Yet Another Redacting Failure

This sort of thing happens so often it's no longer news:

Conte's e-mails were intended to be blacked out in a 51-page electronic filing Wednesday in which the government argued against the Chronicle's motion to quash the subpoena. Eight of those pages were not supposed to be public.

But the redacted parts in the computer file could be seen by copying them and pasting the material in a word processing program.

Another news article here.

Posted on June 26, 2006 at 12:29 PM • 14 Comments

Comments

TanukiJune 26, 2006 3:11 PM

Isn't this just a modern variant of the "Miss Frazer, send this guy the bug letter" inadvertent-forwarding-of-an-attachment goof?

aJune 26, 2006 5:43 PM

Sounds like there should be a "Save for publish" mode/functionality in the word processors they use. When composing or editing a document, it's great to have unlimited undos and for it to be as hard to lose information as possible. But when publishing something, you don't want people reading you're notes.

artificial lifeJune 26, 2006 10:36 PM

"Save for publish" mode/functionality

In MS Word, this is called 'save as'. Save the file as a new file -- ie change it's name in the save-as dialogue -- and it will trim down the undo history etc.

Still saves whatever user id info you put into Word when you configured it.

JojoJune 26, 2006 11:07 PM

I'm not sure that "SAVE AS" loses all the history crap in a Word file.

The safest method is to do a cut & paste into a new file, THEN do a "SAVE AS".

The only problem with this is that Word sometimes messes up the formating and you have to spend some time fixing it back up.

BoJune 27, 2006 5:00 AM

Any saved format with tagged sequences that do not always render their information visibly is vulnerable to information leaks. Even HTML.

Most people simply do not understand the issues implied by the wysiwyg and convenience features i electronic documents.

Adam LockJune 27, 2006 7:21 AM

I know this sounds crazy but why can't they just replace the redacted words with 'X' chars or something. It's obvious that if they can cut and paste into Word that this is a text document so it makes no sense to draw little boxes parts of the text but leave the original text in there.

XyzJune 27, 2006 10:14 AM

Yet Another Ridacting Failure -- also known as a YARF?

What'd they do? Just select the sensitive information and change the text background to black? Doh.

jammitJune 27, 2006 11:56 AM

I know there has to be a google hack to search for text in redacted PDF files...
I know someone out there in cyberland is now making a program that automatically scrubs PDF files. I remember seeing a program that scrubs your word documents.

AnonymousJune 28, 2006 10:17 AM

This type of thing is too useful to be fixed. How "clever" it is to redact something that you'd rather have public and subsequently respond with "Oops, I'm sorry. It's that darn MS Word."

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..