Redacting Documents with a Black Sharpie Doesn’t Work

We have learned this lesson again:

As part of the FTC v. Microsoft hearing, Sony supplied a document from PlayStation chief Jim Ryan that includes redacted details on the margins Sony shares with publishers, its Call of Duty revenues, and even the cost of developing some of its games.

It looks like someone redacted the documents with a black Sharpie ­ but when you scan them in, it’s easy to see some of the redactions. Oops.

I don’t particularly care about the redacted information, but it’s there in the article.

Tags: , ,

Posted on June 29, 2023 at 10:37 AM19 Comments

Comments

TimH June 29, 2023 10:49 AM

Update, 6:28PM ET: We originally wrote that Sony failed to properly redact this information, but it’s not clear who performed the redaction; Sony is not a party to the case and had repeatedly asked the courts to seal and/or redact portions of the material.

This makes it more interesting… who outside Sony had such commercially confidential info to provide to the court? Or perhaps it’s simply interesting to us, but not commercially confidential info to the industry.

Clive Robinson June 29, 2023 1:47 PM

@ ALL,

Ever wonder why it’s,called an X-Acto Knife?

It being the knife that put “cut”[1] in “Cut-n-Paste” for oh not far off of a century and still counting[2].

With X-Axto’s tag line of

X-ACTO Knives: Precision Cutting Tools, Hobby Knives, Office Supplies

You now know why the “Office Supplies” is more than just pencil sharpeners 😉

The fact is if you print documents in single sided form and physically cut out the words you want removed then the laws of physics will work for you not against you as it does with the ink in pens of all forms[3].

Or worse invisable to the eye meta-data in digital files. Whilst I’m known for advising,

“PAPER, Paper, Never DATA”

There is a bit more to “redacting than just printing it out.

[1] it comes as a surprise to some that for many years printing artwork was done by cutting things to fit and then get pasted into place on a carrying sheet[2]. Whilst scissors might be the choice that adults give children they are rarely sharp or precise enough. Thus the design of the X-Acto knife, with interchangable blades, originally thought up for surgeons but inappropriate due to being to difficult to clean and sterilize quickly gained use in the various forms of printing and publishing.

However there is a sort of lame joke about it being used by those wishing to remove words in the process of crime or censorship. That is there is a jurisprudence term “de facto” which in essence means,

“Acts/practices that happen/exist in reality.”

That is they are done often commonly irespective of if they are carried out by formal or officially recognized norms of law etc.

A capital X can not only be a shortening of “Ex” it is also used with hyphens to signify cut marks and similar. So saying X-facto whilst making a snipping scissors motion with the fingers was a way of saying someone had in effect cut away that which they did not want seen legally. But in a way that was not destroying evidence.

[2] Yes I still do this from time to time when producing doccuments as drafts. Where there are lots of figures and charts involved. I type up the text in an ordinary text-editor and put in the required spaces. Then drop in the figures charts and tables, and especially maths formula, that I’ve drawn up by hand, or lifted by photocopy from other sources.

[3] There are three basic types of computer printer, of which most people will only come across two,

1, Ink-Jet in their home printer.
2, Laser in their office printer.

Ink-jet printing uses a rapid dry liquid ink that is fired by rapid heating in a very tiny tube so a tiny drop of ink goes onto the paper and soaks into the paper chalk finish and paper fibers. When dry it makes the paper in those areas behave differently to subsequent applications of other inks.

Laser printers like photocopiers do not use ink, they use an incredibly fine plastic dust that gets transfered to the paper by a static electricity charge. It is then melted into place by a heated element. It is only a mechanical attachment to the surface of the paper and can be removed with solvent and heat so you can make your own T-Shirts etc. But it to obviously changes the surface of the paper to any other subsequent applications of inks.

So as the subsequent inks dry they form not just different thicknesses but surface texture, which by various “laws of nature” or physics can be made visable.

Not Really Anonymous June 29, 2023 4:03 PM

X-acto knives are not always good enough. Proportional spacing of fonts provides more information than you might think about words cut out of the middle of text.

OnTheOtherHand June 29, 2023 4:15 PM

It takes a couple seconds to redact info in the GIMP or Paint before printing. And that’s foolproof, trivial, orderly appearance, etc. Files can contain metadata. Printouts, not so much.

Has anybody considered that it worked exactly as intended? Can’t publish the information. Confidential. But now it’s out there. And the necessary party’s hands are squeaky clean.

Look at the results. Sony spent how many hundreds of millions of dollars developing these games? And now it’s published everywhere. That sort of advertising is expensive, if you could even buy it. And Sony got it for free.

Meanwhile Xbox is running third in the console wars. They’re trying to buy Activision for a fortune. And Microsoft says they would never use it for an unfair advantage.

Look up people. The word “Gullible” is written on the ceiling.

Still, as security breeches go, fascinatingly well played! Sony, I doff my hat to you.

Clive Robinson June 29, 2023 6:10 PM

@ Not Really…, ALL,

Re : Times change from Roman

“Proportional spacing of fonts provides more information than you might think about words cut out of the middle of text.”

Yes they do… Even when it’s just part of the “normal/default” font.

But some fonts have nearly non visable to the naked eye changes in the font for hiding meta-information and the like. Done quite deliberately as “Canary Traps” and the like.

In other words somebody is hiding information that can be used to trace not just the whole document but words within a document back to an individual print out…

It’s why I still use text editors on versions of non Microsoft DOS running on old versions of Unix running inside VM’s on more modern versions of *nix. Using printers that have non proportional fonts that you can check with a “projected mask”[1].

