Tweet
Emptywheel deftly took apart The New York Times’s reporting on the Comey emails, Glenn Greenwald further savaged the content — now let’s look at the physical attributes of the emails themselves as provided by the NYT. (If video does not appear on this page, you can view it at YouTube.)
1) Note the complete lack of content on the first page of the document which includes the April 27, 2005 email. Assuming this was printed from an enterprise system running a Microsoft email client, the "Original Message" in the header of the content provided suggests this was a forwarded or cc’d or original message to which a reply had been sent.
2) Note the header at the top of the second email, under which email content dated April 28, 2005 is included. The account appears to be that of James Comey himself; please feel free to correct me if you are an email admin, I’m all ears. Note again the blank space above the "Original Message" text, suggesting there was a short email preceding the "Original Message" but under the header. Was this again a forward, cc or reply which has been excised?
– Note on the third email that the header appears to indicate the content was printed directly from the account of James Comey. The address/subject lines are standard for an enterprise Microsoft email client, but this email has no apparent forward/cc/reply following the email. This same address/subject content is missing at the top of the documents containing the April 27 and 28 emails.
3) Note the staple marks at the tops of the first six of seven total pages, representing the emails dated April 27 and 28. The documents have been stapled at least twice, and all six pages appear to have been stapled together at the same time as at least two sets of staple marks are identical on all six pages and overlap perfectly. The last email does not have any apparent staple marks. There are no obvious crease marks reproduced in these images, nor any fax marks.
4) The NYT redacted the domain names on email addresses and the two obscenities used in the text of the emails, but used a different redaction method for the obscenities versus the email addresses. I point this out only to indicate that the NYT did note changes they made to these documents. We could assume, therefore that the white spaces where email content may have been were not of the NYT’s doing.
Now questions:
- Who or what was the source of these emails? NYT does not name the source, but two of the three emails appear to have been printed directly from the enterprise email account of James Comey, and the third email was stapled to one of the other two, suggesting the same source. The implication is that Comey is the source of these emails, but would NYT not take any measures to prevent readers from making this assumption, in order to protect a source or Comey?
- Or was this the real intent behind the leaking of the emails, to let a particular constituency know that email records have been kept, that certain enterprise accounts have been used to prepare documentation, leaving the holes to point to something, just as the the energy field around an invisible black hole suggests its size and power?
- Who other than James Comey would have access to his enterprise email account and have an interest in leaking these emails? Would this make a difference to the entire story if someone other than Comey leaked these? Would it explain the highly disparate headline and lead?
- Why would the NYT ignore any of these attributes, unless this was part of the sourcing deal, or unless the NYT didn’t realize the absence of content and email attributes combined may suggest things to readers? Especially readers of a particular constituency?
Some caveats:
- The documents were printed from those at the NYT’s site, and not from those saved to emptywheel’s site (PDF); those at NYT’s site include the staple marks.
- The documents were modified to improve readability on video; the size of the documents were shrunk proportionally to fit inside the print borders of standard bond 8 x 11.5 paper, with brightness and contrast reduced slightly, gamma increased and overall quality sharpened slightly, in order to get a better view of the staple marks.
- NYT’s redaction when printed appears as solid black, whereas when viewed there appear to be two different kinds of redaction (white-out over obscenities and black-out through email addresses).
- Quality of video is limited to a well-worn Flip Mino camera (and yes, I need a manicure after doing gardening this weekend).
This is what I noticed when I first read these emails at NYT’s site. What did you see in the emails’ attributes? What did I miss? Drop a note in comments and let’s kick it around.
15 Comments
Although likely separate from the USDOJ’s email system, the White House ECRMS system was still being tested, configured and tuned from January 2005 through October 2005. Convenient, n’est-ce pas?
Also coincidental (PDF):
OVP is missing big swathes of email from May 21 through June 4, 2005.
NSC is missing even bigger swathes of email from Feb 26 through March 22, 2005.
Recommened.
Great work, thank you.
Thanks much, Boo. Hoping an email admin expert pops in soon…
Great job, Rayne. I had noticed the large gaps at the tops of the pages, but hadn’t seen the staple marks. I’ll keep watching to see what the IT types have to say.
