In our post, Primer on All Evidence Showing Raniere Took Pics of 15 Year Old Camila — as We Wait for Motion for New Trial Based on FBI Tampering, Frank Report examined the evidence that was presented at trial to establish that Keith Raniere possessed 22 nude photos of a Mexican girl, Camila, taken when she was 15 and that he was the one who photographed her.
In this post, we are going to look at the single most important evidence that convicted Raniere of racketeering predicate acts of possession of child porn and sexual exploitation of a child.
It is significant because Raniere is expected to file a Rule 33 motion seeking a new trial, arguing that the FBI tampered with the hard drive that contained the child porn pictures.
The testimony of FBI Forensic Examiner Brian Booth provided the key evidence that the EXIF data found on the Camila photos showed the pictures were taken on November 2nd and November 24th in 2005, when Camila was 15 years old.
What is EXIF data?
EXIF data is information [or data] embedded into a photo by a digital camera when it is used to take a picture. The camera, in this case, a Canon Camera EOS 20D, was seized in Raniere’s library.
The EXIF data remained embedded in the Camila photos as it was first transferred to a camera card, and then to the hard drive in a Dell Dimension computer, where the photos were discovered by FBI agents.
EXIF Data Reliability
EXIF data embeds the date, time of day, down to the second, camera settings, type of camera, and the serial number of the specific camera on every picture taken.
You don’t see EXIF data visibly on the photo. It is embedded in the photo file and is accessed by programs designed to open EXIF data.
EXIF data was not designed to be secret. Quite the opposite, it was designed to help photographers know which camera was used, its exact settings and when they took specific pictures. These were things photographers used to record manually. Digital cameras, like the Canon EOS 20D, which was built in 2004, automatically imbed EXIF data on each photograph taken.
It was this EXIF data embedded on photos of Camila which established to the satisfaction of the jury that they were taken on two dates, November 2nd and November 24th, 2005.
It is expected that Ranire’s Rule 33 motion will present forensic evidence that arguably shows the photos in question were not taken in 2005 and/or were planted on the hard drive by a person or persons unknown.
Reportedly there are findings of forensic experts, hired by Raniere, that will claim there was a plot to tamper with dates and plant evidence. Until the Rule 33 motion is filed, we are unable to evaluate the allegations.
If FBI FA Booth is to be believed, however, the forensics prove the crimes.
Booth testified he personally examined the EXIF data of the photos and it shows the Camila photos were taken on November 2nd, and November 24th, 2005.
FA Booth told the jury that we can rely on EXIF data. In her summation, Assistant US Attorney Moira Kim Penza – and in his final closing, Deputy US Attorney Mark Lesko – also assured the jury that EXIF data indicated the photos of Camila were taken in 2005 when she was 15.
Booth’s Examination on EXIF Data
On June 12, 2019, Senior FBI Forensic Examiner Brian Booth was sworn in as a witness in the trial of Raniere.
During the course of his examination by Assistant US Attorney Tanya Hajjar, he explained that the most reliable way to date a photo was EXIF data.
While other kinds of data, like creation date, access date, and modified date are subject to change, it is difficult to change EXIF data without corrupting – i.e., ruining – the file.
Booth: But with EXIF data, once it’s embedded in a picture, it doesn’t matter how many times you move it around. It stays into that photo and it’s very hard to remove. In fact, most commercial software will not touch EXIF data. It will allow you maybe to add data to it, but even in that sense, it’s very – it’s very able to be corrupted.
So if you use, say, Photoshop to touch a photo like a JPEG, chances are Photoshop is gonna remove the metadata completely or it’s gonna add “Edited by Adobe Photoshop,” which is their way of just trying to protect the data from being corrupted.
Q But does EXIF data remain the same even if you tried to open it in an Adobe product?
A In that sense, the photo stays the same. The EXIF data might be modified to let you know that you’ve tried to modify it in an Adobe product.
Q Is there a particular reason why EXIF data is more difficult to alter?
A They purposely designed it that way.
Q Do you know —
A It’s mainly to be able to store information. And they don’t want data to be moved around and changed, especially time and date information. Those things are very hard for the consumer to be able to modify, unless you wind up getting software that’s just developed to do that.
Later on, during his testimony, FA Booth explained why the best way to know the date of a photo is EXIF data because, not only is it not easy to change, but even if you move a photo to another device, or change it, and the creation, access, and modified dates change, the EXIF data does not change the date and time of when the photo was first taken.
BOOTH: Well, the best reference is the EXIF data because that gets put into the JPEG file and it’s not easily modifiable and it moves with the file the same way from device to device, no matter where you place it. It has nothing to do with the bearing of a file system at all or the dates and times associated with it. So it’s on its own, but are created at the same time that you take the picture.
