Begin forwarded message:
From: Matt Blaze <mab@crypto.com>
Date: May 17, 2008 6:45:11 PM EDT
To: David Farber <dave@farber.net>
Subject: "Redacted" DoJ PDFs still leaking confidential data
Dave,
For IP if you'd like.
As someone whose research involves wiretapping and
surveillance technology, I read with some interest a
recent DoJ Inspector General's audit report on the FBI's
CALEA implementation efforts. I was particularly
interested in some of the numbers, which seem to contradict
the FBI's claims that some wiretapping vulnerabilities my
grad students and I discovered a couple of years ago
had been largely fixed.
But I was particularly surprised when I tried to cut and
paste some of the text from the (redacted) PDF report into
an email message to one of my students, and some redacted
data appeared in the message. Sure enough, the "sensitive"
data in some of the report's tables was redacted simply by
covering it with an opaque PDF layer, widely known to be an
insecure -- and completely ineffective -- technique for
obfuscating sensitive information. The opaque layer is
easily removed by Acrobat or simply by cutting and pasting.
Data leaks from ineffectively redacted PDFs go back for
years, and the DoJ itself has been burned by this several
times already; one would think the government might have
learned by now. In this case, the "sensitive" data is
fairly innocuous (and, I'd argue, was data the public has a
legitimate right to know in any case). But if this represents
the DoJ's normal redaction practices, next time it could just
as easily be a court filing containing the names of
confidential informants.
Last night, after I blogged about it, the DoJ took the entire
web site for its Office of the Inspector General off the air,
presumably to check for other leaky PDFs.
For the original leaky PDF and context, see my
blog post at
http://www.crypto.com/blog/calea_retrobugs/
-matt