The Center for Army Lessons Learned is on the receiving end of sensitive information that it sanitizes and turns into instructional materials for military personnel.

For Dan Cindrich, security specialist, the challenge is to make sure the documents that leave CALL don’t inadvertently expose sensitive or extraneous information. For the last seven months he has been using software from SRS Technologies to help automate the task.

SRS makes Document Detective, a new electronic document security tool rolled out this week. The software is designed to find and strip dozens of hidden data and metadata varieties, including tracked changes, comments, OLE files, embedded objects and object fragments.

The software exposes any hidden content and lets users determine what material to eliminate or retain. With its “flatten” tool, Document Detective can automatically discard extraneous content and reduce document file sizes in the process.

The IT community knows all about security threats from hackers and malicious insiders, but they’re less aware of the damage that can be done when employees share files via the Web and e-mail and inadvertently expose sensitive information, says Ron Hackett, a program manager at SRS and developer of Document Detective.

"Ordinary users have tremendous access to information and a legitimate need to share some of that information outside of the security boundary. The problem is, the document formats they like to share information in can contain lots of hidden data, and they don't know how to clean it up," Hackett says.

It’s a problem that has caused a number of publicized data leaks, particularly among government agencies. In May 2005, for example, Multi-National Force-Iraq posted a report regarding an investigation in Iraq, but the organization’s attempts to mask certain sections didn’t hold up. By cutting and pasting text that had been blacked out in the PDF file, viewers could see the words censors had tried to hide.

A key factor contributing to such unwanted data disclosures is an ad hoc review feature Microsoft added in Office XP that automatically enables version tracking if a user e-mails a document - even if version tracking wasn’t turned on in the original document. “It’s automatically enabled every time you e-mail a Word, PowerPoint or Excel document using Outlook,” Hackett says.