Sanitization (classified information)
, which was declassifed and released to the public in July 2003. Classified information has been blocked out so that only the unclassified information is visible. Notations with leader lines at top and bottom cite statutory authority for not declassifying certain sections. Click on the image to enlarge.]]
Sanitization is the process of editing a document to remove confidential information so that it may be distributed to a broader audience. When dealing with
classified information, sanitization attempts to reduce the document's classification level, or even to produce a document that may be released to
uncleared people or to the general public.
The term
redaction is also used to describe this process, though that term is more often used in literary contexts.
In some cases, sanitizing a classified document removes enough information to reduce the classification from a higher level to a lower one. For example, raw
intelligence reports may contain highly classified information, like the identities of
spies, that is removed before the reports are distributed outside the intelligence agency: the initial report may be classified as Top Secret while the sanitized report may be classified as Secret.
In other cases, like the
U.S. National Security Agency's report on the
USS Liberty incident (right), the report may be sanitized to remove all sensitive data, so that the report may be released to the general public.
As is suggested by the USS Liberty report, paper documents are sanitized by covering the classified and sensitive portions so that they do not show when the document is reproduced.
Electronic documents are more difficult to sanitize. Users generally rely on commercial word processing programs, like
Microsoft Word, to edit out the sensitive information. Unfortunately, these products do not always show the user all of the information stored in a file, so it is possible that a file may still contain sensitive information. This makes it difficult to reliably implement
multilevel security systems in which computer users of differing security clearances may share documents.
The Challenge of Multilevel Security gives an example of a sanitization failure caused by unexpected behavior in Microsoft Word's change tracking feature.
In May,
2005, the US military published a report on the death of
Nicola Calipari, an Italian secret agent, at a US military checkpoint in Iraq. The report was published in
Adobe PDF format and had apparently been sanitized using commercial word processing tools. Shortly thereafter, readers discovered that the blocked-out portions could be retrieved using simple
cut and paste operations on the posted document (
reported by the BBC).
At the end of
2005, the
NSA released
a report giving recommendations on how to safely sanitize a
Microsoft Word document.
On
May 24,
2006, lawyers for the communications service provider
AT&T filed a
legal brief regarding their cooperation with domestic wiretapping by the
NSA. Text on pages 12 through 14 of the
Adobe PDF document were blacked out in an attempt to sanitize the document, but the hidden text could be retrieved using cut and paste.
*
*
