Posted on 04/18/2011 12:25:07 PM PDT by Still Thinking
If you're an organisation that is making public an internal document, you best make sure that you have deleted or blacked out any personal, confidential or actionable information.
The act of obscuring the sensitive information is known as "redaction", and - for obvious reasons - needs to be done properly if you care about privacy and avoiding a potentially damaging data leak.
In the old days - before PDFs and Word documents - you might have redacted a document with a thick black marker pen, ensuring that anyone who made a photocopy of the document wouldn't be able to see the censored words. Things are different with electronic media, of course.
Unfortunately, time and time again we've seen sloppy security procedures make it far too easy for unauthorised parties to view information in electronic documents that should have been properly redacted.
The last example which has made numerous newspaper headlines, involves the British Ministry of Defence, which was found to have published a PDF document online, unintentionally revealing information about nuclear submarine security.
The PDF, entitled "SUCCESSOR SSBN - SAFETY REGULATORS' ADVICE ON THE SELECTION OF THE PROPULSION PLANT IN SUPPORT OF THE FUTURE DETERRENT REVIEW NOTE", was published on the parliamentary website following requests under the Freedom of Information Act. However, although sections were supposed to be protected through redaction - it was possible to copy-and-paste the blacked-out text straight out of it.
As the Daily Star explained:
The bunglers turned the text background black - making the words unreadable - but crucially left them in place. That meant anyone wanting to read the censored sections just had to copy the text.
This was a real school-boy error to make - as anyone with even an elementary knowledge of computers would know how to read the "redacted" content.
If you want to learn how to properly redact Adobe PDF files, here's a great guide describing how to do it with Acrobat X Pro.
Good luck, and remember that simply marking text will not actually remove it from your sensitive PDFs. You also have to apply redactions!
How can these guys be trusted with a nuclear submarine if they can’t even use acrobat properly?
It’s a FR bug. Happened to me for a long time with one of my ping lists. (Only happened when I posed from my Android phone.)
Well, the nuke boat isn’t always trying to talk to other people and “upgrade” itself without your permission.
The british navy has secrets??
Oh, trust me, I’m not defending Adobe and their crapware.
Acrobat was once an solid product, but not anymore.
“How can these guys be trusted with a nuclear submarine if they can’t even use acrobat properly?”
You could ask the identical question about entrusting them with the nation’s health care system.
I don't know, they won't tell me.
Although I actually do dislike those "features" of Acrobat, my post was mostly intended in fun.
This is stupid. Classification requirements include rules for declassifying information, and that would include methods of scanning documents for classified information if the documents were not pure text.
The simplest way to accomplish correct redaction is to print out the document, redact it, and scan it back in.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.