I’m not an email system expert, as such. But I would hesitate to read too much into the the physical form of printed email output. Even the assertion that a format is typical of a Microsoft Enterprise system is a big stretch. I can make pretty much any email system print anyway I want it to. Gaps, headers, etc. are as likely to be artifacts of the printing process as of anything else.
Moreover, the copy in the videos doesn’t even have to be email at all. I can cook up something identical on a word processor.
It would be interesting if we had the actual extended electronic headers from the the message–which we would have if we had the emssage in electronic form. But a print out has zero probitive value.
This reminds me of the claim that the Shrub’s military service records as used in Dan Rather’s report were somehow “obviously” forged, even though all the paper presented was in photcopy form, as near as I know. You cannot tell ANYTHING from the physical form of a photostat, much less prove forgery. The only thing that can reliably prove authenticity–internal analysis of the text–was consistent with the authenticity of the records.
So I say focus on the content. The idea that physical form is crucial to fraud detection is just a bit of silliness that the Republicans cooked up to protect their boy. I wouldn’t want to emulate them now. In perhaps the most famous case of fraud detection in documentary history, Lorenzo Valla showed that a famous text, the Donation of Constantine, was a forgery even though the copy he had was a copy of a copy of a copy that he was reading 1000 years after the event (see http://en.wikipedia.org/wiki/Lorenzo_Valla).
I deliberately avoided the stupid kerning argument which changed the subject away from the content, as in Rather’s story about TANG. Thanks so much for bringing it up, though. /s
I wanted to look at the fact that there is content which has been deliberately removed, content which has been left to imply or suggest a particular leaker, and a general avoidance of reporting about the source(s) of the email content or any of the possible motivations behind the leaker(s)’ actions.
That headers exist to show someone printed this from a specific account is quite important, because it could have been placed deliberately to finger someone, or removed to absolve someone. This story is very much about who did what when, and the content/lack of content goes to those questions.
We are also following people who are using this same tack against us, laundering content as they did in the Plame affair. It’d be negligent not to ask if this is the case with this content which has been selectively prepared and leaked to certain journos — at the bloody NYT, of all places — for a specific purpose.
And given the loss of approximately 5 million emails by the White House email system alone, the email system is very much in question. Why would anybody at the DOJ feel compelled to print off their emails to ensure their preservation? That’s a non-content question as well, which goes to the culture of corruption at worst and incompetence at best within the Bush administration.
We’re definitely not talking about kerning here.
Still waiting to see if we have an email admin expert who can speak about this (without changing the subject to kerning)…
I understand the intent of your argument. But I think my critique stands. The problem with the Bush records and the kerning and such was not that the physical evidence was easily refutable–though it was. The problem was that physical evidence was unnecessary for proving the case–when read together by a reader familiar with military records and regulations, the uncontested bulk of the records told us unequivocally that Shrub was a draft dodger and a deserter.
The form of electronic communications is not interesting because it is infinitely malleable. In my early days in the computer business, a supervisor insisted that anything with his scanned signature could be presumed legit–until I came back 5 minutes later with his scanned signature on something he’d never signed or seen. In the same way, email headers can be forged. A communication that was never sent electronically can be formatted and printed to look like real email. The possibilities are endless. A forgery and a real email and/or an edited email and an unedited message can always be made to look identical. So phuysical form tells you nothing in itself. Don’t trust it. Don’t draw conclusions based on it.
On the other hand, correlating the information content with information derived independently can tell you a lot. For instance, given an electronic or printed copy with FULL headers (not just the to/from/subject you see on a typical display or printout), you can view the path that the message took from Internet server to Internet server, along with the unique message ID that the original server gave to the message. With this information and the cooperation of some server admins, you can authenticate the message by checking the logs of any servers that forwarded the message. You can get a time/date, a user account ID, and maybe even a messge length. You might even be able to get a cached copy of the text for comparison. This is why it is almost impossible to destroy an email well enough to prevent a competent investigator from recovering it. They are easy to lose, but hard to get rid of (Shrub and Cheyney may get bitten yet).
