White House accidentally exposes data in PDF file

Government agencies continue to stumble over security procedures designed to conceal certain information embedded in documents posted to the Internet.

In the latest error, the White House posted a copy of President Bush's 'Plan for Victory in Iraq,' the heart of his speech last week at the Naval Academy. But the Adobe portable document format file on the Web site also contained the hidden name of the original author of the document: Peter Feaver, a Duke University political science professor who joined the National Security Council staff last June as a special adviser.

The discovery that Feaver was the originator of the plan has stirred controversy in Washington. The New York Times has reported that Feaver co-authored an analysis of surveys regarding the popularity of the Iraq war with the American public and concluded that citizens will support the war, despite fairly heavy casualties, as long as they believe it will ultimately succeed.

'The recent disclosure of the original authorship of the [plan] document underscores once more why all organizations must put policy and technology in place to prevent the leakage of damaging information,' said Joe Fantuzzi, CEO of Workshare Inc., a document integrity solutions company based in San Francisco. It 'is unfortunate that the White House allowed this distraction to unnecessarily politicize the debate over policy.'

The White House did not return a phone call asking for comment.

Earlier this year, the Multi-National Force-Iraq issued a report on the killing of an Italian security agent after he rescued a countrywoman who had been held hostage by insurgents. The report, posted to the Web as a PDF file, was supposed to be redacted but a simple text cut and paste into other document formats revealed the redacted information. A military investigation later determined that the disclosure was the result of user error.

In October, a U.N. report on the assassination of a popular Lebanese politician opened an ongoing controversy when a 'technical error' allowed online readers to look at changes made to the document, revealing that names of specific Syrian officials had been removed from the final report.

'The complexity of technology continues to befuddle even sophisticated users,' Fantuzzi said. Organizations 'must recognize that PDF is not inherently secure, and policy, education and automation of document security must be implemented to prevent these costly mistakes.'

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.