Software cleanses documents of unwanted data

The Center for Army Lessons Learned is on the receiving end of sensitive information that it sanitizes and turns into instructional materials for military personnel.

For Dan Cindrich, security specialist, the challenge is to make sure the documents that leave CALL don’t inadvertently expose sensitive or extraneous information. For the last seven months he has been using software from SRS Technologies to help automate the task.

SRS makes Document Detective, a new electronic document security tool rolled out this week. The software is designed to find and strip dozens of hidden data and metadata varieties, including tracked changes, comments, OLE files, embedded objects and object fragments.

The software exposes any hidden content and lets users determine what material to eliminate or retain. With its “flatten” tool, Document Detective can automatically discard extraneous content and reduce document file sizes in the process.

The IT community knows all about security threats from hackers and malicious insiders, but they’re less aware of the damage that can be done when employees share files via the Web and e-mail and inadvertently expose sensitive information, says Ron Hackett, a program manager at SRS and developer of Document Detective.

"Ordinary users have tremendous access to information and a legitimate need to share some of that information outside of the security boundary. The problem is, the document formats they like to share information in can contain lots of hidden data, and they don't know how to clean it up," Hackett says.

It’s a problem that has caused a number of publicized data leaks, particularly among government agencies. In May 2005, for example, Multi-National Force-Iraq posted a report regarding an investigation in Iraq, but the organization’s attempts to mask certain sections didn’t hold up. By cutting and pasting text that had been blacked out in the PDF file, viewers could see the words censors had tried to hide.

A key factor contributing to such unwanted data disclosures is an ad hoc review feature Microsoft added in Office XP that automatically enables version tracking if a user e-mails a document - even if version tracking wasn’t turned on in the original document. “It’s automatically enabled every time you e-mail a Word, PowerPoint or Excel document using Outlook,” Hackett says.

Microsoft has since changed this default setting, but some companies may still be vulnerable. “If you do a clean install of Office 03, that switch is turned off. But if you do an upgrade from Office XP, that switch is still turned on,” Hackett says.

Accidental exposures also can happen when users create a summary chart in an Excel workbook, then copy and paste that chart into a PowerPoint presentation. "What they believe they have done is copy the chart. What they have done in reality is copy the entire workbook," Hackett says.

At a Department of Defense conference Hackett spoke at, he received a CD with all the speakers' presentations. One speaker had included a chart containing caseload information - along with lots of additional material invisible at first glance. "I opened it up and found a 10-page workbook in it," Hackett says. "That workbook included things like defendants' names, court dates, case officers, charges and evidence logs. Some very sensitive information."