Accidental publicist

 

Connecting state and local government leaders

Agencies are risking the unwitting release of sensitive information using popular office software.

A new front line of national and corporate security is emerging, and some of the most common document applications, including Microsoft Word documents and PDFs, are putting people on it without their knowledge. In the past several years, federal agencies and private-sector companies have released documents on the Internet that they thought did not contain sensitive content, but they actually did. That has led to embarrassment, scandals, firings and national security breaches when unintended readers discovered the hidden data. At least 20 press reports between October 2000 and December 2005 show that the release of hidden, sensitive data is a serious and pervasive problem. For example, a July 2005 Pentagon report on cyberattackers, saved as a PDF, included data hidden in the structure of the documents that listed the IP addresses of attacked Defense Department computers, making them vulnerable to future assaults. The New England Journal of Medicine revealed last December that Merck had deleted information connecting its Vioxx painkiller to an increased risk of heart attack from a major study on the drug that the company submitted in 2000. The authors wrote the study in Microsoft Word, which retained the deleted text as part of the application's Track Changes function. Merck stopped selling Vioxx in 2004 and is paying hundreds of millions of dollars on thousands of lawsuits based on health problems and deaths linked to the drug. A March 2004 study by the Institute of Electrical and Electronics Engineers found that of 100,000 documents surveyed, half contained 10 to 50 hidden words, one-third had 50 to 500 hidden words, and 10 percent had more than 500 hidden words. 'Our society spends millions of dollars protecting information from hackers and malicious insiders while spending almost nothing to prevent sensitive information from leaking out in legitimate and routine electronic document exchanges,' said Ronald Hackett, program manager at SRS Technologies' Systems Solutions Division. The company sells software that finds and removes hidden data. 'Ironically, the biggest threat to sensitive information may be honest users just doing their jobs,' Hackett said.A lot of work must be done to educate users and vendors about document security, said Paul Stamp, a senior analyst at Forrester Research. Government and industry users need tools to access and deal with hidden data. He said document management vendors are beginning to recognize the problem of accidentally releasing sensitive data. 'It's something we're aware of,' said Gray Knowlton, a senior product manager on Microsoft's development team for the Office application suite. 'It's something we spend a lot of time thinking about.'But is enough being done to prevent avoidable losses? With few tools and little training available to teach people how to remove hidden information, Hackett and other analysts said, the problem is likely to continue. The causes of much of the hidden data problem are users' ignorance of how digital documents work and software companies' tendency to give customers too much of what they want ' ease of use and flexibility. The core of the issue is the 'what you see is what you get' (WYSIWYG) concept, a driving force behind the evolution of application user interfaces for the past 30 years. The idea is to conceal software's inner workings from users so that the documents on their screens seemingly mirror how the final versions will appear to others.Whereas paper documents have only two sides separated by a fraction of an inch of pressed wood pulp, digital documents are small file systems within their larger applications. They can contain reams of material ' including metadata, older versions and deleted items ' in multiple layers that don't appear on the screen or in printouts. 'Paper is WYSIWYG,' said Andrew Jaquith, a senior analyst at the Yankee Group. 'What you see in an electronic document is not necessarily what you get. It's everything ever done with the document that may still be in it.' WYSIWYG interfaces encourage users to act as they would in the real world, which provides a false sense of security, Jaquith said. Removing data from a digital document is not the same as using an eraser or a permanent marker on a paper one. Another common problem with hidden data comes when application vendors make it too easy to use new software features that have unforeseen consequences, Hackett said. He cites the Ad Hoc Review function, a document-sharing tool, in the Microsoft Windows XP operating system. Without alerting the user, Windows XP automatically starts the Ad Hoc Review with Tracked Changes function when someone using the Outlook e-mail client sends or replies to a Word, Excel or PowerPoint document, Hackett said. This function stores complete copies of every version of the document, even though only the final version is immediately visible. He and Knowlton disagree whether the feature is easily disabled to prevent inadvertent data release.Hackett said he reviewed 101 federal documents last December and found that the Ad Hoc Review option was enabled on 30 percent of them.Outlook automatically turns on Track Changes because the program presumes that the user wants to compare changes others make to the original document, Knowlton said. Duyen Truong, a Microsoft spokeswoman, disagreed with Hackett's claim and said people other than the document creator can turn off Track Changes by accessing the Reviewing toolbar under the Tools menu. Microsoft should remove the automatic feature from Outlook and warn users more about how the Ad Hoc Review function works, Hackett said. Most people don't know or forget that applications track changes, Jaquith said. That underscores the common opinion that the problem is the software's use, not its development. 'It's a classic case of folks not necessarily reading the owner's manual for these things,' he said. No one agrees, however, who is ultimately responsible for training people in how their software works and how to remove hidden data so they don't unwittingly release sensitive information. Software companies offer enough tools, training and information for users to adequately protect sensitive information, said Knowlton and Gregory Pisocky, a business development manager at Adobe Systems. Hackett agrees that improper use is the issue but added that companies are not blameless. 'They make the user responsible and wash their hands of it,' he said. Pisocky said software companies are not responsible for warning users about hidden data because the document software has no way to determine whether the unseen information is sensitive.Users should buy third-party tools that find hidden data, enable human review and remove what needs to go, Hackett said.Until software companies improve their products, users must ensure they don't reveal hidden data, Jaquith said. They should be aware of whether documents track changes and when they redact information, he said. Users shouldn't be blamed for releasing hidden data that they didn't know was there, said Stacey Quandt, research director for security solutions and services at the Aberdeen Group, a research firm. The responsibility falls on organizations, which must establish policies that account for the risks of the technology they use, she said.Microsoft has added a number of relevant features to its Office 2007 suite, due in January 2007, Knowlton said. Office 2007 contains an upgraded version of its Remove Hidden Data plug-in tool, called Document Inspector, which detects and removes hidden text, document properties, headers and footers, and all kinds of annotations and changes. The suite will not contain the Send as Attachment for Review function, which also enables Ad Hoc Review.Pisocky declined to comment on whether future versions of Adobe software will do anything to help users find and control sensitive information.



















The WYSIWYG problem



















Who's responsible?



















chart

NEXT STORY: Search fusion

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.