"Military Mistake Caused Data Leak"

3 May 2005 - 6:35am
9 years ago
6 replies
872 reads
Petteri Hiisilä
2004

Shouldn't the US Army document management software have a _working_
black ink button instead of the disappearing black ink button?

I wonder how many millions of $$$ will be spent to prevent this kind of
"human error" in the future. Luckily I don't pay my taxes to US :)

Best,
Petteri

*****

http://www.portervillerecorder.com/articles/2005/05/02/ap/hitech/d89ra3m00.txt

Military Mistake Caused Data Leak

By ANICK JESDANUN

NEW YORK - Just a few clicks were enough to reveal names, training
procedures and other secrets the U.S. military thought it had blacked
out from an electronic report.

The data leak resulted from a type of mistake that is becoming
increasingly common as government agencies and corporations scrap paper
in favor of cheaper, faster distribution online.

"Software is basically a lot more complicated than mechanical
typewriters, whiteout and black ink," said Richard M. Smith, a privacy
and security consultant in Cambridge, Mass.

The U.S. military command in Baghdad produced the report in Adobe
Systems Inc.'s popular Portable Document Format, or PDF, and posted it
on the command's Web site Saturday. Its investigation cleared American
soldiers of wrongdoing in the shooting of an Italian agent in Baghdad.

The blacked-out portions included names of soldiers at Iraqi checkpoints
and their units. The material also discussed training for checkpoint
duty, checkpoint procedures and general security in the Baghdad area,
including the number of attacks since November.

John Landwehr, Adobe's director of security solutions and strategies,
examined the document Monday and suggested its censors "simply put black
rectangles over the text and did not delete any of the text itself from
the documents. They were trying to do redaction with something not
designed to do redaction."

By simply opening the document in Adobe's free Acrobat Reader, hitting
the "select text" button, copying and then pasting all the text into any
word processor, readers can see what's buried beneath.

The military admits it goofed.

"We need to improve our procedures. We regret this happened. We
obviously didn't take sufficient precautions," said U.S. Air Force Col.
Donald Alston, a spokesman for U.S.-led forces. He added that some of
the leaked information appeared classified.

The full report, with the black marks removed, first appeared on some
Italian Web sites, including that of the newspaper La Repubblica.

Landwehr said companies and governments needing to delete secrets should
turn to third-party redaction tools like Appligent Inc.'s Redax.

Smith suggested going further: Print the document, use markers to black
out text and scan the document back in. Relying on a purely electronic
copy, he said, spells trouble.

"Generally, it's a bad idea to send out electronic documents in
sensitive situations," Smith said. "There can be all sorts of little
things that can pop out."

Besides offering the ability to uncover blacked-out text, many documents
carry "metadata" _ embedded information like the document's author and
company. Users of Microsoft Corp.'s Word also routinely send files
embedded with previous drafts, all revealed with a few clicks.

Smith used details hidden in one document years ago to help the FBI
track down the author of the damaging "Melissa" computer virus.

Many lawyers have turned to PDF to prevent the Word leakage, said Albert
Barsocchini, an attorney and director of professional services at
Guidance Software Inc., which makes tools for recovering data.

The military breach is "another wake up that they have to go another
step further," Barsocchini said.

The U.S. government has made similar mistakes before.

Large portions of a sensitive, 186-page Justice Department report about
hiring and promoting minorities as federal prosecutors was digitally
blacked out in late 2003, but savvy computer users could read the entire
report.

The Department of Homeland Security warned businesses about hackers
breaking into PBX telephone networks in June 2003, but every word of its
electronic warning _ even passages thought deleted _ could be viewed.

And the Army in March 2001 inadvertently disclosed a rash of drowning
during training exercises at one post by crews aboard Bradley armored
vehicles.

"I'm surprised there hasn't been a more formal review that says when you
release documents electronically, they have to be scrubbed with certain
tools or procedures," said Ron Gula, who runs Tenable Network Security
Inc. and used to test the security of government computers for the
National Security Agency. Placing blame for such breaches is difficult,
though.