Internal or content analysis of the kind Valla did is critical because it compares the ostensible information contained in the message with the actual information available in the language it uses, the facts it reveals, the tone and attitude it seems to present, the dates it references. Valla didn’t take what he was given at face value, even though it represented 1000 years of received wisdom and had Papal authority behind it. Valla started by stepping back and recognizing that an effect had been produced, an effect that ITSELF required analysis. He noticed that the effect and the alleged contents were incinsistent with each other and with known, exteral facts.
Empty Wheel is a master of siezing on inconsistencies between conent and known facts–things like errors in dates and meeting logs. But, seen in this light, much of what you have done thus far is no less valuable, even if it does not speak convincingly to the nature of the presumed original and cannot, perhaps, be conclusive. What you have noticed raises lots of interesting questions.
First, remember that the physical, printed form of an email is created by a recipient, not the sender. If I am the recipient, it is printed by me, on my printer, with my software, and logged on my print server–exactly as if I had concocted it myself in a word processor.
Question: If my honest aim is to convice a reader of the authenticity the communication, why bother with the printout at all? The printout proves nothing.
Question: So why not retype the content electronically and quote from it, instead of trying to create the appearance of physical originality, per normal journalistic or academic practice?
Quotation would be a vastly more convincing, more legitimate way of publishing authentic information IF one sourced it or at least provided a provenance the way FDL writers do routinely (people who had seen the content independently before or the previously mentioned correlation between headers and servers could serve as corroboration). With a quotation, we expect such corroboration. Here, we do not get it.
Question: Why? Why would someone skip sourcing and try to make a document look old or at least fixed in black-and-white, a part of the physical record?
Conclusion: this document is unsourced or, possibly unsourceable.
In the former case, the document is unreliable hearsay that the publisher wants us to take for something more credible. In the latter case, it is concocted and made to look like something it is not–a much more interesting possibility, in my view. But either way, the publisher is being deceptive, and an attempted deception is solid information in its own right.
Conclusion: whether or not there are real omissions in the texts of real emails (which I will call, collectively, “the document”), the material has been created in such a way that it strongly suggests alterations.
Question: Why?
One possible answer is that the document was, in fact, altered in the way it purports to have been. If so, it had to have been altered by someone lacking in computer skills and/or with no access to an electronic copy. And with no access to scissors and a xerox machine, for that matter. Hiding real omissions would have been trivial by either method.
Conclusion: the publisher did not want to hide the omissions. They are there for effect.
On the other hand, if the publisher wanted us to know that material was missing, he could have redacted it in the usual Washington way, using a black marker. The document in fact contains redactions. But the publisher did not use them.
Question: Why?
Conclusion: whether or not the document is what it pretends to be, the gaps are important to its real purpose and are not to be confused with mere redactions. The gaps mean something. The publisher was interested in the effect that an appearance of alteration would produce in the reader.
The above is interesting because it tells us something about the motivation and mindset behind the ostensible communication. It almost does not matter whether the document is authentic or a forgery–the intent seems to be the same.
The above invites speculation, even if we can’t go much farther with the form alone.
What if the physical characteristics of the message–real or falsified–are being offered as the shiny object that keeps us from distinguishing between what the object actually SHOWS us and what it pretends to TELL us?
The publisher might leave evidence of the omissions to imply a degree of corroboration that he does not have or cannot produce. He wants us to believe there is an authoritative source, authoritative enough, perhaps, to be sensitive about revealing its identity.
Or the opposite might be true: the publisher might want to leak certain information now, while making it deniable or impugnable later. If identified and confronted with his publication later, he could throw doubt on its authenticity or by pointing to the missing bits, thus making it deniable.
Alternatively, the publisher might be testing the waters, to see what others know. If you want to mislead, this is clever, if dangerous. You get the story going and see how it is received. Then, depending on the reception, you tailor further revelations to fill in the “gaps” as circumstances require.
Last but not least, my personal favorite: perhaps the publisher isn’t interested so much in communicating new information via a document than he is in convincing us that a certain document existed in the first place? at a given time and place? In such a case, a devious mind might even add bogus redactions or deletions to give what remains greater apparent weight. I haven’t read the content of the messages yet with any care–I have a real job. But, the old regime is clearly trying to create a backdated documentary trail that supports its self-justifying, ex post facto version of history. They have a very broad collective backside to cover, and this is how they think they are going to do it. Which is why I am sceptical of information to be gleaned from unsourcible, unverifiable documents. The real information is that someone is spooked enough to be trying to sell me this particular story.
