You are viewing this article in the AnnArbor.com archives. For the latest breaking news and updates in Ann Arbor and the surrounding area, see MLive.com/ann-arbor
Posted on Fri, Dec 11, 2009 : noon

FOIA Friday: Redaction and how not to do it

By Edward Vielmetti

One of the common tasks that a government agency has to do when they produce a government document through a FOIA request is to go through it and redact, or black out, the text that that is inappropriate for release. This is easy enough to do if you are working with paper, because you can use a big black magic marker as a first pass; if you really care, you use a razor blade and get rid entirely of any trace of the offending work. The redacted text looks like ████████, and if done correctly there is no chance of spilling a secret - for instance, you could publish something about the University of Michigan steam tunnels and not tell people there is an unlocked door in the broom closet of the ████████ building.

My great uncle was a military censor in World War II and part of his job was to slice out things that should not be said during times of war. Depending on the organization, there are exemptions for personal privacy, for contracts that are not awarded yet, for questions of national security and other matters of state and federal law.

Alas, too many organizations when faced with the need to hide information do it inexpertly. Here's a set of cases on how to do it wrong, and the spectacular failures of process you can get when people do the simplest thing that could work, but don't actually work.

What you see is not what you get

The biggest systematic error in digital redaction is using the wrong tool for the job. Two cases illustrate nicely what can go wrong.

The easiest way to mess up is to release a Microsoft Word document that has the "Track Changes" tool turned on. The document recipient not only gets the text that you wanted them to see, but also all previous versions of the file and who made those edits.

The Union of Concerned Scientists writes about a 2006 case where the non-profit Forest Guardians reqeusted documents from the Fish and Wildlife Service about the protection of a prairie dog in the western sagebrush. The documents they received under FOIA showed that the scientists, who prepared a report stating that the species were endangered, had their conclusions reversed through edits by FWS administrator Julie MacDonald. MacDonald resigned in May 2007 after an Interior Department Inspector General report exposed this and other cases.

A second way to fail is to produce a PDF file, and then to not be careful in doing the edits to black out the redacted text. A sadly all too typical failure is to edit the text to put black rectangles over the words you don't want to see, which does the job effectively if you print the resulting document but is completely useless if the reader has the original.

The Transportation Safety Administration released a copy of their Screening Management Standard Operating Procedures manual as part of a procurement to allow contractors to bid for screening services in Montana. They redacted the document to black out any parts which were "sensitive security information," and the resulting redacted document should be suitable for publication without constraint - if the redaction was done correctly.

Alas, they did the redaction by drawing black boxes on top of the words in a PDF file, and when you go in with a proper PDF viewer you can simply ignore the black rectangles and read all of the text.

This hit the Internet on Sunday, Dec. 6; by Monday, the TSA had pulled the file down, but by then the cat was out of the bag. By Wednesday, a series of Web sites had weighed in on the topic and gone through the newly visible procedures, step by step. Also on Wednesday, a previously scheduled TSA hearing gave U.S. Senators the opportunity to grill uncomfortable agency representatives about the process by which this happened.

As an administrator of an organization with security responsibilities, you really don't want to have to explain to senators why your IT staff doesn't know how to keep a secret.

Requests in progress

As is usual, AnnArbor.com has some FOIA related work in progress. Here's some insight into what to expect.

The City of Ann Arbor is looking at increasing the costs to citizens making FOIA requests. We're looking at those changes and hope to have some guidance for people to navigate the new rules so that they ask for something that doesn't take a lot of someone's expensive time to search for.

The Ann Arbor Transportation Authority has a system called Hyperoffice which is used by their board to share documents prior to meetings, replacing printed out board packets that used to be available for public inspection. We're asking for more information about that system so that we have a better idea of what kinds of information board members are reviewing before they make decisions.

Edward Vielmetti is ████████ at AnnArbor.com and writes the FOIA Friday series. Reach him by telephone at 734-330-2465, or leave an unmarked brown paper envelope for me at the AnnArbor.com office at 301 E. Liberty St., Ann Arbor, MI.

Comments

Anonymous Due to Bigotry

Fri, Dec 11, 2009 : 8:48 p.m.

No article on this subject is complete without mention of the MS Office Remove Hidden Data tool: http://www.microsoft.com/downloads/details.aspx?FamilyId=144E54ED-D43E-42CA-BC7B-5446D34E5360&displaylang=en I don't use newer versions of MS Office to redact documents often enough to know if these features are built-in to newer versions of office.

Tom Brandt

Fri, Dec 11, 2009 : 2:47 p.m.

Bruce Schneier wrote about the TSA debacle the other day.

Karen Sidney

Fri, Dec 11, 2009 : 2:44 p.m.

The letter I received said the new city FOIA fee schedule is effective Dec 7, 2009. The major changes seem to be to reduce the free labor time from 4 hours to 1 and to charge for all IT time to search and retrieve electronic records. I recall that the FOIA statute puts restrictions on what a government can charge to find a document.