The Society for Technical Communication is an individual membership organization dedicated to advancing the arts and sciences of technical communication. It is the largest organization of its type in the world. Its 25,000 members include technical writers and editors, content developers, documentation specialists, technical illustrators, instructional designers, academics, information architects, usability and human factors professionals, visual designers, Web designers and developers, and translators - anyone whose work makes technical information available to those who need it.

The STC Toronto Chapter was founded in 1959 (then the Society of Technical Writers) and is the largest chapter in Canada.

About this Newsletter:

Front Runner Presents:
A Call to Redaction
by Joyce Aldrich

By now, you’ve probably heard about the partially blacked out PDF document, posted to the Pentagon website, that sprang to life after a few clicks, revealing the full details of a document containing classified information.

The document related the US military version of the details surrounding the killing of an Italian intelligence agent by American soldiers, in Baghdad. At the time, rescued hostage, Italian journalist Giuliana Sgrena, who was also wounded in the incident, was being transported to safety by this agent.

After reading a few articles about what actually happened surrounding the exposed document, it doesn’t really matter whether the mishap was created in Microsoft Word or in Adobe Acrobat. What IS important is how and why this happened.

In an article in Yahoo news, John Landwehr, Director of security solutions and strategies for Adobe commented, upon examining the document, that those censoring the material “simply put black rectangles over the text and did not delete any of the text itself from the documents. They were trying to do redaction with something not designed to do redaction.” Hence, “clickety-click, Barba trick.” It was child’s play to open the document in Adobe’s free Acrobat Reader, “select text,” copy, paste and read.

Both Microsoft Word and Adobe Acrobat have features that appear to black out text, but not permanently and not for the purpose of redaction. It looks good, but, that’s about it. Adobe Acrobat does have extensive security features, and when used in conjunction with a redaction tool, is effective.

In the case of the Pentagon, for instance, John Landwehr of Adobe said, “companies and governments needing to delete secrets should turn to third-party redaction tools like Appligent Inc.’s Redax.” This third –party plug-in can be purchased from your software provider or at the Adobe Store.

What Redax does, according to the Adobe blurb is “redact (permanently obscure) text and scanned images in any PDF file prior to public release with this Adobe® Acrobat® software plug-in. Redax can redact lists of keywords or phrases and offers customizable palettes of exemption codes. This plug-in is ideal for any organization that regularly sends sensitive or private information and is compatible with Adobe Acrobat 5.x, 6.x or 7.0.” Hmmm...!

It would seem the Pentagon, one of the great bastions of security, didn’t seem to be aware of this. But, it could have happened to any organization...and does.The bottom line is, we have to batten down the hatches!

There are so many reasons for maintaining content security. Maintaining confidentiality is a tricky business, especially when dealing with electronically produced documentation. In a White Paper on Appligent‘s website entitled, “The Case For Content Security,” some very good points are made.

Here’s what they share as best practices:

1. Always release documents in a publishing-oriented format like PDF rather than native production-oriented formats like Microsoft Word or Excel (.doc or .xsl).

2. Establish a workflow for the release of information outside the enterprise. Make sure the meta data associated with the content matches your corporate policy. Account for both digital and paper final formats.

3. Permanently delete all information that should not be released with the document. Never assume that hidden content is secure.

4. Use the content security features built into PDF to control copying and printing of the document if it’s appropriate for your application.

5. Label all working documents that have not been checked and purges of unwanted content as “For internal use only” or “Corporate Confidential."

6. Institute training so all staff members understand the importance of content security and the procedures for sharing documents.

7. Consider all phases of the content lifecycle for digital documents, including archiving. PDF is gaining wide acceptance as the way to go for archiving digital documents.

8. If you are releasing redacted documents do a final check to make sure the redaction has been done properly and all the sensitive content has been permanently removed from the file.

Once again, the breach of a sensitive Pentagon document posted on a website, for all to see, is a wake-up call for any organization that doesn’t fully understand how its software applications work.

At Front Runner Publishing Solutions we really mean it when we say, “Learn what you wish you’d known yesterday” and “Take the time to train and training will save you time”...and, possibly, embarrassment.

---

For information on how to get the most out of your software:

Front Runner Publishing Solutions Inc.
21 St. Clair Avenue East,
Suite 600,
Toronto, Ontario
M4T 1L8

Tel.(416) 515-0155

Email info@front-runner.com
Website www.front-runner.com

“Learn what you wish you’d known yesterday!”