Dr Wright’s various allegations that forged documents were planted
At this point it is appropriate to draw together the various allegations which Dr Wright made that various forged documents were planted by Mr Ager-Hanssen or some other ‘Bad Actor’. As I understand Dr Wright’s assertions, he makes them on the basis that the documents in questions are forgeries, because if they were not, he would continue to rely on them as supporting his claim to be Satoshi. So the issue is whether the person responsible for the forgeries in question was Dr Wright or some third party or parties, with, presumably, a grudge against him.
I address the allegations of planting by others in sections 1, 2, 13, 17, 35 and 40 in the Appendix, but undoubtedly the allegation has the greatest scope in section 2 concerning BDOPC.raw. In his oral closing submissions, Counsel for COPA addressed this principal allegation, submitting it was both absurd and incredible. He made the following six points:
First, he drew attention to an inconsistency in Dr Wright’s evidence:
In Wright5 [22], [28]-[30] {served 1 December 2023}, his evidence was to the effect that he had simply connected the 2 hard drives to his laptop to check they still worked, but did not access the BDO Drive on the Samsung drive or any files on either hard drive. He mentioned one qualification, in [29] that Stroz Friedberg, on examining the BDO Drive, had identified ‘(i) metadata suggesting that the recycle bin on the Samsung Drive (which sits on the Samsung Drive outside the BDO Drive, which has its own recycle bin) was emptied in September 2023, (ii) the ordering of files added to the recycle bin and (iii) transactional log files within the BDO Drive with a created, modified and access date of 17 September 2023’. In [30], he explained these points by the software systems and processes that he habitually uses which, he said, may have caused the recycle bin on the Samsung Drive to have been automatically emptied when it was connected. He also said it was possible that one of these systems or processes might have opened the BDO Drive automatically, when he checked that the Samsung Drive was working. The import of all of this was to provide reassurance that no material change had occurred to the BDO Drive.
Counsel contrasted that account with what Dr Wright said in cross-examination to the effect that, for some inexplicable reason, he had left the BDO Drive connected to his laptop for the days which followed, providing the opportunity for some ‘Bad Actor’ to plant the forged documents on the BDO Drive when hacking into his computer.
There are a number of reasons why his latter account is implausible. First, it must have been clear to Dr Wright that the provenance and chain of custody in relation to this BDO Drive would be closely scrutinised. This is confirmed by his careful evidence set out in Wright5. Second, leaving the BDO Drive connected would have been a breach of basic security principles, well-known to a professed IT security expert such as Dr Wright. Third, it is inconsistent with his evidence in Wright5.
Second, Dr Wright’s account presupposes that the ‘Bad Actor’ (whether Mr Ager-Hanssen or one of his associates) was able to identify and taint the 71 critical new reliance documents. The alternative explanation, that the Bad Actor created those 71 documents themselves and planted them, is highly implausible because Dr Wright would not have recognised them as his, and would not have relied upon them.
So the Bad Actor had to work out which were the new documents which Dr Wright himself would identify as his new critical reliance documents which, we are told, was done on the basis of a set of bespoke search terms and then careful review of the content. So on this hypothesis, the Bad Actor must have found those documents, identified those that might actually support Dr Wright’s claim to be Satoshi, and then set to work on them, carrying out a very elaborate set of editing actions to give the impression that those particular documents had been added in mid-September 2023. They would have been working on a drive which contained a huge number of documents, with no guide to help them, because Dr Wright’s account is that between 15 and 20 September 2023, he hadn’t gone into the BDO Drive, let alone examine its contents or tell Mr Ager-Hanssen all about the critical reliance documents.
As Counsel for COPA submitted, the Bad Actor’s success would have been quite remarkable, because, on this hypothesis, he/they managed to identify every single new reliance document which was later identified and relied upon by Dr Wright as supporting his claim to be Satoshi.
Third, on top of the ingenuity described so far, the Bad Actor had to insert content which was anachronistic to 2007/8, and then edit out that content. They had to seed the BDO Drive with the edited versions. They then had to delete the drive which contained the anachronistic versions, InfoDef09.raw. All that had to have been done in just a few days, but in the hope that Mr Madden would, in due course, (i) be given access to the BDO Drive (something which Dr Wright made efforts to resist) and (ii) be able to recover from the deleted InfoDef09.raw the prior versions of the documents. If Mr Madden had not been able to do those two things, all this work would have been for nothing.