"I would hesitate to call it stupidity," said Steven Aftergood, senior
research analyst with the Federation of American Scientists' Project on
Government Secrecy. "It's something no one would know unless they learn
it, and it's an easy mistake to make. Unfortunately, sometimes the only
way to learn is to do it the wrong way."

Associated Press writer Ted Bridis in Washington and Jamie Tarabay in
Baghdad contributed to this report.

A service of the Associated Press(AP)

--
Petteri Hiisilä
Palveluarkkitehti / Interaction Designer /
Alma Media Interactive Oy / NWS /
+358505050123 / petteri.hiisila at almamedia.fi

"I was told there's a miracle for each day that I try"
- John Petrucci

Comments

3 May 2005 - 8:24am
Wendy Fischer
2004

Hmm...usability issues in Adobe Acrobat or just bad training, or a combination of both?

Petteri Hiisilä <petteri.hiisila at luukku.com> wrote:[Please voluntarily trim replies to include only relevant quoted material.]

Shouldn't the US Army document management software have a _working_
black ink button instead of the disappearing black ink button?

I wonder how many millions of $$$ will be spent to prevent this kind of
"human error" in the future. Luckily I don't pay my taxes to US :)

Best,
Petteri

*****

http://www.portervillerecorder.com/articles/2005/05/02/ap/hitech/d89ra3m00.txt

Military Mistake Caused Data Leak

By ANICK JESDANUN

NEW YORK - Just a few clicks were enough to reveal names, training
procedures and other secrets the U.S. military thought it had blacked
out from an electronic report.

The data leak resulted from a type of mistake that is becoming
increasingly common as government agencies and corporations scrap paper
in favor of cheaper, faster distribution online.

"Software is basically a lot more complicated than mechanical
typewriters, whiteout and black ink," said Richard M. Smith, a privacy
and security consultant in Cambridge, Mass.

The U.S. military command in Baghdad produced the report in Adobe
Systems Inc.'s popular Portable Document Format, or PDF, and posted it
on the command's Web site Saturday. Its investigation cleared American
soldiers of wrongdoing in the shooting of an Italian agent in Baghdad.

The blacked-out portions included names of soldiers at Iraqi checkpoints
and their units. The material also discussed training for checkpoint
duty, checkpoint procedures and general security in the Baghdad area,
including the number of attacks since November.

John Landwehr, Adobe's director of security solutions and strategies,
examined the document Monday and suggested its censors "simply put black
rectangles over the text and did not delete any of the text itself from
the documents. They were trying to do redaction with something not
designed to do redaction."

By simply opening the document in Adobe's free Acrobat Reader, hitting
the "select text" button, copying and then pasting all the text into any
word processor, readers can see what's buried beneath.

The military admits it goofed.

"We need to improve our procedures. We regret this happened. We
obviously didn't take sufficient precautions," said U.S. Air Force Col.
Donald Alston, a spokesman for U.S.-led forces. He added that some of
the leaked information appeared classified.

The full report, with the black marks removed, first appeared on some
Italian Web sites, including that of the newspaper La Repubblica.

Landwehr said companies and governments needing to delete secrets should
turn to third-party redaction tools like Appligent Inc.'s Redax.

Smith suggested going further: Print the document, use markers to black
out text and scan the document back in. Relying on a purely electronic
copy, he said, spells trouble.

"Generally, it's a bad idea to send out electronic documents in
sensitive situations," Smith said. "There can be all sorts of little
things that can pop out."

Besides offering the ability to uncover blacked-out text, many documents
carry "metadata" _ embedded information like the document's author and
company. Users of Microsoft Corp.'s Word also routinely send files
embedded with previous drafts, all revealed with a few clicks.

Smith used details hidden in one document years ago to help the FBI
track down the author of the damaging "Melissa" computer virus.

Many lawyers have turned to PDF to prevent the Word leakage, said Albert
Barsocchini, an attorney and director of professional services at
Guidance Software Inc., which makes tools for recovering data.

