web analytics

Bill Bennett


Computer Forensics: taking stolen mails at face value

For a few weeks stories involving stolen emails dominated New Zealand news reports. It was no accident this was in the run up to the 2014 election.

Nicky Hager based his book Dirty Politics on messages to and from WhaleOil blogger Cameron Slater. Then Kim Dotcom revealed an email he claims proved Prime Minister John Key conspired to trap him.

Political insiders took the Dirty Politics emails seriously. Meanwhile almost everyone doubted Dotcom’s smoking gun email.

Brian Eardley-Wilmot runs Computer Forensics, a data recovery and investigation company. He says there’s a problem taking email at face value: “How can you know if an email is genuine?”

Eardly-Wilmot says that applies when the evidence is on a memory stick or printed on paper. “Anyone can print a piece of paper that looks like an email. All you need is an imagination and a copy of Microsoft Word”, he says.

He says this wouldn’t stand up in court. “If someone produced an email in court which said another person had agreed to buy a house, they could argue the message was a fake. At least you’d need to provide evidence the email was sent and received, that would mean access to both computers. Even then, it’s not proof.”


The issue echoes what the art world calls provenance. Say someone turns up a new Van Gogh painting. It would be worth millions. It may look like a Van Gogh. It may even have the painter’s signature. But unless there is a clear trail leading back to Vincent Van Gogh, there will always be doubt over its authenticity.

Eardly-Wilmot says there are important implications for any kind of commerce involving email. He says for business to work, email transactions need to include a trusted third-party such as PayPal.

Computer Forensics often gets called in to scour hard drives and servers for evidence emails and other computer data are what they claim to be.

Back with New Zealand politics there is a noticeable difference between the widespread acceptance of the Dirty Politics emails and Dotcom’s alleged message from Key.

Slater’s injunction to stop publication of the Dirty Politics emails suggests he thought they were genuine. None of the people involved claimed the messages were fake, they were more inclined to express outrage.

In contrast, Dotcom’s email evidence looked suspicious from the outset. Apart from anything else, the language and the wording of the information just doesn’t ring true. But even if that wasn’t the case, there’s no evidence about where it came from.

As they say in the art world: the message has no provenance.



%d bloggers like this: