Sharon D. Nelson and John W. Simek 2013-12-25 02:26:02
Too Much Information Photos taken with a digital camera contain metadata. Should you care? We are hopeful that most lawyers are familiar with metadata, especially as it exists in email messages and word processing files. If not, a brief refresher is in order. There are a couple of different types of metadata, but most regard the common definition as data that is stored internally in a file (you can see it only by knowing how to look at it) and is not explicitly defined by the user. The application (e.g., word processor) inserts data within the file, such as the author, last time printed, fonts used, or creation date. But what about image files such as those taken with digital cameras? What metadata do those files contain? Digital photos can be an electronic evidence heaven. These files typically contain information about the date and time the photo was taken; camera settings, such as aperture and shutter speed; manufacturer make and model (and often the serial number); and—in the case of smartphones— the GPS coordinates of where the photo was taken (pure evidentiary gold in many cases). This metadata is called Exif (Exchangeable image file format) and is a standard that specifies formats for images, sounds, and other systems recorded by digital cameras. The user adds none of this information at the time of file creation. This information could be extremely valuable, especially in litigation. Since we’ve established that metadata does exist in digital image files, should you care? It depends on whether you are the originator or the recipient of the information. The metadata could be extremely dangerous if revealed through social media channels, especially if the user is unaware of the consequences. Here’s a realworld example: In 2010, Adam Savage, host of the popular science program MythBusters on the Discovery Channel, posted to Twitter a picture of his automobile parked in front of his house. Even though Savage is a “science” guy, he apparently didn’t know, or he simply forgot, that his photo revealed more information than the fact that he drives a Toyota Land Cruiser. Embedded in the picture was a geotag, which provided the latitude and longitude of where the photo was taken. Because he announced when posting the photo, “Now it’s off to work,” anyone could know where he lived and that he was not at home. Savage may have dodged a bullet. Then there’s the famous story of the leaked Harry Potter and The Deathly Hallows book. Someone took a digital photo of each page and posted the entire book on BitTorrent networks such as the Pirate Bay. It’s lucky for the photographer that he hasn’t been caught (we suspect it was a male since part of a hand and fingers are in many of the photos), because he sure left behind a lot of electronic bread crumbs. The metadata tells us that the camera used was a Canon EOS Digital Rebel 300D, running firmware version 1.0.2. The device’s serial number is 0560151117. Canon identified the camera as being three years old and having never been serviced. We’re sure that the camera is at the bottom of some river by now since it could lead authorities to the owner. Probably the most famous Exif story is that of software developer John McAfee. While on the run from Belize authorities in connection with a murder investigation, he allowed a journalist to take a photo of him, which was then posted online, complete with its Exif data. It turned out McAfee was in Guatemala, where he was promptly detained and later deported to the United States. For those who care to know (and it seems everyone does), Facebook and Twitter are now stripping photos of their Exif metadata. Google+ preserves it. We have many more metadata stories, but you get the picture (bad pun). Digital image metadata is not readily available to the casual viewer. Perhaps that is why we still find a plethora of metadata in the electronic evidence that we analyze for our cases. So how do you identify what metadata exists in the electronic file and if there is a way to clear it out? Viewing the metadata requires that you open the digital image in a piece of software that can readily show you the metadata values. You probably don’t even need to spend any money to do so. You can use Windows Live Photo Gallery or Windows Photo Viewer if you are running Windows 7. Once the file is open, just click on “File,” then “Properties” to see a lot of the metadata values, including GPS location information, if it exists. Mac users can right-click on an image file and select “Get Info” to view limited metadata and can download various apps for retrieving more detailed metadata. But what if you don’t want to distribute the Exif data with the file? How do you get rid of it or at least change it? The function to modify the data, as well as remove it, is included in your Windows environment. If you right-click on a file and select “Properties,” then the “Details” tab, you have the opportunity to change or delete much of the embedded metadata. There is even a link at the bottom of the panel that will “Remove Properties and Personal Information.” You can use this hyperlink for an individual file or for all files in a folder. Once you click on the hyperlink, you can create a copy with all possible properties removed, or selectively remove specific properties. There is also a free Windows utility called QuickFix (metabilitysoftware.com/ products/metability-quickfix.html) that will strip GPS and other metadata from an image file. Give it a try, especially since it is free and supports drag and drop. Finally, you can install a product like Litéra’s Metadact-e, which will clean metadata from document files as well as image files. No matter which approach you take, don’t focus just on the metadata in your word processing and spreadsheet files. Those digital photographs can hold valuable nuggets as well. Just ask John McAfee. SHARON D. NELSON and JOHN W. SIMEK are president and vice president of Sensei Enterprises Inc., a legal technology, information security, and digital forensics firm based in Fairfax, Va. For more information, call (703) 359-0700 or go to senseient.com.
Published by State Bar of Texas. View All Articles.
This page can be found at http://mydigimag.rrd.com/article/Technology/1595327/190121/article.html.