A case-study focused on gathering geo-location data from images posted on Instagram to tell stories of abuse of power and reveal the risks faced by those that need protection.
For the majority of users, and non-users, Instagram is a world of shoes, celebrities, holiday photos, “food porn”, hashtags, likes and filters. But there are different ways to read Instagram. Similarly to other social media platforms it is a mine of user-given information that, with the right kind of knots tied, can tell a lot about a specific user or a certain topic. This barrage of voluntarily-given information is coming in handy for the media, police forces, activists, private investigators, researchers and for Instagram itself (and in turn for Facebook) as a user posting images is communicating much more than just the image they are sharing.
This case-study focuses on gathering geo-location data from images posted to Instagram to tell stories of abuse of power and putting at risk those that need protecting. We look at what image metadata is, where to find it and how it can be used to expose abuses of power, protect those at risk and verify that an event took place.
Images can be useful not only in terms of the content they display, but also for the metadata they carry hidden within the image file. When a user takes a picture or records a video with their camera or smartphone, they are not only taking a picture, they are also about to store – in the file saved on the device – some extra information about the picture or video itself. Libraries cataloging books into subjects is a good example of metadata. The small cards stacked in drawers provide the title of the book, its publishing date, its author(s) and its location on the library shelves. In a similar manner in the digital sphere, a digital image can carry information about the camera that took the image, date and time of the shot, and often the geographic coordinates of where it was taken. Such multimedia-related metadata is also known as EXIF data, which stands for Exchangeable Image File Format.
However when one is posting an image to Instagram this information becomes useless as most social media platforms strip metadata from images and videos that are uploaded to their services. As Harlo Holmes explains in an interview with us “In apps like Instagram, things aren't automatically added to your photo map unless you actually tag it. Having the power to enable geo-tagging is definitely good for all of our privacy. Another factor with third party services like Twitter, is that they are really concerned about conserving their bytes. So it is the case that when you take a photo from your camera and submit it to their services, they are going to strip out a lot of metadata anyway because they don't want to host all that data. Not because of privacy reasons (privacy is often a secondary concern) but because of how much extra storage every byte adds.” So when users activate the geo-location option, or inadvertently do not disable it, then they are transmitting where the picture was taken, or uploaded in some cases. This geo-location option then stays active till the user decides, or remembers, to deactivate it again.
Kevin Systrom, co-founder and CEO of Instagram, said that “In the past, people have looked at photos as a record of memory. The focus has been on the past tense. With Instagram, the focus is on the present tense”. This “present tense”, the real-time aspect of Instagram is an asset. An image posted from a certain location gives away the current whereabouts of the user; a key charm for investigators.
Illinois Republican congressman Aaron Schock was known as the 'most photogenic' congressman due, in part, to his Instagram account which featured exotic locations along with eccentric poses. He had pictures of himself jumping in the snow, on sandy beaches and in various private planes. However it was suspected that the line between his public-office-related business trips and his holidays were becoming blurred. The Associated Press (AP) begun an investigation where they extracted the geo-location data from the photos Schock posted and tagged with his location on his Instagram account and compared it with the travel expenses he was charging to his campaign expenditure that AP had acquired. The AP connected the dots between the his travel expenses, his flight records of airport stopovers and the data extracted from his Instagram account and found that taxpayer money and campaign funds had been spent on these private plane flights. It wasn't only Schock's Instagram that was revealing. The account of a former Schock intern showing an image from a Katy Perry concert with the tagline "You can't say no when your boss invites you. Danced my butt off," was connected to \$1,928 paid to the ticket service StubHub.com listed as a “fund-raising event” on Schock's expenditures. The AP published their findings in February 24 2015 and on March 17 2015 he announced his resignation from Congress.
Image of Aaron Schock from his, now closed, Instagram account
In 2014 Max Seddon wrote an article that used Instagram pictures to ask the question of whether Russian soldiers had been in Ukraine territory in 2014 after a member of the army uploaded a selfie with the location functionality activated. Alexander Sotkin, posted images of himself inside of a tank on Instagram, that geo-located him to be only a few miles away from the Russian border. Melissa Hanham, a researcher at the James Martin Center for Nonproliferation Studies and collaborator of Bellingcat explains "one of the easiest and most useful methods for an open source analyst is to extract metadata from imagery", which can be done with free and user-friendly tools. The Russian government denied these selfies as evidence of Russian troops inside of Ukrainian territory and Jonathan Jones writes in the Guardian under the title "A Russian soldier's 'Ukraine Selfies' are not evidence, they're war art", that these 'selfies' could have been manipulated or photoshopped and such information cannot be considered bulletproof evidence.
