NSA offers guidance to feds on redactions

The National Security Agency has issued a report suggesting ways to improve federal officials' use of redaction in documents being released to the public.

The report, titled 'Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF,' was released by the architectures and applications division of the Systems and Network Attack Center at NSA.

The authors identify three common mistakes officials can make in trying to sanitize documents:
  • Setting the background to black behind text 'is a common and effective means of redaction for hard-copy printed materials,' the report stated, but is not effective for documents in electronic form.

  • Similarly, placing a black rectangle over images or making them unreadable by reducing their size also does not work for electronic documents.

  • Finally, officials frequently overlook hidden information such as metadata.

The report contains step-by-step instructions to address redactions and metadata. The primary method NSA recommends to keep sensitive or classified information hidden in a document is to make a copy of the original document and subsequently delete the information from the copy, keeping the original as a backup.

The subject of electronic redaction has been an issue for the government following several high-profile cases where information thought to be invisible could be found with just a few key strokes.

The incidents involved more than one kind of flaw in the application of technology to documents. For instance, in May 2005, the Pentagon posted a report on its Web site regarding the circumstances of U.S. soldiers in Iraq accidentally shooting an Italian secret service agent. The PDF file blacked out some information regarding the incident, but a simple cut-and-paste of the text revealed the hidden words.

In October, a U.N. report on the assassination of the prime minister of Lebanon was released on the Web. Readers were able to find information that had been removed before the report's release because the 'track changes' function in the word processing program had been left on.

In December, a White House document on 'Strategy for Victory in Iraq' contained metadata that showed the author was a Duke University political science professor.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group