Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 05/16/05 issue

PDF user slip-up gives DOD lesson in protecting classified information

By Dawn S. Onley, GCN Staff

The mishandling of an Adobe Portable Document Format memo exposed not only classified information on the Web, but the risks involved when users fail to use software tools correctly.

Multi-National Force-Iraq is investigating how blocks of redacted classified information regarding the shooting, posted recently on its Web site, could be revealed by copying and pasting text into another file format.

Second failure

That classified information re- vealed the second IT failure: Communication problems with voice over IP prevented an Army captain from passing along critical information to troops stationed at a checkpoint along a dangerous stretch of road in Baghdad.

Had the VOIP technology worked, it might have relaxed forces that were set up in battle positions on Route Irish, the road linking downtown Baghdad with Baghdad International Airport. U.S. troops fired on a car carrying Giuliana Sgrena—an Italian journalist who had just been released after being held hostage—and Nicola Calipari, an Italian special agent. Calipari died in the incident, while Sgrena and the car’s driver suffered injuries.

Multi-National Force-Iraq issued a report April 30 in PDF, outlining its investigation of the shooting. That report was posted as an unclassified document, with blocks of classified redacted data obscured from public view. But an Italian blogger discovered that copying and pasting the classified sections into Microsoft Notepad re-vealed the blocked text.

MNF-I now is getting a primer on the proper ways to redact information.

“The procedures that we used [to safeguard the classified information] were inadequate,” Air Force Col. C. Donald Alston, MNF-I’s chief of strategic communications, told the European and Pacific Stars and Stripes newspaper. “We consider this a very serious matter.”

Army Lt. Col. Steven A. Boylan, who works in Multi-National Force-Iraq public affairs, said MNF-I is conducting an internal review to “determine and to help ensure our processes are solid [and] appropriate for our operations.”

Unused tool

The breach arose from not using a redaction tool with Adobe Acrobat, which MNF-I workers used to prepare the PDF, according to John Landwehr, the group manager for security solutions and strategy at Adobe Systems Inc. of San Jose, Calif. Acrobat doesn’t include a redaction tool, but there are applications that work with it.

More news on related topics: Defense IT, IT Security



GCN Popup