By now I am sure everyone has heard or read about the leak of “classified” information at the TSA caused by improperly redacted documents.
Originally posted at Wandering Aramean it has since been reported and commented on by everyone.
The funny thing is that redaction is well understood technology (I have included a pile of links at the end) and I am positive the TSA employs an entire group of people, FOI Analysts, that are amazingly well versed in the appropriate techniques and processes for properly redacting documents. Yet, as far back as 2000 there have been reports of improperly redacted documents being posted on the net, both government and media alike.
But we keep doing the same thing…
The definition of insanity…doing the same thing over and over again and expecting a different result.
If we don’t train our employees on these redaction processes why do we expect them to do it right?
If we don’t tell them what meta-data is and how it is becoming more and more important to the document handling and processing we do everyday, why do we act surprised when a document gets posted like this?
Forget about PDFs, when was the last time you checked if that document you are working on has the “Track Changes” option turned on? What is your corporate document management policy in this regard?
Do you ever email original documents to customers instead of PDFs? Do you check that the meta-data is removed before you turn it into a PDF?
For that matter have you ever forwarded an email without reading the entire chain of information included in it?
I once received an email, many years and many employers ago, forwarded by a client, that contained information relevant to the consulting contract I was working on. I noticed as I scrolled down the email that it started to contain more and more “internal” information and ultimately revealed the names of all of the other entities I had bid against to win the job and the amounts they bid, as well as the companies internal budget and evaluation criteria for the job.
Information leaks out all over the place, for the most part we don’t notice it because we don’t know where to look or we don;t take the time to look.
Redaction is as much about process as technology!
Redaction is fairly simply about removing information.
If the process to remove the information is flawed, for example putting a black box over the text instead of explicitly replacing the text, then the redaction operation is a failure. This is exactly what happened in the TSA case.
Good redaction tools provide the safeguards to ensure that the released documents do not contain unwanted information. They enforce and track process and ensure proper review and oversight.
Furthermore, I may use the best redaction tools but if I fail to remove the correct information or all the information, for example removing the clause “President of the United States Barack Oba” but leave the last two letters “ma” uncovered I have likely failed in my attempt to redact the information.
Redaction is about much more than black boxes!!
Here is an example I created with Word, of different ways, good and bad, to redact information. Example Redactions
Some links to Redaction Resources