Thursday, 16 September 2004

Forensic Document Verification

This is embarressing. Pathetic.

For my sins, I've acted as an Expert Witness in a civil case involving computer technology. Now in order to do my job properly, I had to bone up on what was required when giving a professional opinion about a document.

Microsoft ForgerFirst, there's the 'chain of custody'. How you got your mitts on the thing. If it's a copy, say so, and say what evidence there is that the copy is genuine, who made the copy, when the copy was made, when the original was produced, (preferrably backed up by statutory declarations) and reasons why the original wasn't examined. Note that as soon as you have a copy, all you can do is give a report saying 'definitely fake or altered' or 'inconclusive', you can't possibly authenticate it.

Secondly, you state exactly what techniques and tools you used to analyse the document. State why these tools and techniques are appropriate ones under the circumstances, preferrably giving examples of previous use in previous similar cases where they were found to be reasonable.

Thirdly, you state the results of your analysis, not just the conclusions, but the reasoning behind the conclusions, how alternate hypotheses were rejected, and if there's more than one possible conclusion left, state them all along with probabilities assigned to each and reasons for assigning those probabilities. Often you can't even do that, you just have to say "It may be A, it may be B, I cannot say which" as the conclusion. State areas not considered, such as handwriting if you're analysing typefaces, and why they were not - usually because your expertise in that area is limited, so you're not an 'expert' as such for them.

Fourthly, you state your qualifications and history of why you are an appropriate expert in the area under investigation.

I've probably missed some things out, as I haven't got my checklist in front of me, but those are the absolute minima that any professional expert would have to include in a summary report. If you have a one-page covering letter, it must reference the longer report, not just give bald conclusions without context.

Now go and look what CBS's last 'Expert' has said, in a letter dated several days after the program aired (funny that, as he'd supposedly authenticated the documents beforehand). I say 'last', as all the rest have said that either they just looked at the (copied-and-pasted) signatures, or said that the copied documents were very probably fakes, but they couldn't totally rule out the possibility they might be genuine.

What this last "expert" has said is:

That the signatures on the copies didn't appear to differ much.

That similar typefaces existed at the time the memos were supposedly made.

And therefore, in his professional opinion, they are genuine.

Go read the original letter on the CBS site.

Of course Australian readers will be wondering what the heck I'm going on about. The story hasn't been reported down here. To summarise a previous post, a major news network in the USA was caught passing off obviously Microsoft Word-generated documents as output from a typewriter of 1972 in order to damage Bush. And as of writing, nearly a week later all they can say is "how dare you question our credibility?" and talk about the content being unquestionably genuine, ignoring the point that the memos themselves are faked, and badly faked.

No comments: