Slashdot Mirror
More PDF Blackout Follies
georgewilliamherbert writes "The latest installment of "As the PDF Blackouts Turn" hit today, with a U.S. government apparently releasing a redacted version of their court filing in the Balco grand jury leak case
which merely stuck a black line over the text, which remains available in the document. As with prior documents, entering text cut/paste mode in a normal PDF browser such as Acrobat allows a reader to access the concealed text. Previous incidents include an AT&T filing in the NSA case." This works with Xpdf and KPDF, too; for KPDF, use the selection tool (under the Tools menu) around the redacted section, copy to clipboard, then paste into the text-manipulator of your choice.
Perhaps the people making these "blacked out documents" should be taught a little about Vector Graphics and that a black box is not the same as a sharpie. One word for them 'n00b'!!
Click Click Bloody Click PANCAKES!
we should all just write everything down in pencil. Boo to technology.
Or... they could just find a better technological solution. Seems like a no brainer to me.
(end of post)
Perhaps after another dozen or so incidents they'll decide a little training is appropriate for the folks who are doing the redacting.
I reserve the right to think for myself. Others' opinions are optional. Puppy on lap = typos...not illiteracy.
You would think that people would have learned after the first time around. Apparently not.
--
"And the geek shall inherit the earth."
with a U.S. government apparently releasing a redacted version of their court filing
Which U.S. government?
You can open them directly in Safari and cut/paste into TextEdit too.
I'm not wrong. You haven't thought about it hard enough.
i keep an older version of adobe's acrobat reader for Linux version 5.0 and copy & paste in to a text editor works in it too...
i hate the new acrobat reader. some claim it calls home to the mothership(Adobe) which i dont approve of either (spyware)...
Politics is Treachery, Religion is Brainwashing
What's this in TFA about Barry Bonds and steroids? I had no idea.
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
Redacting electronic documents right is HARD. See, for example, The NSA's guide to redacting word documents as PDF.
Test your net with Netalyzr
Coral cache of the PDF
Anyone into mirroring it?
Slashdot Burying Stories About Slashdot Media Owned
This is pretty ridiculous. Products have existed for years to take care of this sort of thing, such as http://www.appligent.com/products/product_families /redaction.php.
How does this keep happening?
...before they are told to just take a print-screen of the document, page by page, then use a graphics program to install the black boxes over words, then import each image as a page into their PDF creator...
Do not look into laser with remaining eye.
Really nice to know that these folks has taken an apparent cue on safe and secure documents from the folks in Redmond.
On a serious note... this is seriously scary. Imagine if the NSA and other agencies are redacting all of their documents this way an passing them around the world to field offices, embassies and elsewhere.
Imagine the implications during legal proceedings here in the States. Yikes.
The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
A: There is magic marker ink all over the screen!
Unknown host pong.
Leave PDF the way it is. In fact, make it really hard to actually redact something, but put a tool front-and-center that looks like its redacting something.
Then - remove any delete capability from Outlook. Trash is fine, but not delete.
Then - configure all Windows machines to be inherently wide open, so that we may all peer into gov't computers. Oh wait, this is already true.
Sometimes I think those in positions of high gov't power should forfeit practically all privacy for the duration of their term. Put a webcam on these fuckers 24/7. Does that sound... draconian? Unreasonable? Maybe. But after losing billions of dollars in things like Iraq military contract debacles, I don't trust any of these people. They certainly don't trust us.
If Jesus wants me it knows where to find me.
Here's how the NSA recommends redacting files:
5 .PDF
http://www.nsa.gov/snac/vtechrep/I333-TR-015R-200
Is it just me or do they look a little pretensious?
"Snatching defeat from the mouth of victory on a daily basis."
Like .doc, .pdf, and AFAIK the opendoc format.
It's the same old story as with operating systems or anything else: features are usually either a plus or a "don't matter", except when serious security issues are involved, in which case you can't always predict what is benign, whether in and of itself or in combination with other features. Adobe tried to position PDF for all kinds of other things like portable forms and collaboration, but obviously their users are running into the same problems ad MS Word users have with leaking sensitive information.
What there should be is a standard document format for outside release of legal or sensitive documents, that doesn't have any features that could be inadvertantly used. Maybe it is RFT or a stripped down PDF; but something where you can tell the intern to release this press release, and not count on him being smart enough to check for hidden comments and workflow information. It sould be WYSIAYG -- what you see is ALL you get -- and any additional features, other than possibly a small and well defined set of metadata, should parse as an error.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Add a "redact" tool to the existing toolbar!
