From: ORGANISED ADVERSARY
This week President Trump demonstrated that he could beat any of his predecessors in ways they couldn’t even imagine. Specifically by firing James Comey, the Director of the Federal Bureau of Investigation (FBI) at a time when Comey was leading an investigation into possible ties between Russia and the Trump Administration. The news right now is filled with all manner of aspects of this, the events leading to it, the implications and so much more.
It’s fascinating, there’s no denying it, but as fascinating as it is this post is for something other than political speculation. Yet it is still related and it’s something I haven’t seen reported anywhere, not counting my own Twitter feed. It is, however, something which may be worthy of note. I suspect it is more likely to be fairly insignificant in the midst of everything else and its relevance is also dependant on what US laws exist regarding handling of official documents. I suspect there may be some breaches of either laws or regulations, but I’m not a lawyer and certainly not an American one so I’m uncertain. Even if no laws or regulations have been breached by White House staff, there are still issues regarding information security and awareness with the Trump Administration raised by this.
The matter I refer to is the release of documents to the public when announcing the circumstances of James Comey’s termination as FBI Director. The White House provided a PDF to the press containing an introductory note from the White House Press Office, President Trump’s order, the assessment of the Deputy Attorney-General and the concurrence of the Attorney-General. The original file was subsequently uploaded to DocumentCloud by two journalists at BuzzFeed, Zoe Tillman and Tom Namako. The two files are, however, identical. The first one, uploaded by Zoe Tillman, is here. The second one, uploaded by Tom Namako, is here.
The information of interest in these files is what is contained in the PDF metadata rather than the content of the documents themselves. I should note that other documents in the BuzzFeed archives do not contain the particular metadata component seen in this White House document. Unrelated files from other stories uploaded by both journalists were checked just to be sure that the metadata information was not something introduced by them. That coupled with the short time between when the original file or main file was created and the last time it was modified essentially guarantees that the entire document as served on DocumentCloud is what was created by White House staff.
Here is the metadata displayed upon using ExifTool with the “-all” flag on the copy uploaded by Zoe Tillman. The only differences with the other file are the first three timestamps, which relate to when I downloaded the file and the file name. Everything else is identical.
File Name : 3711113-Comey-White-House-DOJ-DAG.pdf Directory : . File Size : 841 kB File Modification Date/Time : 2017:05:10 07:53:08+10:00 File Access Date/Time : 2017:05:12 13:36:29+10:00 File Inode Change Date/Time : 2017:05:12 13:36:29+10:00 File Permissions : rw-r--r-- File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.6 Linearized : Yes Author : Porter, Robert R. EOP/WHO Create Date : 2017:05:09 17:17:19-04:00 Modify Date : 2017:05:09 17:37:07-04:00 Tagged PDF : No XMP Toolkit : Adobe XMP Core 5.4-c006 80.159825, 2016/09/16-03:31:08 Format : application/pdf Creator : Porter, Robert R. EOP/WHO Title : Creator Tool : Acrobat PDFMaker 11 for Word Metadata Date : 2017:05:09 17:37:07-04:00 Producer : ilovepdf.com Document ID : uuid:3a0bdbdd-9c8d-484f-92b4-310a346d1cc3 Instance ID : uuid:ca236555-71a3-429a-bf8b-bb3f072f616c Page Count : 6
The items of interest here are the Author, Create Date, Modify Date, Creator, Creator Tool, Metadata Date and Producer.
The Author and Creator data matches and will be the authentication details of the White House staffer, Robert R. Porter, who at least made the initial file. The Creator Tool indicates that the initial PDF was made with the Adobe Acrobat PDFMaker for Microsoft Word. This was probably what was used to make the first page with the Press Office cover information. The Create Date and the Modify Date indicates there was only twenty minutes between the initial file’s creation and the document was finalized.
The rest of the file, however, consists of scans of physical documents from both within the White House and externally. To add those files to the cover a PDF merge needed to be performed. This is fairly simple with many PDF editing tools, including Acrobat. However, the information regarding the tool used to merge or modify the PDF into the single final file is right there in the Producer data. That field reveals that the application was apparently:
Producer : ilovepdf.com
Checking that website reveals that it is a website for handling PDF conversion tasks, particularly merging, splitting and file format conversions (e.g. to and from MS Word files). It also has an API and reasonable documentation. For what it is, it doesn’t look that bad really. It is, however, very definitely outside the jurisdiction of the United States. The domain is registered to a man in Spain (the business owner), while the servers are hidden behind CloudFlare’s front end processors. The mail for the domain is hosted with Google.
In order to use this service and thus produce files which end up with that domain name inserted in the Producer tag, the input files must be uploaded to the ilovepdf.com servers first. Which means that documents detailing the termination of a Director of the FBI by the President of the United States were transmitted to a Spanish business before they were actually ready for formal release. It also means that current White House staff are likely to be using this site to prepare other documents, including some which may be sensitive or not necessarily for release at all.
I don’t expect this to be any more than a minor footnote (if that) in this particular sage. It is, however, something worth considering when determining how responsible the Trump Administration really is when handling any information.
Anyone wishing to verify the information in this post can do so for themselves by downloading either (or both) of the copies of the PDF from DocumentCloud and analysing them with ExifTool. Given the source of the documents and the subject matter, I highly recommend independent verification.
UPDATE 1: Tom Namako has confirmed that he and Zoe Tillman uploaded the documents independently of each other and the files are the unmodified originals received from the White House Press Pool. This consistently matches the timestamps in the files as well as the timing of the events of the day.
UPDATE 2: There are references in past tweets of the ilovepdf.com Twitter account to hosting services with OVH. OVH have a number of data centres in Europe, but primarily in France. If I recall correctly they’re in northern France, near the border with Belgium. This is most likely where the ilovepdf.com servers and data storage is with regards to the transmission of information from the White House to, but that’s a best guess and could be wrong.
Thank you ORGANISED ADVERSARY