Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Wiretapping Audit Secrets Uncovered Via Ctrl+C

Posted by kdawson on from the c'mon-guys-it's-not-even-obscure dept.

mytrip notes a story in Wired's Threat Level blog on the latest boneheaded government moves with redaction. (We've been discussing redaction follies here for years.) This time it's an FBI report (PDF) on implementing CALEA — you can select text from redacted areas, copy it, and paste into a text editor, as University of Pennsylvania professor Matt Blaze discovered. From Wired: "Once again, supposedly sensitive information blacked out from a government report turns out to be visible by computer experts armed with the Ctrl+C keys — and that information turns out to be not very sensitive after all... [Among] the tidbits considered too sensitive to be aired publicly: The FBI paid Verizon $2,500 apiece to upgrade 1,140 old telephone switches. Oddly the report didn't redact the total amount paid to the telecom — slightly more than $2.9 million dollars — but somehow the bad guys will win if they knew the number of switches and the cost paid."

2 of 231 comments (clear)

  1. It's easy... by johannesg · · Score: 5, Interesting

    Look, the point of blacking out is not just to remove critical information, it is also to get you used to large parts of documents being blacked out. It is a way of hiding a signal within a lot of noise.

    By randomly blacking out stuff, you will never know if there is vital information hiding underneath the black text. And you will become more and more accepting of documents that have barely any text at all.

    The purpose is, of course, to allow more and more freedom to the agencies doing the blacking out. And less and less to you.

  2. The naivete! by wfolta · · Score: 5, Interesting

    It hurts my brain. The person who (incompetently) redacted the document was probably just following guidelines. My guess is that there's a guideline that says that specific numbers and costs cannot be published in reference to secure systems used by an intelligence or law enforcement agency. Only aggregate costs, as necessary to inform the public and lawmakers.

    No conspiracy. No corruption. No deeper meaning than a guideline that requires sticking your neck out and making a case if you want to violate it.

    Makes sense, actually, as most intelligence gathering is probably not about sentences like, "John Doe is our super-secret mole in the office of the director", but rather "the phone system has 1100 switches for all of North America, and is taken down every 2 weeks at 1 am for maintenance."

    And this leaves me wondering if those who are laughing or outraged at the attempted redaction (as opposed to the incompetence in implementing it) are also the same people who insist that they must have military-grade encryption and anonymous re-routing, using spread-spectrum wireless transmissions to public access facilities, in order to protect their private emails to grandmother. Sigh.