| |
| ▲ | g947o 40 minutes ago | parent | next [-] | | It's not fool proof: https://www.theverge.com/2023/6/28/23777298/sony-ftc-microso... | |
| ▲ | groestl 5 hours ago | parent | prev | next [-] | | > made their redactions with actual ink, and then re-scanned every page That's not very competent. > going analog is foolproof Absolutely not. There are many way's to f this up. Just the smallest variation in places that have been inked twice will reveal the clear text. | | |
| ▲ | g947o 39 minutes ago | parent | next [-] | | Case study: https://www.theverge.com/2023/6/28/23777298/sony-ftc-microso... | |
| ▲ | JumpCrisscross 5 hours ago | parent | prev | next [-] | | > Just the smallest variation in places that have been inked twice will reveal the clear text Sure. But anyone can visually examine this. That means everyone with situational context can directly examine the quality of the redaction. Contrast that with a digital redation. You have to trust the tool works. Or you have to separate the folks with context from the folks with techical competence. (There is the third option of training everyone in the DoJ how to examine the inner workings of a PDF. That seems wasteful.) | | |
| ▲ | _flux 4 hours ago | parent | next [-] | | > But anyone can visually examine this. Can they? In principle it could be the difference between RGB 0.0,0.0,0.0 and RGB 0.004,0.0,0.0, that could be very difficult to visually see, but an algorithm could unmask the data with some correlation. If you do it digitally and then map the material to black-and-white bitmap, then that you can actually virtually examine. > Contrast that with a digital redation. You have to trust the tool works. While true, I think the key problem is that the tools used were not made for digital redaction. If they were I would be quite a bit more confident that they would also work properly. Seems like there could be a product for this domain.. And after some googling, it appears there is. | | |
| ▲ | swiftcoder 2 hours ago | parent [-] | | > While true, I think the key problem is that the tools used were not made for digital redaction. If they were I would be quite a bit more confident that they would also work properly. Adobe Acrobat's redaction tools regularly feature in this sort of fuck-up, and they are (at least marketed as being) designed for such use |
| |
| ▲ | groestl 5 hours ago | parent | prev [-] | | > anyone can visually examine this. They can't, if the variations are subtle enough. For example, many people are oblivious to the fact that one can extract audio from objects captured on mute video, due to tiny vibrations. Analog is the worse option here. Simple screenshot of 100% black bar would be what a smart lazy person would do. |
| |
| ▲ | bryanrasmussen 4 hours ago | parent | prev [-] | | I suppose the best process would be this, and then after rescanning putting a black bar over each redacted text with image editing. |
| |
| ▲ | netsharc 9 hours ago | parent | prev | next [-] | | It's like Russian spies being caught in the Netherlands with taxi receipts showing they took a taxi from their Moscow HQ to the airport: corrupt organizations attract/can only hire incompetent people... https://www.vice.com/en/article/russian-spies-chemical-weapo... Anyone remember how the Trump I regime had staff who couldn't figure out the lighting in the White House, or mistitled Australia's Prime Minister as President? | | |
| ▲ | wkat4242 an hour ago | parent | next [-] | | Yes I remember that incident. It was big over here. However I'm 100% sure that that was not a real spy incident. But rather just a 'message' to be sent from the Russian govt. The same way they have infiltrated our airspace with TU-95 bombers nearly every month for decades. Just a message "Hey we are still watching you". When you see how ridiculously incompetent they were, not just their phone history but also the gear they had with them. It amounts to nothing more than a scriptkiddy's pineapple. There's no way they would have been able to do any serious infiltration into any kind of even remotely competent organisation. Also the visible fumbling about in a carpark with overly complex antennas instead of something more hidden (e.g. an apartment across the street, a cabling tent or something). IMO the objective here was to get caught and stir a fuss. | |
| ▲ | enaaem 8 hours ago | parent | prev | next [-] | | Reminds of the time Russian security services showed copies of the Sims as evidence of an Ukranian Nazi plot. | |
| ▲ | JumpCrisscross 9 hours ago | parent | prev | next [-] | | > with taxi receipts Please tell me they were saving them for expensing. | | | |
| ▲ | SanjayMehta 8 hours ago | parent | prev [-] | | Or the passports discovered intact after a particularly heinous terrorist attack. | | |
