http://www.al.com/business/huntsvilletimes/index.ssf?/base/business/117239874591130.xml&coll=1 By BRIAN LAWSON Times Business Writer February 25, 2007 SRS develops software to keep documents from spreading hidden data SRS Technologies engineer Ron Hackett spent 20 years in the U.S. Air Force working on advanced technology and secret projects. Now he hopes the intensive work he has done over the past six years will help bring a little-known problem to light and stop the accidental sharing of business, medical, legal and government information. Hackett said he recognized the size of the problem of hidden data in electronic documents while working for the Defense Intelligence Agency's Missile and Space Intelligence Center in December 2000. He found that a large number of transmitted documents, including Power Point presentations, Excel spread sheets and Microsoft Word documents contain hidden words or other data not intended for viewing, but hidden within the documents where it could be accessed. Hackett spent his last 18 months in the Air Force raising awareness of the problem with DIA, the National Security Agency and government inspectors general. Upon retirement, he joined SRS and began pursuing ways to protect users from leaving hidden data behind. "People who do know about this aren't going to tell you," Hackett said. "There's no smoking gun, and if they got the information from you, why would they tell you? But some of the big gaffes we've seen on releases of information in the past few years illustrate the problem." Hackett cited the United Nations investigation report on the assassination of Lebanon's former prime minister Rafiq Hariri in 2005. The U.N.'s version released publicly did not name names, but the public report document had additional information contained within - including the names of suspects that were discovered and widely reported. Hackett said claims that converting a document to Portable Document Format (PDF) will eliminate hidden data are false, and he said most solutions that have been offered don't go far enough. President Bush's 2005 speech on a plan for victory in Iraq was posted on the Internet and with a few clicks by those reading it, it was determined that much of the review work on the speech was done not by his national security team, but by a Duke political science professor who is a specialist on public opinion in wartime. How can hidden data be left in a document? By reusing and updating an older Power Point presentation By cropping a picture or image, because the entire image is still contained in the file By cutting and pasting information from another document, which imports far more than just the selection that is visible By passing through a company a document with changes sought. The process of "tracking changes" which is a default setting on Windows XP's Ad Hoc Review feature, is an editing tool to see how documents have been updated or changed. But it has another effect, Hackett said. It saves each version of the document as it is updated and passed around electronically. The result is, for example, comments about a contract, including suggested pricing and spec details, will remain in the document, though the final version that a company presents doesn't show that information on the page. Microsoft officials have said the function is easily disabled. The company has stressed security in its new Office and Vista operating system. Hackett disagrees, and he said the problems are not limited to Microsoft products. Hackett cited a 2005 study by software maker Bitform Technology Inc. on Microsoft Office files generated by Fortune 100 companies. The study found user names, e-mail addresses, hidden text and other information, unintentionally included in disseminated documents. Hackett said about 20 percent of those documents were affected by the track changes feature. Hackett said Microsoft and other software vendors are offering the features to consumers so they have a range of tools at their disposal - the problem is that many users don't realize what they're saving and sending and accidentally sharing. SRS has developed a software program called Document Detective, with version 2.1 to be unveiled next week, aimed at searching files and scrubbing them for hidden data. The software provides a review of a document and offers a menu that lets the user scrub files or review each to determine what to retain. SRS said the time saving and efficiency of the program are major advantages to users. The company has sold about 1,000 copies of earlier versions to government and other customers. Joseph Bergantz, a retired Army major general and former program executive officer for Aviation at Redstone Arsenal, is now SRS general manager and corporate vice president. He said the technology's applications and advantages for legal, medical, banking and government and military intelligence customers are clear. "This is a worldwide problem," he said. "The right thing to do is to let people know about it." Copyright 2007 The Huntsville Times ______________________________________ Subscribe to the InfoSec News RSS Feed http://www.infosecnews.org/isn.rss
This archive was generated by hypermail 2.1.3 : Sun Feb 25 2007 - 23:36:28 PST