that should be investigated. The hard drive continues to remain unassailable besides the almighty post it note, hailed in the hallowed halls of justice as the definitive proof of all things. Its not real until there is a post it note on it. Specifically yellow. No other color. But here is the thing, for the purposes of the trial – this isn't new evidence. His lawyers should have questioned the evidence at the time and didn't. They had time to do it, could have demanded more via a delay, but didn't. Likely because Raniere in his continued display of stupidity, likely ordered them not too. Raniere was likely his own worse enemy in his own trial, something the extent of we will never learn as his lawyers are not allowed to share (unless Raniere compounds his stupid with an appeal claiming incompetent defense). New evidence means literally new evidence, not re-examining old evidence with new experts. All this talk is irrelevant for purposes of a successful appeal.

New trial warranted01/29/2023

It is new evidence and Moira WITHHELD this information for months, providing only days before the trial– that denies Raniere the right for a proper investigation. The new evidence is that the FBI agent lied regarding data– Why is perjury not an issue? We are supposed to be able to trust those with fidelity, bravery, and integrity. How could they have anticipated lies told by those employed to act with the highest level of expertise and honor.

Anonymous01/29/2023

Nice to know you're on first name terms with Moira LOL!

Good try New Trial your facts are Wrong01/29/2023

Good try, New Trial A Rule 33 Motion is for new evidence Evidence has to be turned over by a specific dates so each side has time to examine it before trial. This wasn't some TV show “wait a minute,” we have new photos and evidence we pulled out of our rabbit hat. The charge of child porn, along with others, came out in Superseding Indictment. Shortly after this, plea deals started happening. Raniere could, if asked, for a delay at any time for this legal team to work in his defense with any of the evidence turned over. Raniere knew he had taken those photos. He knew he had taken the pictures for decades. Why try to fight it? There were plenty of text and email messages to back the evidence of these photos. Raniere's legal had hired an expert before the trial. All and all, this is not new evidence

Pilgrim01/29/2023

The question is: does it create a record or timestamp of the modification?????? That is really the l smoking gun, if it exists.

Aristotle’s Sausage01/29/2023

This is laughable. First, that Bangkok’s post is an “impressive story”. Well, it sure is a story. Like Hansel and Gretal is a story. It’s a troll post, meant to pull your leg. Like his earlier pro-pedophilia post, it’s meant to get people riled up, raise a stink. Then he sits back and laughs. If you think Bangkok was serious, go back and read the whole post. All the way to the end. He left tells all over the place. It’s a joke, people. Raniere’s Rule 33 motion, on the other hand, was made in dead earnest. He and his firebrand lawyer probably do think it stands a good chance. Which makes it even funnier.

Bangkok01/30/2023

That's an interesting theory. 🙂 I'm not sure that it's accurate though. Some of you Bangkok-haters are in luck… In a couple days, I'll be traveling far away from my homebase for a long while —- and I probably won't be posting on FrankReport again until summertime. In my absence… I am appointing Niceguy to carry on my important work here. Niceguy was once a solid anti-liberal and I have great hope that he'll stop kissing the ass of liberals. He's recently become a RINO and it's embarrassing. I implore him to become a legit anti-liberal again. He must stand up to Nutjob and Ice-Nine. He must carry the torch of liberty here, in my absence. Have a good day. 🙂

Anonymous01/30/2023

Ok Frank, ahem, “Bangkok”, have a nice “trip”

The Mighty Van Halen01/29/2023

>> Those things are very hard for the consumer to be able to modify, unless you wind up getting software that’s just developed to do that.” In other words Booth didn't lie as the deadenders claim. In fact, he told the truth in specific detail. Even if we play devil's advocate and accept the notion that EXIF metadata is “easy” to change, the problem is the deadenders want us to believe that this capability to “easily” change metadata means that it WAS changed by the FBI, which they haven't proven one bit. In fact, the article implies that such a change CANNOT be detected and so now effectively constrains the argument to rest on ignorance: >>But to put to rest any doubts about whether the EXIF data was changed and would not be detected as changed…and there were no traces to indicate that I or anyone else had ever made those changes. In other words, the author wants to project the corrupt and fraudulent attributes of Vanguard onto the FBI and have us all just believe without evidence (because there can be none according to the above) that the FBI used software to tamper with the evidence and convict him instead of believing the more likely scenario that he took the pictures based on all of the other evidence submitted to court which went towards proving an established pattern of behavior. >> Instead, I did not even have to use software. I simply used the built-in features of Windows on my computer to modify the EXIF data of an actual digital photographs produced by the government at trial…Modifying EXIF data requires none of the “software” or “special processes” claimed by FBI examiner Booth, nor is it “very hard” to modify, as he claimed in sworn testimony. ROFLMAO. What do you think a “built-in” features of Windows is? Magic. It's software. Using a built-in hex editor isn't something a general “consumer” would normally do. It's something someone with actual computer science knowledge and experience would know because it requires understanding things like binary and hexadecimal data. Q.E.D.

Richard Luthmann

Anonymous01/30/2023

Frank- I mentioned the whole thing with the Hex Editor early on (2 years ago) on the Frank Report and you ignored me. I explained why Kiper is a liar. You brushed me off as a shit collector. Now as of late the HexEditor comes into play.…LOL Please let me know when this group of pseudo-quasi-techies actually know WTF they’re talking about. LOL! Kipper is full of dogshit. I should know—I collect it. +** In addition to Aloonzo being a tech expert – it looks like Captain Combat Luthmann is weighing in and accusing the government of malevolence. LOL Allegedly Luthmann literally spray painted or coated scrap metal to sell it as copper?!? I digress….. Have a great night and cook some pastries or something sweet and mail it to me. Please! You’ve got my address ship it COD.

Frank Parlato01/30/2023

Did you hear Bangkok is going away?

NiceGuy01/31/2023

Frank- Every year Bang does this to us…. He’s a little dick. After 5 years you’d think he’d explain himself(herself). Bangkok is 27. WTF?

Anonymous01/30/2023

Suneel if you read this please know I still believe you to be an Alien and an ugly-ass-fuck. Will you take me to your leader?

Nutjob01/30/2023

Why is Bangcock leaving FR until summer? 1. Mommy can't afford to pay the internet bill and daddy has summer custody. 2. Eurailing from Green14 to Green14. 3. Greyhound to Smallbany. Steal a poodle. Find a dog groomer. 4. He'll be too busy volunteering at Swing Left. 5. Being incorruptible_bk is taking up all his time. 6. He'll finally be giving undivided attention to his Star Wars origami kit and Harry Potter crochet book. 7. He'll be spending the next 90 days explaining to his rehab buddies that Raniere got 120 for taking a pic of a 15 yr old. 8. He'll be making the juvie boys happy cause they'll have a little runt to beat the shit out of. 9. He's a Swiftie and if he doesn't follow her around on this tour, when will he ever the get the chance again??? 10.. It's another needless lie. He'll be regulary posting and trying to get a reaction from gullible FR readers.

Natashka01/30/2023

I go with number 3, he's finally going to make contact with his infatuation

Ice-nine01/31/2023

I figured he spends months at a time in Alaska commercial deep sea fishing where he has a job as the lowest peckerwood on the boat. Can you imagine being stuck on a boat with Bangkok for months at a time? But I think he's probably too much of a pussy for that and the crew would probably kill him. So if not that, then I agree with Natashka and #3.

NiceGuy02/02/2023

EXIF Data! EXIF Data! EXIF Data! “What is a meaningless point?” (Johnny Carson, circa 1979, as Carnac the Magnificent) https://youtu.be/iuT0Aj70Ekg