| ▲ | tor825gl 2 hours ago | parent [-] | | This wasn't a fuck-up though was it? Knowing they would die in the attack, the terrorists just didn't care if their identities were known. |
|
| |
| ▲ | stevage 9 hours ago | parent | prev | next [-] | | I would just do the digital version of that: add 100% black bars then screenshot page by page and probably increase the contrast too. | |
| ▲ | tdeck 9 hours ago | parent | prev | next [-] | | The bigger difference from my perspective is that they have competent people doing the strategy this time. The last Trump administration failed to use the obvious levers available to accomplish fascism, while this one has been wildly successful on that end. In a few years they will have realigned the whole power dynamic in the country, and unfortunately more and more competent people will choose to work for them in order to receive the benefits of doing so. | | |
| ▲ | Tostino 9 hours ago | parent | next [-] | | His last administration was filled with traditional Republicans. I may have disagreed with them on virtually every policy point, but they seemed to disagree with the most harmful Trump policies as well. We would have never agreed on the right policy, but we definitely agreed that his policy was not the right one. | | |
| ▲ | vanviegen 4 hours ago | parent [-] | | > but they seemed to disagree with the most harmful Trump policies as well. I imagine Republicans such as this still populate a majority of the house and Senate. If they disagree, they are sure making an effort to do so silently. | | |
| ▲ | SirHumphrey 2 hours ago | parent [-] | | The amount of things Trump did circumventing Congressional approval might suggest that he does not a clean pass even though Republicans have majority in both the house and the senate. |
|
| |
| ▲ | JumpCrisscross 9 hours ago | parent | prev [-] | | > they have competent people doing the strategy this time They had a great playbook in Project 2025. I'm not convinced Trump ever had the smartest people executing it. | | |
| ▲ | tdeck 8 hours ago | parent [-] | | You don't need to be the smartest person when you're pointing a big gun at someone. |
|
| |
| ▲ | rayiner 6 hours ago | parent | prev | next [-] | | It’s easy to appear competent when you’re sitting on your butt doing nothing. Had exactly did Barr and Co. accomplish in terms of moving forward the agenda people voted for? These guys were so eager to win accolades from liberals they couldn’t even pick the lowest hanging fruit. Totally pathetic effort after the stellar performance by the legal eagles in the Obama administration. Trump 2.0 is pursing a very aggressive legal strategy. It has a bunch of very smart people racking up wins in areas such as funding cuts, education, civil rights, deployment of national guard, etc. It also has people that are… struggling. But, unlike with Trump 1.0, they’re actually trying to move the ball forward for their team. | | |
| ▲ | exasperaited 2 hours ago | parent [-] | | > Had exactly did Barr and Co. accomplish in terms of moving forward the agenda people voted for? These guys were so eager to win accolades from liberals they couldn’t even pick the lowest hanging fruit. Are you talking about the same Bill Barr? "Eager to win accolades from liberals" is a hilariously Trump-after-he-fired-someone thing to say. Have you read his Wikipedia page? Do you know who he actually is? |
| |
| ▲ | ekianjo 7 hours ago | parent | prev | next [-] | | > William Barr. Barr is contemptible, yes, but smart AF You mean the guy who covered up for Epstein's 'suicide' and expected us morons to believe it? | | |
| ▲ | JumpCrisscross 5 hours ago | parent [-] | | > You mean the guy who covered up for Epstein's 'suicide' and expected us morons to believe it? Let's assume that's true. How does it clash with him being "contemptible...but smart AF"? | | |
| ▲ | h33t-l4x0r 3 hours ago | parent [-] | | Yeah I mean, orchestrating an assassination in a federal prison of a guy the whole world is watching, and never even so much as a whiff of a leak? Because how do you contain that without whacking everyone involved (which we would know about)? You don't. Not without teleportation, time-travel, or at the very least post-hypnotic suggestion. Oh he's smart AF, all right. |
|
| |
| ▲ | eviks 9 hours ago | parent | prev [-] | | > but smart AF. When Barr’s DOJ released a redacted version of the Mueller Report, they printed the whole thing, made their redactions with actual ink, and then re-scanned every page to generate a new PDF with absolutely no digital trace of the original PDF file. This is a dumb way of doing that, exactly what "stupid" people do when their are somewhat aware of the limits of their competence or only as smart as the tech they grew up with. Also, this type of redaction eliminates the possibility to change text length, which is a very common leak when especially for various names/official positions. And it doesn't eliminate the risk of non-redaction since you can't simply search&replace with machine precision, but have to do the manual conversion step to printed position | | |
