Some secrets are trivial, some are critical. It’s probably a matter of perspective, but failing to redact key information from sensitive military memos on nuclear submarine operations would tend to fit most definitions of “critical”.
Ignorance of basic realities about computers and the lack of proper procedures for releasing information is a toxic combination for information security. A failed “attempt to redact” tends to happen for one of a very few reasons:
- The wrong software was used to redact.
- The user mistook another tool (a highlighter, for example) for a redaction tool.
- Ineffective workflows for FOIA or other document-release processing.
In this particular case, a British Ministry of Defense employee made the substantial error of believing that simply adding some color to the background of a word would be “the same” as deleting the words, paragraphs or images from the document.
It was left to the Daily Star, a British tabloid, to alert the Ministry to the all-too-visible text in its supposedly redacted document. As is the case with this sort of mistake, a simple copy-and-paste can make reading the sensitive text quite simple. Anyone can do it with Adobe Reader, or almost any other PDF viewing software.
A day later, the BBC identified two other government departments that have recently released improperly redacted documents.
Solving the Real Problem: The Tools
Felt-tip pens and photocopiers or software, every organization must make the necessary tools available to those processing documents for release, and there’s a wide variety available. One major simplification is to ensure that all redaction occurs using the same software. With a specific software policy in place, the chance of someone using inappropriate software drop across-the-board. If that software is dedicated to redaction, the chances of usage resulting in a failure to redact drop still further.
Solving the Real Problem: Training
The number one cause of redaction errors is the use of an inappropriate tool. Some mistake a black highlighter mark for redaction – it looks “blacked out” so they must be the same, right? Even with the best of intentions, we have to recognize that anyone can make a mistake: The solution is to identify and promote a specific policy for redaction, and train accordingly.
Solving the Real Problem: The Workflow
This latest mistake made by the British Ministry of Defense was the most obvious kind, and therefore, was probably made by someone who hasn’t redacted many documents before (one hopes). Government departments handling FOIA requests tend to highly process-driven, and are less likely to make this sort of error. However, there are always exceptions: Sometimes the work must be performed on-site at a remote location, for example. The right process, and the tools to facilitate it, are invaluable in assuring that the search, markup, review and redaction procedures are all that they need to be.
How we can help
While Adobe Acrobat Professional includes basic redaction capabilities, the software best known for professional-strength document redaction operations is Redax, by Appligent Document Solutions. We invented PDF redaction in 1997; our electronic document redaction solutions for desktop, Redax Enterprise Server and client-server implementations are in use worldwide.
by Duff Johnson