Fourth, the Bad Actor had to have had some documents ready for planting – at least King.rtf and King2.rtf – by 12 September 2023, three days before Dr Wright says he found the Samsung drive in a drawer.
Fifth, the hypothesis assumes that the Bad Actor must have been extremely fortunate: not only did Dr Wright proceed to nominate the documents they had tainted as his new critical reliance documents, but he failed to notice that any of them had been edited. Instead, he studied the documents and provided the instructions to Shoosmiths to create a detailed schedule of the 97 new documents, {P/10/1-7} annexed to Field1.
Sixth, as Counsel for COPA pointed out, there is no evidence of this alleged hack. Indeed, the principal point said to evidence a hack (see the submission at 410.1 above) is factually incorrect. The images published by Mr Ager-Hanssen were not screenshots, they were photographs of a monitor. Although they are described as screenshots in Wright3 [18], the exhibit CSW4 clearly contains photographs of what is shown on the screen of a Lenovo laptop {E/3/29-33}. The photograph on p33 shows 3 windows: on top is a Google search for ‘quill 01916 before 2010’ (the text is somewhat difficult to make out); underneath that is a Windows directory window, and the foot of the window shows ‘Assignment-2.doc’ selected; underneath that is a window with some file open from the BDO Drive but with browsing history displayed – again most of the text is unclear but one can see, at the end, ‘the timestamp proves that the data must’ (a phrase in section 3 of the Bitcoin White Paper). On p32, the photograph shows the whole of the Lenovo laptop screen, with the top window being a file search of the term ‘bitcoin’ on the BDO Drive and the second window being the same Google search as p33. On p31, the top window is from an internet browser which has navigated to a page concerning the ‘Quill A4 Planner Pads Meeting Minutes 50lf’.
Counsel for COPA pointed out that these photographs show that Mr Ager-Hanssen was able to take photographs of a screen showing the BDO Drive being accessed and, in some cases, Dr Wright’s browsing history in mid to late September i.e. before Mr Ager-Hanssen turned against Dr Wright and was sacked from nChain. He suggested these photographs were taken at a time when Dr Wright wanted to give Mr Ager-Hanssen access to material to secure his continued support. He pointed out that Dr Wright sent Mr Ager-Hanssen a photograph of a document on screen (subsequently disclosed as a LaTeX file but not the pdf version shown on screen), apparently on 5 September, accompanying messages saying ‘the encrypted drive’ ; ‘has everything’; ‘4 million pages’ etc. {P/18/11}. The point being that, at this point, Dr Wright was actively collaborating with Mr Ager-Hanssen.
The distinction between a screenshot and a photograph of a screen may appear slight but it is of some significance. The ability to take a screenshot is more consistent with control over the computer itself, whereas the ability to take a photograph of what is shown on the screen is less consistent with control. Further, the sending of a photograph of a screen by Mr Ager-Hanssen is inconsistent with a hack.
The only other point I need address from Dr Wright’s submissions quoted at paragraph 410 above is the submission that COPA did not challenge Dr Wright’s account of being hacked. Counsel for COPA responded by submitting this was a bad point. I agree. As Counsel submitted, COPA did not have a positive basis to say what Mr Ager-Hanssen did or did not do, but what was put to Dr Wright repeatedly was that he was responsible for the editing and falsifying of the BDO materials.
The final point to make is that the notion that some Bad Actor was responsible for the forgeries of documents on the BDO Drive does not sit well with the clear positive evidence (which I address in the next section) that during September 2023, Dr Wright himself was creating the LaTeX documents. Indeed, in his answers on Day 5 when being cross-examined about two particular LaTeX files – LPA.tex and LP1.tex – Dr Wright asserted that these documents were planted by Mr Ager-Hanssen or someone associated with him {Day5/86:14}. I have addressed that assertion in the context of the detailed evidence on those two documents in section 17 of the Appendix. That detailed evidence demonstrated, as I found in section 17, that these two documents were forgeries, and I am entirely satisfied they were forged by Dr Wright himself.
Overall, the notion that a Bad Actor was responsible for the forgeries on the BDO Drive is literally incredible. It would depend on multiple bizarre coincidences, the combination of which is completely implausible.