Image of Alexander Sotkin from his, now closed, Instagram account
Dmitry Peskov, Putin's spokesperson, was put under the spotlight (with no filter) raising questions about his income as a state official when he was spotted wearing an 18-carat gold Richard Mille watch, worth almost £400,000. The watch was seen on his wrist in a photo posted from his wedding.
Images found of Peskov's watch at his wedding and the watch in question the Richard Mille RM 52-01
Amidst the controversy Peskov stated that the watch was a gift from his newly-wed wife, which was later refuted through the Instagram account of his daughter. There, a photo posted by his daughter months before the wedding showed Peskov wearing the same watch.
The Insta-curse didn't end for Peskov with the watch controversy. Rumors came out that he was spending his honeymoon with friends and family on board of the Maltese Flacon yacht, one of the 25 most expensive yachts in the world. A weekly rent that is by far beyond the politicians declared economic means. Bellingcat reports that anti-corruption activist Aleksey Navalny who revealed the news about the watch, with the help of other activists and supporters, took up the investigation regarding the yacht. Using the yacht's website, yacht spotting websites, and Instagram photos from Peskov's daughter and one of Peskov's friends, ironically enough the same friend who is credited for the extravagant watch photo; they raised substantial doubts against Peskov's denial of renting the Maltese Falcon. Peskov's friend had posted photos of two yachts on his Instagram profile, through Vessel Finder, Navalny and co managed to locate the two yachts in the same area as the Maltese Flacon.
Navalny's team matched a small portion of a door that appeared in a photo Peskov's daughter posted of herself on Instagram, to a video of the Maltese Yacht showing the same door with the two distinctive marks.
Left image taken from a YouTube video of the tour of the Maltese Falcon’s interior. Right image taken from Peskov's daughter Liza Peskova's Instagram account.
Metadata is a double-edged sword, it can come in handy for investigating social justice and corruption cases but it is also being used for trolling and doxxing human rights defenders; and women & LGBTIQ individuals vocal on social media. The geo-location data available in images could be used to track anyone and anything, including endangered species. In a South African reserve visitors were advised not to disclose the whereabouts of the animals spotted, and to switch off their geotag function on their phones and social media platforms as poachers and hunters were using this information posted online it to locate animals.
Image taken by Eleni de Wet in South Africa and posted on her twitter on 4 May 2012.
In 2012, millionaire and controversial computer programmer and developer John McAfee, from McAfee Virus Protection fame, was arrested based on metadata found on an image posted by Vice. Journalists from Vice gained, not only exclusive access to McAfee, but were also able to join him in his escape from an investigation in Belize regarding the murder of one of his neighbours. Vice didn't only post the image, but bragged about their scoop by reporting on the time they spent with McAfee. When the image was posted with its metadata revealing where it was taken, having published when they have seen him, a narrow enough slot, it left no doubt regarding the whereabouts of McAfee. Though the image was most probably sent around from the person who took it in Belize to Vice offices to be later uploaded on their website, meaning at least three points of anchor before it reached its publication, it still retained the metadata of where McAfee was and resulted in his arrest. It wasn't only a massive fault on Vice's side being journalists who should know better how to protect their sources, let alone the subject of their reports, read Vice's official statement about the event here. Those interested in reading more about the story can read a full account here.
Image by Robert King taken from the article "We are with John McAfee Right Now Suckers", published on Vice on December 3 2012.
One would believe that figures in high risk would be more careful about their whereabouts, but this was not the case for people like Michelle Obama or US soldiers in Iraq. In 2007, insurgents in Iraq used geotags from images shared online by US soldiers to attack and destroy several US AH-64 Apache helicopters. Michelle Obama's Instagram photos were geotagged revealing either her whereabouts when taking the images, or the whereabouts of the person managing her account. In both cases this could and did pose a serious security threat that was unforeseen by those posting the images.
Image taken from Michelle Obama's Instagram published on Fusion
Knowledge of image metadata can be used to protect, expose and to verify. Metadata left or added to images can be harmful for either yourself or for others around you. To diminish this harm users can turn off the location services on their smart phones, scrub metadata from files that are being uploaded online and by not tagging location details on social media platforms. In the same breath this information that is left on images can be used by investigators who can exploit these digital traces to tell stories, make connections and expose abuses of power.
A further use of image metadata, that we haven't discussed in this case-study, is where it can also be used to verify information and evidence by 'proving' that a certain event took place at the time and place it was said to have. We explored this in more detail with our interview with Harlo Holmes and with the tool review ofCameraV, a mobile app that enables uses to verify photographs and videos in order for them to be able to be used as part of additional evidence in a court of law.
First published on May 25, 2017