You’re presuming it’s the Cheney faction which is leaking these documents; yet the poorly sourced leaked documents refute the Cheney line, suggesting that the challenge is the NYT’s reporting, which very nearly washes the content with a misleading headline and a bad lead, combined with a complete disregard for what content (and non-content material) it received. Both the reporting and the emails themselves raise the possibility that it is not the emails or the sourcing which are being manipulated by pro-torture/CYA cons, but the NYT. It would not be the first time this has happened, and we should not ignore it.
The act of ignoring the non-content cues is no different than misreading/misinterpreting the objections Comey expressed in the emails. What if this content was leaked by Comey? what if it was leaked by at least one other administration official along with Comey, and what we are seeing is the next volley in a nearly-invisible internecine war between different factions? what can we anticipate as a next move in advance of the release of the OPR documents?
We’re simply going to have to agree to disagree, especially if you’re spending this much time arguing with me about the non-content of the emails without actually grokking the content within them. (Your second post was longer than the longest of the three emails.)
By the way, here’s another piece of non-content to ponder which shouldn’t take any time from your real job: heard anything from James Comey in the last 72 hours?
And what about Deadeye and Baby Deadeye? any appearances on the news circuit today?
Dogs, not barking.
FYI, only the second email displays the DOJ email addy protocals.
If the addy was redacted from emails 1 and 3 , why didn’t it show a black line like #2 did where the redaction occured?
Check out this snapshot comparing the two “Original Messages” from the first and second emails; is this what you were referring to?
You’re work is exceptional, Rayne. Thank you. I just wish Cheney had to watch your clip. Think it might ‘terrorize’ him?
Great detective job.
Someone is pitch-tipping ala A-Rod?
I’m not a techie but a couple of questions…
To my knowledge, Tweety nor Olberman reported on the story last night,
not sure about Rachel.
The simple answer is to get Comey to answer the mail (request to be interviwed or a congressional request)…
Maybe this is happening below the fold…
Can only hope that an invitation to testify was part of the aim here. I don’t think Deadeye’s team did this, and I think the blank spaces are as much of a threat as the content itself is, kind of a veiled threat that there’s more here. Who got copied on these messages, assuming they are exactly as they appear to be, email messages with only the forward/reply included in the body?
I was about to lament the sort of impasse in these comments when I saw Rayne’s most recent one above. I think this shows that robspierre’s points were constructive, despite being elaborate and detailed. I’ve had some experience digging through heavily redacted documents in a FOIA lawsuit, and one of the things I learned is that there are many different motivations for redacting something. My own two cents: whoever leaked these documents to the New York Times has a specific agenda of their own, one so particular that they felt compelled to make strange alterations for whatever reason. I would argue that it’s impossible even to know the simple truth of whether the NYT spun the e-mails in the direction intended by the leaker; it’s quite possible they received the leaked “e-mails” and then ran a story the source(s) hated.
In which case, NYT would have acted counter to their interests if they were acting to preserve access. Let’s assume it’s Comey who leaked and the story was written in opposition to the content; NYT looks really bad now that they came to different conclusion, and Comey knows exactly the cut of their cloth (if he wasn’t already aware of it, a la Judith Miller). Let’s assume it was CIA which leaked this stuff — but we know there are more than one faction in the CIA, and it’s hard to tell if either of them benefit at all from this leak. And then let’s assume it’s Cheney or the Cheney-bots; they may have gotten the headline and story they wanted, but they obviously screwed themselves in the big picture because we know now there are responsive emails in the USDOJ’s system which may implicate the Cheney-bots, making their efforts to hide emails on the White House side for naught.
I go with Occam’s Razor here, that the simplest answer is the right one.
I’ve also neglected to point out this story emerged on a Saturday, solidly, deeply in news dump land. Do not think for even a nano-second the NYT did not grasp this fact in its publication schedule.