AlbertPacino
Skilled
Apparently, someone in the military thought he could redact the document just by blacking out the text he wanted to keep secret. But if you open the document in Adobe Acrobat, the original text is easily uncovered, as the Army found outâ€â€presumably to its horror since the information included "rules of engagement" never publicly released and useful to enemies planning attacks.
The mistake was understandable. The security in Adobe Acrobat is somewhat confusing, even misleading. You can keep people from opening a document, or copying, or printing. You might therefore think you could keep people from changing the document as well. But you'd be wrong.
And I would have been too if you'd asked me before I researched this a few months ago. I was building a form and wanted to make it easily available but still prevent changes from being made to it. For a program that is promoted as a publishing tool, you'd think its output files could be locked against changes.
I can easily imagine someone making such a mistake and believing it possible to lock the layers of the Acrobat document so the layer with the blackouts couldn't be lifted away from the layer with the text.
"We don't market or sell Acrobat as a redaction tool," an Adobe spokesperson told me when I called to inquire.
He referred me to a company called Appligent, which offers an Acrobat plug-in specifically for redaction of information in government and court documents.
The plug-in is called Redax and is available in two versions, regular and "lite," which sell for $349 and $199, respectively. Both do the same thing, as described in a product data sheet provided by Appligent:
"Redax completely and securely removes information that you select for redaction. It parses the document, physically deletes the selected information, and generates a new redacted document. The deleted information cannot be recovered, because the redacted file is created without it."
The problem with the file released by the Army was that the redacted information was still very much left inside the document. Redax could have solved that.
Normally, redacted documents are delivered in paper form in order to avoid a mistake like this. But the Army was trying to do the right thing in this case: make the report on the killing of an Italian intelligence officer by U.S. troops available electronically so journalists wouldn't have to travel in Baghdad, making themselves potential targets for insurgents.
Acrobat is not, by the way, a bad tool for removing hidden information from Microsoft documents. It does that just fine, since it takes printer output and converts it into a PDF document.
Microsoft also has a tool in Office 2003, which I believe was delivered with an Office Service Pack that will remove some hidden information. In Word, visit Tools>Options>Security and look at the available Privacy options. You should also search Help on "remove hidden" and read the results.
While Adobe doesn't market Acrobat as a redaction tool, it's easy to imagine people using it that way. My hope is that the company will improve the security available in future releases to make it possible to lock down all changes to documentsâ€â€though I suppose a crafty programmer could still find the data hidden below a blackout.
So to protect secret information, the Army (and the rest of us) need to understand the software we use, educate users, andâ€â€for future useâ€â€invest in copies of Redax.
Source
hyeah: Pretty slick, by all means, I must say!