- The Washington Times - Monday, January 23, 2006

The National Security Agency has issued technical guidelines to U.S. officials on redacting or editing sensitive documents for release after a series of incidents in which so-called metadata stored in electronic formats such as Microsoft Word or Adobe PDF files were exposed accidentally.

Both types of files are “complex, sophisticated computer data formats,” according to the guidance document produced by the NSA’s Information Assurance Directorate, which is responsible for the integrity of U.S. government computer networks.

The document, called “Redacting with confidence: How to safely publish sanitized reports converted from Word to PDF,” says these files can “contain many kinds of information, such as text, graphics, tables, images, [and] meta-data.”

Metadata is information associated with the file, like a note of the author and the date the file was created.

This “complexity makes [documents in these and other formats] potential vehicles for exposing information unintentionally, especially when downgrading or sanitizing classified materials,” the NSA says.

Although the document — dated last month and posted on the Web site of the Federation of American Scientists last week — provides no examples, there were at least two occasions last year when such unintentional exposure of official U.S. documents occurred.

Reporters checking the metadata for the 35-page “National Strategy for Victory in Iraq” that President Bush presented in November found its author to be a National Security Council adviser named Peter Feaver.

Another kind of metadata is the so-called “undo stack,” a list of all editing changes made in the file that are saved by the program so that they can be reversed using the “undo” function.

On April 30, U.S.-led coalition forces in Baghdad posted on the Web a redacted version of their report regarding the fatal shooting of Italian special agent Nicola Calipari at a checkpoint on the city’s notorious airport road.

Military officials redacted key information about checkpoint procedures and events on the night in question from the report before posting it on the Web. But a few clicks of the mouse was all it took to restore the redacted parts.

“The key concept for understanding the issues that lead to the inadvertent exposure is that information hidden or covered in a computer document can almost always be recovered,” the NSA says.

The officers who prepared the Calipari report apparently thought that when a document was converted to a PDF format, the “undo stack” disappeared.

“It was believed that once a document was converted to a PDF, it would not be able to be reversed [to] allow the information to be viewed,” Army Lt. Col. Steven Boylan, who led the post-mortem into the accidental release, told Government Computer News last year.

According to the NSA document, “numerous people have learned to their chagrin, merely converting a Microsoft Word document to PDF does not remove all metadata automatically.”

LOAD COMMENTS ()

 

Click to Read More

Click to Hide