New York Times Suffers Redaction Failure, Exposes Name Of NSA Agent And Targeted Network In Uploaded PDF
from the make-sure-to-dot-all-i's-and-blot-out-all-sensitive-info dept
It appears as if the New York Times, in its latest publication of leaked NSA documents, failed to properly redact the PDF it uploaded, exposing the name of the NSA agent who composed the presentation as well as the name of a targeted network.
Cryptome seems to have been the first site that noticed the redactions that actually weren't, issuing a couple of tweets that informed its followers of this fact. This led to Bob Cesca at the Daily Banter turning the NYT's error into an anti-Snowden rant (which I found via F-Secure's blog) that decried everyone involved while "virtuously" refusing to name the entity that had discovered the poorly-done redactions (but including the uncredited tweets in full for easy searching).
As soon as the article was posted, someone from or associated with a popular cryptography website claims to have downloaded a pdf of the Snowden document from The New York Times and discovered that three of the redactions that were intended to obscure sensitive national security information were easily accessible by highlighting, copying and pasting the text. The poorly-redacted file was subsequently posted to the cryptography website, then promoted via Twitter. (We’re not going to post the name of the website that posted the file to protect the information contained within.)Cesca somehow feels the privacy of a single NSA agent trumps the public's interest in infringements on their own privacy -- not just here in the US but all over the world. Certainly, the New York Times should have made sure its redactions were actually redactions before publishing the document, but Cesca's hyperbolic attack isn't doing his side any favor.
…
So, the identity of an NSA agent is out there in public view within the same document in which a target of this program is named. All of this is due to the incompetence of whoever failed to properly redact the pdf before publishing it for the world to see — as well as for the aforementioned cryptography site to nab and republish it.'
…
This was bound to happen at some point in this ongoing saga: the name of an American agent has been leaked to the public via a document stolen by Edward Snowden. To add to the irresponsibility of how Snowden went about this operation, he distributed untold thousands of documents to a gaggle of technological neophytes who barely understand how to used Adobe Acrobat, much less the phenomenally complicated details of top secret NSA operations.
One agent's name was exposed, one who may not even be employed by the agency at this point. (The documents are from 2010.) The target revealed is nothing more than the Al Qaeda's "branch operation" in Mosul, Iraq. Al Qaeda has been the focus of counterterrorism efforts since before the 9/11 attacks and the revelation that the NSA is targeting mobile networks in Mosul shouldn't come as a shock to anybody, least of all Al Qaeda members.
This doesn't excuse the NYT's carelessness, however. It is disseminating some very sensitive NSA documents and should be ensuring any information it chooses to withhold stays withheld. But this error doesn't invalidate Snowden's exposure of the NSA's programs, no matter how Cesca (and those like him) spin it.
The NSA and other government agencies have suffered redaction failures as well, accidentally exposing information they would rather have withheld from the public. Does the government get held to the same standard by the NSA's booster club? Hardly. Humans make mistakes, no matter which side of this issue they're on.
[The original document uploaded by the NY Times is posted below (via Cryptome). To see the unredacted text, simply click on the Text tab.]
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: ed snowden, errors, journalism, nsa, redactions
Companies: ny times
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
At least, I've seem some redaction failures where that was the case.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
http://tv.adobe.com/watch/acrobat-tips-and-tricks/remove-sensitive-information-using-redaction- tools/
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Well there are other (older, more mature) formats that accomplish this, but that's neither here nor there.
My problem with PDFs is that easily 90% of the time they are used, they shouldn't be. Putting things in a PDF locks it away, enforces a particular screen layout (that's a bad thing more often than a good one), makes it impossible to search using standard search tools, often contain no text -- only images of text, etc.
So I suppose it's not so much that it sucks, as it is that people shouldn't be using it except for a few specialized purposes. It sucks for everything outside of those purposes. But I'm very well off-topic now. Sorry. :)
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
That's only if the person who created it chose to lock it with the security settings when they created it which most people don't do or you don't have software that is capable of editing it, or they made the PDF from an image scan instead of a vector layout which of course in this case wouldn't have been able to be revealed because the text was no longer text at all but rather an image. And if they are creating PDF's from image scans, I can only see one reason to do so and that is because you want to have it in a single multi-page document. Otherwise I agree with you that this would be stupid. However if the PDF is made from actual text instead of just image scans, then yes it is searchable. As for forcing a layout, somethings (like the web) are meant to be dynamic, somethings are not. If I want to make a document to distribute for the purpose of it not only being viewable but also printable, PDF is the way to go as it allows me to ensure that it will be displayed on paper the way I intended it to be.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
But not using standard search tools. You have to use a PDF reader. If I have to use a nonstandard tool to search a document, that document is of much less use to me because I have to treat it differently than all the other documents I have. This is tolerable if i got some benefit from the format, but as the reader of the document, PDFs give me no such benefit.
