The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar



Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Friday, July 20, 2007

Camera metadata may lead to Harry Potter leaker 

Last year I blogged about the metadata created by cameras that could unintentionally reveal information (Canadian Privacy Law Blog: Beware of hidden digital camera metadata). EXIF data is in the news again...

A little while ago, someone released the new Harry Potter book in the form of photographs of each page. The person who did this didn't remove the EXIF data from the photos, which includes the camera's serial number.

Digital DNA could finger Harry Potter leaker - Times Online

"The Exif data is like the picture's DNA; you can't switch it off. Every image has it. Some software can be used to strip or edit the information, but you can't edit every field," Mr Solomon said.

A post on the website claimed that the serial number of the camera which photographed the pages claimed to be from the unpublished Harry Potter, was 560151117.

Canon's head office in Japan confirmed that a serial number would reveal the country in which the camera was sold and possibly also the store, but declined to give any further information about the device used in this case.

The discovery reveals the extent to which people who distribute photographs online can be traced, which is especially relevant given the popularity of social networking sites such as Facebook, which have in some cases been sources of incriminating material.

If traced, the person who photographed the Harry Potter novel could be found guilty of copyright infringement, but would be unlikely to face criminal charges as the photos appear not to have been published for commercial gain, lawyers said.

Thanks to Boing Boing for the link: Boing Boing: Harry Potter photo-leaker might be busted through metadata.

Labels: , , ,

Wednesday, June 14, 2006

Beware of hidden digital camera metadata 

I've posted on a number of times about something called metadata. It is hidden information in different kinds of digital files that may reveal information about the document, its author or information that the distributor did not want to disclose. For example, Microsft Word is notorious for the metadata that can be hidden in documents but we've also seen information leakage through Adobe Acrobat files (See: The Canadian Privacy Law Blog: More on metadata, The Canadian Privacy Law Blog: Document meta-data FAQ and risk information, The Canadian Privacy Law Blog: Security problems with hidden data in Acrobat PDF files).

I've known for some time that most digital cameras generate metadata (in the EXIF format), such as information about when the photo was taken, whether a flash was used, the exposure, lens focal length, etc. Flickr shows most metadata associated with photos. Check this out for an example: Flickr: More detail about leave.

What I did not know until today is that digital cameras will often embed a small thumbnail image of the photo as originally taken. In many cases, if you subsequently edit the photo, the original thumbnail remains. If the image is edited to cut out someone who didn't want to be photographed or if you blur the face of someone to protect their privacy, that information may still be available to anyone who gets the image.

There is no better illustration of the problem than the website created by Tonu Samuel. His site pulls images off the 'net then shows the original thumbnail and the modified image. One image generated by Samuel's site is a very vivid demonstration of why this is an issue: Hidden EXIF thumbnail security problem (may not be safe for work - it shows a young woman in a bikini whose face was obscured but is clearly identifiable in the thumbnail).

In short: Be very careful when you distribute modified digital images.

Thanks to - The Hidden Photos Within Photos for the link.

UPDATE: I was browsing some of the photos that hav been put through Tonu Samuel's EXIF extractor and came upon this great demonstration of why this can be a risk. The photos on this page are from the US Federal Bureau of Investigation ( The published version shows a letter with significant portions blacked out. The embedded thumbnail is missing all the blacked out portions.

Labels: , , ,

Sunday, February 05, 2006

More on metadata 

The Globe and Mail's technology section has an article on hidden metadata, where it comes from and what Microsoft is trying to do to address the issue. (See: : Stamping out metadata.)

Here are my own thoughts on the issue:

Metadata is one of the greatest privacy and confidentiality risks for users of Microsoft's Office suite of programs. It has caused innumerable slip-ups, mostly caused by users who are generally oblivious to its presence or how to remove it. It is also compounded by the fact that some of the most obvious meta data (track changes and comments) can be completely inapparent. For example, if someone sends you a document full of markups but their copy of Word is set to only show the "final" version, they won't see it before they send the document on. The setting to not show changes follows the document, so the next person to open it will not see the markups unless they manually change the option. The same goes for "comments", which can be handy but are often not apparent to the viewer of the document.

Like many things, there are features in Word that will help you avoid metadata blunders (Options Security Privacy), but they have to be manually turned on and the average user is completely oblivious. To make things worse, one of the options is misleading. If you click yes to "Warn before printing, saving or sending a file that contains tracked changes or comments" it will not really warn you when you send a file the way that 99.9% of people do. If you attach it to an outlook message, no warning. None. One might think that those two parts of the Office program would talk to one another. Or that the "feature" might be accurately labelled. No such luck.

Even with all the publicity given to metadata issues of late, I have still seen first-hand some metadata blunders that could have had a huge impact on confidentiality. I've seen a closing checklist for a huge transaction that was based on a precedent document. Whoever typed the changes had (likely accidentally) used "track changes" with the markups hidden, so they didn't see that the markups fully identified another client of the firm who authored it. I've also seen documents sent with lawyers' comments embedded that were sent to the other side. I've also seen service agreements with pricing information embedded from a previous customer. This is a serious issue.

So what's the solution? It is not to remove features like comments, track changes and the like. These are all useful features. Those who understand what the metadata problem is and how these applications work are likely pretty about the meatadata issue. The problem is that this is a potential security hole that exists out of the box and uneducated users don't know it is there and what it can do. Program designers need to make sure that the programs they publish are set to be secure and that users are educated about the possibility of compromising confidential information if the features are enabled. And while I'm at it, I'll suggest that the two most-used programs in Microsoft's Office suite, Word and Outlook, need to work together to deal with the issue. Programming a feature to warn users that they are about to e-mail a document with metadata probably wouldn't be impossible. Or have it only throw up a flag if the document is mailed to someone beyond the local exchange server. And have it alert if a document is being copied off a networked drive onto a CD, thumb-drive or other portable media. Finally, if the security setting says it'll warn you when you e-mail a metadata-ridden document, it should at least do so.

Update: Jim Calloway has a great post about metadata and lawyers: The Mysteries (and Magic) of Metadata.

Technorati tags: :: :: :: ::

Labels: , ,

Sunday, May 01, 2005

Security problems with hidden data in Acrobat PDF files 

Issues related to "metadata" arise all the time for users of Microsoft Word, but it is pretty rare to hear about problems with Adobe's PDF format. Today, Slashdot is hosting a dicussion of an interesting incident in which a PDF version of the redacted and declassified US military report on the shooting of Italian Nicola Calipari actually contained the classified bits, which were "hidden text" and could be revealed with a simple "cut and paste" or using "Save as ..." in Acrobat Reader. Be careful about leaking confidential information with your PDFs, I guess.

Copy-and-Paste Reveals Classified U.S. Documents "Posted by CmdrTaco on Sunday May 01, @09:43AMfrom the hate-when-that-happens dept.cyclop writes "In March, U.S. troops in Iraq shot to death Nicola Calipari, the Italian intelligence agent that rescued the kidnapped journalist Giuliana Sgrena. U.S. commission on the incident produced a report which public version was censored for more than one third. Now Italian press is reporting that all confidential information in the report is available to the public, just by copying "hidden" text from the PDF and pasting it in a word processor (Italian). The uncensored report can now be directly downloaded (evil .DOC format, sorry)"

On a related note, I received a draft sub-license agreement to review from a client a few weeks ago. The licensor, who created the draft, probably didn't notice that it included loads of information using "track changes." When viewed with "final showing markup" in Word, it could be seen that the license was actually created by modifying a settlement agreement with the original licensor. The entire previous agreement was right there ... For goodness' sake, people, use a metadata scrubber!

UPDATE: You can download the original PDF file at It looks like they just drew black boxes over the text. About as effective as doing this.

Labels: , ,

Wednesday, August 25, 2004

Document meta-data FAQ and risk information 

That Word (or other document) you send may give away your confidential information and even leak personal information outside of your company. Many are aware that "metadata" is commonly embedded in certain document formats. (I recently received a document from a client that was riddled with metadata, including tracked changes that showed changes made by the other side's lawyer and "notes to draft" about certain clauses. It came from one of the leading firms in Canada, acting for a VERY large company that, ironically, is a major player in the data security area. But I digress ...) In any event, this has become a significant security risk. Workshare (maker of DeltaView and, coincidentally, a metadata remover called Workshare Protect) has established a "public benefit" site to provide information about content security risks. It's called MetadataRisk and is at To give Workshare credit, there is no marketing material on the site and it has some good content. Thanks to PrivacySpot for leading me there ...

Labels: , ,

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs