Sanitization (classified information)

Encyclopedia : S : SA : SAN : Sanitization (classified information)

A page of a classified document that has been sanitized for public release. This is page 13 of a U.S. National Security Agency report [link] on the USS Liberty incident, which was declassifed and released to the public in July 2003. Classified information has been blocked out so that only the unclassified information is visible. Notations with leader lines at top and bottom cite statutory authority for not declassifying certain sections. Click on the image to enlarge.

Sanitization is the process of editing a document to remove confidential information so that it may be distributed to a broader audience. When dealing with classified information, sanitization attempts to reduce the document's classification level, or even to produce a document that may be released to uncleared people or to the general public.

The term redaction is also used to describe this process, though that term is more often used in literary contexts.

In some cases, sanitizing a classified document removes enough information to reduce the classification from a higher level to a lower one. For example, raw intelligence reports may contain highly classified information, like the identities of spies, that is removed before the reports are distributed outside the intelligence agency: the initial report may be classified as Top Secret while the sanitized report may be classified as Secret.

In other cases, like the U.S. National Security Agency's report on the USS Liberty incident (right), the report may be sanitized to remove all sensitive data, so that the report may be released to the general public.

As is suggested by the USS Liberty report, paper documents are sanitized by covering the classified and sensitive portions so that they do not show when the document is reproduced.

Electronic documents are more difficult to sanitize. Users generally rely on commercial word processing programs, like Microsoft Word, to edit out the sensitive information. Unfortunately, these products do not always show the user all of the information stored in a file, so it is possible that a file may still contain sensitive information. This makes it difficult to reliably implement multilevel security systems in which computer users of differing security clearances may share documents.

[The Challenge of Multilevel Security] gives an example of a sanitization failure caused by unexpected behavior in Microsoft Word's change tracking feature.

In May, 2005, the US military published a report on the death of Nicola Calipari, an Italian secret agent, at a US military checkpoint in Iraq. The report was published in Adobe PDF format and had apparently been sanitized using commercial word processing tools. Shortly thereafter, readers discovered that the blocked-out portions could be retrieved using simple cut and paste operations on the posted document ([reported by the BBC]).

At the end of 2005, the NSA released [a report] giving recommendations on how to safely sanitize a Microsoft Word document.

On May 24, 2006, lawyers for the communications service provider AT&T filed a [legal brief] regarding their cooperation with domestic wiretapping by the NSA. Text on pages 12 through 14 of the Adobe PDF document were blacked out in an attempt to sanitize the document, but the hidden text could be retrieved using cut and paste.

References

From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.