Metadata exposes government secrets

Microsoft Word might be easy to use and feature-rich but goverment employees who use it for sensitive documents may well be publishing redacted, restricted or even classified information.

Microsoft Word might be easy to use and feature-rich but goverment employees who use it for sensitive documents may well be publishing redacted, restricted or even classified information. Word keeps all previous revisions, metadata on everyone who edited, and through Track Changes a record of every letter cut from the document. More than that, when officials redact content, Word typically just applies a blackout layer, which can be peeled back to reveal the underlying content.

 

And it's not just Word. Adobe's PDF has similar problems.

 

Federal Computer Week takes a look at the problem this week and offers some links to some programs that can help. They don't address ODF, however. If anyone knows how OpenOffice/ODF handle this issue, please post.

“Our society spends millions of dollars protecting information from hackers and malicious insiders while spending almost nothing to prevent sensitive information from leaking out in legitimate and routine electronic document exchanges,” said Ronald Hackett, program manager at SRS Technologies’ Systems Solutions Division. The company sells software that finds and removes hidden data.

“Ironically, the biggest threat to sensitive information may be honest users just doing their jobs,” Hackett said.

Microsoft says they're "thinking about" the problem. “It’s something we’re aware of,” said Gray Knowlton, a senior product manager on Microsoft’s development team for the Office application suite. “It’s something we spend a lot of time thinking about.”

Windows XP automatically starts Ad Hoc Review, which records every revision associated with a document. But Vista may be even worse. According to a News.com report on a Gartner warning over Vista's metadata features:

... Microsoft is not paying enough attention to managing the descriptive information, or metadata, that users can add to files to make it easier to find and organize data on a PC, according to Gartner.

"This opens up the possibility of the inadvertent disclosure of this metadata to other users inside and outside of your organization," Gartner analysts Michael Silver and Neil MacDonald wrote in a research note published on Thursday.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All