Why are we publicizing this flaw? We have a US Government in power that increasingly wants to peer into the lives of innocent citizens, while becoming less transparent itself in order to cover up deceit, fraud, abuse, and just plain bumbling incompetence. If these Keystone Kops want to believe that they are criminal masterminds, let them, but don't help them actually cover stuff up!
Having worked for the gov't and knowing that some documents that I have signed and worked on should be redacted, this scares the crap out of me. It's not that I did anything that was illegal or "evil" as google would put it, I just don't want the "bad guys" (terrorists, etc.) knowing my name is attached to anything that resulted in their cohorts arrested or killed on the battlefield (also includes CONUS since 9/11).
Normal average government workers should NOT be redacting, the people who redact should be those who know that if they screw-up, they may be screwing themselves or good friends in the process. Have people do it(redact) who have something to lose.
Just my 2 cents.
"Security by obscurity" :)
This law would instruct the FCC to create a program to certify approved PDF viewers; such viewers must make it impossible for users to steal the redacted data in a file, along with technical measures to prevent tampering with the viewers by hackers. Certified viewers will be made available to the public by software companies on a list of government-approved PDF vendors. After it becomes illegal to own a non-certified pirate PDF viewer, these dangerous information leaks will thankfully become a thing of the past.
For lawyers/courts/etc., redacted (Per Black's Legal Dictionary) means:
The lesson here is this: if you see a word used in a legal context (or any professional context) and it sounds entirely wrong...ask yourself first whether it might have a special meaning before complaining.
"Stumble before you crawl"
Their use of redact is completely correct.
If I am releasing a document for publication and decide to remove information from it, this is redaction. It's editing for publication, which can include the removal of information. It could also include the addition of new information, but that's not what typically happens. Redaction can be a form of self-censorship, but it's not always the same.
Censorship is when a third party, generally a person in authority, suppresses information which is considered objectionable. The 'authority' can be the same as the author (e.g. 'self-censorship'), or the suppression can be indirect -- it need not be editing per se.
It's my understanding that "redact" is used only in reference to written documents that are being edited, while 'censor' is more general and can refer to anything. The terms are closely related, especially in their typical use, but they're not exactly the same. "Redact" is actually a more specific and precise word for what's going on in this instance. We can argue about whether censorship is also going on, but redaction definitely is.
Anyway, arguing about definitions by citing dictionaries is always a bit pedantic, since dictionaries are not authoritative except as a historical reference: they can tell you what a word meant at the time the dictionary was written, but not what it means right now, since a word's definition is determined by its usage. All language is inherently arbitrary: they're just sounds we make or things we write down in order to convey ideas, and the relationship between the sounds/characters and ideas is not fixed, but infinitely variable. If everyone were to decide tomorrow that 'redaction' meant the same thing as 'censorship,' that's what it would mean, and next year's dictionaries would have to be updated to reflect that.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I googled for redacted doctuments, chose some pdfs at random, and found that the text is behind the black bars.
When I started searching, I googled for redact. There were two ads for products that remove the text from the pdf as well as create the black bar. One made it clear that the text would be inaccessible from hackers.
So, why aren't these types of tools being used for all redactions?
Where law ends, tyranny begins -- William Pitt
Congratulations, Slashdot! The FBI will be along shortly to raid your offices on suspicion of violating the DMCA, the Patriot Act, and probably some other bullshit piece of legislation we don't even know about.
Oh, yeah - it's a no-knock warrant, so put your pants on now.
Excuse me, any electronic format, unless it is a bitmap format, will have this problem unless
all the viewers 100% honor the redaction as it's intended. In the case of a bitmap format,
you can burn a black or white rectangle into the original image and then add an annotation
a la TIFF's annotations that contains the original portion of the image that was redacted
in an encrypted format so that it's difficult to expose the redaction- IF you need to have
the redaction exposed. If not, you hand across the redacted image as-is without annotations.
This has NOTHING to do with PDF or ODF at all- trying to make this a connection to these
is bogus to say the least. In this case, I believe that the people doing it used the MS Office
redaction capabilities and then exported the redacted content to PDF, which the export
carried the same sort of redactions across to the other format. What happened is because
someone didn't understand the tools they were using, not because of PDF or ODF.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
If redacting is the "the careful editing of a document", obviously this wasn't a redacted PDF.
Reduce, reuse, cycle
While you make a good point, the people who have to use computers to accomplish their jobs, but do not make an attempt to understand how they work (and just treat them like "black boxes") are taking an enormous risk. They are hitching the metaphorical wagon of their livelihood to a team of horses that they don't know shit about.
