Anyone who has had to deal with documents containing sensitive information is familiar with the term redact. Redacting information is the process of obscuring part of the text for legal or security purposes. Most of us have seen this when faces, names, bank account numbers and other sensitive information blacked out, blurred or removed from the rest of the content.
As governments and industries create more regulations, and as the average person becomes more sensitive to their private information, organizations need to be aware of what they can do to keep sensitive information from falling into the wrong hands. Usingsoftware makes it easy to redact information from any document you create, however, there’s a right way (and a wrong way) to remove this information.
Case in point
Most enterprise gradeapplication includes the ability to redact information and the steps to remove information are quite simple. However, as shown by the Australian Federal Police (AFP) force, mistakes can be made.
Back in August of 2014 the AFP self reported a security breach to the country’s Privacy Commissioner when it was found that they “provided documents to the Senate, which were then made publicly available online on parliamentary sites and other sources for several years, and which accidentally disclosed information about the subjects and focus of criminal investigations and telecommunications interception activities.” The information that was improperly redacted included the address of a surveillance target, criminal offenses being investigated, the names of investigating officers, a phone number and other information. This snafu was not due to the PDF software though; the fault lies entirely with the document creator.
The most common mistake
When redacting information, one of the most common methods is to blur or black out sensitive information. Using any photo editing software, the author applies a blur filter to or inserts a black box over the selected area to conceal it from the reader. Unfortunately this method of redacting information is subject to several flaws. Back in 2007, security expert Bruce Schneier demonstrated how to recover information from blurred images on his website. Others have followed suit over the years showing how blurred content is susceptible to a number of methods to recover the hidden information, including using algorithms that piece together the text.
The right way
Most PDF software will provide users with the choice of either applying a fill color to a redacted area or removing redacted content from the document. Both methods work better than blurring out portions that you need to remove. To apply a fill color, the PDF software provides you with a crosshair that you drag over any content that you need to redact. You then select the color you wish to use to block out the appropriate content and apply redaction codes that provide the reason why the document needs to conceal the content underneath.
The second method is helpful if there are several instances of the same content that you need to remove. Using the search and redact, or search and remove, feature in your PDF software, you enter the content to conceal and the application locates it. Every instance of the search term that occurs in the document is then removed.
Applications such as Foxit’s PhantomPDF are designed with security in mind. The ability to redact sensitive information is only part of the many features included to keep content and sensitive information safe. From encryption to digital signatures, businesses that take security and confidentiality seriously count on PDF software like PhantomPDF to do the job right.