Several of my favourite themes come together in the story of the couple who faked the husband’s death to claim on his life insurance policy. The plot, which you can read about here, was undone in part because the metadata / EXIF (Exchangeable Image File Format) data of a photograph of the “dead” man showed that it was taken on a camera which was not released until after his “death”.

For all the modern focus on discovery by smart analytics or artificial intelligence, I quite like the ones which depend on old-fashioned observation of something which doesn’t look quite right. As you may have noticed, I appreciate the stories where deduction turns on metadata, because they help explain why the data behind the data is at least as important as the data itself. It supports Craig Ball’s contention, which I repeat often, that availability of electronic evidence means that this is now the best time to be a trial lawyer (my interview with Craig Ball about this is here). It appeals to that part of me which, as a child, watched Perry Mason keeping his powder dry until just the right moment to blow the opposition’s case to pieces.

In addition to the insurance claim article which set me thinking about this (again), a couple of other examples emerged from Twitter. First, however, what betrayed the life insurance scam?

It appears from the article that the FBI were already alert to the possibility that Igor Vorotinov was not as dead as his wife had claimed. U.S. Customs and Border Protection agents searched a laptop carried by Vorotinov’s son, and found pictures of the “dead” man taken in April and May 2013, 18 months after his “death”. The EXIF data also showed that the pictures were taken with a model of Canon camera which was not released until June 2012, nine months after his “death”.

Dates in photographs can be confusing. Here is some of the information about a photograph of mine, visible in the Apple Mac’s basic image Preview Inspector which shows the manufacturer and make of camera along with the apparent date of the picture.

The date shown here, 3 Jan 2018 is the same as appears in the Mac’s file system Finder, and a superficial enquiry might conclude that that was the date on which the picture was taken; it is in fact the date on which that version was saved. Further enquiry might take us to the EXIF data, some of which appears here:

Even without any sophisticated tools, one can see that the actual date of the original was 9 May 2017. Mixed in with technical detail about the picture are the serial numbers of the camera body and details about the lens. So – not just any old Nikon D750, but a particular one.

My present camera goes one further and stores the GPS information, helpfully showing a pin on a map to indicate my precise position when taking the photograph.

In case you are wondering why I show the serial number data from my old camera and only the GPS data from the present one, it is not just criminal investigators who are interested in a camera’s data beyond the picture itself. When you buy a new Canon and try to install its software, Canon makes valiant efforts to make you send them the information which will tie you to the camera. The notice makes it clear that Canon is doing this because China has asked it to. If the authorities disapproved of a photograph, and have access to this information, they could immediately identify whose camera took it, as well as when and where it was taken. Where China leads on this kind of surveillance, others will surely follow.

If all this represents my specific theme about data lurking in photographs, there are other examples of the wider theme where old-fashioned intelligent observation of detail, and particularly of dates, undermines the case. My tweet about Igor brought forth a couple of tweets:

…which was apparently sprung on the prosecution during cross-examination of the policeman who had produced it.

If this subject recurs here quite often (see for example From Prague to Piccadilly Circus: drawing conclusions about a photograph without the help of metadata), it is only partly because it is a particular hobby-horse of mine, and only partly because it makes a change from the GDPR, TAR and the rest which make up my usual subject-matter. Discovery / disclosure is all about evidence, but it is not all there is about evidence. The not-so-dead Igor Vorotinov gives us an example where investigators needed the skill to be aware that helpful data lives in photographs, and knew where to find it; they had also the wit to think about looking for it at all, and thought to check the camera’s release date.

Perhaps the real point is this: cases, both civil and criminal, can turn on some apparently trivial detail, and the sooner you turn up that detail, the sooner the case can be disposed of. It’s great, in a Perry Mason kind of way, when you can produce it at trial – photograph metadata seems to have been crucial in the Kairos scuttling case, which turned up on the eighth day of trial. It is even better if you can produce it right at the beginning.

Home