Copy-and-Paste Reveals Classified U.S. Documents

cyclop writes "In March, U.S. troops in Iraq shot to death Nicola Calipari, the Italian intelligence agent that rescued the kidnapped journalist Giuliana Sgrena. U.S. commission on the incident produced a report which public version was censored for more than one third. Now Italian press is reporting that all confidential information in the report is available to the public, just by copying "hidden" text from the PDF and pasting it in a word processor (Italian). The uncensored report can now be directly downloaded (evil .DOC format, sorry)"

Re:It's illegal to knowingly download classified d

So would I, considering that the people distributing it are in Italy and therefore not subject to US law. Considering how annoyed the Italian government was about the incident and subsequent cover-up, I doubt that they'll agree to an extradition.

Not distributing, just informing

[smoany]

The government did the initial distribution. It just did it unintentionally. Showing how the government did, in-fact, distribute the material itself is certainly not completely free of legal implications, but it is not the same as leaking the classified information. The main questions are: 1) Is it legal to show how to decipher a public transmission of the government to gain more data than intended (no matter how stupid the cypher is). I believe the answer to that question is an emphatic, "no it is illegal", despite what most of us, as technologically literate human beings see as a ton of fun. 2) Should this specific instance of hidden text be considered an encrypted message. Is a message written in Pig Latin considered encrypted? On the other hand, where do we draw the line on how hard an encryption scheme must be to crack before it's considered breaking governmental encryption. (Fellow geeks, please hold off on the comments saying "This is not truly an encrypted message" as for all intents and purposes, this message was unable to be viewed in its intended distribution format.) Tell me what you think! I'm not sure myself.

Re:Irresponsible to post this.

[cyclop]

Since I submitted this story to /., I bite the flamebait.

Personally I have no clear opinions on the Calipari case, because in this cases all information that slips to civilians is of course filtered and in the best case only a pale approximation of the truth. There is too much truly classified information about this, like about anything relating to a war. Truth will perhaps eventually arise, but it's matter of years.

About illegality/irresponsability, well, you have to question not me nor CmdrTaco integrity, but the journalistic integrity of all major Italian media. All sites of prominent Italian newspapers and even Italian national television broadcast service are highlighting this scoop with great fanfare. The link to the unclassified document comes from and is hosted by the Corriere della Sera website, the major Italian newspaper.

So it's plain silly to think /. should have silenced this. If it wasn't me, it would have been someone else to post this.

Moreover someone already pointed out in comments that is better for people that may risk something by this disclosure to know they risk something. The vulnerability was there. It should have been an advantage for someone if it was secret. Being that much publicized, such info it is not an advantage for any enemy more.

Bingo!!!

[alfredo]

bush is even having things classified even after they have been testified to before congress, or been discussed on 60 minutes.
Of course he hasn't gone as far as Reagan who wanted to prosecute them for their testimony before congress even though the info was not classified at the time of the testimony.

The bush administration has leaked classified info when it serves their purposes. Remember Valerie Plame? She was setting up a sting to bust nuclear weapon smugglers.

Sometimes it is in the national interest to leak. Remember when Reagan classified the reports of fraud and waste? Those leaks were in our national interest whereas keeping it classified was not. He made a public show of fighting waste and fraud, but behind the scenes he was not, but at least the issue was before the public eye.

Edmunds is now fighting to have her info heard before congress. Her info points to complacency before and after 9-11. they have classified her info so much she can't even tell congress.

I was an Army spook, I know the arguments. Not everything should be declassified, but waste, fraud, treason should be declassified. The Valerie Plame leak was treason in my opinion.

This is not the first time they have made this type of mistake. Embarrassing them in this way can only make them be more security conscious. Security is about the small things.

Parent is not correct - I am correct

[Ada_Rules]

The rules actually vary a bit from system to system but it is possible to get approval to export unclassified word documents and PDF documents from a classified system if the appropriate procedures are used. In this case this could be: a hoax or, it could be that the proper procedures were not followed or, it could be an intentional leak. Nothing special about those possibilities since they pretty much are the same possibilities with any release of information like this. Check out the response in the annotated NISSPOM Chapter 8 (available within http://www.dss.mil/infoas/index.htm) which has embedded Q&A from an industrial security letter (which carry essentially the same weight as NISSPOM itself) page 12 of the PDF says

36. Issue: Paragraphs 8-306b and 8-310b discuss the "trusted download" process where electronic files and/or media can be created at a classification level lower than the accreditation level of the IS without going into sufficient detail of the review process or program. Because of the many different vendor platforms and applications (e.g., word processing, database, electronic mail, spreadsheets) additional guidance is needed.

Answer: Every vendor's platform and application are unique and each requires a thorough review by the ISSM and DSS before they can be used to create classified or unclassified files and/or media. DSS has developed a "standard" for the trusted download process that can be found at http://www.dss.mil/infoas/index.htm. If the ISSM is unable to implement the DSS "standard," the SSP must include a description of how and why the contractor has deviated from the standard under the vulnerability-reporting requirement of paragraph 8-610a(1)(c). If the ISSM is unable to provide any acceptable countermeasure to mitigate this vulnerability, the ISSM must notify and get acceptance from the GCA/data owner of the additional risk.

Checkpoint ahead! Better "save game"...

[WarPresident]

It's dark, you're travelling on a dangerous road known for ambushes. You can't see the huddled shapes lurking in the darkness behind their vehicles. Suddenly a floodlight paints your vehicle. You can't see anything but the floodlight and shots are fired. American checkpoint or insurgent ambush? Decide quickly, because you'll be killed if you stop and it's insurgents, and you be killed if you don't stop immediately and it's the Americans.

American checkpoints in Iraq are not well-lit traffic-coned "approach the gate and the waving officer slowly" affairs. They block the road at the best place to kill oncomers and hide behind their barriers. It's often the worst place for approaching vehicles to see the roadblock until you're on top of it. By then, they start firing "warning shots" in the general direction of (if not into) your vehicle. It doesn't always play out like that, but dozens of dead Iraqi families can't be wrong...

Re:Oh dear

[Jamu]

Maybe they were thinking: Let's hide this stuff in the main document so that people will believe it when it's "uncovered".