On last night’s Daily Show, Jon Stewart had a segment about the recent inadvertent online posting of the Transportation Security Administration’s screening operations manual. The segment poked fun at whichever unnamed government employee redacted the document. The now-public manual includes sample Congressional and law enforcement credentials, as well as information on what items TSA employees do not need to screen (such as wheelchairs). TSA has responded, stating that the published manual is outdated and that the security breach did not put air travelers at risk.
Congress has already begun hearings into how the manual was posted online and why it was improperly redacted. Basically, the redactors digitally drew black boxes over the text and then posted the document. Such digitally blacked out text can be “unredacted” and read in full by the simple act of copying and pasting the text into a new document.
Government redactors might want to take a look at 2005 manual from the National Security Agency, “Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF” (pdf and Privacy Lives archive copy), which has step-by-step instructions on how to properly redact sensitive data in documents. The manual notes:
Typical Kinds of Exposures
When attempting to sanitize a document, analysts commit three common mistakes with MS Word and PDF that lead to most cases of unintentional exposure.
1. Redaction of Text and Diagrams – Covering text, charts, tables, or diagrams with black rectangles, or highlighting text in black, is a common and effective means of redaction for hardcopy printed materials. It is not effective, in general, for computer documents distributed across computer networks (i.e. in “softcopy” format). The most common mistake is covering text with black.
2. Redaction of Images – Covering up parts of an image with separate graphics such as black rectangles, or making images ‘unreadable’ by reducing their size, has also been used for redaction of hardcopy printed materials. It is generally not effective for computer documents distributed in softcopy form.
3. Meta-data and Document Properties – In addition to the visible content of a document, most office tools, such as MS Word, contain substantial hidden information about the document. This information is often as sensitive as the original document, and its presence in downgraded or sanitized documents has historically led to compromise.
I found the NSA document with a simple search engine query. There are numerous reports with instructions on how to properly digitally redact documents, such as this one from the Association for Computing Machinery.
Watch the full segment at the Daily Show site. It’s pretty funny.