Re: "Redacted" DoJ PDFs still leaking confidential data

[David Farber <dave () farber net>]

________________________________________
From: Steven M. Bellovin [smb () cs columbia edu]
Sent: Saturday, May 17, 2008 8:21 PM
To: David Farber
Cc: peter () peterswire net
Subject: Re: [IP] Re:   "Redacted" DoJ PDFs still leaking confidential data

On Sat, 17 May 2008 17:07:40 -0700
David Farber <dave () farber net> wrote:

> In light of the government tendency to err on the side of secrecy,
> could Matt or other readers point us to high-quality and easy-to-use
> ways to redact government (or other) documents?  Do changes need to
> be made to widely-used word processing and similar software?
Matt's blog posting points to an NSA guide on the subject:
http://www.fas.org/sgp/othergov/dod/nsa-redact.pdf

The instructions were, as far as I know, correct in late 2005 when they
came out.  Tools have changed since then, and it was never a
high-assurance solution.  Here is a brief mailing list discussion about
that document.

---

From: "Steven M. Bellovin" <smb () cs columbia edu>
To: John Levine <johnl () iecc com>
Cc: cryptography () metzdowd com
Subject: Re: NSA explains how to redact documents electronically
Date: Wed, 25 Jan 2006 01:53:24 -0500
Sender: owner-cryptography () metzdowd com
X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4

In message <20060125030247.93612.qmail () simone iecc com>, John Levine
writes:
> > http://www.fas.org/sgp/othergov/dod/nsa-redact.pdf
> >
> > One wonders how long it will be till someone finds an error...
>
> Even if it's right, it's so complicated that it seems rather
> optimistic to expect people to follow it correctly every time.

I agree.  It's also very dependent on the exact options that Microsoft
and Adobe have currently implemented.  Minor changes could screw this
up completely.
> I don't claim to be a big security guru, but if I were planning to
> distribute a redacted PDF document, I'd render it to a bitmap, then
> turn the bitmap back into a PDF and ship that, a digital version of
> printing it out and scanning it back in.  On Unixish systems, one can
> do that in about five minutes with freeware tools like ghostscript and
> xpdf.

That's more or less what they did when they declassified Skipjack,
though they may have used a real printer and scanner instead.  Some
people laughed at NSA's technical ineptitude -- didn't they know how to
print to PDF directly?  Others realized that NSA understood the problem
at a much deeper level.

-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com