Slashdot Mirror
FBI Wiretapping Audit Secrets Uncovered Via Ctrl+C
mytrip notes a story in Wired's Threat Level blog on the latest boneheaded government moves with redaction. (We've been discussing redaction follies here for years.) This time it's an FBI report (PDF) on implementing CALEA — you can select text from redacted areas, copy it, and paste into a text editor, as University of Pennsylvania professor Matt Blaze discovered. From Wired: "Once again, supposedly sensitive information blacked out from a government report turns out to be visible by computer experts armed with the Ctrl+C keys — and that information turns out to be not very sensitive after all... [Among] the tidbits considered too sensitive to be aired publicly: The FBI paid Verizon $2,500 apiece to upgrade 1,140 old telephone switches. Oddly the report didn't redact the total amount paid to the telecom — slightly more than $2.9 million dollars — but somehow the bad guys will win if they knew the number of switches and the cost paid."
The headline and summary made took a minute for me to grasp, I just couldn't understand how you could get data out of something by halting execution.
Then my brain woke up and I realized they were thinking of the Windows command Ctrl+C which copies the marked text..
/Mikael
Greylisting is to SMTP as NAT is to IPv4
Look, the point of blacking out is not just to remove critical information, it is also to get you used to large parts of documents being blacked out. It is a way of hiding a signal within a lot of noise.
By randomly blacking out stuff, you will never know if there is vital information hiding underneath the black text. And you will become more and more accepting of documents that have barely any text at all.
The purpose is, of course, to allow more and more freedom to the agencies doing the blacking out. And less and less to you.
This is a classic example of secrecy being used not for national security but to avoid embarrassment. There are likely thousands of these types of secrets that cost money to keep but that are for no reason at all. Ass clowns.
"Redacted" was apparently implemented by covering the area with a white rectangle. Since the PDF has real text/vector graphics (as opposed to a bitmap), the information is still present in the file and even the standard Acrobat viewer can access it. Someone "Failed at Behaving Intelligently"
Come on, at least make your top secret docs standards compliant. :(</quote> :P
I wanted it to be realistic
The meme is dead, long live the meme!
Sometimes items are redacted because of contractual commitments or confidentiality agreements. Take the example in the story; now, all Verizon's competition needs to do is bid $2,499 per switch and they get the job. So what if they could have supplied the switches at $2,200 and still made a healthy profit - they just need to be low. So that's $299 extra per switch that the government (aka, taxpayers) will have to pay because the competitive bid environment has been contaminated.
But hey, they made their point about evil government masterminds being wholly incompetent, so what does logic matter?
"As God is my witness, I thought turkeys could fly." A. Carlson
Honestly, same here. Some of those headlines are becoming really hard to read.
"Wiretapping": verb. The FBI is wiretapping something. "is" omitted as in many headlines.
"Audit": verb. The FBI's act of wiretapping is auditing something (Huh?)
"Secrets": verb. The Audit of the FBI's wiretapping is leaking something. Wait isn't "secrete" writting with an extra "e"?
"Uncovered": verb, passive. By now I'm sort doubtful I got it right in the fourth attempt.
"Via Ctrl+C": By what?
It took me reading the link in the original post to figure they meant a key press and not a screen name or a publication I wasn't familiar with, also helped me sort the four verbs into some semblance of legal grammar.
How about: "Copy & Paste Reveals FBI Wiretapping Audit Secrets"?
Remember school: Passive is bad for you.
For me, the best part of the article was the link to the NSA redaction guidelines. Interesting reading I suppose, but the fact that throughout the entire paper the screencaps of MS Word had that damn Clippy-substitute cat sitting in the corner was classic. I'm not sure I'd trust someone (even at the NSA) to give me advice on MS Word options and settings when they can't even turn of the animated assistant.
It hurts my brain. The person who (incompetently) redacted the document was probably just following guidelines. My guess is that there's a guideline that says that specific numbers and costs cannot be published in reference to secure systems used by an intelligence or law enforcement agency. Only aggregate costs, as necessary to inform the public and lawmakers.
No conspiracy. No corruption. No deeper meaning than a guideline that requires sticking your neck out and making a case if you want to violate it.
Makes sense, actually, as most intelligence gathering is probably not about sentences like, "John Doe is our super-secret mole in the office of the director", but rather "the phone system has 1100 switches for all of North America, and is taken down every 2 weeks at 1 am for maintenance."
And this leaves me wondering if those who are laughing or outraged at the attempted redaction (as opposed to the incompetence in implementing it) are also the same people who insist that they must have military-grade encryption and anonymous re-routing, using spread-spectrum wireless transmissions to public access facilities, in order to protect their private emails to grandmother. Sigh.