Recently, a document of the Transportation Security Administration was inadvertently exposed through a private contractor of the cabinet department while consolidating. The process of redaction, when an organization consolidates literature into a more concise overview, can pose a security threat when this information is published. The final overview also needs to be more heavily guarded, because it contains more information in one location.
The scenario unfolded like this: An employee of contracted company was going through the Transportation Security literature, which directed TSA employees on the proper procedure for screening protocols used at more than 450 U.S airports, was posted on the Federal Businesses Opportunity website. It was posted in part of a TSA contract solicitation bid. A blogger discovered the document and passed it on to website administrators of anti-secrecy site Cryptome.org. They publicized the document and the confidential information began to spread across the web.
The problem in this case was a simple human error; the employee posted information that should have been kept confidential. The publishing of redacted information, however, goes much further than human errors however. The overarching issue causing this problems with redacted information is that organizations do not have a good understanding of the difference between redacted information in print, documents that are physically sent through the organization, and digital reacted information, sent or published electronically. In one case involving the department of defense, a document was published with the name of a Special Forces soldier that had been killed in Iraq that had been blacked out. The name was simply copy and pasted, and then the font was change. In the past, a marker could do a lot to redact a document. Today, however, technology has made it much easier to discover the information that has been disguised. Another common problem is that information that has been deleted or made indiscernible is the information has been already been recorded in the metadata of the file. In a case involving pharmaceutical giant Merck, information that had been simply deleted from a word document was later recovered through the metadata of the file.
Companies and government organizations (especially those subjected to the freedom of information act) are in a constant struggle between publishing information to the public and retaining information deemed private to the organization. The process of redaction in the new virtual world has made the struggle that much harder. Today, companies such as Redact-IT are selling software to remove confidential information from company documents. Even with these tools, redaction will continue to pose a threat to company struggling to be both private and public.
http://www.computerworld.com/s/article/9142141/Analysis_TSA_document_release_show_pitfalls_of_electronic_redaction?taxonomyId=17&pageNumber=2
Sunday, December 13, 2009
Subscribe to:
Post Comments (Atom)
Posts
These recent mistakes made by organizations who have failed to properly redact information has thrown redaction into the spotlight.
ReplyDeleteIt's critical that other organizations take notice of these mistakes and take the necessary steps to ensure that similar mistakes are not made.
Redaction requires processes to be in place to guarantee that redacted information is permanently removed and one of the main requirements in achieving a robust redaction process is by having a specifically designed redaction software package in place.
Redaction software that empowers users to complete redaction tasks with such ease that project times are significantly reduced and user confidence is immensely increased is a must and one such application that iv'e found is providing these benefits to organizations is RapidRedact (www.rapidredact.com)
The company mentioned in the Computerworld article is Informative Graphics Corp which makes Redact-It software (www.redact-it.com). Informative Graphics also has a video on YouTube about how to avoid making costly errors when electronically redacting documents: http://www.youtube.com/watch?v=7PhjIo5sHsA&feature=player_embedded
ReplyDeleteThese types of costly and damaging mistakes where sensitive information is accidentally released could easily be avoided by using redaction software designed precisely for eliminating sensitive information. ID Shield Redaction Software works in any environment, is easy to use, dependable and tested - our customers have securely redacted over one billion pages. Desktop and Server editions. www.extractsystems.com
ReplyDelete