If you were somebody who made your living in television, but didn't understand anything about it, you would likewise be taking a great risk. You might, for instance, look like a big idiot when you show up to work at your anchor desk wearing a horizontally pinstriped shirt (which looks like ass on TV because of the Moire effect between the lines on the shirt and the TV scanlines). If you had understood the technology a little better, you might not have done that. That's a trivial example -- undoubtedly if you were a TV anchor, you'd learn or be told at some point not to wear a shirt like that without having to learn about scanlines -- but I hope you see my point.
Whenever you use a technology without learning about it, you accept a certain amount of risk. Sometimes, you gamble and win: you just use the technology, get your job done, and nobody's the wiser. You're faster, more efficient, more competitive, you look like a hero to your boss, whatever. But if the technology doesn't work, then you're SOL -- but that's the price you pay for not understanding it. That's the risk you accepted when you said to yourself "eh, I don't really care what goes on inside there."
In the case of PDF, we have a lot of people using a certain technology without knowing anything about how it works, and thus -- like the TV anchor in his pinstriped shirt (or a weatherman wearing chroma-key blue or green) -- you get these gaffes.
I'm not saying that everybody needs to learn about how everything they use all day works, down to the bare metal. Virtually nobody needs to know that, except perhaps people who are doing things that are so dangerous that they can't afford to fuck up. However, people should be aware of the tradeoff they're making and the risk they're accepting when they forgo figuring out the internal details of a system and simply accept it as a whole, on faith that it will always work a certain way. As long as people are aware of that decision, and make it consiously, and accept the results, you can't ask for more.
Generally speaking: faith is a fine thing, as long as you know when you're relying on it. It's when you thought you were relying on something else, and find out that you had nothing but faith, that a problem has occured.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I am pretty sure that rasterized PDF documents violate government disability-access guidelines, since they can't be read with screenreaders, braille terminals, or basically anything other than a set of human eyes (or a good OCR program).
They would be a lot better off going through the document in Word (or Notepad/Textedit/vi/EMACS/whatever) and just selecting the regions of text that they want to remove, and replacing it with [-- TEXT REMOVED --] or even [REDACTED]. If they were really slick, I'm sure somebody could write a little macro to replace the text with an equivalent number of characters of whitespace or random text or dashes, to preserve formatting. (Okay, so to really preserve the formatting it would have to be replaced with characters that have the same amount width as the deleted characters; maybe there's a font-set containing various widths of whitespace characters that they could use? In TeX it would be trivial.)
The results would be ugly (but really, were black bars ever very beautiful?) but at least it would actually remove the information, and wouldn't result in an inaccessible, rasterized document.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Why doesn't Adobe upgrade their PDF generators to include a "Real Redact" button that actually deletes the redacted data? They could sell it to governments at the usual 1000x government markup rate, and the government would probably still save money vs the fallout from these illusory blackout follies. Neither the government nor Adobe is in the "freedom of information" camp. Maybe the government just refuses to buy an upgrade because that would save money overall.
--
make install -not war
"If you want my opinion (or even if you don't...:-p) this is the achelle's(sp) heel of our society today, most people are lazy bastards that just want to get done with somethign without learning anything about it."
"Another thing that pisses me off is incopetence."
Oh, the irony.
CLI programs are REALLY useful to look at "hidden" content.
'pdftotext' comes with xpdf & is even available natively on windows.
Similarly, for MS Word documents, you may use 'antiword', 'catdoc', and 'wv'.
These programs are quite nice in that they can easily batch-process a lot of documents & then you can go grepping through them for interesting tidbits.
(On the GUI front, evince deserves a plug. It uses the same poppler backend as xpdf and kpdf. I used to use tiny & fast xpdf for most of my pdf viewing, but evince has a few nice features which xpdf lacks & has become my personal favorite pdf viewer.)
The industry at large (Microsoft being a big offender) has been trying to get us to a this magical place where everything is system and location independent and this is where we end up:
1) FTP sites in Windows Explorer look like regular Windows folders. People expect them to work like regular folders. I had a field sales force try to "share" an Excel spreadsheet expecting the others to get a "Read Only" copy just like would happen on a local network share. Overwriting madness ensued. You can't blame them, there was no indication that it would work differently. Asking them to understand FTP is like accounting expecting me to fully understand the accounting rules behind my IT purchases.