"If I want to make a document to distribute for the purpose of it not only being viewable but also printable, PDF is the way to go as it allows me to ensure that it will be displayed on paper the way I intended it to be."
I understand, but this comes at the sacrifice of flexibility when viewing the document when it's not printed. Very few PDFs can be comfortably read on all devices because of this.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
http://askubuntu.com/questions/184581/how-do-i-search-a-pdf-file-from-command-line
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=2611
[ link to this | view in chronology ]
PDF searching
> reader. If I have to use a nonstandard tool to search a
> document, that document is of much less use to me because I
> have to treat it differently than all the other documents I
> have.
Uh, I have no idea what your "standard search tool" is, but on my operating system (linux) it happily full-text indexes PDF files.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Such as?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
SVG is newer than PDF, but it can too can handle the use case.
[ link to this | view in chronology ]
Re: Re: Re:
> be one of them. I still don't understand why people insist on
> using this file format.
This is not one of the reasons to hate PDFs. Redaction failure is one of the bestest reasons to love PDFs.
Government and technophobic dinosaurs (yes you mr. riaa/mpaa): please continue using this highly entertaining and informative format.
[ link to this | view in chronology ]
If published the unredacted version was an error (as everyone acknowledges it was) why are you compounding the error by repeating it here?
Your point would have been just as strong without publishing the unredacted document. You're subverting the NYT's editorial decision to black out the name. That's your choice, but do you really have a good reason for doing so?
[ link to this | view in chronology ]
Re:
And I hope that you do not have an active clearance because it's still classified...
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
So you suggest subverting Tim's editorial decision to publish the document as a cure? Two wrongs make a right?
Do you believe that the genie can somehow be put back into the bottle? Once you open a can of worms do you believe they can somehow be re-canned?
It's as stupid (and hilarious) as Mrs. Clinton asking Anonymous to 'return' digital documents.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Reposting the document, brings more eyeballs to the name. It is ultimately a numbers-game. When 10.000.000 people have seen the name it is more likely some whack-job decides to use the information to reduce the current staff of NSA as opposed to when 100.000 sees it...
That it is out in the open doesn't mean everybody knows. Number of people who know x, matters in many situations including this situation...
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Those two pieces of information are just metadata, so it is ok.
[ link to this | view in chronology ]
Re:
A quick google to Wikipedia:
An investigation in 2009 pointed out that more than 2,500 Kurds had been killed and more than 40 families displaced in Mosul since 2003. The Patriotic Union of Kurdistan blames Al-Qaeda and former Ba'ath Party's.[32] Despite all the odds, the citizens of Mosul have vowed to bring stability and prosperity to Mosul, to rebuild the city, and to regain its historical and cultural roles as one of the three major cities in Iraq and one of the first historic metropolitan areas in the world.
Why the hell is it top secret now, unless the Iraqi government didn't sanction the spying operation or have knowledge of it?
[ link to this | view in chronology ]
Re: Re:
And you don't think this type of analysis would also be done by Al-Qaeda just as you did, and that this information would assist them in determining the situation, as it did you?
You have just clearly displayed why this is treason, and 'aiding the enemy', it is also putting peoples lives at risk.
again, Snowden is fucked now..
forget pardons or no punishment, you linked specific operational information with the leaked documents, and shown how it is possible to derive information from both.
Its what the NSA supporters have been claiming is happening, and now you have proven it.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
endangering a spy, that is laughable. that is part of the job description. If someone is really afraid of endangering the spy how about, you know, don't spy?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
When the NSA suffers a redaction failure, you really should wonder whether it is an actual failure or by design.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Yes, because, you know ... we don't want to overclog the intertubes with too many intellectual property addresses. It might just take out the power lines you know.
The government is so far behind when it comes to technology it wouldn't surprise me if they are still running 486 machines. Everyone knows government is way behind the times technologically and have always had obsolete technology. This is widely known but I'm sure Bob Cesca is probably too ignorant to even know that.
