Posted on 04/18/2011 12:25:07 PM PDT by Still Thinking
If you're an organisation that is making public an internal document, you best make sure that you have deleted or blacked out any personal, confidential or actionable information.
The act of obscuring the sensitive information is known as "redaction", and - for obvious reasons - needs to be done properly if you care about privacy and avoiding a potentially damaging data leak.
In the old days - before PDFs and Word documents - you might have redacted a document with a thick black marker pen, ensuring that anyone who made a photocopy of the document wouldn't be able to see the censored words. Things are different with electronic media, of course.
Unfortunately, time and time again we've seen sloppy security procedures make it far too easy for unauthorised parties to view information in electronic documents that should have been properly redacted.
The last example which has made numerous newspaper headlines, involves the British Ministry of Defence, which was found to have published a PDF document online, unintentionally revealing information about nuclear submarine security.
The PDF, entitled "SUCCESSOR SSBN - SAFETY REGULATORS' ADVICE ON THE SELECTION OF THE PROPULSION PLANT IN SUPPORT OF THE FUTURE DETERRENT REVIEW NOTE", was published on the parliamentary website following requests under the Freedom of Information Act. However, although sections were supposed to be protected through redaction - it was possible to copy-and-paste the blacked-out text straight out of it.
As the Daily Star explained:
The bunglers turned the text background black - making the words unreadable - but crucially left them in place. That meant anyone wanting to read the censored sections just had to copy the text.
This was a real school-boy error to make - as anyone with even an elementary knowledge of computers would know how to read the "redacted" content.
If you want to learn how to properly redact Adobe PDF files, here's a great guide describing how to do it with Acrobat X Pro.
Good luck, and remember that simply marking text will not actually remove it from your sensitive PDFs. You also have to apply redactions!
Tech Erps Ping!
Probably trying to slip information to their Al Queda butt buddies in a deniable way.
I served on board a nuclear sub for many years..
Good thing you’re done with that. PC-illiterate Brits have been charged with maintaining information security. I feel sorry for the guys still serving though.
My son's assigned to one right now....
Your pinglist is experiencing technical difficulties....
His list is so nice he pings it twice! (Seriously, it always does that and he hasn’t been able to figure out why)
I don't see the Windoze posters double posting every thread...
|{:^)
Maybe that’s the problem — he’s on a dual boot system, and both systems post!
LOL!
If this was a bungle, it was a bad bungle. This same method could, however, also be used to mislead enemy forces by leaking “secret” information that just plain is not true. Sounds like something James Bond would do, but I don’t know if the current British defence [sic] has the brains.
That's true. It only happens when I ping the list from a Windows computer.
It never happens when I respond to a post, or ping from my linux box.
Comment #5 was redacted good.............
Good point. I’m usually devious enough to think of that.
The moderator was showing us how it’s done.
In other articles about this incident, they mentioned that not only were British secrets revealed, but also among the improperly redacted info, were US Navy nuke sub procedures.
The Brits were not relishing telling the Navy about their screw up.
Unless it was a jointly planned disinformation effort, this is a really bad oopsie.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.