GCN, 9 Dec 09: News that the Transportation Security Administration (TSA) accidentally posted secret information detailing its airline screening practices may have had a familiar ring to feds. The information was exposed because of inadequate redaction procedures.
TSA’s operating manual had been posted on a procurement Web site in the spring in redacted form. But anyone who copied the document and pasted it into another format, such as Microsoft Word or Windows Notepad, could read the redacted sections. Some of those sections included the settings for X-ray machines and explosives detectors, as well as procedures for dealing with diplomats, CIA employees and law enforcement officers.
Information breaches due to improper redaction are not new. In 2005, the Multi-National Force-Iraq ran into a similar problem when a memo with redacted classified information about a shooting was posted on the Web. The classified information, however, wasn’t actually redacted so much as blacked out, and the information could be revealed by copying and pasting it into a different format.
The White House, Justice Department and United Nations also have encountered similar slip-ups.
In wake of those embarrassments, the National Security Agency issued guidance to federal agencies, titled “Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF.”
In the guidance, NSA identified the three most common mistakes analysts make in redacting documents intended for the Web, all of them essentially the result of thinking that what works for a print copy works for a digital copy. The three most common mistakes:
- Covering text, charts, tables, or diagrams with black rectangles, or highlighting text in black. most common mistake is covering text with black (or changing the background to black).
- Covering up parts of an image with separate graphics such as black rectangles, or making images “unreadable” by reducing their size. As with text, this works only on printed copies.
- Failing to remove metadata and documents properties, which is often as sensitive as the original document; its presence in downgraded or sanitized documents has historically led to compromise.
A few tips NSA offers on how to properly redact a document:
- Save a copy of the original document; make changes to the copy and keep the original.
- Delete, rather than black-out, sensitive text, diagrams, tables and images.
- Turn off track changes, comments and other visible markups, which can contain potentially compromising hidden data.
- Rename the document to show that manual redaction is complete.
- Create a new Word document, and copy and paste the edited text.
- Convert a Word document to PDF and review final output for missed redactions or formatting issues.
Metadata and recorded, but often not visible, changes to a document are potential dangers because they often go unnoticed by the user. Knowing how to find that data is the key to removing it.
Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF (NSA)
InformationWeek, 9 Dec 09: Employees at the Transportation Security Administration inadvertently exposed classified information about the agency’s security procedures because, apparently, they don’t know how PDF documents work.
What’s not clear is how many other government departments, legal agencies, healthcare providers, and other organizations that deal with sensitive information are unaware that a quirk in Adobe’s Portable Document Format can leave data open to prying eyes.
TSA officials posted what they thought was a redacted version of the TSA’s airport security operating manual on a Web site used by private contractors looking for government work. The problem: the officials didn’t actually delete sensitive parts of the document—they just blacked them out using a graphics tool.
That method left the underlying words intact, and they were exposed when readers cut and pasted pages from the document, “Screening Management Standard Operating Procedures,” into a new file. The vulnerability isn’t technically a bug in Adobe’s product, but its existence shows how those handling secure information should be fully trained in the software they’re using.
The end result of the foul-up was that highly sensitive information about TSA screening methods, interviewing procedures, X-ray machines and other terrorist prevention tools became easily available to millions of people on the Web.
Department of Homeland Security Secretary Janet Napolitano on Wednesday promised Senate Judiciary Committee members that her department would launch a full probe of the incident and take unspecified actions against those involved. . . . . .
Previous:
TSA Leaks Sensitive Airport Screening Manual