The military breach is "another wake up that they have to go another
step further," Barsocchini said.

The U.S. government has made similar mistakes before.

Large portions of a sensitive, 186-page Justice Department report about
hiring and promoting minorities as federal prosecutors was digitally
blacked out in late 2003, but savvy computer users could read the entire
report.

The Department of Homeland Security warned businesses about hackers
breaking into PBX telephone networks in June 2003, but every word of its
electronic warning _ even passages thought deleted _ could be viewed.

And the Army in March 2001 inadvertently disclosed a rash of drowning
during training exercises at one post by crews aboard Bradley armored
vehicles.

"I'm surprised there hasn't been a more formal review that says when you
release documents electronically, they have to be scrubbed with certain
tools or procedures," said Ron Gula, who runs Tenable Network Security
Inc. and used to test the security of government computers for the
National Security Agency. Placing blame for such breaches is difficult,
though.

"I would hesitate to call it stupidity," said Steven Aftergood, senior
research analyst with the Federation of American Scientists' Project on
Government Secrecy. "It's something no one would know unless they learn
it, and it's an easy mistake to make. Unfortunately, sometimes the only
way to learn is to do it the wrong way."

Associated Press writer Ted Bridis in Washington and Jamie Tarabay in
Baghdad contributed to this report.

A service of the Associated Press(AP)

--
Petteri Hiisilä
Palveluarkkitehti / Interaction Designer /
Alma Media Interactive Oy / NWS /
+358505050123 / petteri.hiisila at almamedia.fi

"I was told there's a miracle for each day that I try"
- John Petrucci

_______________________________________________
Welcome to the Interaction Design Group!
To post to this list ....... discuss at ixdg.org
(Un)Subscription Options ... http://discuss.ixdg.org/
Announcements List ......... http://subscribe-announce.ixdg.org/
Questions .................. lists at ixdg.org
Home ....................... http://ixdg.org/

3 May 2005 - 8:38am
Petteri Hiisilä
2004

>> */Petteri Hiisilä <petteri.hiisila at luukku.com>/* wrote:
>>
>> Shouldn't the US Army document management software have a _working_
>> black ink button instead of the disappearing black ink button?
>>
>> I wonder how many millions of $$$ will be spent to prevent this kind of
>> "human error" in the future. Luckily I don't pay my taxes to US :)

Wendy Fischer wrote:
> Hmm...usability issues in Adobe Acrobat or just bad training, or a
> combination of both?

Well, both :) Usability issues cause training issues.

From the computer's point of view it's silly to think that drawing a
black rectangle over the text will erase it.

From the human mind's point of view it's silly to think that drawing a
black rectangle over the text will NOT erase it.

- petteri

--
Petteri Hiisilä
Palveluarkkitehti / Interaction Designer /
Alma Media Interactive Oy / NWS /
+358505050123 / petteri.hiisila at almamedia.fi

"I was told there's a miracle for each day that I try"
- John Petrucci

3 May 2005 - 8:52am
Jack L. Moffett
2005

> From the human mind's point of view it's silly to think that drawing a
> black rectangle over the text will NOT erase it.

Very true. However, in this instance, how do you go about addressing the
issue? You don't want to disallow the drawing of objects over text, as this
is something that someone may legitimately need to be able to do. A dialog
every time an object is drawn or dropped over text would be annoying.
Warnings appearing during the launch of the application or the saving of a
document won't necessarily be read. I'm not sure it would be possible to
make the presence of a redaction tool so glaringly obvious that nobody would
even consider using the rectangle tool.

This seems to be much more a training issue than a usability issue.

Jack

Jack L. Moffett
Interaction Designer
inmedius
412.690.2360 x219
http://www.inmedius.com

When I am working on a problem,
I never think about beauty.
I think only of how to solve the problem.

But when I have finished,
if the solution is not beautiful,
I know it is wrong.