Not perfect and somewhat complicated but usually sufficient for just black ink/tonner printers. But… getting such printers is actually getting harder day by day these days, as HP in particular want to scam you via Ink/Tonner pricing tricks, which they put illegally –in Europe– inside their printer firmware along with serial numbers thus destroying peoples privacy.

[1] Depending on how old you are, you may or may not remember the old “over head projectors”(OHP) which you could put a printed page on and due to a bright light projeted down sufficient light was reflected back up then via a couple of lenses and a 45degree mirror onto a wall or reflective screen. Thus magnifing it upto to eleven times as big in both the horizontal and verticle (~10ft high in the verticle from a sheet of A4). So that any font changes can be checked likewise spacing etc. You would think such a simple OHP would be easy to keep going… nope you can not get the “projector bulbs” they need any longer, so you have to do some modifications with high power LEDs and switch mode power supplies…

MarkH June 29, 2023 7:38 PM

@OnTheOtherHand:

When part of an image file is deleted (for example, by replacing it with a black rectangle) using editing software, the deleted content may be recoverable from the “redacted” version of the file — if the original was compressed. This was demonstrated a long time ago … and almost all images are stored in compressed formats.

Such recovery may be much harder from a printed version … but many printers are extremely accurate and detailed.

“Foolproof” techniques are often broken!

A safer method: OCR the original, and then redact the text file.

WuTangClan June 29, 2023 8:35 PM

Can I just say something completely unrelated or maybe not, regarding metadata spraying: Zatko Insider Program

If you use any digital process even on the illusion of an output paper you need to be forensically carefully ([1]) Even more if you rely only on digital means (in the sense you don’t buffer forensics between digital and real life, see traffic analysis if you think you’re a ninja, see hidden metadata if you’re clueless, and I could go on and write a book)

Even before widespread digital means were available you would need to be careful with what you printed. Trust me I’m old enough to recall being careful printing anti-regime papers in a country where if your neighbor ears would sniff a Gutenberg printer sound [https://en.wikipedia.org/wiki/Johannes_Gutenberg] would get you secret police at your door. Even getting materials (ink , paper, maintenance material etc..) could get you killed. Not to mention while doing all that opsec you would need to build rapport (social life and so on).

[1] https://en.wikipedia.org/wiki/Machine_Identification_Code

WuTangClan June 29, 2023 9:00 PM

Just to clarify my previous post. When I mention “Zatko Insider program” I’m referring to the Cyber insider Threat [1]

[1] [https://en.wikipedia.org/wiki/Cyber_Insider_Threat]

lurker June 29, 2023 10:06 PM

@OnTheOtherHand, All

Gimp for the win?

At the end of editing, do: Export As … You will get a dialog box that
includes a shopping list of metadata to retain from the original. Untick all the conveniently pre-ticked boxes. This is tedious enough to discourage some folks from using Gimp.

The Gimp also has a feature in the File menu > Overwrite [Original.File.Name]
Choose this and you will get the same list as for Export As …
After overwriting, when closing the window or application the Gimp will remind you of unsaved changes to Original.File, do you want to save them. The correct answer is Discard.

Daniel Siegel June 30, 2023 8:34 AM

It is clear what was done. Instead of using Adobe Acrobat’s redaction tool, the documents was “redacted” using Acrobat’s Highlighter tool (from the Comment bar) at less than 100% opacity. We easily recreated the error on demo documents. The reason the method is so evident is because highlights in Acrobat of text create boxes with rounded edges, as is the case with Sony document.

(N.B. I am co-author of the Ultimate Guide to Adobe Acrobat DC, 1st and 2nd editions)

Nameless Cow June 30, 2023 2:04 PM

@Daniel Siegel

It might be Adobe Acrobat, but it could also be some other PDF editor/viewer with a highlighting function. The very consistent round ends of the obscurations make it clear that the redaction was not done using a marker pen.

font patent guy June 30, 2023 4:16 PM

TrueType fonts and OpenType fonts with TrueType content are inherently “unsafe” in the sense that the rendered presentation of the glyph shape is subject to arbitrary manipulation based on a wide variety of controls including, but not limited to, renderer version, device resolution, point size and potentially rendering history. For an example, the Microsoft font “Parchment” will display upper case alpha characters with ornamentation at large sizes and a more normal shape at smaller sizes. The amount of glyph shape alteration is completely under control of the font program. What you see on-screen and what you see when printed may be radically or subtly different. The appearance of a document with this font technology may be different when viewed/printed on a different system. This issue is present whether the font is rendered by Microsoft, Adobe, FreeType, or Apple etc.

It is worth noting that PostScript fonts and OpenType/CFF fonts have no similar exposure.

Nameless Cow June 30, 2023 5:33 PM

@font patent guy

Are you talking about a malicious font renderer leaking info surreptitiously? If that’s the concern, I don’t see how the other font file formats will be safer.

font patent guy June 30, 2023 5:49 PM

@Nameless Cow.

The font is the “malicious actor” and would be effective with any specification compliant TrueType rasterizer. The document could be digitally signed with a digitally signed font. Fonts are “programs” with limited but real capabilities. The “attack” does not depend on any host or system vulnerability (except for the inherent and unfixable vulnerability in the OpenType/TrueType font specification).

Nameless Cow June 30, 2023 6:39 PM

@font patent guy

Interesting. You mean a malicious font can betray the identity of the equipment on which rendering was performed?

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.