Sanitation is the process of removing sensitive information from other documents or messages (or sometimes encrypting them), so documents can be distributed to a wider audience. When the purpose is the protection of confidentiality, such as in handling classified information, sanitation attempts to reduce the classification level of documents, may produce unclassified documents. When the goal is privacy protection, it is often called anonymization data. Initially, the term sanitation is applied to printed documents; it has been extended to apply to computer media and data remanent problems as well.
Editor in the sense of sanitation (which is distinguished from other notions of editing) is the blackout or deletion of the text in the document, or the outcome of the effort. It is intended to enable selective disclosure of information in a document while preserving other parts of confidential documents. Usually the result is a document suitable for publication or for dissemination to others rather than the intended audience of the original document. For example, when a document is called in a court case, information that is not specifically relevant to an existing case is often edited.
Video Sanitization (classified information)
Secret government
In the context of government documents, editorial (also called sanitation ) generally refers to the process of removing sensitive or confidential information from documents prior to publication, during declassification.
Secure document editorial
The traditional technique of tapping the secret material from a paper document prior to its public release involves overriding the text section with a wide black pen, followed by photocopying the results - the obscured text can be recovered from the original. Alternatively, "cover tape cover" or "red tape", opaque, removable adhesive tape of various widths, can be applied before photocopying.
This is a simple process with little security risk. For example, if the pen or black tape is not wide enough, careful examination of the resulting photocopy can still reveal partial information about the text, such as the difference between the letters short and high. The exact length of the deleted text is also still recognizable, which can help in guessing reasonable words for shorter edited sections. Where computer-generated proportional font is used, even more information can leak out of the edited section in the proper position of the nearby visible characters.
The National Archives of the United Kingdom publishes documents, the Editorial Toolkit, the Information Release Guidelines of Exemption from Pre-Release Documents , "to provide guidance on editing excluded material from information held by public bodies."
Safe replacement is a much more complicated issue with computer files. The word processing format can store revision history of edited text that still contains the edited text. In some file formats, a portion of unused stored memory may still contain fragments from earlier versions of the text. Where text is edited, in Portable Document Format (PDF) or word processing format, by layering graphical elements (usually black rectangles) above the text, the original text remains inside the file and can be found by simply removing the overlay graph. Effective reduction of electronic documents requires the removal of all relevant text or image data from document files. This requires a very detailed understanding of the internal operation of document processing software and file formats used, which most computer users do not have, or software designed to clean electronic documents (see external links below).
Editors usually require marking of the edited area on the grounds that the content is being restricted. US government documents released under the Freedom of Information Act are marked with an exception code that indicates the reason why the content is kept secret.
The US National Security Agency (NSA) publishes guidance documents that provide instructions for reducing PDF files.
Maps Sanitization (classified information)
Printed matter
Printed documents containing confidential or sensitive information often contain much less sensitive information. There may be a need to relinquish a less sensitive part of the personnel to the unclear. Printed documents will be intentional to obscure or delete sensitive information. The map has also been removed for the same reason, with a very sensitive area covered with a piece of white paper.
In some cases, cleaning up confidential documents eliminates enough information to reduce the classification from higher to lower levels. For example, raw intelligence reports may contain highly confidential information such as spy identities, which are removed before reports are distributed outside the Intelligence Service: preliminary reports may be classified as Top Secrets while sanitized reports may be classified as Confidential.
In other cases, such as the NSA report on the incidents of the USS Liberty (right), reports can be sanitized to remove all sensitive data, so that the report can be released to the general public.
As seen in the USS Liberty report, paper documents are generally cleaned up by covering sensitive and classified sections and then photocopying documents, producing cleaned documents suitable for distribution.
Media and computer files
Computer documents (electronic or digital) are more difficult to clean. In many cases, when information in an information system is modified or deleted, some or all of the data is kept. This may be a design crash, where the underlying storage mechanism (disk, RAM, etc.) still allows information to be read, despite its nominal deletion. The general term for this problem is remanent data. In some contexts (especially US NSAs, DoD, and related organizations), sanitation usually refers to the problem of remanent data; editor is used in the sense of this article.
However, retention may be a deliberate feature, in the form of an undo buffer, revision history, "trash", backup, or the like. For example, word processing programs such as Microsoft Word are sometimes used to edit sensitive information. Unfortunately, these products do not always show users all the information stored in the file, so it is possible that a file still contains sensitive information. In other cases, inexperienced users use ineffective methods that fail to clean documents. The metadata removal tool is designed to effectively clean up documents by removing potentially sensitive information.
In May 2005 the US military published a report on the death of Nicola Calipari, an Italian secret agent, at a US military checkpoint in Iraq. The published version of the report is in PDF format, and has been removed incorrectly using a commercial software tool. Soon, readers discovered that the blocked part could be picked up by copying it and attaching it to the word processor.
Similarly, on May 24, 2006, lawyers for AT & amp; T filed a legal summary of their cooperation with domestic interception by the NSA. The text on pages 12 to 14 of the PDF document is not edited correctly, and closed text can be taken using cut and paste.
At the end of 2005, the NSA released a report that provides recommendations on how to safely clean up Microsoft Word documents.
Problems like this make it difficult to implement multilevel security systems reliably, where computer users of different security differences can share documents. The Challenged Security Challenge provides examples of sanitization failures caused by unexpected behavior in the Microsoft Word change tracking feature.
The two most common mistakes to incorrectly define a document are to add an image layer above sensitive text without deleting the underlying text, and setting the background color to match the text color. In both cases, the edited material still exists in the document below the visible view and is subject to search and even simple copy and paste extraction. Correct editorial tools and procedures should be used to permanently delete sensitive information. This is often accomplished in a multi-user workflow where one group of people marks the sections of the document as proposals for editing, another group verifies the editorial proposal is true, and the last group operates the editor tool to permanently remove the proposed item.
See also
- Sensors
- Data deletion â ⬠<â â¬
- Data remanent â ⬠<â â¬
- Freedom of information legislation by country
References
Source of the article : Wikipedia