Slashdot Mirror

← Back to Stories (view on slashdot.org)

Incomplete PDF Redaction Leaks Data From UK MoD

Posted by timothy on from the peekaboo-theory dept.

An anonymous reader writes "The UK Ministry of Defence has been left with egg on its face, after a supposedly redacted PDF detailing secrets related to air defence radar systems was published on a parliamentary website. The problem? Whoever did the redacting simply changed the sensitive text to black on a black background, making it possible for anyone to access the information simply by cutting-and-pasting. The incident is particularly embarrassing for the Ministry, as six months ago precisely the same security screw-up occurred — that time related to sensitive information about nuclear submarines."

7 of 171 comments (clear)

  1. Who is in charge of redactions? by artor3 · · Score: 4, Insightful

    Seriously, this exact mistake seems to occur at least a couple times a year. You would think that anyone with enough security clearance to make redactions would, I don't know, take a 4 hour training course on how to use MS Word? Do they hand this job off to interns, or what?

  2. Re:Only safe way to do it... by TheSpoom · · Score: 3, Informative

    Or, y'know, replace the text with "[redacted]". If you black out the text, you're still giving away information on its length.

    --
    It's better to vote for what you want and not get it than to vote for what you don't want and get it.
    - E. Debs
  3. Re:Don't hide information. by JoshuaZ · · Score: 4, Insightful

    There are types of information that every sane person thins should be classified. For example, the engineering details of how to make nuclear weapons should probably be classified. There's a limit to how much of that can be practically classified because those secret are so old, but a similar remark about hydrogen bombs would apply. Similarly, if one country has a high ranking spy in another country's government (say for example the Brits having a North Korean colonel giving them information from the inside), wanting to keep that information secret is reasonable. These are but two of the more clear cut examples. There's a lot of information about the specs of military hardware that could give an enemy advantages if they knew about it. Radar used in defense systems (which is what was leaked in this context) is exactly that sort of thing.

    There are examples where governments try to classify things that they shouldn't. Sometimes they use that as a way of disguising violations of their citizens rights. Other times they use it as a way of covering their asses after they do something incompetent. But it is a mistake to look at the examples where governments have abused their ability to classify things and then conclude that all classification is bad.

  4. Re:Not again by Doc+Ruby · · Score: 3, Insightful

    Because private businesses are competent? We read on Slashdot about their making this same mistake all the time. Why would some temp working for some defense contractor be any better? Especially when those temps are likely to be not just outsourced, but offshored? I can see plenty of, say, Pakistani office temps caring even less about protecting UK government secrets than their equivalent who is actually a citizen of the country at risk when the secret is divulged.

    --

    --
    make install -not war

  5. Classification paranoia by Animats · · Score: 5, Interesting

    Having worked in the classified world (pre 9/11), it was surprising how little military information was classified. The front-line military view of secrecy is that secrecy is a short-term thing. "Where the ship was last week is unclassified. Where the ship was yesterday is confidential. Where the ship is now is secret. Where the ship will be tomorrow is top secret." Sooner or later, if it matters, the enemy will find out what you're up to. Preferably when your attack hits them.

    On the other hand, what your troops, ships and planes can do is generally well known. Too many people have to know. Secret capabilities do exist, but, again, they're time-sensitive. Eventually you have to use the secret weapon, after which it's no longer secret.

    Vulnerabilities are more of a problem. The U.S. Army tried to keep secret the vulnerable spots on a M-1 Abrams tank. But once Iraqi insurgents had found the places on the turret ring to aim at, trying to suppress the pictures of the damage was sort of stupid.

    When planning proposals, we estimated that running a project at SECRET doubled the cost, and running at TOP SECRET quadrupled it. (The clearance process takes many months, the physical security is expensive and slows you down, and worst of all, the people who spend too much time in classified tanks get out of touch technically.) The intel community was willing to pay that price - the military, not so much.

  6. Re:Only safe way to do it... by wvmarle · · Score: 3, Informative

    Indeed. There has been at least one story here on /. a few years ago detailing how in some cases the missing words could be recovered. In that case a document where place names (cities or countries, I forgot) were removed.

    They were recovered by precisely measuring the distance between the non-blacked-out words, the size of the letters of the font used, and then mixing and matching until you found a word (name) that had the correct length in that font. Usually a few matches were found but from the context the correct one was easily deduced.

  7. Re:Don't hide information. by LingNoi · · Score: 4, Informative

    At least Buddhism teaches real things, real values and there's no imaginary persons, as Buddha himself has actually lived. And he said to think and evaluate things with your own brains, instead of following some stupid book.

    Your pedestal opinion of Buddhism will change once you've been in a country with 90+% Buddhists for any length of time. They're no better then Christians, even with pushing their faith on others regardless of the intent of the religion.