The average person on these sites can probably write software better than Adobe Acrobat. Bob Cesca is probably proud that he barley knows how to use a simple user friendly program like Excel and yet he wants to try to condescend against a tech world of people highly educated in fields like math, computer science, physics, etc... This is truly laughable. What are his qualifications? What is his degree in?
"the name of an American agent has been leaked to the public via a document stolen by Edward Snowden."
You know what words come to mind when I think of "American government intelligence employee". Stupid monolingual (partly thanks to our embarrassing educational system). Yet you think these agencies are sophisticated but most of their members barley speak English that well and that's their only and native language. How can we entrust them to defend us against foreigners speaking foreign languages.
http://www.techdirt.com/articles/20130614/16265623479/rep-grayson-let-me-tell-nsa-there-is -no-threat-to-our-nation-when-i-call-my-mother.shtml#c608
and lets not forget about all the complicated and advanced background checks they do.
https://www.techdirt.com/articles/20140124/12433225982/doj-says-company-that-vetted-snowden-faked -665000-background-checks.shtml
Must be hard work and too complicated for our little minds to grasp.
You simply overstate the sophistication of these agencies. Probably because you are even less sophisticated than they are and too stupid to know an agency filled with dumb people when you see one. But the fact is that these agencies are very simple. They are merely self interested composed of self interested people.
[ link to this | view in chronology ]
No sympathy
[ link to this | view in chronology ]
Re: No sympathy
That being said, you don't know each individual who was involved in what...it creates a sort of witch hunt for things a person may not have done....Would you blame a person for a person's actions or a groups actions? If you affirmed in the latter, it's the same thing as punishing a class for one perdon's mistakes...
[ link to this | view in chronology ]
Re: Re: No sympathy
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Gosh
[ link to this | view in chronology ]
Karma
[ link to this | view in chronology ]
Last 'redaction' makes no sense
is not worth trying to hide. It is a known category
of metadata.
Which leads me to conclude that this 'mistake' was
actually intentional.
[ link to this | view in chronology ]
Re: Last 'redaction' makes no sense
[ link to this | view in chronology ]
Responsibility and Accountability
It is our responsibility as Americans to say "stop spying on us" so we can do our jobs as citizens and hold our government accountable...It seems that the NYT has done exactly what it always does by breaching this data with names that SHOULD BE KEPT SECRET...Their extreme carelessness means they lack self accountability to the American public and to their fellow mrmbers of the press...all in the name of being "the best".
[ link to this | view in chronology ]
Re: Responsibility and Accountability
[ link to this | view in chronology ]
Re: Re: Responsibility and Accountability
[ link to this | view in chronology ]
Re: Responsibility and Accountability
no he didn't he stole them, he worked hard to make sure they were made public.
and how hard did he work?? not well enough because shit got out !!! so he's not only criminal, he's criminally stupid too?
[ link to this | view in chronology ]
Not to suggest that simple NSA employees should be executed, but they should certainly be identified and charged. Espionage against Americans is surely espionage against America and ought to be dealt with under the law.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
first you have to prove NSA engages in illegal espionage as opposed to intelligence gathering.
Individuals do not hold the meta-data gathered, they don't own it, they have never owned it, and your permission is not required to gather it.
[ link to this | view in chronology ]
Cesca should have stuck to making cartoons.
Today, though, his desire to defend Obama, Feinstein et al. over their own tooth-and-nail defense of far-right authoritarian tactics like secret courts and domestic spying at the cost of his own credibility while demonizing the first great patriot to emerge in this century is... well, less awesome.
So many amazing cartoons about the NSA's spying could, and should, be made. But we've already had too many "my side did it, so it must be okay" editorials.
Go back to cartoons, Bob.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
"Using Adobe Acrobat"
Acrobat's history is LITTERED with exploitable security holes. There are so many that even though I have a sizable collection of bookmarks pointing to their descriptions, I'm sure I don't have them all. A search of the archives of full-disclosure or bugtraq or even Slashdot reveals a thoroughly depressing history of utterly incompetent software design, implementation, and maintenance.
Not that other PDF readers are perfect. Of course they aren't. But all of them combined don't stack up to what Acrobat's "achieved".
I would expect anyone knowledgeable in security to know this, but clearly Cesca doesn't. Too bad. The very security he purports to be upholding is horribly undercut by Acrobat on a daily basis.
[ link to this | view in chronology ]
I find it very telling that one of the pro-NSA people are just so upset over the releasing and naming of an agent of the NSA. So where were all these people at the time that Valery Plame was named? Exposed by her own government officials yet no one went to jail nor were they punished despite the fact it put both her and her husband's lives in danger. I'd say that was rather a matter of convenience by the Bush administration in their rush to get documents manufactured stating that Iraq had purchased yellowcake when it had not. In order to get those documents faked, the then official had to go because he refused to make false documents on events that hadn't happened.
In the same manner, administration officials are constantly leaking info that is classified with no worry of reprisal while the same can't be said of whistle blowers.
Corruption at its finest as it shows the laws of the land are only for the masses, not the rich or powerful. That in itself blows the whole NSA scandal into it's proper place.
It is very evident that the government views its own citizens as the terrorists, not outside forces. They have a problem with justifying it because they can't really come up with valid and legal reasons that stand the light of day and have the ring of truth to them.
That tells me all I need to know and why I can no longer believe what the mainstream media and government claim.
[ link to this | view in chronology ]
Lets use this as justification for keeping secrets, because we got to protect those that are keeping the secrets........oh yeah, that makes so much sense
Come on man, think about the secret, secrets, and redact those secrets, oh, and the children
[ link to this | view in chronology ]
Im sorry, that seems to have been stated in a fashion, that implies an American agent should get preferential treatment above others, editors should probably get on that
/s
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Now we can see:
The name of the analyst & age.
The spouse's name & nickname & age & employer.
The child's name & year of graduation from high school & team sport.
The activities that they do together as a family.
The pizza parlor they frequent.
Photographs.
Is our next step to look at the names of their running partners or other couples who helped with mock interviews to identify likely coworkers at NSA?
Is this what we will get in exchange for having our data sifted and grouped and analyzed and dissected? We get to do the same for NSA employees.
Maybe we can get to do this for the decision makers instead of low level employees next time.
[ link to this | view in chronology ]
yep
[ link to this | view in chronology ]
Re: yep
This article is about the New York Times messing up, a group of people picking up on that, and a lunatic kicking up a massive cloud of dust.
Aside from the lunatic mentioning Snowden to go with the righteous spittle flying from his face, why is Snowden fucked?
You're an idiot, darryl.
[ link to this | view in chronology ]
So his motive for the release of the documents was not really about 'informing' Americans about meta-data.
you don't have to release this type of information to achieve what he stated he wanted.
Makes you wonder what his real motives are?
[ link to this | view in chronology ]
Re:
The names of people who work at the NSA is not classified information. It would be pretty hard for it to be since they have to, you know, file taxes and stuff. The majority of NSA employees probably have had access to or even created classified information. "Leaking" that a specific employee created a specific piece of classified information isn't going to compromise anything.
There are tons of things that are classified that don't really mean much. Think of any previously classified document that becomes unclassified...I can guarantee that, for a significant portion of time while it was still classified, it was both classified and completely irrelevant. There is also plenty of classified information that it already known or obvious; it's classified because it only becomes a possible issue once it's confirmed officially.
This is one of those things. The individual worked for the NSA (known). The individual worked on classified documents (known). The individual made a presentation describing a capability that they did not create themselves, that they did not use in a specific capacity, and a program which is (now) already leaked (irrelevant).
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
do you see what you are doing? (I guess not)...
[ link to this | view in chronology ]
Maybe it was intentional. Wouldnt be surprised if they release his name then murder him then blame Snowden for it.
Its not like they dont do shit like that.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
NSA chick has a Twitter account with the NSA handle
[ link to this | view in chronology ]
Re: NSA chick has a Twitter account with the NSA handle
Let me guess her password: 12345678
[ link to this | view in chronology ]
so, NSA reps are also on TV sometimes, with their name right there too, it is their choice, clearly they are not in a position where is it necessary to be secret, and her name is not linked to any specific operation.
You name and number is also in the phone book, so !!!
[ link to this | view in chronology ]
Re: NSA chick has a Twitter account with the NSA handle
Also, NSA chick has a residence on Rolling Meadow Run in Pasadena, MD.
[ link to this | view in chronology ]
Hence the need for a redaction safety net
[ link to this | view in chronology ]