Thursday, June 7, 2012

Digital forensic investigation fails to show that Heartland did not author climate strategy memo


Digital forensic investigation fails to show that Heartland did not author climate strategy memo



by Brian Angliss, Scholars & Rogues, June 6, 2012


On May 1, 2012, The Heartland Institute published a digital forensics report from Protek International, a computer and information forensics and security firm based out of Chicago. Heartland hired Protek to investigate whether there was evidence that anyone from Heartland had written the “2012 Heartland Climate Strategy” memo (aka the Memo) that Heartland claims was fabricated by Peter Gleick when he falsified his identity in order to acquire and then leak confidential Heartland documents in February 2012.

As a result of their investigation, Protek concluded that the Memo had not been created on Heartland’s computer system and didn’t exist there or in Heartland’s email system prior to its publication on February 14, 2012. An S&R analysis of Protek’s investigation report finds that this broad conclusion is not supported by the details of Protek’s investigation. Specifically, S&R found that Protek may not have interviewed everyone at Heartland who could have authored the Memo, didn’t analyze enough types of computers and storage devices to rule out creation of the Memo, limited their investigation to only one of Heartland’s several offices, and didn’t search through enough different file types and storage to guarantee that they would have detected the Memo.

Protek’s interviews not inclusive enough
In the course of their digital forensics investigation, Protek interviewed a number of Heartland employees, “focusing on those who were part of the e-mail communications and transmission of documents in response to their online solicitation.” In addition, Protek’s report says that they “also interviewed senior officers of Heartland including [Heartland president] Joseph Bast, Diane Bast, and Kevin Fitzgerald.” Furthermore, Protek reported that “everyone interviewed by Protek stated that they had either not seen the Memo, or had not seen it prior to its being posted online on February 14th and all denied creating it as well.” While these statements are reasonable enough, they also raise a number of questions and concerns.

First, why did Protek focus on the employees who were involved in emailing the Board meeting documents to Gleick? Gleick himself said that he’d received the memo in the mail, not electronically, so there’s no evidence presented that these employees would have been the ones to send the Memo to Gleick via the USPS et al. Similarly, Protek doesn’t explain whether these employees could have been the Memo’s author, so there’s no good reason to focus on them in particular.

Second, Protek’s report implies that Protek interviewed other “senior officers” besides the Basts and Fitzgerald, but it leaves the other interviewees unnamed. It’s unclear whether or not these included all the members of the Heartland Board of Directors, for example, and the report specifically doesn’t say that it interviewed all “senior officers.” This approach would not necessarily detect officers who had seen the Memo, as the Memo itself explains.

The Memo’s author proposes that “it be kept confidential and only be distributed to a subset of Institute Board and senior staff.” If the Memo is authentic, this would mean that not all “senior officers” would have seen it. As a result, it’s possible that the Heartland senior officers that Protek interviewed could have honestly said that they didn’t read the memo precisely because they hadn’t been on the Memo’s limited distribution list. Without interviewing all of Heartland’s “senior officers” – senior staff and board members, plus any staff assistants to the “senior officers” – Protek’s interviews might not have detected the Memo’s origin even assuming all the interviewees answered honestly.

Protek too focused on Heartland’s Chicago headquarters

No comments:

Post a Comment