- R. Buckminster Fuller

***********************************************************************
Confidentiality Note: The information contained in this email and document(s) attached are for the exclusive use of the addressee and contains confidential, privileged and non-disclosable information. If the recipient of this email is not the addressee, such recipient is strictly prohibited from reading, photocopying, distributing or otherwise using this email or its contents in any way.
***********************************************************************

3 May 2005 - 9:05am
James Melzer
2004

I think the solution is much more straightforward - the US federal
government is Adobe's largest customer. They just requested a new
function very publicly: redaction that actually redacts. It you
highlight a chunk of text or an image or anything and select the new
'redact' option, it will be deleted utterly from the document and
replaced with a black box. Could it be clearer?

~ James

On 5/3/05, Jack L. Moffett <jmoffett at inmedius.com> wrote:
> [Please voluntarily trim replies to include only relevant quoted material.]
>
> > From the human mind's point of view it's silly to think that drawing a
> > black rectangle over the text will NOT erase it.
>
> Very true. However, in this instance, how do you go about addressing the
> issue? You don't want to disallow the drawing of objects over text, as this
> is something that someone may legitimately need to be able to do. A dialog
> every time an object is drawn or dropped over text would be annoying.
> Warnings appearing during the launch of the application or the saving of a
> document won't necessarily be read. I'm not sure it would be possible to
> make the presence of a redaction tool so glaringly obvious that nobody would
> even consider using the rectangle tool.
>
> This seems to be much more a training issue than a usability issue.
>
> Jack
>
> Jack L. Moffett
> Interaction Designer
> inmedius
> 412.690.2360 x219
> http://www.inmedius.com
>
> When I am working on a problem,
> I never think about beauty.
> I think only of how to solve the problem.
>
> But when I have finished,
> if the solution is not beautiful,
> I know it is wrong.
>
> - R. Buckminster Fuller
>
> ***********************************************************************
> Confidentiality Note: The information contained in this email and document(s) attached are for the exclusive use of the addressee and contains confidential, privileged and non-disclosable information. If the recipient of this email is not the addressee, such recipient is strictly prohibited from reading, photocopying, distributing or otherwise using this email or its contents in any way.
> ***********************************************************************
> _______________________________________________
> Welcome to the Interaction Design Group!
> To post to this list ....... discuss at ixdg.org
> (Un)Subscription Options ... http://discuss.ixdg.org/
> Announcements List ......... http://subscribe-announce.ixdg.org/
> Questions .................. lists at ixdg.org
> Home ....................... http://ixdg.org/
>

--
James Melzer

--------------------------------------
"Choice, the problem is choice." - Neo

3 May 2005 - 9:13am
Josh Seiden
2003

> > From the human mind's point of view it's silly to
> think that drawing a
> > black rectangle over the text will NOT erase it.
>
> Very true. However, in this instance, how do you go
> about addressing the
> issue?

You solve it by designing *redaction software* for the
military and intel communities.

Software design for the free and promiscuous
distribution of the printed word should not be
deployed in the halls of the CIA.

JS

3 May 2005 - 10:48am
Janet M. Six
2003

Agreed!

Janet Six
Lone Star Interaction Design

Josh Seiden wrote:
> [Please voluntarily trim replies to include only relevant quoted material.]
>
>
>>>From the human mind's point of view it's silly to
>>
>>think that drawing a
>>
>>>black rectangle over the text will NOT erase it.
>>
>>Very true. However, in this instance, how do you go
>>about addressing the
>>issue?
>
>
> You solve it by designing *redaction software* for the
> military and intel communities.
>
> Software design for the free and promiscuous
> distribution of the printed word should not be
> deployed in the halls of the CIA.
>
> JS
> _______________________________________________
> Welcome to the Interaction Design Group!
> To post to this list ....... discuss at ixdg.org
> (Un)Subscription Options ... http://discuss.ixdg.org/
> Announcements List ......... http://subscribe-announce.ixdg.org/
> Questions .................. lists at ixdg.org
> Home ....................... http://ixdg.org/
>

Syndicate content Get the feed