Home » PDF Metadata, PDF Security

Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF

3 Oct 2008 | | No Comment

Ever wondered exactly what the NSA does? Well a guidance paper they released a couple of years ago sheds some light on one area of their work. The guidance paper deals with how to properly edit PDF documents which are going to be released into the wild. It contains some great tips, and not surprisingly, would have saved some people a lot of embarrassment if they had have read it before publicly releasing documents that contained sensitive information.

The guidance paper highlights three common mistakes:

Redaction of text and diagrams

Covering text, charts, tables or diagrams with black rectangles, or highlighting text in black…is not effective, in general, for computer documents distributed across computer networks (i.e. in “softcopy” format). The most common mistake is covering text with black.

Redaction of images

Covering up parts of an image with separate graphics such as black rectangles, or making images “unreadable” by reducing their size, has also been used for redaction of hardcopy printed materials. It is generally not effective for computer documents distributed in softcopy form.

Metadata and document properties

In addition to the visible content of a document, most office tools, such as (Microsoft) Word, contain substantial hidden information about the document. This information is often as sensitive as the original document, and its presence in downgraded or sanitized documents has historically led to compromise.

Source: NSA Information Assurance Division report

An article at cnet news called “Editing tips from the NSA” provides an analysis of the paper along with a few additional tips.

The 13 page (PDF) guidance paper can be downloaded from here:
Redacting with confidence: How to safely publish sanitized reports converted from Word to PDF

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Leave your response!

You must be logged in to post a comment.