Last year I blogged about the metadata created by cameras that could unintentionally reveal information (Canadian Privacy Law Blog: Beware of hidden digital camera metadata). EXIF data is in the news again...

A little while ago, someone released the new Harry Potter book in the form of photographs of each page. The person who did this didn't remove the EXIF data from the photos, which includes the camera's serial number.

Digital DNA could finger Harry Potter leaker - Times Online

"The Exif data is like the picture's DNA; you can't switch it off. Every image has it. Some software can be used to strip or edit the information, but you can't edit every field," Mr Solomon said.

A post on the digg.com website claimed that the serial number of the camera which photographed the pages claimed to be from the unpublished Harry Potter, was 560151117.

Canon's head office in Japan confirmed that a serial number would reveal the country in which the camera was sold and possibly also the store, but declined to give any further information about the device used in this case.

The discovery reveals the extent to which people who distribute photographs online can be traced, which is especially relevant given the popularity of social networking sites such as Facebook, which have in some cases been sources of incriminating material.

If traced, the person who photographed the Harry Potter novel could be found guilty of copyright infringement, but would be unlikely to face criminal charges as the photos appear not to have been published for commercial gain, lawyers said.

Thanks to Boing Boing for the link: Boing Boing: Harry Potter photo-leaker might be busted through metadata.

Labels: facebook, metadata, privacy, social networking

I've posted on a number of times about something called metadata. It is hidden information in different kinds of digital files that may reveal information about the document, its author or information that the distributor did not want to disclose. For example, Microsft Word is notorious for the metadata that can be hidden in documents but we've also seen information leakage through Adobe Acrobat files (See: The Canadian Privacy Law Blog: More on metadata, The Canadian Privacy Law Blog: Document meta-data FAQ and risk information, The Canadian Privacy Law Blog: Security problems with hidden data in Acrobat PDF files).

I've known for some time that most digital cameras generate metadata (in the EXIF format), such as information about when the photo was taken, whether a flash was used, the exposure, lens focal length, etc. Flickr shows most metadata associated with photos. Check this out for an example: Flickr: More detail about leave.

What I did not know until today is that digital cameras will often embed a small thumbnail image of the photo as originally taken. In many cases, if you subsequently edit the photo, the original thumbnail remains. If the image is edited to cut out someone who didn't want to be photographed or if you blur the face of someone to protect their privacy, that information may still be available to anyone who gets the image.

There is no better illustration of the problem than the website created by Tonu Samuel. His site pulls images off the 'net then shows the original thumbnail and the modified image. One image generated by Samuel's site is a very vivid demonstration of why this is an issue: Hidden EXIF thumbnail security problem (may not be safe for work - it shows a young woman in a bikini whose face was obscured but is clearly identifiable in the thumbnail).

In short: Be very careful when you distribute modified digital images.

Thanks to michaelzimmer.org - The Hidden Photos Within Photos for the link.

UPDATE: I was browsing some of the photos that hav been put through Tonu Samuel's EXIF extractor and came upon this great demonstration of why this can be a risk. The photos on this page are from the US Federal Bureau of Investigation (http://www.fbi.gov/wanted/seekinfo/erienote1.jpg). The published version shows a letter with significant portions blacked out. The embedded thumbnail is missing all the blacked out portions.

Labels: information breaches, law enforcement, metadata, privacy

The Globe and Mail's technology section has an article on hidden metadata, where it comes from and what Microsoft is trying to do to address the issue. (See: globeandmail.com : Stamping out metadata.)

Here are my own thoughts on the issue:

Metadata is one of the greatest privacy and confidentiality risks for users of Microsoft's Office suite of programs. It has caused innumerable slip-ups, mostly caused by users who are generally oblivious to its presence or how to remove it. It is also compounded by the fact that some of the most obvious meta data (track changes and comments) can be completely inapparent. For example, if someone sends you a document full of markups but their copy of Word is set to only show the "final" version, they won't see it before they send the document on. The setting to not show changes follows the document, so the next person to open it will not see the markups unless they manually change the option. The same goes for "comments", which can be handy but are often not apparent to the viewer of the document.

Like many things, there are features in Word that will help you avoid metadata blunders (Options Security Privacy), but they have to be manually turned on and the average user is completely oblivious. To make things worse, one of the options is misleading. If you click yes to "Warn before printing, saving or sending a file that contains tracked changes or comments" it will not really warn you when you send a file the way that 99.9% of people do. If you attach it to an outlook message, no warning. None. One might think that those two parts of the Office program would talk to one another. Or that the "feature" might be accurately labelled. No such luck.

Even with all the publicity given to metadata issues of late, I have still seen first-hand some metadata blunders that could have had a huge impact on confidentiality. I've seen a closing checklist for a huge transaction that was based on a precedent document. Whoever typed the changes had (likely accidentally) used "track changes" with the markups hidden, so they didn't see that the markups fully identified another client of the firm who authored it. I've also seen documents sent with lawyers' comments embedded that were sent to the other side. I've also seen service agreements with pricing information embedded from a previous customer. This is a serious issue.

So what's the solution? It is not to remove features like comments, track changes and the like. These are all useful features. Those who understand what the metadata problem is and how these applications work are likely pretty about the meatadata issue. The problem is that this is a potential security hole that exists out of the box and uneducated users don't know it is there and what it can do. Program designers need to make sure that the programs they publish are set to be secure and that users are educated about the possibility of compromising confidential information if the features are enabled. And while I'm at it, I'll suggest that the two most-used programs in Microsoft's Office suite, Word and Outlook, need to work together to deal with the issue. Programming a feature to warn users that they are about to e-mail a document with metadata probably wouldn't be impossible. Or have it only throw up a flag if the document is mailed to someone beyond the local exchange server. And have it alert if a document is being copied off a networked drive onto a CD, thumb-drive or other portable media. Finally, if the security setting says it'll warn you when you e-mail a metadata-ridden document, it should at least do so.

Update: Jim Calloway has a great post about metadata and lawyers: The Mysteries (and Magic) of Metadata.

Technorati tags: Metadata :: Privacy :: Confidentiality :: Microsoft :: Microsoft Office

Labels: information breaches, metadata, privacy

Copy-and-Paste Reveals Classified U.S. Documents "Posted by CmdrTaco on Sunday May 01, @09:43AMfrom the hate-when-that-happens dept.cyclop writes "In March, U.S. troops in Iraq shot to death Nicola Calipari, the Italian intelligence agent that rescued the kidnapped journalist Giuliana Sgrena. U.S. commission on the incident produced a report which public version was censored for more than one third. Now Italian press is reporting that all confidential information in the report is available to the public, just by copying "hidden" text from the PDF and pasting it in a word processor (Italian). The uncensored report can now be directly downloaded (evil .DOC format, sorry)"

On a related note, I received a draft sub-license agreement to review from a client a few weeks ago. The licensor, who created the draft, probably didn't notice that it included loads of information using "track changes." When viewed with "final showing markup" in Word, it could be seen that the license was actually created by modifying a settlement agreement with the original licensor. The entire previous agreement was right there ... For goodness' sake, people, use a metadata scrubber!

UPDATE: You can download the original PDF file at http://download.repubblica.it/pdf/rapportousacalipari.pdf. It looks like they just drew black boxes over the text. About as effective as doing this.

Labels: information breaches, metadata, privacy

Labels: information breaches, metadata, privacy