| ▲ | plantain 8 hours ago | parent | next [-] | | >exactly what "stupid" people do when their are somewhat aware of the limits of their competence Being aware of one's limitations is the strongest hallmark of intelligence I've come across... | | |
| ▲ | mapontosevenths 7 hours ago | parent | next [-] | | I'm not so sure it's about knowing his own limitations, rather it's about building a reliable process and trusting that process more than either technology or people. Any process that relies on 100% accuracy from either people or technology will eventually fail. It's just a basic matter of statistics. However, there are processes that CAN, at least in theory, be 100% effective. | |
| ▲ | eviks 8 hours ago | parent | prev [-] | | So following that strange logic if a dumb person knows he's dumb, he's suddenly become intelligent? Or is that impossible by your peculiar definition of intelligence? | | |
| ▲ | HKH2 8 hours ago | parent | next [-] | | Yeah that sounds like wisdom, not intelligence. | | |
| ▲ | awesome_dude 7 hours ago | parent [-] | | Wisdom would be knowing not to try and exceed those limits Intelligence would be knowing they exist (I know that I cannot fly by flapping my arms, it took intelligence to deduce that, wisdom tells me not to try and jump from a height and flap my arms to fly. Further intelligence can be applied, deducing that there are artificial means by which I can attain flight) |
| |
| ▲ | awesome_dude 8 hours ago | parent | prev [-] | | Knowing your limits has to be a sign of intelligence. "Dumb" people (FTR the description actually refers to something rather than that which you think it does...) run around on the internet getting mad because they haven't thought things through... | | |
| ▲ | fc417fc802 6 hours ago | parent [-] | | It's an interesting question though. I know quite some "smart" people who lack self awareness to an almost fatal degree yet can outdo the vast majority of the population at solving logic puzzles. It tends to be a rather frustrating condition to deal with. |
|
|
| |
| ▲ | lelanthran 4 hours ago | parent | prev | next [-] | | > This is a dumb way of doing that, exactly what "stupid" people do when their are somewhat aware of the limits of their competence or only as smart as the tech they grew up with. No, this is an example of someone understanding the limits of the people they delegate to, and putting in a process so that delegation to even a very dumb person still has successful outcomes. "Smart" people like to believe that knowing enough minutiae is enough to result in a successful outcome. Actual smart people know that the process is more important than the minutiae, and proceed accordingly. | | |
| ▲ | eviks 4 hours ago | parent [-] | | > someone understanding the limits of the people they delegate to, and putting in a process so that delegation to even a very dumb person still has successful Oh, man, is he the only smart person in the whole department of >100k employees and an >x contractors??? What other fantasy do you need to believe in to excuse the flaws? Also, if he's so smart why didn't he, you know, hire someone smart for the job? > even a very dumb person still has successful Except it's easier to make mistakes following his process for both smart and dumb people, not be successful! > Actual smart people know that the process is more important So he's not actually smart according to your own definition because the process he has set up was bad, so he apparently did not know it was important to set it up better? > important than the minutiae Demanding only paper redactions is that minutiae. |
| |
| ▲ | fc417fc802 8 hours ago | parent | prev | next [-] | | Not at all. It's a procedure that's very difficult to unintentionally screw up. Sometimes that's what you want. > you can't simply search&replace with machine precision Sure you can. Search and somehow mark the text (underline or similar) to make keywords hard to miss. Then proceed with the manual print, expunge, scan process. | | |
| ▲ | ithkuil an hour ago | parent | next [-] | | If the word you need to redact is also an English verb there is a risk that you accidentally mark the name of person in a context where that redacted word has a clear meaning in that context and can be used as a proof that such a term has been accidentally redacted because a large scale search&mark has taken place. According to a random dictionary I found: To trump. Verb. Surpass (something) by saying or doing something better. | |
| ▲ | eviks 8 hours ago | parent | prev | next [-] | | You process doesn't make sense, why wouldn't you just black box redact right away and print and scan? What does underline then ink give you? But it's also not the process described in the blog > that's very difficult to unintentionally screw up. You've already screwed up by leaking length and risking errors in manual search&replace | | |
| ▲ | JumpCrisscross 7 hours ago | parent | next [-] | | > why wouldn't you just black box redact right away and print and scan? What does underline then ink give you? These are roughly equivalent. The point is having a hard copy in between the digital ones. | | |
| ▲ | eviks 6 hours ago | parent | next [-] | | Why would I settle for a rough equivalence? The point was about the chance of making mistakes in redaction, so sure, if you ignore the difference in the chance of making mistakes (which the underline process increases), everything becomes equivalent! | | |
| ▲ | JumpCrisscross 6 hours ago | parent [-] | | > Why would I settle for a rough equivalence? They're equivalent in security. The digital method is more convenient (albeit more error prone). What confers the security is the print-scan step. Whether one is redacting in between or before doesn't change much. You'd still want to do a tabula rasa and manual post-pass with both methods. > point was about the chance of making mistakes in redaction Best practice is humans redacting in multiple passes for good reason. It's less error prone than relying on a "smart" redactor, which is mostly corporate CYA kit. | | |
| ▲ | eviks 6 hours ago | parent [-] | | > They're equivalent in security They aren't, security is defined as the amount of information you leak. If you have an inferior process where you're substituting the correct digital match with an in incorrect manual match, you're reducing security > albeit more error prone The opposite, you can't find all 925 cases of the word Xyz as efficiently on paper without the ease of a digital text search, my guess is you just have made up a different comparison (e.g., a human spending 100hrs reading paper vs some "smart" app doing 1 min of redactions) vs. the actual process quoted and criticized in my original comment > Whether one is redacting in between or before doesn't change much It does, the chance to make a mistake differs in these cases! Printing & scanning can't help you here, it's a totally set of mistakes > Best practice But this conversation is about a specific blogged-about reality, not your best practice theory! |
|
| |
| ▲ | Teever 6 hours ago | parent | prev [-] | | Absolutely. The other comments replying to your original comment that are nitpicking over implementation details miss the purpose and importance of this step. The fact that this release process is missing this key step is significant too imho. It makes it really clear that the people running this didn't understand all of the dimensions involved in releasing a redacted document like this and/or that they weren't able to get expert opinions on how to do this the right way, which just seems fantastical to me given who we're talking about. In other threads people are discussing the possibility of this being intentional, by disaffected subordinates, poorly vetted and rushed in to work on this against their will. And that's certainly plausible in subordinates but I have a hard time believing that it's the case for the people running this who, if they understood what they were tasked with would have prevented an entire category of errors by simply tasking subordinates to do what you described regardless of how they felt about the task. So to me that leaves the only possibility that the people running this particular operation are incompetent, and given the importance of redacting that is dismaying. Regardless of how you feel about the action of redacting these documents, the extent to which it's done and the motives behind doing it, the idea that the people in charge of this aren't competent to do it is not good at all. | | |
| ▲ | TheOtherHobbes 4 hours ago | parent [-] | | This is one of the biggest document collections ever released to the public (...or will be when it's finally done) and the redactions were done in a hurry by a government agency with limited resources which would usually be doing more useful things. So it's likely there simply isn't the time to do extended multi-step redactions. What's happening is a mix of malicious compliance, incompetence, and time pressure. It's very on-brand for it to be confused, chaotic, and self-harming. |
|
| |
| ▲ | fc417fc802 7 hours ago | parent | prev | next [-] | | The blog has no relevance to your claim that the print and scan procedure somehow fundamentally precludes automated search and replace. I refuted that. You remain free to perform automated search and replace prior to printing the document. You also have the flexibility to perform manual redactions both digitally as well as physically with ink. It's clearly a superior process that provides ease of use, ease of understanding, and is exceedingly difficult to screw up. Barr's DoJ should be commended for having selected a procedure that minimizes the risk of systemic failure when carried out by a collection of people with such diverse technical backgrounds and competence levels. Notably, had the same procedure been followed for the Epstein files then the headline we are currently commenting under presumably wouldn't exist. | | |
| ▲ | eviks 6 hours ago | parent [-] | | > The blog has no relevance to your claim that the print and scan procedure somehow fundamentally precludes automated search and replace. It has direct relevance since it describes the process as lacking the automated search and replace > I refuted that You didn't, you created a meaningless process of underlinig text digitally to waste time redacting it on paper for no reason but add more mistakes, and also replaced the quoted reality with your made up situation to "refute". > and is exceedingly difficult to screw up. It's trivial, and I've told you how in the previous comment > Notably, had the same procedure been followed for the Epstein files then the headline we are currently commenting under presumably wouldn't exist. Nope, this is generic "hack" headline, so guessing a redacted name by comparing the length of plaintext to unmask would fit the headline just as well as a copy&paste hack |
| |
| ▲ | TylerE 6 hours ago | parent | prev [-] | | It gets you the non-existance of a PDF full of reversible black boxes. Can't leak a file that doesn't exist. | | |
| ▲ | eviks 6 hours ago | parent [-] | | But you can leak the content of a file that you printed out and couldn't redact properly by using an inferior method | | |
| ▲ | TylerE 2 hours ago | parent [-] | | But such a document is obviously unredacted. A black boxed PDF appears to be redacted, but isn't. Accidents happen. | | |
| ▲ | eviks an hour ago | parent [-] | | Now that you've shifted the goalposts back closer to the original discussion, what's your point? Yes, you can leak the "nonexisting" file in multiple ways, including the printed one, and yes, "accidents" happen. So are they more likely to happen if you ban digital search and force paper and ink redaction instead? Are they more likely to happen if you black out digitally before printing or underline digitally and ink out physically? And the "obvious word needle in a haystack of many thousands of pages" isn't as self-healing as you appear to think it is. |
|
|
|
| |
| ▲ | nobody9999 5 hours ago | parent | prev [-] | | >Sure you can. Search and somehow mark the text (underline or similar) to make keywords hard to miss. Then proceed with the manual print, expunge, scan process. I suppose a global search/replace to mark text for redaction as an initial step might not be a bad idea, but if one needs to make sure it's correct, that's not enough. Don't bother with soft copy at all. Print a copy and have multiple individuals manually make redactions to the same copy with different color inks. Once that initial phase is complete, partner up persons who didn't do the initial redactions review the paper text with the extant redactions and go through the documents together (each with their own copy of the same redactions), verbally and in ink noting redactions as well as text that should be redacted but isn't. That process could then be repeated with different people to ensure nothing was missed. We used to call this "proofreading" in the context of reports and other documents provided as work product to clients. It looks really bad when the product for which you're charging five to six figures isn't correct. The use case was different, but the efficacy of such a process is perfect for something like redactions as well. And yes, we had word processing and layout software which included search and replace. But if correctness is required, that's not good enough -- a word could be misspelled and missed by the search/replace, and/or a half dozen other ways an automated process could go wrong and either miss a redaction or redact something that shouldn't be. As for the time and attention required, I suppose that depends upon how important it is to get right. Is such a process necessary for all documents? No. That said, if correctness is a priority, four (or more) text processing engines (human brains, in this case) with a set of engines working in tandem and other sets of engines working serially and independently to verify/correct any errors or omissions is an excellent process for ensuring the correctness of text. I'd point out that the above process is one that's proven reliable over decades, even centuries -- and doesn't require exact strings or regular expressions. Edit: Fixed prose ("other documents be provided" --> "other documents provided"). |
| |
| ▲ | JumpCrisscross 8 hours ago | parent | prev | next [-] | | > this type of redaction eliminates the possibility to change text length This is the only weakness of Barr's method. > it doesn't eliminate the risk of non-redaction since you can't simply search&replace with machine precision Anyong relying on automated tools to redact is doing so performatively. At the end of the day, you need people who understand the context to sit down and read through the documents and strike out anything that reveals–directly or indirectly, spelled correctly or incorrectly–too much. | | |
| ▲ | eviks 8 hours ago | parent [-] | | > This is the only weakness of Barr's method. Of course it isn't, the other weakness you just dismiss is the higher risk of failed searches. People already fail with digital, it's even harder to do in print or translate digital to print (something a machine can do with 100% precision, now you've introduced a human error) > At the end of the day, you need people who understand the context Before the end of the day there is also the whole day, and if you have to waste the attention of such people on doing ink redactions instead of dedicating all of their time to focused reading, you're just adding mistakes for no benefit | | |
| ▲ | JumpCrisscross 7 hours ago | parent | next [-] | | > something a machine can do with 100% precision Forget about typoes. Until recent LLMs, machines couldn't detect oblique or identifying references. (And with LLMs, you still have the problem of hallucinations. To say nothing of where you're running the model.) > if you have to waste the attention of such people on doing ink redactions instead of dedicating all of their time to focused reading You've never read a text with a highlighter or pen? Out of curiosity, have you worked with sensitive information that needed to be shared across security barriers? | |
| ▲ | herewulf 7 hours ago | parent | prev [-] | | Reading through material in context and actively removing the telling bits seems very focused to me. Furthermore, reading through long winded, dry legalese (or the like) and then occasionally marking it up seems like an excellent way to give the brain short breaks to continue on rather than to let the mind wander in a sea of text. I am for automating all the things but I can see pros and cons for both digital and manual approaches. | | |
| ▲ | eviks 7 hours ago | parent [-] | | The reading is focused, but that focus is wasted on menial work, which makes it easier to miss something more important > give the brain short breaks Set a timer if you feel that's of any use? Why does the break have to depend on the random frequency of terms to be redacted? What if there is nothing to redact for pages, why let the mind wander? > I am for automating But you're arguing against it. What's the pro of manually replacing all 1746 occurrences of "Trump" instead of spending 0.01% of that time with a digital search & replace and then spending the other 1% digitally searching for variants with typos and then spending the last 99% in focused reading trying to find that you've missed "the owner of Mar-a-Lago Club" reference or something more complicated (and then also replace that variant digitally rather than hoping you'd notice it every single time you wade through walls of legalese!) | | |
| ▲ | JumpCrisscross 6 hours ago | parent [-] | | > What's the pro of manually replacing all 1746 occurrences of "Trump" instead of spending 0.01% of that time with a digital search & replace and then spending the other 1% digitally searching for variants with typos Because none of this involves a focussed reading. It's the same reason why Level 3 can be less safe than Level 4. If you're skimming, you're less engaged than if you're reading in detail. (And if you're skipping around, you're missing context. You may catch Trump and Trup, but will you catch POTUD? Alternatively, if you just redact every mention of the President, you may wind up creating a President ***, thereby confirming what you were trying to redact.) If it doesn't matter, automate it. If you care, have a team do a proper redaction. |
|
|
|
| |
| ▲ | WalterBright 6 hours ago | parent | prev | next [-] | | > this type of redaction eliminates the possibility to change text length, which is a very common leak when especially for various names/official positions Increasing the size of the redaction box to include enough of the surrounding text to make that very difficult. | | |
| ▲ | Cpoll 6 hours ago | parent | next [-] | | You'd need to increase it a lot, lest the surrounding text be inferred from context. | |
| ▲ | eviks 5 hours ago | parent | prev [-] | | But that's a destructive operation! I mean, sure, you can make the whole paragraph/page blank, but presumably the goal is to share the report removing only the necessary minimum? |
| |
| ▲ | 6 hours ago | parent | prev [-] | | [deleted] |
|
|
