Re: "Redacted" DoJ PDFs still leaking confidential data

[David Farber <dave () farber net>]

________________________________________
From: James S. Tyre [jstyre () jstyre com]
Sent: Saturday, May 17, 2008 9:38 PM
To: David Farber; ip
Cc: Matt Blaze
Subject: Re: [IP] Re:   "Redacted" DoJ PDFs still leaking confidential data

To clarify slightly:

The redaction function Matt refers to only comes
with Acrobat 8 Professional, not Acrobat 8
standard.  It does what a true redaction program
should do, and is extremely easy to use.

On a somewhat related note, the Payne Metadata
Assistant
<http://payneconsulting.com/products/metadataretail/>
is, by far, the best metadata scrubber (but only
for Windows users).  Far superior to the scrubber
that MS itself offers.  (But note that I've
tested it only on MS Office 2003 and prior, not on Office 2007).

-Jim

At 05:39 PM 5/17/2008 -0700, David Farber wrote:

> ________________________________________
> From: Matt Blaze [mab () crypto com]
> Sent: Saturday, May 17, 2008 8:12 PM
> To: Peter Swire
> Cc: David Farber
> Subject: Re: [IP] "Redacted" DoJ PDFs still leaking confidential data
>
> Hi Peter,
>
> The problem arises from ad-hoc methods of redacting, such as pasting
> boxes
> over redacted text.  There are easy (but apparently not widely known)
> ways to do it better.  The NSA has a redaction manual (linked in the
> blog post below), and the most recent version of Adobe Acrobat has
> a "redaction" function built in.
>
> -matt
>
> On May 17, 2008, at 20:00, Peter Swire wrote:
>
> > Dave:
> >
> > It is a public service for Matt Blaze to show the ineffectiveness of
> > the DOJ’s redaction process.
> >
> > In light of the government tendency to err on the side of secrecy,
> > could Matt or other readers point us to high-quality and easy-to-use
> > ways to redact government (or other) documents?  Do changes need to
> > be made to widely-used word processing and similar software?
> >
> > If redaction is easy to hack, then DOJ and other agencies will try
> > to prevent release of documents entirely.  Transparency, the Freedom
> > of Information Act, etc. ­ strong reasons to have redaction be
> > workable, or else the public will see even less.
> >
> > Peter
> >
> > Prof. Peter P. Swire
> > C. William O'Neil Professor of Law
> >    Moritz College of Law
> >    The Ohio State University
> > Senior Fellow, Center for American Progress
> > (240) 994-4142, www.peterswire.net
> >
> > <snip>
> >
> > Data leaks from ineffectively redacted PDFs go back for
> > years, and the DoJ itself has been burned by this several
> > times already; one would think the government might have
> > learned by now.  In this case, the "sensitive" data is
> > fairly innocuous (and, I'd argue, was data the public has a
> > legitimate right to know in any case). But if this represents
> > the DoJ's normal redaction practices, next time it could just
> > as easily be a court filing containing the names of
> > confidential informants.
> >
> > Last night, after I blogged about it, the DoJ took the entire
> > web site for its Office of the Inspector General off the air,
> > presumably to check for other leaky PDFs.
> >
> > For the original leaky PDF and context, see my
> > blog post at
> >     http://www.crypto.com/blog/calea_retrobugs/
> >
> > -matt
> >
> > Archives
>
>
> -------------------------------------------
> Archives: http://www.listbox.com/member/archive/247/=now
> RSS Feed: http://www.listbox.com/member/archive/rss/247/
> Powered by Listbox: http://www.listbox.com


--------------------------------------------------------------------
James S. Tyre                                      jstyre () jstyre com
Law Offices of James S. Tyre          310-839-4114/310-839-4602(fax)
10736 Jefferson Blvd., #512               Culver City, CA 90230-4969
Co-founder, The Censorware Project             http://censorware.net
Policy Fellow, Electronic Frontier Foundation     http://www.eff.org


-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com