2) A manager where I used to work had an Excel spreadsheet with payroll data for the entire company. He wanted to send each department their subset of the data. So he filtered his spreadsheet and sent the filtered lists to each department not knowing that he was sending each department the whole list under teh covers. Luckily, the file was 30MB and choked in the mail server and I was able to bail him out of that huge mistake. But you really can't blame him - he saw something on the screen and sent "it". There should be an indication of underlying data. BTW, doing a cut and paste special made each file about 25k or so.
Same thing with this PDF error. If your file shows certain information, it should contain that information only or indicate (or warn) otherwise.
By "simplifying" everything, nobody knows what's really going on. A couple times per week I have to explain some type of issue to some user about how "It's really more complicated than that, see Windows (or an app) hides this from you." User roll eyes as their simple task has become obscurely complicated - all in the name of making things "easier" to understand, ironically.
If something works different, it should be displayed different - that at least gives the user a chance to question what they are doing.
Does anyone think that this may not have been an oversight, and that someone knew the geeks would figure it out (like we did before) and wanted it to be leaked??? I know it's giving someone a lot of credit, but stranger things have happened...
"But this one goes to 11!"
If black squares count as a "technical measure" protecting access to a work... ? Someone actually should go ahead and launch this suit, to draw attention to the DMCA's shittiness.
My turnips listen for the soft cry of your love
They say you should open the original document in Word and EDIT the document by replacing the redacted text with a bunch of X's then print it to a PDF. That's a fundamentally different process than redacting. It's editing, and the temptation to ALTER the document would be huge. Also what would you do if you don't have the original Word document?
Doing it right isn't so hard. You want to end up with a graphical only PDF of the document that has been redacted. (I can't believe I'm about to give the NSA good advise on how to keep secrets!)
Use acrobat to mark out all of the evidence of your wrongdoing (oops I meant mark out anything classified...) Save it. Open it in a third party pdf program like FoxitPDF reader. Print it to a new pdf file using you PDFwriter of PDFdistiller print driver. You should now have a completely graphical pdf with no embedded text in the file. This is just as good as printing it, redacting it, then scanning it (which would be another good procedure.)
It may look all blocky and pixelated but redacted documents from the government always look like crap.
-- QED
Assuming the original document was in Word format, I'm surprised they didn't use Microsoft's freely available redaction add-in.
The irony here is that you're complaining about people being "so damn lazy that they can't do a little research" when you haven't taken the (very small) amount of time researching how to correctly spell Achilles.
)
that is all
I wonder whether it's possible some of the people doing this really want the truth to come out? That someone "accidentally" screwed this up?
Oh, wait, we're talking about the government?
Nevermind.
Using Evince, GNOME's document viewer, you don't even have to copy to another document. Merely selecting the "redacted" text shows the actual text.
Protect your browser with the Force Safe Search add-on
Those ignoramuses!
The proper way to conceal the information is to apply white out on the monitor!
This reminds me of the Homer Simpson's "Mister X" Web site :)
I have never understood why people are so damn lazy that they can't do a little research into what they are doing. People juat want results, not knowlege about what they are doing.
You mean like when people are too lazy to spell check their posts on Slashdot? Look, most people can usually excuse spelling and grammar mistakes but your argument would be much stronger without the brazen hypocrisy.
Okay... this is what is considered secured??
...]
Using a STANDARD pdf handling tool:
% pdftotext BALCO_quash_subpoena_sfchronicle.pdf
From the PDF->TXT file:
[snipped to first line before the "blacked out section"]
C. Movants' Efforts to Obtain the Secret Grand Jury Transcripts
[beginning of first blacked out section]
Prior to the return of the Balco indictments, the lead defendant, Victor Conte ("Conte"), began to correspond via e-mail with Movants. (See Ex. 1 to Donnelan Aff.). Neither Movants nor Conte attempted to keep their relationship confidential, as the e-mail correspondence routinely was reported by Movants.2 (Exs. 1, 2, 3, and 11 to Donnelan 1
[... snipped for berevity
On June 23, 2004, Fainaru-Wada sent an e-mail to Conte indicating that he (Fainaru-Wada) was busy working on some stories that may be "up on the web soon. Hope you like t
hem." (Ex. T to Hershman Decl.). Conte responded that he was looking forward to seeing the article and that his lawyer would be available for comment. (Id.).
[end of first blacked out section]
D. Disclosure of the Montgomery Grand Jury Transcript On June 24, 2004
[more, but why post it when you can read it yourself!?]
Okay... WTF!? Doesn't ANYONE check this stuff before it goes out the door!?
OMG! Wonder if this is how our private documents are "made safe"....
Winged Power Photography