Tuesday, August 05, 2008

The Google privacy dossier

Computerworld reports that the National Legal and Policy Center (NLPC) has turned the tables on Google Inc. by using the company's controversial Street View technology along with Google Earth to compile and make public a detailed dossier on a "top Google executive."

You can find the dossier here. To (somewhat) protect the privacy of said Google executive, the dossier "blacks out" key parts of its findings, such as the detailed driving instructions from the executive's house to the Google office. However, NLPC did it wrong (or maybe right?) by just pasting black boxes across the more sensitive data. What they probably didn't realize is that Acrobat doesn't really eliminate the stuff under the black box, so you can just cut & paste the data into another application, and recover the "hidden" data.

As an example, here's the directions from page 6 of the report, after uncovering the hidden text:

1) Head NE on Waverley Oaks to Waverley St. (305 feet)
2) Turn right at Waverley St. (0.2 mi)
3) Turn left at Oregon Expressway (go 1.2 mi)
4) Merge onto US101 via ramp to San Jose (go 2.5 mi)
5) Take the Rengstorff Ave. exit (go 499 feet)
6) Keep right at the fork, merge onto Amphitheatre Parkway (go 0.7 mi)
7) Arrive at 1600 Amphitheatre Parkway
Distance 4.8 miles, about 11 minutes

You can do the same thing with almost all of the hidden text in the document.

This "feature" of Acrobat is nothing new - because it gets misunderstood on a regular basis, Adobe has some nice features and a good blog entry describing the issues. And this is nothing unique to Acrobat - the US National Security Agency has published a nice document on how to do redaction correctly for Microsoft Word.

The moral of the story: if you're trying to protect data, make sure you know what's there before you publish it online!


Post a Comment

Subscribe to Post Comments [Atom]

<< Home