FA Booth explained that someone can change some EXIF data, for instance, on a Word file, but when it comes to changing EXIF data for a photo, it is not easy.
BOOTH: But when it comes to EXIF data, it used to be it would only be hard-coded in. You couldn’t modify it. And only during changes during the years did they open up that you could change the author’s name of a photo or even a Word document that you might have. You can always go in and change the author and put comments in and things like that and that’s metadata for a Word file. But when it comes to photos, they still keep you from changing dates and times. It’s not easy to change those. You have to go through special processes to change those things.
Adobe will allow you to copy a photo and modify it and it will take some of that metadata over, but it will actually put in that Adobe has modified their system. They’re taking steps to show that, listen, if you manipulate this we’re going to show it in some sense. It’s very rare that I’ve found someone has been changing metadata within a photo and that time and date does not change from place to place. It stays embedded in the photo. So, there’s no outside constraint that’s changing it, from an OS, from an Apple computer to a Dell computer.
Q What’s most reliable in terms of all the metadata that was discussed thus far in your examination on direct and on cross?
A The EXIF data.
Q Okay. Is that better, more reliable than the created date?
A It’s the most reliable.
Q Is it better than — more reliable than the modified date?
Q Is it more reliable than the access date?
Q Is it more reliable than the thumb DB metadata?
At one point, Booth did admit it might be possible, but not easy, to change dates of EXIF data, with EXIF “modification software” but noted that doing so could corrupt or ruin the file.
Q Is there any other information that you found significant with respect to the date that was — the EXIF data date?
A Well, the fact that there’s so many dates that are in the EXIF data. Say I did have a modification software, I would have to change quite a bit of dates. I mean, I would have to go through, you know, a bunch of evidence, number one. But then I have to change — in EXIF data there are dates all up and down that, including zero numbers, models of cameras, things of that nature. So there’s quite a bit of data to go through and when you modify a date and time, an EXIF date and time in a JPEG, you take the chance of modifying it to where it destroys the JPEG and that’s why Adobe likes to make a copy when they wind up changing EXIF data in the file because they don’t want to take the risk of actually ruining the JPEG file. So this is one of the reasons why a lot of software don’t go in and do a lot of changes to the EXIF data. Even if you wanted to just change the author, you’re taking a chance that you can change the data.
The Camila photos had been presented to the jury in a red binder. FA Booth was examined about them:
Q Now, all of the images in that red binder… do they have corresponding EXIF data?
Booth Cross-Examination About EXIF Data
FA Booth was cross-examined by one of Raniere’s attorneys, Paul DerOhannesian. He did not delve deeply into the topic but he did elicit an admission by FA Booth that EXIF data can be altered, and that Facebook and Twitter, when they publish photos, remove EXIF data.
Q You agree that any metadata, whether it’s EXIF data or other data can be changed and altered, correct?
A Yes, EXIF data can be altered.
Q And there’s a variety of different ways that that can happen, correct?
A Yes, it can.
Q Companies can remove — if you send a photo to Facebook, do they take off that data?
A Yes, they actually strip off the data.
Q So Facebook, Twitter that’s what they do?
A Yes, they do.
Q And then they use that information for their commercial purposes?
A I wouldn’t know.
Q That’s another way. There’s commercial processes that do that?
A I would gather.
DerOhannesian did not press the matter further.
Prosecutors’ Closings on EXIF Data
During the closing arguments, AUSA Moira Kim Penza referred to the EXIF data.
PENZA: Now you also know that the photographs were taken in 2005 because that’s what the data shows. The forensic examiner, Brian Booth testified that the most reliable metadata that the FBI could obtain from the images on the Western digital hard drive, said that they were taken exactly when the folders stated they were taken.
Finally, in the second closing, AUSA Mark Lesko mentioned the reliability of EXIF data:
LESKO: You have … the two dates associated with the [Camila photos folder], November 2, 2005 and November 24, 2005… Those two dates correspond to the two folders on the hard drive. And then 504B is the EXIF data. I’m no expert, don’t get me wrong, but I heard Examiner Boothe, just like you did. EXIF data is extremely reliable. It’s embedded in the jpeg, in the image itself. And the EXIF data shows that the data was created on the camera, in this instance, this particular instance, the 150 jpeg on November 2, 2005 which is consistent with the title of the folder.
It is clear that the prosecution considered EXIF data on the Camila photos to be the most reliable evidence to prove that they were taken in 2005.
The overarching conclusion is that EXIF data is “very hard to remove” and, therefore, the jury could rely on EXIF data to date the Camila photos.
In our next post, we will examine whether EXIF data is “hard to remove” or “very hard for the consumer to be able to modify.”