May 01, 2019 Technology

Embarrassing Redaction Failures

By Judge Herbert B. Dixon Jr.

redaction (re·dac·tion/rəˈdak SH(ə)n): Confidential text and images in a document that have been censored, deleted, or obscured.

Although redaction is a simple concept, it has taken on new significance and become a digital-age nemesis, where readers can access what you thought you deleted or obscured. I do not intend this column as an instructional piece on redaction competence. There are many resources to provide those lessons, including a huge number of online sites. The purpose of this column is to remind our profession of the embarrassment that can occur when anyone submits a “redacted” document to the public that does not protect the confidential information the attempted redaction intended to keep secret. I wrote about this problem in technology columns published in 2009 and 2011.

Redaction Failure—2019

The redaction failure episode that caused me to write another column on this subject occurred earlier this year when numerous news outlets reported that lawyers for former Trump campaign chair Paul Manafort failed to properly redact pleadings they filed in federal court. The redaction failures disclosed information to the public that was previously confidential or unknown. The pleadings were filed by Manafort’s lawyers in response to an allegation that Manafort violated his plea agreement by lying to federal investigators. The pleadings were filed to explain why certain statements made by Manafort were due to inadvertence or faulty memory, and not lies as alleged by the Office of Special Counsel.

In this instance, the redaction failures revealed new details about Manafort’s ties to his former Russian business partner, Konstantin Kilimnik, whom the FBI said had active ties to Russian intelligence. The redaction failures revealed that (1) Manafort and Kilimnik had a meeting in Madrid, (2) Manafort shared Trump presidential campaign polling data with Kilimnik about the 2016 campaign, and (3) Manafort and his former Russian business partner discussed a Ukraine peace plan.

The actual pleadings filed by Manafort’s lawyers were PDF documents that appeared to contain redactions because parts of the documents displayed blacked-out passages (i.e., rectangular black boxes).

Below are two redaction failures in the Manafort filing. The italicized reverse print portions of the below text are the redaction failures, which appeared totally obliterated by black rectangular boxes in the original PDF filing.

The Government concludes from this that Mr. Manafort’s initial responses to inquiries about his meetings and interactions with Mr. Kilimnik were lies to the OSC attorneys and investigators.

(See, e.g., Doc. 460 at 5 (After being shown documents, Mr. Manafort “conceded” that he discussed or may have discussed a Ukraine peace plan with Mr. Kilimnik on more than one occasion); id. at 6 (After being told that Mr. Kilimnik had traveled to Madrid on the same day that Mr. Manafort was in Madrid, Mr. Manafort “acknowledged” that he and Mr. Kilimnik met while they were both in Madrid.))

It is not uncommon, however, for a witness to have only a vague recollection about events that occurred years prior and then to recall additional details about those events when his or her recollection is refreshed with relevant documents or additional information.

In fact, during a proffer meeting held with the Special Counsel on September 11, 2018, Mr. Manafort explained to the Government attorneys and investigators that he would have given the Ukrainian peace plan more thought, had the issue not been raised during the period he was engaged with work related to the presidential Case 1:17-cr-00201-ABJ Document 471 Filed 01/08/19 Page 5 of 10 6 campaign. Issues and communications related to Ukrainian political events simply were not at the forefront of Mr. Manafort’s mind during the period at issue and it is not surprising at all that Mr. Manafort was unable to recall specific details prior to having his recollection refreshed. The same is true with regard to the Government’s allegation that Mr. Manafort lied about sharing polling data with Mr. Kilimnik related to the 2016 presidential campaign. (See Doc. 460 at 6.)

The above redaction failures caused significant embarrassment. The pleadings were quickly removed from public access. They were replaced later with properly redacted pleadings.

How the Media Discovered the Redaction Failures

One way to test the effectiveness of a redacted PDF document is by using a technique that nearly all word processing users know—copy and paste. Here is how the media sleuths could see behind the black redaction boxes.

When testing the effectiveness of redactions in the Manafort PDF documents, the curiosity seekers first copied the text and redactions from the redacted document. Next, they pasted the copied information into another text document, at which time the hidden text in the PDF document magically appeared, not obscured by the black boxes in the PDF document. Had the redaction been done effectively, only the visible text (not the redacted text) in the PDF document would have appeared when the information was pasted into the text document.

This error could have occurred several ways. One possibility is the text was highlighted black in a word processing program and then converted to a PDF document. Unfortunately, when such a document is converted to PDF format, the text merely appears to be hidden by the black rectangular boxes, which, using the copy and paste technique, will result in the hidden text being made visible. A second way this could have occurred is the PDF creator merely put black rectangles or thick black lines over the confidential text in the PDF document. Again, the confidential text would be revealed using the copy and paste technique.

This error could have occurred other ways, as it is difficult to constrain the operations of Murphy’s Law. If I were to guess, my intuition tells me that the task to make the redactions was assigned to junior-level personnel (including associates, law clerks, paralegals, secretaries, or personal assistants) by senior-level personnel responsible for overseeing the work with an instruction to black out or redact the confidential text.

Early Redaction Failure Warnings

The PDF digital format was created in 1993. The purpose of the format was to accomplish a consistent appearance of any document even when exchanged between different computers and computer systems. Within a decade of that creation, warning signs started to appear about the very real prospects of digital redaction failures. For example, a 2002 article in the National Law Journal reported about a California family filing a wrongful death suit that included allegations against a criminal defense attorney who failed to properly redact documents that contained their son’s contact information. The article, entitled “A New Generation of Redacting Tools,” reported on third-party redacting tools available to law offices and government agencies.

