Document security flap at U.N. causes uproar

A 'technical fault' in a U.N. report on the assassination of the prime minister of Lebanon that was posted to the Internet has led to a crisis at the world body and heightened tensions in the international community.

The report, summarizing the investigation by Detlev Mehlis, the German prosecutor heading up the U.N. International Independent Investigation Commission into the Valentine's Day assassination of Lebanese Prime Minister Rafik Hariri, was presented Oct. 20 to the U.N. Security Council.

The report did not identify specific suspects by name but when the electronic document was posted online, readers quickly discovered that the 'track changes' function of the file could be enabled'revealing any revisions made to the document.

While the report confirmed international suspicions about Syria's involvement in the assassination, controversy arose when journalists and others discovered that the report originally named several suspects, including the brother and brother-in-law of Syrian President Bashar al-Assad. Revisions made in the document showed that the names had been removed at approximately the same time as a meeting Mehlis had with U.N. Secretary-General Kofi Annan.

Annan had promised repeatedly during the course of Mehlis' investigation that it was an independent process and that he would not change the report when it was issued.

At a press conference Oct. 21, Mehlis insisted he deleted the names from the document when he learned that the report was going to be released publicly.

'Since the report was to be made public, I decided the names should not be there because it could give the idea of an established fact. The presumption of innocence stands,' Mehlis said.

'Some of the staff who were working in terms of transmitting the report weren't aware of the track changes option, [and that] the last day's worth of editing being made showed up,' said Farhan Haq, a spokesman in the Office of Secretary-General.

Document insecurity not new

The Hariri investigation flap is the latest high-profile international incident arising out of problems with securing the visible contents of an electronic document released to the public.

Earlier this year, just days after the Multi-National Forces-Iraq (MNF-I) concluded an investigation into the shooting death of an Italian special agent in Baghdad, officials posted the results of that investigation on the MNF-I Web site. But they were unaware that the Adobe Portable Document Format memo, posted April 30, exposed blocks of classified information that had been redacted.

That was human error, says Army Lt. Col. Steven A. Boylan, MNF-I strategic effects director. Boylan said MNF-I has conducted an investigation into the slip-up, and found that it "was a case where individuals misunderstood the capability of the Adobe program."

"It was believed that once a document was converted to a .pdf, it would not be able to be reversed [to] allow the information to be viewed,' Boylan said. 'Processes have been put into place to ensure that type of inadvertent release of information does not occur in the future."

He added that in the future, documents will be redacted physically and then scanned so that classified information does not get into the wrong hands.

In this case, redacted classified information'discovered by an Italian blogger who copied and pasted the text into another file format'indicated that U.S. troops had set up a checkpoint en route to the Baghdad airport as part of preparations for a VIP traveling to Camp Victory outside Baghdad.

U.S. troops fired on a car carrying Giuliana Sgrena, an Italian journalist who had just been released after being held hostage, and Italian special agent Nicola Calipari. Calipari died in the incident, while Sgrena and the car's driver were wounded.

Joe Fantuzzi, president and CEO of Workshare Inc., a San Francisco company that provides document security solutions, said these two incidents demonstrate a common problem throughout government agencies and private-sector firms. Many computer users are unaware of the risk, he added.

There are software products on the market which will remove hidden data, such as editing changes to documents, before they are e-mailed, Fantuzzi said. There also are tools that will alert users to the presence of hidden information in documents they receive, he said.

'An ounce of prevention is really what's called for here,' added Ken Rutsky, Workshare's vice president for worldwide marketing. 'That's a lot easier than trying to put in a large education programs and hoping people will learn and follow' document guidelines.

As for the U.N. incident, 'We are considering ways of handling this better in the future,' Haq said. 'We are looking for ways to make sure ' transmittal is done differently so only the final authoritative version is released.'

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group