US gov't to offer guidance on data-breach protection

In an apparent response to a series of accidental data leaks last year, the National Security Agency has released technical guidance for government agencies on how to redact or edit sensitive information from Word documents before releasing them publicly.

The NSA Report, "Redacting with Confidence: How to Safely Publish Sanitized Reports Converted from Word to PDF," summarizes the steps agencies need to take to ensure that sensitive material contained in Microsoft Word or Adobe PDF files is not accidentally released.

The 14-page document was originally published on Dec. 13 by the Architectures and Applications Division of the NSA's Systems and Network Attack Center (SNAC).

'Both the Microsoft Word document format and Adobe Portable Document Format (PDF) are complex, sophisticated computer data formats,' the NSA guidance said. 'The complexity makes them potential vehicles for exposing information unintentionally, especially when downgrading or sanitizing classified materials.'

According to the NSA report, the three most-common mistakes leading to the unintentional exposure of data are covering text, charts and tables with black rectangles in an attempt to block the data from being read; trying to make images unreadable by reducing their size or covering them up with black; and overlooking metadata, or the hidden information and revision histories automatically embedded in many office products such as Word and PDF files.

'The key concept for understanding the issues that lead to the inadvertent exposure is that information hidden or covered in a computer document can almost always be recovered,' the NSA report said. 'The way to avoid exposure is to ensure that sensitive information is not just visually hidden or made illegible, but is actually removed from the original document.'