Re: "Redacted" DoJ PDFs still leaking confidential data

[David Farber <dave () farber net>]

________________________________________
From: Matt Blaze [mab () crypto com]
Sent: Saturday, May 17, 2008 8:12 PM
To: Peter Swire
Cc: David Farber
Subject: Re: [IP] "Redacted" DoJ PDFs still leaking confidential data

Hi Peter,

The problem arises from ad-hoc methods of redacting, such as pasting
boxes
over redacted text.  There are easy (but apparently not widely known)
ways to do it better.  The NSA has a redaction manual (linked in the
blog post below), and the most recent version of Adobe Acrobat has
a "redaction" function built in.

-matt

On May 17, 2008, at 20:00, Peter Swire wrote:

> Dave:
>
> It is a public service for Matt Blaze to show the ineffectiveness of
> the DOJ’s redaction process.
>
> In light of the government tendency to err on the side of secrecy,
> could Matt or other readers point us to high-quality and easy-to-use
> ways to redact government (or other) documents?  Do changes need to
> be made to widely-used word processing and similar software?
>
> If redaction is easy to hack, then DOJ and other agencies will try
> to prevent release of documents entirely.  Transparency, the Freedom
> of Information Act, etc. – strong reasons to have redaction be
> workable, or else the public will see even less.
>
> Peter
>
> Prof. Peter P. Swire
> C. William O'Neil Professor of Law
>    Moritz College of Law
>    The Ohio State University
> Senior Fellow, Center for American Progress
> (240) 994-4142, www.peterswire.net
>
> <snip>
>
> Data leaks from ineffectively redacted PDFs go back for
> years, and the DoJ itself has been burned by this several
> times already; one would think the government might have
> learned by now.  In this case, the "sensitive" data is
> fairly innocuous (and, I'd argue, was data the public has a
> legitimate right to know in any case). But if this represents
> the DoJ's normal redaction practices, next time it could just
> as easily be a court filing containing the names of
> confidential informants.
>
> Last night, after I blogged about it, the DoJ took the entire
> web site for its Office of the Inspector General off the air,
> presumably to check for other leaky PDFs.
>
> For the original leaky PDF and context, see my
> blog post at
>     http://www.crypto.com/blog/calea_retrobugs/
>
> -matt
>
> Archives


-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com