In 2005, the National Security Agency produced a publication, “Redacting with Confidence: How to Safely Publish Sanitized Reports Converted from Word to PDF,” explaining that using black boxes to blank out text in Microsoft Word and other MS Office products (PowerPoint, Excel, etc.) and other word processors such as WordPerfect can be reversed in the PDF format. The publication also notes other considerations to produce a safely sanitized and declassified final product, such as having awareness that sensitive metadata attached to the original document may be preserved with the PDF document. The publication details how to address these compromises to produce a safely sanitized and declassified final product—warning, for example, that images placed on top of text in MS Word will be copied verbatim to PDF with the same layout. The publication also notes that copying the text and images (including black redaction boxes) and pasting them into a blank document is a good way to manually review a sensitive PDF document.

In 2006, Adobe published a technical note entitled “Redaction of Confidential Information in Electronic Documents.” The publication addressed the subject of how to safely remove sensitive information from Microsoft Word documents and PDF documents using Adobe Acrobat and noted problems that arise when editors use an improper method, such as trying to obscure information, and find out later that the information can later be extracted from the document.

A 2007 Boston University Journal of Science and Technology Law article noted that the legal profession had suffered its share of inadvertent metadata disclosures and provided an example from the previous year involving electronically redacted excerpts from a U.S. Justice Department brief that became publicly viewable after they were copied and inserted into a Microsoft Word document.

In 2008, Public.Resource.org released an audit of PACER documents and noted 1,600 cases in which litigants submitted documents with unredacted Social Security numbers and many actions where the redaction was performed incorrectly by simply placing a black box on top of the taxpayer ID, leaving the numbers untouched underneath the graphic. Does this sound familiar?

In 2011, Freedom to Tinker produced a study evaluating the frequency of redaction failures in PACER that concluded there were thousands, and probably tens of thousands, of documents in PACER containing redaction failures.  The study raised concerns because the federal judiciary’s PACER system offers the public online access to hundreds of millions of court records where rules require parties to redact certain types of information from documents they submit and the litigants and their counsel do not always comply with the rules. Interesting! The number of redaction failures substantially increased between the time of the 2008 audit and the 2011 study.

A Few More Redaction Failures

In addition to the redaction failures between 2005 and 2009 that I identified in my 2009 and 2011 technology columns, and notwithstanding other warnings about redaction failures and the consequential embarrassment, the occurrences continued. In December 2011, a California federal district judge filed an opinion in a patent infringement suit by Apple against Samsung Electronics in which portions of the opinion were redacted—or so it appeared. As with other redaction failures in PDF documents, these failures were revealed when redacted portions of the order were copied and pasted into a text document. In this case, legal commentators questioned the need for the redactions when they saw the confidential text, which did not appear to contain trade secrets, but only a discussion of Apple studies showing its customers are unlikely to switch to Samsung’s Android devices and some details on Apple’s licensing deals with Nokia and IBM. After notice of the redaction failure, the court sealed the opinion and posted a new version within hours.

Redaction failures don’t only happen in court filings. In 2014, the New York Times suffered a redaction failure embarrassment. The Times published information from leaks supplied by former National Security Agency (NSA) contractor Edward Snowden that the Central Intelligence Agency (CIA) and other governments had the ability to harvest sensitive personal data from phone apps that transmit users’ data across the web, such as the extremely popular Angry Birds game. As part of the publication, the newspaper uploaded an internal presentation document that outlined certain CIA operations, the name of a NSA agent who prepared the document, and the name of a target of the program. The redactions in the documents released by the New York Times were easily bypassed by the now-familiar highlighting, copying, and pasting technique.

As my last example, in 2016, a federal judge in Washington, D.C., asked lawyers to investigate and report back to him on how a redacted detail in a lawsuit was published by an online media organization. The probe was ordered after the media organization published a court order that included a redacted detail, specifically, the name of the plaintiff. A representative of the media company told other media outlets that, after the court briefly posted a version of the order, its staff discovered the company name underneath black boxes—in other words, if you did the copy and paste trick, you could get everything on the page, including the text that was supposed to be redacted. Subsequently, the court posted a new version of the order in which the plaintiff’s name was effectively redacted.

Final Thoughts

Do I think this column will prevent future embarrassment caused by ineffective redactions? No, I have no such illusion. As the task of redacting falls to others in the future, we can expect more mistakes similar to those described above. Those errors will lead to embarrassments for the principals, which will lead to . . . well, you get the point. To paraphrase Benjamin Franklin, the digital age is upon us and has an appearance that promises permanency; however, for now, nothing in this world can be said to be certain, except death, taxes, and redaction failures. We will hear more about all of them in the future.

Post Script

For those of you who, after reading this column, are inspired to master the skill of document redaction, be aware the process is normally permanent and cannot be undone. If you wish to have future access to the information you successfully redacted, first make an additional digital copy of your document before you redact it or save the redacted copy with a different name. Otherwise, you may never again have access to the confidential information that you successfully kept secret. 

    Entity:
    Topic:

    Judge Herbert B. Dixon Jr.

    Judge Herbert B. Dixon Jr. retired from the Superior Court of the District of Columbia after 30 years of service. He served two terms on the Techshow Planning Board. He is a former chair of both the National Conference of State Trial Judges and the ABA Standing Committee on the American Judicial System. He can be reached at Jhbdixon@gmail.com. Follow Judge Dixon on Twitter @Jhbdixon.