In past weeks, I’ve posted a general Introduction to PDF security, an overview of Acrobat 7’s eEnvelopes and security policies, covered the basics of digital signatures and outlined the capabilities of Adobe LiveCycle Policy Server. While it’s not strictly necessary to read those articles first — particularly if you already have some familiarity with PDF security — it is helpful, as they provide a solid introduction to PDF security concepts.
This final installment aims to explain the important security concept of censorship (AKA redaction) and provide a sample of the third-party tools and applications relevant to PDF security. As with my previous piece on Adobe LiveCycle Policy Server, our primary concern will be the capabilities of the solutions referenced rather than the methods.
Censorship is a crucial phase in the release of confidential information. In some cases, removing content from a document can mean that it is fit for release to the public or the press, albeit with unreadable passages where sensitive information has been blacked-out. It’s a relatively simple concept, but due to the potential consequences of failure (i.e. the accidental leaking of confidential details), it’s crucial to get it right the first time.
The key is to understand both the process and the tools being used. Redaction refers to the permanent removal of sensitive content from a document. Unfortunately, due to a lack of user understanding of Acrobat’s toolset, there are several ways to do this incorrectly. For instance, in a recent example, US government employees incorrectly redacted a report dealing with the killing of an Italian intelligence agent in Baghdad, inadvertently revealing names, training procedures and other secrets.
After reviewing a copy of the report, it appears that the PDF document was produced directly from Microsoft Word using Adobe Acrobat 6.0’s PDF Maker. In Word, it’s possible to add shading behind text; if the shading is dark enough, it can appear to the user as if the text has been effectively obscured. While this should work for a physically printed version of the document, Word’s shading option was never designed for redaction. This means that the text has not actually been removed — it simply matches the color of its new background.
As a result, the text can still be selected in the resulting PDF using the Select Text Tool in Adobe Reader. Note that this even applies if the PDF is created by ‘printing’ to PDF.
In the paper world, redaction is conceptually simple, but laborious to implement for long documents. In essence, a staff member processing a document to be released needs to:
- Print (or otherwise obtain) a hard copy
- Manually censor offending passages with a black marker
- Either scan or copy the resulting censored version, depending on the medium chosen for release
A slightly simpler version would be to follow the failed Word method mentioned above, but print to hard copy and then proceed with Step 3.
Unfortunately, the current version of Acrobat doesn’t make this process any easier — at least, not by itself. The reason that I’ve grouped redaction with third-party solutions is that the only way I know to reliably redact a PDF document without resorting to the above hard-copy method is to use a third-party tool from Appligent’s Redax range.