THERE ARE at least 77 signs – including several “fatal flaws”– constituting “overwhelming proof” that purported email documents disclosed in Parliament last month by Opposition Leader Dr Keith Rowley are “a poorly constructed fraud” done by a “forger”, according to the report of US computer forensics expert Jon Berryhill.
The Berryhill report was commissioned by lawyers acting on behalf of Prime Minister Kamla Persad-Bissesar for the purposes of an ongoing police probe into the documents produced by Rowley in Parliament during his motion of no-confidence on May 20.
It was submitted to the Police Service on June 10 and released in full yesterday by lawyers acting on behalf of Persad-Bissessar at a media conference attended by Berryhill.
The report finds “overwhelming proof” that the materials are not genuine emails and lists a total of 77 discrepancies which lead the author to this conclusion.
“There can be no other conclusion, but that this document is a poorly-constructed fraud,” Berryhill states in the report. “The analysis of this document provided overwhelming proof of its fraudulent nature. There are many inconsistencies and questionable points that by themselves would easily lead any analyst to the conclusion that none of the documents can be trusted. More importantly, there are several fatal flaws, which would remove any doubt or opinion from even the most skeptical analyst. What is left is simple fact.”
Berryhill is a former officer in the US Air Force Reserve, Office of Special Investigations, and was a former US federal agent with formal training in computer security, data recovery, evidence handling and computer crime investigation. He runs his own computer forensics firm, Berryhill Computer Forensics.
In the 29 purported messages on the documents, Berryhill identifies about 77 inconsistencies. These include signs of tampering such as: several hand-written corrections; evidence of cut and paste operations; evidence of selective editing; mis-matched days and dates; header inconsistencies; errors of header form; other invalid emails; and font changes betraying tampering.
The expert notes that on one message the purported email address email@example.com appears. Of this, he remarks, “This is simply a typo on the part of the forger. There is no .con top level internet domain name. This is a fatal flaw. The data shown in the abbreviated header is generated automatically by the email client program. It is impossible for this to be a valid email message.”
In relation to one purported message, the expert notes, “in the body of the message the word ‘thought’ appears to have the ‘o’ written in by hand. This is a sign of tampering or editing.” Of another purported message, he says there are, “fatal faults and clear evidence of tampering or editing.” Of one line in a purported email, Berryhill says, “It is likely the document-creator simply copied and pasted this line in each of these instances.”
Of font and line changes, he says, “This is a significant fatal flaw and is clear evidence of tampering.” In his report, Berryhill noted that printed emails, as a general rule, are never worth the paper they are printed on.
“It is simply too easy to generate a document that has the look of email or to take actual emails as a starting point and cut and paste and edit the contents to suit the creator’s desires,” he says.
At a press conference yesterday called by Persad-Bissessar’s attorney Israel Khan SC at Abercromby Street, Port-of-Spain, Berryhill stood by his report and challenged any other IT expert to bring a report contradicting his.
“Anybody could come and bring their own report,” he said. He said it was simply a fact that the materials were not authentic emails. “They can’t be called emails. It is a cut and paste job and a rather bad one at that.”
The expert said, “There is nothing that is believable in any of it: so much of it has hard, irrefutable proof that it has been tampered with.” He said when he first got the documents he started looking and them and immediately began to see a plethora of inconsistencies.
“I looked at it and started to say of each thing, ‘this is wrong… this is wrong…this is wrong!’ And as I spent more time with it I continued to find more and more things that were wrong.”
The expert, who has testified in more than 40 criminal and civil proceedings in the US, also declared, under penalty of perjury under the laws of the State of California, that his report was true and correct. At the media conference, Berryhill outlined the process he undertook to examine the document which he received in Portable Document Format (or PDF).
The document, ten pages of the email communication, was scanned by the Office of the Prime Minister and sent to Khan, who in turn sent them to Berryhill. He said he was told the ten pages were presented to the Prime Minister’s office in paper form.
“Those pages appeared to be several generations removed from an original computer printout,” he said.
The expert also suggested that there may be no use handing over devices to police investigators since the materials, according to Berryhill, were so heavily edited that it would be difficult to trace them back to any email even if, “you get your hand on the right machine.”
Berryhill admitted that validating emails could be very difficult and said had the messages not been “tampered with” it would have been possible to go back to the machines to validate the emails. But he noted, ‘this is as far as you can go (with investigating the emails). There is not enough information.”
See full report on
pages 18A, 19A Newsday