nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Oz fed police in PDF redaction SNAFU

Silver badge

“one phone number and an address could, under certain circumstances, be accessed”

I absolutely love police-speak. "Under certain circumstances" speak translates to "the select text tool".

I remember when the FIA made the same mistake a few years back, accidentally publishing the salaries of some key engineers in F1 during their investigation of some "spying." That was funny though, it's a lot more scary when the AFP does it.

8
0
Anonymous Coward

You can but smile over this balls up, it's something that we have come to expect when any Government Agency uses technology.

Gov and Tech in the same sentence? An Oxymoron if ever there was one.

1
0
Silver badge

Not the same bunch that didn't realize shared servers on one IP?

And I thought we had idiots running things here in the States. Is idiocy contagious?

6
0
Silver badge

Re: Not the same bunch that didn't realize shared servers on one IP?

To quote some old parable from long ago:

"Why are you so bad at this? You're the cream of the crop!"

A voice from the back: "Scum also rises."

7
0
Silver badge
Trollface

Re: Not the same bunch that didn't realize shared servers on one IP?

"You're the cream of the crop!""

ALL THE CLOTS!!!!!!

0
0
Anonymous Coward

Re: Not the same bunch that didn't realize shared servers on one IP?

And I thought we had idiots running things here in the States. Is idiocy contagious?

At government level, yes. They tend to infect each other at those high brow meetings that are name "G" and a number, like G8. You can spot the signs: the ability to count goes first, which is why the number after the "G" never matches the actual countries present.

0
0
Anonymous Coward

Same AFP who seriously botched the Haneef "terror" case

http://en.wikipedia.org/wiki/Muhamed_Haneef

2
0
Silver badge

And the same AFP that seriously botched the Colin Winchester murder case

Whether or not David Eastman is guilty, his conviction has just been quashed, 19 years later, as a result of the ridiculous way the investigation and prosecution were handled.

0
0
Silver badge

This is one of the core problems with any surveillance/data-collection programs - sensitive data will get out or be misused. Whether its a genuine mistake, insufficient oversight, poor education, bad practices, malicious intent or self-serving individuals, it will happen.

The best way to prevent this is just to make sure the information is not recorded in the first place.

That's not overly helpful so in practice you must restrict the data to ONLY what is needed. This is achieved by careful selection of what data is collected and then applying ruthlessly strict controls over who can access what and when, coupled with all-pervading oversight and enforced punishments for any lapses.

The biggest issue and the reason this discussion keeps getting bogged-down is that those who want this retention are unwilling to be honest and upfront about the risks. In their rhetoric, there are no risks - everything is completely safe, locked-down and no one has any cause to worry.

The truth, however, is that the more information they have access to and the more easily they can access that information, the higher the risk to the public. Once that is admitted and out in the open, we can all have a honest discussion about how much risk we want to accept.

But of course there is no interest in having an open conversation with the public.

20
0

Open conversation

" ... of course there is no interest in having an open conversation with the public."

Yet this would bring greater security than almost anything else that could be done. It's one of the factors that keep democracies stable.

6
0
Silver badge

BUT, er Team Australia!

2
0
Anonymous Coward

Re: Open conversation

" ... of course there is no interest in having an open conversation with the public."

Yet this would bring greater security than almost anything else that could be done. It's one of the factors that keep democracies stable.

It's never about security for the public - it's about profit for the few. Hence the lack of interest in discussion - if it gets too honest, profits diminish because true democracies have this pesky demand to see value for money.

2
0

Plain Text

has something to be said for it.

What actually do PDFs usually have in them that improves on that?

8
1
Silver badge

The only benefit of PDF is that it is not modifiable.

That is why it is so widely used.

0
10
Silver badge

Re: Plain Text

Another benefit of PDFs is they actually retain the correct/intended page layout on different systems (unlike Word, etc, where changes in software version, local printer settings, etc, alter the layout).

3
0
Boffin

But in the end you can modify PDF's...

Unless they are bitmap only (where you need an image manipulation app...).

1
0
Vic
Silver badge

> The only benefit of PDF is that it is not modifiable.

Errr - PDFs are easily modifiable..

Vic.

8
0
Silver badge
Devil

PDFs are believed to be non-modifiable.

According to many managerial/HR types PDFs are not modifiable. You can change the data in a form, but the text and images of a PDF are inviolate.

When I get a new employment contract I have to resist the temptation to abuse this belief, and alter the contract (add an extra 0 to the salary, remove the clauses for termination with cause, etc.)

6
0
Anonymous Coward

The only benefit of PDF is that it is not modifiable.

PDFs immutable? That was once - long ago. Now you can just stick it in a PDF editor. Even those flagged as non-changeable you can simply reproduce - stick the content in a word processor and print a PDF yourself, and presto. As long as you get it in digital format you can do pretty much what you want - exactly because of that widespread belief.

A few years ago I've amused myself for a while by changing PDF contracts and putting all sorts of weird stuff in there - not to use it, but just to prove the point. When people send a PDF contract they indeed assume it cannot be changed, so as long as the first page looks the same and the last page ends roughly where the original ended, nobody tends to bother checking the pages in between - plenty of scope for entertainment. As long as you send them back a file with the pages slightly at an angle so it looks scanned, nobody will actually check :)

0
0
Anonymous Coward

Re: But in the end you can modify PDF's...

Unless they are bitmap only (where you need an image manipulation app...).

If the resolution is good (which is normally the case if it's digital output) you can OCR most of it and cut out the images, then re-assemble it in any word processor. It's not even that much work.

However, bitmap rendering is ESSENTIAL when you have to blank out stuff because that's the only way you can be certain the content underneath the blanked out parts is actually gone. I cannot believe they didn't do that.

0
0
Silver badge

Re: But in the end you can modify PDF's...

I cannot believe they didn't do that

I can!

0
0
Bronze badge

It is modifiable…

By two moethods

1. using a public domain PDF program that does not implement security

2. By idiots not setting the security on the PDF.

0
0
Mushroom

Security by Obscurity...

Security by Obscurity fails again.

Shouldn't they have a training class on this by now?

0
0
Coat

the uk banks have it sussed....

Ask the bank for a subject access request for your statements, and get back scans of printed material halfway redacted. Guaranteed to require manual parsing...

P.

0
0
Silver badge
Pint

██████████████

<SPAN style="BACKGROUND-COLOR: black">This is *NOT* redaction.</SPAN>

This *IS* █████████.

2
0
Silver badge
FAIL

Well, the good news about surveillance state goons....

Is that they seem to be really, really DUMB. God help us if they ever get smart.

Some choice examples:

1. We're only doing what Google or Facebook are doing! (Forgetting that Google or Facebook could go out of business tomorrow if they piss off enough customers, whereas your average, even demonstrably abusive government bureaucracy is harder to kill than an army of steroid-enhanced super-fertile cockroaches)

2. We're in charge of worldwide data communications interception, storage and analysis, but we have no idea how many files defector X took with him!

3. This article's "We're in charge of data confidentiality, but (oops!!) we just leaked that you were once investigated for tax fraud or drug smuggling."

Frickin' numbskulls, all of them. At least in the private sector you pretty much have to get hacked, or at least lose a laptop or flash drive to get this kind of material out into the public.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing