By BRIAN LAWSON
Times Business Writer
February 25, 2007
SRS develops software to keep documents from spreading hidden data
SRS Technologies engineer Ron Hackett spent 20 years in the U.S. Air
Force working on advanced technology and secret projects.
Now he hopes the intensive work he has done over the past six years will
help bring a little-known problem to light and stop the accidental
sharing of business, medical, legal and government information.
Hackett said he recognized the size of the problem of hidden data in
electronic documents while working for the Defense Intelligence Agency's
Missile and Space Intelligence Center in December 2000.
He found that a large number of transmitted documents, including Power
Point presentations, Excel spread sheets and Microsoft Word documents
contain hidden words or other data not intended for viewing, but hidden
within the documents where it could be accessed.
Hackett spent his last 18 months in the Air Force raising awareness of
the problem with DIA, the National Security Agency and government
Upon retirement, he joined SRS and began pursuing ways to protect users
from leaving hidden data behind.
"People who do know about this aren't going to tell you," Hackett said.
"There's no smoking gun, and if they got the information from you, why
would they tell you? But some of the big gaffes we've seen on releases
of information in the past few years illustrate the problem."
Hackett cited the United Nations investigation report on the
assassination of Lebanon's former prime minister Rafiq Hariri in 2005.
The U.N.'s version released publicly did not name names, but the public
report document had additional information contained within - including
the names of suspects that were discovered and widely reported.
Hackett said claims that converting a document to Portable Document
Format (PDF) will eliminate hidden data are false, and he said most
solutions that have been offered don't go far enough.
President Bush's 2005 speech on a plan for victory in Iraq was posted on
the Internet and with a few clicks by those reading it, it was
determined that much of the review work on the speech was done not by
his national security team, but by a Duke political science professor
who is a specialist on public opinion in wartime.
How can hidden data be left in a document?
By reusing and updating an older Power Point presentation
By cropping a picture or image, because the entire image is still
contained in the file
By cutting and pasting information from another document, which imports
far more than just the selection that is visible
By passing through a company a document with changes sought.
The process of "tracking changes" which is a default setting on Windows
XP's Ad Hoc Review feature, is an editing tool to see how documents have
been updated or changed. But it has another effect, Hackett said. It
saves each version of the document as it is updated and passed around
The result is, for example, comments about a contract, including
suggested pricing and spec details, will remain in the document, though
the final version that a company presents doesn't show that information
on the page.
Microsoft officials have said the function is easily disabled. The
company has stressed security in its new Office and Vista operating
system. Hackett disagrees, and he said the problems are not limited to
Hackett cited a 2005 study by software maker Bitform Technology Inc. on
Microsoft Office files generated by Fortune 100 companies. The study
found user names, e-mail addresses, hidden text and other information,
unintentionally included in disseminated documents. Hackett said about
20 percent of those documents were affected by the track changes
Hackett said Microsoft and other software vendors are offering the
features to consumers so they have a range of tools at their disposal -
the problem is that many users don't realize what they're saving and
sending and accidentally sharing.
SRS has developed a software program called Document Detective, with
version 2.1 to be unveiled next week, aimed at searching files and
scrubbing them for hidden data. The software provides a review of a
document and offers a menu that lets the user scrub files or review each
to determine what to retain. SRS said the time saving and efficiency of
the program are major advantages to users.
The company has sold about 1,000 copies of earlier versions to
government and other customers.
Joseph Bergantz, a retired Army major general and former program
executive officer for Aviation at Redstone Arsenal, is now SRS general
manager and corporate vice president. He said the technology's
applications and advantages for legal, medical, banking and government
and military intelligence customers are clear.
"This is a worldwide problem," he said. "The right thing to do is to let
people know about it."
Copyright 2007 The Huntsville Times
Subscribe to the InfoSec News RSS Feed