Hiding confidential information with black marks works on printed copy, but not with electronic documents, the National Security Agency has warned government officials.
The agency makes the point in a guidance paper on editing documents for release, published last month following several embarrassing incidents in which sensitive data was unintentionally included in computer documents and exposed. The 13-page paper (click here for PDF) is called: "Redacting with confidence: How to safely publish sanitized reports converted from Word to PDF."
Instead of covering up digital text with black boxes, it is better to delete any information you don't want to share, the NSA suggested.
"The key concept for understanding the issues that lead to...inadvertent exposure is that information hidden or covered in a computer document can almost always be recovered," the NSA wrote in the Information Assurance Division paper, dated Dec. 13 but only recently posted to the Web. "The way to avoid exposure is to ensure that sensitive information is not just visually hidden or made illegible, but is actually removed."
The unintended disclosure of metadata, resulting in high-profile leaks of secrets, has led to red faces at businesses and government bodies in the past. In March 2004, a gaffe by the SCO Group revealed which companies it had considered targeting in its legal campaign against Linux users.
More:
http://news.zdnet.com/2100-1009_22-6030745.html