Government Computer News
Without a trace
Digg
De.licio.us
Slashdot
TechnoratiIn this report
The document scrubber’s toolbox
Agencies grappling with ways of ensuring their documents are more secure have several resources at their disposal. The tools and guidance below can be found at www.gcn.com by entering the appropriate number in the Quickfind box.
Microsoft Office 2003/XP: Remove Hidden Data Add-in. It’s only a 270K download and works with Windows 2000 SP4 and Windows XP SP1. Get it now. (Quickfind 532)
Find and Remove Metadata (Hidden Information) in your Legal Documents. This Microsoft resource is helpful for anyone who uses Word, Excel and PowerPoint. (Quickfind 533)
Redacting with Confidence: How to Safely Publish Sanitized Reports Converted from Word to PDF. The National Security Agency guide should be mandatory reading for all government users who create PDF documents. (Quickfind 534)
Trace. Workspace’s free tool for uncovering metadata and hidden data in Office documents. (Quickfind 535)
Document Detective. The software from SRS Technologies of Hunstville, Ala., reviews Microsoft Office and Adobe PDFs for hidden metadata, showing the results. A related product, the Electronic Document Review System, removes hidden and extraneous data. (Quickfind 536)
E-government is all about getting more information in the hands of the citizenry, but maybe the Office of Management and Budget inadvertently carried that idea too far.
In 2002 when Mark Forman, then associate director for IT and e-government at OMB, sent out a document on how to implement the White House’s E-Government Strategy, he offered a bit more information than he thought. The final Word document also contained the last few revisions it went through before heading out the door. Oops.
Fortunately for OMB, the revisions added little more to the public record than simple copy editing changes; no deep, dark secrets were revealed. But it wouldn’t be the last time data seeped out from the hidden crevices of an electronic document.
Out of the black
Last April, when the Defense Department’s Multi-National Force-Iraq unit issued a report on a shooting investigation, it redacted certain portions that were sensitive. But it wasn’t a redaction job well done. An Italian blogger pasted the text of the document into Microsoft Notepad and uncovered the sections that had been blacked out in the published Acrobat Portable Document Format file. Oops.
And late last year, the New York Times pried open a Word document of a presidential speech and discovered that the originator of the White House document (and by extension of the speech itself) was not among Bush’s usual cadre of speechwriters. He was a special adviser with an expertise in swaying public opinion. Oops.
The Justice Department, United Nations, United Kingdom and more than one commercial organization have all suffered similar embarrassments. And such information leaks are starting “to have a higher cost” to organizations, said Ken Rutsky, executive vice president of marketing for Workshare Inc. of San Francisco.
Fortunately, there are simple ways to prevent careless information leaking. Last December, the National Security Agency released guidance on how to clean up your documents before sending them out to the world. The document, Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF, is a good start, but CSOs, office managers and system administrators should know of other dangers lurking in their office software—and how to root them out.
![1105 Government Information Group [purity]](/images/1105logo_website.gif "Government Computer News [purity]")
© 1996-2008 1105 Media, Inc. All Rights Reserved.
