Document redaction has come a long way, but even in the time we’re in now, it’s still reaching its full potential. We spoke previously about the NSA standards concerning document redaction. And just this week, it appears as though those standards have been completely tested, and penetrated.
The Manafort Trial
The Manafort trial has exposed some serious flaws in the methods the federal government employs and lawyers use to redact documents. Paul Manafort, has been part of the on-going FBI and Special Counsel Investigation of the Russian government’s efforts to interfere with the US 2016 presidential elections. That was until documents that were released with classified information redacted were then unredacted by simply copying the redacted text and pasting it into another editor such as Microsoft Word. Regardless of your political affiliation, the heart of the matter is that classified documents that were subsequently released with redactions were fully exposed, and all the information within them was exposed. Agencies and lawyers found out the hard way that NSA redaction can be easily worked around when it’s not done properly. This revelation means that many of the electronic documents released by the federal government and possibly lawyers can be manipulated with a very simple tool – Copy and Paste.
What Happens Next?
While it’s anyone’s guess how our federal government and lawyers will react to past document releases, one thing is sure: if they intend on honoring redaction policies and rules, they are going to need to find better software for conducting redaction work. If not, they’ll just be inviting what happened in the Manafort investigation – redacted documents with top secret information being released to the masses. And one could argue this type of breach is even worse than the Wikipedia breach of Department of Defense documents.
'Burning' vs. Overlay
The technique instructed by the NSA is known as overlaying, whereby the redaction is placed over the typed words, and saved as a file feature. This is the major flaw with overlay techniques: they do not account for how software coding affects the tools and functions within a given version of software, especially when those versions are updated. To be fair, the NSA has always stated that any sensitive information needs to be deleted from a given document, rather than redaction. However, it is clear from the Manafort trial that the various agencies in federal government are not following all the guidelines mapped out by the NSA. The use of overlay techniques may be exposing millions upon millions of public released documents to the same flaws as these documents, meaning that information not otherwise shared are now vulnerable and ready to be divulged to people not otherwise intended.
Burning techniques are much better, and they do account software coding and all their externalities. By burning redaction marks into the document, the marks themselves become part of the document, as if the words they are covering, were never there. This makes things like Copy and Paste, or other tools designed for re-imaging the document useless for removing or altering the redaction marks.
Burning takes the redaction marks as normally seen in documents, and rather than merely placing them over the words, the software then “burns” it. You can think of this process as equalizing of the ink. You have a document with black characters on it that spell out words. Certain words need to be redacted. The redaction marks are synced to the ink color used by the words, and then absorbed into the words, making it so that the words on the document disappear. There’s no way to bring to words back, it’s like they were never there to begin with. All that is left is the redaction mark. Try as the might, people trying to reverse the mark will find it impossible. They can’t even re-code the document to reverse it, because the code within the document that held the word is entirely altered by the burned redaction mark.
There are very few software vendors out there that incorporate this type of technique, because the software itself has to be coded, from scratch. This is the second part of burning techniques – if the coding that provides you the tool has been borrowed from other software code, the likelihood of that redaction tool being compromised later down the road is very high. If you are going to use redaction software, you need to purchase from a vendor that writes their own code, and is constantly improving upon the code. Companies that build word processing software don’t do this kind of work, and they don’t have the inclination to do so. Using overlay techniques is only going to expose your sensitive information. Redaction compromise is real. CaseGuard Studio incorporates both principles; burning techniques, and original code. The software eliminates the ability of anyone to ever reveal what you’ve redacted.
Burning techniques and original coding are the keys to having confidence in your document redaction. If you haven’t asked these questions about your redaction software, it’s time that you did. You need to have peace of mind after you’ve disseminated a redacted document, and you certainly don’t want your sensitive information winding up on various media outlets or the internet.
Be safe out there!